docker : Introduce new variables to tweak daemon settings
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
6aa7b89b78
commit
9973a62c16
|
|
@ -12,6 +12,9 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
|
||||
### Added
|
||||
|
||||
* docker : Introduce new default settings + allow to change the docker data directory
|
||||
* docker : Introduce new variables to tweak daemon settings
|
||||
|
||||
### Changed
|
||||
|
||||
### Fixed
|
||||
|
|
@ -19,7 +22,6 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
### Removed
|
||||
|
||||
* docker : Removed Debian Jessie support
|
||||
* docker : Introduce new default settings + allow to change the docker data directory
|
||||
|
||||
### Security
|
||||
|
||||
|
|
|
|||
|
|
@ -1,13 +1,23 @@
|
|||
---
|
||||
# If docher_home sets to /home/, the partition should be mounted with exec
|
||||
# option.
|
||||
# If docher_home sets to /home/, the partition should be mounted with exec option.
|
||||
docker_home: /var/lib/docker
|
||||
docker_tmpdir: "{{docker_home}}/tmp"
|
||||
|
||||
docker_remote_access_enabled: True
|
||||
# Chose to use iptables instead of docker-proxy userland process
|
||||
docker_conf_use_iptables: False
|
||||
|
||||
# Disable the possibility for containers processes to gain new privileges
|
||||
docker_conf_no_newprivileges: False
|
||||
|
||||
# Disable all default network connectivity
|
||||
docker_conf_disable_default_networking: False
|
||||
|
||||
# Remote access
|
||||
docker_remote_access_enabled: False
|
||||
docker_daemon_port: 2376
|
||||
docker_daemon_listening_ip: 0.0.0.0
|
||||
|
||||
# TLS
|
||||
docker_tls_enabled: False
|
||||
docker_tls_path: "{{docker_home}}/tls"
|
||||
docker_tls_ca: ca/ca.pem
|
||||
|
|
|
|||
|
|
@ -10,6 +10,21 @@
|
|||
{# Turn on user namespace remaping #}
|
||||
"userns-remap": "default",
|
||||
|
||||
{% if docker_conf_use_iptables %}
|
||||
{# Use iptables instead of docker-proxy #}
|
||||
"userland-proxy": false,
|
||||
"iptables": true,
|
||||
{% endif %}
|
||||
|
||||
{# Disable the possibility for containers processes to gain new privileges #}
|
||||
"no-new-privileges": {{ docker_conf_no_newprivileges | to_json }},
|
||||
|
||||
{% if docker_conf_disable_default_networking %}
|
||||
{# Disable all default network connectivity #}
|
||||
"bridge": "none",
|
||||
"icc": false,
|
||||
{% endif %}
|
||||
|
||||
{% if docker_tls_enabled %}
|
||||
"tls": true,
|
||||
"tlscert": "{{ docker_tls_path }}/{{ docker_tls_cert }}",
|
||||
|
|
|
|||
Loading…
Reference in a new issue