docker-host: Removed setting docker_conf_use_iptables (iptable usage forced to true

CHANGELOG.md

@@ -40,6 +40,8 @@ The **patch** part is incremented if multiple releases happen the same month
 
 ### Removed
 
+* docker-host: Removed setting docker_conf_use_iptables (iptable usage forced to true)
+
 ### Security
 
 ## [24.03] 2024-03-01

docker-host/defaults/main.yml

@@ -3,9 +3,6 @@
 docker_home: /var/lib/docker
 docker_tmpdir: "{{ docker_home }}/tmp"
 
-# Chose to use iptables instead of docker-proxy userland process
-docker_conf_use_iptables: False
-
 # Disable the possibility for containers processes to gain new privileges
 docker_conf_no_newprivileges: False
 

docker-host/tasks/main.yml

@@ -1,5 +1,14 @@
 # This role installs the docker daemon
 ---
+
+- name: Fail if docker_conf_use_iptables is defined
+  ansible.builtin.fail:
+    msg: "Variable docker_conf_use_iptables is deprecated and not configurable anymore. Please remove it from your variables. Also double-check the daemon.json config for docker"
+  when:
+    - docker_conf_use_iptables is defined
+  tags:
+    - always
+
 - name: Remove older docker packages
   ansible.builtin.apt:
     name:

docker-host/templates/daemon.json.j2

@@ -1,5 +1,6 @@
 {
   "debug": false
+  ,"iptables": true
   {# Docker data-dir (default to /var/lib/docker) #}
   ,"data-root": "{{ docker_home }}"
   {# Keep containers running while docker daemon downtime #}
@@ -7,11 +8,6 @@
 {% if docker_conf_user_namespace %}
   {# Turn on user namespace remaping #}
   ,"userns-remap": "default"
-{% endif %}
-{% if docker_conf_use_iptables %}
-  {# Use iptables instead of docker-proxy #}
-  ,"userland-proxy": false
-  ,"iptables": true
 {% endif %}
   {# Disable the possibility for containers processes to gain new privileges #}
   ,"no-new-privileges": {{ docker_conf_no_newprivileges | to_json }}