Add docs for option --isolation

Add docs for `run`/`create`/`build` command option `isolation` Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2015-11-09 17:11:10 +08:00
parent c072458308
commit 67eea4d814
7 changed files with 150 additions and 0 deletions
--- a/docs/reference/commandline/build.md
+++ b/docs/reference/commandline/build.md
@ -25,6 +25,7 @@ parent = "smn_cli"
      -f, --file=""                   Name of the Dockerfile (Default is 'PATH/Dockerfile')
      --force-rm=false                Always remove intermediate containers
      --help=false                    Print usage
+      --isolation=""                  Container isolation technology
      -m, --memory=""                 Memory limit for all build containers
      --memory-swap=""                Total memory (memory + swap), `-1` to disable swap
      --no-cache=false                Do not use cache when building the image
@ -301,3 +302,19 @@ like `ENV` values do.

 For detailed information on using `ARG` and `ENV` instructions, see the
 [Dockerfile reference](../builder.md).
+
+### Specify isolation technology for container (--isolation)
+
+This option is useful in situations where you are running Docker containers on
+Windows. The `--isolation=<value>` option sets a container's isolation
+technology. On Linux, the only supported is the `default` option which uses
+Linux namespaces. On Microsoft Windows, you can specify these values:
+
+
+| Value     | Description                                                                                                                                                   |
+|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.  |
+| `process` | Namespace isolation only.                                                                                                                                     |
+| `hyperv`   | Hyper-V hypervisor partition-based isolation.                                                                                                                  |
+
+Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
--- a/docs/reference/commandline/create.md
+++ b/docs/reference/commandline/create.md
@ -43,6 +43,7 @@ Creates a new container.
      --help=false                  Print usage
      -i, --interactive=false       Keep STDIN open even if not attached
      --ipc=""                      IPC namespace to use
+      --isolation=""                Container isolation technology
      --kernel-memory=""            Kernel memory limit
      -l, --label=[]                Set metadata on the container (e.g., --label=com.example.key=value)
      --label-file=[]               Read in a line delimited file of labels
@ -125,3 +126,19 @@ then be used from the subsequent container:
    -rw-r--r--  1 1000 staff  920 Nov 28 11:51 .profile
    drwx--S---  2 1000 staff  460 Dec  5 00:51 .ssh
    drwxr-xr-x 32 1000 staff 1140 Dec  5 04:01 docker
+
+### Specify isolation technology for container (--isolation)
+
+This option is useful in situations where you are running Docker containers on
+Windows. The `--isolation=<value>` option sets a container's isolation
+technology. On Linux, the only supported is the `default` option which uses
+Linux namespaces. On Microsoft Windows, you can specify these values:
+
+
+| Value     | Description                                                                                                                                                   |
+|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.  |
+| `process` | Namespace isolation only.                                                                                                                                     |
+| `hyperv`   | Hyper-V hypervisor partition-based isolation.                                                                                                                  |
+
+Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
--- a/docs/reference/commandline/daemon.md
+++ b/docs/reference/commandline/daemon.md
@ -454,6 +454,14 @@ This example sets the `cgroupdriver` to `systemd`:

 Setting this option applies to all containers the daemon launches.

+Also Windows Container makes use of `--exec-opt` for special purpose. Docker user
+can specify default container isolation technology with this, for example:
+
+    $ docker daemon --exec-opt isolation=hyperv
+
+Will make `hyperv` the default isolation technology on Windows, without specifying
+isolation value on daemon start, Windows isolation technology will default to `process`.
+
 ## Daemon DNS options

 To set the DNS server for all Docker containers, use
--- a/docs/reference/commandline/run.md
+++ b/docs/reference/commandline/run.md
@ -42,6 +42,7 @@ parent = "smn_cli"
      --help=false                  Print usage
      -i, --interactive=false       Keep STDIN open even if not attached
      --ipc=""                      IPC namespace to use
+      --isolation=""                Container isolation technology
      --kernel-memory=""            Kernel memory limit
      -l, --label=[]                Set metadata on the container (e.g., --label=com.example.key=value)
      --label-file=[]               Read in a file of labels (EOL delimited)
@ -546,3 +547,38 @@ the three processes quota set for the `daemon` user.
 The `--stop-signal` flag sets the system call signal that will be sent to the container to exit.
 This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9,
 or a signal name in the format SIGNAME, for instance SIGKILL.
+
+### Specify isolation technology for container (--isolation)
+
+This option is useful in situations where you are running Docker containers on
+Microsoft Windows. The `--isolation <value>` option sets a container's isolation
+technology. On Linux, the only supported is the `default` option which uses
+Linux namespaces. These two commands are equivalent on Linux:
+
+```
+$ docker run -d busybox top
+$ docker run -d --isolation default busybox top
+```
+
+On Microsoft Windows, can take any of these values:
+
+
+| Value     | Description                                                                                                                                                   |
+|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.  |
+| `process` | Namespace isolation only.                                                                                                                                     |
+| `hyperv`   | Hyper-V hypervisor partition-based isolation.                                                                                                                  |
+
+In practice, when running on Microsoft Windows without a `daemon` option set,  these two commands are equivalent:
+
+```
+$ docker run -d --isolation default busybox top
+$ docker run -d --isolation process busybox top
+```
+
+If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`, any of these commands also result in `hyperv` isolation:
+
+```
+$ docker run -d --isolation default busybox top
+$ docker run -d --isolation hyperv busybox top
+```