Compare commits
109 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 100c70180f | |||
| 7502d7e560 | |||
| 4d718932c1 | |||
| 826eaafa6d | |||
| 308624c3b1 | |||
| de7d866b6a | |||
| aa7e414fdc | |||
| 240e4b5501 | |||
| 5d4776bd90 | |||
| 1841277463 | |||
| 49e9c2ae3d | |||
| 87a3ce2699 | |||
| 1d8abed17d | |||
| fd82621d35 | |||
| e5ca16bda7 | |||
| 31dad66f9a | |||
| 113c5b526a | |||
| c73edb36ca | |||
| 80f673bf9e | |||
| 3d4cc8e699 | |||
| 30277a8f80 | |||
| 994ed4085b | |||
| b10a23a46f | |||
| 26d906094a | |||
| 9c091c4346 | |||
| a13500b745 | |||
| cfef3a7dc1 | |||
| 53426025c3 | |||
| 573a664639 | |||
| cf0ab7ac4c | |||
| d05fd4ffc8 | |||
| 870f138250 | |||
| 7ffc243093 | |||
| 198d6b8724 | |||
| 55a14ec851 | |||
| 1f9a0df05a | |||
| 4ae338b33a | |||
| 6380142dd4 | |||
| 82f422fcf3 | |||
| 80fd77903b | |||
| c3d4d623c8 | |||
| 2e82d11def | |||
| 738a6ee1cc | |||
| 246d96bb6c | |||
| 2fd0f17057 | |||
| 5fa500000a | |||
| 1e6a8ce2b7 | |||
| 81d965569d | |||
| 6f7a931a2d | |||
| 16169434a4 | |||
| 91bab605f7 | |||
| a224086349 | |||
| a282e0c5d2 | |||
| f3764ff5f9 | |||
| 700364e304 | |||
| 62d27c32ff | |||
| c0e952cf04 | |||
| 04104a04d3 | |||
| b721998b7b | |||
| 4065e1246e | |||
| f1002eb9fb | |||
| e97c7b240e | |||
| aa78937634 | |||
| 40fe0573aa | |||
| c9737e1c37 | |||
| 5c6723d080 | |||
| 59a8a0906f | |||
| 3f9857e6a8 | |||
| fd5fc61ecd | |||
| 3624019d83 | |||
| 96f2cf80ab | |||
| f3ff8e6ad6 | |||
| ee1ac1b319 | |||
| e91ed5707e | |||
| 38dd744a11 | |||
| cedc602a78 | |||
| 4de40a825e | |||
| dea9396e18 | |||
| 03fa8f92c8 | |||
| b485636f4b | |||
| 241523cc1a | |||
| 9989fdbc40 | |||
| 0e20c1fd21 | |||
| c4cb29837f | |||
| 0b56256638 | |||
| 1c0927a041 | |||
| 82f9d5921b | |||
| adb01ca79d | |||
| 8260476a06 | |||
| aa5b6b7728 | |||
| 859e303655 | |||
| bce2e1f953 | |||
| 44064f51c8 | |||
| 292779add5 | |||
| f2e79b826c | |||
| fa46b92361 | |||
| 400f81089a | |||
| c72057c8db | |||
| 77db97d595 | |||
| cbf0d2b7b7 | |||
| d0014a86bc | |||
| 6c1c8b55aa | |||
| c2ea9bc90b | |||
| 44fdac11f5 | |||
| 893e52cf4b | |||
| 061051c24d | |||
| 62eae52c2a | |||
| 2012fbf111 | |||
| 42d1c02750 |
@ -42,7 +42,7 @@ jobs:
|
||||
docker: [{image: 'docker:20.10-git'}]
|
||||
environment:
|
||||
DOCKER_BUILDKIT: 1
|
||||
BUILDX_VERSION: "v0.5.1"
|
||||
BUILDX_VERSION: "v0.8.2"
|
||||
parallelism: 3
|
||||
steps:
|
||||
- checkout
|
||||
|
||||
22
Dockerfile
22
Dockerfile
@ -1,22 +1,12 @@
|
||||
# syntax=docker/dockerfile:1.3
|
||||
|
||||
ARG BASE_VARIANT=alpine
|
||||
ARG GO_VERSION=1.16.6
|
||||
ARG GO_VERSION=1.17.11
|
||||
ARG XX_VERSION=1.1.0
|
||||
|
||||
FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-${BASE_VARIANT} AS gostable
|
||||
FROM --platform=$BUILDPLATFORM golang:1.17rc1-${BASE_VARIANT} AS golatest
|
||||
FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
|
||||
|
||||
FROM gostable AS go-linux
|
||||
FROM gostable AS go-darwin
|
||||
FROM gostable AS go-windows-amd64
|
||||
FROM gostable AS go-windows-386
|
||||
FROM gostable AS go-windows-arm
|
||||
FROM golatest AS go-windows-arm64
|
||||
FROM go-windows-${TARGETARCH} AS go-windows
|
||||
|
||||
FROM --platform=$BUILDPLATFORM tonistiigi/xx@sha256:620d36a9d7f1e3b102a5c7e8eff12081ac363828b3a44390f24fa8da2d49383d AS xx
|
||||
|
||||
FROM go-${TARGETOS} AS build-base-alpine
|
||||
FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-${BASE_VARIANT} AS build-base-alpine
|
||||
COPY --from=xx / /
|
||||
RUN apk add --no-cache clang lld llvm file git
|
||||
WORKDIR /go/src/github.com/docker/cli
|
||||
@ -26,7 +16,7 @@ ARG TARGETPLATFORM
|
||||
# gcc is installed for libgcc only
|
||||
RUN xx-apk add --no-cache musl-dev gcc
|
||||
|
||||
FROM go-${TARGETOS} AS build-base-buster
|
||||
FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-buster AS build-base-buster
|
||||
COPY --from=xx / /
|
||||
RUN apt-get update && apt-get install --no-install-recommends -y clang lld file
|
||||
WORKDIR /go/src/github.com/docker/cli
|
||||
@ -54,7 +44,7 @@ RUN --mount=ro --mount=type=cache,target=/root/.cache \
|
||||
TARGET=/out ./scripts/build/binary && \
|
||||
xx-verify $([ "$GO_LINKMODE" = "static" ] && echo "--static") /out/docker
|
||||
|
||||
FROM build-base-${BASE_VARIANT} AS dev
|
||||
FROM build-base-${BASE_VARIANT} AS dev
|
||||
COPY . .
|
||||
|
||||
FROM scratch AS binary
|
||||
|
||||
@ -4,7 +4,7 @@ clone_folder: c:\gopath\src\github.com\docker\cli
|
||||
|
||||
environment:
|
||||
GOPATH: c:\gopath
|
||||
GOVERSION: 1.16.6
|
||||
GOVERSION: 1.17.11
|
||||
DEPVERSION: v0.4.1
|
||||
|
||||
install:
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
//go:build !windows
|
||||
// +build !windows
|
||||
|
||||
package manager
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
//go:build !windows
|
||||
// +build !windows
|
||||
|
||||
package manager
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
//go:build !windows
|
||||
// +build !windows
|
||||
|
||||
package container
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
//go:build !windows
|
||||
// +build !windows
|
||||
|
||||
package container
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
//go:build !windows
|
||||
// +build !windows
|
||||
|
||||
package build
|
||||
|
||||
@ -1,5 +1,3 @@
|
||||
// +build windows
|
||||
|
||||
package build
|
||||
|
||||
import (
|
||||
|
||||
@ -63,17 +63,14 @@ func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInf
|
||||
indexServer := registry.GetAuthConfigKey(index)
|
||||
isDefaultRegistry := indexServer == ElectAuthServer(context.Background(), cli)
|
||||
authConfig, err := GetDefaultAuthConfig(cli, true, indexServer, isDefaultRegistry)
|
||||
if authConfig == nil {
|
||||
authConfig = &types.AuthConfig{}
|
||||
}
|
||||
if err != nil {
|
||||
fmt.Fprintf(cli.Err(), "Unable to retrieve stored credentials for %s, error: %s.\n", indexServer, err)
|
||||
}
|
||||
err = ConfigureAuth(cli, "", "", authConfig, isDefaultRegistry)
|
||||
err = ConfigureAuth(cli, "", "", &authConfig, isDefaultRegistry)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return EncodeAuthToBase64(*authConfig)
|
||||
return EncodeAuthToBase64(authConfig)
|
||||
}
|
||||
}
|
||||
|
||||
@ -92,7 +89,7 @@ func ResolveAuthConfig(ctx context.Context, cli Cli, index *registrytypes.IndexI
|
||||
|
||||
// GetDefaultAuthConfig gets the default auth config given a serverAddress
|
||||
// If credentials for given serverAddress exists in the credential store, the configuration will be populated with values in it
|
||||
func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, isDefaultRegistry bool) (*types.AuthConfig, error) {
|
||||
func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, isDefaultRegistry bool) (types.AuthConfig, error) {
|
||||
if !isDefaultRegistry {
|
||||
serverAddress = registry.ConvertToHostname(serverAddress)
|
||||
}
|
||||
@ -101,13 +98,15 @@ func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, is
|
||||
if checkCredStore {
|
||||
authconfig, err = cli.ConfigFile().GetAuthConfig(serverAddress)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return types.AuthConfig{
|
||||
ServerAddress: serverAddress,
|
||||
}, err
|
||||
}
|
||||
}
|
||||
authconfig.ServerAddress = serverAddress
|
||||
authconfig.IdentityToken = ""
|
||||
res := types.AuthConfig(authconfig)
|
||||
return &res, nil
|
||||
return res, nil
|
||||
}
|
||||
|
||||
// ConfigureAuth handles prompting of user's username and password if needed
|
||||
|
||||
@ -114,22 +114,19 @@ func runLogin(dockerCli command.Cli, opts loginOptions) error { //nolint: gocycl
|
||||
var response registrytypes.AuthenticateOKBody
|
||||
isDefaultRegistry := serverAddress == authServer
|
||||
authConfig, err := command.GetDefaultAuthConfig(dockerCli, opts.user == "" && opts.password == "", serverAddress, isDefaultRegistry)
|
||||
if authConfig == nil {
|
||||
authConfig = &types.AuthConfig{}
|
||||
}
|
||||
if err == nil && authConfig.Username != "" && authConfig.Password != "" {
|
||||
response, err = loginWithCredStoreCreds(ctx, dockerCli, authConfig)
|
||||
response, err = loginWithCredStoreCreds(ctx, dockerCli, &authConfig)
|
||||
}
|
||||
if err != nil || authConfig.Username == "" || authConfig.Password == "" {
|
||||
err = command.ConfigureAuth(dockerCli, opts.user, opts.password, authConfig, isDefaultRegistry)
|
||||
err = command.ConfigureAuth(dockerCli, opts.user, opts.password, &authConfig, isDefaultRegistry)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
response, err = clnt.RegistryLogin(ctx, *authConfig)
|
||||
response, err = clnt.RegistryLogin(ctx, authConfig)
|
||||
if err != nil && client.IsErrConnectionFailed(err) {
|
||||
// If the server isn't responding (yet) attempt to login purely client side
|
||||
response, err = loginClientSide(ctx, *authConfig)
|
||||
response, err = loginClientSide(ctx, authConfig)
|
||||
}
|
||||
// If we (still) have an error, give up
|
||||
if err != nil {
|
||||
@ -152,7 +149,7 @@ func runLogin(dockerCli command.Cli, opts loginOptions) error { //nolint: gocycl
|
||||
}
|
||||
}
|
||||
|
||||
if err := creds.Store(configtypes.AuthConfig(*authConfig)); err != nil {
|
||||
if err := creds.Store(configtypes.AuthConfig(authConfig)); err != nil {
|
||||
return errors.Errorf("Error saving credentials: %v", err)
|
||||
}
|
||||
|
||||
|
||||
@ -145,7 +145,21 @@ func TestGetDefaultAuthConfig(t *testing.T) {
|
||||
assert.Check(t, is.Equal(tc.expectedErr, err.Error()))
|
||||
} else {
|
||||
assert.NilError(t, err)
|
||||
assert.Check(t, is.DeepEqual(tc.expectedAuthConfig, *authconfig))
|
||||
assert.Check(t, is.DeepEqual(tc.expectedAuthConfig, authconfig))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetDefaultAuthConfig_HelperError(t *testing.T) {
|
||||
cli := test.NewFakeCli(&fakeClient{})
|
||||
errBuf := new(bytes.Buffer)
|
||||
cli.SetErr(errBuf)
|
||||
cli.ConfigFile().CredentialsStore = "fake-does-not-exist"
|
||||
serverAddress := "test-server-address"
|
||||
expectedAuthConfig := types.AuthConfig{
|
||||
ServerAddress: serverAddress,
|
||||
}
|
||||
authconfig, err := GetDefaultAuthConfig(cli, true, serverAddress, serverAddress == "https://index.docker.io/v1/")
|
||||
assert.Check(t, is.DeepEqual(expectedAuthConfig, authconfig))
|
||||
assert.Check(t, is.ErrorContains(err, "docker-credential-fake-does-not-exist"))
|
||||
}
|
||||
|
||||
@ -14,6 +14,7 @@ import (
|
||||
"github.com/docker/cli/templates"
|
||||
"github.com/docker/docker/api/types"
|
||||
"github.com/docker/docker/api/types/swarm"
|
||||
"github.com/docker/docker/api/types/versions"
|
||||
"github.com/docker/go-units"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
@ -211,9 +212,6 @@ func prettyPrintServerInfo(dockerCli command.Cli, info types.Info) []error {
|
||||
for _, o := range so.Options {
|
||||
switch o.Key {
|
||||
case "profile":
|
||||
if o.Value != "default" {
|
||||
fmt.Fprintln(dockerCli.Err(), " WARNING: You're not using the default seccomp profile")
|
||||
}
|
||||
fmt.Fprintln(dockerCli.Out(), " Profile:", o.Value)
|
||||
}
|
||||
}
|
||||
@ -378,6 +376,9 @@ func printSwarmInfo(dockerCli command.Cli, info types.Info) {
|
||||
}
|
||||
|
||||
func printServerWarnings(dockerCli command.Cli, info types.Info) {
|
||||
if versions.LessThan(dockerCli.Client().ClientVersion(), "1.42") {
|
||||
printSecurityOptionsWarnings(dockerCli, info)
|
||||
}
|
||||
if len(info.Warnings) > 0 {
|
||||
fmt.Fprintln(dockerCli.Err(), strings.Join(info.Warnings, "\n"))
|
||||
return
|
||||
@ -387,6 +388,29 @@ func printServerWarnings(dockerCli command.Cli, info types.Info) {
|
||||
printServerWarningsLegacy(dockerCli, info)
|
||||
}
|
||||
|
||||
// printSecurityOptionsWarnings prints warnings based on the security options
|
||||
// returned by the daemon.
|
||||
// DEPRECATED: warnings are now generated by the daemon, and returned in
|
||||
// info.Warnings. This function is used to provide backward compatibility with
|
||||
// daemons that do not provide these warnings. No new warnings should be added
|
||||
// here.
|
||||
func printSecurityOptionsWarnings(dockerCli command.Cli, info types.Info) {
|
||||
if info.OSType == "windows" {
|
||||
return
|
||||
}
|
||||
kvs, _ := types.DecodeSecurityOptions(info.SecurityOptions)
|
||||
for _, so := range kvs {
|
||||
if so.Name != "seccomp" {
|
||||
continue
|
||||
}
|
||||
for _, o := range so.Options {
|
||||
if o.Key == "profile" && o.Value != "default" && o.Value != "builtin" {
|
||||
_, _ = fmt.Fprintln(dockerCli.Err(), "WARNING: You're not using the default seccomp profile")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// printServerWarningsLegacy generates warnings based on information returned by the daemon.
|
||||
// DEPRECATED: warnings are now generated by the daemon, and returned in
|
||||
// info.Warnings. This function is used to provide backward compatibility with
|
||||
|
||||
@ -104,14 +104,18 @@ func LoadFromReader(configData io.Reader) (*configfile.ConfigFile, error) {
|
||||
return &configFile, err
|
||||
}
|
||||
|
||||
// TODO remove this temporary hack, which is used to warn about the deprecated ~/.dockercfg file
|
||||
var printLegacyFileWarning bool
|
||||
|
||||
// Load reads the configuration files in the given directory, and sets up
|
||||
// the auth config information and returns values.
|
||||
// FIXME: use the internal golang config parser
|
||||
func Load(configDir string) (*configfile.ConfigFile, error) {
|
||||
printLegacyFileWarning = false
|
||||
cfg, _, err := load(configDir)
|
||||
return cfg, err
|
||||
}
|
||||
|
||||
// TODO remove this temporary hack, which is used to warn about the deprecated ~/.dockercfg file
|
||||
// so we can remove the bool return value and collapse this back into `Load`
|
||||
func load(configDir string) (*configfile.ConfigFile, bool, error) {
|
||||
printLegacyFileWarning := false
|
||||
|
||||
if configDir == "" {
|
||||
configDir = Dir()
|
||||
@ -127,11 +131,11 @@ func Load(configDir string) (*configfile.ConfigFile, error) {
|
||||
if err != nil {
|
||||
err = errors.Wrap(err, filename)
|
||||
}
|
||||
return configFile, err
|
||||
return configFile, printLegacyFileWarning, err
|
||||
} else if !os.IsNotExist(err) {
|
||||
// if file is there but we can't stat it for any reason other
|
||||
// than it doesn't exist then stop
|
||||
return configFile, errors.Wrap(err, filename)
|
||||
return configFile, printLegacyFileWarning, errors.Wrap(err, filename)
|
||||
}
|
||||
|
||||
// Can't find latest config file so check for the old one
|
||||
@ -140,16 +144,16 @@ func Load(configDir string) (*configfile.ConfigFile, error) {
|
||||
printLegacyFileWarning = true
|
||||
defer file.Close()
|
||||
if err := configFile.LegacyLoadFromReader(file); err != nil {
|
||||
return configFile, errors.Wrap(err, filename)
|
||||
return configFile, printLegacyFileWarning, errors.Wrap(err, filename)
|
||||
}
|
||||
}
|
||||
return configFile, nil
|
||||
return configFile, printLegacyFileWarning, nil
|
||||
}
|
||||
|
||||
// LoadDefaultConfigFile attempts to load the default config file and returns
|
||||
// an initialized ConfigFile struct if none is found.
|
||||
func LoadDefaultConfigFile(stderr io.Writer) *configfile.ConfigFile {
|
||||
configFile, err := Load(Dir())
|
||||
configFile, printLegacyFileWarning, err := load(Dir())
|
||||
if err != nil {
|
||||
fmt.Fprintf(stderr, "WARNING: Error loading config file: %v\n", err)
|
||||
}
|
||||
|
||||
@ -119,7 +119,7 @@ func (configFile *ConfigFile) LegacyLoadFromReader(configData io.Reader) error {
|
||||
// LoadFromReader reads the configuration data given and sets up the auth config
|
||||
// information with given directory and populates the receiver object
|
||||
func (configFile *ConfigFile) LoadFromReader(configData io.Reader) error {
|
||||
if err := json.NewDecoder(configData).Decode(&configFile); err != nil && !errors.Is(err, io.EOF) {
|
||||
if err := json.NewDecoder(configData).Decode(configFile); err != nil && !errors.Is(err, io.EOF) {
|
||||
return err
|
||||
}
|
||||
var err error
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
//go:build !windows
|
||||
// +build !windows
|
||||
|
||||
package configfile
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
//go:build !windows && !darwin && !linux
|
||||
// +build !windows,!darwin,!linux
|
||||
|
||||
package credentials
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
//go:build !windows
|
||||
// +build !windows
|
||||
|
||||
package commandconn
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
//go:build !linux
|
||||
// +build !linux
|
||||
|
||||
package commandconn
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
//go:build !windows
|
||||
// +build !windows
|
||||
|
||||
package commandconn
|
||||
|
||||
@ -2652,7 +2652,7 @@ __docker_commands() {
|
||||
then
|
||||
local -a lines
|
||||
lines=(${(f)"$(_call_program commands docker 2>&1)"})
|
||||
_docker_subcommands=(${${${(M)${lines[$((${lines[(i)*Commands:]} + 1)),-1]}:# *}## #}/ ##/:})
|
||||
_docker_subcommands=(${${${(M)${lines[$((${lines[(i)*Commands:]} + 1)),-1]}:# *}## #}/\*# ##/:})
|
||||
_docker_subcommands=($_docker_subcommands 'daemon:Enable daemon mode' 'help:Show help for a command')
|
||||
(( $#_docker_subcommands > 2 )) && _store_cache docker_subcommands _docker_subcommands
|
||||
fi
|
||||
|
||||
@ -1,3 +1,6 @@
|
||||
variable "GO_VERSION" {
|
||||
default = "1.17.11"
|
||||
}
|
||||
variable "VERSION" {
|
||||
default = ""
|
||||
}
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
ARG GO_VERSION=1.16.6
|
||||
ARG GO_VERSION=1.17.11
|
||||
|
||||
FROM golang:${GO_VERSION}-alpine
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:1.3
|
||||
|
||||
ARG GO_VERSION=1.16.6
|
||||
ARG GO_VERSION=1.17.11
|
||||
|
||||
FROM golang:${GO_VERSION}-alpine AS golang
|
||||
ENV CGO_ENABLED=0
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
ARG GO_VERSION=1.16.6
|
||||
ARG GO_VERSION=1.17.11
|
||||
|
||||
# Use Debian based image as docker-compose requires glibc.
|
||||
FROM golang:${GO_VERSION}-buster
|
||||
@ -10,7 +10,7 @@ RUN apt-get update && apt-get install -y \
|
||||
openssh-client \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
ARG COMPOSE_VERSION=1.25.1
|
||||
ARG COMPOSE_VERSION=1.29.2
|
||||
RUN curl -fsSL https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose \
|
||||
&& chmod +x /usr/local/bin/docker-compose
|
||||
|
||||
@ -39,7 +39,6 @@ ARG GITCOMMIT
|
||||
ENV VERSION=${VERSION}
|
||||
ENV GITCOMMIT=${GITCOMMIT}
|
||||
ENV DOCKER_BUILDKIT=1
|
||||
ENV COMPOSE_DOCKER_CLI_BUILD=1
|
||||
RUN ./scripts/build/binary
|
||||
RUN ./scripts/build/plugins e2e/cli-plugins/plugins/*
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# syntax=docker/dockerfile:1.3
|
||||
|
||||
ARG GO_VERSION=1.16.6
|
||||
ARG GO_VERSION=1.17.11
|
||||
ARG GOLANGCI_LINTER_SHA="v1.21.0"
|
||||
|
||||
FROM golang:${GO_VERSION}-alpine AS build
|
||||
|
||||
@ -48,56 +48,57 @@ The table below provides an overview of the current status of deprecated feature
|
||||
alternatives. In such cases, a warning may be printed, and users should not rely
|
||||
on this feature.
|
||||
|
||||
Status | Feature | Deprecated | Remove
|
||||
-----------|------------------------------------------------------------------------------------------------------------------------------------|------------|------------
|
||||
Deprecated | [Support for encrypted TLS private keys](#support-for-encrypted-tls-private-keys) | v20.10 | -
|
||||
Deprecated | [Kubernetes stack and context support](#kubernetes-stack-and-context-support) | v20.10 | -
|
||||
Deprecated | [Pulling images from non-compliant image registries](#pulling-images-from-non-compliant-image-registries) | v20.10 | -
|
||||
Deprecated | [Linux containers on Windows (LCOW)](#linux-containers-on-windows-lcow-experimental) | v20.10 | -
|
||||
Deprecated | [BLKIO weight options with cgroups v1](#blkio-weight-options–with-cgroups-v1) | v20.10 | -
|
||||
Deprecated | [Kernel memory limit](#kernel-memory-limit) | v20.10 | -
|
||||
Deprecated | [Classic Swarm and overlay networks using external key/value stores](#classic-swarm-and-overlay-networks-using-cluster-store) | v20.10 | -
|
||||
Deprecated | [Support for the legacy `~/.dockercfg` configuration file for authentication](#support-for-legacy-dockercfg-configuration-files) | v20.10 | -
|
||||
Deprecated | [CLI plugins support](#cli-plugins-support) | v20.10 | -
|
||||
Deprecated | [Dockerfile legacy `ENV name value` syntax](#dockerfile-legacy-env-name-value-syntax) | v20.10 | -
|
||||
Removed | [`docker build --stream` flag (experimental)](#docker-build---stream-flag-experimental) | v20.10 | v20.10
|
||||
Deprecated | [Configuration options for experimental CLI features](#configuration-options-for-experimental-cli-features) | v19.03 | v20.10
|
||||
Deprecated | [Pushing and pulling with image manifest v2 schema 1](#pushing-and-pulling-with-image-manifest-v2-schema-1) | v19.03 | v20.10
|
||||
Removed | [`docker engine` subcommands](#docker-engine-subcommands) | v19.03 | v20.10
|
||||
Removed | [Top-level `docker deploy` subcommand (experimental)](#top-level-docker-deploy-subcommand-experimental) | v19.03 | v20.10
|
||||
Removed | [`docker stack deploy` using "dab" files (experimental)](#docker-stack-deploy-using-dab-files-experimental) | v19.03 | v20.10
|
||||
Deprecated | [AuFS storage driver](#aufs-storage-driver) | v19.03 | -
|
||||
Deprecated | [Legacy "overlay" storage driver](#legacy-overlay-storage-driver) | v18.09 | -
|
||||
Deprecated | [Device mapper storage driver](#device-mapper-storage-driver) | v18.09 | -
|
||||
Removed | [Use of reserved namespaces in engine labels](#use-of-reserved-namespaces-in-engine-labels) | v18.06 | v20.10
|
||||
Removed | [`--disable-legacy-registry` override daemon option](#--disable-legacy-registry-override-daemon-option) | v17.12 | v19.03
|
||||
Removed | [Interacting with V1 registries](#interacting-with-v1-registries) | v17.06 | v17.12
|
||||
Removed | [Asynchronous `service create` and `service update` as default](#asynchronous-service-create-and-service-update-as-default) | v17.05 | v17.10
|
||||
Removed | [`-g` and `--graph` flags on `dockerd`](#-g-and---graph-flags-on-dockerd) | v17.05 | -
|
||||
Deprecated | [Top-level network properties in NetworkSettings](#top-level-network-properties-in-networksettings) | v1.13 | v17.12
|
||||
Removed | [`filter` param for `/images/json` endpoint](#filter-param-for-imagesjson-endpoint) | v1.13 | v20.10
|
||||
Removed | [`repository:shortid` image references](#repositoryshortid-image-references) | v1.13 | v17.12
|
||||
Removed | [`docker daemon` subcommand](#docker-daemon-subcommand) | v1.13 | v17.12
|
||||
Removed | [Duplicate keys with conflicting values in engine labels](#duplicate-keys-with-conflicting-values-in-engine-labels) | v1.13 | v17.12
|
||||
Deprecated | [`MAINTAINER` in Dockerfile](#maintainer-in-dockerfile) | v1.13 | -
|
||||
Deprecated | [API calls without a version](#api-calls-without-a-version) | v1.13 | v17.12
|
||||
Removed | [Backing filesystem without `d_type` support for overlay/overlay2](#backing-filesystem-without-d_type-support-for-overlayoverlay2) | v1.13 | v17.12
|
||||
Removed | [`--automated` and `--stars` flags on `docker search`](#--automated-and---stars-flags-on-docker-search) | v1.12 | v20.10
|
||||
Deprecated | [`-h` shorthand for `--help`](#-h-shorthand-for---help) | v1.12 | v17.09
|
||||
Removed | [`-e` and `--email` flags on `docker login`](#-e-and---email-flags-on-docker-login) | v1.11 | v17.06
|
||||
Deprecated | [Separator (`:`) of `--security-opt` flag on `docker run`](#separator--of---security-opt-flag-on-docker-run) | v1.11 | v17.06
|
||||
Deprecated | [Ambiguous event fields in API](#ambiguous-event-fields-in-api) | v1.10 | -
|
||||
Removed | [`-f` flag on `docker tag`](#-f-flag-on-docker-tag) | v1.10 | v1.12
|
||||
Removed | [HostConfig at API container start](#hostconfig-at-api-container-start) | v1.10 | v1.12
|
||||
Removed | [`--before` and `--since` flags on `docker ps`](#--before-and---since-flags-on-docker-ps) | v1.10 | v1.12
|
||||
Removed | [Driver-specific log tags](#driver-specific-log-tags) | v1.9 | v1.12
|
||||
Removed | [Docker Content Trust `ENV` passphrase variables name change](#docker-content-trust-env-passphrase-variables-name-change) | v1.9 | v1.12
|
||||
Removed | [`/containers/(id or name)/copy` endpoint](#containersid-or-namecopy-endpoint) | v1.8 | v1.12
|
||||
Removed | [LXC built-in exec driver](#lxc-built-in-exec-driver) | v1.8 | v1.10
|
||||
Removed | [Old Command Line Options](#old-command-line-options) | v1.8 | v1.10
|
||||
Removed | [`--api-enable-cors` flag on `dockerd`](#--api-enable-cors-flag-on-dockerd) | v1.6 | v17.09
|
||||
Removed | [`--run` flag on `docker commit`](#--run-flag-on-docker-commit) | v0.10 | v1.13
|
||||
Removed | [Three arguments form in `docker import`](#three-arguments-form-in-docker-import) | v0.6.7 | v1.12
|
||||
| Status | Feature | Deprecated | Remove |
|
||||
|------------|------------------------------------------------------------------------------------------------------------------------------------|------------|--------|
|
||||
| Deprecated | [Support for encrypted TLS private keys](#support-for-encrypted-tls-private-keys) | v20.10 | - |
|
||||
| Deprecated | [Kubernetes stack and context support](#kubernetes-stack-and-context-support) | v20.10 | - |
|
||||
| Deprecated | [Pulling images from non-compliant image registries](#pulling-images-from-non-compliant-image-registries) | v20.10 | - |
|
||||
| Deprecated | [Linux containers on Windows (LCOW)](#linux-containers-on-windows-lcow-experimental) | v20.10 | - |
|
||||
| Deprecated | [BLKIO weight options with cgroups v1](#blkio-weight-options-with-cgroups-v1) | v20.10 | - |
|
||||
| Deprecated | [Kernel memory limit](#kernel-memory-limit) | v20.10 | - |
|
||||
| Deprecated | [Classic Swarm and overlay networks using external key/value stores](#classic-swarm-and-overlay-networks-using-cluster-store) | v20.10 | - |
|
||||
| Deprecated | [Support for the legacy `~/.dockercfg` configuration file for authentication](#support-for-legacy-dockercfg-configuration-files) | v20.10 | - |
|
||||
| Deprecated | [CLI plugins support](#cli-plugins-support) | v20.10 | - |
|
||||
| Deprecated | [Dockerfile legacy `ENV name value` syntax](#dockerfile-legacy-env-name-value-syntax) | v20.10 | - |
|
||||
| Removed | [`docker build --stream` flag (experimental)](#docker-build---stream-flag-experimental) | v20.10 | v20.10 |
|
||||
| Deprecated | [`fluentd-async-connect` log opt](#fluentd-async-connect-log-opt) | v20.10 | - |
|
||||
| Deprecated | [Configuration options for experimental CLI features](#configuration-options-for-experimental-cli-features) | v19.03 | v20.10 |
|
||||
| Deprecated | [Pushing and pulling with image manifest v2 schema 1](#pushing-and-pulling-with-image-manifest-v2-schema-1) | v19.03 | v20.10 |
|
||||
| Removed | [`docker engine` subcommands](#docker-engine-subcommands) | v19.03 | v20.10 |
|
||||
| Removed | [Top-level `docker deploy` subcommand (experimental)](#top-level-docker-deploy-subcommand-experimental) | v19.03 | v20.10 |
|
||||
| Removed | [`docker stack deploy` using "dab" files (experimental)](#docker-stack-deploy-using-dab-files-experimental) | v19.03 | v20.10 |
|
||||
| Deprecated | [AuFS storage driver](#aufs-storage-driver) | v19.03 | - |
|
||||
| Deprecated | [Legacy "overlay" storage driver](#legacy-overlay-storage-driver) | v18.09 | - |
|
||||
| Deprecated | [Device mapper storage driver](#device-mapper-storage-driver) | v18.09 | - |
|
||||
| Removed | [Use of reserved namespaces in engine labels](#use-of-reserved-namespaces-in-engine-labels) | v18.06 | v20.10 |
|
||||
| Removed | [`--disable-legacy-registry` override daemon option](#--disable-legacy-registry-override-daemon-option) | v17.12 | v19.03 |
|
||||
| Removed | [Interacting with V1 registries](#interacting-with-v1-registries) | v17.06 | v17.12 |
|
||||
| Removed | [Asynchronous `service create` and `service update` as default](#asynchronous-service-create-and-service-update-as-default) | v17.05 | v17.10 |
|
||||
| Removed | [`-g` and `--graph` flags on `dockerd`](#-g-and---graph-flags-on-dockerd) | v17.05 | - |
|
||||
| Deprecated | [Top-level network properties in NetworkSettings](#top-level-network-properties-in-networksettings) | v1.13 | v17.12 |
|
||||
| Removed | [`filter` param for `/images/json` endpoint](#filter-param-for-imagesjson-endpoint) | v1.13 | v20.10 |
|
||||
| Removed | [`repository:shortid` image references](#repositoryshortid-image-references) | v1.13 | v17.12 |
|
||||
| Removed | [`docker daemon` subcommand](#docker-daemon-subcommand) | v1.13 | v17.12 |
|
||||
| Removed | [Duplicate keys with conflicting values in engine labels](#duplicate-keys-with-conflicting-values-in-engine-labels) | v1.13 | v17.12 |
|
||||
| Deprecated | [`MAINTAINER` in Dockerfile](#maintainer-in-dockerfile) | v1.13 | - |
|
||||
| Deprecated | [API calls without a version](#api-calls-without-a-version) | v1.13 | v17.12 |
|
||||
| Removed | [Backing filesystem without `d_type` support for overlay/overlay2](#backing-filesystem-without-d_type-support-for-overlayoverlay2) | v1.13 | v17.12 |
|
||||
| Removed | [`--automated` and `--stars` flags on `docker search`](#--automated-and---stars-flags-on-docker-search) | v1.12 | v20.10 |
|
||||
| Deprecated | [`-h` shorthand for `--help`](#-h-shorthand-for---help) | v1.12 | v17.09 |
|
||||
| Removed | [`-e` and `--email` flags on `docker login`](#-e-and---email-flags-on-docker-login) | v1.11 | v17.06 |
|
||||
| Deprecated | [Separator (`:`) of `--security-opt` flag on `docker run`](#separator--of---security-opt-flag-on-docker-run) | v1.11 | v17.06 |
|
||||
| Deprecated | [Ambiguous event fields in API](#ambiguous-event-fields-in-api) | v1.10 | - |
|
||||
| Removed | [`-f` flag on `docker tag`](#-f-flag-on-docker-tag) | v1.10 | v1.12 |
|
||||
| Removed | [HostConfig at API container start](#hostconfig-at-api-container-start) | v1.10 | v1.12 |
|
||||
| Removed | [`--before` and `--since` flags on `docker ps`](#--before-and---since-flags-on-docker-ps) | v1.10 | v1.12 |
|
||||
| Removed | [Driver-specific log tags](#driver-specific-log-tags) | v1.9 | v1.12 |
|
||||
| Removed | [Docker Content Trust `ENV` passphrase variables name change](#docker-content-trust-env-passphrase-variables-name-change) | v1.9 | v1.12 |
|
||||
| Removed | [`/containers/(id or name)/copy` endpoint](#containersid-or-namecopy-endpoint) | v1.8 | v1.12 |
|
||||
| Removed | [LXC built-in exec driver](#lxc-built-in-exec-driver) | v1.8 | v1.10 |
|
||||
| Removed | [Old Command Line Options](#old-command-line-options) | v1.8 | v1.10 |
|
||||
| Removed | [`--api-enable-cors` flag on `dockerd`](#--api-enable-cors-flag-on-dockerd) | v1.6 | v17.09 |
|
||||
| Removed | [`--run` flag on `docker commit`](#--run-flag-on-docker-commit) | v0.10 | v1.13 |
|
||||
| Removed | [Three arguments form in `docker import`](#three-arguments-form-in-docker-import) | v0.6.7 | v1.12 |
|
||||
|
||||
### Support for encrypted TLS private keys
|
||||
|
||||
@ -254,6 +255,21 @@ Users that want to use this feature are encouraged to enable BuildKit by setting
|
||||
the `DOCKER_BUILDKIT=1` environment variable or through the daemon or CLI configuration
|
||||
files.
|
||||
|
||||
### `fluentd-async-connect` log opt
|
||||
|
||||
**Deprecated in Release: v20.10**
|
||||
|
||||
The `--log-opt fluentd-async-connect` option for the fluentd logging driver is
|
||||
[deprecated in favor of `--log-opt fluentd-async`](https://github.com/moby/moby/pull/39086).
|
||||
A deprecation message is logged in the daemon logs if the old option is used:
|
||||
|
||||
```console
|
||||
fluent#New: AsyncConnect is now deprecated, please use Async instead
|
||||
```
|
||||
|
||||
Users are encouraged to use the `fluentd-async` option going forward, as support
|
||||
for the old option will be removed in a future release.
|
||||
|
||||
### Pushing and pulling with image manifest v2 schema 1
|
||||
|
||||
**Deprecated in Release: v19.03**
|
||||
@ -588,9 +604,9 @@ Log tags are now generated in a standard way across different logging drivers.
|
||||
Because of which, the driver specific log tag options `syslog-tag`, `gelf-tag` and
|
||||
`fluentd-tag` have been deprecated in favor of the generic `tag` option.
|
||||
|
||||
```bash
|
||||
```console
|
||||
{% raw %}
|
||||
docker --log-driver=syslog --log-opt tag="{{.ImageName}}/{{.Name}}/{{.ID}}"
|
||||
$ docker --log-driver=syslog --log-opt tag="{{.ImageName}}/{{.Name}}/{{.ID}}"
|
||||
{% endraw %}
|
||||
```
|
||||
|
||||
|
||||
@ -55,7 +55,7 @@ enabled, and use it to create a volume.
|
||||
|
||||
1. Install the `sshfs` plugin.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin install vieux/sshfs
|
||||
|
||||
Plugin "vieux/sshfs" is requesting the following privileges:
|
||||
@ -74,7 +74,7 @@ enabled, and use it to create a volume.
|
||||
|
||||
2. Check that the plugin is enabled in the output of `docker plugin ls`.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin ls
|
||||
|
||||
ID NAME TAG DESCRIPTION ENABLED
|
||||
@ -87,7 +87,7 @@ enabled, and use it to create a volume.
|
||||
|
||||
This volume can now be mounted into containers.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker volume create \
|
||||
-d vieux/sshfs \
|
||||
--name sshvolume \
|
||||
@ -96,9 +96,10 @@ enabled, and use it to create a volume.
|
||||
|
||||
sshvolume
|
||||
```
|
||||
|
||||
4. Verify that the volume was created successfully.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker volume ls
|
||||
|
||||
DRIVER NAME
|
||||
@ -107,18 +108,19 @@ enabled, and use it to create a volume.
|
||||
|
||||
5. Start a container that uses the volume `sshvolume`.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker run --rm -v sshvolume:/data busybox ls /data
|
||||
|
||||
<content of /remote on machine 1.2.3.4>
|
||||
```
|
||||
|
||||
6. Remove the volume `sshvolume`
|
||||
```bash
|
||||
docker volume rm sshvolume
|
||||
```console
|
||||
$ docker volume rm sshvolume
|
||||
|
||||
sshvolume
|
||||
```
|
||||
|
||||
To disable a plugin, use the `docker plugin disable` command. To completely
|
||||
remove it, use the `docker plugin remove` command. For other available
|
||||
commands and options, see the
|
||||
@ -134,7 +136,7 @@ example, it was created from a Dockerfile:
|
||||
>**Note:** The `/run/docker/plugins` directory is mandatory inside of the
|
||||
plugin's filesystem for docker to communicate with the plugin.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ git clone https://github.com/vieux/docker-volume-sshfs
|
||||
$ cd docker-volume-sshfs
|
||||
$ docker build -t rootfsimage .
|
||||
@ -193,13 +195,13 @@ Stdout of a plugin is redirected to dockerd logs. Such entries have a
|
||||
`f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62` and their
|
||||
corresponding log entries in the docker daemon logs.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin install tiborvass/sample-volume-plugin
|
||||
|
||||
INFO[0036] Starting... Found 0 volumes on startup plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker volume create -d tiborvass/sample-volume-plugin samplevol
|
||||
|
||||
INFO[0193] Create Called... Ensuring directory /data/samplevol exists on host... plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62
|
||||
@ -208,7 +210,7 @@ INFO[0193] Created volume samplevol with mountpoint /data/samp
|
||||
INFO[0193] Path Called... Returned path /data/samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker run -v samplevol:/tmp busybox sh
|
||||
|
||||
INFO[0421] Get Called... Found samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62
|
||||
@ -223,7 +225,7 @@ INFO[0421] Unmount Called... Unmounted samplevol plugin=f52a3df433b9a
|
||||
plugins. This is specifically useful to collect plugin logs if they are
|
||||
redirected to a file.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo docker-runc --root /var/run/docker/plugins/runtime-root/moby-plugins list
|
||||
|
||||
ID PID STATUS BUNDLE CREATED OWNER
|
||||
@ -232,13 +234,14 @@ ID PID S
|
||||
c5bb4b90941efcaccca999439ed06d6a6affdde7081bb34dc84126b57b3e793d 14984 running /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby-plugins/c5bb4b90941efcaccca999439ed06d6a6affdde7081bb34dc84126b57b3e793d 2018-02-08T21:35:12.321288966Z root
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo docker-runc --root /var/run/docker/plugins/runtime-root/moby-plugins exec 93f1e7dbfe11c938782c2993628c895cf28e2274072c4a346a6002446c949b25 cat /var/log/plugin.log
|
||||
```
|
||||
|
||||
If the plugin has a built-in shell, then exec into the plugin can be done as
|
||||
follows:
|
||||
```bash
|
||||
|
||||
```console
|
||||
$ sudo docker-runc --root /var/run/docker/plugins/runtime-root/moby-plugins exec -t 93f1e7dbfe11c938782c2993628c895cf28e2274072c4a346a6002446c949b25 sh
|
||||
```
|
||||
|
||||
@ -251,17 +254,18 @@ the plugin is listening on the said socket. For a well functioning plugin,
|
||||
these basic requests should work. Note that plugin sockets are available on the host under `/var/run/docker/plugins/<pluginID>`
|
||||
|
||||
|
||||
```bash
|
||||
curl -H "Content-Type: application/json" -XPOST -d '{}' --unix-socket /var/run/docker/plugins/e8a37ba56fc879c991f7d7921901723c64df6b42b87e6a0b055771ecf8477a6d/plugin.sock http:/VolumeDriver.List
|
||||
```console
|
||||
$ curl -H "Content-Type: application/json" -XPOST -d '{}' --unix-socket /var/run/docker/plugins/e8a37ba56fc879c991f7d7921901723c64df6b42b87e6a0b055771ecf8477a6d/plugin.sock http:/VolumeDriver.List
|
||||
|
||||
{"Mountpoint":"","Err":"","Volumes":[{"Name":"myvol1","Mountpoint":"/data/myvol1"},{"Name":"myvol2","Mountpoint":"/data/myvol2"}],"Volume":null}
|
||||
```
|
||||
|
||||
```bash
|
||||
curl -H "Content-Type: application/json" -XPOST -d '{}' --unix-socket /var/run/docker/plugins/45e00a7ce6185d6e365904c8bcf62eb724b1fe307e0d4e7ecc9f6c1eb7bcdb70/plugin.sock http:/NetworkDriver.GetCapabilities
|
||||
```console
|
||||
$ curl -H "Content-Type: application/json" -XPOST -d '{}' --unix-socket /var/run/docker/plugins/45e00a7ce6185d6e365904c8bcf62eb724b1fe307e0d4e7ecc9f6c1eb7bcdb70/plugin.sock http:/NetworkDriver.GetCapabilities
|
||||
|
||||
{"Scope":"local"}
|
||||
```
|
||||
|
||||
When using curl 7.5 and above, the URL should be of the form
|
||||
`http://hostname/APICall`, where `hostname` is the valid hostname where the
|
||||
plugin is installed and `APICall` is the call to the plugin API.
|
||||
|
||||
@ -72,15 +72,15 @@ The sections below provide an inexhaustive overview of available plugins.
|
||||
| [Horcrux Volume Plugin](https://github.com/muthu-r/horcrux) | A volume plugin that allows on-demand, version controlled access to your data. Horcrux is an open-source plugin, written in Go, and supports SCP, [Minio](https://www.minio.io) and Amazon S3. |
|
||||
| [HPE 3Par Volume Plugin](https://github.com/hpe-storage/python-hpedockerplugin/) | A volume plugin that supports HPE 3Par and StoreVirtual iSCSI storage arrays. |
|
||||
| [Infinit volume plugin](https://infinit.sh/documentation/docker/volume-plugin) | A volume plugin that makes it easy to mount and manage Infinit volumes using Docker. |
|
||||
| [IPFS Volume Plugin](http://github.com/vdemeester/docker-volume-ipfs) | An open source volume plugin that allows using an [ipfs](https://ipfs.io/) filesystem as a volume. |
|
||||
| [IPFS Volume Plugin](https://github.com/vdemeester/docker-volume-ipfs) | An open source volume plugin that allows using an [ipfs](https://ipfs.io/) filesystem as a volume. |
|
||||
| [Keywhiz plugin](https://github.com/calavera/docker-volume-keywhiz) | A plugin that provides credentials and secret management using Keywhiz as a central repository. |
|
||||
| [Local Persist Plugin](https://github.com/CWSpear/local-persist) | A volume plugin that extends the default `local` driver's functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to *always persist*, even if the volume is removed via `docker volume rm`. |
|
||||
| [NetApp Plugin](https://github.com/NetApp/netappdvp) (nDVP) | A volume plugin that provides direct integration with the Docker ecosystem for the NetApp storage portfolio. The nDVP package supports the provisioning and management of storage resources from the storage platform to Docker hosts, with a robust framework for adding additional platforms in the future. |
|
||||
| [Netshare plugin](https://github.com/ContainX/docker-volume-netshare) | A volume plugin that provides volume management for NFS 3/4, AWS EFS and CIFS file systems. |
|
||||
| [Nimble Storage Volume Plugin](https://connect.nimblestorage.com/community/app-integration/docker) | A volume plug-in that integrates with Nimble Storage Unified Flash Fabric arrays. The plug-in abstracts array volume capabilities to the Docker administrator to allow self-provisioning of secure multi-tenant volumes and clones. |
|
||||
| [Nimble Storage Volume Plugin](https://scod.hpedev.io/docker_volume_plugins/hpe_nimble_storage/index.html) | A volume plug-in that integrates with Nimble Storage Unified Flash Fabric arrays. The plug-in abstracts array volume capabilities to the Docker administrator to allow self-provisioning of secure multi-tenant volumes and clones. |
|
||||
| [OpenStorage Plugin](https://github.com/libopenstorage/openstorage) | A cluster-aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few. |
|
||||
| [Portworx Volume Plugin](https://github.com/portworx/px-dev) | A volume plugin that turns any server into a scale-out converged compute/storage node, providing container granular storage and highly available volumes across any node, using a shared-nothing storage backend that works with any docker scheduler. |
|
||||
| [Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. |
|
||||
| [Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) | A volume plugin that connects Docker to [Quobyte](https://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. |
|
||||
| [REX-Ray plugin](https://github.com/emccode/rexray) | A volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. |
|
||||
| [Virtuozzo Storage and Ploop plugin](https://github.com/virtuozzo/docker-volume-ploop) | A volume plugin with support for Virtuozzo Storage distributed cloud file system as well as ploop devices. |
|
||||
| [VMware vSphere Storage Plugin](https://github.com/vmware/docker-volume-vsphere) | Docker Volume Driver for vSphere enables customers to address persistent storage requirements for Docker containers in vSphere environments. |
|
||||
|
||||
@ -90,7 +90,7 @@ The `TLSConfig` field is optional and TLS will only be verified if this configur
|
||||
Plugins should be started before Docker, and stopped after Docker. For
|
||||
example, when packaging a plugin for a platform which supports `systemd`, you
|
||||
might use [`systemd` dependencies](
|
||||
http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before=) to
|
||||
https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before=) to
|
||||
manage startup and shutdown order.
|
||||
|
||||
When upgrading a plugin, you should first stop the Docker daemon, upgrade the
|
||||
@ -114,7 +114,7 @@ a `service` file and a `socket` file.
|
||||
|
||||
The `service` file (for example `/lib/systemd/system/your-plugin.service`):
|
||||
|
||||
```
|
||||
```systemd
|
||||
[Unit]
|
||||
Description=Your plugin
|
||||
Before=docker.service
|
||||
@ -127,9 +127,10 @@ ExecStart=/usr/lib/docker/your-plugin
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
The `socket` file (for example `/lib/systemd/system/your-plugin.socket`):
|
||||
|
||||
```
|
||||
```systemd
|
||||
[Unit]
|
||||
Description=Your plugin
|
||||
|
||||
@ -166,7 +167,8 @@ Plugins are activated via the following "handshake" API call.
|
||||
**Request:** empty body
|
||||
|
||||
**Response:**
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"Implements": ["VolumeDriver"]
|
||||
}
|
||||
|
||||
@ -114,9 +114,9 @@ Enable the authorization plugin with a dedicated command line flag in the
|
||||
`--authorization-plugin=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID`
|
||||
value. This value can be the plugin’s socket or a path to a specification file.
|
||||
Authorization plugins can be loaded without restarting the daemon. Refer
|
||||
to the [`dockerd` documentation](../reference/commandline/dockerd.md#configuration-reloading) for more information.
|
||||
to the [`dockerd` documentation](../reference/commandline/dockerd.md#configuration-reload-behavior) for more information.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,...
|
||||
```
|
||||
|
||||
@ -124,26 +124,26 @@ Docker's authorization subsystem supports multiple `--authorization-plugin` para
|
||||
|
||||
### Calling authorized command (allow)
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker pull centos
|
||||
...
|
||||
<...>
|
||||
f1b10cd84249: Pull complete
|
||||
...
|
||||
<...>
|
||||
```
|
||||
|
||||
### Calling unauthorized command (deny)
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker pull centos
|
||||
...
|
||||
<...>
|
||||
docker: Error response from daemon: authorization denied by plugin PLUGIN_NAME: volumes are not allowed.
|
||||
```
|
||||
|
||||
### Error from plugins
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker pull centos
|
||||
...
|
||||
<...>
|
||||
docker: Error response from daemon: plugin PLUGIN_NAME failed with error: AuthZPlugin.AuthZReq: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
|
||||
```
|
||||
|
||||
@ -180,6 +180,7 @@ should implement the following two methods:
|
||||
"Err": "The error message if things go wrong"
|
||||
}
|
||||
```
|
||||
|
||||
#### /AuthZPlugin.AuthZRes
|
||||
|
||||
**Request**:
|
||||
|
||||
@ -31,7 +31,7 @@ You need to install and enable the plugin and then restart the Docker daemon
|
||||
before using the plugin. See the following example for the correct ordering
|
||||
of steps.
|
||||
|
||||
```
|
||||
```console
|
||||
$ docker plugin install cpuguy83/docker-overlay2-graphdriver-plugin # this command also enables the driver
|
||||
<output suppressed>
|
||||
$ pkill dockerd
|
||||
@ -309,6 +309,7 @@ Get an archive of the changes between the filesystem layers specified by the `ID
|
||||
and `Parent`. `Parent` may be an empty string, in which case there is no parent.
|
||||
|
||||
**Response**:
|
||||
|
||||
```
|
||||
{% raw %}
|
||||
{{ TAR STREAM }}
|
||||
@ -354,6 +355,7 @@ Respond with a non-empty string error if an error occurred.
|
||||
### /GraphDriver.ApplyDiff
|
||||
|
||||
**Request**:
|
||||
|
||||
```
|
||||
{% raw %}
|
||||
{{ TAR STREAM }}
|
||||
|
||||
@ -211,6 +211,7 @@ as they come in once the existing logs have been read.
|
||||
to determine what set of logs to read.
|
||||
|
||||
**Response**:
|
||||
|
||||
```
|
||||
{% raw %}{{ log stream }}{% endraw %}
|
||||
```
|
||||
|
||||
@ -42,7 +42,7 @@ Once running however, network driver plugins are used just like the built-in
|
||||
network drivers: by being mentioned as a driver in network-oriented Docker
|
||||
commands. For example,
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network create --driver weave mynet
|
||||
```
|
||||
|
||||
@ -51,7 +51,7 @@ Some network driver plugins are listed in [plugins](legacy_plugins.md)
|
||||
The `mynet` network is now owned by `weave`, so subsequent commands
|
||||
referring to that network will be sent to the plugin,
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker run --network=mynet busybox top
|
||||
```
|
||||
|
||||
|
||||
@ -29,20 +29,20 @@ node1 is the manager and node2 is the worker.
|
||||
|
||||
1. Prepare manager. In node 1:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker swarm init
|
||||
Swarm initialized: current node (dxn1zf6l61qsb1josjja83ngz) is now a manager.
|
||||
```
|
||||
|
||||
2. Join swarm, install plugin and create volume on worker. In node 2:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker swarm join \
|
||||
--token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
|
||||
192.168.99.100:2377
|
||||
--token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
|
||||
192.168.99.100:2377
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin install tiborvass/sample-volume-plugin
|
||||
latest: Pulling from tiborvass/sample-volume-plugin
|
||||
eb9c16fbdc53: Download complete
|
||||
@ -51,23 +51,24 @@ node1 is the manager and node2 is the worker.
|
||||
Installed plugin tiborvass/sample-volume-plugin
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker volume create -d tiborvass/sample-volume-plugin --name pluginVol
|
||||
```
|
||||
|
||||
3. Create a service using the plugin and volume. In node1:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker service create --name my-service --mount type=volume,volume-driver=tiborvass/sample-volume-plugin,source=pluginVol,destination=/tmp busybox top
|
||||
|
||||
$ docker service ls
|
||||
z1sj8bb8jnfn my-service replicated 1/1 busybox:latest
|
||||
```
|
||||
docker service ls shows service 1 instance of service running.
|
||||
|
||||
`docker service ls` shows service 1 instance of service running.
|
||||
|
||||
4. Observe the task getting scheduled in node 2:
|
||||
|
||||
```bash
|
||||
```console
|
||||
{% raw %}
|
||||
$ docker ps --format '{{.ID}}\t {{.Status}} {{.Names}} {{.Command}}'
|
||||
83fc1e842599 Up 2 days my-service.1.9jn59qzn7nbc3m0zt1hij12xs "top"
|
||||
@ -87,7 +88,7 @@ Note that node1 is the manager and node2 is the worker.
|
||||
1. Install a global scoped network plugin on both manager and worker. On node1
|
||||
and node2:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin install bboreham/weave2
|
||||
Plugin "bboreham/weave2" is requesting the following privileges:
|
||||
- network: [host]
|
||||
@ -102,7 +103,7 @@ Note that node1 is the manager and node2 is the worker.
|
||||
|
||||
2. Create a network using plugin on manager. On node1:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network create --driver=bboreham/weave2:latest globalnet
|
||||
|
||||
$ docker network ls
|
||||
@ -115,12 +116,12 @@ containers get scheduled on both manager and worker.
|
||||
|
||||
On node 1:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker service create --network globalnet --name myservice --replicas=8 mrjana/simpleweb simpleweb
|
||||
w90drnfzw85nygbie9kb89vpa
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
87520965206a mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 5 seconds ago Up 4 seconds myservice.4.ytdzpktmwor82zjxkh118uf1v
|
||||
@ -131,7 +132,7 @@ w90drnfzw85nygbie9kb89vpa
|
||||
|
||||
On node 2:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
53c0ae7c1dae mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 2 seconds ago Up Less than a second myservice.7.x44tvvdm3iwkt9kif35f7ykz1
|
||||
@ -142,14 +143,14 @@ w90drnfzw85nygbie9kb89vpa
|
||||
|
||||
4. Scale down the number of instances. On node1:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker service scale myservice=0
|
||||
myservice scaled to 0
|
||||
```
|
||||
|
||||
5. Disable and uninstall the plugin on the worker. On node2:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin rm -f bboreham/weave2
|
||||
bboreham/weave2
|
||||
```
|
||||
@ -159,12 +160,12 @@ scheduled on the master and not on the worker, because the plugin is not availab
|
||||
|
||||
On node 1:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker service scale myservice=8
|
||||
myservice scaled to 8
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
cf4b0ec2415e mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 36 seconds myservice.3.r7p5o208jmlzpcbm2ytl3q6n1
|
||||
@ -179,7 +180,7 @@ scheduled on the master and not on the worker, because the plugin is not availab
|
||||
|
||||
On node 2:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
```
|
||||
|
||||
@ -54,7 +54,7 @@ flags on the `docker container run` command. The `--volume` (or `-v`) flag
|
||||
accepts a volume name and path on the host, and the `--volume-driver` flag
|
||||
accepts a driver type.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker volume create --driver=flocker volumename
|
||||
|
||||
$ docker container run -it --volume volumename:/data busybox sh
|
||||
|
||||
@ -112,7 +112,7 @@ instructions.
|
||||
|
||||
Whenever possible, Docker uses a build-cache to accelerate the `docker build`
|
||||
process significantly. This is indicated by the `CACHED` message in the console
|
||||
output. (For more information, see the [`Dockerfile` best practices guide](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/):
|
||||
output. (For more information, see the [`Dockerfile` best practices guide](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/)):
|
||||
|
||||
```console
|
||||
$ docker build -t svendowideit/ambassador .
|
||||
@ -159,8 +159,8 @@ implementation. For example, BuildKit can:
|
||||
To use the BuildKit backend, you need to set an environment variable
|
||||
`DOCKER_BUILDKIT=1` on the CLI before invoking `docker build`.
|
||||
|
||||
To learn about the experimental Dockerfile syntax available to BuildKit-based
|
||||
builds [refer to the documentation in the BuildKit repository](https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/experimental.md).
|
||||
To learn about the Dockerfile syntax available to BuildKit-based
|
||||
builds [refer to the documentation in the BuildKit repository](https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md).
|
||||
|
||||
## Format
|
||||
|
||||
@ -179,7 +179,7 @@ Docker runs instructions in a `Dockerfile` in order. A `Dockerfile` **must
|
||||
begin with a `FROM` instruction**. This may be after [parser
|
||||
directives](#parser-directives), [comments](#format), and globally scoped
|
||||
[ARGs](#arg). The `FROM` instruction specifies the [*Parent
|
||||
Image*](https://docs.docker.com/glossary/#parent_image) from which you are
|
||||
Image*](https://docs.docker.com/glossary/#parent-image) from which you are
|
||||
building. `FROM` may only be preceded by one or more `ARG` instructions, which
|
||||
declare arguments that are used in `FROM` lines in the `Dockerfile`.
|
||||
|
||||
@ -599,10 +599,10 @@ This file causes the following build behavior:
|
||||
|
||||
|
||||
Matching is done using Go's
|
||||
[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. A
|
||||
[filepath.Match](https://golang.org/pkg/path/filepath#Match) rules. A
|
||||
preprocessing step removes leading and trailing whitespace and
|
||||
eliminates `.` and `..` elements using Go's
|
||||
[filepath.Clean](http://golang.org/pkg/path/filepath/#Clean). Lines
|
||||
[filepath.Clean](https://golang.org/pkg/path/filepath/#Clean). Lines
|
||||
that are blank after preprocessing are ignored.
|
||||
|
||||
Beyond Go's filepath.Match rules, Docker also supports a special
|
||||
@ -677,7 +677,7 @@ FROM [--platform=<platform>] <image>[@<digest>] [AS <name>]
|
||||
```
|
||||
|
||||
The `FROM` instruction initializes a new build stage and sets the
|
||||
[*Base Image*](https://docs.docker.com/glossary/#base_image) for subsequent instructions. As such, a
|
||||
[*Base Image*](https://docs.docker.com/glossary/#base-image) for subsequent instructions. As such, a
|
||||
valid `Dockerfile` must start with a `FROM` instruction. The image can be
|
||||
any valid image – it is especially easy to start by **pulling an image** from
|
||||
the [*Public Repositories*](https://docs.docker.com/docker-hub/repos/).
|
||||
@ -759,6 +759,7 @@ RUN instruction onto the next line. For example, consider these two lines:
|
||||
RUN /bin/bash -c 'source $HOME/.bashrc; \
|
||||
echo $HOME'
|
||||
```
|
||||
|
||||
Together they are equivalent to this single line:
|
||||
|
||||
```dockerfile
|
||||
@ -938,6 +939,7 @@ the `--format` option to show just the labels;
|
||||
```console
|
||||
$ docker image inspect --format='{{json .Config.Labels}}' myimage
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"com.example.vendor": "ACME Incorporated",
|
||||
@ -1115,7 +1117,7 @@ directories, their paths are interpreted as relative to the source of
|
||||
the context of the build.
|
||||
|
||||
Each `<src>` may contain wildcards and matching will be done using Go's
|
||||
[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. For example:
|
||||
[filepath.Match](https://golang.org/pkg/path/filepath#Match) rules. For example:
|
||||
|
||||
To add all files starting with "hom":
|
||||
|
||||
@ -1291,7 +1293,7 @@ directories will be interpreted as relative to the source of the context
|
||||
of the build.
|
||||
|
||||
Each `<src>` may contain wildcards and matching will be done using Go's
|
||||
[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. For example:
|
||||
[filepath.Match](https://golang.org/pkg/path/filepath#Match) rules. For example:
|
||||
|
||||
To add all files starting with "hom":
|
||||
|
||||
@ -1630,7 +1632,7 @@ If you forget to add `exec` to the beginning of your `ENTRYPOINT`:
|
||||
```dockerfile
|
||||
FROM ubuntu
|
||||
ENTRYPOINT top -b
|
||||
CMD --ignored-param1
|
||||
CMD -- --ignored-param1
|
||||
```
|
||||
|
||||
You can then run it (giving it a name for the next step):
|
||||
@ -1638,12 +1640,15 @@ You can then run it (giving it a name for the next step):
|
||||
```console
|
||||
$ docker run -it --name test top --ignored-param2
|
||||
|
||||
Mem: 1704184K used, 352484K free, 0K shrd, 0K buff, 140621524238337K cached
|
||||
CPU: 9% usr 2% sys 0% nic 88% idle 0% io 0% irq 0% sirq
|
||||
Load average: 0.01 0.02 0.05 2/101 7
|
||||
PID PPID USER STAT VSZ %VSZ %CPU COMMAND
|
||||
1 0 root S 3168 0% 0% /bin/sh -c top -b cmd cmd2
|
||||
7 1 root R 3164 0% 0% top -b
|
||||
top - 13:58:24 up 17 min, 0 users, load average: 0.00, 0.00, 0.00
|
||||
Tasks: 2 total, 1 running, 1 sleeping, 0 stopped, 0 zombie
|
||||
%Cpu(s): 16.7 us, 33.3 sy, 0.0 ni, 50.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
|
||||
MiB Mem : 1990.8 total, 1354.6 free, 231.4 used, 404.7 buff/cache
|
||||
MiB Swap: 1024.0 total, 1024.0 free, 0.0 used. 1639.8 avail Mem
|
||||
|
||||
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
|
||||
1 root 20 0 2612 604 536 S 0.0 0.0 0:00.02 sh
|
||||
6 root 20 0 5956 3188 2768 R 0.0 0.2 0:00.00 top
|
||||
```
|
||||
|
||||
You can see from the output of `top` that the specified `ENTRYPOINT` is not `PID 1`.
|
||||
@ -1652,12 +1657,12 @@ If you then run `docker stop test`, the container will not exit cleanly - the
|
||||
`stop` command will be forced to send a `SIGKILL` after the timeout:
|
||||
|
||||
```console
|
||||
$ docker exec -it test ps aux
|
||||
$ docker exec -it test ps waux
|
||||
|
||||
PID USER COMMAND
|
||||
1 root /bin/sh -c top -b cmd cmd2
|
||||
7 root top -b
|
||||
8 root ps aux
|
||||
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
|
||||
root 1 0.4 0.0 2612 604 pts/0 Ss+ 13:58 0:00 /bin/sh -c top -b --ignored-param2
|
||||
root 6 0.0 0.1 5956 3188 pts/0 S+ 13:58 0:00 top -b
|
||||
root 7 0.0 0.1 5884 2816 pts/1 Rs+ 13:58 0:00 ps waux
|
||||
|
||||
$ /usr/bin/time docker stop test
|
||||
|
||||
@ -1822,6 +1827,11 @@ RUN pwd
|
||||
The output of the final `pwd` command in this `Dockerfile` would be
|
||||
`/path/$DIRNAME`
|
||||
|
||||
If not specified, the default working directory is `/`. In practice, if you aren't building a Dockerfile from scratch (`FROM scratch`),
|
||||
the `WORKDIR` may likely be set by the base image you're using.
|
||||
|
||||
Therefore, to avoid unintended operations in unknown directories, it is best practice to set your `WORKDIR` explicitly.
|
||||
|
||||
## ARG
|
||||
|
||||
```dockerfile
|
||||
@ -2171,9 +2181,14 @@ ONBUILD RUN /usr/local/bin/python-build --dir /app/src
|
||||
STOPSIGNAL signal
|
||||
```
|
||||
|
||||
The `STOPSIGNAL` instruction sets the system call signal that will be sent to the container to exit.
|
||||
This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9,
|
||||
or a signal name in the format SIGNAME, for instance SIGKILL.
|
||||
The `STOPSIGNAL` instruction sets the system call signal that will be sent to the
|
||||
container to exit. This signal can be a signal name in the format `SIG<NAME>`,
|
||||
for instance `SIGKILL`, or an unsigned number that matches a position in the
|
||||
kernel's syscall table, for instance `9`. The default is `SIGTERM` if not
|
||||
defined.
|
||||
|
||||
The image's default stopsignal can be overridden per container, using the
|
||||
`--stop-signal` flag on `docker run` and `docker create`.
|
||||
|
||||
## HEALTHCHECK
|
||||
|
||||
|
||||
@ -84,7 +84,7 @@ containers, see [**Configuration file** section](cli.md#configuration-files).
|
||||
|
||||
### Attach to and detach from a running container
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker run -d --name topdemo ubuntu /usr/bin/top -b
|
||||
|
||||
$ docker attach topdemo
|
||||
@ -130,22 +130,19 @@ $ docker ps -a | grep topdemo
|
||||
And in this second example, you can see the exit code returned by the `bash`
|
||||
process is returned by the `docker attach` command to its caller too:
|
||||
|
||||
```bash
|
||||
$ docker run --name test -d -it debian
|
||||
```console
|
||||
$ docker run --name test -d -it debian
|
||||
275c44472aebd77c926d4527885bb09f2f6db21d878c75f0a1c212c03d3bcfab
|
||||
|
||||
275c44472aebd77c926d4527885bb09f2f6db21d878c75f0a1c212c03d3bcfab
|
||||
$ docker attach test
|
||||
root@f38c87f2a42d:/# exit 13
|
||||
|
||||
$ docker attach test
|
||||
exit
|
||||
|
||||
root@f38c87f2a42d:/# exit 13
|
||||
$ echo $?
|
||||
13
|
||||
|
||||
exit
|
||||
$ docker ps -a | grep test
|
||||
|
||||
$ echo $?
|
||||
|
||||
13
|
||||
|
||||
$ docker ps -a | grep test
|
||||
|
||||
275c44472aeb debian:7 "/bin/bash" 26 seconds ago Exited (13) 17 seconds ago test
|
||||
275c44472aeb debian:7 "/bin/bash" 26 seconds ago Exited (13) 17 seconds ago test
|
||||
```
|
||||
|
||||
@ -92,23 +92,23 @@ context.
|
||||
For example, run this command to use a directory called `docker` in the branch
|
||||
`container`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build https://github.com/docker/rootfs.git#container:docker
|
||||
```
|
||||
|
||||
The following table represents all the valid suffixes with their build
|
||||
contexts:
|
||||
|
||||
Build Syntax Suffix | Commit Used | Build Context Used
|
||||
--------------------------------|-----------------------|-------------------
|
||||
`myrepo.git` | `refs/heads/master` | `/`
|
||||
`myrepo.git#mytag` | `refs/tags/mytag` | `/`
|
||||
`myrepo.git#mybranch` | `refs/heads/mybranch` | `/`
|
||||
`myrepo.git#pull/42/head` | `refs/pull/42/head` | `/`
|
||||
`myrepo.git#:myfolder` | `refs/heads/master` | `/myfolder`
|
||||
`myrepo.git#master:myfolder` | `refs/heads/master` | `/myfolder`
|
||||
`myrepo.git#mytag:myfolder` | `refs/tags/mytag` | `/myfolder`
|
||||
`myrepo.git#mybranch:myfolder` | `refs/heads/mybranch` | `/myfolder`
|
||||
| Build Syntax Suffix | Commit Used | Build Context Used |
|
||||
|--------------------------------|-----------------------|--------------------|
|
||||
| `myrepo.git` | `refs/heads/master` | `/` |
|
||||
| `myrepo.git#mytag` | `refs/tags/mytag` | `/` |
|
||||
| `myrepo.git#mybranch` | `refs/heads/mybranch` | `/` |
|
||||
| `myrepo.git#pull/42/head` | `refs/pull/42/head` | `/` |
|
||||
| `myrepo.git#:myfolder` | `refs/heads/master` | `/myfolder` |
|
||||
| `myrepo.git#master:myfolder` | `refs/heads/master` | `/myfolder` |
|
||||
| `myrepo.git#mytag:myfolder` | `refs/tags/mytag` | `/myfolder` |
|
||||
| `myrepo.git#mybranch:myfolder` | `refs/heads/mybranch` | `/myfolder` |
|
||||
|
||||
> **Note**
|
||||
>
|
||||
@ -120,7 +120,7 @@ Build Syntax Suffix | Commit Used | Build Context Used
|
||||
|
||||
If you pass an URL to a remote tarball, the URL itself is sent to the daemon:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build http://server/context.tar.gz
|
||||
```
|
||||
|
||||
@ -136,7 +136,7 @@ build context. Tarball contexts must be tar archives conforming to the standard
|
||||
Instead of specifying a context, you can pass a single `Dockerfile` in the
|
||||
`URL` or pipe the file in via `STDIN`. To pipe a `Dockerfile` from `STDIN`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build - < Dockerfile
|
||||
```
|
||||
|
||||
@ -176,7 +176,7 @@ build fails, a non-zero failure code will be returned.
|
||||
There should be informational output of the reason for failure output to
|
||||
`STDERR`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build -t fail .
|
||||
|
||||
Sending build context to Docker daemon 2.048 kB
|
||||
@ -198,7 +198,7 @@ See also:
|
||||
|
||||
### Build with PATH
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build .
|
||||
|
||||
Uploading context 10240 bytes
|
||||
@ -243,7 +243,7 @@ you must use `--rm=false`. This does not affect the build cache.
|
||||
|
||||
### Build with URL
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build github.com/creack/docker-firefox
|
||||
```
|
||||
|
||||
@ -251,7 +251,7 @@ This will clone the GitHub repository and use the cloned repository as context.
|
||||
The Dockerfile at the root of the repository is used as Dockerfile. You can
|
||||
specify an arbitrary Git repository by using the `git://` or `git@` scheme.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build -f ctx/Dockerfile http://server/ctx.tar.gz
|
||||
|
||||
Downloading context: http://server/ctx.tar.gz [===================>] 240 B/240 B
|
||||
@ -277,7 +277,7 @@ ctx/container.cfg /` operation works as expected.
|
||||
|
||||
### Build with -
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build - < Dockerfile
|
||||
```
|
||||
|
||||
@ -286,7 +286,7 @@ context, no contents of any local directory will be sent to the Docker daemon.
|
||||
Since there is no context, a Dockerfile `ADD` only works if it refers to a
|
||||
remote URL.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build - < context.tar.gz
|
||||
```
|
||||
|
||||
@ -295,7 +295,7 @@ formats are: bzip2, gzip and xz.
|
||||
|
||||
### Use a .dockerignore file
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build .
|
||||
|
||||
Uploading context 18.829 MB
|
||||
@ -334,7 +334,7 @@ files.
|
||||
|
||||
### Tag an image (-t)
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build -t vieux/apache:2.0 .
|
||||
```
|
||||
|
||||
@ -348,27 +348,27 @@ version.
|
||||
For example, to tag an image both as `whenry/fedora-jboss:latest` and
|
||||
`whenry/fedora-jboss:v2.1`, use the following:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 .
|
||||
```
|
||||
|
||||
### Specify a Dockerfile (-f)
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build -f Dockerfile.debug .
|
||||
```
|
||||
|
||||
This will use a file called `Dockerfile.debug` for the build instructions
|
||||
instead of `Dockerfile`.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ curl example.com/remote/Dockerfile | docker build -f - .
|
||||
```
|
||||
|
||||
The above command will use the current directory as the build context and read
|
||||
a Dockerfile from stdin.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build -f dockerfiles/Dockerfile.debug -t myapp_debug .
|
||||
$ docker build -f dockerfiles/Dockerfile.prod -t myapp_prod .
|
||||
```
|
||||
@ -377,7 +377,7 @@ The above commands will build the current build context (as specified by the
|
||||
`.`) twice, once using a debug version of a `Dockerfile` and once using a
|
||||
production version.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ cd /home/me/myapp/some/dir/really/deep
|
||||
$ docker build -f /home/me/myapp/dockerfiles/debug /home/me/myapp
|
||||
$ docker build -f ../../../../dockerfiles/debug /home/me/myapp
|
||||
@ -420,7 +420,7 @@ A good example is `http_proxy` or source versions for pulling intermediate
|
||||
files. The `ARG` instruction lets Dockerfile authors define values that users
|
||||
can set at build-time using the `--build-arg` flag:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build --build-arg HTTP_PROXY=http://10.20.30.2:1234 --build-arg FTP_PROXY=http://40.50.60.5:4567 .
|
||||
```
|
||||
|
||||
@ -439,7 +439,7 @@ You may also use the `--build-arg` flag without a value, in which case the value
|
||||
from the local environment will be propagated into the Docker container being
|
||||
built:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ export HTTP_PROXY=http://10.20.30.2:1234
|
||||
$ docker build --build-arg HTTP_PROXY .
|
||||
```
|
||||
@ -461,11 +461,11 @@ technology. On Linux, the only supported is the `default` option which uses
|
||||
Linux namespaces. On Microsoft Windows, you can specify these values:
|
||||
|
||||
|
||||
| Value | Description |
|
||||
|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. |
|
||||
| `process` | Namespace isolation only. |
|
||||
| `hyperv` | Hyper-V hypervisor partition-based isolation. |
|
||||
| Value | Description |
|
||||
|-----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. |
|
||||
| `process` | Namespace isolation only. |
|
||||
| `hyperv` | Hyper-V hypervisor partition-based isolation. |
|
||||
|
||||
Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
|
||||
|
||||
@ -485,13 +485,13 @@ image. Commands after the target stage will be skipped.
|
||||
|
||||
```dockerfile
|
||||
FROM debian AS build-env
|
||||
...
|
||||
# ...
|
||||
|
||||
FROM alpine AS production-env
|
||||
...
|
||||
# ...
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build -t mybuildimage --target build-env .
|
||||
```
|
||||
|
||||
@ -516,7 +516,7 @@ The following example builds an image using the current directory (`.`) as build
|
||||
context, and exports the files to a directory named `out` in the current directory.
|
||||
If the directory does not exist, Docker creates the directory automatically:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build -o out .
|
||||
```
|
||||
|
||||
@ -525,13 +525,13 @@ thus uses the default (`local`) exporter. The example below shows the equivalent
|
||||
using the long-hand CSV syntax, specifying both `type` and `dest` (destination
|
||||
path):
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build --output type=local,dest=out .
|
||||
```
|
||||
|
||||
Use the `tar` type to export the files as a `.tar` archive:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build --output type=tar,dest=out.tar .
|
||||
```
|
||||
|
||||
@ -540,8 +540,8 @@ case, `-` is specified as destination, which automatically selects the `tar` typ
|
||||
and writes the output tarball to standard output, which is then redirected to
|
||||
the `out.tar` file:
|
||||
|
||||
```bash
|
||||
docker build -o - . > out.tar
|
||||
```console
|
||||
$ docker build -o - . > out.tar
|
||||
```
|
||||
|
||||
The `--output` option exports all files from the target stage. A common pattern
|
||||
@ -562,7 +562,7 @@ COPY --from=build-stage /go/bin/vndr /
|
||||
When building the Dockerfile with the `-o` option, only the files from the final
|
||||
stage are exported to the `out` directory, in this case, the `vndr` binary:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build -o out .
|
||||
|
||||
[+] Building 2.3s (7/7) FINISHED
|
||||
@ -610,7 +610,7 @@ options) allow pulling layer data for intermediate stages in multi-stage builds.
|
||||
The following example builds an image with inline-cache metadata and pushes it
|
||||
to a registry, then uses the image as a cache source on another machine:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build -t myname/myapp --build-arg BUILDKIT_INLINE_CACHE=1 .
|
||||
$ docker push myname/myapp
|
||||
```
|
||||
@ -618,8 +618,9 @@ $ docker push myname/myapp
|
||||
After pushing the image, the image is used as cache source on another machine.
|
||||
BuildKit automatically pulls the image from the registry if needed.
|
||||
|
||||
```bash
|
||||
# on another machine
|
||||
On another machine:
|
||||
|
||||
```console
|
||||
$ docker build --cache-from myname/myapp .
|
||||
```
|
||||
|
||||
@ -666,7 +667,7 @@ The `--squash` option has a number of known limitations:
|
||||
base image is still supported.
|
||||
- When using this option you may see significantly more space used due to
|
||||
storing two copies of the image, one for the build cache with all the cache
|
||||
layers in tact, and one for the squashed version.
|
||||
layers intact, and one for the squashed version.
|
||||
- While squashing layers may produce smaller images, it may have a negative
|
||||
impact on performance, as a single layer takes longer to extract, and
|
||||
downloading a single layer cannot be parallelized.
|
||||
@ -725,7 +726,7 @@ To enable experimental features, you need to start the Docker daemon with
|
||||
|
||||
Then make sure the experimental flag is enabled:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker version -f '{{.Server.Experimental}}'
|
||||
true
|
||||
```
|
||||
@ -745,15 +746,15 @@ RUN rm /remove_me
|
||||
|
||||
An image named `test` is built with `--squash` argument.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker build --squash -t test .
|
||||
|
||||
[...]
|
||||
<...>
|
||||
```
|
||||
|
||||
If everything is right, the history looks like this:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker history test
|
||||
|
||||
IMAGE CREATED CREATED BY SIZE COMMENT
|
||||
|
||||
102
docs/reference/commandline/checkpoint.md
Normal file
102
docs/reference/commandline/checkpoint.md
Normal file
@ -0,0 +1,102 @@
|
||||
---
|
||||
title: docker checkpoint
|
||||
description: "The checkpoint command description and usage"
|
||||
keywords: experimental, checkpoint, restore, criu
|
||||
experimental: true
|
||||
---
|
||||
|
||||
## Description
|
||||
|
||||
Checkpoint and Restore is an experimental feature that allows you to freeze a running
|
||||
container by checkpointing it, which turns its state into a collection of files
|
||||
on disk. Later, the container can be restored from the point it was frozen.
|
||||
|
||||
This is accomplished using a tool called [CRIU](https://criu.org), which is an
|
||||
external dependency of this feature. A good overview of the history of
|
||||
checkpoint and restore in Docker is available in this
|
||||
[Kubernetes blog post](https://kubernetes.io/blog/2015/07/how-did-quake-demo-from-dockercon-work/).
|
||||
|
||||
### Installing CRIU
|
||||
|
||||
If you use a Debian system, you can add the CRIU PPA and install with `apt-get`
|
||||
[from the criu launchpad](https://launchpad.net/~criu/+archive/ubuntu/ppa).
|
||||
|
||||
Alternatively, you can [build CRIU from source](https://criu.org/Installation).
|
||||
|
||||
You need at least version 2.0 of CRIU to run checkpoint and restore in Docker.
|
||||
|
||||
### Use cases for checkpoint and restore
|
||||
|
||||
This feature is currently focused on single-host use cases for checkpoint and
|
||||
restore. Here are a few:
|
||||
|
||||
- Restarting the host machine without stopping/starting containers
|
||||
- Speeding up the start time of slow start applications
|
||||
- "Rewinding" processes to an earlier point in time
|
||||
- "Forensic debugging" of running processes
|
||||
|
||||
Another primary use case of checkpoint and restore outside of Docker is the live
|
||||
migration of a server from one machine to another. This is possible with the
|
||||
current implementation, but not currently a priority (and so the workflow is
|
||||
not optimized for the task).
|
||||
|
||||
### Using checkpoint and restore
|
||||
|
||||
A new top level command `docker checkpoint` is introduced, with three subcommands:
|
||||
|
||||
- `docker checkpoint create` (creates a new checkpoint)
|
||||
- `docker checkpoint ls` (lists existing checkpoints)
|
||||
- `docker checkpoint rm` (deletes an existing checkpoint)
|
||||
|
||||
Additionally, a `--checkpoint` flag is added to the `docker container start` command.
|
||||
|
||||
The options for `docker checkpoint create`:
|
||||
|
||||
```console
|
||||
Usage: docker checkpoint create [OPTIONS] CONTAINER CHECKPOINT
|
||||
|
||||
Create a checkpoint from a running container
|
||||
|
||||
--leave-running=false Leave the container running after checkpoint
|
||||
--checkpoint-dir Use a custom checkpoint storage directory
|
||||
```
|
||||
|
||||
And to restore a container:
|
||||
|
||||
```console
|
||||
Usage: docker start --checkpoint CHECKPOINT_ID [OTHER OPTIONS] CONTAINER
|
||||
```
|
||||
|
||||
Example of using checkpoint and restore on a container:
|
||||
|
||||
```console
|
||||
$ docker run --security-opt=seccomp:unconfined --name cr -d busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'
|
||||
abc0123
|
||||
|
||||
$ docker checkpoint create cr checkpoint1
|
||||
|
||||
# <later>
|
||||
$ docker start --checkpoint checkpoint1 cr
|
||||
abc0123
|
||||
```
|
||||
|
||||
This process just logs an incrementing counter to stdout. If you run `docker logs`
|
||||
in between running/checkpoint/restoring you should see that the counter
|
||||
increases while the process is running, stops while it's checkpointed, and
|
||||
resumes from the point it left off once you restore.
|
||||
|
||||
### Known limitations
|
||||
|
||||
seccomp is only supported by CRIU in very up to date kernels.
|
||||
|
||||
External terminal (i.e. `docker run -t ..`) is not supported at the moment.
|
||||
If you try to create a checkpoint for a container with an external terminal,
|
||||
it would fail:
|
||||
|
||||
```console
|
||||
$ docker checkpoint create cr checkpoint1
|
||||
Error response from daemon: Cannot checkpoint container c1: rpc error: code = 2 desc = exit status 1: "criu failed: type NOTIFY errno 0\nlog file: /var/lib/docker/containers/eb62ebdbf237ce1a8736d2ae3c7d88601fc0a50235b0ba767b559a1f3c5a600b/checkpoints/checkpoint1/criu.work/dump.log\n"
|
||||
|
||||
$ cat /var/lib/docker/containers/eb62ebdbf237ce1a8736d2ae3c7d88601fc0a50235b0ba767b559a1f3c5a600b/checkpoints/checkpoint1/criu.work/dump.log
|
||||
Error (mount.c:740): mnt: 126:./dev/console doesn't have a proper root mount
|
||||
```
|
||||
@ -3,7 +3,7 @@ title: "Use the Docker command line"
|
||||
description: "Docker's CLI command description and usage"
|
||||
keywords: "Docker, Docker documentation, CLI, command line, config.json, CLI configuration file"
|
||||
redirect_from:
|
||||
- /go/experimental/
|
||||
- /reference/commandline/cli/
|
||||
- /engine/reference/commandline/engine/
|
||||
- /engine/reference/commandline/engine_activate/
|
||||
- /engine/reference/commandline/engine_check/
|
||||
@ -24,7 +24,7 @@ redirect_from:
|
||||
To list available commands, either run `docker` with no parameters
|
||||
or execute `docker help`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker
|
||||
Usage: docker [OPTIONS] COMMAND [ARG...]
|
||||
docker [ --help | -v | --version ]
|
||||
@ -78,6 +78,7 @@ line:
|
||||
| `DOCKER_HOST` | Daemon socket to connect to. |
|
||||
| `DOCKER_STACK_ORCHESTRATOR` | Configure the default orchestrator to use when using `docker stack` management commands. |
|
||||
| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) |
|
||||
| `BUILDKIT_PROGRESS` | Set type of progress output (`auto`, `plain`, `tty`) when [building](build.md) with [BuildKit backend](../builder.md#buildkit). Use plain to show container output (default `auto`). |
|
||||
|
||||
Because Docker is developed using Go, you can also use any environment
|
||||
variables used by the Go runtime. In particular, you may find these useful:
|
||||
@ -87,7 +88,7 @@ variables used by the Go runtime. In particular, you may find these useful:
|
||||
* `NO_PROXY`
|
||||
|
||||
These Go environment variables are case-insensitive. See the
|
||||
[Go specification](http://golang.org/pkg/net/http/) for details on these
|
||||
[Go specification](https://golang.org/pkg/net/http/) for details on these
|
||||
variables.
|
||||
|
||||
## Configuration files
|
||||
@ -312,6 +313,9 @@ Experimental features provide early access to future product functionality.
|
||||
These features are intended for testing and feedback, and they may change
|
||||
between releases without warning or can be removed from a future release.
|
||||
|
||||
Starting with Docker 20.10, experimental CLI features are enabled by default,
|
||||
and require no configuration to enable them.
|
||||
|
||||
### Notary
|
||||
|
||||
If using your own notary server and a self-signed certificate or an internal
|
||||
|
||||
@ -43,7 +43,7 @@ created. Supported `Dockerfile` instructions:
|
||||
|
||||
### Commit a container
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -62,7 +62,7 @@ svendowideit/testimage version3 f5283438590d 16 sec
|
||||
|
||||
### Commit a container with new configurations
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -84,7 +84,7 @@ $ docker inspect -f "{{ .Config.Env }}" f5283438590d
|
||||
|
||||
### Commit a container with new `CMD` and `EXPOSE` instructions
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
|
||||
@ -33,7 +33,7 @@ For detailed information about using configs, refer to [store configuration data
|
||||
|
||||
### Create a config
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ printf <config> | docker config create my_config -
|
||||
|
||||
onakdyv307se2tl7nl20anokv
|
||||
@ -46,7 +46,7 @@ onakdyv307se2tl7nl20anokv my_config 6 seconds ago 6 seconds ag
|
||||
|
||||
### Create a config with a file
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker config create my_config ./config.json
|
||||
|
||||
dg426haahpi5ezmkkj5kyl3sn
|
||||
@ -59,7 +59,7 @@ dg426haahpi5ezmkkj5kyl3sn my_config 7 seconds ago 7 seconds ag
|
||||
|
||||
### Create a config with labels
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker config create \
|
||||
--label env=dev \
|
||||
--label rev=20170324 \
|
||||
@ -68,7 +68,7 @@ $ docker config create \
|
||||
eo7jnzguqgtpdah3cm5srfb97
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker config inspect my_config
|
||||
|
||||
[
|
||||
|
||||
@ -23,7 +23,7 @@ Inspects the specified config.
|
||||
By default, this renders all results in a JSON array. If a format is specified,
|
||||
the given template will be executed for each result.
|
||||
|
||||
Go's [text/template](http://golang.org/pkg/text/template/) package
|
||||
Go's [text/template](https://golang.org/pkg/text/template/) package
|
||||
describes all the details of the format.
|
||||
|
||||
For detailed information about using configs, refer to [store configuration data using Docker Configs](https://docs.docker.com/engine/swarm/configs/).
|
||||
@ -43,14 +43,14 @@ You can inspect a config, either by its *name*, or *ID*
|
||||
|
||||
For example, given the following config:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker config ls
|
||||
|
||||
ID NAME CREATED UPDATED
|
||||
eo7jnzguqgtpdah3cm5srfb97 my_config 3 minutes ago 3 minutes ago
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker config inspect config.json
|
||||
```
|
||||
|
||||
@ -83,7 +83,7 @@ You can use the --format option to obtain specific information about a
|
||||
config. The following example command outputs the creation time of the
|
||||
config.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker config inspect --format='{{.CreatedAt}}' eo7jnzguqgtpdah3cm5srfb97
|
||||
|
||||
2017-03-24 08:15:09.735271783 +0000 UTC
|
||||
|
||||
@ -36,7 +36,7 @@ For detailed information about using configs, refer to [store configuration data
|
||||
|
||||
## Examples
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker config ls
|
||||
|
||||
ID NAME CREATED UPDATED
|
||||
@ -60,7 +60,7 @@ The currently supported filters are:
|
||||
|
||||
The `id` filter matches all or prefix of a config's id.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker config ls -f "id=6697bflskwj1998km1gnnjr38"
|
||||
|
||||
ID NAME CREATED UPDATED
|
||||
@ -75,7 +75,7 @@ a `label` and a value.
|
||||
The following filter matches all configs with a `project` label regardless of
|
||||
its value:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker config ls --filter label=project
|
||||
|
||||
ID NAME CREATED UPDATED
|
||||
@ -85,7 +85,7 @@ mem02h8n73mybpgqjf0kfi1n0 test_config About an hour ago Abou
|
||||
The following filter matches only services with the `project` label with the
|
||||
`project-a` value.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker service ls --filter label=project=test
|
||||
|
||||
ID NAME CREATED UPDATED
|
||||
@ -98,7 +98,7 @@ The `name` filter matches on all or prefix of a config's name.
|
||||
|
||||
The following filter matches config with a name containing a prefix of `test`.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker config ls --filter name=test_config
|
||||
|
||||
ID NAME CREATED UPDATED
|
||||
@ -113,7 +113,7 @@ using a Go template.
|
||||
Valid placeholders for the Go template are listed below:
|
||||
|
||||
| Placeholder | Description |
|
||||
| ------------ | ------------------------------------------------------------------------------------ |
|
||||
|--------------|--------------------------------------------------------------------------------------|
|
||||
| `.ID` | Config ID |
|
||||
| `.Name` | Config name |
|
||||
| `.CreatedAt` | Time when the config was created |
|
||||
@ -128,7 +128,7 @@ output the data exactly as the template declares or, when using the
|
||||
The following example uses a template without headers and outputs the
|
||||
`ID` and `Name` entries separated by a colon (`:`) for all images:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker config ls --format "{{.ID}}: {{.Name}}"
|
||||
|
||||
77af4d6b9913: config-1
|
||||
@ -139,7 +139,7 @@ b6fa739cedf5: config-2
|
||||
To list all configs with their name and created date in a table format you
|
||||
can use:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker config ls --format "table {{.ID}}\t{{.Name}}\t{{.CreatedAt}}"
|
||||
|
||||
ID NAME CREATED
|
||||
|
||||
@ -35,7 +35,7 @@ For detailed information about using configs, refer to [store configuration data
|
||||
|
||||
This example removes a config:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker config rm my_config
|
||||
sapth4csdo5b6wz2p5uimh5xg
|
||||
```
|
||||
|
||||
@ -26,7 +26,7 @@ Removes all stopped containers.
|
||||
|
||||
### Prune containers
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker container prune
|
||||
WARNING! This will remove all stopped containers.
|
||||
Are you sure you want to continue? [y/N] y
|
||||
@ -66,7 +66,7 @@ containers without the specified labels.
|
||||
|
||||
The following removes containers created more than 5 minutes ago:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}'
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED AT STATUS
|
||||
@ -88,7 +88,7 @@ CONTAINER ID IMAGE COMMAND CREATED AT
|
||||
|
||||
The following removes containers created before `2017-01-04T13:10:00`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}'
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED AT STATUS
|
||||
|
||||
45
docs/reference/commandline/context.md
Normal file
45
docs/reference/commandline/context.md
Normal file
@ -0,0 +1,45 @@
|
||||
---
|
||||
title: "context"
|
||||
description: "The context command description and usage"
|
||||
keywords: "context"
|
||||
---
|
||||
|
||||
# config
|
||||
|
||||
```markdown
|
||||
Manage contexts
|
||||
|
||||
Usage:
|
||||
docker context [command]
|
||||
|
||||
Available Commands:
|
||||
create Create new context
|
||||
export Export a context to a tar or kubeconfig file
|
||||
import Import a context from a tar or zip file
|
||||
inspect Display detailed information on one or more contexts
|
||||
list List available contexts
|
||||
rm Remove one or more contexts
|
||||
show Print the current context
|
||||
update Update a context
|
||||
use Set the default context
|
||||
|
||||
Flags:
|
||||
-h, --help Help for context
|
||||
|
||||
Use "docker context [command] --help" for more information about a command.
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
Manage contexts.
|
||||
|
||||
## Related commands
|
||||
|
||||
* [context create](context_create.md)
|
||||
* [context export](context_export.md)
|
||||
* [context import](context_import.md)
|
||||
* [context inspect](context_inspect.md)
|
||||
* [context list](context_ls.md)
|
||||
* [context rm](context_rm.md)
|
||||
* [context update](context_update.md)
|
||||
* [context use](context_use.md)
|
||||
@ -62,7 +62,7 @@ kubernetes options. The example below creates the context `my-context`
|
||||
with a docker endpoint of `/var/run/docker.sock` and a kubernetes configuration
|
||||
sourced from the file `/home/me/my-kube-config`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker context create \
|
||||
--docker host=unix:///var/run/docker.sock \
|
||||
--kubernetes config-file=/home/me/my-kube-config \
|
||||
@ -75,19 +75,19 @@ Use the `--from=<context-name>` option to create a new context from
|
||||
an existing context. The example below creates a new context named `my-context`
|
||||
from the existing context `existing-context`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker context create --from existing-context my-context
|
||||
```
|
||||
|
||||
If the `--from` option is not set, the `context` is created from the current context:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker context create my-context
|
||||
```
|
||||
|
||||
This can be used to create a context out of an existing `DOCKER_HOST` based script:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ source my-setup-script.sh
|
||||
$ docker context create my-context
|
||||
```
|
||||
@ -98,7 +98,7 @@ new context named `my-context` using the docker endpoint configuration from
|
||||
the existing context `existing-context` and a kubernetes configuration sourced
|
||||
from the file `/home/me/my-kube-config`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker context create \
|
||||
--docker from=existing-context \
|
||||
--kubernetes config-file=/home/me/my-kube-config \
|
||||
@ -110,7 +110,7 @@ To source only the `kubernetes` configuration from an existing context use the
|
||||
context named `my-context` using the kuberentes configuration from the existing
|
||||
context `existing-context` and a docker endpoint of `/var/run/docker.sock`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker context create \
|
||||
--docker host=unix:///var/run/docker.sock \
|
||||
--kubernetes from=existing-context \
|
||||
|
||||
@ -23,7 +23,7 @@ Inspects one or more contexts.
|
||||
|
||||
### Inspect a context by name
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker context inspect "local+aks"
|
||||
|
||||
[
|
||||
|
||||
@ -25,7 +25,9 @@ Options:
|
||||
Use `docker context ls` to print all contexts. The currently active context is
|
||||
indicated with an `*`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker context ls
|
||||
|
||||
NAME DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR
|
||||
default * Current DOCKER_HOST based configuration unix:///var/run/docker.sock swarm
|
||||
production tcp:///prod.corp.example.com:2376
|
||||
|
||||
@ -54,7 +54,7 @@ See [context create](context_create.md).
|
||||
|
||||
### Update an existing context
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker context update \
|
||||
--description "some description" \
|
||||
--docker "host=tcp://myserver:2376,ca=~/ca-file,cert=~/cert-file,key=~/key-file" \
|
||||
|
||||
@ -13,6 +13,7 @@ Set the current docker context
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
Set the default context to use, when `DOCKER_HOST`, `DOCKER_CONTEXT` environment
|
||||
variables and `--host`, `--context` global options are not set.
|
||||
To disable usage of contexts, you can use the special `default` context.
|
||||
|
||||
@ -89,17 +89,39 @@ you must be explicit with a relative or absolute path, for example:
|
||||
|
||||
`/path/to/file:name.txt` or `./file:name.txt`
|
||||
|
||||
## Examples
|
||||
|
||||
Copy a local file into container
|
||||
|
||||
```console
|
||||
$ docker cp ./some_file CONTAINER:/work
|
||||
```
|
||||
|
||||
Copy files from container to local path
|
||||
|
||||
```console
|
||||
$ docker cp CONTAINER:/var/logs/ /tmp/app_logs
|
||||
```
|
||||
|
||||
Copy a file from container to stdout. Please note `cp` command produces a tar stream
|
||||
|
||||
```console
|
||||
$ docker cp CONTAINER:/var/logs/app.log - | tar x -O | grep "ERROR"
|
||||
```
|
||||
|
||||
### Corner cases
|
||||
|
||||
It is not possible to copy certain system files such as resources under
|
||||
`/proc`, `/sys`, `/dev`, [tmpfs](run.md#mount-tmpfs---tmpfs), and mounts created by
|
||||
the user in the container. However, you can still copy such files by manually
|
||||
running `tar` in `docker exec`. Both of the following examples do the same thing
|
||||
in different ways (consider `SRC_PATH` and `DEST_PATH` are directories):
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker exec CONTAINER tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | tar Cxf DEST_PATH -
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | docker exec -i CONTAINER tar Cxf DEST_PATH -
|
||||
```
|
||||
|
||||
|
||||
@ -98,6 +98,7 @@ Options:
|
||||
--privileged Give extended privileges to this container
|
||||
-p, --publish value Publish a container's port(s) to the host (default [])
|
||||
-P, --publish-all Publish all exposed ports to random ports
|
||||
--pull string Pull image before creating ("always"|"missing"|"never") (default "missing")
|
||||
--read-only Mount the container's root filesystem as read only
|
||||
--restart string Restart policy to apply when a container exits (default "no")
|
||||
Possible values are: no, on-failure[:max-retry], always, unless-stopped
|
||||
@ -109,7 +110,7 @@ Options:
|
||||
Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes),
|
||||
or `g` (gigabytes). If you omit the unit, the system uses bytes.
|
||||
--stop-signal string Signal to stop a container (default "SIGTERM")
|
||||
--stop-timeout=10 Timeout (in seconds) to stop a container
|
||||
--stop-timeout int Timeout (in seconds) to stop a container
|
||||
--storage-opt value Storage driver options for the container (default [])
|
||||
--sysctl value Sysctl options (default map[])
|
||||
--tmpfs value Mount a tmpfs directory (default [])
|
||||
@ -131,41 +132,58 @@ Options:
|
||||
--volumes-from value Mount volumes from the specified container(s) (default [])
|
||||
-w, --workdir string Working directory inside the container
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
The `docker create` command creates a writeable container layer over the
|
||||
specified image and prepares it for running the specified command. The
|
||||
The `docker container create` (or shorthand: `docker create`) command creates a
|
||||
new container from the specified image, without starting it.
|
||||
|
||||
When creating a container, the docker daemon creates a writeable container layer
|
||||
over the specified image and prepares it for running the specified command. The
|
||||
container ID is then printed to `STDOUT`. This is similar to `docker run -d`
|
||||
except the container is never started. You can then use the
|
||||
`docker start <container_id>` command to start the container at any point.
|
||||
except the container is never started. You can then use the `docker container start`
|
||||
(or shorthand: `docker start`) command to start the container at any point.
|
||||
|
||||
This is useful when you want to set up a container configuration ahead of time
|
||||
so that it is ready to start when you need it. The initial status of the
|
||||
new container is `created`.
|
||||
|
||||
Please see the [run command](run.md) section and the [Docker run reference](../run.md) for more details.
|
||||
The `docker create` command shares most of its options with the `docker run`
|
||||
command (which performs a `docker create` before starting it). Refer to the
|
||||
[`docker run` command](run.md) section and the [Docker run reference](../run.md)
|
||||
for details on the available flags and options.
|
||||
|
||||
## Examples
|
||||
|
||||
### Create and start a container
|
||||
|
||||
```bash
|
||||
$ docker create -t -i fedora bash
|
||||
The following example creates an interactive container with a pseudo-TTY attached,
|
||||
then starts the container and attaches to it:
|
||||
|
||||
```console
|
||||
$ docker container create -i -t --name mycontainer alpine
|
||||
6d8af538ec541dd581ebc2a24153a28329acb5268abe5ef868c1f1a261221752
|
||||
|
||||
$ docker start -a -i 6d8af538ec5
|
||||
$ docker container start --attach -i mycontainer
|
||||
/ # echo hello world
|
||||
hello world
|
||||
```
|
||||
|
||||
bash-4.2#
|
||||
The above is the equivalent of a `docker run`:
|
||||
|
||||
```console
|
||||
$ docker run -it --name mycontainer2 alpine
|
||||
/ # echo hello world
|
||||
hello world
|
||||
```
|
||||
|
||||
### Initialize volumes
|
||||
|
||||
As of v1.4.0 container volumes are initialized during the `docker create` phase
|
||||
Container volumes are initialized during the `docker create` phase
|
||||
(i.e., `docker run` too). For example, this allows you to `create` the `data`
|
||||
volume container, and then use it from another container:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker create -v /data --name data ubuntu
|
||||
|
||||
240633dfbb98128fa77473d3d9018f6123b99c454b3251427ae190a7d951ad57
|
||||
@ -180,7 +198,7 @@ drwxr-xr-x 48 root root 4096 Dec 5 04:11 ..
|
||||
Similarly, `create` a host directory bind mounted volume container, which can
|
||||
then be used from the subsequent container:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker create -v /home/docker:/docker --name docker ubuntu
|
||||
|
||||
9aa88c08f319cd1e4515c3c46b0de7cc9aa75e878357b1e96f91e2c773029f03
|
||||
@ -198,59 +216,3 @@ drwxr-sr-x 3 1000 staff 60 Dec 1 03:28 .local
|
||||
drwx--S--- 2 1000 staff 460 Dec 5 00:51 .ssh
|
||||
drwxr-xr-x 32 1000 staff 1140 Dec 5 04:01 docker
|
||||
```
|
||||
|
||||
|
||||
Set storage driver options per container.
|
||||
|
||||
```bash
|
||||
$ docker create -it --storage-opt size=120G fedora /bin/bash
|
||||
```
|
||||
|
||||
This (size) will allow to set the container rootfs size to 120G at creation time.
|
||||
This option is only available for the `devicemapper`, `btrfs`, `overlay2`,
|
||||
`windowsfilter` and `zfs` graph drivers.
|
||||
For the `devicemapper`, `btrfs`, `windowsfilter` and `zfs` graph drivers,
|
||||
user cannot pass a size less than the Default BaseFS Size.
|
||||
For the `overlay2` storage driver, the size option is only available if the
|
||||
backing fs is `xfs` and mounted with the `pquota` mount option.
|
||||
Under these conditions, user can pass any size less than the backing fs size.
|
||||
|
||||
### Specify isolation technology for container (--isolation)
|
||||
|
||||
This option is useful in situations where you are running Docker containers on
|
||||
Windows. The `--isolation=<value>` option sets a container's isolation
|
||||
technology. On Linux, the only supported is the `default` option which uses
|
||||
Linux namespaces. On Microsoft Windows, you can specify these values:
|
||||
|
||||
|
||||
| Value | Description |
|
||||
|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value if the
|
||||
daemon is running on Windows server, or `hyperv` if running on Windows client. |
|
||||
| `process` | Namespace isolation only. |
|
||||
| `hyperv` | Hyper-V hypervisor partition-based isolation. |
|
||||
|
||||
Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
|
||||
|
||||
### Dealing with dynamically created devices (--device-cgroup-rule)
|
||||
|
||||
Devices available to a container are assigned at creation time. The
|
||||
assigned devices will both be added to the cgroup.allow file and
|
||||
created into the container once it is run. This poses a problem when
|
||||
a new device needs to be added to running container.
|
||||
|
||||
One of the solution is to add a more permissive rule to a container
|
||||
allowing it access to a wider range of devices. For example, supposing
|
||||
our container needs access to a character device with major `42` and
|
||||
any number of minor number (added as new devices appear), the
|
||||
following rule would be added:
|
||||
|
||||
```
|
||||
docker create --device-cgroup-rule='c 42:* rmw' -name my-container my-image
|
||||
```
|
||||
|
||||
Then, a user could ask `udev` to execute a script that would `docker exec my-container mknod newDevX c 42 <minor>`
|
||||
the required device when it is added.
|
||||
|
||||
NOTE: initially present devices still need to be explicitly added to
|
||||
the create/run command
|
||||
|
||||
@ -33,7 +33,7 @@ You can use the full or shortened container ID or the container name set using
|
||||
|
||||
Inspect the changes to an `nginx` container:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker diff 1fdfd1f54c1b
|
||||
|
||||
C /dev
|
||||
|
||||
@ -115,8 +115,8 @@ Options with [] may be specified multiple times.
|
||||
uses different binaries for the daemon and client. To run the daemon you
|
||||
type `dockerd`.
|
||||
|
||||
To run the daemon with debug output, use `dockerd -D` or add `"debug": true` to
|
||||
the `daemon.json` file.
|
||||
To run the daemon with debug output, use `dockerd --debug` or add `"debug": true`
|
||||
to [the `daemon.json` file](#daemon-configuration-file).
|
||||
|
||||
> **Enabling experimental features**
|
||||
>
|
||||
@ -164,7 +164,7 @@ communication with the daemon.
|
||||
> supported anymore for security reasons.
|
||||
|
||||
On Systemd based systems, you can communicate with the daemon via
|
||||
[Systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html),
|
||||
[Systemd socket activation](https://0pointer.de/blog/projects/socket-activation.html),
|
||||
use `dockerd -H fd://`. Using `fd://` will work perfectly for most setups but
|
||||
you can also specify individual sockets: `dockerd -H fd://3`. If the
|
||||
specified socket activated files aren't found, then Docker will exit. You can
|
||||
@ -174,20 +174,21 @@ find examples of using Systemd socket activation with Docker and Systemd in the
|
||||
You can configure the Docker daemon to listen to multiple sockets at the same
|
||||
time using multiple `-H` options:
|
||||
|
||||
```bash
|
||||
# listen using the default unix socket, and on 2 specific IP addresses on this host.
|
||||
The example below runs the daemon listenin on the default unix socket, and
|
||||
on 2 specific IP addresses on this host:
|
||||
|
||||
```console
|
||||
$ sudo dockerd -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2
|
||||
```
|
||||
|
||||
The Docker client will honor the `DOCKER_HOST` environment variable to set the
|
||||
`-H` flag for the client. Use **one** of the following commands:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker -H tcp://0.0.0.0:2375 ps
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ export DOCKER_HOST="tcp://0.0.0.0:2375"
|
||||
|
||||
$ docker ps
|
||||
@ -197,7 +198,7 @@ Setting the `DOCKER_TLS_VERIFY` environment variable to any value other than
|
||||
the empty string is equivalent to setting the `--tlsverify` flag. The following
|
||||
are equivalent:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker --tlsverify ps
|
||||
# or
|
||||
$ export DOCKER_TLS_VERIFY=1
|
||||
@ -210,7 +211,7 @@ precedence over `HTTP_PROXY`.
|
||||
|
||||
The Docker client supports connecting to a remote daemon via SSH:
|
||||
|
||||
```
|
||||
```console
|
||||
$ docker -H ssh://me@example.com:22 ps
|
||||
$ docker -H ssh://me@example.com ps
|
||||
$ docker -H ssh://example.com ps
|
||||
@ -267,22 +268,21 @@ when no `-H` was passed in.
|
||||
|
||||
Run Docker in daemon mode:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo <path to>/dockerd -H 0.0.0.0:5555 &
|
||||
```
|
||||
|
||||
Download an `ubuntu` image:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker -H :5555 pull ubuntu
|
||||
```
|
||||
|
||||
You can use multiple `-H`, for example, if you want to listen on both
|
||||
TCP and a Unix socket
|
||||
|
||||
```bash
|
||||
# Run docker in daemon mode
|
||||
$ sudo <path to>/dockerd -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock &
|
||||
```console
|
||||
$ sudo dockerd -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock &
|
||||
# Download an ubuntu image, use default Unix socket
|
||||
$ docker pull ubuntu
|
||||
# OR use the TCP port
|
||||
@ -307,12 +307,12 @@ devices, one for data and one for metadata. By default, these block devices
|
||||
are created automatically by using loopback mounts of automatically created
|
||||
sparse files. Refer to [Devicemapper options](#devicemapper-options) below
|
||||
for a way how to customize this setup.
|
||||
[~jpetazzo/Resizing Docker containers with the Device Mapper plugin](http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/)
|
||||
[~jpetazzo/Resizing Docker containers with the Device Mapper plugin](https://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/)
|
||||
article explains how to tune your existing setup without the use of options.
|
||||
|
||||
The `btrfs` driver is very fast for `docker build` - but like `devicemapper`
|
||||
does not share executable memory between devices. Use
|
||||
`dockerd -s btrfs -g /mnt/btrfs_partition`.
|
||||
`dockerd --storage-driver btrfs --data-root /mnt/btrfs_partition`.
|
||||
|
||||
The `zfs` driver is probably not as fast as `btrfs` but has a longer track record
|
||||
on stability. Thanks to `Single Copy ARC` shared blocks between clones will be
|
||||
@ -395,7 +395,7 @@ not use loopback in production. Ensure your Engine daemon has a
|
||||
|
||||
###### Example:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.thinpooldev=/dev/mapper/thin-pool
|
||||
```
|
||||
|
||||
@ -406,7 +406,7 @@ device for you.
|
||||
|
||||
###### Example:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.directlvm_device=/dev/xvdf
|
||||
```
|
||||
|
||||
@ -416,7 +416,7 @@ Sets the percentage of passed in block device to use for storage.
|
||||
|
||||
###### Example:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.thinp_percent=95
|
||||
```
|
||||
|
||||
@ -426,7 +426,7 @@ Sets the percentage of the passed in block device to use for metadata storage.
|
||||
|
||||
###### Example:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.thinp_metapercent=1
|
||||
```
|
||||
|
||||
@ -437,7 +437,7 @@ autoextend the available space [100 = disabled]
|
||||
|
||||
###### Example:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.thinp_autoextend_threshold=80
|
||||
```
|
||||
|
||||
@ -448,7 +448,7 @@ attempts to autoextend the available space [100 = disabled]
|
||||
|
||||
###### Example:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.thinp_autoextend_percent=20
|
||||
```
|
||||
|
||||
@ -467,7 +467,7 @@ new base device size.
|
||||
|
||||
###### Examples
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.basesize=50G
|
||||
```
|
||||
|
||||
@ -479,7 +479,7 @@ This value affects the system-wide "base" empty filesystem
|
||||
that may already be initialized and inherited by pulled images. Typically,
|
||||
a change to this value requires additional steps to take effect:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo service docker stop
|
||||
|
||||
$ sudo rm -rf /var/lib/docker
|
||||
@ -502,7 +502,7 @@ much space.
|
||||
|
||||
###### Example
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.loopdatasize=200G
|
||||
```
|
||||
|
||||
@ -520,7 +520,7 @@ this much space.
|
||||
|
||||
###### Example
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.loopmetadatasize=4G
|
||||
```
|
||||
|
||||
@ -531,7 +531,7 @@ options are "ext4" and "xfs". The default is "xfs"
|
||||
|
||||
###### Example
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.fs=ext4
|
||||
```
|
||||
|
||||
@ -541,7 +541,7 @@ Specifies extra mkfs arguments to be used when creating the base device.
|
||||
|
||||
###### Example
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt "dm.mkfsarg=-O ^has_journal"
|
||||
```
|
||||
|
||||
@ -551,7 +551,7 @@ Specifies extra mount options used when mounting the thin devices.
|
||||
|
||||
###### Example
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.mountopt=nodiscard
|
||||
```
|
||||
|
||||
@ -567,7 +567,7 @@ device.
|
||||
|
||||
###### Example
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd \
|
||||
--storage-opt dm.datadev=/dev/sdb1 \
|
||||
--storage-opt dm.metadatadev=/dev/sdc1
|
||||
@ -585,13 +585,13 @@ data, or even better on an SSD.
|
||||
If setting up a new metadata pool it is required to be valid. This can be
|
||||
achieved by zeroing the first 4k to indicate empty metadata, like this:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ dd if=/dev/zero of=$metadata_dev bs=4096 count=1
|
||||
```
|
||||
|
||||
###### Example
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd \
|
||||
--storage-opt dm.datadev=/dev/sdb1 \
|
||||
--storage-opt dm.metadatadev=/dev/sdc1
|
||||
@ -604,7 +604,7 @@ blocksize is 64K.
|
||||
|
||||
###### Example
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.blocksize=512K
|
||||
```
|
||||
|
||||
@ -620,7 +620,7 @@ returned to the system for other use when containers are removed.
|
||||
|
||||
###### Examples
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.blkdiscard=false
|
||||
```
|
||||
|
||||
@ -632,11 +632,11 @@ Overrides the `udev` synchronization checks between `devicemapper` and `udev`.
|
||||
To view the `udev` sync support of a Docker daemon that is using the
|
||||
`devicemapper` driver, run:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker info
|
||||
[...]
|
||||
<...>
|
||||
Udev Sync Supported: true
|
||||
[...]
|
||||
<...>
|
||||
```
|
||||
|
||||
When `udev` sync support is `true`, then `devicemapper` and udev can
|
||||
@ -650,7 +650,7 @@ results in errors and failures. (For information on these failures, see
|
||||
To allow the `docker` daemon to start, regardless of `udev` sync not being
|
||||
supported, set `dm.override_udev_sync_check` to true:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.override_udev_sync_check=true
|
||||
```
|
||||
|
||||
@ -683,7 +683,7 @@ loop trying to remove a busy device.
|
||||
|
||||
###### Example
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.use_deferred_removal=true
|
||||
```
|
||||
|
||||
@ -701,7 +701,7 @@ Error deleting container: Error response from daemon: Cannot destroy container
|
||||
To avoid this failure, enable both deferred device deletion and deferred
|
||||
device removal on the daemon.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd \
|
||||
--storage-opt dm.use_deferred_deletion=true \
|
||||
--storage-opt dm.use_deferred_removal=true
|
||||
@ -741,7 +741,7 @@ the issue.
|
||||
|
||||
###### Example
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.min_free_space=10%
|
||||
```
|
||||
|
||||
@ -757,7 +757,7 @@ ENOSPC and will shutdown filesystem.
|
||||
|
||||
###### Example
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --storage-opt dm.xfs_nospace_max_retries=0
|
||||
```
|
||||
|
||||
@ -773,7 +773,7 @@ time of writing, the following is the list of `libdm` log levels as well as
|
||||
their corresponding levels when output by `dockerd`.
|
||||
|
||||
| `libdm` Level | Value | `--log-level` |
|
||||
| ------------- | -----:| ------------- |
|
||||
|---------------|------:|---------------|
|
||||
| `_LOG_FATAL` | 2 | error |
|
||||
| `_LOG_ERR` | 3 | error |
|
||||
| `_LOG_WARN` | 4 | warn |
|
||||
@ -783,7 +783,7 @@ their corresponding levels when output by `dockerd`.
|
||||
|
||||
###### Example
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd \
|
||||
--log-level debug \
|
||||
--storage-opt dm.libdm_log_level=7
|
||||
@ -799,7 +799,7 @@ By default docker will pick up the zfs filesystem where docker graph
|
||||
|
||||
###### Example
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd -s zfs --storage-opt zfs.fsname=zroot/docker
|
||||
```
|
||||
|
||||
@ -814,7 +814,7 @@ a container with **--storage-opt size** option, docker should ensure the
|
||||
|
||||
###### Example
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd -s btrfs --storage-opt btrfs.min_space=10G
|
||||
```
|
||||
|
||||
@ -837,7 +837,7 @@ conditions the user can pass any size less then the backing fs size.
|
||||
|
||||
###### Example
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd -s overlay2 --storage-opt overlay2.size=1G
|
||||
```
|
||||
|
||||
@ -959,7 +959,7 @@ By default, the Docker daemon automatically starts `containerd`. If you want to
|
||||
control `containerd` startup, manually start `containerd` and pass the path to
|
||||
the `containerd` socket using the `--containerd` flag. For example:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --containerd /var/run/dev/docker-containerd.sock
|
||||
```
|
||||
|
||||
@ -987,7 +987,7 @@ The following is an example adding 2 runtimes via the configuration:
|
||||
|
||||
This is the same example via the command line:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-runc-replacement
|
||||
```
|
||||
|
||||
@ -1009,7 +1009,7 @@ is used on cgroup v2 hosts with systemd available.
|
||||
|
||||
This example sets the `cgroupdriver` to `systemd`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --exec-opt native.cgroupdriver=systemd
|
||||
```
|
||||
|
||||
@ -1030,13 +1030,13 @@ value is specified on daemon start, on Windows client, the default is
|
||||
|
||||
To set the DNS server for all Docker containers, use:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --dns 8.8.8.8
|
||||
```
|
||||
|
||||
To set the DNS search domain for all Docker containers, use:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --dns-search example.com
|
||||
```
|
||||
|
||||
@ -1162,7 +1162,7 @@ TLS. To configure the client TLS settings used by the daemon can be configured
|
||||
using the `--cluster-store-opt` flag, specifying the paths to PEM encoded
|
||||
files. For example:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd \
|
||||
--cluster-advertise 192.168.1.2:2376 \
|
||||
--cluster-store etcd://192.168.1.2:2379 \
|
||||
@ -1189,7 +1189,7 @@ organization can purchase or build themselves. You can install one or more
|
||||
authorization plugins when you start the Docker `daemon` using the
|
||||
`--authorization-plugin=PLUGIN_ID` option.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,...
|
||||
```
|
||||
|
||||
@ -1210,7 +1210,7 @@ For information about how to create an authorization plugin, refer to the
|
||||
### Daemon user namespace options
|
||||
|
||||
The Linux kernel
|
||||
[user namespace support](http://man7.org/linux/man-pages/man7/user_namespaces.7.html)
|
||||
[user namespace support](https://man7.org/linux/man-pages/man7/user_namespaces.7.html)
|
||||
provides additional security by enabling a process, and therefore a container,
|
||||
to have a unique range of user and group IDs which are outside the traditional
|
||||
user and group range utilized by the host system. Potentially the most important
|
||||
@ -1233,14 +1233,14 @@ for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be
|
||||
set like this:
|
||||
|
||||
```console
|
||||
$ DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/dockerd -D -g /var/lib/docker -H unix:// > /var/lib/docker-machine/docker.log 2>&1
|
||||
$ DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/dockerd --data-root /var/lib/docker -H unix:// > /var/lib/docker-machine/docker.log 2>&1
|
||||
```
|
||||
|
||||
or
|
||||
|
||||
```console
|
||||
$ export DOCKER_TMPDIR=/mnt/disk2/tmp
|
||||
$ /usr/local/bin/dockerd -D -g /var/lib/docker -H unix:// > /var/lib/docker-machine/docker.log 2>&1
|
||||
$ /usr/local/bin/dockerd --data-root /var/lib/docker -H unix:// > /var/lib/docker-machine/docker.log 2>&1
|
||||
````
|
||||
|
||||
#### Default cgroup parent
|
||||
@ -1360,11 +1360,11 @@ This is a full example of the allowed configuration options on Linux:
|
||||
"debug": true,
|
||||
"default-address-pools": [
|
||||
{
|
||||
"base": "172.80.0.0/16",
|
||||
"base": "172.30.0.0/16",
|
||||
"size": 24
|
||||
},
|
||||
{
|
||||
"base": "172.90.0.0/16",
|
||||
"base": "172.31.0.0/16",
|
||||
"size": 24
|
||||
}
|
||||
],
|
||||
@ -1462,7 +1462,7 @@ This is a full example of the allowed configuration options on Linux:
|
||||
> daemon startup as a flag.
|
||||
> On systems that use `systemd` to start the Docker daemon, `-H` is already set, so
|
||||
> you cannot use the `hosts` key in `daemon.json` to add listening addresses.
|
||||
> See https://docs.docker.com/engine/admin/systemd/#custom-docker-daemon-options for how
|
||||
> See ["custom Docker daemon options"](https://docs.docker.com/config/daemon/systemd/#custom-docker-daemon-options) for how
|
||||
> to accomplish this task with a systemd drop-in file.
|
||||
|
||||
##### On Windows
|
||||
@ -1554,7 +1554,7 @@ The list of currently supported options that can be reconfigured is this:
|
||||
be used to run containers.
|
||||
- `authorization-plugin`: it specifies the authorization plugins to use.
|
||||
- `allow-nondistributable-artifacts`: Replaces the set of registries to which the daemon will push nondistributable artifacts with a new set of registries.
|
||||
- `insecure-registries`: it replaces the daemon insecure registries with a new set of insecure registries. If some existing insecure registries in daemon's configuration are not in newly reloaded insecure resgitries, these existing ones will be removed from daemon's config.
|
||||
- `insecure-registries`: it replaces the daemon insecure registries with a new set of insecure registries. If some existing insecure registries in daemon's configuration are not in newly reloaded insecure registries, these existing ones will be removed from daemon's config.
|
||||
- `registry-mirrors`: it replaces the daemon registry mirrors with a new set of registry mirrors. If some existing registry mirrors in daemon's configuration are not in newly reloaded registry mirrors, these existing ones will be removed from daemon's config.
|
||||
- `shutdown-timeout`: it replaces the daemon's existing configuration timeout with a new timeout for shutting down all containers.
|
||||
- `features`: it explicitly enables or disables specific features.
|
||||
|
||||
@ -194,11 +194,11 @@ The currently supported filters are:
|
||||
|
||||
If a format (`--format`) is specified, the given template will be executed
|
||||
instead of the default
|
||||
format. Go's [text/template](http://golang.org/pkg/text/template/) package
|
||||
format. Go's [text/template](https://golang.org/pkg/text/template/) package
|
||||
describes all the details of the format.
|
||||
|
||||
If a format is set to `{{json .}}`, the events are streamed as valid JSON
|
||||
Lines. For information about JSON Lines, please refer to http://jsonlines.org/.
|
||||
Lines. For information about JSON Lines, please refer to https://jsonlines.org/.
|
||||
|
||||
## Examples
|
||||
|
||||
@ -208,13 +208,13 @@ You'll need two shells for this example.
|
||||
|
||||
**Shell 1: Listening for events:**
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker events
|
||||
```
|
||||
|
||||
**Shell 2: Start and Stop containers:**
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker create --name test alpine:latest top
|
||||
$ docker start test
|
||||
$ docker stop test
|
||||
@ -239,7 +239,7 @@ To exit the `docker events` command, use `CTRL+C`.
|
||||
You can filter the output by an absolute timestamp or relative time on the host
|
||||
machine, using the following different time syntaxes:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker events --since 1483283804
|
||||
2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local)
|
||||
2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test)
|
||||
@ -292,7 +292,7 @@ $ docker events --since '2017-01-05T00:35:30' --until '2017-01-05T00:36:05'
|
||||
The following commands show several different ways to filter the `docker event`
|
||||
output.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker events --filter 'event=stop'
|
||||
|
||||
2017-01-05T00:40:22.880175420+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test)
|
||||
@ -388,7 +388,7 @@ $ docker events --filter 'scope=swarm'
|
||||
|
||||
### Format the output
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker events --filter 'type=container' --format 'Type={{.Type}} Status={{.Status}} ID={{.ID}}'
|
||||
|
||||
Type=container Status=create ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
|
||||
@ -401,7 +401,7 @@ Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299
|
||||
|
||||
#### Format as JSON
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker events --format '{{json .}}'
|
||||
|
||||
{"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
|
||||
|
||||
@ -46,7 +46,7 @@ not work, but `docker exec -ti my_container sh -c "echo a && echo b"` will.
|
||||
|
||||
First, start a container.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker run --name ubuntu_bash --rm -i -t ubuntu bash
|
||||
```
|
||||
|
||||
@ -54,7 +54,7 @@ This will create a container named `ubuntu_bash` and start a Bash session.
|
||||
|
||||
Next, execute a command on the container.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker exec -d ubuntu_bash touch /tmp/execWorks
|
||||
```
|
||||
|
||||
@ -63,7 +63,7 @@ This will create a new file `/tmp/execWorks` inside the running container
|
||||
|
||||
Next, execute an interactive `bash` shell on the container.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker exec -it ubuntu_bash bash
|
||||
```
|
||||
|
||||
@ -71,7 +71,7 @@ This will create a new Bash session in the container `ubuntu_bash`.
|
||||
|
||||
Next, set an environment variable in the current bash session.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker exec -it -e VAR=1 ubuntu_bash bash
|
||||
```
|
||||
|
||||
@ -81,14 +81,14 @@ on the current Bash session.
|
||||
|
||||
By default `docker exec` command runs in the same working directory set when container was created.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker exec -it ubuntu_bash pwd
|
||||
/
|
||||
```
|
||||
|
||||
You can select working directory for the command to execute into
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker exec -it -w /root ubuntu_bash pwd
|
||||
/root
|
||||
```
|
||||
@ -98,7 +98,7 @@ $ docker exec -it -w /root ubuntu_bash pwd
|
||||
|
||||
If the container is paused, then the `docker exec` command will fail with an error:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker pause test
|
||||
|
||||
test
|
||||
|
||||
@ -30,10 +30,10 @@ in the user guide for examples on exporting data in a volume.
|
||||
|
||||
Each of these commands has the same result.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker export red_panda > latest.tar
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker export --output="latest.tar" red_panda
|
||||
```
|
||||
|
||||
@ -24,7 +24,7 @@ Options:
|
||||
|
||||
To see how the `docker:latest` image was built:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker history docker
|
||||
|
||||
IMAGE CREATED CREATED BY SIZE COMMENT
|
||||
@ -38,7 +38,7 @@ be51b77efb42 8 days ago /bin/sh -c apt-get update && apt-get ins
|
||||
|
||||
To see how the `docker:apache` image was added to a container's base image:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker history docker:scm
|
||||
IMAGE CREATED CREATED BY SIZE COMMENT
|
||||
2ac9d1098bf1 3 months ago /bin/bash 241.4 MB Added Apache to Fedora base image
|
||||
@ -54,14 +54,14 @@ using a Go template.
|
||||
|
||||
Valid placeholders for the Go template are listed below:
|
||||
|
||||
| Placeholder | Description |
|
||||
| --------------- | ----------- |
|
||||
| `.ID` | Image ID |
|
||||
| Placeholder | Description |
|
||||
|-----------------|-----------------------------------------------------------------------------------------------------------|
|
||||
| `.ID` | Image ID |
|
||||
| `.CreatedSince` | Elapsed time since the image was created if `--human=true`, otherwise timestamp of when image was created |
|
||||
| `.CreatedAt` | Timestamp of when image was created |
|
||||
| `.CreatedBy` | Command that was used to create the image |
|
||||
| `.Size` | Image disk size |
|
||||
| `.Comment` | Comment for image |
|
||||
| `.CreatedAt` | Timestamp of when image was created |
|
||||
| `.CreatedBy` | Command that was used to create the image |
|
||||
| `.Size` | Image disk size |
|
||||
| `.Comment` | Comment for image |
|
||||
|
||||
When using the `--format` option, the `history` command will either
|
||||
output the data exactly as the template declares or, when using the
|
||||
@ -71,7 +71,7 @@ The following example uses a template without headers and outputs the
|
||||
`ID` and `CreatedSince` entries separated by a colon (`:`) for the `busybox`
|
||||
image:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker history --format "{{.ID}}: {{.CreatedSince}}" busybox
|
||||
|
||||
f6e427c148a7: 4 weeks ago
|
||||
|
||||
@ -26,7 +26,7 @@ Remove all dangling images. If `-a` is specified, will also remove all images no
|
||||
|
||||
Example output:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker image prune -a
|
||||
|
||||
WARNING! This will remove all images without at least one container associated to them.
|
||||
@ -101,7 +101,7 @@ images without the specified labels.
|
||||
|
||||
The following removes images created before `2017-01-04T00:00:00`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images --format 'table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedAt}}\t{{.Size}}'
|
||||
REPOSITORY TAG IMAGE ID CREATED AT SIZE
|
||||
foo latest 2f287ac753da 2017-01-04 13:42:23 -0800 PST 3.98 MB
|
||||
@ -128,7 +128,7 @@ foo latest 2f287ac753da 2017-01-04 13:42:23
|
||||
|
||||
The following removes images created more than 10 days (`240h`) ago:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images
|
||||
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
@ -168,25 +168,25 @@ busybox latest e02e811dd08f 2 months ago
|
||||
|
||||
The following example removes images with the label `deprecated`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker image prune --filter="label=deprecated"
|
||||
```
|
||||
|
||||
The following example removes images with the label `maintainer` set to `john`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker image prune --filter="label=maintainer=john"
|
||||
```
|
||||
|
||||
This example removes images which have no `maintainer` label:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker image prune --filter="label!=maintainer"
|
||||
```
|
||||
|
||||
This example removes images which have a maintainer label not set to `john`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker image prune --filter="label!=maintainer=john"
|
||||
```
|
||||
|
||||
|
||||
@ -48,7 +48,7 @@ uses up the `SIZE` listed only once.
|
||||
|
||||
### List the most recently created images
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images
|
||||
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
@ -72,7 +72,7 @@ given repository.
|
||||
|
||||
For example, to list all images in the "java" repository, run this command :
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images java
|
||||
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
@ -88,7 +88,7 @@ If both `REPOSITORY` and `TAG` are provided, only images matching that
|
||||
repository and tag are listed. To find all local images in the "java"
|
||||
repository with tag "8" you can use:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images java:8
|
||||
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
@ -97,7 +97,7 @@ java 8 308e519aac60 6 days ago
|
||||
|
||||
If nothing matches `REPOSITORY[:TAG]`, the list is empty.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images java:0
|
||||
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
@ -105,7 +105,7 @@ REPOSITORY TAG IMAGE ID CREATED
|
||||
|
||||
### List the full length image IDs
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images --no-trunc
|
||||
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
@ -127,7 +127,7 @@ called a `digest`. As long as the input used to generate the image is
|
||||
unchanged, the digest value is predictable. To list image digest values, use
|
||||
the `--digests` flag:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images --digests
|
||||
REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE
|
||||
localhost:5000/test/busybox <none> sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB
|
||||
@ -153,7 +153,7 @@ The currently supported filters are:
|
||||
|
||||
#### Show untagged images (dangling)
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images --filter "dangling=true"
|
||||
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
@ -173,7 +173,7 @@ using it. By having this flag it allows for batch cleanup.
|
||||
|
||||
You can use this in conjunction with `docker rmi ...`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker rmi $(docker images -f "dangling=true" -q)
|
||||
|
||||
8abc22fbb042
|
||||
@ -194,7 +194,7 @@ value.
|
||||
|
||||
The following filter matches images with the `com.example.version` label regardless of its value.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images --filter "label=com.example.version"
|
||||
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
@ -204,7 +204,7 @@ match-me-2 latest dea752e4e117 About a minute ago
|
||||
|
||||
The following filter matches images with the `com.example.version` label with the `1.0` value.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images --filter "label=com.example.version=1.0"
|
||||
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
@ -213,7 +213,7 @@ match-me latest 511136ea3c5a About a minute ago
|
||||
|
||||
In this example, with the `0.1` value, it returns an empty set because no matches were found.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images --filter "label=com.example.version=0.1"
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
```
|
||||
@ -223,7 +223,7 @@ REPOSITORY TAG IMAGE ID CREATED
|
||||
The `before` filter shows only images created before the image with
|
||||
given id or reference. For example, having these images:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images
|
||||
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
@ -234,7 +234,7 @@ image3 latest 511136ea3c5a 25 minutes ago
|
||||
|
||||
Filtering with `before` would give:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images --filter "before=image1"
|
||||
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
@ -244,7 +244,7 @@ image3 latest 511136ea3c5a 25 minutes ago
|
||||
|
||||
Filtering with `since` would give:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images --filter "since=image3"
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
image1 latest eeae25ada2aa 4 minutes ago 188.3 MB
|
||||
@ -256,7 +256,7 @@ image2 latest dea752e4e117 9 minutes ago
|
||||
The `reference` filter shows only images whose reference matches
|
||||
the specified pattern.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images
|
||||
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
@ -268,7 +268,7 @@ busybox glibc 21c16b6787c6 5 weeks ago
|
||||
|
||||
Filtering with `reference` would give:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images --filter=reference='busy*:*libc'
|
||||
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
@ -278,7 +278,7 @@ busybox glibc 21c16b6787c6 5 weeks ago
|
||||
|
||||
Filtering with multiple `reference` would give, either match A or B:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images --filter=reference='busy*:uclibc' --filter=reference='busy*:glibc'
|
||||
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
@ -293,15 +293,15 @@ using a Go template.
|
||||
|
||||
Valid placeholders for the Go template are listed below:
|
||||
|
||||
| Placeholder | Description|
|
||||
| ---- | ---- |
|
||||
| `.ID` | Image ID |
|
||||
| `.Repository` | Image repository |
|
||||
| `.Tag` | Image tag |
|
||||
| `.Digest` | Image digest |
|
||||
| Placeholder | Description |
|
||||
|-----------------|------------------------------------------|
|
||||
| `.ID` | Image ID |
|
||||
| `.Repository` | Image repository |
|
||||
| `.Tag` | Image tag |
|
||||
| `.Digest` | Image digest |
|
||||
| `.CreatedSince` | Elapsed time since the image was created |
|
||||
| `.CreatedAt` | Time when the image was created |
|
||||
| `.Size` | Image disk size |
|
||||
| `.CreatedAt` | Time when the image was created |
|
||||
| `.Size` | Image disk size |
|
||||
|
||||
When using the `--format` option, the `image` command will either
|
||||
output the data exactly as the template declares or, when using the
|
||||
@ -310,7 +310,7 @@ output the data exactly as the template declares or, when using the
|
||||
The following example uses a template without headers and outputs the
|
||||
`ID` and `Repository` entries separated by a colon (`:`) for all images:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images --format "{{.ID}}: {{.Repository}}"
|
||||
|
||||
77af4d6b9913: <none>
|
||||
@ -327,7 +327,7 @@ b6fa739cedf5: committ
|
||||
To list all images with their repository and tag in a table format you
|
||||
can use:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}"
|
||||
|
||||
IMAGE ID REPOSITORY TAG
|
||||
|
||||
@ -28,50 +28,49 @@ specify an archive, Docker untars it in the container relative to the `/`
|
||||
the host. To import from a remote location, specify a `URI` that begins with the
|
||||
`http://` or `https://` protocol.
|
||||
|
||||
The `--change` option will apply `Dockerfile` instructions to the image
|
||||
that is created.
|
||||
Supported `Dockerfile` instructions:
|
||||
The `--change` option applies `Dockerfile` instructions to the image that is
|
||||
created. Supported `Dockerfile` instructions:
|
||||
`CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
|
||||
|
||||
## Examples
|
||||
|
||||
### Import from a remote location
|
||||
|
||||
This will create a new untagged image.
|
||||
This creates a new untagged image.
|
||||
|
||||
```bash
|
||||
$ docker import http://example.com/exampleimage.tgz
|
||||
```console
|
||||
$ docker import https://example.com/exampleimage.tgz
|
||||
```
|
||||
|
||||
### Import from a local file
|
||||
|
||||
- Import to docker via pipe and `STDIN`.
|
||||
Import to docker via pipe and `STDIN`.
|
||||
|
||||
```bash
|
||||
$ cat exampleimage.tgz | docker import - exampleimagelocal:new
|
||||
```
|
||||
```console
|
||||
$ cat exampleimage.tgz | docker import - exampleimagelocal:new
|
||||
```
|
||||
|
||||
- Import with a commit message.
|
||||
Import with a commit message.
|
||||
|
||||
```bash
|
||||
$ cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new
|
||||
```
|
||||
```console
|
||||
$ cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new
|
||||
```
|
||||
|
||||
- Import to docker from a local archive.
|
||||
Import to docker from a local archive.
|
||||
|
||||
```bash
|
||||
$ docker import /path/to/exampleimage.tgz
|
||||
```
|
||||
```console
|
||||
$ docker import /path/to/exampleimage.tgz
|
||||
```
|
||||
|
||||
### Import from a local directory
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo tar -c . | docker import - exampleimagedir
|
||||
```
|
||||
|
||||
### Import from a local directory with new configurations
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo tar -c . | docker import --change "ENV DEBUG=true" - exampleimagedir
|
||||
```
|
||||
|
||||
@ -87,6 +86,6 @@ does not match the default operating system, it may be necessary to add
|
||||
`--platform`. This would be necessary when importing a Linux image into a Windows
|
||||
daemon.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker import --platform=linux .\linuximage.tar
|
||||
```
|
||||
|
||||
@ -118,15 +118,15 @@ read the [`dockerd`](dockerd.md) reference page.
|
||||
|
||||
### Swarm management commands
|
||||
|
||||
| Command | Description |
|
||||
|:--------|:-------------------------------------------------------------------|
|
||||
| [swarm init](swarm_init.md) | Initialize a swarm |
|
||||
| [swarm join](swarm_join.md) | Join a swarm as a manager node or worker node |
|
||||
| [swarm leave](swarm_leave.md) | Remove the current node from the swarm |
|
||||
| [swarm join-token](swarm_join_token.md) | Display or rotate join tokens |
|
||||
| [swarm unlock](swarm_unlock.md) | Unlock swarm |
|
||||
| [swarm unlock-key](swarm_unlock_key.md) | Manage the unlock key |
|
||||
| [swarm update](swarm_update.md) | Update attributes of a swarm |
|
||||
| Command | Description |
|
||||
|:----------------------------------------|:----------------------------------------------|
|
||||
| [swarm init](swarm_init.md) | Initialize a swarm |
|
||||
| [swarm join](swarm_join.md) | Join a swarm as a manager node or worker node |
|
||||
| [swarm leave](swarm_leave.md) | Remove the current node from the swarm |
|
||||
| [swarm join-token](swarm_join-token.md) | Display or rotate join tokens |
|
||||
| [swarm unlock](swarm_unlock.md) | Unlock swarm |
|
||||
| [swarm unlock-key](swarm_unlock-key.md) | Manage the unlock key |
|
||||
| [swarm update](swarm_update.md) | Update attributes of a swarm |
|
||||
|
||||
### Swarm service commands
|
||||
|
||||
|
||||
@ -24,7 +24,7 @@ The number of images shown is the number of unique images. The same image tagged
|
||||
under different names is counted only once.
|
||||
|
||||
If a format is specified, the given template will be executed instead of the
|
||||
default format. Go's [text/template](http://golang.org/pkg/text/template/) package
|
||||
default format. Go's [text/template](https://golang.org/pkg/text/template/) package
|
||||
describes all the details of the format.
|
||||
|
||||
Depending on the storage driver in use, additional information can be shown, such
|
||||
@ -44,8 +44,9 @@ The example below shows the output for a daemon running on Red Hat Enterprise Li
|
||||
using the `devicemapper` storage driver. As can be seen in the output, additional
|
||||
information about the `devicemapper` storage driver is shown:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker info
|
||||
|
||||
Client:
|
||||
Context: default
|
||||
Debug Mode: false
|
||||
@ -104,8 +105,9 @@ Server:
|
||||
Here is a sample output for a daemon running on Ubuntu, using the overlay2
|
||||
storage driver and a node that is part of a 2-node swarm:
|
||||
|
||||
```bash
|
||||
$ docker -D info
|
||||
```console
|
||||
$ docker --debug info
|
||||
|
||||
Client:
|
||||
Context: default
|
||||
Debug Mode: true
|
||||
@ -194,7 +196,7 @@ The global `-D` option causes all `docker` commands to output debug information.
|
||||
|
||||
You can also specify the output format:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker info --format '{{json .}}'
|
||||
|
||||
{"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...}
|
||||
|
||||
@ -29,7 +29,7 @@ By default, `docker inspect` will render results in a JSON array.
|
||||
|
||||
If a format is specified, the given template will be executed for each result.
|
||||
|
||||
Go's [text/template](http://golang.org/pkg/text/template/) package
|
||||
Go's [text/template](https://golang.org/pkg/text/template/) package
|
||||
describes all the details of the format.
|
||||
|
||||
## Specify target type (--type)
|
||||
@ -45,7 +45,7 @@ option.
|
||||
|
||||
The following example inspects a _volume_ named "myvolume"
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker inspect --type=volume myvolume
|
||||
```
|
||||
|
||||
@ -56,25 +56,25 @@ $ docker inspect --type=volume myvolume
|
||||
For the most part, you can pick out any field from the JSON in a fairly
|
||||
straightforward manner.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $INSTANCE_ID
|
||||
```
|
||||
|
||||
### Get an instance's MAC address
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $INSTANCE_ID
|
||||
```
|
||||
|
||||
### Get an instance's log path
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker inspect --format='{{.LogPath}}' $INSTANCE_ID
|
||||
```
|
||||
|
||||
### Get an instance's image name
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker inspect --format='{{.Config.Image}}' $INSTANCE_ID
|
||||
```
|
||||
|
||||
@ -83,7 +83,7 @@ $ docker inspect --format='{{.Config.Image}}' $INSTANCE_ID
|
||||
You can loop over arrays and maps in the results to produce simple text
|
||||
output:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID
|
||||
```
|
||||
|
||||
@ -97,7 +97,7 @@ numeric public port, you use `index` to find the specific port map, and
|
||||
then `index` 0 contains the first object inside of that. Then we ask for
|
||||
the `HostPort` field to get the public address.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID
|
||||
```
|
||||
|
||||
@ -108,6 +108,6 @@ fields, by default you get a Go-style dump of the inner values.
|
||||
Docker adds a template function, `json`, which can be applied to get
|
||||
results in JSON format.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker inspect --format='{{json .Config}}' $INSTANCE_ID
|
||||
```
|
||||
|
||||
@ -20,8 +20,18 @@ Options:
|
||||
|
||||
The `docker kill` subcommand kills one or more containers. The main process
|
||||
inside the container is sent `SIGKILL` signal (default), or the signal that is
|
||||
specified with the `--signal` option. You can kill a container using the
|
||||
container's ID, ID-prefix, or name.
|
||||
specified with the `--signal` option. You can reference a container by its
|
||||
ID, ID-prefix, or name.
|
||||
|
||||
The `--signal` (or `-s` shorthand) flag sets the system call signal that is sent
|
||||
to the container. This signal can be a signal name in the format `SIG<NAME>`, for
|
||||
instance `SIGINT`, or an unsigned number that matches a position in the kernel's
|
||||
syscall table, for instance `2`.
|
||||
|
||||
While the default (`SIGKILL`) signal will terminate the container, the signal
|
||||
set through `--signal` may be non-terminal, depending on the container's main
|
||||
process. For example, the `SIGHUP` signal in most cases will be non-terminal,
|
||||
and the container will continue running after receiving the signal.
|
||||
|
||||
> **Note**
|
||||
>
|
||||
@ -32,21 +42,21 @@ container's ID, ID-prefix, or name.
|
||||
## Examples
|
||||
|
||||
|
||||
### Send a KILL signal to a container
|
||||
### Send a KILL signal to a container
|
||||
|
||||
The following example sends the default `KILL` signal to the container named
|
||||
The following example sends the default `SIGKILL` signal to the container named
|
||||
`my_container`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker kill my_container
|
||||
```
|
||||
|
||||
### Send a custom signal to a container
|
||||
### Send a custom signal to a container
|
||||
|
||||
The following example sends a `SIGHUP` signal to the container named
|
||||
`my_container`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker kill --signal=SIGHUP my_container
|
||||
```
|
||||
|
||||
@ -54,11 +64,11 @@ $ docker kill --signal=SIGHUP my_container
|
||||
You can specify a custom signal either by _name_, or _number_. The `SIG` prefix
|
||||
is optional, so the following examples are equivalent:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker kill --signal=SIGHUP my_container
|
||||
$ docker kill --signal=HUP my_container
|
||||
$ docker kill --signal=1 my_container
|
||||
```
|
||||
|
||||
Refer to the [`signal(7)`](http://man7.org/linux/man-pages/man7/signal.7.html)
|
||||
Refer to the [`signal(7)`](https://man7.org/linux/man-pages/man7/signal.7.html)
|
||||
man-page for a list of standard Linux signals.
|
||||
|
||||
@ -18,6 +18,7 @@ Options:
|
||||
The tarball may be compressed with gzip, bzip, or xz
|
||||
-q, --quiet Suppress the load output but still outputs the imported images
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
Load an image or repository from a tar archive (even if compressed with gzip,
|
||||
@ -25,7 +26,7 @@ bzip2, or xz) from a file or STDIN. It restores both images and tags.
|
||||
|
||||
## Examples
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker image ls
|
||||
|
||||
REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
|
||||
@ -30,7 +30,7 @@ Login to a registry.
|
||||
If you want to login to a self-hosted registry you can specify this by
|
||||
adding the server name.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker login localhost:8080
|
||||
```
|
||||
|
||||
@ -44,7 +44,7 @@ or log-files.
|
||||
The following example reads a password from a file, and passes it to the
|
||||
`docker login` command using `STDIN`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ cat ~/my_password.txt | docker login --username foo --password-stdin
|
||||
```
|
||||
|
||||
|
||||
@ -18,7 +18,7 @@ Options:
|
||||
|
||||
## Examples
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker logout localhost:8080
|
||||
```
|
||||
|
||||
|
||||
@ -67,7 +67,7 @@ fraction of a second no more than nine digits long. You can combine the
|
||||
|
||||
In order to retrieve logs before a specific point in time, run:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker run --name test -d busybox sh -c "while true; do $(echo date); sleep 1; done"
|
||||
$ date
|
||||
Tue 14 Nov 2017 16:40:00 CET
|
||||
|
||||
@ -40,8 +40,8 @@ to two images -- one for windows on amd64, and one for darwin on amd64.
|
||||
|
||||
### manifest inspect
|
||||
|
||||
```bash
|
||||
manifest inspect --help
|
||||
```console
|
||||
$ docker manifest inspect --help
|
||||
|
||||
Usage: docker manifest inspect [OPTIONS] [MANIFEST_LIST] MANIFEST
|
||||
|
||||
@ -55,7 +55,7 @@ Options:
|
||||
|
||||
### manifest create
|
||||
|
||||
```bash
|
||||
```console
|
||||
Usage: docker manifest create MANIFEST_LIST MANIFEST [MANIFEST...]
|
||||
|
||||
Create a local manifest list for annotating and pushing to a registry
|
||||
@ -68,7 +68,7 @@ Options:
|
||||
|
||||
### manifest annotate
|
||||
|
||||
```bash
|
||||
```console
|
||||
Usage: docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST
|
||||
|
||||
Add additional information to a local image manifest
|
||||
@ -85,7 +85,7 @@ Options:
|
||||
|
||||
### manifest push
|
||||
|
||||
```bash
|
||||
```console
|
||||
Usage: docker manifest push [OPTIONS] MANIFEST_LIST
|
||||
|
||||
Push a manifest list to a repository
|
||||
@ -113,7 +113,7 @@ default requirements.
|
||||
|
||||
### Inspect an image's manifest object
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker manifest inspect hello-world
|
||||
{
|
||||
"schemaVersion": 2,
|
||||
@ -143,7 +143,7 @@ without a tag, or by digest (e.g. `hello-world@sha256:f3b3b28a45160805bb16542c95
|
||||
|
||||
Here is an example of inspecting an image's manifest with the `--verbose` flag:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker manifest inspect --verbose hello-world
|
||||
{
|
||||
"Ref": "docker.io/library/hello-world:latest",
|
||||
@ -187,7 +187,7 @@ After you have created your local copy of the manifest list, you may optionally
|
||||
Finally, you need to `push` your manifest list to the desired registry. Below are
|
||||
descriptions of these three commands, and an example putting them all together.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker manifest create 45.55.81.106:5000/coolapp:v1 \
|
||||
45.55.81.106:5000/coolapp-ppc64le-linux:v1 \
|
||||
45.55.81.106:5000/coolapp-arm-linux:v1 \
|
||||
@ -197,11 +197,11 @@ $ docker manifest create 45.55.81.106:5000/coolapp:v1 \
|
||||
Created manifest list 45.55.81.106:5000/coolapp:v1
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker manifest annotate 45.55.81.106:5000/coolapp:v1 45.55.81.106:5000/coolapp-arm-linux --arch arm
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker manifest push 45.55.81.106:5000/coolapp:v1
|
||||
Pushed manifest 45.55.81.106:5000/coolapp@sha256:9701edc932223a66e49dd6c894a11db8c2cf4eccd1414f1ec105a623bf16b426 with digest: sha256:f67dcc5fc786f04f0743abfe0ee5dae9bd8caf8efa6c8144f7f2a43889dc513b
|
||||
Pushed manifest 45.55.81.106:5000/coolapp@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f with digest: sha256:b64ca0b60356a30971f098c92200b1271257f100a55b351e6bbe985638352f3a
|
||||
@ -213,7 +213,7 @@ sha256:050b213d49d7673ba35014f21454c573dcbec75254a08f4a7c34f66a47c06aba
|
||||
|
||||
### Inspect a manifest list
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker manifest inspect coolapp:v1
|
||||
{
|
||||
"schemaVersion": 2,
|
||||
@ -264,7 +264,7 @@ $ docker manifest inspect coolapp:v1
|
||||
Here is an example of creating and pushing a manifest list using a known
|
||||
insecure registry.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1.0 \
|
||||
myprivateregistry.mycompany.com/repo/image-linux-ppc64le:1.0 \
|
||||
myprivateregistry.mycompany.com/repo/image-linux-s390x:1.0 \
|
||||
|
||||
@ -30,15 +30,16 @@ the same network.
|
||||
|
||||
### Connect a running container to a network
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network connect multi-host-network container1
|
||||
```
|
||||
|
||||
### Connect a container to a network when it starts
|
||||
|
||||
You can also use the `docker run --network=<network-name>` option to start a container and immediately connect it to a network.
|
||||
You can also use the `docker run --network=<network-name>` option to start a
|
||||
container and immediately connect it to a network.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker run -itd --network=multi-host-network busybox
|
||||
```
|
||||
|
||||
@ -46,7 +47,7 @@ $ docker run -itd --network=multi-host-network busybox
|
||||
|
||||
You can specify the IP address you want to be assigned to the container's interface.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network connect --ip 10.10.36.122 multi-host-network container2
|
||||
```
|
||||
|
||||
@ -54,7 +55,7 @@ $ docker network connect --ip 10.10.36.122 multi-host-network container2
|
||||
|
||||
You can use `--link` option to link another container with a preferred alias
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network connect --link container1:c1 multi-host-network container2
|
||||
```
|
||||
|
||||
@ -63,7 +64,7 @@ $ docker network connect --link container1:c1 multi-host-network container2
|
||||
`--alias` option can be used to resolve the container by another name in the network
|
||||
being connected to.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network connect --alias db --alias mysql multi-host-network container2
|
||||
```
|
||||
|
||||
@ -79,22 +80,25 @@ to specify an `--ip-range` when creating the network, and choose the static IP
|
||||
address(es) from outside that range. This ensures that the IP address is not
|
||||
given to another container while this container is not on the network.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 multi-host-network
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network connect --ip 172.20.128.2 multi-host-network container2
|
||||
```
|
||||
|
||||
To verify the container is connected, use the `docker network inspect` command. Use `docker network disconnect` to remove a container from the network.
|
||||
To verify the container is connected, use the `docker network inspect` command.
|
||||
Use `docker network disconnect` to remove a container from the network.
|
||||
|
||||
Once connected in network, containers can communicate using only another
|
||||
container's IP address or name. For `overlay` networks or custom plugins that
|
||||
support multi-host connectivity, containers connected to the same multi-host
|
||||
network but launched from different Engines can also communicate in this way.
|
||||
|
||||
You can connect a container to one or more networks. The networks need not be the same type. For example, you can connect a single container bridge and overlay networks.
|
||||
You can connect a container to one or more networks. The networks need not be
|
||||
the same type. For example, you can connect a single container bridge and overlay
|
||||
networks.
|
||||
|
||||
## Related commands
|
||||
|
||||
|
||||
@ -45,7 +45,7 @@ on. When you launch a new container with `docker run` it automatically connects
|
||||
this bridge network. You cannot remove this default bridge network, but you can
|
||||
create new ones using the `network create` command.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network create -d bridge my-bridge-network
|
||||
```
|
||||
|
||||
@ -75,7 +75,7 @@ discovery and server management tools that can assist your implementation.
|
||||
Once you have prepared the `overlay` network prerequisites you simply choose a
|
||||
Docker host in the cluster and issue the following to create the network:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network create -d overlay my-multihost-network
|
||||
```
|
||||
|
||||
@ -102,7 +102,7 @@ for more information about different endpoint modes.
|
||||
When you start a container, use the `--network` flag to connect it to a network.
|
||||
This example adds the `busybox` container to the `mynet` network:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker run -itd --network=mynet busybox
|
||||
```
|
||||
|
||||
@ -126,14 +126,14 @@ network. It is purely for ip-addressing purposes. You can override this default
|
||||
and specify subnetwork values directly using the `--subnet` option. On a
|
||||
`bridge` network you can only create a single subnet:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network create --driver=bridge --subnet=192.168.0.0/16 br0
|
||||
```
|
||||
|
||||
Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address`
|
||||
options.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network create \
|
||||
--driver=bridge \
|
||||
--subnet=172.28.0.0/16 \
|
||||
@ -148,7 +148,7 @@ support it you can create multiple subnetworks. This example uses two `/25`
|
||||
subnet mask to adhere to the current guidance of not having more than 256 IPs in
|
||||
a single overlay network. Each of the subnetworks has 126 usable addresses.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network create -d overlay \
|
||||
--subnet=192.168.10.0/25 \
|
||||
--subnet=192.168.20.0/25 \
|
||||
@ -184,14 +184,14 @@ network driver, again with their approximate equivalents to `docker daemon`.
|
||||
|--------------|----------------|--------------------------------------------|
|
||||
| `--gateway` | - | IPv4 or IPv6 Gateway for the master subnet |
|
||||
| `--ip-range` | `--fixed-cidr` | Allocate IPs from a range |
|
||||
| `--internal` | - | Restrict external access to the network |
|
||||
| `--internal` | - | Restrict external access to the network |
|
||||
| `--ipv6` | `--ipv6` | Enable IPv6 networking |
|
||||
| `--subnet` | `--bip` | Subnet for network |
|
||||
|
||||
For example, let's use `-o` or `--opt` options to specify an IP address binding
|
||||
when publishing ports:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network create \
|
||||
-o "com.docker.network.bridge.host_binding_ipv4"="172.19.0.1" \
|
||||
simple-network
|
||||
@ -212,7 +212,7 @@ one ingress network can be created at the time. The network can be removed only
|
||||
if no services depend on it. Any option available when creating an overlay network
|
||||
is also available when creating the ingress network, besides the `--attachable` option.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network create -d overlay \
|
||||
--subnet=10.11.0.0/16 \
|
||||
--ingress \
|
||||
|
||||
@ -23,7 +23,7 @@ disconnect it from the network.
|
||||
|
||||
## Examples
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network disconnect multi-host-network container1
|
||||
```
|
||||
|
||||
|
||||
@ -27,7 +27,7 @@ all results in a JSON object.
|
||||
|
||||
Connect two containers to the default `bridge` network:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo docker run -itd --name=container1 busybox
|
||||
f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27
|
||||
|
||||
@ -44,10 +44,10 @@ node are shown.
|
||||
|
||||
You can specify an alternate format to execute a given
|
||||
template for each result. Go's
|
||||
[text/template](http://golang.org/pkg/text/template/) package describes all the
|
||||
[text/template](https://golang.org/pkg/text/template/) package describes all the
|
||||
details of the format.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ sudo docker network inspect bridge
|
||||
```
|
||||
|
||||
@ -104,13 +104,13 @@ The output is in JSON format, for example:
|
||||
|
||||
Create and inspect a user-defined network:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network create simple-network
|
||||
|
||||
69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a
|
||||
```
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network inspect simple-network
|
||||
```
|
||||
|
||||
@ -146,7 +146,7 @@ For swarm mode overlay networks `network inspect` also shows the IP address and
|
||||
of the peers. Peers are the nodes in the swarm cluster which have at least one task attached
|
||||
to the network. Node name is of the format `<hostname>-<unique ID>`.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network inspect ingress
|
||||
```
|
||||
|
||||
@ -213,7 +213,7 @@ and the IPs of the nodes where the tasks are running.
|
||||
Following is an example output for an overlay network `ov1` that has one service `s1`
|
||||
attached to. service `s1` in this case has three replicas.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network inspect --verbose ov1
|
||||
```
|
||||
|
||||
|
||||
@ -31,8 +31,8 @@ networks that span across multiple hosts in a cluster.
|
||||
|
||||
### List all networks
|
||||
|
||||
```bash
|
||||
$ sudo docker network ls
|
||||
```console
|
||||
$ docker network ls
|
||||
NETWORK ID NAME DRIVER SCOPE
|
||||
7fca4eb8c647 bridge bridge local
|
||||
9f904ee27bf5 none null local
|
||||
@ -42,7 +42,7 @@ cf03ee007fb4 host host local
|
||||
|
||||
Use the `--no-trunc` option to display the full network id:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network ls --no-trunc
|
||||
NETWORK ID NAME DRIVER SCOPE
|
||||
18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3 none null local
|
||||
@ -74,7 +74,7 @@ The `driver` filter matches networks based on their driver.
|
||||
|
||||
The following example matches networks with the `bridge` driver:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network ls --filter driver=bridge
|
||||
NETWORK ID NAME DRIVER SCOPE
|
||||
db9db329f835 test1 bridge local
|
||||
@ -88,7 +88,7 @@ The `id` filter matches on all or part of a network's ID.
|
||||
The following filter matches all networks with an ID containing the
|
||||
`63d1ff1f77b0...` string.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161
|
||||
NETWORK ID NAME DRIVER SCOPE
|
||||
63d1ff1f77b0 dev bridge local
|
||||
@ -96,7 +96,7 @@ NETWORK ID NAME DRIVER SCOPE
|
||||
|
||||
You can also filter for a substring in an ID as this shows:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network ls --filter id=95e74588f40d
|
||||
NETWORK ID NAME DRIVER SCOPE
|
||||
95e74588f40d foo bridge local
|
||||
@ -113,7 +113,7 @@ value.
|
||||
|
||||
The following filter matches networks with the `usage` label regardless of its value.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network ls -f "label=usage"
|
||||
NETWORK ID NAME DRIVER SCOPE
|
||||
db9db329f835 test1 bridge local
|
||||
@ -122,7 +122,7 @@ f6e212da9dfd test2 bridge local
|
||||
|
||||
The following filter matches networks with the `usage` label with the `prod` value.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network ls -f "label=usage=prod"
|
||||
NETWORK ID NAME DRIVER SCOPE
|
||||
f6e212da9dfd test2 bridge local
|
||||
@ -134,7 +134,7 @@ The `name` filter matches on all or part of a network's name.
|
||||
|
||||
The following filter matches all networks with a name containing the `foobar` string.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network ls --filter name=foobar
|
||||
NETWORK ID NAME DRIVER SCOPE
|
||||
06e7eef0a170 foobar bridge local
|
||||
@ -142,7 +142,7 @@ NETWORK ID NAME DRIVER SCOPE
|
||||
|
||||
You can also filter for a substring in a name as this shows:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network ls --filter name=foo
|
||||
NETWORK ID NAME DRIVER SCOPE
|
||||
95e74588f40d foo bridge local
|
||||
@ -155,7 +155,7 @@ The `scope` filter matches networks based on their scope.
|
||||
|
||||
The following example matches networks with the `swarm` scope:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network ls --filter scope=swarm
|
||||
NETWORK ID NAME DRIVER SCOPE
|
||||
xbtm0v4f1lfh ingress overlay swarm
|
||||
@ -164,7 +164,7 @@ ic6r88twuu92 swarmnet overlay swarm
|
||||
|
||||
The following example matches networks with the `local` scope:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network ls --filter scope=local
|
||||
NETWORK ID NAME DRIVER SCOPE
|
||||
e85227439ac7 bridge bridge local
|
||||
@ -180,7 +180,7 @@ The `type` filter supports two values; `builtin` displays predefined networks
|
||||
|
||||
The following filter matches all user defined networks:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network ls --filter type=custom
|
||||
NETWORK ID NAME DRIVER SCOPE
|
||||
95e74588f40d foo bridge local
|
||||
@ -190,7 +190,7 @@ NETWORK ID NAME DRIVER SCOPE
|
||||
By having this flag it allows for batch cleanup. For example, use this filter
|
||||
to delete all user defined networks:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network rm `docker network ls --filter type=custom -q`
|
||||
```
|
||||
|
||||
@ -204,17 +204,17 @@ using a Go template.
|
||||
|
||||
Valid placeholders for the Go template are listed below:
|
||||
|
||||
Placeholder | Description
|
||||
-------------|------------------------------------------------------------------------------------------
|
||||
`.ID` | Network ID
|
||||
`.Name` | Network name
|
||||
`.Driver` | Network driver
|
||||
`.Scope` | Network scope (local, global)
|
||||
`.IPv6` | Whether IPv6 is enabled on the network or not.
|
||||
`.Internal` | Whether the network is internal or not.
|
||||
`.Labels` | All labels assigned to the network.
|
||||
`.Label` | Value of a specific label for this network. For example `{{.Label "project.version"}}`
|
||||
`.CreatedAt` | Time when the network was created
|
||||
| Placeholder | Description |
|
||||
|--------------|----------------------------------------------------------------------------------------|
|
||||
| `.ID` | Network ID |
|
||||
| `.Name` | Network name |
|
||||
| `.Driver` | Network driver |
|
||||
| `.Scope` | Network scope (local, global) |
|
||||
| `.IPv6` | Whether IPv6 is enabled on the network or not. |
|
||||
| `.Internal` | Whether the network is internal or not. |
|
||||
| `.Labels` | All labels assigned to the network. |
|
||||
| `.Label` | Value of a specific label for this network. For example `{{.Label "project.version"}}` |
|
||||
| `.CreatedAt` | Time when the network was created |
|
||||
|
||||
When using the `--format` option, the `network ls` command will either
|
||||
output the data exactly as the template declares or, when using the
|
||||
@ -223,7 +223,7 @@ output the data exactly as the template declares or, when using the
|
||||
The following example uses a template without headers and outputs the
|
||||
`ID` and `Driver` entries separated by a colon (`:`) for all networks:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network ls --format "{{.ID}}: {{.Driver}}"
|
||||
afaaab448eb2: bridge
|
||||
d1584f8dc718: host
|
||||
|
||||
@ -24,7 +24,7 @@ by any containers.
|
||||
|
||||
## Examples
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network prune
|
||||
|
||||
WARNING! This will remove all custom networks not used by at least one container.
|
||||
@ -64,7 +64,7 @@ networks without the specified labels.
|
||||
The following removes networks created more than 5 minutes ago. Note that
|
||||
system networks such as `bridge`, `host`, and `none` will never be pruned:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network ls
|
||||
|
||||
NETWORK ID NAME DRIVER SCOPE
|
||||
|
||||
@ -29,8 +29,8 @@ you must first disconnect any containers connected to it.
|
||||
|
||||
To remove the network named 'my-network':
|
||||
|
||||
```bash
|
||||
$ docker network rm my-network
|
||||
```console
|
||||
$ docker network rm my-network
|
||||
```
|
||||
|
||||
### Remove multiple networks
|
||||
@ -39,8 +39,8 @@ To delete multiple networks in a single `docker network rm` command, provide
|
||||
multiple network names or ids. The following example deletes a network with id
|
||||
`3695c422697f` and a network named `my-network`:
|
||||
|
||||
```bash
|
||||
$ docker network rm 3695c422697f my-network
|
||||
```console
|
||||
$ docker network rm 3695c422697f my-network
|
||||
```
|
||||
|
||||
When you specify multiple networks, the command attempts to delete each in turn.
|
||||
|
||||
@ -28,7 +28,7 @@ Demotes an existing manager so that it is no longer a manager.
|
||||
|
||||
## Examples
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node demote <node name>
|
||||
```
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ Options:
|
||||
Returns information about a node. By default, this command renders all results
|
||||
in a JSON array. You can specify an alternate format to execute a
|
||||
given template for each result. Go's
|
||||
[text/template](http://golang.org/pkg/text/template/) package describes all the
|
||||
[text/template](https://golang.org/pkg/text/template/) package describes all the
|
||||
details of the format.
|
||||
|
||||
> **Note**
|
||||
@ -36,7 +36,7 @@ details of the format.
|
||||
|
||||
### Inspect a node
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node inspect swarm-manager
|
||||
```
|
||||
|
||||
@ -113,7 +113,7 @@ $ docker node inspect swarm-manager
|
||||
|
||||
### Specify an output format
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node inspect --format '{{ .ManagerStatus.Leader }}' self
|
||||
|
||||
false
|
||||
@ -121,7 +121,7 @@ false
|
||||
|
||||
Use `--format=pretty` or the `--pretty` shorthand to pretty-print the output:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node inspect --format=pretty self
|
||||
|
||||
ID: e216jshn25ckzbvmwlnh5jr3g
|
||||
|
||||
@ -36,7 +36,7 @@ for more information about available filter options.
|
||||
|
||||
## Examples
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node ls
|
||||
|
||||
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
|
||||
@ -44,6 +44,7 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATU
|
||||
38ciaotwjuritcdtn9npbnkuz swarm-worker1 Ready Active
|
||||
e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader
|
||||
```
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> In the above example output, there is a hidden column of `.Self` that indicates
|
||||
@ -69,7 +70,7 @@ The currently supported filters are:
|
||||
|
||||
The `id` filter matches all or part of a node's id.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node ls -f id=1
|
||||
|
||||
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
|
||||
@ -85,7 +86,7 @@ Swarm `node` labels, use [`node.label` instead](#nodelabel).
|
||||
|
||||
The following filter matches nodes with the `foo` label regardless of its value.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node ls -f "label=foo"
|
||||
|
||||
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
|
||||
@ -135,7 +136,7 @@ The `membership` filter matches nodes based on the presence of a `membership` an
|
||||
|
||||
The following filter matches nodes with the `membership` of `accepted`.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node ls -f "membership=accepted"
|
||||
|
||||
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
|
||||
@ -149,7 +150,7 @@ The `name` filter matches on all or part of a node hostname.
|
||||
|
||||
The following filter matches the nodes with a name equal to `swarm-master` string.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node ls -f name=swarm-manager1
|
||||
|
||||
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
|
||||
@ -162,7 +163,7 @@ The `role` filter matches nodes based on the presence of a `role` and a value `w
|
||||
|
||||
The following filter matches nodes with the `manager` role.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node ls -f "role=manager"
|
||||
|
||||
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
|
||||
@ -176,16 +177,16 @@ using a Go template.
|
||||
|
||||
Valid placeholders for the Go template are listed below:
|
||||
|
||||
Placeholder | Description
|
||||
-----------------|------------------------------------------------------------------------------------------
|
||||
`.ID` | Node ID
|
||||
`.Self` | Node of the daemon (`true/false`, `true`indicates that the node is the same as current docker daemon)
|
||||
`.Hostname` | Node hostname
|
||||
`.Status` | Node status
|
||||
`.Availability` | Node availability ("active", "pause", or "drain")
|
||||
`.ManagerStatus` | Manager status of the node
|
||||
`.TLSStatus` | TLS status of the node ("Ready", or "Needs Rotation" has TLS certificate signed by an old CA)
|
||||
`.EngineVersion` | Engine version
|
||||
| Placeholder | Description |
|
||||
|------------------|-------------------------------------------------------------------------------------------------------|
|
||||
| `.ID` | Node ID |
|
||||
| `.Self` | Node of the daemon (`true/false`, `true`indicates that the node is the same as current docker daemon) |
|
||||
| `.Hostname` | Node hostname |
|
||||
| `.Status` | Node status |
|
||||
| `.Availability` | Node availability ("active", "pause", or "drain") |
|
||||
| `.ManagerStatus` | Manager status of the node |
|
||||
| `.TLSStatus` | TLS status of the node ("Ready", or "Needs Rotation" has TLS certificate signed by an old CA) |
|
||||
| `.EngineVersion` | Engine version |
|
||||
|
||||
When using the `--format` option, the `node ls` command will either
|
||||
output the data exactly as the template declares or, when using the
|
||||
@ -195,8 +196,9 @@ The following example uses a template without headers and outputs the
|
||||
`ID`, `Hostname`, and `TLS Status` entries separated by a colon (`:`) for all
|
||||
nodes:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node ls --format "{{.ID}}: {{.Hostname}} {{.TLSStatus}}"
|
||||
|
||||
e216jshn25ckzbvmwlnh5jr3g: swarm-manager1 Ready
|
||||
35o6tiywb700jesrt3dmllaza: swarm-worker1 Needs Rotation
|
||||
```
|
||||
|
||||
@ -28,7 +28,7 @@ Promotes a node to manager. This command can only be executed on a manager node.
|
||||
|
||||
## Examples
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node promote <node name>
|
||||
```
|
||||
|
||||
|
||||
@ -36,8 +36,9 @@ information about available filter options.
|
||||
|
||||
## Examples
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node ps swarm-manager1
|
||||
|
||||
NAME IMAGE NODE DESIRED STATE CURRENT STATE
|
||||
redis.1.7q92v0nr1hcgts2amcjyqg3pq redis:3.0.6 swarm-manager1 Running Running 5 hours
|
||||
redis.6.b465edgho06e318egmgjbqo4o redis:3.0.6 swarm-manager1 Running Running 29 seconds
|
||||
@ -64,7 +65,7 @@ The `name` filter matches on all or part of a task's name.
|
||||
|
||||
The following filter matches all tasks with a name containing the `redis` string.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node ps -f name=redis swarm-manager1
|
||||
|
||||
NAME IMAGE NODE DESIRED STATE CURRENT STATE
|
||||
@ -79,7 +80,7 @@ redis.10.0tgctg8h8cech4w0k0gwrmr23 redis:3.0.6 swarm-manager1 Running
|
||||
|
||||
The `id` filter matches a task's id.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node ps -f id=bg8c07zzg87di2mufeq51a2qp swarm-manager1
|
||||
|
||||
NAME IMAGE NODE DESIRED STATE CURRENT STATE
|
||||
@ -93,7 +94,7 @@ value.
|
||||
|
||||
The following filter matches tasks with the `usage` label regardless of its value.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node ps -f "label=usage"
|
||||
|
||||
NAME IMAGE NODE DESIRED STATE CURRENT STATE
|
||||
@ -114,16 +115,16 @@ using a Go template.
|
||||
|
||||
Valid placeholders for the Go template are listed below:
|
||||
|
||||
Placeholder | Description
|
||||
----------------|------------------------------------------------------------------------------------------
|
||||
`.ID` | Task ID
|
||||
`.Name` | Task name
|
||||
`.Image` | Task image
|
||||
`.Node` | Node ID
|
||||
`.DesiredState` | Desired state of the task (`running`, `shutdown`, or `accepted`)
|
||||
`.CurrentState` | Current state of the task
|
||||
`.Error` | Error
|
||||
`.Ports` | Task published ports
|
||||
| Placeholder | Description |
|
||||
|-----------------|------------------------------------------------------------------|
|
||||
| `.ID` | Task ID |
|
||||
| `.Name` | Task name |
|
||||
| `.Image` | Task image |
|
||||
| `.Node` | Node ID |
|
||||
| `.DesiredState` | Desired state of the task (`running`, `shutdown`, or `accepted`) |
|
||||
| `.CurrentState` | Current state of the task |
|
||||
| `.Error` | Error |
|
||||
| `.Ports` | Task published ports |
|
||||
|
||||
When using the `--format` option, the `node ps` command will either
|
||||
output the data exactly as the template declares or, when using the
|
||||
@ -132,8 +133,9 @@ output the data exactly as the template declares or, when using the
|
||||
The following example uses a template without headers and outputs the
|
||||
`Name` and `Image` entries separated by a colon (`:`) for all tasks:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node ps --format "{{.Name}}: {{.Image}}"
|
||||
|
||||
top.1: busybox
|
||||
top.2: busybox
|
||||
top.3: busybox
|
||||
|
||||
@ -34,11 +34,12 @@ Removes the specified nodes from a swarm.
|
||||
|
||||
### Remove a stopped node from the swarm
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node rm swarm-node-02
|
||||
|
||||
Node swarm-node-02 removed from swarm
|
||||
```
|
||||
|
||||
### Attempt to remove a running node from a swarm
|
||||
|
||||
Removes the specified nodes from the swarm, but only if the nodes are in the
|
||||
@ -58,7 +59,7 @@ compromised or is not behaving as expected, you can use the `--force` option.
|
||||
This may cause transient errors or interruptions, depending on the type of task
|
||||
being run on the node.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node rm --force swarm-node-03
|
||||
|
||||
Node swarm-node-03 removed from swarm
|
||||
|
||||
@ -43,7 +43,7 @@ $ docker node update --label-add foo worker1
|
||||
|
||||
To add multiple labels to a node, pass the `--label-add` flag for each label:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker node update --label-add foo --label-add bar worker1
|
||||
```
|
||||
|
||||
|
||||
@ -30,7 +30,7 @@ for further details.
|
||||
|
||||
## Examples
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker pause my_container
|
||||
```
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@ Creates a plugin. Before creating the plugin, prepare the plugin's root filesyst
|
||||
|
||||
The following example shows how to create a sample `plugin`.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ ls -ls /home/pluginDir
|
||||
|
||||
total 4
|
||||
|
||||
@ -27,7 +27,7 @@ a plugin that has references (e.g., volumes, networks) cannot be disabled.
|
||||
The following example shows that the `sample-volume-plugin` plugin is installed
|
||||
and enabled:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin ls
|
||||
|
||||
ID NAME DESCRIPTION ENABLED
|
||||
@ -36,7 +36,7 @@ ID NAME DESCRIPTION
|
||||
|
||||
To disable the plugin, use the following command:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin disable tiborvass/sample-volume-plugin
|
||||
|
||||
tiborvass/sample-volume-plugin
|
||||
|
||||
@ -26,7 +26,7 @@ see [`docker plugin install`](plugin_install.md).
|
||||
The following example shows that the `sample-volume-plugin` plugin is installed,
|
||||
but disabled:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin ls
|
||||
|
||||
ID NAME DESCRIPTION ENABLED
|
||||
@ -35,7 +35,7 @@ ID NAME DESCRIPTION
|
||||
|
||||
To enable the plugin, use the following command:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin enable tiborvass/sample-volume-plugin
|
||||
|
||||
tiborvass/sample-volume-plugin
|
||||
|
||||
@ -27,7 +27,7 @@ in a JSON array.
|
||||
|
||||
The following example example inspects the `tiborvass/sample-volume-plugin` plugin:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin inspect tiborvass/sample-volume-plugin:latest
|
||||
```
|
||||
|
||||
@ -144,7 +144,7 @@ Output is in JSON format (output below is formatted for readability):
|
||||
|
||||
### Formatting the output
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin inspect -f '{{.Id}}' tiborvass/sample-volume-plugin:latest
|
||||
|
||||
8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21
|
||||
|
||||
@ -33,7 +33,7 @@ The following example installs `vieus/sshfs` plugin and [sets](plugin_set.md) it
|
||||
Hub and prompt the user to accept the list of privileges that the plugin needs,
|
||||
set the plugin's parameters and enable the plugin.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin install vieux/sshfs DEBUG=1
|
||||
|
||||
Plugin "vieux/sshfs" is requesting the following privileges:
|
||||
@ -46,7 +46,7 @@ vieux/sshfs
|
||||
|
||||
After the plugin is installed, it appears in the list of plugins:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin ls
|
||||
|
||||
ID NAME DESCRIPTION ENABLED
|
||||
|
||||
@ -31,7 +31,7 @@ Refer to the [filtering](#filtering) section for more information about availabl
|
||||
|
||||
## Examples
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin ls
|
||||
|
||||
ID NAME DESCRIPTION ENABLED
|
||||
@ -58,7 +58,7 @@ The `capability` filter matches on plugin capabilities. One plugin
|
||||
might have multiple capabilities. Currently `volumedriver`, `networkdriver`,
|
||||
`ipamdriver`, `logdriver`, `metricscollector`, and `authz` are supported capabilities.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin install --disable vieux/sshfs
|
||||
|
||||
Installed plugin vieux/sshfs
|
||||
@ -75,13 +75,13 @@ using a Go template.
|
||||
|
||||
Valid placeholders for the Go template are listed below:
|
||||
|
||||
Placeholder | Description
|
||||
-------------------|------------------------------------------------------------
|
||||
`.ID` | Plugin ID
|
||||
`.Name` | Plugin name and tag
|
||||
`.Description` | Plugin description
|
||||
`.Enabled` | Whether plugin is enabled or not
|
||||
`.PluginReference` | The reference used to push/pull from a registry
|
||||
| Placeholder | Description |
|
||||
|--------------------|-------------------------------------------------|
|
||||
| `.ID` | Plugin ID |
|
||||
| `.Name` | Plugin name and tag |
|
||||
| `.Description` | Plugin description |
|
||||
| `.Enabled` | Whether plugin is enabled or not |
|
||||
| `.PluginReference` | The reference used to push/pull from a registry |
|
||||
|
||||
When using the `--format` option, the `plugin ls` command will either
|
||||
output the data exactly as the template declares or, when using the
|
||||
@ -90,7 +90,7 @@ output the data exactly as the template declares or, when using the
|
||||
The following example uses a template without headers and outputs the
|
||||
`ID` and `Name` entries separated by a colon (`:`) for all plugins:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin ls --format "{{.ID}}: {{.Name}}"
|
||||
|
||||
4be01827a72e: vieux/sshfs:latest
|
||||
|
||||
@ -26,7 +26,7 @@ Registry credentials are managed by [docker login](login.md).
|
||||
|
||||
The following example shows how to push a sample `user/plugin`.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin ls
|
||||
|
||||
ID NAME DESCRIPTION ENABLED
|
||||
|
||||
@ -31,7 +31,7 @@ functioning of running containers using the plugin).
|
||||
The following example disables and removes the `sample-volume-plugin:latest`
|
||||
plugin:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin disable tiborvass/sample-volume-plugin
|
||||
|
||||
tiborvass/sample-volume-plugin
|
||||
|
||||
@ -84,7 +84,7 @@ On the contrary, the `LOGGING` environment variable doesn't have any settable fi
|
||||
The following example change the env variable `DEBUG` on the
|
||||
`sample-volume-plugin` plugin.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin
|
||||
[DEBUG=0]
|
||||
|
||||
@ -99,7 +99,7 @@ $ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin
|
||||
The following example change the source of the `mymount` mount on
|
||||
the `myplugin` plugin.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin
|
||||
/foo
|
||||
|
||||
@ -119,7 +119,7 @@ $ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.
|
||||
The following example change the path of the `mydevice` device on
|
||||
the `myplugin` plugin.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin
|
||||
|
||||
/dev/foo
|
||||
@ -139,7 +139,7 @@ $ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$devi
|
||||
|
||||
The following example change the value of the args on the `myplugin` plugin.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin inspect -f '{{.Settings.Args}}' myplugin
|
||||
|
||||
["foo", "bar"]
|
||||
|
||||
@ -30,7 +30,7 @@ The plugin must be disabled before running the upgrade.
|
||||
The following example installs `vieus/sshfs` plugin, uses it to create and use
|
||||
a volume, then upgrades the plugin.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker plugin install vieux/sshfs DEBUG=1
|
||||
|
||||
Plugin "vieux/sshfs:next" is requesting the following privileges:
|
||||
|
||||
@ -22,7 +22,7 @@ Options:
|
||||
You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or
|
||||
just a specific mapping:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
|
||||
@ -45,7 +45,7 @@ Options:
|
||||
|
||||
Running `docker ps --no-trunc` showing 2 linked containers.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -58,7 +58,7 @@ d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minut
|
||||
The `docker ps` command only shows running containers by default. To see all
|
||||
containers, use the `-a` (or `--all`) flag:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps -a
|
||||
```
|
||||
|
||||
@ -70,7 +70,7 @@ the `PORTS` column.
|
||||
|
||||
The `docker ps -s` command displays two different on-disk-sizes for each container:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps -s
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE SIZE
|
||||
@ -114,7 +114,7 @@ value.
|
||||
|
||||
The following filter matches containers with the `color` label regardless of its value.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps --filter "label=color"
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -124,7 +124,7 @@ d85756f57265 busybox "top" 52 seconds ago
|
||||
|
||||
The following filter matches containers with the `color` label with the `blue` value.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps --filter "label=color=blue"
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -137,7 +137,7 @@ The `name` filter matches on all or part of a container's name.
|
||||
|
||||
The following filter matches all containers with a name containing the `nostalgic_stallman` string.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps --filter "name=nostalgic_stallman"
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -146,7 +146,7 @@ CONTAINER ID IMAGE COMMAND CREATED
|
||||
|
||||
You can also filter for a substring in a name as this shows:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps --filter "name=nostalgic"
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -160,7 +160,7 @@ CONTAINER ID IMAGE COMMAND CREATED
|
||||
The `exited` filter matches containers by exist status code. For example, to
|
||||
filter for containers that have exited successfully:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps -a --filter 'exited=0'
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -174,7 +174,7 @@ ea09c3c82f6e registry:latest /srv/run.sh 2 weeks ago
|
||||
You can use a filter to locate containers that exited with status of `137`
|
||||
meaning a `SIGKILL(9)` killed them.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps -a --filter 'exited=137'
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -194,7 +194,7 @@ The `status` filter matches containers by status. You can filter using
|
||||
`created`, `restarting`, `running`, `removing`, `paused`, `exited` and `dead`. For example,
|
||||
to filter for `running` containers:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps --filter status=running
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -205,7 +205,7 @@ d5c976d3c462 busybox "top" 23 minutes ago
|
||||
|
||||
To filter for `paused` containers:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps --filter status=paused
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -226,7 +226,7 @@ it. The filter supports the following image representation:
|
||||
If you don't specify a `tag`, the `latest` tag is used. For example, to filter
|
||||
for containers that use the latest `ubuntu` image:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps --filter ancestor=ubuntu
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -239,7 +239,7 @@ bab2a34ba363 ubuntu "top" 3 minutes ago
|
||||
Match containers based on the `ubuntu-c1` image which, in this case, is a child
|
||||
of `ubuntu`:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps --filter ancestor=ubuntu-c1
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -248,7 +248,7 @@ CONTAINER ID IMAGE COMMAND CREATED
|
||||
|
||||
Match containers based on the `ubuntu` version `12.04.5` image:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps --filter ancestor=ubuntu:12.04.5
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -258,7 +258,7 @@ CONTAINER ID IMAGE COMMAND CREATED
|
||||
The following matches containers based on the layer `d0e008c6cf02` or an image
|
||||
that have this layer in its layer stack.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps --filter ancestor=d0e008c6cf02
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -272,7 +272,7 @@ CONTAINER ID IMAGE COMMAND CREATED
|
||||
The `before` filter shows only containers created before the container with
|
||||
given id or name. For example, having these containers created:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -283,7 +283,7 @@ CONTAINER ID IMAGE COMMAND CREATED STATUS
|
||||
|
||||
Filtering with `before` would give:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps -f before=9c3527ed70ce
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -296,7 +296,7 @@ CONTAINER ID IMAGE COMMAND CREATED STATUS
|
||||
The `since` filter shows only containers created since the container with given
|
||||
id or name. For example, with the same containers as in `before` filter:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps -f since=6e63f6ff38b0
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -309,7 +309,7 @@ CONTAINER ID IMAGE COMMAND CREATED STATUS
|
||||
The `volume` filter shows only containers that mount a specific volume or have
|
||||
a volume mounted in a specific path:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}"
|
||||
|
||||
CONTAINER ID MOUNTS
|
||||
@ -329,7 +329,7 @@ a given name or id.
|
||||
The following filter matches all containers that are connected to a network
|
||||
with a name containing `net1`.
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker run -d --net=net1 --name=test1 ubuntu top
|
||||
$ docker run -d --net=net2 --name=test2 ubuntu top
|
||||
|
||||
@ -343,7 +343,7 @@ The network filter matches on both the network's name and id. The following
|
||||
example shows all containers that are attached to the `net1` network, using
|
||||
the network id as a filter;
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker network inspect --format "{{.ID}}" net1
|
||||
|
||||
8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5
|
||||
@ -361,7 +361,7 @@ number, port range, and/or protocol. The default protocol is `tcp` when not spec
|
||||
|
||||
The following filter matches all containers that have published port of 80:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker run -d --publish=80 busybox top
|
||||
$ docker run -d --expose=8080 busybox top
|
||||
|
||||
@ -378,7 +378,8 @@ fc7e477723b7 busybox "top" About a minute ago
|
||||
```
|
||||
|
||||
The following filter matches all containers that have exposed TCP port in the range of `8000-8080`:
|
||||
```bash
|
||||
|
||||
```console
|
||||
$ docker ps --filter expose=8000-8080/tcp
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -386,7 +387,8 @@ CONTAINER ID IMAGE COMMAND CREATED
|
||||
```
|
||||
|
||||
The following filter matches all containers that have exposed UDP port `80`:
|
||||
```bash
|
||||
|
||||
```console
|
||||
$ docker ps --filter publish=80/udp
|
||||
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
@ -423,7 +425,7 @@ column headers as well.
|
||||
The following example uses a template without headers and outputs the `ID` and
|
||||
`Command` entries separated by a colon (`:`) for all running containers:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps --format "{{.ID}}: {{.Command}}"
|
||||
|
||||
a87ecb4f327c: /bin/sh -c #(nop) MA
|
||||
@ -434,7 +436,7 @@ c1d3b0166030: /bin/sh -c yum -y up
|
||||
|
||||
To list all running containers with their labels in a table format you can use:
|
||||
|
||||
```bash
|
||||
```console
|
||||
$ docker ps --format "table {{.ID}}\t{{.Labels}}"
|
||||
|
||||
CONTAINER ID LABELS
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user