Skip to content

[BUG] Multi-container Pod settings gets applied to the first container #2054

New issue
New issue
Open
#2065
Open
[BUG] Multi-container Pod settings gets applied to the first container#2054
#2065
Assignees
hurzelpurzel
Labels
kind/bugCategorizes issue or PR as related to a bug.
@zkutasi

Description

@zkutasi
zkutasi
opened on Sep 3, 2025

Expected Behavior

If I have more than one service, and I use the label group-mode, things should be correctly mapped to the proper container.

Actual Behavior

It seems some, at least one mapping (SecurityContext) is mapped to the first container, and not the one the compose file defined that property

Steps To Reproduce

  1. Use the provided compose file
  2. Here dind container should be privileged, cup container is not
  3. Execute the conversion with
kompose convert --file docker-compose.yaml --service-group-mode label
  1. Here is the resulting deployment YAML
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kompose.cmd: kompose convert --file docker-compose.yaml --service-group-mode label
    kompose.service.group: cup
    kompose.version: 1.36.0 (ae2a39403)
  labels:
    io.kompose.service: cup
  name: cup
spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: cup
  template:
    metadata:
      annotations:
        kompose.cmd: kompose convert --file docker-compose.yaml --service-group-mode label
        kompose.service.group: cup
        kompose.version: 1.36.0 (ae2a39403)
      labels:
        io.kompose.service: cup
    spec:
      containers:
        - image: ghcr.io/sergi0g/cup:v3.4.0
          name: cup
          ports:
            - containerPort: 8000
              protocol: TCP
          securityContext:
            privileged: true
        - image: docker:28.1.1-dind
          name: dind
          ports:
            - containerPort: 2375
              protocol: TCP
      restartPolicy: Always
  1. So here, cup container became privileged and dind did not
  2. Change the name of dind to come alphabetically before cup (adind for example) and rerun
  3. It will be correct this time

Kompose Version

1.36.0 (ae2a39403)

Docker-Compose file

services:
  dind:
    container_name: dind
    image: docker:28.1.1-dind
    labels:
      kompose.service.group: cup
    ports:
      - 2375:2375
    privileged: True
  cup:
    container_name: cup
    depends_on:
      - dind
    image: ghcr.io/sergi0g/cup:v3.4.0
    labels:
      kompose.service.group: cup
    ports:
      - 8000:8000

Anything else?

Workaround is to properly order the containers.... but if you happen to have more than 2 containers in the compose stack, this becomes impossible.

Metadata

Metadata

Assignees

Labels

kind/bugCategorizes issue or PR as related to a bug.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions