Allow built images to be squash to scratch.
Squashing does not destroy any images or layers, and preserves the
build cache.
Introduce a new CLI argument --squash to docker build
Introduce a new param to the build API endpoint `squash`
Once the build is complete, docker creates a new image loading the diffs
from each layer into a single new layer and references all the parent's
layers.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 362369b4bbea38881402d281ee2015d16e8b10ce
Component: engine
If user namespaces is enabled on the daemon, reveal that via docker info
by adding "userns" to the list of security options reported by the
info endpoint.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Upstream-commit: ae74092e450f1f2665b90257b65513cc0c19702f
Component: engine
Update docs for dockerd.md about `max-concurrent-downloads/max-concurrent-uploads`
Upstream-commit: 0fb23fb6bc59f406a7e532385f27e31374260966
Component: engine
It seems that `max-concurrent-downloads` and `max-concurrent-uploads`
are supported in Windows for `config.json`. Though that was not
mentioned in the docs for dockerd.md.
This fix adds the following to the example `config.json` file for Windows:
```
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
```
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 1f660febbd114f40e5232ba3137ac4f912ab53cc
Component: engine
--group-add was used for specifying groups for both service create
and service update. For create it was confusing since we don't have
an existing set of groups. Instead I added --group to create, and
moved --group-add to service update only, like --group-rm
This deals with issue 27646
Signed-off-by: Lily Guo <lily.guo@docker.com>
Update flag documentation
Specify that --group, --group-add and --groupd-rm refers to
supplementary user groups
Signed-off-by: Lily Guo <lily.guo@docker.com>
Fix docs for groups and update completion scripts
Signed-off-by: Lily Guo <lily.guo@docker.com>
Upstream-commit: 2f58494ae6e796325329f849cf547bcf94bb68e3
Component: engine
As for `ps`, `images`, `network ls` and `volume ls`, this makes it
possible to define a custom default format.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 12cae3a590a92f0d908c03c172aec974957b3785
Component: engine
A HealthConfig entry was added to the ContainerSpec associated with the
service being created or updated.
Signed-off-by: Cezar Sa Espinola <cezarsa@gmail.com>
Upstream-commit: 7bd2611789e6898576f7229255c238f7c1129293
Component: engine
This fix tries to address the issue in 24712 and add
`--env-file` file to `docker create service`.
Related documentation has been updated.
An additional integration has been added.
This fix fixes 24712.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: ee3105c68a94411f2c019324bd71c56e9663a80d
Component: engine
The --name flag was inadvertently added to
docker service update, but is not supported,
as it has various side-effects (e.g., existing
tasks are not renamed).
This removes the flag from the service update
command.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 047e44eeb186a8bde41765a44c5966a150fa84f3
Component: engine
containers may specify these cgroup values at runtime. This will allow
processes to change their priority to real-time within the container
when CONFIG_RT_GROUP_SCHED is enabled in the kernel. See #22380.
Also added sanity checks for the new --cpu-rt-runtime and --cpu-rt-period
flags to ensure that that the kernel supports these features and that
runtime is not greater than period.
Daemon will support a --cpu-rt-runtime flag to initialize the parent
cgroup on startup, this prevents the administrator from alotting runtime
to docker after each restart.
There are additional checks that could be added but maybe too far? Check
parent cgroups to ensure values are <= parent, inspecting rtprio ulimit
and issuing a warning.
Signed-off-by: Erik St. Martin <alakriti@gmail.com>
Upstream-commit: 56f77d5ade945b3b8816a6c8acb328b7c6dce9a7
Component: engine
The following sentences (introduced in v1.11 via #21160) were misleading for Swarm mode services (>= v1.12)
For networks backed by multi-host network driver, such as Overlay,
this command also shows the container endpoints in other hosts in the
cluster. These endpoints are represented as "ep-{endpoint-id}" in the output.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Upstream-commit: 2c288e60db1ecd47842e92432fbe0ab367033374
Component: engine
Currently, there's no way to restart the tasks of a service without
making an actual change to the service. This leads to us giving awkward
workarounds as in
https://github.com/docker/docker.github.io/pull/178/files, where we tell
people to scale a service up and down to restore balance, or make
unnecessary changes to trigger a restart.
This change adds a --force option to "docker service update", which
forces the service to be updated even if no changes require that.
Since rolling update parameters are respected, the user can use
"docker service --force" to do a rolling restart. For example, the
following is supported:
docker service update --force --update-parallelism 2 \
--update-delay 5s myservice
Since the default value of --update-parallelism is 1, the default
behavior is to restart the service one task at a time.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: c9fdf9abf8d6443598808809b900d96e04adfcb1
Component: engine
Passing {{.Networks}} to the format parameter will prompt ps to
display all the networks the container is connected to.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: a43d9bb9c399958e64deb5e827e6716ad1ef0e41
Component: engine
