in swarm.
Also, fix some CLI command confusions:
1. If the --external-ca flag is provided, require a --ca-cert flag as well, otherwise
the external CA is set but the CA certificate is actually rotated to an internal
cert
2. If a --ca-cert flag is provided, require a --ca-key or --external-ca flag be
provided as well, otherwise either the server will say that the request is
invalid, or if there was previously an external CA corresponding to the cert, it
will succeed. While that works, it's better to require the user to explicitly
set all the parameters of the new desired root CA.
This also changes the `swarm update` function to set the external CA's CACert field,
which while not strictly necessary, makes the CA list more explicit.
Signed-off-by: Ying Li <ying.li@docker.com>
'CheckInitialized' in the credential-helper library actually invokes
`pass`, which isn't desirable (see #699).
This moves the check to be simpler, and then pass will only be invoked
when it's needed (such as for `docker login` or when pulling from a
private registry).
This logic could also reasonably live in the credential-helper library,
but it's simple enough it seems fine in either location.
Signed-off-by: Euan Kemp <euank@euank.com>
Stores complete OCI descriptor instead of digest and platform
fields. This includes the size which was getting lost by not
storing the original manifest bytes.
Attempt to support existing cached files, if not output
the filename with the incorrect content.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
It makes it easier to get the correct stack from a compose config
struct without requiring the client (and thus talking to k8s API)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
- Handle `bundlefile` directly in the `top-level`
command. `bundlefile` is still experimental and will be deprecated
in future version — this should make be easier to remove it.
- Validate the `stack` name in all cases (i.e. whatever the
orchestrator is used)
- Load the composefile ahead of choosing the orchestrator. This
removes some slight duplication.
- Makes `RunDeploy` easier to use from outside packages (like
`docker/app`) with a preloaded configuration.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
- Add the possibility to skip interpolation
- Add the possibility to skip schema validation
- Allow customizing the substitution function, to add special cases.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
> Run an init inside the container that forwards signals and reaps
processes
This is supported on `run` and now on Swarm services too, so it's also
possible to have in on a composefile :).
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
That field is automaticaly populated with any `x-*` field in the yaml.
And marshalling the compose config struct put them back into place.
This make it possible to get those extra fields without re-inventing
the wheel (i.e. reimplementing 80% of the `cli/compose/*` packages.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
The output of this information can be confusing,
so removing until we have a better design for this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Renaming DOCKER_ORCHESTRATOR to DOCKER_STACK_ORCHESTRATOR
* Renaming config file option "orchestrator" to "stackOrchestrator"
* "--orchestrator" flag is no more global but local to stack command and subcommands
* Cleaning all global orchestrator code
* Replicating Hidden flags in help and Supported flags from root command to stack command
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
Sebastiaan van Stijn
Sebastiaan van Stijn
Arash Deshmeh
Vincent Demeester
Sami Tabet
Silvin
Tibor Vass
Tibor Vass
Tõnis Tiigi
Ying Li
Vincent Demeester
Silvin Lubecki
Euan Kemp
Derek McGowan
Eli Uriegas