Document limitations of docker-in-gvisor

[stepancheg]

This page https://gvisor.dev/docs/tutorials/docker-in-gvisor/ does not mention issues with running docker in gvisor.

What I learned so far:

• standard docker:dind image cannot be used, must use custom initialization for docker like in images/basic/docker/start-dockerd.sh, in particular
  • enable ip forwarding
  • setup SNAT using iptables-legacy
  • most importantly, invoke dockerd with flags --iptables=false --ip6tables=false
• because of --iptables flag, docker run --expose flag does not work; docker run --network=host must be used if an inner container needs to have the port exposed

Please confirm this is correct, and I can submit a PR to that page.

[milantracy]

iirc docker:dind could be used before v28, then you may need to change entrypoint/cmd that starts dockerd like you mentioned here.

besides, running docker compose sees dns issue at 7469, which i am working on

otherwise, it looks fine to me