podman works with TLS. It does not have the "--docker" siwtch so you have to remove that and use the exact replacement commands that were in that github comment.
#pormdn on IRC and this is what they said:
[01:47:58] <Remco> prologic: The podman executable doesn't understand anything docker, but podman does offer a compatibility api for the docker executable. So it would be the second in your or statement
I don't think Podman is compatible with the Docker API, onl the Docker CLI.
#pormdn on IRC and this is what they said:
[01:47:58] <Remco> prologic: The podman executable doesn't understand anything docker, but podman does offer a compatibility api for the docker executable. So it would be the second in your or statement
I don't think Podman is compatible with the Docker API, onl the Docker CLI.
#pormdn on IRC and this is what they said:
[01:47:58] <Remco> prologic: The podman executable doesn't understand anything docker, but podman does offer a compatibility api for the docker executable. So it would be the second in your or statement
I don't think Podman is compatible with the Docker API, onl the Docker CLI.
podman conforms to *some* of Docker's APIs and it's unclear to me which one you say it's *not* conforming to.You just have to Google "podman Docker API" and you find stuff like this: https://www.redhat.com/sysadmin/podman-rest-api
## What is Podman's REST API?
Podman's REST API consists of two components:
- A Docker-compatible portion called Compat API
- A native portion called Libpod API that provides access to additional features not available in Docker, including pods
Or this: https://docs.podman.io/en/latest/markdown/podman-system-service.1.html
> The REST API provided by podman system service is split into two parts: a compatibility layer offering support for the Docker v1.40 API, and a Podman-native Libpod layer.
[22:51:47] <prologic> bkhl you misunderstand what I'm asking :( I'm asking whether we can add TLS support to Podman the CLI / client? It looks like it doesn't understand how to connect to a typical Docker TCP service over TLS
[22:52:52] <prologic> e.g: Error: --docker additional options "ca=/Users/prologic/.docker/certs.d/localhost/ca.pem,key=/Users/prologic/.docker/certs.d/localhost/key.pem,cert=/Users/prologic/.docker/certs.d/localhost/cert.pem" not supported
[22:53:03] <prologic> When running: podman context create localhost --docker "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
[22:51:47] <prologic> bkhl you misunderstand what I'm asking :( I'm asking whether we can add TLS support to Podman the CLI / client? It looks like it doesn't understand how to connect to a typical Docker TCP service over TLS
[22:52:52] <prologic> e.g: Error: --docker additional options "ca=/Users/prologic/.docker/certs.d/localhost/ca.pem,key=/Users/prologic/.docker/certs.d/localhost/key.pem,cert=/Users/prologic/.docker/certs.d/localhost/cert.pem" not supported
[22:53:03] <prologic> When running: podman context create localhost --docker "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
[22:51:47] <prologic> bkhl you misunderstand what I'm asking :( I'm asking whether we can add TLS support to Podman the CLI / client? It looks like it doesn't understand how to connect to a typical Docker TCP service over TLS
[22:52:52] <prologic> e.g: Error: --docker additional options "ca=/Users/prologic/.docker/certs.d/localhost/ca.pem,key=/Users/prologic/.docker/certs.d/localhost/key.pem,cert=/Users/prologic/.docker/certs.d/localhost/cert.pem" not supported
[22:53:03] <prologic> When running: podman context create localhost --docker "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
$ podman --docker
Error: unknown flag: --docker
Why are you using a flag that
podman doesn't have?
$ podman context create --help
Record destination for the Podman service
Description:
Add destination to podman configuration.
"destination" is one of the form:
[user@]hostname (will default to ssh)
ssh://[user@]hostname[:port][/path] (will obtain socket path from service, if not given.)
tcp://hostname:port (not secured)
unix://path (absolute path required)
Usage:
podman context create [options] NAME DESTINATION
Options:
--default-stack-orchestrator string Ignored. Just for script compatibility
--description string Ignored. Just for script compatibility
--docker string Description of the context
--from string Ignored. Just for script compatibility
--kubernetes string Ignored. Just for script compatibility
$ podman context create --help
Record destination for the Podman service
Description:
Add destination to podman configuration.
"destination" is one of the form:
[user@]hostname (will default to ssh)
ssh://[user@]hostname[:port][/path] (will obtain socket path from service, if not given.)
tcp://hostname:port (not secured)
unix://path (absolute path required)
Usage:
podman context create [options] NAME DESTINATION
Options:
--default-stack-orchestrator string Ignored. Just for script compatibility
--description string Ignored. Just for script compatibility
--docker string Description of the context
--from string Ignored. Just for script compatibility
--kubernetes string Ignored. Just for script compatibility
$ podman context create --help
Record destination for the Podman service
Description:
Add destination to podman configuration.
"destination" is one of the form:
[user@]hostname (will default to ssh)
ssh://[user@]hostname[:port][/path] (will obtain socket path from service, if not given.)
tcp://hostname:port (not secured)
unix://path (absolute path required)
Usage:
podman context create [options] NAME DESTINATION
Options:
--default-stack-orchestrator string Ignored. Just for script compatibility
--description string Ignored. Just for script compatibility
--docker string Description of the context
--from string Ignored. Just for script compatibility
--kubernetes string Ignored. Just for script compatibility
docker context create does.
docker context create does.
docker context create does.
#!/bin/sh
set -e
alias docker=podman
if [ ! command -v docker > /dev/null 2>&1 ]; then
echo "docker not found"
exit 1
fi
mkdir -p $HOME/.docker/certs.d/cas
## key stuff omitted
# DO NOT DO THIS docker context create cas --docker "host=tcp://cas.run:2376,ca=$HOME/.docker/certs.d/cas/ca.pem,key=$HOME/.docker/certs.d/cas/key.pem,cert=$HOME/.docker/certs.d/cas/cert.pem"
# DO THIS:
podman system connection add "host=tcp://cas.run:2376,ca=$HOME/.docker/certs.d/cas/ca.pem,key=$HOME/.docker/certs.d/cas/key.pem,cert=$HOME/.docker/certs.d/cas/cert.pem"
# DO NOT DO THIS docker context use cas
# DO THIS:
podman system connection default cas
$ podman system connection add "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
Error: accepts 2 arg(s), received 1
I think this should be:
$ podman system connection add localhost "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
But now:
$ podman system connection list
Name URI Identity Default
localhost ssh://@[host=tcp:]:22 true
And this doesn't work 😢
$ podman system connection add "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
Error: accepts 2 arg(s), received 1
I think this should be:
$ podman system connection add localhost "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
But now:
$ podman system connection list
Name URI Identity Default
localhost ssh://@[host=tcp:]:22 true
And this doesn't work 😢
$ podman system connection add "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
Error: accepts 2 arg(s), received 1
I think this should be:
$ podman system connection add localhost "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
But now:
$ podman system connection list
Name URI Identity Default
localhost ssh://@[host=tcp:]:22 true
And this doesn't work 😢
$ podman ps
Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman socket: failed to connect: ssh: handshake failed: knownhosts: /Users/prologic/.ssh/known_hosts:43: address [host=tcp:]: missing port in address
$ podman ps
Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman socket: failed to connect: ssh: handshake failed: knownhosts: /Users/prologic/.ssh/known_hosts:43: address [host=tcp:]: missing port in address
$ podman ps
Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman socket: failed to connect: ssh: handshake failed: knownhosts: /Users/prologic/.ssh/known_hosts:43: address [host=tcp:]: missing port in address
docker commands to podman syntax would work but it looks like it's more subtle than that. Thanks for trying!The weird thing was I wasn't getting errors like that on my end when I tried it.
podman thought the connection was created, and it set it as the default. But I don't think it was sending anything over the wire. When I have more time to tinker with it maybe I'll play around and see if I can figure out what's up.