does not work on Docker for Mac

Question

does not work on Docker for Mac

Morriz opened this issue a year ago · 2 comments

Hi, the permissions for the docker sock on Mac are different, and just setting the GID of the docker daemon with user: '65534:1' (1 is the id of the daemon group that starts docker for Mac) like you suggested is giving permissions denied errors...

None of the permissions work except explicitly setting exact perms as the sock: user: '0:1'

Answer 1 · 2024-02-19T18:42:24.000Z

Well, neither this example deployment of Traefik nor socket-proxy is actually meant for Mac, but I'll take a look at it.

Answer 2 · 2024-02-19T19:29:17.000Z

You're right, it seems that socket-proxy does not work as user nobody on Mac and your solution is correct:

# [...]
  dockerproxy:
    image: wollomatic/socket-proxy:1 # see https://github.com/wollomatic/socket-proxy for reference
    command:
      - '-loglevel=info' # set to debug for far more logging
      - '-allowfrom=traefik'
      - '-listenip=0.0.0.0'
      - '-allowGET=/v1\..{1,2}/(version|containers/.*|events.*)' # this regexp allows readonly access only for requests that traefik needs
      - '-shutdowngracetime=5'
      - '-watchdoginterval=600'
      - '-stoponwatchdog'
    restart: unless-stopped
    read_only: true
    mem_limit: 64M
    cap_drop:
      - ALL
    security_opt:
      - no-new-privileges
    user: 0:1
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - docker-proxynet
# [...]

Still better than running Traefik as root with a mounted docker socket :-)