Start container with port and volumes
GiorgioBelli opened this issue · 6 comments
Hi everyone,
I'm trying to use this useful library but can't figure out how to run an encrypted image with port mapping.
What is the equivalent of docker run -p <host_port>: <container_port> ...?
Also, I can't figure out how to specify volumes when starting the encrypted container.
thanks for your help.
AFAIK, I don't think the docker CLI works with encrypted images yet, unless the transition to containerd backend has already been implemented.
@dmcgowan I remember there was a tracking issue for this, but can't find it, do you know if this is still in progress?
Thank you for replying,
sorry but i'm not looking for a way to run an encrypted image with docker. What i was asking is how to run an encrypted image with ctr-enc, specifing port mapping inside the command.
e.g. ctr-enc [args...] -p <host_port>:<container_port> ecrypted_image:tag container_name.
In docker there is the -p parameter but for this library what is the correct way to do this?
thank you again and sorry for misunderstanding.
I am not sure whether this port mapping is actually possible on the level of containerd/ctr. Does ctr of containerd support this? From a look at ctr run --help it doesn't seem to be the case. ctr-enc is only an (old) derivative of ctr that we use for testing.
nerdctl (https://github.com/AkihiroSuda/nerdctl) provides the equivalent of docker run -p for containerd: nerdctl run -p.
Currently nerdctl does not support decryption, but probably it is quite easy to support decryption.
nerdctl now supports running ocicrypt containers with port and volumes: https://github.com/AkihiroSuda/nerdctl/blob/master/docs/ocicrypt.md
The CLI is same as Docker: nerdctl run -d --name foo -p 80:80 -v /data:/data example.com/some-ocicrypt-image
Thank you for the answer, i'll give a look. I think we can close this issue.