Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • v2.28.0
  • v2.27.0
  • v2.25.1
  • v2.24.3
  • v2.26.0
  • v2.24.2
  • v2.25.0
  • v2.24.1
  • v2.22.2
  • v2.23.3
  • v2.24.0
  • v2.23.2
  • v2.23.1
  • v2.23.0
  • v2.22.1
  • v2.22.0
  • v2.21.0
  • v2.20.0
  • v2.19.1
  • v2.18.2
21 results

docker.md

Blame
  • docker.md 2.97 KiB

    Docker support

    The docker runtime is supported by kubespray and while the dockershim is deprecated to be removed in kubernetes 1.24+ there are alternative ways to use docker such as through the cri-dockerd project supported by Mirantis.

    Using the docker container manager:

    container_manager: docker

    Using cri-dockerd instead of dockershim:

    cri_dockerd_enabled: false

    Note: The cri_dockerd_enabled: true setting will become the default in a future kubespray release once kubespray 1.24+ is supported and dockershim is removed. At that point, changing this option will be deprecated and silently ignored.

    Enabling the overlay2 graph driver:

    docker_storage_options: -s overlay2

    Enabling docker_container_storage_setup, it will configure devicemapper driver on Centos7 or RedHat7. Deployers must be define a disk path for docker_container_storage_setup_devs, otherwise docker-storage-setup will be executed incorrectly.

    docker_container_storage_setup: true
    docker_container_storage_setup_devs: /dev/vdb

    Changing the Docker cgroup driver (native.cgroupdriver); valid options are systemd or cgroupfs, default is systemd:

    docker_cgroup_driver: systemd

    If you have more than 3 nameservers kubespray will only use the first 3 else it will fail. Set the docker_dns_servers_strict to false to prevent deployment failure.

    docker_dns_servers_strict: false

    Set the path used to store Docker data:

    docker_daemon_graph: "/var/lib/docker"

    Changing the docker daemon iptables support:

    docker_iptables_enabled: "false"

    Docker log options:

    # Rotate container stderr/stdout logs at 50m and keep last 5
    docker_log_opts: "--log-opt max-size=50m --log-opt max-file=5"

    Changre the docker bin_dir, this should not be changed unless you use a custom docker package:

    docker_bin_dir: "/usr/bin"

    To keep docker packages after installation; speeds up repeated ansible provisioning runs when '1'. kubespray deletes the docker package on each run, so caching the package makes sense:

    docker_rpm_keepcache: 1

    Allowing insecure-registry access to self hosted registries. Can be ipaddress and domain_name.

    ## example define 172.19.16.11 or mirror.registry.io
    docker_insecure_registries:
      - mirror.registry.io
      - 172.19.16.11

    Adding other registry, i.e. China registry mirror:

    docker_registry_mirrors:
      - https://registry.docker-cn.com
      - https://mirror.aliyuncs.com

    Overriding default system MountFlags value. This option takes a mount propagation flag: shared, slave or private, which control whether mounts in the file system namespace set up for docker will receive or propagate mounts and unmounts. Leave empty for system default:

    docker_mount_flags:

    Adding extra options to pass to the docker daemon:

    ## This string should be exactly as you wish it to appear.
    docker_options: ""