| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- apiVersion: v1
- kind: List
- items:
- - apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: dockergc
- # You must grant privileged via: oc adm policy add-scc-to-user -z dockergc privileged
- # in order for the dockergc to access the docker socket and root directory
- - apiVersion: extensions/v1beta1
- kind: DaemonSet
- metadata:
- name: dockergc
- labels:
- app: dockergc
- spec:
- template:
- metadata:
- labels:
- app: dockergc
- name: dockergc
- spec:
- {# Only set nodeSelector if the dict is not empty #}
- {% if r_docker_gc_node_selectors %}
- nodeSelector:
- {% for k,v in r_docker_gc_node_selectors.items() %}
- {{ k }}: {{ v }}{% endfor %}{% endif %}
- serviceAccountName: dockergc
- containers:
- - image: {{ openshift_docker_gc_image }}
- command:
- - "/usr/bin/oc"
- args:
- - "ex"
- - "dockergc"
- - "--image-gc-low-threshold=60"
- - "--image-gc-high-threshold=80"
- - "--minimum-ttl-duration=1h0m0s"
- securityContext:
- privileged: true
- name: dockergc
- resources:
- requests:
- memory: 30Mi
- cpu: 50m
- volumeMounts:
- - name: docker-root
- readOnly: true
- mountPath: /var/lib/containers/docker
- - name: docker-socket
- readOnly: false
- mountPath: /var/run/docker.sock
- volumes:
- - name: docker-root
- hostPath:
- path: /var/lib/containers/docker
- - name: docker-socket
- hostPath:
- path: /var/run/docker.sock
|
