Start container with port and volumes

[GiorgioBelli]

Hi everyone,
I'm trying to use this useful library but can't figure out how to run an encrypted image with port mapping.
What is the equivalent of docker run -p <host_port>: <container_port> ...?
Also, I can't figure out how to specify volumes when starting the encrypted container.

thanks for your help.

[lumjjb]

AFAIK, I don't think the docker CLI works with encrypted images yet, unless the transition to containerd backend has already been implemented.

@dmcgowan I remember there was a tracking issue for this, but can't find it, do you know if this is still in progress?

[GiorgioBelli]

Thank you for replying,
sorry but i'm not looking for a way to run an encrypted image with docker. What i was asking is how to run an encrypted image with ctr-enc, specifing port mapping inside the command.
e.g. ctr-enc [args...] -p <host_port>:<container_port> ecrypted_image:tag container_name.

In docker there is the -p parameter but for this library what is the correct way to do this?

thank you again and sorry for misunderstanding.

[stefanberger]

I am not sure whether this port mapping is actually possible on the level of containerd/ctr. Does ctr of containerd support this? From a look at ctr run --help it doesn't seem to be the case. ctr-enc is only an (old) derivative of ctr that we use for testing.

[AkihiroSuda]

nerdctl (https://github.com/AkihiroSuda/nerdctl) provides the equivalent of docker run -p for containerd: nerdctl run -p.

Currently nerdctl does not support decryption, but probably it is quite easy to support decryption.

[AkihiroSuda]

nerdctl now supports running ocicrypt containers with port and volumes: https://github.com/AkihiroSuda/nerdctl/blob/master/docs/ocicrypt.md

The CLI is same as Docker: nerdctl run -d --name foo -p 80:80 -v /data:/data example.com/some-ocicrypt-image

[GiorgioBelli]

Thank you for the answer, i'll give a look. I think we can close this issue.