Managed Container

Docker Compose import

Import an existing docker-compose.yml as managed Container Apps in one step. The platform parses the file server-side, shows a non-destructive preview plan, and only creates resources after you confirm.

Back to Platform Help

What it does

Each compose service is mapped to a managed Container App or add-on. Always preview first; nothing is created until you apply.

  • Services with a prebuilt image become Container Apps.
  • redis, mysql/mariadb, postgres/timescale, and nats images become managed add-ons attached to the apps that depends_on them.
  • Environment keys matching PASSWORD, SECRET, TOKEN, API_KEY, or CREDENTIAL are stored as encrypted secrets; their values are never echoed back.
  • A host:container port keeps the container side; the host side is ignored (public exposure uses the platform domain and expose flow).
  • The first volume becomes the persistent mount; deploy.replicas is honored, capped at 10.
  • depends_on sets the creation order so backing services come up before their consumers.

Import from the panel

Drive the whole import from the management panel without leaving the browser.

  • Open the account, go to Platforms, and select the Container Apps tab.
  • Click Import from Docker Compose and paste or upload your docker-compose.yml.
  • Review the preview plan: apps, add-on mappings, env/secret key classification, warnings, unsupported services, and the app-quota check.
  • Confirm to apply. Apps are created in dependency order; deploy each app afterward.

Import from the terminal

The same import is available through cdnctl. Preview first, then apply with explicit confirmation.

cdnctl container compose preview --account <uuid> --file docker-compose.yml
cdnctl container compose apply --account <uuid> --file docker-compose.yml --yes
cdnctl container apps deploy --account <uuid> --app <app_uuid>

What is not supported

These compose features are rejected or ignored in v1. Apply is all-or-nothing, so an unsupported service blocks the whole import until removed.

  • build: services — publish a prebuilt image first.
  • command and entrypoint overrides — bake them into the image.
  • env_file and file-based compose secrets.
  • More than one persistent mount per service; only the first container-side path is kept.
  • More than 20 services, or a compose body larger than 256 KB.

Quotas and safety

  • Apply is all-or-nothing: if any app name conflicts or any service is unsupported, nothing is created.
  • The app-quota entitlement is a hard block; the preview reports whether the import fits before you confirm.
  • Secret values are never echoed back — preview and plan responses return key names only.