apiVersion: v1
kind: List
items:
- apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: dockergc
  # You must grant privileged via: oc adm policy add-scc-to-user -z dockergc privileged
  # in order for the dockergc to access the docker socket and root directory
- apiVersion: extensions/v1beta1
  kind: DaemonSet
  metadata:
    name: dockergc
    labels:
      app: dockergc
  spec:
    template:
      metadata:
        labels:
          app: dockergc
        name: dockergc
      spec:
{# Only set nodeSelector if the dict is not empty #}
{% if r_docker_gc_node_selectors %}
        nodeSelector:
{% for k,v in r_docker_gc_node_selectors.items() %}
          {{ k }}: {{ v }}{% endfor %}{% endif %}

        serviceAccountName: dockergc
        containers:
        - image: openshift/origin:latest
          args:
          - "ex"
          - "dockergc"
          - "--image-gc-low-threshold=60"
          - "--image-gc-high-threshold=80"
          - "--minimum-ttl-duration=1h0m0s"
          securityContext:
            privileged: true
          name: dockergc
          resources:
            requests:
              memory: 30Mi
              cpu: 50m
          volumeMounts:
          - name: docker-root
            readOnly:  true
            mountPath: /var/lib/docker
          - name: docker-socket
            readOnly:  false
            mountPath: /var/run/docker.sock
        volumes:
        - name: docker-root
          hostPath:
            path: /var/lib/docker
        - name: docker-socket
          hostPath:
            path: /var/run/docker.sock