compdemocracy
Make exposed ports more configurable (docker, podman)
Re-ticketed from https://codetales.io/blog/three-underutilized-docker-compose-features
Podman / Lima unlike Docker tend to encourage users to run containers rootless, which generally seems like a reasonable security measure, but means that things like maildev on port 25 run into permission errors. Once I get a little further into this I may ask about some options (perhaps a second compose yml file) that keeps ports above 1024. -- @willcohen
Regarding the maildev port; I don't know how strict the port requirements are there. It may not be a big deal to move that if it's just for the dev environment. -- @metasoarous
Problem: Our docker-compose file hardcodes exposed ports. These might conflict with something locally, or be inappropriate for some tools.
Suggested solution:
- Allow overridable defaults (see tutorial), or
- use docker's ephemeral ports and maybe helper script (explanation)
Alternative suggestions: Only one of above need be used, but not sure which is best. (1) seems simpler.
Additional context:
Would also be helpful to consider that some exposed ports will only be for development services (e.g. node debugging port), so the solution should consider that, and not make hard assumptions about which are available in any given docker-compose up situation.
As a piece of feedback going in -- I ran into this when initially running through podman stuff, so yes, generally in favor.
As a final note, the one big issue still outstanding with podman on Mac is that the dev workflow can't mount a directory transparently. Still working on getting stuff https://github.com/NixOS/nixpkgs/pull/122420 upstreamed to QEMU (this really is a rabbit hole I didn't expect to go down when the whole thing started), at which point podman should be able to rely on that better, at which point the docker compose dev yml should fully work on Mac via podman.
