Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/eriksjolund/podman-traefik-socket-activation
Demo of how to run socket-activated Traefik with Podman. Source IP address is preserved.
https://github.com/eriksjolund/podman-traefik-socket-activation
container demo podman socket-activation systemd-service traefik
Last synced: about 11 hours ago
JSON representation
Demo of how to run socket-activated Traefik with Podman. Source IP address is preserved.
- Host: GitHub
- URL: https://github.com/eriksjolund/podman-traefik-socket-activation
- Owner: eriksjolund
- License: apache-2.0
- Created: 2024-06-23T11:13:08.000Z (8 months ago)
- Default Branch: main
- Last Pushed: 2024-12-31T13:03:14.000Z (about 1 month ago)
- Last Synced: 2024-12-31T14:18:01.587Z (about 1 month ago)
- Topics: container, demo, podman, socket-activation, systemd-service, traefik
- Homepage:
- Size: 25.4 KB
- Stars: 14
- Watchers: 2
- Forks: 1
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# podman-traefik-socket-activation
This demo shows how to run a socket-activated traefik container with Podman.
See also the tutorials [Podman socket activation](https://github.com/containers/podman/blob/main/docs/tutorials/socket_activation.md) and
[podman-nginx-socket-activation](https://github.com/eriksjolund/podman-nginx-socket-activation).
Overview of the examples
| Example | Type of service | Ports | Using quadlet | rootful/rootless podman | Comment |
| -- | -- | -- | -- | -- | -- |
| [Example 1](examples/example1) | systemd user service | 80, 443 | yes | rootless podman | |
### Advantages of using rootless Podman with socket activation
See https://github.com/eriksjolund/podman-nginx-socket-activation?tab=readme-ov-file#advantages-of-using-rootless-podman-with-socket-activation
### Discussion about SELinux
When using the traefik option __--providers.docker__, traefik needs access to a unix socket
that provides the Docker API. By default the path to the unix socket is _/var/run/docker.sock_.
SELinux will by default block access to the file.
Currently, the problem is worked around by disabling SELinux for the traefik container.
The quadlet unit file contains this line:
```
SecurityLabelDisable=true
```
Another workaround could have been to bind-mount the unix socket with the `:z` option,
but that would change the file context of the unix socket which might cause problems for
other programs.
See also
https://bugzilla.redhat.com/show_bug.cgi?id=1495053#c2