I create the secret with podman secret create , i see the secret created properly (podman secret ls )
then I try to use it inside the docker-compose.yml .
when I try to run docker-compose up , I get the following error:
Error response from daemon: runc: runc create failed: unable to start container process:
error during container init: error mounting "/var/lib/some-dir/tmp/secret_name.sec"
to rootfs at "/run/secrets/secret_name":
open /var/lib/containers/storage/overlay/b3eaa7599a7376c1c989bd7861859db208cbfb962d274bb640accfe62e7185a0/merged/run/secrets/secret_name:
read-only file system: OCI runtime error
Wait, why are you trying to use podman to create a secret for Docker containers? Are you really using Docker and not podman with an alias named as âdockerâ pointing to podman? Can you share the content of the compose file? At least the relevant part.
Hi,
thanks for your comment .
I create podman image and expect docker compose to create podman containers from this image
I am also trying to pass secrets to this container(first i try with external secret , but i undetstood that it not supported ,only on swarm mode, so i try with files)
I am using podman without alias of docker .
this is the relevant part :
can you please wrap your compose file into a preformated text block, either add [code]before and [/code] after the contend, or use ``` before and after instead.
What is a podman image? Doesnât it depend on buildah to create oci images? Docker uses buildkit under the hood to create oci images. Though, It shouldnât matter which tool is used to create an oci image. It also shouldnât matter which container runtime is unsed to create a container from an oci image.
docker-compose is a client for the docker api, which by default is accessible through the unix domain socket /run/docker.sock (and/or /var/run/docker.sock). Podman needs to create the unix domain socket at the same location pointing to its own docker complient api, for docker-compose to properly work.
Docker-compose does not really do secrets, as the result is technically not distinguishable from a read-only bind.
I forget to mention one important thing. docker-compose (=v1) is deprecated. It is superseded by the v2 docker-cli plugin.
If you feel docker-compose (=v1) or docker compose (=v2) should work with podman, the same way they work with the docker engine they were designed for, you might want to raise an issue in Podmanâs Github project and report how the docker engine behaves for your specific use case, and how podman behaves differently for it.