richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6408 Commits
29 Branches
80 Tags
156 MiB
 
 
 
 
 
Tree: aa12f1c56b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'aa12f1c56b'
${ noResults }
kubespray/docs/docker.md

3.0 KiB
Raw Blame History

Docker support

The docker runtime is supported by kubespray and while the dockershim is deprecated to be removed in kubernetes 1.24+ there are alternative ways to use docker such as through the cri-dockerd project supported by Mirantis.

Using the docker container manager:

container_manager: docker

Using cri-dockerd instead of dockershim:

cri_dockerd_enabled: false

Note: The cri_dockerd_enabled: true setting will become the default in a future kubespray release once kubespray 1.24+ is supported and dockershim is removed. At that point, changing this option will be deprecated and silently ignored.

Enabling the overlay2 graph driver:

docker_storage_options: -s overlay2

Enabling docker_container_storage_setup, it will configure devicemapper driver on Centos7 or RedHat7. Deployers must be define a disk path for docker_container_storage_setup_devs, otherwise docker-storage-setup will be executed incorrectly.

docker_container_storage_setup: true
docker_container_storage_setup_devs: /dev/vdb

Changing the Docker cgroup driver (native.cgroupdriver); valid options are systemd or cgroupfs, default is systemd:

docker_cgroup_driver: systemd

If you have more than 3 nameservers kubespray will only use the first 3 else it will fail. Set the docker_dns_servers_strict to false to prevent deployment failure.

docker_dns_servers_strict: false

Set the path used to store Docker data:

docker_daemon_graph: "/var/lib/docker"

Changing the docker daemon iptables support:

docker_iptables_enabled: "false"

Docker log options:

# Rotate container stderr/stdout logs at 50m and keep last 5
docker_log_opts: "--log-opt max-size=50m --log-opt max-file=5"

Changre the docker bin_dir, this should not be changed unless you use a custom docker package:

docker_bin_dir: "/usr/bin"

To keep docker packages after installation; speeds up repeated ansible provisioning runs when '1'. kubespray deletes the docker package on each run, so caching the package makes sense:

docker_rpm_keepcache: 1

Allowing insecure-registry access to self hosted registries. Can be ipaddress and domain_name.

## example define 172.19.16.11 or mirror.registry.io
docker_insecure_registries:
  - mirror.registry.io
  - 172.19.16.11

Adding other registry, i.e. China registry mirror:

docker_registry_mirrors:
  - https://registry.docker-cn.com
  - https://mirror.aliyuncs.com

Overriding default system MountFlags value. This option takes a mount propagation flag: shared, slave or private, which control whether mounts in the file system namespace set up for docker will receive or propagate mounts and unmounts. Leave empty for system default:

docker_mount_flags:

Adding extra options to pass to the docker daemon:

## This string should be exactly as you wish it to appear.
docker_options: ""