2.6 KiB
Docker support
The docker runtime is supported by kubespray and while the dockershim
is deprecated to be removed in kubernetes 1.24+ there are alternative ways to use docker such as through the cri-dockerd project supported by Mirantis.
Using the docker container manager:
container_manager: docker
Note: cri-dockerd
has replaced dockershim
across supported kubernetes version in kubespray 2.20.
Enabling the overlay2
graph driver:
docker_storage_options: -s overlay2
Changing the Docker cgroup driver (native.cgroupdriver); valid options are systemd
or cgroupfs
, default is systemd
:
docker_cgroup_driver: systemd
If you have more than 3 nameservers kubespray will only use the first 3 else it will fail. Set the docker_dns_servers_strict
to false
to prevent deployment failure.
docker_dns_servers_strict: false
Set the path used to store Docker data:
docker_daemon_graph: "/var/lib/docker"
Changing the docker daemon iptables support:
docker_iptables_enabled: "false"
Docker log options:
# Rotate container stderr/stdout logs at 50m and keep last 5
docker_log_opts: "--log-opt max-size=50m --log-opt max-file=5"
Change the docker bin_dir
, this should not be changed unless you use a custom docker package:
docker_bin_dir: "/usr/bin"
To keep docker packages after installation; speeds up repeated ansible provisioning runs when '1'. kubespray deletes the docker package on each run, so caching the package makes sense:
docker_rpm_keepcache: 1
Allowing insecure-registry access to self hosted registries. Can be ipaddress and domain_name.
## example define 172.19.16.11 or mirror.registry.io
docker_insecure_registries:
- mirror.registry.io
- 172.19.16.11
Adding other registry, i.e. China registry mirror:
docker_registry_mirrors:
- https://registry.docker-cn.com
- https://mirror.aliyuncs.com
Overriding default system MountFlags value. This option takes a mount propagation flag: shared
, slave
or private
, which control whether mounts in the file system namespace set up for docker will receive or propagate mounts and unmounts. Leave empty for system default:
docker_mount_flags:
Adding extra options to pass to the docker daemon:
## This string should be exactly as you wish it to appear.
docker_options: ""
For Debian based distributions, set the path to store the GPG key to avoid using the default one used in apt_key
module (e.g. /etc/apt/trusted.gpg)
docker_repo_key_keyring: /etc/apt/trusted.gpg.d/docker.gpg