| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 |
- apiVersion: v1
- kind: List
- items:
- - apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: dockergc
- # You must grant privileged via: oc adm policy add-scc-to-user -z dockergc privileged
- # in order for the dockergc to access the docker socket and root directory
- - apiVersion: extensions/v1beta1
- kind: DaemonSet
- metadata:
- name: dockergc
- labels:
- app: dockergc
- spec:
- updateStrategy:
- type: RollingUpdate
- template:
- metadata:
- labels:
- app: dockergc
- name: dockergc
- spec:
- {# Only set nodeSelector if the dict is not empty #}
- {% if openshift_crio_docker_gc_node_selector %}
- nodeSelector:
- {% for k,v in openshift_crio_docker_gc_node_selector.items() %}
- {{ k }}: "{{ v }}"{% endfor %}{% endif %}
- serviceAccountName: dockergc
- containers:
- - image: {{ openshift_docker_gc_image }}
- command:
- - "/usr/bin/oc"
- args:
- - "ex"
- - "dockergc"
- - "--image-gc-low-threshold=60"
- - "--image-gc-high-threshold=80"
- - "--minimum-ttl-duration=1h0m0s"
- securityContext:
- privileged: true
- name: dockergc
- resources:
- requests:
- memory: 30Mi
- cpu: 50m
- volumeMounts:
- - name: docker-root
- readOnly: true
- mountPath: /var/lib/containers/docker
- - name: docker-socket
- readOnly: false
- mountPath: /var/run/docker.sock
- volumes:
- - name: docker-root
- hostPath:
- path: /var/lib/containers/docker
- - name: docker-socket
- hostPath:
- path: /var/run/docker.sock
|
