8 files changed, 33 insertions, 25 deletions

diff --git a/common/kubernetes.yml b/common/kubernetes.yml
index 1ad583af..77a5c1ed 100644
--- a/common/kubernetes.yml
+++ b/common/kubernetes.yml
@@ -29,18 +29,17 @@
       msg: "At least one net-index is < 1 (indizes start at 1)"
     failed_when: (kubernetes.net_index.values() | min) < 1
 
+  - name: disable bridge and iptables in docker daemon config
+    set_fact:
+      docker_daemon_config: "{{ docker_daemon_config | default({}) | combine({'bridge': 'none', 'iptables': false}) }}"
+
 ########
 - name: install kubernetes and overlay network
   hosts: _kubernetes_nodes_
   roles:
-  ## Since `base` has a dependency for docker it would install and start the daemon
-  ## without the docker daemon config file generated by `net`.
-  ## This means that the docker daemon will create a bridge and install iptables rules
-  ## upon first startup (the first time this playbook runs on a specific host).
-  ## Since it is a tedious task to remove the interface and the firewall rules it is much
-  ## easier to just run `net` before `base` as `net` does not need anything from `base`.
-  - role: kubernetes/net
+  - role: docker
   - role: kubernetes/base
+  - role: kubernetes/net
 
 - name: configure kubernetes master
   hosts: _kubernetes_masters_
diff --git a/inventory/host_vars/ele-media.yml b/inventory/host_vars/ele-media.yml
index 927b2bef..c2c74fb4 100644
--- a/inventory/host_vars/ele-media.yml
+++ b/inventory/host_vars/ele-media.yml
@@ -27,6 +27,11 @@ ssh_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}"
 
 mysql_root_password: "{{ vault_mysql_root_password }}"
 
+
+docker_daemon_config:
+  bridge: "none"
+  iptables: false
+
 docker_lvm:
   vg: "{{ host_name }}"
   lv: docker
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index 50075b1a..b2c21963 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -6,3 +6,5 @@ docker_pkg_name: docker.io
 # docker_pkg_name: docker-ce
 
 # docker_pkg_version:
+
+# docker_daemon_config: {}
diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml
new file mode 100644
index 00000000..3627303e
--- /dev/null
+++ b/roles/docker/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart docker
+  service:
+    name: docker
+    state: restarted
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 017e2786..8da13f77 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -1,4 +1,19 @@
 ---
+- name: install docker daemon config
+  when: docker_daemon_config is defined
+  block:
+    - name: create docker config directory
+      file:
+        name: /etc/docker
+        state: directory
+        mode: 0700
+
+    - name: write docker daemon config
+      copy:
+        content: "{{ docker_daemon_config | to_nice_json }}\n"
+        dest: /etc/docker/daemon.json
+      notify: restart docker
+
 - name: prepare /var/lib/docker as LVM
   when: docker_lvm is defined
   block:
diff --git a/roles/kubernetes/base/meta/main.yml b/roles/kubernetes/base/meta/main.yml
deleted file mode 100644
index 724b20f1..00000000
--- a/roles/kubernetes/base/meta/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-dependencies:
-- role: docker
diff --git a/roles/kubernetes/net/files/daemon.json b/roles/kubernetes/net/files/daemon.json
deleted file mode 100644
index 28001640..00000000
--- a/roles/kubernetes/net/files/daemon.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
-  "bridge": "none",
-  "iptables": false
-}
diff --git a/roles/kubernetes/net/tasks/add.yml b/roles/kubernetes/net/tasks/add.yml
index f4e422c6..da7ac424 100644
--- a/roles/kubernetes/net/tasks/add.yml
+++ b/roles/kubernetes/net/tasks/add.yml
@@ -1,15 +1,4 @@
 ---
-- name: create docker config directory
-  file:
-    name: /etc/docker
-    state: directory
-    mode: 0700
-
-- name: disable docker iptables and bridge
-  copy:
-    src: daemon.json
-    dest: /etc/docker/daemon.json
-
 - name: create network config directory
   file:
     name: /var/lib/kubenet/