00b72960d7
vendor: docker/docker 7f7e4abb331a2973cfb3223710cc35a3e476b1b3
...
full diff: f50a40e889...7f7e4abb33
2020-09-18 01:42:37 +02:00
75598aa92a
Merge pull request #2728 from jennydaman/manifest-rm
...
Fix bash completion typo `docker manifest rm`
2020-09-18 01:35:00 +02:00
bd8948761c
Fix typo
...
Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>
2020-09-17 15:33:46 -04:00
b747821ace
Merge pull request #2449 from jennydaman/manifest-rm
...
`docker manifest rm` command to remove manifest list draft from local storage
2020-09-17 20:52:52 +02:00
ee360d3998
Merge pull request #2726 from thaJeztah/add_new_caps
...
Add docs and bash-completion for new Linux capabilities
2020-09-17 11:45:43 -07:00
6065dccc98
Add docs and bash-completion for new Linux capabilities
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-16 16:22:43 +02:00
f19e31afe2
docs: add link to linux kernel source code for capabilities
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-16 16:22:41 +02:00
72a357858c
docs: resize capabilities table
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-16 16:22:38 +02:00
3191903ca4
Merge pull request #2723 from thaJeztah/update_caps_docs_and_completion
...
Update documentation on capabilities, and add missing CAP_AUDIT_READ
2020-09-16 16:17:58 +02:00
5b035964c4
Bash-completion: add CAP_AUDIT_READ
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-16 15:47:19 +02:00
884a5ffbdf
docs: document CAP_AUDIT_READ
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-16 15:46:09 +02:00
4e58c29513
docs: document optional "CAP_" prefix for capabilities
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-16 15:32:04 +02:00
5bbdcd1c9d
docs: sort list of capabilities alphabetically
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-16 15:26:20 +02:00
185d71262a
Subcommand `docker manifest rm`
...
Squashed commit of the following:
commit b9ef85e74833ba405f68cfc20989c69d64bac4e9
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date: Mon Sep 14 21:39:57 2020 -0400
Fix bash completion
https://github.com/docker/cli/pull/2449#pullrequestreview-488110510
Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>
commit 8c46bd6e6ed151bb43865c8b1d79c00fd62e4345
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date: Sun Sep 13 01:48:12 2020 -0400
Add tests for docker manifest rm
Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>
commit 7e3d9a9bc60e44d96953093fa0b1bc3397ca7813
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date: Sun Sep 13 00:55:37 2020 -0400
docker manifest rm multiple args
Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>
commit 30466e28d28f6722053c5a232e99ddbae8222715
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date: Sun Sep 13 00:01:20 2020 -0400
No need to search before Remove
https://github.com/docker/cli/pull/2449#discussion_r485544044
Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>
commit ccdc4ed0a620cf8c9ec6ecc6804d1a45f7c61be5
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date: Sat Sep 12 23:42:41 2020 -0400
Completion should also handle --help
https://github.com/docker/cli/pull/2449#discussion_r443140909
Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>
commit ed260afa71a4f8feb6550f79692e47ad7430d786
Merge: 46c61d85e9 2955ece024
2020-09-15 16:26:47 -04:00
e0eba83bdd
Merge pull request #2714 from albers/completion-ulimits
...
Improve bash completion for ulimits
2020-09-14 14:02:55 +02:00
dbb2a52a74
Merge pull request #2716 from thaJeztah/update_git_remote_description
...
docs/build: add note about git subdirectories with BuildKit
2020-09-14 12:24:57 +02:00
b4db7e38bc
docs/build: add note about git subdirectories with BuildKit
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-14 11:36:55 +02:00
1e864920ac
Improve bash completion for ulimits
...
This adds bash completion for limits after
- docker service create --ulimit
- docker service update --ulimit-add
- docker service update --ulimit-rm
- docker container create --ulimit
- docker container run --ulimit
- docker build --ulimit
- dockerd --default-ulimit
Signed-off-by: Harald Albers <github@albersweb.de>
2020-09-12 16:04:24 +02:00
2955ece024
Merge pull request #2713 from thaJeztah/update_circleci
...
CircleCI: update to docker 19.03.12
2020-09-11 17:06:41 +02:00
57326f5e6d
CircleCI: update to docker 19.03.12
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-11 16:44:02 +02:00
cec8723d8c
Merge pull request #2656 from thaJeztah/bump_buildkit
...
vendor: buildkit 4d1f260e8490ec438ab66e08bb105577aca0ce06
2020-09-10 17:43:42 -04:00
7836597b3d
Merge pull request #2712 from thaJeztah/carry_2660_ulimits
...
Add ulimits support to docker service and docker stack deploy (carry 2660)
2020-09-10 15:40:25 -04:00
1778ffbb18
Merge pull request #2709 from thaJeztah/service_caps_reset
...
Service cap-add/cap-drop: add special "RESET" value
2020-09-10 15:22:41 +02:00
940907951b
Support ulimits in docker stack deploy
...
This is related to moby/moby 40639.
Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-10 14:59:02 +02:00
a9158bdc50
Add ulimits option to docker service create/update/inspect
...
This is related to moby/moby 40639.
Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-10 14:41:33 +02:00
866e4b10a1
opts/UlimitOpt: sort lists by name
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-10 11:56:27 +02:00
23660be600
Service cap-add/cap-drop: add special "RESET" value
...
This implements a special "RESET" value that can be used to reset the
list of capabilities to add/drop when updating a service.
Given the following service;
| CapDrop | CapAdd |
| -------------- | ------------- |
| CAP_SOME_CAP | |
When updating the service, and applying `--cap-drop RESET`, the "drop" list
is reset to its default:
| CapDrop | CapAdd |
| -------------- | ------------- |
| | |
When updating the service, and applying `--cap-drop RESET`, combined with
`--cap-add CAP_SOME_CAP` and `--cap-drop CAP_SOME_OTHER_CAP`:
| CapDrop | CapAdd |
| -------------- | ------------- |
| CAP_FOO_CAP | CAP_SOME_CAP |
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-10 11:14:38 +02:00
7edc00d808
vendor: buildkit 4d1f260e8490ec438ab66e08bb105577aca0ce06
...
full diff: df35e9818d...4d1f260e84moby/buildkit#1551 session: track sessions with a group construct
- moby/buildkit#1534 secrets: allow providing secrets with env
- moby/buildkit#1533 git: support for token authentication
- moby/buildkit#1549 progressui: fix logs time formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 15:19:02 +02:00
60abe967b5
Merge pull request #2711 from thaJeztah/bump_engine
...
vendor: bump docker/docker, docker/swarmkit, and dependencies
2020-09-09 15:08:53 +02:00
ed339fa5c1
vendor: update prometheus deps to match docker/docker
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 14:57:00 +02:00
338e83837b
vendor: github.com/golang/protobuf v1.3.5
...
full diff: https://github.com/golang/protobuf/compare/v1.3.3...v1.3.5
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 14:09:42 +02:00
038cc46f88
vendor: github.com/containerd/cgroups 318312a373405e5e91134d8063d04d59768a1bff
...
full diff: 44306b6a1d...318312a373
2020-09-09 14:08:01 +02:00
9968ccafe8
vendor: github.com/containerd/containerd v1.4.0-rc.1
...
full diff: c80284d4b5
2020-09-09 14:07:58 +02:00
5468092784
vendor: opencontainers/runc v1.0.0-rc92
...
full diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc10...v1.0.0-rc92
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 14:07:56 +02:00
dbe2f594ed
vendor: golang.org/x/sys ed371f2e16b4b305ee99df548828de367527b76b
...
full diff: 85ca7c5b95...ed371f2e16
2020-09-09 14:07:54 +02:00
e70e756053
vendor golang.org/x/net v0.0.0-20200707034311-ab3426394381
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 14:07:52 +02:00
1c3a97b0ff
vendor golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 14:07:50 +02:00
9f0658fb02
vendor: github.com/gorilla/mux v1.8.0
...
full diff: https://github.com/gorilla/mux/compare/v1.7.4...v1.8.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 14:07:48 +02:00
47980a7e49
vendor: github.com/docker/docker f50a40e889fdaeebf14fce1d494f95e60092d21d
...
full diff: 0f41a77c69...f50a40e889
2020-09-09 14:07:46 +02:00
0bb70223bd
vendor: github.com/docker/swarmkit d6592ddefd8a5319aadff74c558b816b1a0b2590
...
full diff: 035d564a36...d6592ddefd
2020-09-09 14:07:44 +02:00
c84ed28d44
Merge pull request #2703 from despreston/des/build-man-fixes
...
man/docker-build.1:fix --memory-swamp & --network, removing = b/w opts & values
2020-09-09 13:27:16 +02:00
164802973e
Merge pull request #2687 from thaJeztah/carry_service_caps
...
[carry 2663] Add capabilities support to stack/service commands
2020-09-08 12:06:27 -07:00
551ac136e0
Merge pull request #2706 from albers/completion-capabilities-variants
...
Complete capabilites with and without "CAP_" prefix.
2020-09-08 15:00:50 +02:00
95037299cb
Service cap-add/cap-drop: handle updates as "tri-state"
...
Adding/removing capabilities when updating a service is considered a tri-state;
- if the capability was previously "dropped", then remove it from "CapabilityDrop",
but do NOT add it to "CapabilityAdd". However, if the capability was not yet in
the service's "CapabilityDrop", then simply add it to the service's "CapabilityAdd"
- likewise, if the capability was previously "added", then remove it from
"CapabilityAdd", but do NOT add it to "CapabilityDrop". If the capability was
not yet in the service's "CapabilityAdd", then simply add it to the service's
"CapabilityDrop".
In other words, given a service with the following:
| CapDrop | CapAdd |
| -------------- | ------------- |
| CAP_SOME_CAP | |
When updating the service, and applying `--cap-add CAP_SOME_CAP`, the previously
dropped capability is removed:
| CapDrop | CapAdd |
| -------------- | ------------- |
| | |
When updating the service a second time, applying `--cap-add CAP_SOME_CAP`,
capability is now added:
| CapDrop | CapAdd |
| -------------- | ------------- |
| | CAP_SOME_CAP |
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-08 14:42:39 +02:00
190c64b415
Service cap-add/cap-drop: improve handling of combinations and special "ALL" value
...
When creating and updating services, we need to avoid unneeded service churn.
The interaction of separate lists to "add" and "drop" capabilities, a special
("ALL") capability, as well as a "relaxed" format for accepted capabilities
(case-insensitive, `CAP_` prefix optional) make this rather involved.
This patch updates how we handle `--cap-add` / `--cap-drop` when _creating_ as
well as _updating_, with the following rules/assumptions applied:
- both existing (service spec) and new (values passed through flags or in
the compose-file) are normalized and de-duplicated before use.
- the special "ALL" capability is equivalent to "all capabilities" and taken
into account when normalizing capabilities. Combining "ALL" capabilities
and other capabilities is therefore equivalent to just specifying "ALL".
- adding capabilities takes precedence over dropping, which means that if
a capability is both set to be "dropped" and to be "added", it is removed
from the list to "drop".
- the final lists should be sorted and normalized to reduce service churn
- no validation of capabilities is handled by the client. Validation is
delegated to the daemon/server.
When deploying a service using a docker-compose file, the docker-compose file
is *mostly* handled as being "declarative". However, many of the issues outlined
above also apply to compose-files, so similar handling is applied to compose
files as well to prevent service churn.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-08 14:38:35 +02:00
c6ec4e081e
service: Add --cap-add & --cap-drop to service cmds
...
Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
2020-09-08 14:24:55 +02:00
0db61ff6da
stack: Support cap_add and cap_drop on services
...
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
2020-09-08 14:24:52 +02:00
ad16982544
Merge pull request #2696 from thaJeztah/multistage_dockerfile
...
Refactor / cleanup Dockerfile.dev
2020-09-08 11:07:25 +02:00
01cd748eb6
Dockerfile: use experimental syntax and buildkit cache-mounts
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-08 10:30:18 +02:00
3aee35037a
Makefile: use --mount instead of -v for docker socket
...
The shorthand `-v` will auto-create the host-path as a directory if
the socket is not yet up, instead of failing the container. To prevent
accidental creation of `/var/run/docker.sock` as a directory, use
the `--mount` flag instead, which does not auto-create host-paths.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-08 10:27:14 +02:00
Sebastiaan van Stijn
Sebastiaan van Stijn
Jennings Zhang
Tõnis Tiigi
Silvin Lubecki
Harald Albers
Tibor Vass
Albin Kerouanton
Brian Goff
Olli Janatuinen