Seed custom containers

This section covers configuration of the user-defined containers deployment functionality that runs on the seed host.

Configuration

For example, to deploy a squid container image:

seed.yml
seed_containers:
  squid:
    image: "stackhpc/squid:3.5.20-1"
    pre: "{{ kayobe_env_config_path }}/containers/squid/pre.yml"
    post: "{{ kayobe_env_config_path }}/containers/squid/post.yml"
    pre_destroy: "{{ kayobe_env_config_path }}/containers/squid/pre_destroy.yml"
    post_destroy: "{{ kayobe_env_config_path }}/containers/squid/post_destroy.yml"

Please notice the optional pre, post, pre_destroy, and post_destroy Ansible task files - those need to be created in kayobe-config path. The table below describes when they will run:

Container hooks

Hook

Trigger point

pre

Before container deployment

post

After container deployment

pre_destroy

Before container is destroyed

post_destroy

After container is destroyed

Possible options for container deployment:

seed_containers:
  containerA:
    capabilities:
    command:
    comparisons:
    detach:
    env:
    network_mode:
    image:
    init:
    ipc_mode:
    pid_mode:
    ports:
    privileged:
    restart_policy:
    shm_size:
    sysctls:
    tag:
    ulimits:
    user:
    volumes:

For a detailed explanation of each option - please see Ansible docker_container module page.

List of Kayobe applied defaults to required docker_container variables:

---
# Action to perform: One of: "deploy", "destroy".
manage_containers_action: "deploy"

deploy_containers_defaults:
  comparisons:
    image: strict
    env: strict
    volumes: strict
  detach: True
  network_mode: "host"
  init: True
  privileged: False
  restart_policy: "unless-stopped"

deploy_containers_docker_api_timeout: 120

deploy_containers_registry_attempt_login: "{{ kolla_docker_registry_username is truthy and kolla_docker_registry_password is truthy }}"

Docker registry

Seed containers can be pulled from a docker registry deployed on the seed, since the docker registry deployment step precedes the custom container deployment step.

It is also possible to deploy a custom containerised docker registry as a custom seed container. In this case, basic authentication login attempts can be disabled by setting

seed.yml
seed_deploy_containers_registry_attempt_login: false

Without this setting, the login will fail because the registry has not yet been deployed.

More information on deploying a docker registry can be found here.