8f8fee8e59
* Janitor doen't need privileged mode nor networking - remove "privileged: true" property - add "net: none" property The cleanup tasks runs entirely without networking on /var/run/docker.sock. The calling process can access the docker so it does not need to have privileged mode. Signed-off-by: Mathias Kaufmann <me@stei.gr> * Added boolean question for privileged mode. Signed-off-by: Mathias Kaufmann <me@stei.gr>
37 lines
1.4 KiB
YAML
37 lines
1.4 KiB
YAML
.catalog:
|
|
name: "Janitor"
|
|
version: "v1.6"
|
|
description: "Docker cleanup"
|
|
uuid: janitor-2
|
|
questions:
|
|
- variable: "FREQUENCY"
|
|
label: "Frequency"
|
|
description: "Run the cleanup on a cycle of this many seconds"
|
|
default: 3600
|
|
required: true
|
|
type: "int"
|
|
- variable: "EXCLUDE_LABEL"
|
|
label: "Exclude label"
|
|
description: "Specify a Rancher host label here that will be used to determine on which hosts the Janitor container should not deploy."
|
|
default: janitor.exclude=true
|
|
required: true
|
|
type: "string"
|
|
- variable: "KEEP"
|
|
label: "Keep images"
|
|
description: "A comma separated list of images that should never be removed. These are left-anchored Bash Shell Wildcard patterns."
|
|
default: "rancher/"
|
|
required: false
|
|
type: "string"
|
|
- variable: "KEEPC"
|
|
label: "Keep containers"
|
|
description: "A comma separated list of images that should never have stopped containers removed. These are left-anchored Bash Shell Wildcard patterns."
|
|
default: "*:*"
|
|
required: false
|
|
type: "string"
|
|
- variable: "PRIVILEGED_MODE"
|
|
label: "Run janitor in privileged mode"
|
|
description: "In hardened environments containers must be privileged to access the bind-mounted unix:///var/run/docker.sock. This is not the default case."
|
|
default: false
|
|
required: true
|
|
type: "boolean"
|