Commit Graph

2378 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 15535d4594
context: deprecate support for encrypted TLS private keys
> Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since
> it does not authenticate the ciphertext, it is vulnerable to padding oracle
> attacks that can let an attacker recover the plaintext

From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 14:42:45 +02:00
Sebastiaan van Stijn 4ab6ea016d
Merge pull request #3208 from crazy-max/buildkit-progress
Add doc for BUILDKIT_PROGRESS env var
2021-07-26 15:49:29 +02:00
Sebastiaan van Stijn b98b573de3
Merge pull request #3190 from IvanGrund/patch-1
Fix typo in documentation - build.md
2021-07-26 15:18:35 +02:00
CrazyMax ecaaa35be6
Add doc for BUILDKIT_PROGRESS env var
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2021-07-25 20:27:38 +02:00
Sebastiaan van Stijn 7a0dc924f9
Add support for ALL_PROXY
Support for ALL_PROXY as default build-arg was added recently in
buildkit and the classic builder.

This patch adds the `ALL_PROXY` environment variable to the list of
configurable proxy variables, and updates the documentation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-21 09:06:18 +02:00
Ivan Grund d9f17025c4 Fix typo in documentation - build.md
Signed-off-by: Ivan Grund <ivan.grund@gmail.com>
2021-07-14 22:50:44 +02:00
Mathieu Champlon a033cdf515 Deprecate Kubernetes context support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
2021-07-01 18:39:00 +02:00
Mathieu Champlon c05f0f5957 Deprecate Kubernetes stack support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
2021-07-01 18:39:00 +02:00
Mathieu Champlon 7190255a68 Deprecate Kubernetes stack support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
2021-06-28 14:57:15 +02:00
Takuya Noguchi 0c723fd68a Fix the (dead) link for docs for Dockerfile syntax reference
This change will update the docs at
https://docs.docker.com/engine/reference/builder/#buildkit

This change is required by https://github.com/moby/buildkit/pull/1884

Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
2021-06-28 06:07:29 +00:00
Sebastiaan van Stijn 8e08b72450
Merge pull request #3108 from aiordache/validate_dockerd_config
Document option for daemon config validation
2021-06-24 16:25:49 +02:00
Anca Iordache 64b2e95287 Document `--validate` daemon option
Signed-off-by: Anca Iordache <anca.iordache@docker.com>
2021-06-24 15:00:21 +00:00
Govind Rai e12aade595 Update WORKDIR command information
Signed-off-by: Govind Rai <raigovind93@gmail.com>
2021-06-16 16:47:28 -07:00
Metal 3b502ca00e
Fix minor wording
Signed-off-by: Metal <2466052+tedhexaflow@users.noreply.github.com>
2021-06-04 17:26:28 +07:00
Sebastiaan van Stijn c7adb47076
Merge pull request #2984 from pn11/pn11-patch-1
docs: Fix wrong bridge driver option
2021-05-31 15:26:53 +02:00
Sebastiaan van Stijn 04e6884f65
docs: fix link to command-line reference
This link worked on GitHub, but was broken on docs.docker.com, so
replacing with a regular link directly to the docs instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-26 14:14:02 +02:00
Silvin Lubecki 86e1f04b5f
Merge pull request #3092 from thaJeztah/fix_plugin_link
docs: dockerd: fix broken link and markdown touch-ups
2021-05-19 14:53:51 +02:00
Silvin Lubecki 25952c90ee
Merge pull request #3082 from tianon/oci-authors
Swap "LABEL maintainer" for the OCI pre-defined "org.opencontainers.image.authors"
2021-05-18 21:57:42 +02:00
Erik Humphrey 57e7680591
docs: Fix broken jump link
Signed-off-by: Erik Humphrey <erik.humphrey@carleton.ca>
2021-05-13 10:10:38 -04:00
Sebastiaan van Stijn f3034ee928
docs: dockerd: fix broken link and markdown touch-ups
Jekyll doesn't work well with markdown links that are wrapped, so changing
the link to be on a single line.

While at it, also added/changed some code-hints.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-12 09:31:50 +02:00
Tianon Gravi 782192a6e5 Swap "LABEL maintainer" for the OCI pre-defined "org.opencontainers.image.authors"
https://github.com/opencontainers/image-spec/blob/v1.0.1/annotations.md#pre-defined-annotation-keys

Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
2021-05-04 09:48:13 -07:00
Silvin Lubecki cde06fbf1d
Merge pull request #3052 from thaJeztah/dual_logging_cache_options
docs: document log-opts for "dual logging" cache
2021-05-04 15:44:05 +02:00
Sebastiaan van Stijn 3c8d65963d
docs: cleanup / refactor cli doc
More improvements can be made, but this makes a start on cleaning up
this page:

- Reorganise configuration file options into sections
- Use tables for related options to make them easier to find
- Add warning about the config file's possibility to contain sensitive information
- Some MarkDown touch-ups (use "console" code-hint to assist copy/paste)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-01 11:41:55 +02:00
Sebastiaan van Stijn 276e7180f2
docs: add reference for "docker config" commands
This is mostly a copy of the equivalent `docker secret` commands,
which uses the same mechanisms behind the hood (hence, are 90% the
same).

We can make further refinements to these docs, but this gives us
a starting point.

Adding these documents, because there were some links pointing to
these pages in the docs, but there was no markdown file to link to
on GitHub.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-01 11:41:53 +02:00
Sebastiaan van Stijn 68284ff591
docs: update some examples for proxy configuration
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-01 11:41:51 +02:00
Sebastiaan van Stijn 34bb1a3127
Merge pull request #3059 from thaJeztah/builder_syntax_updates
docs: various updates to the Dockerfile reference
2021-04-28 20:30:45 +02:00
Sebastiaan van Stijn 30359cbdb7
docs/reference/builder: update "syntax" section
- rename "experimental" to "labs"
- rephrase recommendation for picking a version
- clarify that the "labs" channel provides a superset of the "stable" channel.
- remove "External implementation features" section, because it overlapped
  with the "syntax" section.
- removed `:latest` from the "stable" channel (generally not recommended)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-22 11:09:40 +02:00
Sebastiaan van Stijn 17a9eb60e3
docs/reference/builder: update example output, and some rephrasing
- update some examples to show the BuildKit output
- remove some wording about "images" being used for the build cache
- add a link to the `--cache-from` section
- added a link to "scanning your image with `docker scan`"
- updated link to "push your image"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-21 11:47:31 +02:00
Sebastiaan van Stijn 22b14dac8e
docs/reference/builder: remove outdated example Dockerfiles
These examples were really outdated, so linking to other sections
in the documentation instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-21 11:45:35 +02:00
Sebastiaan van Stijn 5dd7a28267
docs/reference/builder: touch-up code-hints and some minor changes
- use "console" for code-hints, to make process output distinguishable
  from the commands that are executed
- use a consistent prompt for powershell examples
- minor changes in wording around "build context" to reduce confusion
  with `docker context`

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-20 11:03:34 +02:00
Sebastiaan van Stijn 2586decba8
docs: document log-opts for "dual logging" cache
These options are available in Docker 20.10 and up, but were
previously only available in Docker EE, and not documented.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-17 15:14:36 +02:00
Chris Vermilion 41d169d211 Update stop.md
Updates the stop.md doc to mention that the stop signal can be changed, either with the Dockerfile or via `docker run --stop-signal`. This is a real gotcha if you're not familiar with this feature and build a container that extends a container that uses `STOPSIGNAL`.

Signed-off-by: Christopher Vermilion <christopher.vermilion@gmail.com>
2021-04-03 17:56:14 -04:00
Sebastiaan van Stijn e05e66f4b4
docs: remove trailing spaces to prevent yamldocs using "compact" notation
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-11 15:36:02 +01:00
Sebastiaan van Stijn d051df9943
docs: improve example for "remove all stopped containers"
recommend using `docker container prune`, but show an example on
how to combine commands with a bit more context and warnings
about portability/compatibility.

Thanks to Charlie Arehart to do the initial work on this.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-09 13:20:47 +01:00
OKA Naoya 10e909a26c
docs: Fix wrong bridge driver option
Signed-off-by: OKA Naoya <git@okanaoya.com>
2021-03-02 15:02:58 +09:00
Jon Zeolla cb1bb72fd9 Fix mistake with env var example in docker run docs
Signed-off-by: Jon Zeolla <zeolla@gmail.com>
2021-02-22 16:09:10 -05:00
Sebastiaan van Stijn f52a9e2fef
Add docs and completion for docker node ls --filter node.label
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-27 14:11:31 +01:00
DongGeon Lee 852fe05991 docs: Fix wrong variable name
Signed-off-by: LeeDongGeon <secmatth1996@gmail.com>
2021-01-23 19:04:15 +09:00
Sebastiaan van Stijn a4fb01f957
docs: add redirect for old reference URL
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-21 15:40:37 +01:00
Sebastiaan van Stijn 697c3a5b48
docs: fix typo in deprecated.md
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-08 16:03:51 +01:00
Tibor Vass c6493c7ecb
Merge pull request #2908 from thaJeztah/deprecate_blkio_weight
deprecate blkio-weight options with cgroups v1
2021-01-07 11:27:42 -08:00
Sebastiaan van Stijn fb2ea098a9
deprecate blkio-weight options with cgroups v1
These options were deprecated and removed in the Linux kernel v5.0 and up in;

- f382fb0bce
- fb5772cbfe
- 23aa16489c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-07 11:27:23 +01:00
rochfeu 69b5487e39 Remove duplicate word in push.md
Signed-off-by: Roch Feuillade <roch.feuillade@pandobac.com>
2021-01-06 14:40:19 +01:00
Sebastiaan van Stijn 06c60dea90
Deprecation: add pulling from non-compliant registries to table
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-09 02:36:30 +01:00
Tibor Vass 7287ab3890
Merge pull request #2872 from thaJeztah/deprecate_non_compliant_registries
Add deprecation note for non-compliant registries
2020-12-07 15:36:43 -08:00
Silvin Lubecki 37f45817b6
Merge pull request #2869 from thaJeztah/fix_yaml_formatting
docs: un-wrap line to prevent YAML docs from using "compact" formatting
2020-12-07 14:15:07 +01:00
Sebastiaan van Stijn aa91af81c6
Add deprecation note for non-compliant registries
Docker Engine v20.10 and up includes optimizations to verify if images in the
local image cache need updating before pulling, preventing the Docker Engine
from making unnecessary API requests. These optimizations require the container
image registry to conform to the Open Container Initiative Distribution Specification
(https://github.com/opencontainers/distribution-spec).

While most registries conform to the specification, we encountered some registries
to be non-compliant, resulting in `docker pull` to fail.

As a temporary solution, Docker Engine v20.10 includes a fallback mechanism to
allow `docker pull` to be functional when using a non-compliant registry. A
warning message is printed in this situation:

    WARNING Failed to pull manifest by the resolved digest. This registry does not
            appear to conform to the distribution registry specification; falling back to
            pull by tag. This fallback is DEPRECATED, and will be removed in a future
            release.

The fallback is added to allow users to either migrate their images to a compliant
registry, or for these registries to become compliant.

Note that this fallback only addresses failures on `docker pull`. Other commands,
such as `docker stack deploy`, or pulling images with `containerd` will continue
to fail.

Given that other functionality is still broken with these registries, we consider
this fallback a _temporary_ solution, and will remove the fallback in an upcoming
major release.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-07 13:34:50 +01:00
Sebastiaan van Stijn 3455643194
docs: un-wrap line to prevent YAML docs from using "compact" formatting
Looks like the YAML conversion doesn't like lines starting with `[`, and
causing it to use the "compact" formatting in the generated YAML.

This patch un-wraps these lines to prevent this.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-07 12:24:44 +01:00
Sebastiaan van Stijn 98625314fa
Merge pull request #2846 from bboehmke/dockerd_ip6tables
added ip6tables to daemon CLI and config file documentation
2020-12-03 20:56:21 +01:00
Andres Leon Rangel dc287b9072
Long format for flag -w --workdir
Added Long format for the wok directory option in docker run.

Signed-off-by: Andres LeonRangel <aleon1220@gmail.com>
2020-11-20 15:03:49 +13:00
Benjamin Böhmke 64776dd72f added ip6tables to daemon CLI and config file doc
Signed-off-by: Benjamin Böhmke <benjamin@boehmke.net>
2020-11-18 22:02:06 +01:00
Sebastiaan van Stijn 325036df3e
Merge pull request #2831 from tianon/containerd
Add "--containerd-namespace" daemon flags in completion and docs
2020-11-10 23:57:02 +01:00
Kyle c94f2d20b1 docs/builder: fix broken link
Signed-off-by: kylemit <Kylemit@gmail.com>
2020-11-07 08:35:07 -05:00
Tianon Gravi 8258fc9059 Add "--containerd-namespace" daemon flags in completion and docs
This also adds the missing `containerd` key in the example daemon configuration files.

Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
2020-11-06 12:34:10 -08:00
Tianon Gravi 184e5feb72 Use consistent formatting and sorted keys in all JSON examples for dockerd reference
To create this, I ran every JSON document through `jq -S` (which sorts the keys and consistently pretty-prints the result in a format which matches the majority of documents in this file).

Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
2020-11-06 11:52:06 -08:00
Eric Engestrom e08a441575 docs/builder: fix typo
Signed-off-by: Eric Engestrom <eric@engestrom.ch>
2020-11-03 20:11:23 +01:00
Sebastiaan van Stijn a27e9f4ddd
Merge pull request #2814 from thaJeztah/old_engines
docs: remove some references to obsolete docker versions
2020-10-26 23:33:15 +01:00
Sebastiaan van Stijn 6a02a51c99
docs: remove some references to obsolete docker versions
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-26 18:30:01 +01:00
Sebastiaan van Stijn 7150736688
Deprecation: add experimental docker build --stream option
Docker v17.07 introduced an experimental `--stream` flag on `docker build` which
allowed the build-context to be incrementally sent to the daemon, instead of
unconditionally sending the whole build-context.

This functionality has been reimplemented as part of BuildKit, which uses streaming
by default and the `--stream` option will be ignored when using the classic builder,
printing a deprecation warning instead.

Users that want to use this feature are encouraged to enable BuildKit by setting
the `DOCKER_BUILDKIT=1` environment variable or through the daemon or CLI configuration
files.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-24 01:58:54 +02:00
Charlotte Mach aa4cb24739 Replace deprecated instruction
MAINTAINER is deprecated, replacing with LABEL as recommended by
https://docs.docker.com/engine/reference/builder/#maintainer-deprecated

Signed-off-by: Charlotte Mach <charlotte.mach@fs.lmu.de>
2020-10-23 19:49:51 +02:00
Tibor Vass 7fedb0e54f
Merge pull request #2775 from thaJeztah/notabs
Replace tab with spaces in usage output
2020-10-22 12:40:42 -07:00
Sebastiaan van Stijn faac84e35d
Deprecate Linux containers on Windows (LCOW) (experimental)
The experimental feature to run Linux containers on Windows (LCOW) was introduced
as a technical preview in Docker 17.09. While many enhancements were made after
its introduction, the feature never reached completeness, and development has
now stopped in favor of running docker natively on Linux in WSL2.

Developers that need to run Linux workloads on a Windows host are encouraged
to use Docker Desktop with WSL2 instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-16 14:10:22 +02:00
Sebastiaan van Stijn ee41923645
docs: update 20.03 -> 20.10 in docker update docs
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-13 09:39:42 +02:00
Sebastiaan van Stijn 6c0a3dfbff
docs: update 20.03 -> 20.10 in deprecated.md
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-13 09:38:48 +02:00
Sebastiaan van Stijn 3fe574b7ef
docs: fix broken links in build reference
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-07 11:06:46 +02:00
Silvin Lubecki 6916b427a0
Merge pull request #2774 from thaJeztah/drop_experimental
Always enable experimental features
2020-10-02 17:34:01 +02:00
Sebastiaan van Stijn 977d3ae046
Always enable experimental features
The CLI disabled experimental features by default, requiring users
to set a configuration option to enable them.

Disabling experimental features was a request from Enterprise users
that did not want experimental features to be accessible.

We are changing this policy, and now enable experimental features
by default. Experimental features may still change and/or removed,
and will be highlighted in the documentation and "usage" output.

For example, the `docker manifest inspect --help` output now shows:

    EXPERIMENTAL:
      docker manifest inspect is an experimental feature.

      Experimental features provide early access to product functionality. These features
      may change between releases without warning or can be removed entirely from a future
      release. Learn more about experimental features: https://docs.docker.com/go/experimental/

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-02 15:59:42 +02:00
Sebastiaan van Stijn e6ef3349f6
update docs usage output to match new format
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-02 15:51:01 +02:00
Sebastiaan van Stijn de8b696ed6
docs/deprecated: remove minor versions
Some deprecations are ammended during a major (YY.MM) release, to
inform users as early as possible about deprecations. Removing the
minor version from this overview clarifies that features are
marked deprecated during which major release's lifecycle.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-02 14:15:42 +02:00
Sebastiaan van Stijn 48822564b6
docs: deprecate CLI options for experimental CLI features
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-02 14:10:27 +02:00
Sebastiaan van Stijn c2225ad126
docs: add /go/experimental/ vanity URL
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-02 13:59:55 +02:00
Tibor Vass 8b916c9300
Merge pull request #2757 from thaJeztah/update_security_link
docs: update URL for security landing page
2020-09-29 16:36:47 -07:00
Sebastiaan van Stijn 2484a30534
docs: fix generated YAML due to trailing whitespace
If a file contains trailing whitespace, the YAML generator uses a
compact format, which is hard to read.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-29 21:59:36 +02:00
Sebastiaan van Stijn 54bbd782bf
docs: update URL for security landing page
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-29 21:16:58 +02:00
Sebastiaan van Stijn bcb2a4c925
docs: fix "docker logs" example missing container name
Thanks to rvsasseen for spotting this, and Maximillian Xavier
for the initial pull request.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-28 13:59:17 +02:00
Tibor Vass db411c35e6
Merge pull request #2743 from thaJeztah/deprecate_legacy_env_format
deprecate Dockerfile legacy 'ENV name value' syntax
2020-09-23 13:39:33 -07:00
Sebastiaan van Stijn eec6710111
deprecate Dockerfile legacy 'ENV name value' syntax
The Dockerfile `ENV` instruction allows values to be set using either `ENV name=value`
or `ENV name value`. The latter (`ENV name value`) form can be ambiguous, for example,
the following defines a single env-variable (`ONE`) with value `"TWO= THREE=world"`,
but may have intended to be setting three env-vars:

    ENV ONE TWO= THREE=world

This format also does not allow setting multiple environment-variables in a single
`ENV` line in the Dockerfile.

Use of the `ENV name value` syntax is discouraged, and may be removed in a future
release. Users are encouraged to update their Dockerfiles to use the `ENV name=value`
syntax, for example:

    ENV ONE="" TWO="" THREE="world"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-23 20:50:00 +02:00
Sebastiaan van Stijn a4a3d2f94d
builder: add note about alternative syntax
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-23 20:33:42 +02:00
Sebastiaan van Stijn 0a0037c6fd
builder: rephrase ENV section, remove examples for ENV key value without '='
The `ENV key value` form can be ambiguous, for example, the following defines
a single env-variable (`ONE`) with value `"TWO= THREE=world"`:

    ENV ONE TWO= THREE=world

While we cannot deprecate/remove that syntax (as it would break existing
Dockerfiles), we should reduce exposure of the format in our examples.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-23 13:21:20 +02:00
Sebastiaan van Stijn 6065dccc98
Add docs and bash-completion for new Linux capabilities
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-16 16:22:43 +02:00
Sebastiaan van Stijn f19e31afe2
docs: add link to linux kernel source code for capabilities
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-16 16:22:41 +02:00
Sebastiaan van Stijn 72a357858c
docs: resize capabilities table
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-16 16:22:38 +02:00
Sebastiaan van Stijn 884a5ffbdf
docs: document CAP_AUDIT_READ
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-16 15:46:09 +02:00
Sebastiaan van Stijn 4e58c29513
docs: document optional "CAP_" prefix for capabilities
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-16 15:32:04 +02:00
Sebastiaan van Stijn 5bbdcd1c9d
docs: sort list of capabilities alphabetically
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-16 15:26:20 +02:00
Sebastiaan van Stijn b4db7e38bc
docs/build: add note about git subdirectories with BuildKit
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-14 11:36:55 +02:00
Albin Kerouanton a9158bdc50
Add ulimits option to docker service create/update/inspect
This is related to moby/moby 40639.

Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-10 14:41:33 +02:00
Sebastiaan van Stijn 190c64b415
Service cap-add/cap-drop: improve handling of combinations and special "ALL" value
When creating and updating services, we need to avoid unneeded service churn.

The interaction of separate lists to "add" and "drop" capabilities, a special
("ALL") capability, as well as a "relaxed" format for accepted capabilities
(case-insensitive, `CAP_` prefix optional) make this rather involved.

This patch updates how we handle `--cap-add` / `--cap-drop` when  _creating_ as
well as _updating_, with the following rules/assumptions applied:

- both existing (service spec) and new (values passed through flags or in
  the compose-file) are normalized and de-duplicated before use.
- the special "ALL" capability is equivalent to "all capabilities" and taken
  into account when normalizing capabilities. Combining "ALL" capabilities
  and other capabilities is therefore equivalent to just specifying "ALL".
- adding capabilities takes precedence over dropping, which means that if
  a capability is both set to be "dropped" and to be "added", it is removed
  from the list to "drop".
- the final lists should be sorted and normalized to reduce service churn
- no validation of capabilities is handled by the client. Validation is
  delegated to the daemon/server.

When deploying a service using a docker-compose file, the docker-compose file
is *mostly* handled as being "declarative". However, many of the issues outlined
above also apply to compose-files, so similar handling is applied to compose
files as well to prevent service churn.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-08 14:38:35 +02:00
Sebastiaan van Stijn ca35f2973a
Merge pull request #2646 from horpto/patch-1
Add shorthand for --tail option
2020-08-17 17:19:03 +02:00
horpto 0b7147a2a5 fix docs, completion and docker service
Signed-off-by: horpto <__Singleton__@hackerdom.ru>
2020-08-06 17:37:08 +03:00
Sebastiaan van Stijn ac2ebacb9a
Merge pull request #2526 from thaJeztah/deprecate_old_config
document deprecation of legacy `~/.dockercfg` config-file
2020-08-05 09:40:45 +02:00
eyherabh 86cbe28510 Replaces ADD with COPY in the COPY section
Possibly a typo from reusing text from the ADD section.

Signed-off-by: Hugo Gabriel Eyherabide <hugogabriel.eyherabide@gmail.com>
2020-08-04 19:10:23 +03:00
Sebastiaan van Stijn 3c0a167ed5
document deprecation of legacy `~/.dockercfg` config-file
The docker CLI up until v1.7.0 used the `~/.dockercfg` file to store credentials
after authenticating to a registry (`docker login`). Docker v1.7.0 replaced this
file with a new CLI configuration file, located in `~/.docker/config.json`. When
implementing the new configuration file, the old file (and file-format) was kept
as a fall-back, to assist existing users with migrating to the new file.

Given that the old file format encourages insecure storage of credentials
(credentials are stored unencrypted), and that no version of the CLI since
Docker v1.7.0 has created this file, the file is marked deprecated, and support
for this file will be removed in a future release.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-03 11:45:35 +02:00
Tonis Tiigi 5dd9bd4c2c docs: remove docs for —-from=index
Naming stages is the preferred method for using
multi-stage builds.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-07-27 15:56:23 -07:00
Akihiro Suda 074a8dcff6
deprecate `docker run --kernel-memory`
`docker run --kernel-memory` is being deprecated in https://github.com/moby/moby/pull/41254

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-07-24 20:56:15 +09:00
Sebastiaan van Stijn 6776f7cdcd
docs/builder: add note about handling of leading whitespace
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-01 15:35:59 +02:00
Brian Wieder a6cfbd2351 Added env-file flag to docker exec
Signed-off-by: Brian Wieder <brian@4wieders.com>
2020-06-29 18:32:44 -04:00
Sebastiaan van Stijn 36c33202f7
Merge pull request #2600 from AkihiroSuda/fix-doc-cgroupdriver
docs: update for cgroup v2 and rootless
2020-06-25 19:26:07 +02:00
Silvin Lubecki 7365ad15d1
Merge pull request #2571 from thaJeztah/forward_port_ready_filtering
[master forward-port] list state `ready` for filtering in stack_ps.md
2020-06-25 15:23:48 +02:00
Silvin Lubecki 9c8818aeea
Merge pull request #2556 from thaJeztah/fix_plugin_api_link
docs/extend: fix broken link and some markdown touch-ups
2020-06-25 15:22:08 +02:00