Update dind example to connect to daemon using TCP+TLS

examples/taskruns/dind-sidecar.yaml

@@ -7,6 +7,16 @@ spec:
     steps:
     - image: docker
       name: client
+      env:
+      # Connect to the sidecar over TCP, with TLS.
+      - name: DOCKER_HOST
+        value: tcp://localhost:2376
+      # Verify TLS.
+      - name: DOCKER_TLS_VERIFY
+        value: '1'
+      # Use the certs generated by the sidecar daemon.
+      - name: DOCKER_CERT_PATH
+        value: /certs/client
       script: |
           #!/usr/bin/env sh
           # Run a Docker container.
@@ -24,20 +34,28 @@ spec:
           # ...then run it!
           docker run hello
       volumeMounts:
-      - mountPath: /var/run/
-        name: dind-socket
+      - mountPath: /certs/client
+        name: dind-certs
 
     sidecars:
-    # 18.09-dind seems to be the latest version of the image that works with
-    # this example. The next released image, 19.03-dind doesn't work.
-    - image: docker:18.09-dind
+    - image: docker:dind
       name: server
       securityContext:
         privileged: true
+      env:
+      # Write generated certs to the path shared with the client.
+      - name: DOCKER_TLS_CERTDIR
+        value: /certs
       volumeMounts:
-      - mountPath: /var/run/
-        name: dind-socket
+      - mountPath: /certs/client
+        name: dind-certs
+      # Wait for the dind daemon to generate the certs it will share with the
+      # client.
+      readinessProbe:
+        periodSeconds: 1
+        exec:
+          command: ['ls', '/certs/client/ca.pem']
 
     volumes:
-    - name: dind-socket
+    - name: dind-certs
       emptyDir: {}