Skip to content

Feature Request: Support --expose and --publish-all (-P) flags in nerdctl run #4689

New issue
New issue
Open
Open
Feature Request: Support --expose and --publish-all (-P) flags in nerdctl run#4689
@tinovyatkin

Description

@tinovyatkin
tinovyatkin
opened on Jan 11, 2026

Summary

The nerdctl run command is missing support for the --expose and --publish-all (-P) flags that are available in Docker CLI. These flags are essential for Docker compatibility and are commonly used in development tooling.

Docker Documentation

From Docker run reference:

--expose

Exposes a port without publishing it to the host system's interfaces. This makes the port available to linked containers.

docker run --expose 80 nginx:alpine

-P / --publish-all

Publishes all exposed ports to random ports on the host. Docker binds each exposed port to a random port within an ephemeral port range.

docker run -P nginx:alpine

These flags work together: --expose declares which ports should be published, while -P makes them accessible on the host through random port assignments.

Podman Compatibility

Podman fully supports both flags:

  • --expose: Expose a port or range of ports (e.g., --expose=3300-3310)
  • -P/--publish-all: Publish all exposed ports to random ports on the host interfaces

Reference: Podman run documentation

Use Cases

  1. IDE/Editor Extensions: VS Code Docker extension and similar tools use --expose with -P to dynamically expose application ports during development without requiring users to specify exact port mappings.

  2. Development Workflows: Developers running multiple instances of the same service need random port allocation to avoid conflicts.

  3. Container Orchestration: Some orchestration tools rely on -P for service discovery patterns.

Current Workaround

For VS Code Docker extension users, a workaround has been implemented in PR #327 that logs warnings when these unsupported flags are used with Finch/nerdctl.

Expected Behavior

# Expose port 80 and publish it to a random host port
nerdctl run --expose 80 -P nginx:alpine

# Verify the port mapping
nerdctl port <container_id>
# Output: 80/tcp -> 0.0.0.0:49153

Additional Context

This feature gap was identified while implementing Finch support for the VS Code Docker extension. Full Docker CLI compatibility for these networking flags would improve the developer experience for users choosing Finch/nerdctl as their container runtime.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions