Seed custom containers¶
This section covers configuration of the user-defined containers deployment functionality that runs on the seed host.
Configuration¶
For example, to deploy a squid container image:
seed_containers:
squid:
image: "stackhpc/squid:3.5.20-1"
pre: "{{ kayobe_env_config_path }}/containers/squid/pre.yml"
post: "{{ kayobe_env_config_path }}/containers/squid/post.yml"
pre_destroy: "{{ kayobe_env_config_path }}/containers/squid/pre_destroy.yml"
post_destroy: "{{ kayobe_env_config_path }}/containers/squid/post_destroy.yml"
Please notice the optional pre, post, pre_destroy, and post_destroy Ansible task
files - those need to be created in kayobe-config
path. The table below describes
when they will run:
Hook |
Trigger point |
---|---|
pre |
Before container deployment |
post |
After container deployment |
pre_destroy |
Before container is destroyed |
post_destroy |
After container is destroyed |
Possible options for container deployment:
seed_containers:
containerA:
capabilities:
command:
comparisons:
detach:
env:
network_mode:
image:
init:
ipc_mode:
pid_mode:
ports:
privileged:
restart_policy:
shm_size:
sysctls:
tag:
ulimits:
user:
volumes:
For a detailed explanation of each option - please see Ansible docker_container module page.
List of Kayobe applied defaults to required docker_container variables:
---
# Action to perform: One of: "deploy", "destroy".
manage_containers_action: "deploy"
deploy_containers_defaults:
comparisons:
image: strict
env: strict
volumes: strict
detach: True
network_mode: "host"
init: True
privileged: False
restart_policy: "unless-stopped"
deploy_containers_docker_api_timeout: 120
deploy_containers_registry_attempt_login: "{{ kolla_docker_registry_username is truthy and kolla_docker_registry_password is truthy }}"
Docker registry¶
Seed containers can be pulled from a docker registry deployed on the seed, since the docker registry deployment step precedes the custom container deployment step.
It is also possible to deploy a custom containerised docker registry as a custom seed container. In this case, basic authentication login attempts can be disabled by setting
seed_deploy_containers_registry_attempt_login: false
Without this setting, the login will fail because the registry has not yet been deployed.
More information on deploying a docker registry can be found here.