image: repository: tccr.io/truecharts/docker-in-docker pullPolicy: IfNotPresent tag: v23.0.6@sha256:f0392a7e7a7b9f977733bea6904754332e8e8279bad0be3437b6ae845cbf1a40 hostNetwork: true securityContext: container: privileged: true readOnlyRootFilesystem: false allowPrivilegeEscalation: true runAsNonRoot: false runAsUser: 0 runAsGroup: 0 fsGroup: 0 service: main: enabled: true type: ClusterIP ports: main: port: 2376 type: HTTPS lifecycle: postStart: exec: command: - /bin/bash - -c - | if [ "${COMPOSE_FILE}" ]; then counter=0; while ! docker info > /dev/null 2>&1 && [[ ${counter} -lt 10 ]]; do echo "docker not running yet. Waiting..." >> /proc/1/fd/1; sleep 5; counter=$((counter+1)); done docker-compose -f "${COMPOSE_FILE}" up -d && echo "Loading COMPOSE_FILE at location ${COMPOSE_FILE}" >> /proc/1/fd/1; else echo "COMPOSE_FILE not set, not auto-loading compose-file" >> /proc/1/fd/1; fi workload: main: podSpec: containers: main: probes: liveness: initialDelaySeconds: 30 type: tcp readiness: initialDelaySeconds: 30 type: tcp startup: initialDelaySeconds: 30 type: tcp env: DOCKER_TLS_CERTDIR: /certs COMPOSE_FILE: "" type: StatefulSet replicas: 1 strategy: RollingUpdate persistence: docker-certs-ca: enabled: true mountPath: /config volumeClaimTemplates: docker-certs-client: enabled: true mountPath: /certs/client docker: enabled: true mountPath: /var/lib/docker portal: open: enabled: false