Merge "[docker] Added a new flag to disable default network"

2021-03-17 16:47:59 +00:00 · 2021-03-17 16:47:59 +00:00 · ea2f0e6aa4
commit ea2f0e6aa4
parent 0bd235dffc 4053a0afdb
3 changed files with 25 additions and 1 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -104,6 +104,7 @@ docker_client_timeout: 120

 # Docker networking options
 docker_disable_default_iptables_rules: "no"
+docker_disable_default_network: "{{ docker_disable_default_iptables_rules }}"

 # Retention settings for Docker logs
 docker_log_max_file: "5"
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@ -93,7 +93,7 @@
 - name: Warn about docker default iptables
  debug:
    msg: >-
-      Docker default iptables rules will be disabled by default from the Victoria 11.0.0
+      Docker default iptables rules will be disabled by default from the Wallaby 12.0.0
      release. If you have any non-Kolla containers that need this functionality, you should
      plan a migration for this change, or set docker_disable_default_iptables_rules to false.
  when: not docker_disable_default_iptables_rules | bool
@ -103,6 +103,20 @@
    docker_config: "{{ docker_config | combine({'iptables': false}) }}"
  when: docker_disable_default_iptables_rules | bool

+- name: Warn about docker default networking
+  debug:
+    msg: >-
+      Docker default network on docker0 will be disabled by default from the
+      Wallaby 12.0.0 release. If you have any non-Kolla containers that need
+      this functionality, you should plan a migration for this change, or set
+      docker_disable_default_network to false.
+  when: not docker_disable_default_network | bool
+
+- name: Disable docker default network on docker0
+  set_fact:
+    docker_config: "{{ docker_config | combine({'bridge': 'none'}) }}"
+  when: docker_disable_default_network | bool
+
 - name: Merge custom docker config
  set_fact:
    docker_config: "{{ docker_config | combine(docker_custom_config) }}"
--- a/releasenotes/notes/docker-disable-bridge-14df8b7fddbd5000.yaml
+++ b/releasenotes/notes/docker-disable-bridge-14df8b7fddbd5000.yaml
@ -0,0 +1,9 @@
+---
+features:
+  - |
+    Adds a new flag, ``docker_disable_default_network``, which
+    defaults to ``no``. Docker is using ``172.17.0.0/16`` by default for bridge
+    networking on ``docker0``, and this might cause routing problems for
+    operator networks. Setting this flag to ``yes`` will disable Docker's
+    bridge networking. This feature will be enabled by default from the
+    Wallaby 12.0.0 release.