Commit Graph

800 Commits

Author SHA1 Message Date
Drew Erny 42ec51e1ae add support for config credentialspecs to compose
Signed-off-by: Drew Erny <drew.erny@docker.com>
2019-04-12 11:17:34 -05:00
Drew Erny 4cacd1304a Add CredentialSpec tests
Adds tests for setting and updating swarm service CredentialSpecs,
especially when using a Config as a credential spec.

Signed-off-by: Drew Erny <drew.erny@docker.com>
2019-04-12 11:17:34 -05:00
Drew Erny 01f4f2e80a Update CredentialSpec code to allow using configs
Updates the CredentialSpec handling code for services to allow using
swarm Configs.

Additionally, fixes a bug where the `--credential-spec` flag would not
be respected on service updates.

Signed-off-by: Drew Erny <drew.erny@docker.com>
2019-04-12 11:17:33 -05:00
Sebastiaan van Stijn 6511da877f Add support for using Configs as CredentialSpecs in services
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-12 11:17:29 -05:00
Sebastiaan van Stijn 409c590fcf
Merge pull request #1815 from simonferquel/expose-to-internal-ports
Support internal Load Balancing for Kubernetes stacks
2019-04-12 14:02:15 +02:00
Simon Ferquel cad20c759f Support internal Load Balancing for Kubernetes stacks
On the server v0.4.21 has introduced a better way of dealing with
intra-stack networking: if the user can specify a list of endpoints
exposed internally, we now can setup a ClusterIP for this to avoid the
pitfalls of DNS-based load balancing.
This exposes the feature using the "Expose" compose field, and adds an
extra x-internal-service-type field to explicitly define how intra-stack
networking is handled on a service.

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2019-04-12 11:43:30 +02:00
Simon Ferquel 1cefe057cd Add warnings when DOCKER_HOST conflicts with contexts
For clarity, on `docker context use` or `docker context ls`, this adds a
warning if the DOCKER_HOST variable is set because it overrides the
active context.

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2019-04-10 10:14:47 +02:00
Sebastiaan van Stijn d6af3e143e
Merge pull request #1773 from zappy-shu/create-context-from-current
add --from flag to context create
2019-04-09 16:38:46 +02:00
Tibor Vass 45ec86b10f vendor github.com/docker/docker to bcaa613d823
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-04-03 20:57:18 +00:00
Silvin Lubecki 39f30ef168
Merge pull request #1767 from thaJeztah/carry_317_network_advanced
[carry 317] Cli change to pass driver specific options to docker run
2019-04-03 17:00:03 +02:00
Sebastiaan van Stijn 7ad850e58d
Merge pull request #1800 from tonistiigi/update-buildkit
vendor: update buildkit to 62e55427
2019-04-03 16:56:05 +02:00
Sebastiaan van Stijn 5bc09639cc
Refactor network parsing, add preliminary support for multiple networks
This refactors the way networking options are parsed, and makes the
client able to pass options for multiple networks. Currently, the
daemon does not yet accept multiple networks when creating a container,
and will produce an error.

For backward-compatibility, the following global networking-related
options are associated with the first network (in case multiple
networks are set);

  - `--ip`
  - `--ip6`
  - `--link`
  - `--link-local-ip`
  - `--network-alias`

Not all of these options are supported yet in the advanced notation,
but for options that are supported, setting both the per-network option
and the global option will produce a "conflicting options" error.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-03 16:42:57 +02:00
Abhinandan Prativadi c4844b1fdd
Cli change to pass driver specific options to docker run
The commit contains cli changes to support driver options for a network in
docker run and docker network connect cli's. The driver-opt, aliases is now
supported in the form of csv as per network option in service commands in
swarm mode since docker/cli#62 . This commit extends this support to docker
run command as well.

For docker connect command `--driver-opt` is added to pass driver specific
options for the network the container is connecting to.

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-03 16:30:26 +02:00
Tonis Tiigi 198407c56b vendor: update buildkit to 62e55427
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-04-02 23:40:56 -07:00
Nick Adcock 8bb152d967 add --from option to context create
--from creates a context from a named context.
By default `context create` will create a context from the current context.
Replaced "from-current=" docker/kubernetes option with "from=" to allow specifying which context to copy the settings from.

Signed-off-by: Nick Adcock <nick.adcock@docker.com>
2019-04-02 13:41:47 +01:00
Tibor Vass 5bbb56bfee
Merge pull request #1772 from AkihiroSuda/dialstdio-1736
dial-stdio: fix goroutine leakage
2019-04-01 15:17:10 -07:00
Simon Ferquel 8cd74eb33a Fix the stack informer's selector used to track deployment
Old selector was wrong (it watched for the label we applied to child
resources when reconciling the stack, instead of the stack itself)

This should be back-ported to older version of the CLI

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2019-04-01 15:18:55 +02:00
Sebastiaan van Stijn f28d078426
Merge pull request #1577 from orisano/1576-improve-validate-context-directory
feat: improves ValidateContextDirectory performance
2019-04-01 13:22:27 +02:00
Sebastiaan van Stijn aa53429cb7
Merge pull request #1774 from zappy-shu/bump-kubernetes-1-13-4
bump kubernetes to v1.14.0
2019-04-01 11:49:52 +02:00
Sebastiaan van Stijn 2236568053
Merge pull request #1789 from djs55/fix-login-logout
Fix login logout when engine is down and credential helper is in use
2019-03-29 15:39:55 +01:00
Nick Adcock 0b6685bca8 bump kubernetes to v1.14.0
bump required:
- replacing vendor ghodss/yaml with sigs.k8s.io/yaml
- adding vendor k8s.io/klog and github.com/evanphx
- compose-on-kubernetes
removed 'IncludeUninitialized' from watch as it have been removed from k8s

Signed-off-by: Nick Adcock <nick.adcock@docker.com>
2019-03-29 09:20:28 +00:00
David Scott c9d0e47414 Simplify ElectAuthServer
Instead of using an `if else if else`, switch to a sequence of independent
`if` blocks containing a `return`.

Instead of defining a return variable and updating it in the `if` blocks
and returning at the end, make each `if` block return the desired value
independenly.

Signed-off-by: David Scott <dave.scott@docker.com>
2019-03-28 21:08:13 +00:00
David Scott a82e6868cc Use the default registry even without --debug
Previously if the Docker engine was not running the behaviour of
commands would vary depending on whether the --debug flag was provided.

For example, consider `docker logout`:

    $ docker logout
    Not logged in to

-- note the missing server URL

    $ docker --debug logout
    Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?). Using system default: https://index.docker.io/v1/
    Not logged in to https://index.docker.io/v1/

-- note the server URL is present

This patch makes only the debug printing conditional on the `--debug` flag,
not the return value.

Signed-off-by: David Scott <dave.scott@docker.com>
2019-03-28 21:04:39 +00:00
Sune Keller 217308d96d
Fix annotation on docker secret create --template-driver
Signed-off-by: Sune Keller <absukl@almbrand.dk>
2019-03-28 16:18:50 +01:00
Nao YONASHIRO 446762dc19 test: add filepathMatches test
Signed-off-by: Nao YONASHIRO <owan.orisano@gmail.com>
2019-03-28 01:22:11 +09:00
Nao YONASHIRO b41ddc6058 feat: improves ValidateContextDirectory performance
Signed-off-by: Nao YONASHIRO <owan.orisano@gmail.com>
2019-03-28 01:20:42 +09:00
Akihiro Suda f8d4c443ba dial-stdio: fix goroutine leakage
Fix #1736

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-03-22 20:22:00 +09:00
Lifubang 06e250d37b add test case for DetectArchiveReader
Signed-off-by: Lifubang <lifubang@acmcoder.com>
2019-03-21 15:38:31 -07:00
Kir Kolyshkin 0c20554f69 image build: fix archive detection
As pointed out in #1459, docker cli fails to detect that the input is a tarball,
in case it is generated by `git archive --format=tgz`.

This happens because `git archive` adds some metadata to the initial tar header,
and so it is more than 1 block (of 512 bytes) long, while we only provide 1 block
to archive/tar.Next() and it fails.

To fix, give it 2 blocks :)

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2019-03-21 15:38:07 -07:00
Tõnis Tiigi dca6d2afa1
Merge pull request #1765 from thaJeztah/carry_181_pids_limit
Add `--pids-limit` flag to `docker update`
2019-03-21 14:11:09 -07:00
Sebastiaan van Stijn 059c085261
Merge pull request #1714 from tiborvass/nvidia-gpu
container: --gpus support
2019-03-21 21:26:16 +01:00
Tibor Vass 1ba368a5ac container: --gpus support
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-03-21 20:14:25 +00:00
Tibor Vass bc5ad41e87
Merge pull request #1766 from tonistiigi/outputs
build: allow setting buildkit outputs
2019-03-21 10:49:46 -07:00
Tonis Tiigi ca6eb5049b build: allow setting buildkit outputs
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-03-21 10:27:59 -07:00
Simon Ferquel 470afe11ed Fix annnotation on docker config create --template-driver
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2019-03-21 16:19:06 +01:00
Sunny de3a5f0fe5
Add `--pids-limit` flag to `docker update`
Signed-off-by: Sunny Gogoi <indiasuny000@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-21 01:20:32 +01:00
Vincent Demeester f762697628
Merge pull request #1756 from thaJeztah/bump_engine_no_buildkit
Update docker/docker, containerd, runc, and some dependencies
2019-03-20 11:35:55 +01:00
Sebastiaan van Stijn fd769e1aff
Update docker/docker to 827cb09f87964ed38b46502f22a585f2ed4a78e1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-19 22:21:51 +01:00
Sebastiaan van Stijn f620349837
Add systctl support for services
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-19 13:33:32 +01:00
Vincent Demeester a4a50de4b8
Merge pull request #1671 from thaJeztah/fix_labels_expanding_env_vars
Fix labels copying value from environment variables
2019-03-19 12:18:55 +01:00
Vincent Demeester fc9ef7087e
Merge pull request #1732 from sjeandeaux/fix/issue-117
[pretty print] pretty print and healthcheck
2019-03-19 11:54:41 +01:00
Sebastiaan van Stijn b5d0d179e7
Add back validation for invalid label values on containers
This adds validation to `docker container run` / `docker container create`;

Validation of labels provided through flags was removed in 31dc5c0a9a,
after the validation was changed to fix labels without values, and to prevent
labels from being expanded with environment variables in 2b17f4c8a8

However, now empty label names from _files_ (`--label-file`) followed different
validation rules than labels passed through `--label`.

This patch adds back minimal validation for labels passed through the command-line

Before this patch:

```bash
docker container create \
  --name label \
  --label==with-leading-equal-sign \
  --label=without-value \
  --label=somelabel=somevalue \
  --label "  =  " \
  --label=with-quotes-in-value='{"foo"}' \
  --label='with"quotes"in-key=test' \
  busybox

docker container inspect --format '{{json .Config.Labels}}' label
```

```json
{
  "": "with-leading-equal-sign",
  "  ": "  ",
  "somelabel": "somevalue",
  "with\"quotes\"in-key": "test",
  "with-quotes-in-value": "{\"foo\"}",
  "without-value": ""
}
```

After this patch:

```bash
docker container create \
  --name label \
  --label==with-leading-equal-sign \
  --label=without-value \
  --label=somelabel=somevalue \
  --label "  =  " \
  --label=with-quotes-in-value='{"foo"}' \
  --label='with"quotes"in-key=test' \
  busybox

invalid argument "=with-leading-equal-sign" for "-l, --label" flag: invalid label format: "=with-leading-equal-sign"
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-19 03:02:06 +01:00
Sebastiaan van Stijn f2424bd375
Fix labels copying value from environment variables
This patch fixes a bug where labels use the same behavior as `--env`, resulting
in a value to be copied from environment variables with the same name as the
label if no value is set (i.e. a simple key, no `=` sign, no value).

An earlier pull request addressed similar cases for `docker run`;
2b17f4c8a8, but this did not address the
same situation for (e.g.) `docker service create`.

Digging in history for this bug, I found that use of the `ValidateEnv`
function for  labels was added in the original implementation of the labels feature in
abb5e9a077 (diff-ae476143d40e21ac0918630f7365ed3cR34)

However, the design never intended it to expand environment variables,
and use of this function was either due to either a "copy/paste" of the
equivalent `--env` flags, or a misunderstanding (the name `ValidateEnv` does
not communicate that it also expands environment variables), and the existing
`ValidateLabel` was designed for _engine_ labels (which required a value to
be set).

Following the initial implementation, other parts of the code followed
the same (incorrect) approach, therefore leading the bug to be introduced
in services as well.

This patch:

- updates the `ValidateLabel` to match the expected validation
  rules (this function is no longer used since 31dc5c0a9a),
  and the daemon has its own implementation)
- corrects various locations in the code where `ValidateEnv` was used instead of `ValidateLabel`.

Before this patch:

```bash
export SOME_ENV_VAR=I_AM_SOME_ENV_VAR
docker service create --label SOME_ENV_VAR --tty --name test busybox

docker service inspect --format '{{json .Spec.Labels}}' test
{"SOME_ENV_VAR":"I_AM_SOME_ENV_VAR"}
```

After this patch:

```bash
export SOME_ENV_VAR=I_AM_SOME_ENV_VAR
docker service create --label SOME_ENV_VAR --tty --name test busybox

docker container inspect --format '{{json .Config.Labels}}' test
{"SOME_ENV_VAR":""}
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-19 03:01:57 +01:00
Stephane Jeandeaux d4ad7a94d2 [#117] remove blank line and fix order
Signed-off-by: Stephane Jeandeaux <stephane.jeandeaux@gmail.com>
2019-03-18 21:37:22 -04:00
Sebastiaan van Stijn 8c3a619d13
Merge pull request #1740 from tonistiigi/platform-flag
build: enable platform flag for build if buildkit
2019-03-18 19:21:46 +01:00
Tonis Tiigi 2caffb12c7 build: enable platform flag for build if buildkit
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-03-18 10:37:08 -07:00
Sebastiaan van Stijn 26e004797b
Make system prune warning filters human-readable
The warning, printed before running `docker system prune` was printing the
filters in JSON format.

This patch attempts to make the output human readable;

- updating the code, and template to print filters individually
- reducing the indentation (which was quite deep)

Before this patch was applied;

```
docker system prune --filter until=24h --filter label=hello-world --filter label!=foo=bar --filter label=bar=baz

WARNING! This will remove:
        - all stopped containers
        - all networks not used by at least one container
        - all dangling images
        - all dangling build cache
        - Elements to be pruned will be filtered with:
        - label={"label":{"bar=baz":true,"hello-world":true},"label!":{"foo=bar":true},"until":{"24h":true}}
Are you sure you want to continue? [y/N]
```

With this patch applied;

```
WARNING! This will remove:
  - all stopped containers
  - all networks not used by at least one container
  - all dangling images
  - all dangling build cache

  Items to be pruned will be filtered with:
  - label!=foo=bar
  - label!=never=remove-me
  - label=bar=baz
  - label=hello-world
  - label=remove=me
  - until=24h

Are you sure you want to continue? [y/N]
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-18 13:57:18 +01:00
Sebastiaan van Stijn 4a0218bb11
Fix system prune warning missing filters from config-file
The warning, printed before runing docker system prune was missing any filter
that was set in the configuration file. In addition, the warning prefixes the
filters with `label=`, which is no longer accurate, now that the prune command
also supports "until" as a filter.

Before this change, only the filters set on the command-line were shown,
and any filter set in the configuration file was missing;

```
mkdir -p ./test-config
echo '{"pruneFilters": ["label!=never=remove-me", "label=remove=me"]}' > test-config/config.json
docker --config=./test-config system prune --filter until=24h --filter label=hello-world --filter label!=foo=bar --filter label=bar=baz

WARNING! This will remove:
        - all stopped containers
        - all networks not used by at least one container
        - all dangling images
        - all dangling build cache
        - Elements to be pruned will be filtered with:
        - label={"label":{"bar=baz":true,"hello-world":true},"label!":{"foo=bar":true},"until":{"24h":true}}
Are you sure you want to continue? [y/N]
```

With this patch applied, both options from the commandline and options set
in the configuration file are shown;

```
mkdir -p ./test-config
echo '{"pruneFilters": ["label!=never=remove-me", "label=remove=me"]}' > test-config/config.json
docker --config=./test-config system prune --filter until=24h --filter label=hello-world --filter label!=foo=bar --filter label=bar=baz

WARNING! This will remove:
        - all stopped containers
        - all networks not used by at least one container
        - all dangling images
        - all dangling build cache
        - Elements to be pruned will be filtered with:
        - filter={"label":{"bar=baz":true,"hello-world":true,"remove=me":true},"label!":{"foo=bar":true,"never=remove-me":true},"until":{"24h":true}}
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-18 13:57:09 +01:00
Jean-Christophe Sirot b3aa17187f Make default context behaves like a real context:
- when using "--context default" parameter
- when printing the list of contexts
- when exporting the default context to a tarball

Signed-off-by: Jean-Christophe Sirot <jean-christophe.sirot@docker.com>
(+1 squashed commit)
Squashed commits:
[20670495] Fix CLI initialization for the `docker stack deploy --help` command and ensure that the dockerCli.CurrentContext() always returns a non empty context name (default as a fallback)
Remove now obsolete code handling empty string context name
Minor code cleanup

Signed-off-by: Jean-Christophe Sirot <jean-christophe.sirot@docker.com>
2019-03-18 11:45:46 +01:00
Jean-Christophe Sirot a1af6e261f Cover the changes with unit test
Signed-off-by: Jean-Christophe Sirot <jean-christophe.sirot@docker.com>
2019-03-13 14:18:41 +01:00