I’ll try to answer my own question.
Solution:
Comment out the line “MountFlags=slave” in /etc/systemd/system/multi-user.target.wants/docker.service
Why:
With “MountFlags=slave” set, the systemd mounts the process’s root filesystem as “MS_SLAVE” which means any newly mounted filesystems within this process won’t be seen by the parent process. That’s why you won’t be able to see the overlay namespace in the host machine.