Due to a typo, substitution would not work if the given
environment-variable was set.
Given the following docker compose file;
```yaml
version: "3.7"
services:
app:
image: nginx:${version:-latest}
```
Deploying a stack with `$version` set would ignore the `$version`
environment variable, and use the default value instead;
```bash
version=alpine docker stack deploy -c docker-compose.yml foobar
Creating network foobar_default
Creating service foobar_app
docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
rskkjxe6sm0w foobar_app replicated 1/1 nginx:latest
```
This patch also fixes "soft default" not detecting empty environment variables,
only non-set environment variables.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
(cherry picked from commit 6004d74b1f)
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
Address code review comemnts and purge additional dead code.
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
(cherry picked from commit f250152bf4)
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
Adapt the CLI to the host install model for 18.09.
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
(cherry picked from commit 342afe44fb)
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit cfec8027ed)
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
If, for some reason, the certs directory has permissions that are
inaccessible by docker, we should still be able to fetch manifests using
the `insecure` flag.
Since the cli doesn't access the engine's list of insecure registries,
the registry client should make a singleton list of the registry being queried with the
`insecure` flag.
Closes#1358
Signed-off-by: Christy Norman <christy@linux.vnet.ibm.com>
The integration test TestExportContainerWithOutputAndImportImage in moby/moby is the same as TestExportContainerAndImportImage,
except for the output file option. Adding a unit test to cover the output file option of the export command here allows
the removal of the redundant integration test TestExportContainerWithOutputAndImportImage.
Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
The config file was being truncated first, which created a window during
which it was empty, causing concurrent uses of the `docker` command to
potentially fail with:
WARNING: Error loading config file: /var/lib/jenkins/.docker/config.json: EOF
Error response from daemon: Get https://registry/v2/foo/manifests/latest: no basic auth credentials
Signed-off-by: Benoit Sigoure <tsunanet@gmail.com>
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
(cherry picked from commit 68be7cb376)
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
Warnings are now generated by the daemon, and returned as
part of the /info API response.
If warnings are returned by the daemon; use those instead
of generating them locally.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This feature brings new attribute/option for swarm init command.
default-addr-pool will take string input which can be in below format.
"CIDR,CIDR,CIDR...:SUBNET-SIZE".
Signed-off-by: selansen <elango.siva@docker.com>
This new collection of commands supports initializing a local
engine using containerd, updating that engine, and activating
the EE product
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
This patch adds a new builder subcommand, allowing to add more builder-related
commands in the future. Unfortunately `build` expects an argument so could not
be used as a subcommand.
This also implements `docker builder prune`, which is needed to prune the builder
cache manually without having to call `docker system prune`.
Today when relying on the legacy builder, users are able to prune dangling images
(used as build cache) by running `docker image prune`. This patch allows the
same usecase with buildkit.
Signed-off-by: Tibor Vass <tibor@docker.com>
This patch implements `docker build --secret id=mysecret,src=/secret/file`
for buildkit frontends that request the mysecret secret.
It is currently implemented in the tonistiigi/dockerfile:secrets20180808
frontend via RUN --mount=type=secret,id=mysecret
Signed-off-by: Tibor Vass <tibor@docker.com>
This changes the experimental --console flag to --progress following
feedback indicating avoidable confusion.
In addition to naming changes, the help output now has an additional
clarification, specifically: container output during builds are only
shown when progress output is set to plain. Not mentioning this was also
a big cause of confusion.
Signed-off-by: Tibor Vass <tibor@docker.com>
… as it is possible to do it when interpolating. It also fixes when
there is 2 variables on the same *value* (in the composefile, on the
same line)
Finaly, renaming the default, used in cli, pattern to `defaultPattern`
to not be shadowed unintentionally.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
e.g. docker -H ssh://me@server
The `docker` CLI also needs to be installed on the remote host to
provide `docker system dial-stdio`, which proxies the daemon socket to stdio.
Please refer to docs/reference/commandline/dockerd.md .
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
It allows to get easily all the variables defined in a
composefile (the `map[string]interface{}` representation that
`loader.ParseYAML` returns at least) and their default value too.
This commit also does some small function extract on substitution
funcs to reduce a tiny bit duplication.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
PersistentPreRunE needs to be called within the help function to initialize all the flags (notably the orchestrator flag)
Add an e2e test as regression test
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
This should make it easier for people to write custom composefile
parser without duplicating too much code. It takes the default
transformers and any additional number of transformer for any
types. That way it's possible to transform a `cli/compose` map into a
custom type that would use some of `cli/compose` types and its own.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This flag was added in Docker 17.06, API version 1.31 through
moby@8dc8cd4719f165c01c98e7d3ce1d6cea6a8f60b8, but didn't add
API-version annotations.
This patch adds the missing annotations to hide this flag if
the CLI is connected to an older version of the daemon that
doesn't support that API.
Before this patch:
DOCKER_API_VERSION=1.30 docker swarm init --help | grep data-path-addr
--data-path-addr string Address or interface to use for data path traffic (format: <ip|interface>)
DOCKER_API_VERSION=1.31 docker swarm init --help | grep data-path-addr
--data-path-addr string Address or interface to use for data path traffic (format: <ip|interface>)
With this patch applied:
DOCKER_API_VERSION=1.30 docker swarm init --help | grep data-path-addr
# (no result)
DOCKER_API_VERSION=1.31 docker swarm init --help | grep data-path-addr
--data-path-addr string Address or interface to use for data path traffic (format: <ip|interface>)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Use `Contains` instead of `Include`
- Use `ToJSON` instead of `ToParam`
- Remove usage of `ParseFlag` as it is deprecated too
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Even though those fields are not supported by `docker stack deploy`
they are defined in versions `3.x` of compose schema, so the `compose`
package should be able to marshal/unmarshal them.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Clarified ambiguous error message
Update kubernetes/cli.go
Infromed user of why the error was caused when file is not there
Signed-off-by: Justyn Temme <justyntemme@gmail.com>
- remove some hints that are no longer needed
- added a nolint: unparam for removeSingleSigner() (return bool is only used in tests)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
in swarm.
Also, fix some CLI command confusions:
1. If the --external-ca flag is provided, require a --ca-cert flag as well, otherwise
the external CA is set but the CA certificate is actually rotated to an internal
cert
2. If a --ca-cert flag is provided, require a --ca-key or --external-ca flag be
provided as well, otherwise either the server will say that the request is
invalid, or if there was previously an external CA corresponding to the cert, it
will succeed. While that works, it's better to require the user to explicitly
set all the parameters of the new desired root CA.
This also changes the `swarm update` function to set the external CA's CACert field,
which while not strictly necessary, makes the CA list more explicit.
Signed-off-by: Ying Li <ying.li@docker.com>
'CheckInitialized' in the credential-helper library actually invokes
`pass`, which isn't desirable (see #699).
This moves the check to be simpler, and then pass will only be invoked
when it's needed (such as for `docker login` or when pulling from a
private registry).
This logic could also reasonably live in the credential-helper library,
but it's simple enough it seems fine in either location.
Signed-off-by: Euan Kemp <euank@euank.com>