-
Notifications
You must be signed in to change notification settings - Fork 1.8k
/
Copy pathdind-sidecar.yaml
70 lines (66 loc) · 1.77 KB
/
dind-sidecar.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
apiVersion: tekton.dev/v1
kind: TaskRun
metadata:
generateName: dind-sidecar-
spec:
taskSpec:
steps:
- image: docker
name: client
env:
# Connect to the sidecar over TCP, with TLS.
- name: DOCKER_HOST
value: tcp://localhost:2376
# Verify TLS.
- name: DOCKER_TLS_VERIFY
value: '1'
# Use the certs generated by the sidecar daemon.
- name: DOCKER_CERT_PATH
value: /certs/client
workingDir: /workspace
script: |
#!/usr/bin/env sh
set -e
# Run a Docker container.
docker run busybox echo hello
# Write a Dockerfile and `docker build` it.
cat > Dockerfile << EOF
FROM ubuntu
RUN apt-get update
ENTRYPOINT ["echo", "hello"]
EOF
docker build -t hello .
docker images
# ...then run it!
docker run hello
volumeMounts:
- mountPath: /certs/client
name: dind-certs
sidecars:
- image: docker@sha256:74e78208fc18da48ddf8b569abe21563730845c312130bd0f0b059746a7e10f5
name: server
args:
- --storage-driver=vfs
- --userland-proxy=false
- --debug
computeResources:
requests:
memory: "512Mi"
securityContext:
privileged: true
env:
# Write generated certs to the path shared with the client.
- name: DOCKER_TLS_CERTDIR
value: /certs
volumeMounts:
- mountPath: /certs/client
name: dind-certs
# Wait for the dind daemon to generate the certs it will share with the
# client.
readinessProbe:
periodSeconds: 1
exec:
command: ['ls', '/certs/client/ca.pem']
volumes:
- name: dind-certs
emptyDir: {}