diff options
| author | Steve Milner <smilner@redhat.com> | 2017-11-02 16:41:47 -0400 |
|---|---|---|
| committer | Steve Milner <smilner@redhat.com> | 2017-11-02 18:07:01 -0400 |
| commit | b88adec6c15157c2894ccfe2ac855e67fb48ca33 (patch) | |
| tree | aea5e7f13ce7cda84cf97de2ff55851d07172987 /roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2 | |
| parent | 129e91a3654943228c9ddeb38d6119a706cedcc2 (diff) | |
| download | openshift-b88adec6c15157c2894ccfe2ac855e67fb48ca33.tar.gz openshift-b88adec6c15157c2894ccfe2ac855e67fb48ca33.tar.bz2 openshift-b88adec6c15157c2894ccfe2ac855e67fb48ca33.tar.xz openshift-b88adec6c15157c2894ccfe2ac855e67fb48ca33.zip | |
openshift_hosted: Add docker-gc
Two new inventory variables have been created:
- openshift_crio_enable_docker_gc: Enable docker_gc daemon set
- openshift_crio_docker_gc_node_selector: Optional dictionary to use node
selector
When openshift_crio_enable_docker_gc and openshift_use_crio are both true
then dockergc daemonset will be created along with adding a dockergc
sa.
Signed-off-by: Steve Milner <smilner@redhat.com>
Diffstat (limited to 'roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2')
| -rw-r--r-- | roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2 | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2 b/roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2 new file mode 100644 index 000000000..53e8b448b --- /dev/null +++ b/roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2 @@ -0,0 +1,58 @@ +apiVersion: v1 +kind: List +items: +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: dockergc + # You must grant privileged via: oadm policy add-scc-to-user -z dockergc privileged + # in order for the dockergc to access the docker socket and root directory +- apiVersion: extensions/v1beta1 + kind: DaemonSet + metadata: + name: dockergc + labels: + app: dockergc + spec: + template: + metadata: + labels: + app: dockergc + name: dockergc + spec: +{# Only set nodeSelector if the dict is not empty #} +{% if r_docker_gc_node_selectors %} + nodeSelector: +{% for k,v in r_docker_gc_node_selectors.items() %} + {{ k }}: {{ v }}{% endfor %}{% endif %} + + serviceAccountName: dockergc + containers: + - image: openshift/origin:latest + args: + - "ex" + - "dockergc" + - "--image-gc-low-threshold=60" + - "--image-gc-high-threshold=80" + - "--minimum-ttl-duration=1h0m0s" + securityContext: + privileged: true + name: dockergc + resources: + requests: + memory: 30Mi + cpu: 50m + volumeMounts: + - name: docker-root + readOnly: true + mountPath: /var/lib/docker + - name: docker-socket + readOnly: false + mountPath: /var/run/docker.sock + volumes: + - name: docker-root + hostPath: + path: /var/lib/docker + - name: docker-socket + hostPath: + path: /var/run/docker.sock |