Have dind use host's /etc/docker to ensure networks use safe subnets

[chewi]

You may have configured Docker to avoid subnets used by your internal infrastructure but we need to ensure that networks created by docker-compose inside dind also respect this.

[rlupton20]

Can you explain exactly what configuration you need? Do you need to mount all of /etc/docker or just a single file? Is this portable over different docker installations?

[chewi]

Admittedly this was just for daemon.json and I don't know what else goes in /etc/docker. This just reduced the risk of it creating a directory called daemon.json. I suppose it could be smarter and only add the argument if daemon.json actually exists.

I'm not sure what you mean about it being portable. Do you have any specific concerns?

[rlupton20]

I think docker is smart enough to mount files as files, so probably no need to worry about that.

Portable might be the wrong word - I was worried that different distros would place this file in different places. I have /etc/docker on nixos however, and if nixos has it that probably means everything does.

The other question I have is does this have any possible impact on reproducibility of environments? Properties of the host now can potentially impact the floki container - how explicit would we want to make this? Would docker-on-docker supersede this?