dind服务，是提供整个CI（持续集成）的功能。 手写看一下dind的yaml文件 ``` # dind pip instll staus : kill -9 code 137(128+9) ,may be limits(cpu,memory) resources need change # only have docker client ,use dind can be use normal #dindSvc=$(kubectl -n kube-system get svc dind |awk 'NR==2{print $3}') #export DOCKER_HOST="tcp://${dindSvc}:2375/" #export DOCKER_DRIVER=overlay2 #export DOCKER_TLS_CERTDIR="" --- # SVC kind: Service apiVersion: v1 metadata: name: dind namespace: kube-system spec: selector:   app: dind ports:   - name: tcp-port     port: 2375     protocol: TCP     targetPort: 2375 --- # Deployment apiVersion: apps/v1 kind: Deployment metadata: name: dind namespace: kube-system labels:   app: dind spec: replicas: 1 selector:   matchLabels:     app: dind template:   metadata:     labels:       app: dind   spec:     hostNetwork: true     containers:     - name: dind        #image: docker:19-dind       image: harbor.boge.com/library/docker:19-dind       lifecycle:         postStart:           exec:             command: ["/bin/sh", "-c", "docker login harbor.boge.com -u 'admin' -p 'boge666'"]           # 3. when delete this pod , use this keep kube-proxy to flush role done         preStop:           exec:             command: ["/bin/sh", "-c", "sleep 5"]       ports:       - containerPort: 2375 #       resources: #         requests: #           cpu: 200m #           memory: 256Mi #         limits: #           cpu: 0.5 #           memory: 1Gi       readinessProbe:         tcpSocket:           port: 2375         initialDelaySeconds: 10         periodSeconds: 30       livenessProbe:         tcpSocket:           port: 2375         initialDelaySeconds: 10         periodSeconds: 30       securityContext:           privileged: true       env:         - name: DOCKER_HOST           value: tcp://localhost:2375         - name: DOCKER_DRIVER           value: overlay2         - name: DOCKER_TLS_CERTDIR           value: ''       volumeMounts:         - name: docker-graph-storage           mountPath: /var/lib/docker         - name: tz-config           mountPath: /etc/localtime           # kubectl -n kube-system create secret generic harbor-ca --from-file=harbor-ca=/data/harbor/ssl/tls.cert         - name: harbor-ca           mountPath: /etc/docker/certs.d/harbor.boge.com/ca.crt           subPath: harbor-ca       # kubectl create secret docker-registry boge-secret --docker-server=harbor.boge.com --docker-username=admin --docker-password=boge666 --docker-email=admin@boge.com     hostAliases:     - hostnames:       - harbor.boge.com       ip: 10.4.7.115     imagePullSecrets:     - name: bogeharbor     volumes: #     - emptyDir: #         medium: "" #         sizeLimit: 10Gi     - hostPath:         path: /var/lib/container/docker       name: docker-graph-storage     - hostPath:         path: /usr/share/zoneinfo/Asia/Shanghai       name: tz-config     - name: harbor-ca       secret:         secretName: harbor-ca         defaultMode: 0600 # #       kubectl taint node 10.0.1.201 Ingress=:NoExecute #       kubectl describe node 10.0.1.201 |grep -i taint #       kubectl taint node 10.0.1.201 Ingress:NoExecute-     nodeSelector:       kubernetes.io/hostname: "10.4.7.111"     tolerations:     - operator: Exists ``` 服务的启动命令：kubectl apply -f dind.yaml kubectl -n kube-system get deployments.apps,pod,svc | grep dind