I'm trying to deploy an IMAP server using Docker Compose and Secrets for certificate management. But as soon as do docker-compose up -d, I get:
WARNING: Service "imap" uses secret "key" with uid, gid, or mode. These fields are not supported by this implementation of the Compose file
This warning is repeated for the cert secret as well.
I have checked already for compatibility between the installed compose version and the required version, everything seems OK.
I'm running on Docker engine version 17.06.0-ce, and Docker compose version 1.14.0.
And this is my compose file:
version: '3.1'
services:
imap:
image: cyrus
hostname: cyrus
volumes:
- my_volume_1
- my_volume_2
- my_volume_3
- my_volume_4
secrets:
- source: key
target: my.key
uid: '0'
gid: '109'
mode: 0640
- source: cert
target: my.crt
uid: '0'
gid: '109'
mode: 0640
ports:
- 110:110
- 143:143
- 993:993
- 995:995
- 4190:4190
restart: always
networks:
- mail
logger:
image: gliderlabs/logspout
hostname: logspout
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- mail
command: syslog://log-server-ip:514
networks:
mail:
driver: bridge
secrets:
key:
file: ./my.key
cert:
file: ./my.crt
This actually works, but the generated files inside the container have none of the properties they should have (uid: 0, gid: 109, mode: 0640), so I have to change the ownership and mode of the files manually during the container startup.
Any thought about it?
There's no proper Docker secrets support on docker-compose.
According to a comment by a contributor on a github issue,
The secrets implementation in docker-compose is a mock implementation using host binds. The actual secrets feature is only available to Swarm services, which can be deployed using docker stack deploy.
Those warnings are valid for any version of docker-compose.
(source)