wip: Thu Nov 14 20:09:35 +03 2024

codefresh-io · Nov 14, 2024 · f5a1b61 · f5a1b61
1 parent 39860dc
commit f5a1b61
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 3 deletions.
diff --git a/charts/cf-runtime/.ci/values-rootless.yaml b/charts/cf-runtime/.ci/values-rootless.yaml
@@ -13,6 +13,10 @@ volumeProvisioner:
       enabled: true
 
 runtime:
+  dindDaemon:
+    hosts:
+      - unix:///run/user/1000/docker.sock
+      - tcp://0.0.0.0:1300
   dind:
     image:
       tag: 26.1.4-1.28.9-rootless

diff --git a/charts/cf-runtime/README.md.gotmpl b/charts/cf-runtime/README.md.gotmpl
@@ -717,14 +717,45 @@ volumeProvisioner:
 ### Rootless DinD
 
 DinD pod runs a `priviliged` container with **rootfull** docker.
-To run the docker daemon as non-root user (**rootless** mode), change dind image tag:
+To run the docker daemon as non-root user (**rootless** mode), refer to `values-rootless.yaml`:
 
-`values.yaml`
 ```yaml
+volumeProvisioner:
+  env:
+    IS_ROOTLESS: true
+  dind-lv-monitor:
+    image:
+      tag: 1.30.0-rootless
+      digest: ""
+    podSecurityContext:
+      enabled: true
+      runAsUser: 1000
+      fsGroup: 1000
+    volumePermissions:
+      enabled: false
+
 runtime:
+  dindDaemon:
+    hosts:
+      - unix:///run/user/1000/docker.sock
+      - tcp://0.0.0.0:1300
   dind:
     image:
-      tag: rootless
+      tag: 26.1.4-1.28.9-rootless
+      digest: ""
+    userVolumeMounts:
+      dind:
+        name: dind
+        mountPath: /home/rootless/
+    containerSecurityContext:
+      privileged: true
+    podSecurityContext:
+      enabled: true
+      runAsUser: 1000
+      fsGroup: 1000
+      fsGroupChangePolicy: "OnRootMismatch"
+    volumePermissions:
+      enabled: false
 ```
 
 ### ARM

diff --git a/charts/cf-runtime/values-rootless.yaml b/charts/cf-runtime/values-rootless.yaml
@@ -13,6 +13,10 @@ volumeProvisioner:
       enabled: false
 
 runtime:
+  dindDaemon:
+    hosts:
+      - unix:///run/user/1000/docker.sock
+      - tcp://0.0.0.0:1300
   dind:
     image:
       tag: 26.1.4-1.28.9-rootless