Enable to dynamically reload authorization plugins via daemon.config

Following #22729, enable to dynamically reload/remove the daemon
authorization plugins (via standard reloading mechanism).
https://docs.docker.com/engine/reference/commandline/daemon/#daemon-
configuration-file

Daemon must store a reference to the authorization middleware to refresh
the plugin on configuration changes.

Signed-off-by: Liron Levin <liron@twistlock.com>
This commit is contained in:
Liron Levin 2016-05-16 21:12:48 +03:00 committed by Tibor Vass
parent 5b559678c3
commit e428a09ae7
2 changed files with 3 additions and 0 deletions

View File

@ -104,6 +104,8 @@ support the Docker client interactions detailed in this section.
Enable the authorization plugin with a dedicated command line flag in the Enable the authorization plugin with a dedicated command line flag in the
`--authorization-plugin=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID` `--authorization-plugin=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID`
value. This value can be the plugins socket or a path to a specification file. value. This value can be the plugins socket or a path to a specification file.
Authorization plugins can be loaded without restarting the daemon. Refer
to the [`dockerd` documentation](../reference/commandline/dockerd.md#configuration-reloading) for more information.
```bash ```bash
$ docker daemon --authorization-plugin=plugin1 --authorization-plugin=plugin2,... $ docker daemon --authorization-plugin=plugin1 --authorization-plugin=plugin2,...

View File

@ -1152,6 +1152,7 @@ The list of currently supported options that can be reconfigured is this:
the runtime shipped with the official docker packages. the runtime shipped with the official docker packages.
- `runtimes`: it updates the list of available OCI runtimes that can - `runtimes`: it updates the list of available OCI runtimes that can
be used to run containers be used to run containers
- `authorization-plugin`: specifies the authorization plugins to use.
Updating and reloading the cluster configurations such as `--cluster-store`, Updating and reloading the cluster configurations such as `--cluster-store`,
`--cluster-advertise` and `--cluster-store-opts` will take effect only if `--cluster-advertise` and `--cluster-store-opts` will take effect only if