Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DockerCLI/docs
History
Sebastiaan van Stijn 190c64b415
Service cap-add/cap-drop: improve handling of combinations and special "ALL" value 
When creating and updating services, we need to avoid unneeded service churn.

The interaction of separate lists to "add" and "drop" capabilities, a special
("ALL") capability, as well as a "relaxed" format for accepted capabilities
(case-insensitive, `CAP_` prefix optional) make this rather involved.

This patch updates how we handle `--cap-add` / `--cap-drop` when  _creating_ as
well as _updating_, with the following rules/assumptions applied:

- both existing (service spec) and new (values passed through flags or in
  the compose-file) are normalized and de-duplicated before use.
- the special "ALL" capability is equivalent to "all capabilities" and taken
  into account when normalizing capabilities. Combining "ALL" capabilities
  and other capabilities is therefore equivalent to just specifying "ALL".
- adding capabilities takes precedence over dropping, which means that if
  a capability is both set to be "dropped" and to be "added", it is removed
  from the list to "drop".
- the final lists should be sorted and normalized to reduce service churn
- no validation of capabilities is handled by the client. Validation is
  delegated to the daemon/server.

When deploying a service using a docker-compose file, the docker-compose file
is *mostly* handled as being "declarative". However, many of the issues outlined
above also apply to compose-files, so similar handling is applied to compose
files as well to prevent service churn.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 		2020-09-08 14:38:35 +02:00
..
extend docs/extend: fix broken link and some markdown touch-ups 2020-05-28 17:28:43 +02:00
reference Service cap-add/cap-drop: improve handling of combinations and special "ALL" value 2020-09-08 14:38:35 +02:00
yaml yamldocs: add description to base command 2020-04-19 19:51:12 +02:00
README.md Fix GitHub spelling 2017-10-05 01:14:31 +08:00
deprecated.md document deprecation of legacy `~/.dockercfg` config-file 2020-08-03 11:45:35 +02:00

README.md

The non-reference docs have been moved!

The documentation for Docker Engine has been merged into the general documentation repo.

See the README for instructions on contributing to and building the documentation.

If you'd like to edit the current published version of the Engine docs, do it in the master branch here: https://github.com/docker/docker.github.io/tree/master/engine

If you need to document the functionality of an upcoming Engine release, use the vnext-engine branch: https://github.com/docker/docker.github.io/tree/vnext-engine/engine

The reference docs have been left in docker/docker (this repo), which remains the place to edit them.

The docs in the general repo are open-source and we appreciate your feedback and pull requests!