docker : Introduce new variables to tweak daemon settings
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
6aa7b89b78
commit
9973a62c16
|
@ -12,6 +12,9 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
* docker : Introduce new default settings + allow to change the docker data directory
|
||||||
|
* docker : Introduce new variables to tweak daemon settings
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
@ -19,7 +22,6 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
### Removed
|
### Removed
|
||||||
|
|
||||||
* docker : Removed Debian Jessie support
|
* docker : Removed Debian Jessie support
|
||||||
* docker : Introduce new default settings + allow to change the docker data directory
|
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
|
|
|
@ -1,13 +1,23 @@
|
||||||
---
|
---
|
||||||
# If docher_home sets to /home/, the partition should be mounted with exec
|
# If docher_home sets to /home/, the partition should be mounted with exec option.
|
||||||
# option.
|
|
||||||
docker_home: /var/lib/docker
|
docker_home: /var/lib/docker
|
||||||
docker_tmpdir: "{{docker_home}}/tmp"
|
docker_tmpdir: "{{docker_home}}/tmp"
|
||||||
|
|
||||||
docker_remote_access_enabled: True
|
# Chose to use iptables instead of docker-proxy userland process
|
||||||
|
docker_conf_use_iptables: False
|
||||||
|
|
||||||
|
# Disable the possibility for containers processes to gain new privileges
|
||||||
|
docker_conf_no_newprivileges: False
|
||||||
|
|
||||||
|
# Disable all default network connectivity
|
||||||
|
docker_conf_disable_default_networking: False
|
||||||
|
|
||||||
|
# Remote access
|
||||||
|
docker_remote_access_enabled: False
|
||||||
docker_daemon_port: 2376
|
docker_daemon_port: 2376
|
||||||
docker_daemon_listening_ip: 0.0.0.0
|
docker_daemon_listening_ip: 0.0.0.0
|
||||||
|
|
||||||
|
# TLS
|
||||||
docker_tls_enabled: False
|
docker_tls_enabled: False
|
||||||
docker_tls_path: "{{docker_home}}/tls"
|
docker_tls_path: "{{docker_home}}/tls"
|
||||||
docker_tls_ca: ca/ca.pem
|
docker_tls_ca: ca/ca.pem
|
||||||
|
|
|
@ -10,6 +10,21 @@
|
||||||
{# Turn on user namespace remaping #}
|
{# Turn on user namespace remaping #}
|
||||||
"userns-remap": "default",
|
"userns-remap": "default",
|
||||||
|
|
||||||
|
{% if docker_conf_use_iptables %}
|
||||||
|
{# Use iptables instead of docker-proxy #}
|
||||||
|
"userland-proxy": false,
|
||||||
|
"iptables": true,
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{# Disable the possibility for containers processes to gain new privileges #}
|
||||||
|
"no-new-privileges": {{ docker_conf_no_newprivileges | to_json }},
|
||||||
|
|
||||||
|
{% if docker_conf_disable_default_networking %}
|
||||||
|
{# Disable all default network connectivity #}
|
||||||
|
"bridge": "none",
|
||||||
|
"icc": false,
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if docker_tls_enabled %}
|
{% if docker_tls_enabled %}
|
||||||
"tls": true,
|
"tls": true,
|
||||||
"tlscert": "{{ docker_tls_path }}/{{ docker_tls_cert }}",
|
"tlscert": "{{ docker_tls_path }}/{{ docker_tls_cert }}",
|
||||||
|
|
Loading…
Reference in a new issue