Planning the configuration of docker parameters
This commit is contained in:
rongzhang
parent
009d2ffc6c
commit
c41ca22a78
|
|
@ -1,42 +1,46 @@
|
|||
## Uncomment this if you want to force overlay/overlay2 as docker storage driver
|
||||
## Please note that overlay2 is only supported on newer kernels
|
||||
|
||||
#docker_storage_options: -s overlay2
|
||||
|
||||
## Uncomment this if you have more than 3 nameservers, then we'll only use the first 3.
|
||||
|
||||
#docker_dns_servers_strict: false
|
||||
docker_dns_servers_strict: false
|
||||
|
||||
# Path used to store Docker data
|
||||
docker_daemon_graph: "/var/lib/docker"
|
||||
|
||||
## Used to set docker daemon iptables options to true
|
||||
#docker_iptables_enabled: "true"
|
||||
docker_iptables_enabled: "false"
|
||||
|
||||
# Docker log options
|
||||
# Rotate container stderr/stdout logs at 50m and keep last 5
|
||||
docker_log_opts: "--log-opt max-size=50m --log-opt max-file=5"
|
||||
|
||||
# define docker bin_dir
|
||||
docker_bin_dir: "/usr/bin"
|
||||
|
||||
## A string of extra options to pass to the docker daemon.
|
||||
## This string should be exactly as you wish it to appear.
|
||||
## An obvious use case is allowing insecure-registry access to self hosted registries.
|
||||
## Can be ipddress and domain_name.
|
||||
## example define 172.19.16.11 or mirror.registry.io
|
||||
#insecure_registries:
|
||||
# - mirror.registry.io
|
||||
# - 172.19.16.11
|
||||
docker_options: >-
|
||||
{%- if insecure_registries is defined %}
|
||||
{{ insecure_registries | map('regex_replace', '^(.*)$', '--insecure-registry=\1' ) | list | join(' ') }}
|
||||
{%- endif -%}
|
||||
--graph={{ docker_daemon_graph }} {{ docker_log_opts }}
|
||||
{%- if ansible_architecture == "aarch64" and ansible_os_family == "RedHat" %}
|
||||
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current
|
||||
--default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd
|
||||
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current --signature-verification=false
|
||||
{%- endif -%}
|
||||
|
||||
docker_bin_dir: "/usr/bin"
|
||||
|
||||
## If non-empty will override default system MounFlags value.
|
||||
## This option takes a mount propagation flag: shared, slave
|
||||
## or private, which control whether mounts in the file system
|
||||
## namespace set up for docker will receive or propagate mounts
|
||||
## and unmounts. Leave empty for system default
|
||||
docker_mount_flags:
|
||||
#docker_mount_flags:
|
||||
|
||||
## A string of extra options to pass to the docker daemon.
|
||||
## This string should be exactly as you wish it to appear.
|
||||
docker_options: >-
|
||||
{%- if insecure_registries is defined -%}
|
||||
{{ insecure_registries | map('regex_replace', '^(.*)$', '--insecure-registry=\1' ) | list | join(' ') }}
|
||||
{%- endif %}
|
||||
--graph={{ docker_daemon_graph }} {{ docker_log_opts }}
|
||||
{%- if ansible_architecture == "aarch64" and ansible_os_family == "RedHat" %}
|
||||
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current
|
||||
--default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd
|
||||
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current --signature-verification=false
|
||||
{%- endif -%}
|
||||
|
|
|
|||
|
|
@ -40,6 +40,3 @@ dockerproject_rh_repo_base_url: 'https://yum.dockerproject.org/repo/main/centos/
|
|||
dockerproject_rh_repo_gpgkey: 'https://yum.dockerproject.org/gpg'
|
||||
dockerproject_apt_repo_base_url: 'https://apt.dockerproject.org/repo'
|
||||
dockerproject_apt_repo_gpgkey: 'https://apt.dockerproject.org/gpg'
|
||||
|
||||
# Used to set docker daemon iptables options
|
||||
docker_iptables_enabled: "false"
|
||||
|
|
|
|||
|
|
@ -142,32 +142,6 @@ kube_api_aggregator_routing: false
|
|||
# Container for runtime
|
||||
container_manager: docker
|
||||
|
||||
# Path used to store Docker data
|
||||
docker_daemon_graph: "/var/lib/docker"
|
||||
|
||||
# Docker log options
|
||||
# Rotate container stderr/stdout logs at 50m and keep last 5
|
||||
docker_log_opts: "--log-opt max-size=50m --log-opt max-file=5"
|
||||
|
||||
## A string of extra options to pass to the docker daemon.
|
||||
## This string should be exactly as you wish it to appear.
|
||||
## An obvious use case is allowing insecure-registry access
|
||||
## to self hosted registries like so:
|
||||
docker_options: >
|
||||
--insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }} {{ docker_log_opts }}
|
||||
{% if ansible_architecture == "aarch64" and ansible_os_family == "RedHat" %}
|
||||
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current
|
||||
--default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd
|
||||
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current --signature-verification=false
|
||||
{% endif %}
|
||||
|
||||
## If non-empty will override default system MounFlags value.
|
||||
## This option takes a mount propagation flag: shared, slave
|
||||
## or private, which control whether mounts in the file system
|
||||
## namespace set up for docker will receive or propagate mounts
|
||||
## and unmounts. Leave empty for system default
|
||||
docker_mount_flags:
|
||||
|
||||
# Settings for containerized control plane (etcd/kubelet/secrets)
|
||||
etcd_deployment_type: docker
|
||||
kubelet_deployment_type: docker
|
||||
|
|
|
|||
Loading…
Reference in a new issue