From ebf0833680ac4cadac699cd4c0a717a67146efcc Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 19 Jan 2019 00:02:36 +0100
Subject: docker role can now set the daemon config before it is installed

---
 common/kubernetes.yml | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

(limited to 'common/kubernetes.yml')

diff --git a/common/kubernetes.yml b/common/kubernetes.yml
index 1ad583af..77a5c1ed 100644
--- a/common/kubernetes.yml
+++ b/common/kubernetes.yml
@@ -29,18 +29,17 @@
       msg: "At least one net-index is < 1 (indizes start at 1)"
     failed_when: (kubernetes.net_index.values() | min) < 1
 
+  - name: disable bridge and iptables in docker daemon config
+    set_fact:
+      docker_daemon_config: "{{ docker_daemon_config | default({}) | combine({'bridge': 'none', 'iptables': false}) }}"
+
 ########
 - name: install kubernetes and overlay network
   hosts: _kubernetes_nodes_
   roles:
-  ## Since `base` has a dependency for docker it would install and start the daemon
-  ## without the docker daemon config file generated by `net`.
-  ## This means that the docker daemon will create a bridge and install iptables rules
-  ## upon first startup (the first time this playbook runs on a specific host).
-  ## Since it is a tedious task to remove the interface and the firewall rules it is much
-  ## easier to just run `net` before `base` as `net` does not need anything from `base`.
-  - role: kubernetes/net
+  - role: docker
   - role: kubernetes/base
+  - role: kubernetes/net
 
 - name: configure kubernetes master
   hosts: _kubernetes_masters_
-- 
cgit v1.2.3