Recommended way of setting Docker Flags

Is there a recommended way of updating the Docker Daemon flags via Ignition?

Under Container Linux CoreOS I would use something like:
docker:
flags:
- --tlsverify
- --tlscacert=/etc/docker/ca.pem
- --tlscert=/etc/docker/server.pem
- --tlskey=/etc/docker/server-key.pem
- --metrics-addr=0.0.0.0:9101
- --experimental

And currently under Fedora CoreOS I do this:
- path: /etc/sysconfig/docker
mode: 0644
overwrite: true
contents:
inline: |
OPTIONS="–selinux-enabled
–log-driver=journald
–live-restore
–default-ulimit nofile=1024:1024
–init-path /usr/libexec/docker/docker-init
–userland-proxy-path /usr/libexec/docker/docker-proxy
–tlsverify
–tlscacert=/etc/docker/ca.pem
–tlscert=/etc/docker/server.pem
–tlskey=/etc/docker/server-key.pem
–metrics-addr=0.0.0.0:9101
–experimental
"
Is there a better way of doing this that doesn’t entail having to copy the default values off the image and hoping they don’t change over time?

Thanks!

Yeah, this is probably something for which we could add sugar in fcct.

We’re trying to move away from /etc/sysconfig in favour of drop-ins, which would have made this easier, but not all packages are there yet.

It looks like dockerd supports a --config-file at /etc/docker/daemon.json: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file. The package isn’t making use of this file today, so you should be able to just drop a JSON file there with the additional configuration you need to make. The nice thing is that dockerd will fail to start entirely if the same option is specified twice on the CLI and in the JSON, so you know that if a future update adds a switch you’re currently using, you’ll notice it fast. :wink:

1 Like

Perfect, thank you so much for the detailed response! I greatly appreciate this project and the momentum behind it.

1 Like

Just wanted to say that this worked perfectly so thank you again!

storage:
  files:
    - path: /etc/docker/daemon.json
      mode: 0600
      contents:
        inline: |
          {
            "tlsverify": true,
            "tlscacert": "/etc/docker/ca.pem",
            "tlscert": "/etc/docker/server.pem",
            "tlskey": "/etc/docker/server-key.pem",
            "metrics-addr": "0.0.0.0:9101",
            "experimental": true
          }
2 Likes