Develop Reference

Trouble converting docker-compose containing volume to Kubernetes manifest

I am learning Kubernetes and I am starting to convert an existing docker-compose.yml to Kuberbetes manifest one component at a time. Here is the component I am currently trying to convert
version: '3'
services:
mongodb:
container_name: mongodb
restart: always
hostname: mongo-db
image: mongo:latest
networks:
- mynetwork
volumes:
- c:/MongoDb:c:/data/db
ports:
- 27017:27017
networks:
mynetwork:
name: mynetwork
I am able to log into the Mongo instance when the container is running in Docker but I cannot get this working in Kubernetes. Here is the Kubernetes manifests I have tried so far
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb
spec:
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
image: mongo:latest
ports:
- containerPort: 27017
volumeMounts:
- name: mongodb-data
mountPath: /data/db
ports:
- containerPort: 27017
hostPort: 27017
volumes:
- name: mongodb-data
hostPath:
path: "C:\\MongoDb"
With this manifest I see the error Error: Error response from daemon: invalid mode: /data/db when I do a kubectl describe pods.
I understand the mapping of volumes from Docker to Kubernetes isn't 1-to-1, so is this reasonable to do in the Kubernetes space?
Thank you and apologies if this feels like a silly question.

Swarm: Traefik returning 404 on compose services

I have two devices running Docker; an Intel NUC and a Raspberry Pi. My NUC is used as a mediaplayer/mediaserver. This also is the manager node. The Pi is being used as Home Assistant and MQTT machine and is set as worker node. I wanted to add them to a swarm so I could use Traefik for reverse proxy and HTTPS on both machines.
NUC:
1 docker-compose file for Traefik, Consul and Portainer.
1 docker-compose file for my media apps (Sabnzbd, Transmission-vpn, Sonarr, Radarr etc).
Pi:
1 docker-compose file for Home Assistant, MQTT etc.
Traefik and Portainer are up and running. I got them setup with `docker stack deploy`. Next I tried to setup my media apps, but they don't need to be connected with the Pi so I tried `docker compose`. Portainer shows the apps are running, but when I go to their subdomain Traefik returns 404 page not found. This makes me conclude that apps running outside the swarm, but connected to Traefik don't work. They also don't show up in the Traefik dashboard.
docker-compose.traefik.yml - 'docker stack deploy'
version: '3.7'
networks:
traefik_proxy:
external: true
agent-network:
attachable: true
volumes:
consul-data-leader:
consul-data-replica:
portainer-data:
services:
consul-leader:
image: consul
command: agent -server -client=0.0.0.0 -bootstrap -ui
volumes:
- consul-data-leader:/consul/data
environment:
- CONSUL_BIND_INTERFACE=eth0
- 'CONSUL_LOCAL_CONFIG={"leave_on_terminate": true}'
networks:
- traefik_proxy
deploy:
labels:
- traefik.frontend.rule=Host:consul.${DOMAINNAME?Variable DOMAINNAME not set}
- traefik.enable=true
- traefik.port=8500
- traefik.tags=${TRAEFIK_PUBLIC_TAG:-traefik-public}
- traefik.docker.network=traefik_proxy
- traefik.frontend.entryPoints=http,https
- traefik.frontend.redirect.entryPoint=https
- traefik.frontend.auth.forward.address=http://oauth:4181
- traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User
- traefik.frontend.auth.forward.trustForwardHeader=true
consul-replica:
image: consul
command: agent -server -client=0.0.0.0 -retry-join="consul-leader"
volumes:
- consul-data-replica:/consul/data
environment:
- CONSUL_BIND_INTERFACE=eth0
- 'CONSUL_LOCAL_CONFIG={"leave_on_terminate": true}'
networks:
- traefik_proxy
deploy:
replicas: ${CONSUL_REPLICAS:-3}
placement:
preferences:
- spread: node.id
traefik:
image: traefik:v1.7
hostname: traefik
restart: always
networks:
- traefik_proxy
ports:
- target: 80
published: 80
- target: 443
published: 443
- target: 8080
published: 8145
deploy:
replicas: ${TRAEFIK_REPLICAS:-3}
placement:
constraints:
- node.role == manager
preferences:
- spread: node.id
labels:
traefik.enable: 'true'
traefik.backend: traefik
traefik.protocol: http
traefik.port: 8080
traefik.tags: traefik-public
traefik.frontend.rule: Host:traefik.${DOMAINNAME}
traefik.frontend.headers.SSLHost: traefik.${DOMAINNAME}
traefik.docker.network: traefik_proxy
traefik.frontend.passHostHeader: 'true'
traefik.frontend.headers.SSLForceHost: 'true'
traefik.frontend.headers.SSLRedirect: 'true'
traefik.frontend.headers.browserXSSFilter: 'true'
traefik.frontend.headers.contentTypeNosniff: 'true'
traefik.frontend.headers.forceSTSHeader: 'true'
traefik.frontend.headers.STSSeconds: 315360000
traefik.frontend.headers.STSIncludeSubdomains: 'true'
traefik.frontend.headers.STSPreload: 'true'
traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex
traefik.frontend.headers.customFrameOptionsValue: 'allow-from https:${DOMAINNAME}'
traefik.frontend.auth.forward.address: 'http://oauth:4181'
traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User
traefik.frontend.auth.forward.trustForwardHeader: 'true'
domainname: ${DOMAINNAME}
dns:
- 1.1.1.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${USERDIR}/docker/traefik:/etc/traefik
- ${USERDIR}/docker/shared:/shared
environment:
CF_API_EMAIL: ${CLOUDFLARE_EMAIL}
CF_API_KEY: ${CLOUDFLARE_API_KEY}
command:
#- "storeconfig" #This is the push to consul, secondary traefik must be created and interfaced to this traefik. Remove this traefik's open ports, it shuts down once consul is messaged.
- '--logLevel=INFO'
- '--InsecureSkipVerify=true' #for unifi controller to not throw internal server error message
- '--api'
- '--api.entrypoint=apiport'
- '--defaultentrypoints=http,https'
- '--entrypoints=Name:http Address::80 Redirect.EntryPoint:https'
- '--entrypoints=Name:https Address::443 TLS TLS.SniStrict:true TLS.MinVersion:VersionTLS12 CipherSuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256'
- '--entrypoints=Name:apiport Address::8080'
- '--file'
- '--file.directory=/etc/traefik/rules/'
- '--file.watch=true'
- '--acme'
- '--acme.storage=/etc/traefik/acme/acme.json'
- '--acme.entryPoint=https'
# not yet ready?
# - "--acme.TLS-ALPN-01=true"
- '--acme.dnsChallenge=true'
- '--acme.dnsChallenge.provider=cloudflare'
- '--acme.dnsChallenge.delayBeforeCheck=60'
- '--acme.dnsChallenge.resolvers=1.1.1.1,1.0.0.1'
- '--acme.onHostRule=true'
- '--acme.email=admin#${DOMAINNAME}'
- '--acme.acmeLogging=true'
- '--acme.domains=${DOMAINNAME},*.${DOMAINNAME},'
- '--acme.KeyType=RSA4096'
#Let's Encrypt's staging server,
#caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
- '--docker'
- '--docker.swarmMode'
- '--docker.domain=${DOMAINNAME}'
- '--docker.watch'
- '--docker.exposedbydefault=false'
#- "--consul"
#- "--consul.endpoint=consul:8500"
#- "--consul.prefix=traefik"
- '--retry'
- 'resolvers=[192,168.1.1:53,1.1.1.1:53,]'
depends_on:
- consul-leader
docker-compose.media.yml - 'docker compose'
sabnzbd:
image: linuxserver/sabnzbd
container_name: sabnzbd
restart: always
network_mode: service:transmission-vpn
# depends_on:
# - transmission-vpn
# ports:
# - '${SABNZBD_PORT}:8080'
volumes:
- ${USERDIR}/docker/sabnzbd:/config
- /media/Data/Downloads:/Downloads
# - ${USERDIR}/Downloads/incomplete:/incomplete-downloads
environment:
PUID: ${PUID}
PGID: ${PGID}
TZ: ${TZ}
UMASK_SET: 002
deploy:
replicas: 1
labels:
traefik.enable: 'true'
traefik.backend: sabnzbd
traefik.protocol: http
traefik.port: 8080
traefik.tags: traefik_proxy
traefik.frontend.rule: Host:sabnzbd.${DOMAINNAME}
# traefik.frontend.rule: Host:${DOMAINNAME}; PathPrefix: /sabnzbd
traefik.frontend.headers.SSLHost: sabnzbd.${DOMAINNAME}
traefik.docker.network: traefik_proxy
traefik.frontend.passHostHeader: 'true'
traefik.frontend.headers.SSLForceHost: 'true'
traefik.frontend.headers.SSLRedirect: 'true'
traefik.frontend.headers.browserXSSFilter: 'true'
traefik.frontend.headers.contentTypeNosniff: 'true'
traefik.frontend.headers.forceSTSHeader: 'true'
traefik.frontend.headers.STSSeconds: 315360000
traefik.frontend.headers.STSIncludeSubdomains: 'true'
traefik.frontend.headers.STSPreload: 'true'
traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex
# traefik.frontend.headers.frameDeny: "true" #customFrameOptionsValue overrides this
traefik.frontend.headers.customFrameOptionsValue: 'allow-from https:${DOMAINNAME}'
traefik.frontend.auth.forward.address: 'http://oauth:4181'
traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User
traefik.frontend.auth.forward.trustForwardHeader: 'true'
​
​
I already tried multiple things like removing the deploy command and just using labels etc but that didn't help at all. My Traefik logs also don't show anything that might be saying what's going wrong.

Are you running de .env file to set the environment variables? Because the feature .env is not currently supported by docker stack. You must source manually the .env running export $(cat .env) before running docker stack.

Traefik v2 listen on port

I am using Traefik v2 with Docker Swarm. I want to achieve the following routing:
mydomain.com:9000 -> Traefik dashboard
mydomain.com:5000 -> my application
docker-compose-traefik.yml
version: "3.7"
services:
traefik:
image: "traefik:v2.0"
networks:
- traefik-net
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker.swarmMode=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:5000"
ports:
- "80:80"
- "9000:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
traefik-net:
external:
name: traefik-net
docker-compose-whoami.yml
version: "3.7"
services:
whoami:
image: "jwilder/whoami"
networks:
- traefik-net
deploy:
replicas: 3
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=web"
- "traefik.http.services.whoami.loadbalancer.server.port=8000"
networks:
traefik-net:
external:
name: traefik-net
jwilder/whoami exposes port 8000 in its Dockerfile. I want to redirect port 5000 (my entrypoint defined in docker-compose-traefik.yml) to port 8000 in container.
I created network traefik-net with: docker network create -d bridge traefik-net.
I deployed both stacks with:
docker-stack deploy -c docker-compose-traefik.yml Traefik
docker-stack deploy -c docker-compose-whoami.yml Whoami
When I visit mydomain.com:9000 it opens Traefik dashboard as it should. When I visit mydomain.com:5000 it says that "This site can’t be reached".
My question is: How to redirect request to port 5000 (mydomain.com:5000) to port 8000 inside whoami container?

For anyone else having similar problems, I found a solution. I needed to change ports section in docker-compose-traefik.yml from
ports:
- "80:80"
- "9000:8080"
to
ports:
- "80:80"
- "9000:8080"
- "5000:5000" <-- add this
Hope this helps someone. :)

Docker Compose file to Docker Stack

I have found an awesome repo that uses docker-compose however I would like to use it Docker Cloud Stacks (I am a newbie).
What would I have to do to be able to swap it over?
docker-compose:
version: "2"
services:
mariadb:
image: wodby/mariadb:10.2-3.0.2
php:
# 1. Images with vanilla WordPress – wodby/wordpress:[WP_VERSION]-[PHP_VERSION]-[STABILITY_TAG].
image: wodby/wordpress:4-7.2-3.3.1
environment:
PHP_SENDMAIL_PATH: /usr/sbin/sendmail -t -i -S mailhog:1025
PHP_FPM_CLEAR_ENV: "no"
volumes:
- codebase:/var/www/html
nginx:
image: wodby/wordpress-nginx:4-1.13-3.0.2
environment:
NGINX_STATIC_CONTENT_OPEN_FILE_CACHE: "off"
NGINX_ERROR_LOG_LEVEL: debug
NGINX_BACKEND_HOST: php
volumes:
- codebase:/var/www/html
depends_on:
- php
labels:
- 'traefik.backend=nginx'
- 'traefik.port=80'
- 'traefik.frontend.rule=Host:wp.docker.localhost'
varnish:
image: wodby/wordpress-varnish:4.1-2.3.1
depends_on:
- nginx
environment:
VARNISH_SECRET: secret
VARNISH_BACKEND_HOST: nginx
VARNISH_BACKEND_PORT: 80
labels:
- 'traefik.backend=varnish'
- 'traefik.port=6081'
- 'traefik.frontend.rule=Host:varnish.wp.docker.localhost'
redis:
image: wodby/redis:4.0-2.1.4
blackfire:
image: blackfire/blackfire
environment:
BLACKFIRE_SERVER_ID:
BLACKFIRE_SERVER_TOKEN:
mailhog:
image: mailhog/mailhog
labels:
- 'traefik.backend=mailhog'
- 'traefik.port=8025'
- 'traefik.frontend.rule=Host:mailhog.wp.docker.localhost'
portainer:
image: portainer/portainer
command: --no-auth -H unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
labels:
- 'traefik.backend=portainer'
- 'traefik.port=9000'
- 'traefik.frontend.rule=Host:portainer.wp.docker.localhost'
traefik:
image: traefik
command: -c /dev/null --web --docker --logLevel=INFO
ports:
- '8000:80'
# - '8080:8080' # Dashboard
volumes:
- /var/run/docker.sock:/var/run/docker.sock
volumes:
codebase:

One host for multiple containers and switch container based on the path

I use traefik with a docker backend. Here is how I starter traefik:
$ cat docker-compose.yml
version: '2'
networks:
default:
external:
name: proxy
services:
traefik:
image: traefik
command: --web --docker --docker.domain=docker --logLevel=WARNING
container_name: traefik
ports:
- "80:80"
- "8080:8080"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /dev/null:/traefik.toml
labels:
- "traefik.frontend.rule=Host:dashboard.docker"
- "traefik.port=8080"
I want 2 containers, one that is the docker registry, and a second one is a UI for the registry. I would like that all HTTP request like registry.docker/v2/* go through the registry container, but any other requests (registry.docker/, registry.docker/repositories/20, ...) go through the UI container.
Here it's what I tried:
$ cat docker-compose.yml
version: '2'
networks:
default:
external:
name: proxy
services:
registry:
image: registry:2
container_name: registry
environment:
- REGISTRY_STORAGE_DELETE_ENABLED=true
labels:
- traefik.frontend.rule=Host:registry.docker, PathPrefix:/v2
- traefik.frontend.port=5000
registry-ui:
image: konradkleine/docker-registry-frontend:v2
container_name: registry-ui
environment:
- ENV_DOCKER_REGISTRY_HOST=registry.docker
- ENV_DOCKER_REGISTRY_PORT=80
- ENV_DOCKER_REGISTRY_USE_SSL=false
labels:
- traefik.frontend.rule=Host:registry.docker
But all requests go through the registry container. What should I change ?

I think you have a typo here, based on files I have, here is a possible solution
Try this :
version: '2'
networks:
default:
external:
name: proxy
services:
registry:
image: registry:2
container_name: registry
environment:
- REGISTRY_STORAGE_DELETE_ENABLED=true
labels:
- traefik.frontend.rule: Host:registry.docker;PathPrefix:/v2
- traefik.frontend.port: 5000
registry-ui:
image: konradkleine/docker-registry-frontend:v2
container_name: registry-ui
environment:
- ENV_DOCKER_REGISTRY_HOST=registry.docker
- ENV_DOCKER_REGISTRY_PORT=80
- ENV_DOCKER_REGISTRY_USE_SSL=false
labels:
- traefik.frontend.rule: Host:registry.docker