Planning the configuration of docker parameters

c41ca22a · rongzhang · 009d2ffc · c41ca22a · c41ca22a · c41ca22a
Commit c41ca22a authored Sep 8, 2018 by rongzhang
--- a/inventory/sample/group_vars/all/docker.yml
+++ b/inventory/sample/group_vars/all/docker.yml
 ## Uncomment this if you want to force overlay/overlay2 as docker storage driver
 ## Please note that overlay2 is only supported on newer kernels
 #docker_storage_options: -s overlay2
 ## Uncomment this if you have more than 3 nameservers, then we'll only use the first 3.
+docker_dns_servers_strict: false
-#docker_dns_servers_strict: false
 # Path used to store Docker data
 docker_daemon_graph: "/var/lib/docker"
 ## Used to set docker daemon iptables options to true
-#docker_iptables_enabled: "true"
+docker_iptables_enabled: "false"
+# Docker log options
+# Rotate container stderr/stdout logs at 50m and keep last 5
+docker_log_opts: "--log-opt max-size=50m --log-opt max-file=5"
+# define docker bin_dir
+docker_bin_dir: "/usr/bin"
-## A string of extra options to pass to the docker daemon.
-## This string should be exactly as you wish it to appear.
 ## An obvious use case is allowing insecure-registry access to self hosted registries.
 ## Can be ipddress and domain_name.
 ## example define 172.19.16.11 or mirror.registry.io
 #insecure_registries:
 #   - mirror.registry.io
 #   - 172.19.16.11
+## If non-empty will override default system MounFlags value.
+## This option takes a mount propagation flag: shared, slave
+## or private, which control whether mounts in the file system
+## namespace set up for docker will receive or propagate mounts
+## and unmounts. Leave empty for system default
+#docker_mount_flags:
+## A string of extra options to pass to the docker daemon.
+## This string should be exactly as you wish it to appear.
 docker_options: >-
-  {%- if insecure_registries is defined %}
+  {%- if insecure_registries is defined -%}
  {{ insecure_registries | map('regex_replace', '^(.*)$', '--insecure-registry=\1' ) | list | join(' ') }}
-  {%- endif -%}
+  {%- endif %}
  --graph={{ docker_daemon_graph }} {{ docker_log_opts }}
  {%- if ansible_architecture == "aarch64" and ansible_os_family == "RedHat" %}
  --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current
  --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd
  --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --signature-verification=false
  {%- endif -%}
-docker_bin_dir: "/usr/bin"
-## If non-empty will override default system MounFlags value.
-## This option takes a mount propagation flag: shared, slave
-## or private, which control whether mounts in the file system
-## namespace set up for docker will receive or propagate mounts
-## and unmounts. Leave empty for system default
-docker_mount_flags:
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -40,6 +40,3 @@ dockerproject_rh_repo_base_url: 'https://yum.dockerproject.org/repo/main/centos/
 dockerproject_rh_repo_gpgkey: 'https://yum.dockerproject.org/gpg'
 dockerproject_apt_repo_base_url: 'https://apt.dockerproject.org/repo'
 dockerproject_apt_repo_gpgkey: 'https://apt.dockerproject.org/gpg'
-# Used to set docker daemon iptables options
-docker_iptables_enabled: "false"
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -142,32 +142,6 @@ kube_api_aggregator_routing: false
 # Container for runtime
 container_manager: docker
-# Path used to store Docker data
-docker_daemon_graph: "/var/lib/docker"
-# Docker log options
-# Rotate container stderr/stdout logs at 50m and keep last 5
-docker_log_opts: "--log-opt max-size=50m --log-opt max-file=5"
-## A string of extra options to pass to the docker daemon.
-## This string should be exactly as you wish it to appear.
-## An obvious use case is allowing insecure-registry access
-## to self hosted registries like so:
-docker_options: >
-  --insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }} {{ docker_log_opts }}
-  {% if ansible_architecture == "aarch64" and ansible_os_family == "RedHat" %}
-  --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current
-  --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd
-  --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --signature-verification=false
-  {% endif %}
-## If non-empty will override default system MounFlags value.
-## This option takes a mount propagation flag: shared, slave
-## or private, which control whether mounts in the file system
-## namespace set up for docker will receive or propagate mounts
-## and unmounts. Leave empty for system default
-docker_mount_flags:
 # Settings for containerized control plane (etcd/kubelet/secrets)
 etcd_deployment_type: docker
 kubelet_deployment_type: docker