`.
+ For instance, if container name is `my.ctr` and the network is named
+ `testnet`, `DNSNames` will contain `my.ctr` and the FQDN will be
+ `my.ctr.testnet`.
+ type: array
+ items:
+ type: string
+ example: ["foobar", "server_x", "server_y", "my.ctr"]
+
+ EndpointIPAMConfig:
+ description: |
+ EndpointIPAMConfig represents an endpoint's IPAM configuration.
+ type: "object"
+ x-nullable: true
+ properties:
+ IPv4Address:
+ type: "string"
+ example: "172.20.30.33"
+ IPv6Address:
+ type: "string"
+ example: "2001:db8:abcd::3033"
+ LinkLocalIPs:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "169.254.34.68"
+ - "fe80::3468"
+
+ PluginMount:
+ type: "object"
+ x-nullable: false
+ required: [Name, Description, Settable, Source, Destination, Type, Options]
+ properties:
+ Name:
+ type: "string"
+ x-nullable: false
+ example: "some-mount"
+ Description:
+ type: "string"
+ x-nullable: false
+ example: "This is a mount that's used by the plugin."
+ Settable:
+ type: "array"
+ items:
+ type: "string"
+ Source:
+ type: "string"
+ example: "/var/lib/docker/plugins/"
+ Destination:
+ type: "string"
+ x-nullable: false
+ example: "/mnt/state"
+ Type:
+ type: "string"
+ x-nullable: false
+ example: "bind"
+ Options:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "rbind"
+ - "rw"
+
+ PluginDevice:
+ type: "object"
+ required: [Name, Description, Settable, Path]
+ x-nullable: false
+ properties:
+ Name:
+ type: "string"
+ x-nullable: false
+ Description:
+ type: "string"
+ x-nullable: false
+ Settable:
+ type: "array"
+ items:
+ type: "string"
+ Path:
+ type: "string"
+ example: "/dev/fuse"
+
+ PluginEnv:
+ type: "object"
+ x-nullable: false
+ required: [Name, Description, Settable, Value]
+ properties:
+ Name:
+ x-nullable: false
+ type: "string"
+ Description:
+ x-nullable: false
+ type: "string"
+ Settable:
+ type: "array"
+ items:
+ type: "string"
+ Value:
+ type: "string"
+
+ PluginInterfaceType:
+ type: "object"
+ x-nullable: false
+ required: [Prefix, Capability, Version]
+ properties:
+ Prefix:
+ type: "string"
+ x-nullable: false
+ Capability:
+ type: "string"
+ x-nullable: false
+ Version:
+ type: "string"
+ x-nullable: false
+
+ PluginPrivilege:
+ description: |
+ Describes a permission the user has to accept upon installing
+ the plugin.
+ type: "object"
+ x-go-name: "PluginPrivilege"
+ properties:
+ Name:
+ type: "string"
+ example: "network"
+ Description:
+ type: "string"
+ Value:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "host"
+
+ Plugin:
+ description: "A plugin for the Engine API"
+ type: "object"
+ required: [Settings, Enabled, Config, Name]
+ properties:
+ Id:
+ type: "string"
+ example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+ Name:
+ type: "string"
+ x-nullable: false
+ example: "tiborvass/sample-volume-plugin"
+ Enabled:
+ description:
+ True if the plugin is running. False if the plugin is not running,
+ only installed.
+ type: "boolean"
+ x-nullable: false
+ example: true
+ Settings:
+ description: "Settings that can be modified by users."
+ type: "object"
+ x-nullable: false
+ required: [Args, Devices, Env, Mounts]
+ properties:
+ Mounts:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginMount"
+ Env:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "DEBUG=0"
+ Args:
+ type: "array"
+ items:
+ type: "string"
+ Devices:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginDevice"
+ PluginReference:
+ description: "plugin remote reference used to push/pull the plugin"
+ type: "string"
+ x-nullable: false
+ example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
+ Config:
+ description: "The config of a plugin."
+ type: "object"
+ x-nullable: false
+ required:
+ - Description
+ - Documentation
+ - Interface
+ - Entrypoint
+ - WorkDir
+ - Network
+ - Linux
+ - PidHost
+ - PropagatedMount
+ - IpcHost
+ - Mounts
+ - Env
+ - Args
+ properties:
+ DockerVersion:
+ description: "Docker Version used to create the plugin"
+ type: "string"
+ x-nullable: false
+ example: "17.06.0-ce"
+ Description:
+ type: "string"
+ x-nullable: false
+ example: "A sample volume plugin for Docker"
+ Documentation:
+ type: "string"
+ x-nullable: false
+ example: "https://docs.docker.com/engine/extend/plugins/"
+ Interface:
+ description: "The interface between Docker and the plugin"
+ x-nullable: false
+ type: "object"
+ required: [Types, Socket]
+ properties:
+ Types:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginInterfaceType"
+ example:
+ - "docker.volumedriver/1.0"
+ Socket:
+ type: "string"
+ x-nullable: false
+ example: "plugins.sock"
+ ProtocolScheme:
+ type: "string"
+ example: "some.protocol/v1.0"
+ description: "Protocol to use for clients connecting to the plugin."
+ enum:
+ - ""
+ - "moby.plugins.http/v1"
+ Entrypoint:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "/usr/bin/sample-volume-plugin"
+ - "/data"
+ WorkDir:
+ type: "string"
+ x-nullable: false
+ example: "/bin/"
+ User:
+ type: "object"
+ x-nullable: false
+ properties:
+ UID:
+ type: "integer"
+ format: "uint32"
+ example: 1000
+ GID:
+ type: "integer"
+ format: "uint32"
+ example: 1000
+ Network:
+ type: "object"
+ x-nullable: false
+ required: [Type]
+ properties:
+ Type:
+ x-nullable: false
+ type: "string"
+ example: "host"
+ Linux:
+ type: "object"
+ x-nullable: false
+ required: [Capabilities, AllowAllDevices, Devices]
+ properties:
+ Capabilities:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "CAP_SYS_ADMIN"
+ - "CAP_SYSLOG"
+ AllowAllDevices:
+ type: "boolean"
+ x-nullable: false
+ example: false
+ Devices:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginDevice"
+ PropagatedMount:
+ type: "string"
+ x-nullable: false
+ example: "/mnt/volumes"
+ IpcHost:
+ type: "boolean"
+ x-nullable: false
+ example: false
+ PidHost:
+ type: "boolean"
+ x-nullable: false
+ example: false
+ Mounts:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginMount"
+ Env:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginEnv"
+ example:
+ - Name: "DEBUG"
+ Description: "If set, prints debug messages"
+ Settable: null
+ Value: "0"
+ Args:
+ type: "object"
+ x-nullable: false
+ required: [Name, Description, Settable, Value]
+ properties:
+ Name:
+ x-nullable: false
+ type: "string"
+ example: "args"
+ Description:
+ x-nullable: false
+ type: "string"
+ example: "command line arguments"
+ Settable:
+ type: "array"
+ items:
+ type: "string"
+ Value:
+ type: "array"
+ items:
+ type: "string"
+ rootfs:
+ type: "object"
+ properties:
+ type:
+ type: "string"
+ example: "layers"
+ diff_ids:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
+ - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+
+ ObjectVersion:
+ description: |
+ The version number of the object such as node, service, etc. This is needed
+ to avoid conflicting writes. The client must send the version number along
+ with the modified specification when updating these objects.
+
+ This approach ensures safe concurrency and determinism in that the change
+ on the object may not be applied if the version number has changed from the
+ last read. In other words, if two update requests specify the same base
+ version, only one of the requests can succeed. As a result, two separate
+ update requests that happen at the same time will not unintentionally
+ overwrite each other.
+ type: "object"
+ properties:
+ Index:
+ type: "integer"
+ format: "uint64"
+ example: 373531
+
+ NodeSpec:
+ type: "object"
+ properties:
+ Name:
+ description: "Name for the node."
+ type: "string"
+ example: "my-node"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ Role:
+ description: "Role of the node."
+ type: "string"
+ enum:
+ - "worker"
+ - "manager"
+ example: "manager"
+ Availability:
+ description: "Availability of the node."
+ type: "string"
+ enum:
+ - "active"
+ - "pause"
+ - "drain"
+ example: "active"
+ example:
+ Availability: "active"
+ Name: "node-name"
+ Role: "manager"
+ Labels:
+ foo: "bar"
+
+ Node:
+ type: "object"
+ properties:
+ ID:
+ type: "string"
+ example: "24ifsmvkjbyhk"
+ Version:
+ $ref: "#/definitions/ObjectVersion"
+ CreatedAt:
+ description: |
+ Date and time at which the node was added to the swarm in
+ [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+ type: "string"
+ format: "dateTime"
+ example: "2016-08-18T10:44:24.496525531Z"
+ UpdatedAt:
+ description: |
+ Date and time at which the node was last updated in
+ [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+ type: "string"
+ format: "dateTime"
+ example: "2017-08-09T07:09:37.632105588Z"
+ Spec:
+ $ref: "#/definitions/NodeSpec"
+ Description:
+ $ref: "#/definitions/NodeDescription"
+ Status:
+ $ref: "#/definitions/NodeStatus"
+ ManagerStatus:
+ $ref: "#/definitions/ManagerStatus"
+
+ NodeDescription:
+ description: |
+ NodeDescription encapsulates the properties of the Node as reported by the
+ agent.
+ type: "object"
+ properties:
+ Hostname:
+ type: "string"
+ example: "bf3067039e47"
+ Platform:
+ $ref: "#/definitions/Platform"
+ Resources:
+ $ref: "#/definitions/ResourceObject"
+ Engine:
+ $ref: "#/definitions/EngineDescription"
+ TLSInfo:
+ $ref: "#/definitions/TLSInfo"
+
+ Platform:
+ description: |
+ Platform represents the platform (Arch/OS).
+ type: "object"
+ properties:
+ Architecture:
+ description: |
+ Architecture represents the hardware architecture (for example,
+ `x86_64`).
+ type: "string"
+ example: "x86_64"
+ OS:
+ description: |
+ OS represents the Operating System (for example, `linux` or `windows`).
+ type: "string"
+ example: "linux"
+
+ EngineDescription:
+ description: "EngineDescription provides information about an engine."
+ type: "object"
+ properties:
+ EngineVersion:
+ type: "string"
+ example: "17.06.0"
+ Labels:
+ type: "object"
+ additionalProperties:
+ type: "string"
+ example:
+ foo: "bar"
+ Plugins:
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ Type:
+ type: "string"
+ Name:
+ type: "string"
+ example:
+ - Type: "Log"
+ Name: "awslogs"
+ - Type: "Log"
+ Name: "fluentd"
+ - Type: "Log"
+ Name: "gcplogs"
+ - Type: "Log"
+ Name: "gelf"
+ - Type: "Log"
+ Name: "journald"
+ - Type: "Log"
+ Name: "json-file"
+ - Type: "Log"
+ Name: "splunk"
+ - Type: "Log"
+ Name: "syslog"
+ - Type: "Network"
+ Name: "bridge"
+ - Type: "Network"
+ Name: "host"
+ - Type: "Network"
+ Name: "ipvlan"
+ - Type: "Network"
+ Name: "macvlan"
+ - Type: "Network"
+ Name: "null"
+ - Type: "Network"
+ Name: "overlay"
+ - Type: "Volume"
+ Name: "local"
+ - Type: "Volume"
+ Name: "localhost:5000/vieux/sshfs:latest"
+ - Type: "Volume"
+ Name: "vieux/sshfs:latest"
+
+ TLSInfo:
+ description: |
+ Information about the issuer of leaf TLS certificates and the trusted root
+ CA certificate.
+ type: "object"
+ properties:
+ TrustRoot:
+ description: |
+ The root CA certificate(s) that are used to validate leaf TLS
+ certificates.
+ type: "string"
+ CertIssuerSubject:
+ description:
+ The base64-url-safe-encoded raw subject bytes of the issuer.
+ type: "string"
+ CertIssuerPublicKey:
+ description: |
+ The base64-url-safe-encoded raw public key bytes of the issuer.
+ type: "string"
+ example:
+ TrustRoot: |
+ -----BEGIN CERTIFICATE-----
+ MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+ EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+ MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+ A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+ 3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+ Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+ PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+ pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+ -----END CERTIFICATE-----
+ CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+ CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+
+ NodeStatus:
+ description: |
+ NodeStatus represents the status of a node.
+
+ It provides the current status of the node, as seen by the manager.
+ type: "object"
+ properties:
+ State:
+ $ref: "#/definitions/NodeState"
+ Message:
+ type: "string"
+ example: ""
+ Addr:
+ description: "IP address of the node."
+ type: "string"
+ example: "172.17.0.2"
+
+ NodeState:
+ description: "NodeState represents the state of a node."
+ type: "string"
+ enum:
+ - "unknown"
+ - "down"
+ - "ready"
+ - "disconnected"
+ example: "ready"
+
+ ManagerStatus:
+ description: |
+ ManagerStatus represents the status of a manager.
+
+ It provides the current status of a node's manager component, if the node
+ is a manager.
+ x-nullable: true
+ type: "object"
+ properties:
+ Leader:
+ type: "boolean"
+ default: false
+ example: true
+ Reachability:
+ $ref: "#/definitions/Reachability"
+ Addr:
+ description: |
+ The IP address and port at which the manager is reachable.
+ type: "string"
+ example: "10.0.0.46:2377"
+
+ Reachability:
+ description: "Reachability represents the reachability of a node."
+ type: "string"
+ enum:
+ - "unknown"
+ - "unreachable"
+ - "reachable"
+ example: "reachable"
+
+ SwarmSpec:
+ description: "User modifiable swarm configuration."
+ type: "object"
+ properties:
+ Name:
+ description: "Name of the swarm."
+ type: "string"
+ example: "default"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ example:
+ com.example.corp.type: "production"
+ com.example.corp.department: "engineering"
+ Orchestration:
+ description: "Orchestration configuration."
+ type: "object"
+ x-nullable: true
+ properties:
+ TaskHistoryRetentionLimit:
+ description: |
+ The number of historic tasks to keep per instance or node. If
+ negative, never remove completed or failed tasks.
+ type: "integer"
+ format: "int64"
+ example: 10
+ Raft:
+ description: "Raft configuration."
+ type: "object"
+ properties:
+ SnapshotInterval:
+ description: "The number of log entries between snapshots."
+ type: "integer"
+ format: "uint64"
+ example: 10000
+ KeepOldSnapshots:
+ description: |
+ The number of snapshots to keep beyond the current snapshot.
+ type: "integer"
+ format: "uint64"
+ LogEntriesForSlowFollowers:
+ description: |
+ The number of log entries to keep around to sync up slow followers
+ after a snapshot is created.
+ type: "integer"
+ format: "uint64"
+ example: 500
+ ElectionTick:
+ description: |
+ The number of ticks that a follower will wait for a message from
+ the leader before becoming a candidate and starting an election.
+ `ElectionTick` must be greater than `HeartbeatTick`.
+
+ A tick currently defaults to one second, so these translate
+ directly to seconds currently, but this is NOT guaranteed.
+ type: "integer"
+ example: 3
+ HeartbeatTick:
+ description: |
+ The number of ticks between heartbeats. Every HeartbeatTick ticks,
+ the leader will send a heartbeat to the followers.
+
+ A tick currently defaults to one second, so these translate
+ directly to seconds currently, but this is NOT guaranteed.
+ type: "integer"
+ example: 1
+ Dispatcher:
+ description: "Dispatcher configuration."
+ type: "object"
+ x-nullable: true
+ properties:
+ HeartbeatPeriod:
+ description: |
+ The delay for an agent to send a heartbeat to the dispatcher.
+ type: "integer"
+ format: "int64"
+ example: 5000000000
+ CAConfig:
+ description: "CA configuration."
+ type: "object"
+ x-nullable: true
+ properties:
+ NodeCertExpiry:
+ description: "The duration node certificates are issued for."
+ type: "integer"
+ format: "int64"
+ example: 7776000000000000
+ ExternalCAs:
+ description: |
+ Configuration for forwarding signing requests to an external
+ certificate authority.
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ Protocol:
+ description: |
+ Protocol for communication with the external CA (currently
+ only `cfssl` is supported).
+ type: "string"
+ enum:
+ - "cfssl"
+ default: "cfssl"
+ URL:
+ description: |
+ URL where certificate signing requests should be sent.
+ type: "string"
+ Options:
+ description: |
+ An object with key/value pairs that are interpreted as
+ protocol-specific options for the external CA driver.
+ type: "object"
+ additionalProperties:
+ type: "string"
+ CACert:
+ description: |
+ The root CA certificate (in PEM format) this external CA uses
+ to issue TLS certificates (assumed to be to the current swarm
+ root CA certificate if not provided).
+ type: "string"
+ SigningCACert:
+ description: |
+ The desired signing CA certificate for all swarm node TLS leaf
+ certificates, in PEM format.
+ type: "string"
+ SigningCAKey:
+ description: |
+ The desired signing CA key for all swarm node TLS leaf certificates,
+ in PEM format.
+ type: "string"
+ ForceRotate:
+ description: |
+ An integer whose purpose is to force swarm to generate a new
+ signing CA certificate and key, if none have been specified in
+ `SigningCACert` and `SigningCAKey`
+ format: "uint64"
+ type: "integer"
+ EncryptionConfig:
+ description: "Parameters related to encryption-at-rest."
+ type: "object"
+ properties:
+ AutoLockManagers:
+ description: |
+ If set, generate a key and use it to lock data stored on the
+ managers.
+ type: "boolean"
+ example: false
+ TaskDefaults:
+ description: "Defaults for creating tasks in this cluster."
+ type: "object"
+ properties:
+ LogDriver:
+ description: |
+ The log driver to use for tasks created in the orchestrator if
+ unspecified by a service.
+
+ Updating this value only affects new tasks. Existing tasks continue
+ to use their previously configured log driver until recreated.
+ type: "object"
+ properties:
+ Name:
+ description: |
+ The log driver to use as a default for new tasks.
+ type: "string"
+ example: "json-file"
+ Options:
+ description: |
+ Driver-specific options for the selected log driver, specified
+ as key/value pairs.
+ type: "object"
+ additionalProperties:
+ type: "string"
+ example:
+ "max-file": "10"
+ "max-size": "100m"
+
+ # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+ # without `JoinTokens`.
+ ClusterInfo:
+ description: |
+ ClusterInfo represents information about the swarm as is returned by the
+ "/info" endpoint. Join-tokens are not included.
+ x-nullable: true
+ type: "object"
+ properties:
+ ID:
+ description: "The ID of the swarm."
+ type: "string"
+ example: "abajmipo7b4xz5ip2nrla6b11"
+ Version:
+ $ref: "#/definitions/ObjectVersion"
+ CreatedAt:
+ description: |
+ Date and time at which the swarm was initialised in
+ [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+ type: "string"
+ format: "dateTime"
+ example: "2016-08-18T10:44:24.496525531Z"
+ UpdatedAt:
+ description: |
+ Date and time at which the swarm was last updated in
+ [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+ type: "string"
+ format: "dateTime"
+ example: "2017-08-09T07:09:37.632105588Z"
+ Spec:
+ $ref: "#/definitions/SwarmSpec"
+ TLSInfo:
+ $ref: "#/definitions/TLSInfo"
+ RootRotationInProgress:
+ description: |
+ Whether there is currently a root CA rotation in progress for the swarm
+ type: "boolean"
+ example: false
+ DataPathPort:
+ description: |
+ DataPathPort specifies the data path port number for data traffic.
+ Acceptable port range is 1024 to 49151.
+ If no port is set or is set to 0, the default port (4789) is used.
+ type: "integer"
+ format: "uint32"
+ default: 4789
+ example: 4789
+ DefaultAddrPool:
+ description: |
+ Default Address Pool specifies default subnet pools for global scope
+ networks.
+ type: "array"
+ items:
+ type: "string"
+ format: "CIDR"
+ example: ["10.10.0.0/16", "20.20.0.0/16"]
+ SubnetSize:
+ description: |
+ SubnetSize specifies the subnet size of the networks created from the
+ default subnet pool.
+ type: "integer"
+ format: "uint32"
+ maximum: 29
+ default: 24
+ example: 24
+
+ JoinTokens:
+ description: |
+ JoinTokens contains the tokens workers and managers need to join the swarm.
+ type: "object"
+ properties:
+ Worker:
+ description: |
+ The token workers can use to join the swarm.
+ type: "string"
+ example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+ Manager:
+ description: |
+ The token managers can use to join the swarm.
+ type: "string"
+ example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+
+ Swarm:
+ type: "object"
+ allOf:
+ - $ref: "#/definitions/ClusterInfo"
+ - type: "object"
+ properties:
+ JoinTokens:
+ $ref: "#/definitions/JoinTokens"
+
+ TaskSpec:
+ description: "User modifiable task configuration."
+ type: "object"
+ properties:
+ PluginSpec:
+ type: "object"
+ description: |
+ Plugin spec for the service. *(Experimental release only.)*
+
+
+
+ > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+ > mutually exclusive. PluginSpec is only used when the Runtime field
+ > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+ > field is set to `attachment`.
+ properties:
+ Name:
+ description: "The name or 'alias' to use for the plugin."
+ type: "string"
+ Remote:
+ description: "The plugin image reference to use."
+ type: "string"
+ Disabled:
+ description: "Disable the plugin once scheduled."
+ type: "boolean"
+ PluginPrivilege:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginPrivilege"
+ ContainerSpec:
+ type: "object"
+ description: |
+ Container spec for the service.
+
+
+
+ > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+ > mutually exclusive. PluginSpec is only used when the Runtime field
+ > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+ > field is set to `attachment`.
+ properties:
+ Image:
+ description: "The image name to use for the container"
+ type: "string"
+ Labels:
+ description: "User-defined key/value data."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ Command:
+ description: "The command to be run in the image."
+ type: "array"
+ items:
+ type: "string"
+ Args:
+ description: "Arguments to the command."
+ type: "array"
+ items:
+ type: "string"
+ Hostname:
+ description: |
+ The hostname to use for the container, as a valid
+ [RFC 1123](https://tools.ietf.org/html/rfc1123) hostname.
+ type: "string"
+ Env:
+ description: |
+ A list of environment variables in the form `VAR=value`.
+ type: "array"
+ items:
+ type: "string"
+ Dir:
+ description: "The working directory for commands to run in."
+ type: "string"
+ User:
+ description: "The user inside the container."
+ type: "string"
+ Groups:
+ type: "array"
+ description: |
+ A list of additional groups that the container process will run as.
+ items:
+ type: "string"
+ Privileges:
+ type: "object"
+ description: "Security options for the container"
+ properties:
+ CredentialSpec:
+ type: "object"
+ description: "CredentialSpec for managed service account (Windows only)"
+ properties:
+ Config:
+ type: "string"
+ example: "0bt9dmxjvjiqermk6xrop3ekq"
+ description: |
+ Load credential spec from a Swarm Config with the given ID.
+ The specified config must also be present in the Configs
+ field with the Runtime property set.
+
+
+
+
+ > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
+ > and `CredentialSpec.Config` are mutually exclusive.
+ File:
+ type: "string"
+ example: "spec.json"
+ description: |
+ Load credential spec from this file. The file is read by
+ the daemon, and must be present in the `CredentialSpecs`
+ subdirectory in the docker data directory, which defaults
+ to `C:\ProgramData\Docker\` on Windows.
+
+ For example, specifying `spec.json` loads
+ `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+
+
+
+ > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
+ > and `CredentialSpec.Config` are mutually exclusive.
+ Registry:
+ type: "string"
+ description: |
+ Load credential spec from this value in the Windows
+ registry. The specified registry value must be located in:
+
+ `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+
+
+
+
+ > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
+ > and `CredentialSpec.Config` are mutually exclusive.
+ SELinuxContext:
+ type: "object"
+ description: "SELinux labels of the container"
+ properties:
+ Disable:
+ type: "boolean"
+ description: "Disable SELinux"
+ User:
+ type: "string"
+ description: "SELinux user label"
+ Role:
+ type: "string"
+ description: "SELinux role label"
+ Type:
+ type: "string"
+ description: "SELinux type label"
+ Level:
+ type: "string"
+ description: "SELinux level label"
+ Seccomp:
+ type: "object"
+ description: "Options for configuring seccomp on the container"
+ properties:
+ Mode:
+ type: "string"
+ enum:
+ - "default"
+ - "unconfined"
+ - "custom"
+ Profile:
+ description: "The custom seccomp profile as a json object"
+ type: "string"
+ AppArmor:
+ type: "object"
+ description: "Options for configuring AppArmor on the container"
+ properties:
+ Mode:
+ type: "string"
+ enum:
+ - "default"
+ - "disabled"
+ NoNewPrivileges:
+ type: "boolean"
+ description: "Configuration of the no_new_privs bit in the container"
+
+ TTY:
+ description: "Whether a pseudo-TTY should be allocated."
+ type: "boolean"
+ OpenStdin:
+ description: "Open `stdin`"
+ type: "boolean"
+ ReadOnly:
+ description: "Mount the container's root filesystem as read only."
+ type: "boolean"
+ Mounts:
+ description: |
+ Specification for mounts to be added to containers created as part
+ of the service.
+ type: "array"
+ items:
+ $ref: "#/definitions/Mount"
+ StopSignal:
+ description: "Signal to stop the container."
+ type: "string"
+ StopGracePeriod:
+ description: |
+ Amount of time to wait for the container to terminate before
+ forcefully killing it.
+ type: "integer"
+ format: "int64"
+ HealthCheck:
+ $ref: "#/definitions/HealthConfig"
+ Hosts:
+ type: "array"
+ description: |
+ A list of hostname/IP mappings to add to the container's `hosts`
+ file. The format of extra hosts is specified in the
+ [hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
+ man page:
+
+ IP_address canonical_hostname [aliases...]
+ items:
+ type: "string"
+ DNSConfig:
+ description: |
+ Specification for DNS related configurations in resolver configuration
+ file (`resolv.conf`).
+ type: "object"
+ properties:
+ Nameservers:
+ description: "The IP addresses of the name servers."
+ type: "array"
+ items:
+ type: "string"
+ Search:
+ description: "A search list for host-name lookup."
+ type: "array"
+ items:
+ type: "string"
+ Options:
+ description: |
+ A list of internal resolver variables to be modified (e.g.,
+ `debug`, `ndots:3`, etc.).
+ type: "array"
+ items:
+ type: "string"
+ Secrets:
+ description: |
+ Secrets contains references to zero or more secrets that will be
+ exposed to the service.
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ File:
+ description: |
+ File represents a specific target that is backed by a file.
+ type: "object"
+ properties:
+ Name:
+ description: |
+ Name represents the final filename in the filesystem.
+ type: "string"
+ UID:
+ description: "UID represents the file UID."
+ type: "string"
+ GID:
+ description: "GID represents the file GID."
+ type: "string"
+ Mode:
+ description: "Mode represents the FileMode of the file."
+ type: "integer"
+ format: "uint32"
+ SecretID:
+ description: |
+ SecretID represents the ID of the specific secret that we're
+ referencing.
+ type: "string"
+ SecretName:
+ description: |
+ SecretName is the name of the secret that this references,
+ but this is just provided for lookup/display purposes. The
+ secret in the reference will be identified by its ID.
+ type: "string"
+ OomScoreAdj:
+ type: "integer"
+ format: "int64"
+ description: |
+ An integer value containing the score given to the container in
+ order to tune OOM killer preferences.
+ example: 0
+ Configs:
+ description: |
+ Configs contains references to zero or more configs that will be
+ exposed to the service.
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ File:
+ description: |
+ File represents a specific target that is backed by a file.
+
+
+
+ > **Note**: `Configs.File` and `Configs.Runtime` are mutually exclusive
+ type: "object"
+ properties:
+ Name:
+ description: |
+ Name represents the final filename in the filesystem.
+ type: "string"
+ UID:
+ description: "UID represents the file UID."
+ type: "string"
+ GID:
+ description: "GID represents the file GID."
+ type: "string"
+ Mode:
+ description: "Mode represents the FileMode of the file."
+ type: "integer"
+ format: "uint32"
+ Runtime:
+ description: |
+ Runtime represents a target that is not mounted into the
+ container but is used by the task
+
+
+
+ > **Note**: `Configs.File` and `Configs.Runtime` are mutually
+ > exclusive
+ type: "object"
+ ConfigID:
+ description: |
+ ConfigID represents the ID of the specific config that we're
+ referencing.
+ type: "string"
+ ConfigName:
+ description: |
+ ConfigName is the name of the config that this references,
+ but this is just provided for lookup/display purposes. The
+ config in the reference will be identified by its ID.
+ type: "string"
+ Isolation:
+ type: "string"
+ description: |
+ Isolation technology of the containers running the service.
+ (Windows only)
+ enum:
+ - "default"
+ - "process"
+ - "hyperv"
+ Init:
+ description: |
+ Run an init inside the container that forwards signals and reaps
+ processes. This field is omitted if empty, and the default (as
+ configured on the daemon) is used.
+ type: "boolean"
+ x-nullable: true
+ Sysctls:
+ description: |
+ Set kernel namedspaced parameters (sysctls) in the container.
+ The Sysctls option on services accepts the same sysctls as the
+ are supported on containers. Note that while the same sysctls are
+ supported, no guarantees or checks are made about their
+ suitability for a clustered environment, and it's up to the user
+ to determine whether a given sysctl will work properly in a
+ Service.
+ type: "object"
+ additionalProperties:
+ type: "string"
+ # This option is not used by Windows containers
+ CapabilityAdd:
+ type: "array"
+ description: |
+ A list of kernel capabilities to add to the default set
+ for the container.
+ items:
+ type: "string"
+ example:
+ - "CAP_NET_RAW"
+ - "CAP_SYS_ADMIN"
+ - "CAP_SYS_CHROOT"
+ - "CAP_SYSLOG"
+ CapabilityDrop:
+ type: "array"
+ description: |
+ A list of kernel capabilities to drop from the default set
+ for the container.
+ items:
+ type: "string"
+ example:
+ - "CAP_NET_RAW"
+ Ulimits:
+ description: |
+ A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ Name:
+ description: "Name of ulimit"
+ type: "string"
+ Soft:
+ description: "Soft limit"
+ type: "integer"
+ Hard:
+ description: "Hard limit"
+ type: "integer"
+ NetworkAttachmentSpec:
+ description: |
+ Read-only spec type for non-swarm containers attached to swarm overlay
+ networks.
+
+
+
+ > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+ > mutually exclusive. PluginSpec is only used when the Runtime field
+ > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+ > field is set to `attachment`.
+ type: "object"
+ properties:
+ ContainerID:
+ description: "ID of the container represented by this task"
+ type: "string"
+ Resources:
+ description: |
+ Resource requirements which apply to each individual container created
+ as part of the service.
+ type: "object"
+ properties:
+ Limits:
+ description: "Define resources limits."
+ $ref: "#/definitions/Limit"
+ Reservations:
+ description: "Define resources reservation."
+ $ref: "#/definitions/ResourceObject"
+ RestartPolicy:
+ description: |
+ Specification for the restart policy which applies to containers
+ created as part of this service.
+ type: "object"
+ properties:
+ Condition:
+ description: "Condition for restart."
+ type: "string"
+ enum:
+ - "none"
+ - "on-failure"
+ - "any"
+ Delay:
+ description: "Delay between restart attempts."
+ type: "integer"
+ format: "int64"
+ MaxAttempts:
+ description: |
+ Maximum attempts to restart a given container before giving up
+ (default value is 0, which is ignored).
+ type: "integer"
+ format: "int64"
+ default: 0
+ Window:
+ description: |
+ Windows is the time window used to evaluate the restart policy
+ (default value is 0, which is unbounded).
+ type: "integer"
+ format: "int64"
+ default: 0
+ Placement:
+ type: "object"
+ properties:
+ Constraints:
+ description: |
+ An array of constraint expressions to limit the set of nodes where
+ a task can be scheduled. Constraint expressions can either use a
+ _match_ (`==`) or _exclude_ (`!=`) rule. Multiple constraints find
+ nodes that satisfy every expression (AND match). Constraints can
+ match node or Docker Engine labels as follows:
+
+ node attribute | matches | example
+ ---------------------|--------------------------------|-----------------------------------------------
+ `node.id` | Node ID | `node.id==2ivku8v2gvtg4`
+ `node.hostname` | Node hostname | `node.hostname!=node-2`
+ `node.role` | Node role (`manager`/`worker`) | `node.role==manager`
+ `node.platform.os` | Node operating system | `node.platform.os==windows`
+ `node.platform.arch` | Node architecture | `node.platform.arch==x86_64`
+ `node.labels` | User-defined node labels | `node.labels.security==high`
+ `engine.labels` | Docker Engine's labels | `engine.labels.operatingsystem==ubuntu-24.04`
+
+ `engine.labels` apply to Docker Engine labels like operating system,
+ drivers, etc. Swarm administrators add `node.labels` for operational
+ purposes by using the [`node update endpoint`](#operation/NodeUpdate).
+
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "node.hostname!=node3.corp.example.com"
+ - "node.role!=manager"
+ - "node.labels.type==production"
+ - "node.platform.os==linux"
+ - "node.platform.arch==x86_64"
+ Preferences:
+ description: |
+ Preferences provide a way to make the scheduler aware of factors
+ such as topology. They are provided in order from highest to
+ lowest precedence.
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ Spread:
+ type: "object"
+ properties:
+ SpreadDescriptor:
+ description: |
+ label descriptor, such as `engine.labels.az`.
+ type: "string"
+ example:
+ - Spread:
+ SpreadDescriptor: "node.labels.datacenter"
+ - Spread:
+ SpreadDescriptor: "node.labels.rack"
+ MaxReplicas:
+ description: |
+ Maximum number of replicas for per node (default value is 0, which
+ is unlimited)
+ type: "integer"
+ format: "int64"
+ default: 0
+ Platforms:
+ description: |
+ Platforms stores all the platforms that the service's image can
+ run on. This field is used in the platform filter for scheduling.
+ If empty, then the platform filter is off, meaning there are no
+ scheduling restrictions.
+ type: "array"
+ items:
+ $ref: "#/definitions/Platform"
+ ForceUpdate:
+ description: |
+ A counter that triggers an update even if no relevant parameters have
+ been changed.
+ type: "integer"
+ Runtime:
+ description: |
+ Runtime is the type of runtime specified for the task executor.
+ type: "string"
+ Networks:
+ description: "Specifies which networks the service should attach to."
+ type: "array"
+ items:
+ $ref: "#/definitions/NetworkAttachmentConfig"
+ LogDriver:
+ description: |
+ Specifies the log driver to use for tasks created from this spec. If
+ not present, the default one for the swarm will be used, finally
+ falling back to the engine default if not specified.
+ type: "object"
+ properties:
+ Name:
+ type: "string"
+ Options:
+ type: "object"
+ additionalProperties:
+ type: "string"
+
+ TaskState:
+ type: "string"
+ enum:
+ - "new"
+ - "allocated"
+ - "pending"
+ - "assigned"
+ - "accepted"
+ - "preparing"
+ - "ready"
+ - "starting"
+ - "running"
+ - "complete"
+ - "shutdown"
+ - "failed"
+ - "rejected"
+ - "remove"
+ - "orphaned"
+
+ ContainerStatus:
+ type: "object"
+ description: "represents the status of a container."
+ properties:
+ ContainerID:
+ type: "string"
+ PID:
+ type: "integer"
+ ExitCode:
+ type: "integer"
+
+ PortStatus:
+ type: "object"
+ description: "represents the port status of a task's host ports whose service has published host ports"
+ properties:
+ Ports:
+ type: "array"
+ items:
+ $ref: "#/definitions/EndpointPortConfig"
+
+ TaskStatus:
+ type: "object"
+ description: "represents the status of a task."
+ properties:
+ Timestamp:
+ type: "string"
+ format: "dateTime"
+ State:
+ $ref: "#/definitions/TaskState"
+ Message:
+ type: "string"
+ Err:
+ type: "string"
+ ContainerStatus:
+ $ref: "#/definitions/ContainerStatus"
+ PortStatus:
+ $ref: "#/definitions/PortStatus"
+
+ Task:
+ type: "object"
+ properties:
+ ID:
+ description: "The ID of the task."
+ type: "string"
+ Version:
+ $ref: "#/definitions/ObjectVersion"
+ CreatedAt:
+ type: "string"
+ format: "dateTime"
+ UpdatedAt:
+ type: "string"
+ format: "dateTime"
+ Name:
+ description: "Name of the task."
+ type: "string"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ Spec:
+ $ref: "#/definitions/TaskSpec"
+ ServiceID:
+ description: "The ID of the service this task is part of."
+ type: "string"
+ Slot:
+ type: "integer"
+ NodeID:
+ description: "The ID of the node that this task is on."
+ type: "string"
+ AssignedGenericResources:
+ $ref: "#/definitions/GenericResources"
+ Status:
+ $ref: "#/definitions/TaskStatus"
+ DesiredState:
+ $ref: "#/definitions/TaskState"
+ JobIteration:
+ description: |
+ If the Service this Task belongs to is a job-mode service, contains
+ the JobIteration of the Service this Task was created for. Absent if
+ the Task was created for a Replicated or Global Service.
+ $ref: "#/definitions/ObjectVersion"
+ example:
+ ID: "0kzzo1i0y4jz6027t0k7aezc7"
+ Version:
+ Index: 71
+ CreatedAt: "2016-06-07T21:07:31.171892745Z"
+ UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+ Spec:
+ ContainerSpec:
+ Image: "redis"
+ Resources:
+ Limits: {}
+ Reservations: {}
+ RestartPolicy:
+ Condition: "any"
+ MaxAttempts: 0
+ Placement: {}
+ ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+ Slot: 1
+ NodeID: "60gvrl6tm78dmak4yl7srz94v"
+ Status:
+ Timestamp: "2016-06-07T21:07:31.290032978Z"
+ State: "running"
+ Message: "started"
+ ContainerStatus:
+ ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+ PID: 677
+ DesiredState: "running"
+ NetworksAttachments:
+ - Network:
+ ID: "4qvuz4ko70xaltuqbt8956gd1"
+ Version:
+ Index: 18
+ CreatedAt: "2016-06-07T20:31:11.912919752Z"
+ UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+ Spec:
+ Name: "ingress"
+ Labels:
+ com.docker.swarm.internal: "true"
+ DriverConfiguration: {}
+ IPAMOptions:
+ Driver: {}
+ Configs:
+ - Subnet: "10.255.0.0/16"
+ Gateway: "10.255.0.1"
+ DriverState:
+ Name: "overlay"
+ Options:
+ com.docker.network.driver.overlay.vxlanid_list: "256"
+ IPAMOptions:
+ Driver:
+ Name: "default"
+ Configs:
+ - Subnet: "10.255.0.0/16"
+ Gateway: "10.255.0.1"
+ Addresses:
+ - "10.255.0.10/16"
+ AssignedGenericResources:
+ - DiscreteResourceSpec:
+ Kind: "SSD"
+ Value: 3
+ - NamedResourceSpec:
+ Kind: "GPU"
+ Value: "UUID1"
+ - NamedResourceSpec:
+ Kind: "GPU"
+ Value: "UUID2"
+
+ ServiceSpec:
+ description: "User modifiable configuration for a service."
+ type: object
+ properties:
+ Name:
+ description: "Name of the service."
+ type: "string"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ TaskTemplate:
+ $ref: "#/definitions/TaskSpec"
+ Mode:
+ description: "Scheduling mode for the service."
+ type: "object"
+ properties:
+ Replicated:
+ type: "object"
+ properties:
+ Replicas:
+ type: "integer"
+ format: "int64"
+ Global:
+ type: "object"
+ ReplicatedJob:
+ description: |
+ The mode used for services with a finite number of tasks that run
+ to a completed state.
+ type: "object"
+ properties:
+ MaxConcurrent:
+ description: |
+ The maximum number of replicas to run simultaneously.
+ type: "integer"
+ format: "int64"
+ default: 1
+ TotalCompletions:
+ description: |
+ The total number of replicas desired to reach the Completed
+ state. If unset, will default to the value of `MaxConcurrent`
+ type: "integer"
+ format: "int64"
+ GlobalJob:
+ description: |
+ The mode used for services which run a task to the completed state
+ on each valid node.
+ type: "object"
+ UpdateConfig:
+ description: "Specification for the update strategy of the service."
+ type: "object"
+ properties:
+ Parallelism:
+ description: |
+ Maximum number of tasks to be updated in one iteration (0 means
+ unlimited parallelism).
+ type: "integer"
+ format: "int64"
+ Delay:
+ description: "Amount of time between updates, in nanoseconds."
+ type: "integer"
+ format: "int64"
+ FailureAction:
+ description: |
+ Action to take if an updated task fails to run, or stops running
+ during the update.
+ type: "string"
+ enum:
+ - "continue"
+ - "pause"
+ - "rollback"
+ Monitor:
+ description: |
+ Amount of time to monitor each updated task for failures, in
+ nanoseconds.
+ type: "integer"
+ format: "int64"
+ MaxFailureRatio:
+ description: |
+ The fraction of tasks that may fail during an update before the
+ failure action is invoked, specified as a floating point number
+ between 0 and 1.
+ type: "number"
+ default: 0
+ Order:
+ description: |
+ The order of operations when rolling out an updated task. Either
+ the old task is shut down before the new task is started, or the
+ new task is started before the old task is shut down.
+ type: "string"
+ enum:
+ - "stop-first"
+ - "start-first"
+ RollbackConfig:
+ description: "Specification for the rollback strategy of the service."
+ type: "object"
+ properties:
+ Parallelism:
+ description: |
+ Maximum number of tasks to be rolled back in one iteration (0 means
+ unlimited parallelism).
+ type: "integer"
+ format: "int64"
+ Delay:
+ description: |
+ Amount of time between rollback iterations, in nanoseconds.
+ type: "integer"
+ format: "int64"
+ FailureAction:
+ description: |
+ Action to take if an rolled back task fails to run, or stops
+ running during the rollback.
+ type: "string"
+ enum:
+ - "continue"
+ - "pause"
+ Monitor:
+ description: |
+ Amount of time to monitor each rolled back task for failures, in
+ nanoseconds.
+ type: "integer"
+ format: "int64"
+ MaxFailureRatio:
+ description: |
+ The fraction of tasks that may fail during a rollback before the
+ failure action is invoked, specified as a floating point number
+ between 0 and 1.
+ type: "number"
+ default: 0
+ Order:
+ description: |
+ The order of operations when rolling back a task. Either the old
+ task is shut down before the new task is started, or the new task
+ is started before the old task is shut down.
+ type: "string"
+ enum:
+ - "stop-first"
+ - "start-first"
+ Networks:
+ description: |
+ Specifies which networks the service should attach to.
+
+ Deprecated: This field is deprecated since v1.44. The Networks field in TaskSpec should be used instead.
+ type: "array"
+ items:
+ $ref: "#/definitions/NetworkAttachmentConfig"
+
+ EndpointSpec:
+ $ref: "#/definitions/EndpointSpec"
+
+ EndpointPortConfig:
+ type: "object"
+ properties:
+ Name:
+ type: "string"
+ Protocol:
+ type: "string"
+ enum:
+ - "tcp"
+ - "udp"
+ - "sctp"
+ TargetPort:
+ description: "The port inside the container."
+ type: "integer"
+ PublishedPort:
+ description: "The port on the swarm hosts."
+ type: "integer"
+ PublishMode:
+ description: |
+ The mode in which port is published.
+
+
+
+ - "ingress" makes the target port accessible on every node,
+ regardless of whether there is a task for the service running on
+ that node or not.
+ - "host" bypasses the routing mesh and publish the port directly on
+ the swarm node where that service is running.
+
+ type: "string"
+ enum:
+ - "ingress"
+ - "host"
+ default: "ingress"
+ example: "ingress"
+
+ EndpointSpec:
+ description: "Properties that can be configured to access and load balance a service."
+ type: "object"
+ properties:
+ Mode:
+ description: |
+ The mode of resolution to use for internal load balancing between tasks.
+ type: "string"
+ enum:
+ - "vip"
+ - "dnsrr"
+ default: "vip"
+ Ports:
+ description: |
+ List of exposed ports that this service is accessible on from the
+ outside. Ports can only be provided if `vip` resolution mode is used.
+ type: "array"
+ items:
+ $ref: "#/definitions/EndpointPortConfig"
+
+ Service:
+ type: "object"
+ properties:
+ ID:
+ type: "string"
+ Version:
+ $ref: "#/definitions/ObjectVersion"
+ CreatedAt:
+ type: "string"
+ format: "dateTime"
+ UpdatedAt:
+ type: "string"
+ format: "dateTime"
+ Spec:
+ $ref: "#/definitions/ServiceSpec"
+ Endpoint:
+ type: "object"
+ properties:
+ Spec:
+ $ref: "#/definitions/EndpointSpec"
+ Ports:
+ type: "array"
+ items:
+ $ref: "#/definitions/EndpointPortConfig"
+ VirtualIPs:
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ NetworkID:
+ type: "string"
+ Addr:
+ type: "string"
+ UpdateStatus:
+ description: "The status of a service update."
+ type: "object"
+ properties:
+ State:
+ type: "string"
+ enum:
+ - "updating"
+ - "paused"
+ - "completed"
+ StartedAt:
+ type: "string"
+ format: "dateTime"
+ CompletedAt:
+ type: "string"
+ format: "dateTime"
+ Message:
+ type: "string"
+ ServiceStatus:
+ description: |
+ The status of the service's tasks. Provided only when requested as
+ part of a ServiceList operation.
+ type: "object"
+ properties:
+ RunningTasks:
+ description: |
+ The number of tasks for the service currently in the Running state.
+ type: "integer"
+ format: "uint64"
+ example: 7
+ DesiredTasks:
+ description: |
+ The number of tasks for the service desired to be running.
+ For replicated services, this is the replica count from the
+ service spec. For global services, this is computed by taking
+ count of all tasks for the service with a Desired State other
+ than Shutdown.
+ type: "integer"
+ format: "uint64"
+ example: 10
+ CompletedTasks:
+ description: |
+ The number of tasks for a job that are in the Completed state.
+ This field must be cross-referenced with the service type, as the
+ value of 0 may mean the service is not in a job mode, or it may
+ mean the job-mode service has no tasks yet Completed.
+ type: "integer"
+ format: "uint64"
+ JobStatus:
+ description: |
+ The status of the service when it is in one of ReplicatedJob or
+ GlobalJob modes. Absent on Replicated and Global mode services. The
+ JobIteration is an ObjectVersion, but unlike the Service's version,
+ does not need to be sent with an update request.
+ type: "object"
+ properties:
+ JobIteration:
+ description: |
+ JobIteration is a value increased each time a Job is executed,
+ successfully or otherwise. "Executed", in this case, means the
+ job as a whole has been started, not that an individual Task has
+ been launched. A job is "Executed" when its ServiceSpec is
+ updated. JobIteration can be used to disambiguate Tasks belonging
+ to different executions of a job. Though JobIteration will
+ increase with each subsequent execution, it may not necessarily
+ increase by 1, and so JobIteration should not be used to
+ $ref: "#/definitions/ObjectVersion"
+ LastExecution:
+ description: |
+ The last time, as observed by the server, that this job was
+ started.
+ type: "string"
+ format: "dateTime"
+ example:
+ ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+ Version:
+ Index: 19
+ CreatedAt: "2016-06-07T21:05:51.880065305Z"
+ UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+ Spec:
+ Name: "hopeful_cori"
+ TaskTemplate:
+ ContainerSpec:
+ Image: "redis"
+ Resources:
+ Limits: {}
+ Reservations: {}
+ RestartPolicy:
+ Condition: "any"
+ MaxAttempts: 0
+ Placement: {}
+ ForceUpdate: 0
+ Mode:
+ Replicated:
+ Replicas: 1
+ UpdateConfig:
+ Parallelism: 1
+ Delay: 1000000000
+ FailureAction: "pause"
+ Monitor: 15000000000
+ MaxFailureRatio: 0.15
+ RollbackConfig:
+ Parallelism: 1
+ Delay: 1000000000
+ FailureAction: "pause"
+ Monitor: 15000000000
+ MaxFailureRatio: 0.15
+ EndpointSpec:
+ Mode: "vip"
+ Ports:
+ -
+ Protocol: "tcp"
+ TargetPort: 6379
+ PublishedPort: 30001
+ Endpoint:
+ Spec:
+ Mode: "vip"
+ Ports:
+ -
+ Protocol: "tcp"
+ TargetPort: 6379
+ PublishedPort: 30001
+ Ports:
+ -
+ Protocol: "tcp"
+ TargetPort: 6379
+ PublishedPort: 30001
+ VirtualIPs:
+ -
+ NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+ Addr: "10.255.0.2/16"
+ -
+ NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+ Addr: "10.255.0.3/16"
+
+ ImageDeleteResponseItem:
+ type: "object"
+ x-go-name: "DeleteResponse"
+ properties:
+ Untagged:
+ description: "The image ID of an image that was untagged"
+ type: "string"
+ Deleted:
+ description: "The image ID of an image that was deleted"
+ type: "string"
+
+ ServiceCreateResponse:
+ type: "object"
+ description: |
+ contains the information returned to a client on the
+ creation of a new service.
+ properties:
+ ID:
+ description: "The ID of the created service."
+ type: "string"
+ x-nullable: false
+ example: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+ Warnings:
+ description: |
+ Optional warning message.
+
+ FIXME(thaJeztah): this should have "omitempty" in the generated type.
+ type: "array"
+ x-nullable: true
+ items:
+ type: "string"
+ example:
+ - "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+
+ ServiceUpdateResponse:
+ type: "object"
+ properties:
+ Warnings:
+ description: "Optional warning messages"
+ type: "array"
+ items:
+ type: "string"
+ example:
+ Warnings:
+ - "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+
+ ContainerSummary:
+ type: "object"
+ properties:
+ Id:
+ description: "The ID of this container"
+ type: "string"
+ x-go-name: "ID"
+ Names:
+ description: "The names that this container has been given"
+ type: "array"
+ items:
+ type: "string"
+ Image:
+ description: "The name of the image used when creating this container"
+ type: "string"
+ ImageID:
+ description: "The ID of the image that this container was created from"
+ type: "string"
+ Command:
+ description: "Command to run when starting the container"
+ type: "string"
+ Created:
+ description: "When the container was created"
+ type: "integer"
+ format: "int64"
+ Ports:
+ description: "The ports exposed by this container"
+ type: "array"
+ items:
+ $ref: "#/definitions/Port"
+ SizeRw:
+ description: "The size of files that have been created or changed by this container"
+ type: "integer"
+ format: "int64"
+ SizeRootFs:
+ description: "The total size of all the files in this container"
+ type: "integer"
+ format: "int64"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ State:
+ description: "The state of this container (e.g. `Exited`)"
+ type: "string"
+ Status:
+ description: "Additional human-readable status of this container (e.g. `Exit 0`)"
+ type: "string"
+ HostConfig:
+ type: "object"
+ properties:
+ NetworkMode:
+ type: "string"
+ Annotations:
+ description: "Arbitrary key-value metadata attached to container"
+ type: "object"
+ x-nullable: true
+ additionalProperties:
+ type: "string"
+ NetworkSettings:
+ description: "A summary of the container's network settings"
+ type: "object"
+ properties:
+ Networks:
+ type: "object"
+ additionalProperties:
+ $ref: "#/definitions/EndpointSettings"
+ Mounts:
+ type: "array"
+ items:
+ $ref: "#/definitions/MountPoint"
+
+ Driver:
+ description: "Driver represents a driver (network, logging, secrets)."
+ type: "object"
+ required: [Name]
+ properties:
+ Name:
+ description: "Name of the driver."
+ type: "string"
+ x-nullable: false
+ example: "some-driver"
+ Options:
+ description: "Key/value map of driver-specific options."
+ type: "object"
+ x-nullable: false
+ additionalProperties:
+ type: "string"
+ example:
+ OptionA: "value for driver-specific option A"
+ OptionB: "value for driver-specific option B"
+
+ SecretSpec:
+ type: "object"
+ properties:
+ Name:
+ description: "User-defined name of the secret."
+ type: "string"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ example:
+ com.example.some-label: "some-value"
+ com.example.some-other-label: "some-other-value"
+ Data:
+ description: |
+ Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5))
+ data to store as secret.
+
+ This field is only used to _create_ a secret, and is not returned by
+ other endpoints.
+ type: "string"
+ example: ""
+ Driver:
+ description: |
+ Name of the secrets driver used to fetch the secret's value from an
+ external secret store.
+ $ref: "#/definitions/Driver"
+ Templating:
+ description: |
+ Templating driver, if applicable
+
+ Templating controls whether and how to evaluate the config payload as
+ a template. If no driver is set, no templating is used.
+ $ref: "#/definitions/Driver"
+
+ Secret:
+ type: "object"
+ properties:
+ ID:
+ type: "string"
+ example: "blt1owaxmitz71s9v5zh81zun"
+ Version:
+ $ref: "#/definitions/ObjectVersion"
+ CreatedAt:
+ type: "string"
+ format: "dateTime"
+ example: "2017-07-20T13:55:28.678958722Z"
+ UpdatedAt:
+ type: "string"
+ format: "dateTime"
+ example: "2017-07-20T13:55:28.678958722Z"
+ Spec:
+ $ref: "#/definitions/SecretSpec"
+
+ ConfigSpec:
+ type: "object"
+ properties:
+ Name:
+ description: "User-defined name of the config."
+ type: "string"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ Data:
+ description: |
+ Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5))
+ config data.
+ type: "string"
+ Templating:
+ description: |
+ Templating driver, if applicable
+
+ Templating controls whether and how to evaluate the config payload as
+ a template. If no driver is set, no templating is used.
+ $ref: "#/definitions/Driver"
+
+ Config:
+ type: "object"
+ properties:
+ ID:
+ type: "string"
+ Version:
+ $ref: "#/definitions/ObjectVersion"
+ CreatedAt:
+ type: "string"
+ format: "dateTime"
+ UpdatedAt:
+ type: "string"
+ format: "dateTime"
+ Spec:
+ $ref: "#/definitions/ConfigSpec"
+
+ ContainerState:
+ description: |
+ ContainerState stores container's running state. It's part of ContainerJSONBase
+ and will be returned by the "inspect" command.
+ type: "object"
+ x-nullable: true
+ properties:
+ Status:
+ description: |
+ String representation of the container state. Can be one of "created",
+ "running", "paused", "restarting", "removing", "exited", or "dead".
+ type: "string"
+ enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+ example: "running"
+ Running:
+ description: |
+ Whether this container is running.
+
+ Note that a running container can be _paused_. The `Running` and `Paused`
+ booleans are not mutually exclusive:
+
+ When pausing a container (on Linux), the freezer cgroup is used to suspend
+ all processes in the container. Freezing the process requires the process to
+ be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+ Use the `Status` field instead to determine if a container's state is "running".
+ type: "boolean"
+ example: true
+ Paused:
+ description: "Whether this container is paused."
+ type: "boolean"
+ example: false
+ Restarting:
+ description: "Whether this container is restarting."
+ type: "boolean"
+ example: false
+ OOMKilled:
+ description: |
+ Whether a process within this container has been killed because it ran
+ out of memory since the container was last started.
+ type: "boolean"
+ example: false
+ Dead:
+ type: "boolean"
+ example: false
+ Pid:
+ description: "The process ID of this container"
+ type: "integer"
+ example: 1234
+ ExitCode:
+ description: "The last exit code of this container"
+ type: "integer"
+ example: 0
+ Error:
+ type: "string"
+ StartedAt:
+ description: "The time when this container was last started."
+ type: "string"
+ example: "2020-01-06T09:06:59.461876391Z"
+ FinishedAt:
+ description: "The time when this container last exited."
+ type: "string"
+ example: "2020-01-06T09:07:59.461876391Z"
+ Health:
+ $ref: "#/definitions/Health"
+
+ ContainerCreateResponse:
+ description: "OK response to ContainerCreate operation"
+ type: "object"
+ title: "ContainerCreateResponse"
+ x-go-name: "CreateResponse"
+ required: [Id, Warnings]
+ properties:
+ Id:
+ description: "The ID of the created container"
+ type: "string"
+ x-nullable: false
+ example: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+ Warnings:
+ description: "Warnings encountered when creating the container"
+ type: "array"
+ x-nullable: false
+ items:
+ type: "string"
+ example: []
+
+ ContainerWaitResponse:
+ description: "OK response to ContainerWait operation"
+ type: "object"
+ x-go-name: "WaitResponse"
+ title: "ContainerWaitResponse"
+ required: [StatusCode]
+ properties:
+ StatusCode:
+ description: "Exit code of the container"
+ type: "integer"
+ format: "int64"
+ x-nullable: false
+ Error:
+ $ref: "#/definitions/ContainerWaitExitError"
+
+ ContainerWaitExitError:
+ description: "container waiting error, if any"
+ type: "object"
+ x-go-name: "WaitExitError"
+ properties:
+ Message:
+ description: "Details of an error"
+ type: "string"
+
+ SystemVersion:
+ type: "object"
+ description: |
+ Response of Engine API: GET "/version"
+ properties:
+ Platform:
+ type: "object"
+ required: [Name]
+ properties:
+ Name:
+ type: "string"
+ Components:
+ type: "array"
+ description: |
+ Information about system components
+ items:
+ type: "object"
+ x-go-name: ComponentVersion
+ required: [Name, Version]
+ properties:
+ Name:
+ description: |
+ Name of the component
+ type: "string"
+ example: "Engine"
+ Version:
+ description: |
+ Version of the component
+ type: "string"
+ x-nullable: false
+ example: "27.0.1"
+ Details:
+ description: |
+ Key/value pairs of strings with additional information about the
+ component. These values are intended for informational purposes
+ only, and their content is not defined, and not part of the API
+ specification.
+
+ These messages can be printed by the client as information to the user.
+ type: "object"
+ x-nullable: true
+ Version:
+ description: "The version of the daemon"
+ type: "string"
+ example: "27.0.1"
+ ApiVersion:
+ description: |
+ The default (and highest) API version that is supported by the daemon
+ type: "string"
+ example: "1.47"
+ MinAPIVersion:
+ description: |
+ The minimum API version that is supported by the daemon
+ type: "string"
+ example: "1.24"
+ GitCommit:
+ description: |
+ The Git commit of the source code that was used to build the daemon
+ type: "string"
+ example: "48a66213fe"
+ GoVersion:
+ description: |
+ The version Go used to compile the daemon, and the version of the Go
+ runtime in use.
+ type: "string"
+ example: "go1.21.13"
+ Os:
+ description: |
+ The operating system that the daemon is running on ("linux" or "windows")
+ type: "string"
+ example: "linux"
+ Arch:
+ description: |
+ The architecture that the daemon is running on
+ type: "string"
+ example: "amd64"
+ KernelVersion:
+ description: |
+ The kernel version (`uname -r`) that the daemon is running on.
+
+ This field is omitted when empty.
+ type: "string"
+ example: "6.8.0-31-generic"
+ Experimental:
+ description: |
+ Indicates if the daemon is started with experimental features enabled.
+
+ This field is omitted when empty / false.
+ type: "boolean"
+ example: true
+ BuildTime:
+ description: |
+ The date and time that the daemon was compiled.
+ type: "string"
+ example: "2020-06-22T15:49:27.000000000+00:00"
+
+ SystemInfo:
+ type: "object"
+ properties:
+ ID:
+ description: |
+ Unique identifier of the daemon.
+
+
+
+ > **Note**: The format of the ID itself is not part of the API, and
+ > should not be considered stable.
+ type: "string"
+ example: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+ Containers:
+ description: "Total number of containers on the host."
+ type: "integer"
+ example: 14
+ ContainersRunning:
+ description: |
+ Number of containers with status `"running"`.
+ type: "integer"
+ example: 3
+ ContainersPaused:
+ description: |
+ Number of containers with status `"paused"`.
+ type: "integer"
+ example: 1
+ ContainersStopped:
+ description: |
+ Number of containers with status `"stopped"`.
+ type: "integer"
+ example: 10
+ Images:
+ description: |
+ Total number of images on the host.
+
+ Both _tagged_ and _untagged_ (dangling) images are counted.
+ type: "integer"
+ example: 508
+ Driver:
+ description: "Name of the storage driver in use."
+ type: "string"
+ example: "overlay2"
+ DriverStatus:
+ description: |
+ Information specific to the storage driver, provided as
+ "label" / "value" pairs.
+
+ This information is provided by the storage driver, and formatted
+ in a way consistent with the output of `docker info` on the command
+ line.
+
+
+
+ > **Note**: The information returned in this field, including the
+ > formatting of values and labels, should not be considered stable,
+ > and may change without notice.
+ type: "array"
+ items:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - ["Backing Filesystem", "extfs"]
+ - ["Supports d_type", "true"]
+ - ["Native Overlay Diff", "true"]
+ DockerRootDir:
+ description: |
+ Root directory of persistent Docker state.
+
+ Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
+ on Windows.
+ type: "string"
+ example: "/var/lib/docker"
+ Plugins:
+ $ref: "#/definitions/PluginsInfo"
+ MemoryLimit:
+ description: "Indicates if the host has memory limit support enabled."
+ type: "boolean"
+ example: true
+ SwapLimit:
+ description: "Indicates if the host has memory swap limit support enabled."
+ type: "boolean"
+ example: true
+ KernelMemoryTCP:
+ description: |
+ Indicates if the host has kernel memory TCP limit support enabled. This
+ field is omitted if not supported.
+
+ Kernel memory TCP limits are not supported when using cgroups v2, which
+ does not support the corresponding `memory.kmem.tcp.limit_in_bytes` cgroup.
+ type: "boolean"
+ example: true
+ CpuCfsPeriod:
+ description: |
+ Indicates if CPU CFS(Completely Fair Scheduler) period is supported by
+ the host.
+ type: "boolean"
+ example: true
+ CpuCfsQuota:
+ description: |
+ Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by
+ the host.
+ type: "boolean"
+ example: true
+ CPUShares:
+ description: |
+ Indicates if CPU Shares limiting is supported by the host.
+ type: "boolean"
+ example: true
+ CPUSet:
+ description: |
+ Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
+
+ See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
+ type: "boolean"
+ example: true
+ PidsLimit:
+ description: "Indicates if the host kernel has PID limit support enabled."
+ type: "boolean"
+ example: true
+ OomKillDisable:
+ description: "Indicates if OOM killer disable is supported on the host."
+ type: "boolean"
+ IPv4Forwarding:
+ description: "Indicates IPv4 forwarding is enabled."
+ type: "boolean"
+ example: true
+ BridgeNfIptables:
+ description: "Indicates if `bridge-nf-call-iptables` is available on the host."
+ type: "boolean"
+ example: true
+ BridgeNfIp6tables:
+ description: "Indicates if `bridge-nf-call-ip6tables` is available on the host."
+ type: "boolean"
+ example: true
+ Debug:
+ description: |
+ Indicates if the daemon is running in debug-mode / with debug-level
+ logging enabled.
+ type: "boolean"
+ example: true
+ NFd:
+ description: |
+ The total number of file Descriptors in use by the daemon process.
+
+ This information is only returned if debug-mode is enabled.
+ type: "integer"
+ example: 64
+ NGoroutines:
+ description: |
+ The number of goroutines that currently exist.
+
+ This information is only returned if debug-mode is enabled.
+ type: "integer"
+ example: 174
+ SystemTime:
+ description: |
+ Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
+ format with nano-seconds.
+ type: "string"
+ example: "2017-08-08T20:28:29.06202363Z"
+ LoggingDriver:
+ description: |
+ The logging driver to use as a default for new containers.
+ type: "string"
+ CgroupDriver:
+ description: |
+ The driver to use for managing cgroups.
+ type: "string"
+ enum: ["cgroupfs", "systemd", "none"]
+ default: "cgroupfs"
+ example: "cgroupfs"
+ CgroupVersion:
+ description: |
+ The version of the cgroup.
+ type: "string"
+ enum: ["1", "2"]
+ default: "1"
+ example: "1"
+ NEventsListener:
+ description: "Number of event listeners subscribed."
+ type: "integer"
+ example: 30
+ KernelVersion:
+ description: |
+ Kernel version of the host.
+
+ On Linux, this information obtained from `uname`. On Windows this
+ information is queried from the HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\
+ registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
+ type: "string"
+ example: "6.8.0-31-generic"
+ OperatingSystem:
+ description: |
+ Name of the host's operating system, for example: "Ubuntu 24.04 LTS"
+ or "Windows Server 2016 Datacenter"
+ type: "string"
+ example: "Ubuntu 24.04 LTS"
+ OSVersion:
+ description: |
+ Version of the host's operating system
+
+
+
+ > **Note**: The information returned in this field, including its
+ > very existence, and the formatting of values, should not be considered
+ > stable, and may change without notice.
+ type: "string"
+ example: "24.04"
+ OSType:
+ description: |
+ Generic type of the operating system of the host, as returned by the
+ Go runtime (`GOOS`).
+
+ Currently returned values are "linux" and "windows". A full list of
+ possible values can be found in the [Go documentation](https://go.dev/doc/install/source#environment).
+ type: "string"
+ example: "linux"
+ Architecture:
+ description: |
+ Hardware architecture of the host, as returned by the Go runtime
+ (`GOARCH`).
+
+ A full list of possible values can be found in the [Go documentation](https://go.dev/doc/install/source#environment).
+ type: "string"
+ example: "x86_64"
+ NCPU:
+ description: |
+ The number of logical CPUs usable by the daemon.
+
+ The number of available CPUs is checked by querying the operating
+ system when the daemon starts. Changes to operating system CPU
+ allocation after the daemon is started are not reflected.
+ type: "integer"
+ example: 4
+ MemTotal:
+ description: |
+ Total amount of physical memory available on the host, in bytes.
+ type: "integer"
+ format: "int64"
+ example: 2095882240
+
+ IndexServerAddress:
+ description: |
+ Address / URL of the index server that is used for image search,
+ and as a default for user authentication for Docker Hub and Docker Cloud.
+ default: "https://index.docker.io/v1/"
+ type: "string"
+ example: "https://index.docker.io/v1/"
+ RegistryConfig:
+ $ref: "#/definitions/RegistryServiceConfig"
+ GenericResources:
+ $ref: "#/definitions/GenericResources"
+ HttpProxy:
+ description: |
+ HTTP-proxy configured for the daemon. This value is obtained from the
+ [`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+ Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
+ are masked in the API response.
+
+ Containers do not automatically inherit this configuration.
+ type: "string"
+ example: "http://xxxxx:xxxxx@proxy.corp.example.com:8080"
+ HttpsProxy:
+ description: |
+ HTTPS-proxy configured for the daemon. This value is obtained from the
+ [`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+ Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
+ are masked in the API response.
+
+ Containers do not automatically inherit this configuration.
+ type: "string"
+ example: "https://xxxxx:xxxxx@proxy.corp.example.com:4443"
+ NoProxy:
+ description: |
+ Comma-separated list of domain extensions for which no proxy should be
+ used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
+ environment variable.
+
+ Containers do not automatically inherit this configuration.
+ type: "string"
+ example: "*.local, 169.254/16"
+ Name:
+ description: "Hostname of the host."
+ type: "string"
+ example: "node5.corp.example.com"
+ Labels:
+ description: |
+ User-defined labels (key/value metadata) as set on the daemon.
+
+
+
+ > **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
+ > set through the daemon configuration, and _node_ labels, set from a
+ > manager node in the Swarm. Node labels are not included in this
+ > field. Node labels can be retrieved using the `/nodes/(id)` endpoint
+ > on a manager node in the Swarm.
+ type: "array"
+ items:
+ type: "string"
+ example: ["storage=ssd", "production"]
+ ExperimentalBuild:
+ description: |
+ Indicates if experimental features are enabled on the daemon.
+ type: "boolean"
+ example: true
+ ServerVersion:
+ description: |
+ Version string of the daemon.
+ type: "string"
+ example: "27.0.1"
+ Runtimes:
+ description: |
+ List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
+ runtimes configured on the daemon. Keys hold the "name" used to
+ reference the runtime.
+
+ The Docker daemon relies on an OCI compliant runtime (invoked via the
+ `containerd` daemon) as its interface to the Linux kernel namespaces,
+ cgroups, and SELinux.
+
+ The default runtime is `runc`, and automatically configured. Additional
+ runtimes can be configured by the user and will be listed here.
+ type: "object"
+ additionalProperties:
+ $ref: "#/definitions/Runtime"
+ default:
+ runc:
+ path: "runc"
+ example:
+ runc:
+ path: "runc"
+ runc-master:
+ path: "/go/bin/runc"
+ custom:
+ path: "/usr/local/bin/my-oci-runtime"
+ runtimeArgs: ["--debug", "--systemd-cgroup=false"]
+ DefaultRuntime:
+ description: |
+ Name of the default OCI runtime that is used when starting containers.
+
+ The default can be overridden per-container at create time.
+ type: "string"
+ default: "runc"
+ example: "runc"
+ Swarm:
+ $ref: "#/definitions/SwarmInfo"
+ LiveRestoreEnabled:
+ description: |
+ Indicates if live restore is enabled.
+
+ If enabled, containers are kept running when the daemon is shutdown
+ or upon daemon start if running containers are detected.
+ type: "boolean"
+ default: false
+ example: false
+ Isolation:
+ description: |
+ Represents the isolation technology to use as a default for containers.
+ The supported values are platform-specific.
+
+ If no isolation value is specified on daemon start, on Windows client,
+ the default is `hyperv`, and on Windows server, the default is `process`.
+
+ This option is currently not used on other platforms.
+ default: "default"
+ type: "string"
+ enum:
+ - "default"
+ - "hyperv"
+ - "process"
+ InitBinary:
+ description: |
+ Name and, optional, path of the `docker-init` binary.
+
+ If the path is omitted, the daemon searches the host's `$PATH` for the
+ binary and uses the first result.
+ type: "string"
+ example: "docker-init"
+ ContainerdCommit:
+ $ref: "#/definitions/Commit"
+ RuncCommit:
+ $ref: "#/definitions/Commit"
+ InitCommit:
+ $ref: "#/definitions/Commit"
+ SecurityOptions:
+ description: |
+ List of security features that are enabled on the daemon, such as
+ apparmor, seccomp, SELinux, user-namespaces (userns), rootless and
+ no-new-privileges.
+
+ Additional configuration options for each security feature may
+ be present, and are included as a comma-separated list of key/value
+ pairs.
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "name=apparmor"
+ - "name=seccomp,profile=default"
+ - "name=selinux"
+ - "name=userns"
+ - "name=rootless"
+ ProductLicense:
+ description: |
+ Reports a summary of the product license on the daemon.
+
+ If a commercial license has been applied to the daemon, information
+ such as number of nodes, and expiration are included.
+ type: "string"
+ example: "Community Engine"
+ DefaultAddressPools:
+ description: |
+ List of custom default address pools for local networks, which can be
+ specified in the daemon.json file or dockerd option.
+
+ Example: a Base "10.10.0.0/16" with Size 24 will define the set of 256
+ 10.10.[0-255].0/24 address pools.
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ Base:
+ description: "The network address in CIDR format"
+ type: "string"
+ example: "10.10.0.0/16"
+ Size:
+ description: "The network pool size"
+ type: "integer"
+ example: "24"
+ Warnings:
+ description: |
+ List of warnings / informational messages about missing features, or
+ issues related to the daemon configuration.
+
+ These messages can be printed by the client as information to the user.
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "WARNING: No memory limit support"
+ - "WARNING: bridge-nf-call-iptables is disabled"
+ - "WARNING: bridge-nf-call-ip6tables is disabled"
+ CDISpecDirs:
+ description: |
+ List of directories where (Container Device Interface) CDI
+ specifications are located.
+
+ These specifications define vendor-specific modifications to an OCI
+ runtime specification for a container being created.
+
+ An empty list indicates that CDI device injection is disabled.
+
+ Note that since using CDI device injection requires the daemon to have
+ experimental enabled. For non-experimental daemons an empty list will
+ always be returned.
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "/etc/cdi"
+ - "/var/run/cdi"
+ Containerd:
+ $ref: "#/definitions/ContainerdInfo"
+
+ ContainerdInfo:
+ description: |
+ Information for connecting to the containerd instance that is used by the daemon.
+ This is included for debugging purposes only.
+ type: "object"
+ x-nullable: true
+ properties:
+ Address:
+ description: "The address of the containerd socket."
+ type: "string"
+ example: "/run/containerd/containerd.sock"
+ Namespaces:
+ description: |
+ The namespaces that the daemon uses for running containers and
+ plugins in containerd. These namespaces can be configured in the
+ daemon configuration, and are considered to be used exclusively
+ by the daemon, Tampering with the containerd instance may cause
+ unexpected behavior.
+
+ As these namespaces are considered to be exclusively accessed
+ by the daemon, it is not recommended to change these values,
+ or to change them to a value that is used by other systems,
+ such as cri-containerd.
+ type: "object"
+ properties:
+ Containers:
+ description: |
+ The default containerd namespace used for containers managed
+ by the daemon.
+
+ The default namespace for containers is "moby", but will be
+ suffixed with the `.` of the remapped `root` if
+ user-namespaces are enabled and the containerd image-store
+ is used.
+ type: "string"
+ default: "moby"
+ example: "moby"
+ Plugins:
+ description: |
+ The default containerd namespace used for plugins managed by
+ the daemon.
+
+ The default namespace for plugins is "plugins.moby", but will be
+ suffixed with the `.` of the remapped `root` if
+ user-namespaces are enabled and the containerd image-store
+ is used.
+ type: "string"
+ default: "plugins.moby"
+ example: "plugins.moby"
+
+ # PluginsInfo is a temp struct holding Plugins name
+ # registered with docker daemon. It is used by Info struct
+ PluginsInfo:
+ description: |
+ Available plugins per type.
+
+
+
+ > **Note**: Only unmanaged (V1) plugins are included in this list.
+ > V1 plugins are "lazily" loaded, and are not returned in this list
+ > if there is no resource using the plugin.
+ type: "object"
+ properties:
+ Volume:
+ description: "Names of available volume-drivers, and network-driver plugins."
+ type: "array"
+ items:
+ type: "string"
+ example: ["local"]
+ Network:
+ description: "Names of available network-drivers, and network-driver plugins."
+ type: "array"
+ items:
+ type: "string"
+ example: ["bridge", "host", "ipvlan", "macvlan", "null", "overlay"]
+ Authorization:
+ description: "Names of available authorization plugins."
+ type: "array"
+ items:
+ type: "string"
+ example: ["img-authz-plugin", "hbm"]
+ Log:
+ description: "Names of available logging-drivers, and logging-driver plugins."
+ type: "array"
+ items:
+ type: "string"
+ example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "splunk", "syslog"]
+
+
+ RegistryServiceConfig:
+ description: |
+ RegistryServiceConfig stores daemon registry services configuration.
+ type: "object"
+ x-nullable: true
+ properties:
+ AllowNondistributableArtifactsCIDRs:
+ description: |
+ List of IP ranges to which nondistributable artifacts can be pushed,
+ using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
+
+ Some images (for example, Windows base images) contain artifacts
+ whose distribution is restricted by license. When these images are
+ pushed to a registry, restricted artifacts are not included.
+
+ This configuration override this behavior, and enables the daemon to
+ push nondistributable artifacts to all registries whose resolved IP
+ address is within the subnet described by the CIDR syntax.
+
+ This option is useful when pushing images containing
+ nondistributable artifacts to a registry on an air-gapped network so
+ hosts on that network can pull the images without connecting to
+ another server.
+
+ > **Warning**: Nondistributable artifacts typically have restrictions
+ > on how and where they can be distributed and shared. Only use this
+ > feature to push artifacts to private registries and ensure that you
+ > are in compliance with any terms that cover redistributing
+ > nondistributable artifacts.
+
+ type: "array"
+ items:
+ type: "string"
+ example: ["::1/128", "127.0.0.0/8"]
+ AllowNondistributableArtifactsHostnames:
+ description: |
+ List of registry hostnames to which nondistributable artifacts can be
+ pushed, using the format `[:]` or `[:]`.
+
+ Some images (for example, Windows base images) contain artifacts
+ whose distribution is restricted by license. When these images are
+ pushed to a registry, restricted artifacts are not included.
+
+ This configuration override this behavior for the specified
+ registries.
+
+ This option is useful when pushing images containing
+ nondistributable artifacts to a registry on an air-gapped network so
+ hosts on that network can pull the images without connecting to
+ another server.
+
+ > **Warning**: Nondistributable artifacts typically have restrictions
+ > on how and where they can be distributed and shared. Only use this
+ > feature to push artifacts to private registries and ensure that you
+ > are in compliance with any terms that cover redistributing
+ > nondistributable artifacts.
+ type: "array"
+ items:
+ type: "string"
+ example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
+ InsecureRegistryCIDRs:
+ description: |
+ List of IP ranges of insecure registries, using the CIDR syntax
+ ([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
+ accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
+ from unknown CAs) communication.
+
+ By default, local registries (`127.0.0.0/8`) are configured as
+ insecure. All other registries are secure. Communicating with an
+ insecure registry is not possible if the daemon assumes that registry
+ is secure.
+
+ This configuration override this behavior, insecure communication with
+ registries whose resolved IP address is within the subnet described by
+ the CIDR syntax.
+
+ Registries can also be marked insecure by hostname. Those registries
+ are listed under `IndexConfigs` and have their `Secure` field set to
+ `false`.
+
+ > **Warning**: Using this option can be useful when running a local
+ > registry, but introduces security vulnerabilities. This option
+ > should therefore ONLY be used for testing purposes. For increased
+ > security, users should add their CA to their system's list of trusted
+ > CAs instead of enabling this option.
+ type: "array"
+ items:
+ type: "string"
+ example: ["::1/128", "127.0.0.0/8"]
+ IndexConfigs:
+ type: "object"
+ additionalProperties:
+ $ref: "#/definitions/IndexInfo"
+ example:
+ "127.0.0.1:5000":
+ "Name": "127.0.0.1:5000"
+ "Mirrors": []
+ "Secure": false
+ "Official": false
+ "[2001:db8:a0b:12f0::1]:80":
+ "Name": "[2001:db8:a0b:12f0::1]:80"
+ "Mirrors": []
+ "Secure": false
+ "Official": false
+ "docker.io":
+ Name: "docker.io"
+ Mirrors: ["https://hub-mirror.corp.example.com:5000/"]
+ Secure: true
+ Official: true
+ "registry.internal.corp.example.com:3000":
+ Name: "registry.internal.corp.example.com:3000"
+ Mirrors: []
+ Secure: false
+ Official: false
+ Mirrors:
+ description: |
+ List of registry URLs that act as a mirror for the official
+ (`docker.io`) registry.
+
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "https://hub-mirror.corp.example.com:5000/"
+ - "https://[2001:db8:a0b:12f0::1]/"
+
+ IndexInfo:
+ description:
+ IndexInfo contains information about a registry.
+ type: "object"
+ x-nullable: true
+ properties:
+ Name:
+ description: |
+ Name of the registry, such as "docker.io".
+ type: "string"
+ example: "docker.io"
+ Mirrors:
+ description: |
+ List of mirrors, expressed as URIs.
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "https://hub-mirror.corp.example.com:5000/"
+ - "https://registry-2.docker.io/"
+ - "https://registry-3.docker.io/"
+ Secure:
+ description: |
+ Indicates if the registry is part of the list of insecure
+ registries.
+
+ If `false`, the registry is insecure. Insecure registries accept
+ un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
+ unknown CAs) communication.
+
+ > **Warning**: Insecure registries can be useful when running a local
+ > registry. However, because its use creates security vulnerabilities
+ > it should ONLY be enabled for testing purposes. For increased
+ > security, users should add their CA to their system's list of
+ > trusted CAs instead of enabling this option.
+ type: "boolean"
+ example: true
+ Official:
+ description: |
+ Indicates whether this is an official registry (i.e., Docker Hub / docker.io)
+ type: "boolean"
+ example: true
+
+ Runtime:
+ description: |
+ Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
+ runtime.
+
+ The runtime is invoked by the daemon via the `containerd` daemon. OCI
+ runtimes act as an interface to the Linux kernel namespaces, cgroups,
+ and SELinux.
+ type: "object"
+ properties:
+ path:
+ description: |
+ Name and, optional, path, of the OCI executable binary.
+
+ If the path is omitted, the daemon searches the host's `$PATH` for the
+ binary and uses the first result.
+ type: "string"
+ example: "/usr/local/bin/my-oci-runtime"
+ runtimeArgs:
+ description: |
+ List of command-line arguments to pass to the runtime when invoked.
+ type: "array"
+ x-nullable: true
+ items:
+ type: "string"
+ example: ["--debug", "--systemd-cgroup=false"]
+ status:
+ description: |
+ Information specific to the runtime.
+
+ While this API specification does not define data provided by runtimes,
+ the following well-known properties may be provided by runtimes:
+
+ `org.opencontainers.runtime-spec.features`: features structure as defined
+ in the [OCI Runtime Specification](https://github.com/opencontainers/runtime-spec/blob/main/features.md),
+ in a JSON string representation.
+
+
+
+ > **Note**: The information returned in this field, including the
+ > formatting of values and labels, should not be considered stable,
+ > and may change without notice.
+ type: "object"
+ x-nullable: true
+ additionalProperties:
+ type: "string"
+ example:
+ "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",\"ociVersionMax\":\"1.1.0\",\"...\":\"...\"}"
+
+ Commit:
+ description: |
+ Commit holds the Git-commit (SHA1) that a binary was built from, as
+ reported in the version-string of external tools, such as `containerd`,
+ or `runC`.
+ type: "object"
+ properties:
+ ID:
+ description: "Actual commit ID of external tool."
+ type: "string"
+ example: "cfb82a876ecc11b5ca0977d1733adbe58599088a"
+ Expected:
+ description: |
+ Commit ID of external tool expected by dockerd as set at build time.
+ type: "string"
+ example: "2d41c047c83e09a6d61d464906feb2a2f3c52aa4"
+
+ SwarmInfo:
+ description: |
+ Represents generic information about swarm.
+ type: "object"
+ properties:
+ NodeID:
+ description: "Unique identifier of for this node in the swarm."
+ type: "string"
+ default: ""
+ example: "k67qz4598weg5unwwffg6z1m1"
+ NodeAddr:
+ description: |
+ IP address at which this node can be reached by other nodes in the
+ swarm.
+ type: "string"
+ default: ""
+ example: "10.0.0.46"
+ LocalNodeState:
+ $ref: "#/definitions/LocalNodeState"
+ ControlAvailable:
+ type: "boolean"
+ default: false
+ example: true
+ Error:
+ type: "string"
+ default: ""
+ RemoteManagers:
+ description: |
+ List of ID's and addresses of other managers in the swarm.
+ type: "array"
+ default: null
+ x-nullable: true
+ items:
+ $ref: "#/definitions/PeerNode"
+ example:
+ - NodeID: "71izy0goik036k48jg985xnds"
+ Addr: "10.0.0.158:2377"
+ - NodeID: "79y6h1o4gv8n120drcprv5nmc"
+ Addr: "10.0.0.159:2377"
+ - NodeID: "k67qz4598weg5unwwffg6z1m1"
+ Addr: "10.0.0.46:2377"
+ Nodes:
+ description: "Total number of nodes in the swarm."
+ type: "integer"
+ x-nullable: true
+ example: 4
+ Managers:
+ description: "Total number of managers in the swarm."
+ type: "integer"
+ x-nullable: true
+ example: 3
+ Cluster:
+ $ref: "#/definitions/ClusterInfo"
+
+ LocalNodeState:
+ description: "Current local status of this node."
+ type: "string"
+ default: ""
+ enum:
+ - ""
+ - "inactive"
+ - "pending"
+ - "active"
+ - "error"
+ - "locked"
+ example: "active"
+
+ PeerNode:
+ description: "Represents a peer-node in the swarm"
+ type: "object"
+ properties:
+ NodeID:
+ description: "Unique identifier of for this node in the swarm."
+ type: "string"
+ Addr:
+ description: |
+ IP address and ports at which this node can be reached.
+ type: "string"
+
+ NetworkAttachmentConfig:
+ description: |
+ Specifies how a service should be attached to a particular network.
+ type: "object"
+ properties:
+ Target:
+ description: |
+ The target network for attachment. Must be a network name or ID.
+ type: "string"
+ Aliases:
+ description: |
+ Discoverable alternate names for the service on this network.
+ type: "array"
+ items:
+ type: "string"
+ DriverOpts:
+ description: |
+ Driver attachment options for the network target.
+ type: "object"
+ additionalProperties:
+ type: "string"
+
+ EventActor:
+ description: |
+ Actor describes something that generates events, like a container, network,
+ or a volume.
+ type: "object"
+ properties:
+ ID:
+ description: "The ID of the object emitting the event"
+ type: "string"
+ example: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+ Attributes:
+ description: |
+ Various key/value attributes of the object, depending on its type.
+ type: "object"
+ additionalProperties:
+ type: "string"
+ example:
+ com.example.some-label: "some-label-value"
+ image: "alpine:latest"
+ name: "my-container"
+
+ EventMessage:
+ description: |
+ EventMessage represents the information an event contains.
+ type: "object"
+ title: "SystemEventsResponse"
+ properties:
+ Type:
+ description: "The type of object emitting the event"
+ type: "string"
+ enum: ["builder", "config", "container", "daemon", "image", "network", "node", "plugin", "secret", "service", "volume"]
+ example: "container"
+ Action:
+ description: "The type of event"
+ type: "string"
+ example: "create"
+ Actor:
+ $ref: "#/definitions/EventActor"
+ scope:
+ description: |
+ Scope of the event. Engine events are `local` scope. Cluster (Swarm)
+ events are `swarm` scope.
+ type: "string"
+ enum: ["local", "swarm"]
+ time:
+ description: "Timestamp of event"
+ type: "integer"
+ format: "int64"
+ example: 1629574695
+ timeNano:
+ description: "Timestamp of event, with nanosecond accuracy"
+ type: "integer"
+ format: "int64"
+ example: 1629574695515050031
+
+ OCIDescriptor:
+ type: "object"
+ x-go-name: Descriptor
+ description: |
+ A descriptor struct containing digest, media type, and size, as defined in
+ the [OCI Content Descriptors Specification](https://github.com/opencontainers/image-spec/blob/v1.0.1/descriptor.md).
+ properties:
+ mediaType:
+ description: |
+ The media type of the object this schema refers to.
+ type: "string"
+ example: "application/vnd.docker.distribution.manifest.v2+json"
+ digest:
+ description: |
+ The digest of the targeted content.
+ type: "string"
+ example: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+ size:
+ description: |
+ The size in bytes of the blob.
+ type: "integer"
+ format: "int64"
+ example: 3987495
+ # TODO Not yet including these fields for now, as they are nil / omitted in our response.
+ # urls:
+ # description: |
+ # List of URLs from which this object MAY be downloaded.
+ # type: "array"
+ # items:
+ # type: "string"
+ # format: "uri"
+ # annotations:
+ # description: |
+ # Arbitrary metadata relating to the targeted content.
+ # type: "object"
+ # additionalProperties:
+ # type: "string"
+ # platform:
+ # $ref: "#/definitions/OCIPlatform"
+
+ OCIPlatform:
+ type: "object"
+ x-go-name: Platform
+ description: |
+ Describes the platform which the image in the manifest runs on, as defined
+ in the [OCI Image Index Specification](https://github.com/opencontainers/image-spec/blob/v1.0.1/image-index.md).
+ properties:
+ architecture:
+ description: |
+ The CPU architecture, for example `amd64` or `ppc64`.
+ type: "string"
+ example: "arm"
+ os:
+ description: |
+ The operating system, for example `linux` or `windows`.
+ type: "string"
+ example: "windows"
+ os.version:
+ description: |
+ Optional field specifying the operating system version, for example on
+ Windows `10.0.19041.1165`.
+ type: "string"
+ example: "10.0.19041.1165"
+ os.features:
+ description: |
+ Optional field specifying an array of strings, each listing a required
+ OS feature (for example on Windows `win32k`).
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "win32k"
+ variant:
+ description: |
+ Optional field specifying a variant of the CPU, for example `v7` to
+ specify ARMv7 when architecture is `arm`.
+ type: "string"
+ example: "v7"
+
+ DistributionInspect:
+ type: "object"
+ x-go-name: DistributionInspect
+ title: "DistributionInspectResponse"
+ required: [Descriptor, Platforms]
+ description: |
+ Describes the result obtained from contacting the registry to retrieve
+ image metadata.
+ properties:
+ Descriptor:
+ $ref: "#/definitions/OCIDescriptor"
+ Platforms:
+ type: "array"
+ description: |
+ An array containing all platforms supported by the image.
+ items:
+ $ref: "#/definitions/OCIPlatform"
+
+ ClusterVolume:
+ type: "object"
+ description: |
+ Options and information specific to, and only present on, Swarm CSI
+ cluster volumes.
+ properties:
+ ID:
+ type: "string"
+ description: |
+ The Swarm ID of this volume. Because cluster volumes are Swarm
+ objects, they have an ID, unlike non-cluster volumes. This ID can
+ be used to refer to the Volume instead of the name.
+ Version:
+ $ref: "#/definitions/ObjectVersion"
+ CreatedAt:
+ type: "string"
+ format: "dateTime"
+ UpdatedAt:
+ type: "string"
+ format: "dateTime"
+ Spec:
+ $ref: "#/definitions/ClusterVolumeSpec"
+ Info:
+ type: "object"
+ description: |
+ Information about the global status of the volume.
+ properties:
+ CapacityBytes:
+ type: "integer"
+ format: "int64"
+ description: |
+ The capacity of the volume in bytes. A value of 0 indicates that
+ the capacity is unknown.
+ VolumeContext:
+ type: "object"
+ description: |
+ A map of strings to strings returned from the storage plugin when
+ the volume is created.
+ additionalProperties:
+ type: "string"
+ VolumeID:
+ type: "string"
+ description: |
+ The ID of the volume as returned by the CSI storage plugin. This
+ is distinct from the volume's ID as provided by Docker. This ID
+ is never used by the user when communicating with Docker to refer
+ to this volume. If the ID is blank, then the Volume has not been
+ successfully created in the plugin yet.
+ AccessibleTopology:
+ type: "array"
+ description: |
+ The topology this volume is actually accessible from.
+ items:
+ $ref: "#/definitions/Topology"
+ PublishStatus:
+ type: "array"
+ description: |
+ The status of the volume as it pertains to its publishing and use on
+ specific nodes
+ items:
+ type: "object"
+ properties:
+ NodeID:
+ type: "string"
+ description: |
+ The ID of the Swarm node the volume is published on.
+ State:
+ type: "string"
+ description: |
+ The published state of the volume.
+ * `pending-publish` The volume should be published to this node, but the call to the controller plugin to do so has not yet been successfully completed.
+ * `published` The volume is published successfully to the node.
+ * `pending-node-unpublish` The volume should be unpublished from the node, and the manager is awaiting confirmation from the worker that it has done so.
+ * `pending-controller-unpublish` The volume is successfully unpublished from the node, but has not yet been successfully unpublished on the controller.
+ enum:
+ - "pending-publish"
+ - "published"
+ - "pending-node-unpublish"
+ - "pending-controller-unpublish"
+ PublishContext:
+ type: "object"
+ description: |
+ A map of strings to strings returned by the CSI controller
+ plugin when a volume is published.
+ additionalProperties:
+ type: "string"
+
+ ClusterVolumeSpec:
+ type: "object"
+ description: |
+ Cluster-specific options used to create the volume.
+ properties:
+ Group:
+ type: "string"
+ description: |
+ Group defines the volume group of this volume. Volumes belonging to
+ the same group can be referred to by group name when creating
+ Services. Referring to a volume by group instructs Swarm to treat
+ volumes in that group interchangeably for the purpose of scheduling.
+ Volumes with an empty string for a group technically all belong to
+ the same, emptystring group.
+ AccessMode:
+ type: "object"
+ description: |
+ Defines how the volume is used by tasks.
+ properties:
+ Scope:
+ type: "string"
+ description: |
+ The set of nodes this volume can be used on at one time.
+ - `single` The volume may only be scheduled to one node at a time.
+ - `multi` the volume may be scheduled to any supported number of nodes at a time.
+ default: "single"
+ enum: ["single", "multi"]
+ x-nullable: false
+ Sharing:
+ type: "string"
+ description: |
+ The number and way that different tasks can use this volume
+ at one time.
+ - `none` The volume may only be used by one task at a time.
+ - `readonly` The volume may be used by any number of tasks, but they all must mount the volume as readonly
+ - `onewriter` The volume may be used by any number of tasks, but only one may mount it as read/write.
+ - `all` The volume may have any number of readers and writers.
+ default: "none"
+ enum: ["none", "readonly", "onewriter", "all"]
+ x-nullable: false
+ MountVolume:
+ type: "object"
+ description: |
+ Options for using this volume as a Mount-type volume.
+
+ Either MountVolume or BlockVolume, but not both, must be
+ present.
+ properties:
+ FsType:
+ type: "string"
+ description: |
+ Specifies the filesystem type for the mount volume.
+ Optional.
+ MountFlags:
+ type: "array"
+ description: |
+ Flags to pass when mounting the volume. Optional.
+ items:
+ type: "string"
+ BlockVolume:
+ type: "object"
+ description: |
+ Options for using this volume as a Block-type volume.
+ Intentionally empty.
+ Secrets:
+ type: "array"
+ description: |
+ Swarm Secrets that are passed to the CSI storage plugin when
+ operating on this volume.
+ items:
+ type: "object"
+ description: |
+ One cluster volume secret entry. Defines a key-value pair that
+ is passed to the plugin.
+ properties:
+ Key:
+ type: "string"
+ description: |
+ Key is the name of the key of the key-value pair passed to
+ the plugin.
+ Secret:
+ type: "string"
+ description: |
+ Secret is the swarm Secret object from which to read data.
+ This can be a Secret name or ID. The Secret data is
+ retrieved by swarm and used as the value of the key-value
+ pair passed to the plugin.
+ AccessibilityRequirements:
+ type: "object"
+ description: |
+ Requirements for the accessible topology of the volume. These
+ fields are optional. For an in-depth description of what these
+ fields mean, see the CSI specification.
+ properties:
+ Requisite:
+ type: "array"
+ description: |
+ A list of required topologies, at least one of which the
+ volume must be accessible from.
+ items:
+ $ref: "#/definitions/Topology"
+ Preferred:
+ type: "array"
+ description: |
+ A list of topologies that the volume should attempt to be
+ provisioned in.
+ items:
+ $ref: "#/definitions/Topology"
+ CapacityRange:
+ type: "object"
+ description: |
+ The desired capacity that the volume should be created with. If
+ empty, the plugin will decide the capacity.
+ properties:
+ RequiredBytes:
+ type: "integer"
+ format: "int64"
+ description: |
+ The volume must be at least this big. The value of 0
+ indicates an unspecified minimum
+ LimitBytes:
+ type: "integer"
+ format: "int64"
+ description: |
+ The volume must not be bigger than this. The value of 0
+ indicates an unspecified maximum.
+ Availability:
+ type: "string"
+ description: |
+ The availability of the volume for use in tasks.
+ - `active` The volume is fully available for scheduling on the cluster
+ - `pause` No new workloads should use the volume, but existing workloads are not stopped.
+ - `drain` All workloads using this volume should be stopped and rescheduled, and no new ones should be started.
+ default: "active"
+ x-nullable: false
+ enum:
+ - "active"
+ - "pause"
+ - "drain"
+
+ Topology:
+ description: |
+ A map of topological domains to topological segments. For in depth
+ details, see documentation for the Topology object in the CSI
+ specification.
+ type: "object"
+ additionalProperties:
+ type: "string"
+
+ ImageManifestSummary:
+ x-go-name: "ManifestSummary"
+ description: |
+ ImageManifestSummary represents a summary of an image manifest.
+ type: "object"
+ required: ["ID", "Descriptor", "Available", "Size", "Kind"]
+ properties:
+ ID:
+ description: |
+ ID is the content-addressable ID of an image and is the same as the
+ digest of the image manifest.
+ type: "string"
+ example: "sha256:95869fbcf224d947ace8d61d0e931d49e31bb7fc67fffbbe9c3198c33aa8e93f"
+ Descriptor:
+ $ref: "#/definitions/OCIDescriptor"
+ Available:
+ description: Indicates whether all the child content (image config, layers) is fully available locally.
+ type: "boolean"
+ example: true
+ Size:
+ type: "object"
+ x-nullable: false
+ required: ["Content", "Total"]
+ properties:
+ Total:
+ type: "integer"
+ format: "int64"
+ example: 8213251
+ description: |
+ Total is the total size (in bytes) of all the locally present
+ data (both distributable and non-distributable) that's related to
+ this manifest and its children.
+ This equal to the sum of [Content] size AND all the sizes in the
+ [Size] struct present in the Kind-specific data struct.
+ For example, for an image kind (Kind == "image")
+ this would include the size of the image content and unpacked
+ image snapshots ([Size.Content] + [ImageData.Size.Unpacked]).
+ Content:
+ description: |
+ Content is the size (in bytes) of all the locally present
+ content in the content store (e.g. image config, layers)
+ referenced by this manifest and its children.
+ This only includes blobs in the content store.
+ type: "integer"
+ format: "int64"
+ example: 3987495
+ Kind:
+ type: "string"
+ example: "image"
+ enum:
+ - "image"
+ - "attestation"
+ - "unknown"
+ description: |
+ The kind of the manifest.
+
+ kind | description
+ -------------|-----------------------------------------------------------
+ image | Image manifest that can be used to start a container.
+ attestation | Attestation manifest produced by the Buildkit builder for a specific image manifest.
+ ImageData:
+ description: |
+ The image data for the image manifest.
+ This field is only populated when Kind is "image".
+ type: "object"
+ x-nullable: true
+ x-omitempty: true
+ required: ["Platform", "Containers", "Size", "UnpackedSize"]
+ properties:
+ Platform:
+ $ref: "#/definitions/OCIPlatform"
+ description: |
+ OCI platform of the image. This will be the platform specified in the
+ manifest descriptor from the index/manifest list.
+ If it's not available, it will be obtained from the image config.
+ Containers:
+ description: |
+ The IDs of the containers that are using this image.
+ type: "array"
+ items:
+ type: "string"
+ example: ["ede54ee1fda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c7430", "abadbce344c096744d8d6071a90d474d28af8f1034b5ea9fb03c3f4bfc6d005e"]
+ Size:
+ type: "object"
+ x-nullable: false
+ required: ["Unpacked"]
+ properties:
+ Unpacked:
+ type: "integer"
+ format: "int64"
+ example: 3987495
+ description: |
+ Unpacked is the size (in bytes) of the locally unpacked
+ (uncompressed) image content that's directly usable by the containers
+ running this image.
+ It's independent of the distributable content - e.g.
+ the image might still have an unpacked data that's still used by
+ some container even when the distributable/compressed content is
+ already gone.
+ AttestationData:
+ description: |
+ The image data for the attestation manifest.
+ This field is only populated when Kind is "attestation".
+ type: "object"
+ x-nullable: true
+ x-omitempty: true
+ required: ["For"]
+ properties:
+ For:
+ description: |
+ The digest of the image manifest that this attestation is for.
+ type: "string"
+ example: "sha256:95869fbcf224d947ace8d61d0e931d49e31bb7fc67fffbbe9c3198c33aa8e93f"
+
+paths:
+ /containers/json:
+ get:
+ summary: "List containers"
+ description: |
+ Returns a list of containers. For details on the format, see the
+ [inspect endpoint](#operation/ContainerInspect).
+
+ Note that it uses a different, smaller representation of a container
+ than inspecting a single container. For example, the list of linked
+ containers is not propagated .
+ operationId: "ContainerList"
+ produces:
+ - "application/json"
+ parameters:
+ - name: "all"
+ in: "query"
+ description: |
+ Return all containers. By default, only running containers are shown.
+ type: "boolean"
+ default: false
+ - name: "limit"
+ in: "query"
+ description: |
+ Return this number of most recently created containers, including
+ non-running ones.
+ type: "integer"
+ - name: "size"
+ in: "query"
+ description: |
+ Return the size of container as fields `SizeRw` and `SizeRootFs`.
+ type: "boolean"
+ default: false
+ - name: "filters"
+ in: "query"
+ description: |
+ Filters to process on the container list, encoded as JSON (a
+ `map[string][]string`). For example, `{"status": ["paused"]}` will
+ only return paused containers.
+
+ Available filters:
+
+ - `ancestor`=(`[:]`, ``, or ``)
+ - `before`=(`` or ``)
+ - `expose`=(`[/]`|`/[]`)
+ - `exited=` containers with exit code of ``
+ - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+ - `id=` a container's ID
+ - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+ - `is-task=`(`true`|`false`)
+ - `label=key` or `label="key=value"` of a container label
+ - `name=` a container's name
+ - `network`=(`` or ``)
+ - `publish`=(`[/]`|`/[]`)
+ - `since`=(`` or ``)
+ - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+ - `volume`=(`` or ``)
+ type: "string"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/ContainerSummary"
+ examples:
+ application/json:
+ - Id: "8dfafdbc3a40"
+ Names:
+ - "/boring_feynman"
+ Image: "ubuntu:latest"
+ ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+ Command: "echo 1"
+ Created: 1367854155
+ State: "Exited"
+ Status: "Exit 0"
+ Ports:
+ - PrivatePort: 2222
+ PublicPort: 3333
+ Type: "tcp"
+ Labels:
+ com.example.vendor: "Acme"
+ com.example.license: "GPL"
+ com.example.version: "1.0"
+ SizeRw: 12288
+ SizeRootFs: 0
+ HostConfig:
+ NetworkMode: "default"
+ Annotations:
+ io.kubernetes.docker.type: "container"
+ NetworkSettings:
+ Networks:
+ bridge:
+ NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+ EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
+ Gateway: "172.17.0.1"
+ IPAddress: "172.17.0.2"
+ IPPrefixLen: 16
+ IPv6Gateway: ""
+ GlobalIPv6Address: ""
+ GlobalIPv6PrefixLen: 0
+ MacAddress: "02:42:ac:11:00:02"
+ Mounts:
+ - Name: "fac362...80535"
+ Source: "/data"
+ Destination: "/data"
+ Driver: "local"
+ Mode: "ro,Z"
+ RW: false
+ Propagation: ""
+ - Id: "9cd87474be90"
+ Names:
+ - "/coolName"
+ Image: "ubuntu:latest"
+ ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+ Command: "echo 222222"
+ Created: 1367854155
+ State: "Exited"
+ Status: "Exit 0"
+ Ports: []
+ Labels: {}
+ SizeRw: 12288
+ SizeRootFs: 0
+ HostConfig:
+ NetworkMode: "default"
+ Annotations:
+ io.kubernetes.docker.type: "container"
+ io.kubernetes.sandbox.id: "3befe639bed0fd6afdd65fd1fa84506756f59360ec4adc270b0fdac9be22b4d3"
+ NetworkSettings:
+ Networks:
+ bridge:
+ NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+ EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
+ Gateway: "172.17.0.1"
+ IPAddress: "172.17.0.8"
+ IPPrefixLen: 16
+ IPv6Gateway: ""
+ GlobalIPv6Address: ""
+ GlobalIPv6PrefixLen: 0
+ MacAddress: "02:42:ac:11:00:08"
+ Mounts: []
+ - Id: "3176a2479c92"
+ Names:
+ - "/sleepy_dog"
+ Image: "ubuntu:latest"
+ ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+ Command: "echo 3333333333333333"
+ Created: 1367854154
+ State: "Exited"
+ Status: "Exit 0"
+ Ports: []
+ Labels: {}
+ SizeRw: 12288
+ SizeRootFs: 0
+ HostConfig:
+ NetworkMode: "default"
+ Annotations:
+ io.kubernetes.image.id: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+ io.kubernetes.image.name: "ubuntu:latest"
+ NetworkSettings:
+ Networks:
+ bridge:
+ NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+ EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
+ Gateway: "172.17.0.1"
+ IPAddress: "172.17.0.6"
+ IPPrefixLen: 16
+ IPv6Gateway: ""
+ GlobalIPv6Address: ""
+ GlobalIPv6PrefixLen: 0
+ MacAddress: "02:42:ac:11:00:06"
+ Mounts: []
+ - Id: "4cb07b47f9fb"
+ Names:
+ - "/running_cat"
+ Image: "ubuntu:latest"
+ ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
+ Command: "echo 444444444444444444444444444444444"
+ Created: 1367854152
+ State: "Exited"
+ Status: "Exit 0"
+ Ports: []
+ Labels: {}
+ SizeRw: 12288
+ SizeRootFs: 0
+ HostConfig:
+ NetworkMode: "default"
+ Annotations:
+ io.kubernetes.config.source: "api"
+ NetworkSettings:
+ Networks:
+ bridge:
+ NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+ EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
+ Gateway: "172.17.0.1"
+ IPAddress: "172.17.0.5"
+ IPPrefixLen: 16
+ IPv6Gateway: ""
+ GlobalIPv6Address: ""
+ GlobalIPv6PrefixLen: 0
+ MacAddress: "02:42:ac:11:00:05"
+ Mounts: []
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Container"]
+ /containers/create:
+ post:
+ summary: "Create a container"
+ operationId: "ContainerCreate"
+ consumes:
+ - "application/json"
+ - "application/octet-stream"
+ produces:
+ - "application/json"
+ parameters:
+ - name: "name"
+ in: "query"
+ description: |
+ Assign the specified name to the container. Must match
+ `/?[a-zA-Z0-9][a-zA-Z0-9_.-]+`.
+ type: "string"
+ pattern: "^/?[a-zA-Z0-9][a-zA-Z0-9_.-]+$"
+ - name: "platform"
+ in: "query"
+ description: |
+ Platform in the format `os[/arch[/variant]]` used for image lookup.
+
+ When specified, the daemon checks if the requested image is present
+ in the local image cache with the given OS and Architecture, and
+ otherwise returns a `404` status.
+
+ If the option is not set, the host's native OS and Architecture are
+ used to look up the image in the image cache. However, if no platform
+ is passed and the given image does exist in the local image cache,
+ but its OS or architecture does not match, the container is created
+ with the available image, and a warning is added to the `Warnings`
+ field in the response, for example;
+
+ WARNING: The requested image's platform (linux/arm64/v8) does not
+ match the detected host platform (linux/amd64) and no
+ specific platform was requested
+
+ type: "string"
+ default: ""
+ - name: "body"
+ in: "body"
+ description: "Container to create"
+ schema:
+ allOf:
+ - $ref: "#/definitions/ContainerConfig"
+ - type: "object"
+ properties:
+ HostConfig:
+ $ref: "#/definitions/HostConfig"
+ NetworkingConfig:
+ $ref: "#/definitions/NetworkingConfig"
+ example:
+ Hostname: ""
+ Domainname: ""
+ User: ""
+ AttachStdin: false
+ AttachStdout: true
+ AttachStderr: true
+ Tty: false
+ OpenStdin: false
+ StdinOnce: false
+ Env:
+ - "FOO=bar"
+ - "BAZ=quux"
+ Cmd:
+ - "date"
+ Entrypoint: ""
+ Image: "ubuntu"
+ Labels:
+ com.example.vendor: "Acme"
+ com.example.license: "GPL"
+ com.example.version: "1.0"
+ Volumes:
+ /volumes/data: {}
+ WorkingDir: ""
+ NetworkDisabled: false
+ MacAddress: "12:34:56:78:9a:bc"
+ ExposedPorts:
+ 22/tcp: {}
+ StopSignal: "SIGTERM"
+ StopTimeout: 10
+ HostConfig:
+ Binds:
+ - "/tmp:/tmp"
+ Links:
+ - "redis3:redis"
+ Memory: 0
+ MemorySwap: 0
+ MemoryReservation: 0
+ NanoCpus: 500000
+ CpuPercent: 80
+ CpuShares: 512
+ CpuPeriod: 100000
+ CpuRealtimePeriod: 1000000
+ CpuRealtimeRuntime: 10000
+ CpuQuota: 50000
+ CpusetCpus: "0,1"
+ CpusetMems: "0,1"
+ MaximumIOps: 0
+ MaximumIOBps: 0
+ BlkioWeight: 300
+ BlkioWeightDevice:
+ - {}
+ BlkioDeviceReadBps:
+ - {}
+ BlkioDeviceReadIOps:
+ - {}
+ BlkioDeviceWriteBps:
+ - {}
+ BlkioDeviceWriteIOps:
+ - {}
+ DeviceRequests:
+ - Driver: "nvidia"
+ Count: -1
+ DeviceIDs": ["0", "1", "GPU-fef8089b-4820-abfc-e83e-94318197576e"]
+ Capabilities: [["gpu", "nvidia", "compute"]]
+ Options:
+ property1: "string"
+ property2: "string"
+ MemorySwappiness: 60
+ OomKillDisable: false
+ OomScoreAdj: 500
+ PidMode: ""
+ PidsLimit: 0
+ PortBindings:
+ 22/tcp:
+ - HostPort: "11022"
+ PublishAllPorts: false
+ Privileged: false
+ ReadonlyRootfs: false
+ Dns:
+ - "8.8.8.8"
+ DnsOptions:
+ - ""
+ DnsSearch:
+ - ""
+ VolumesFrom:
+ - "parent"
+ - "other:ro"
+ CapAdd:
+ - "NET_ADMIN"
+ CapDrop:
+ - "MKNOD"
+ GroupAdd:
+ - "newgroup"
+ RestartPolicy:
+ Name: ""
+ MaximumRetryCount: 0
+ AutoRemove: true
+ NetworkMode: "bridge"
+ Devices: []
+ Ulimits:
+ - {}
+ LogConfig:
+ Type: "json-file"
+ Config: {}
+ SecurityOpt: []
+ StorageOpt: {}
+ CgroupParent: ""
+ VolumeDriver: ""
+ ShmSize: 67108864
+ NetworkingConfig:
+ EndpointsConfig:
+ isolated_nw:
+ IPAMConfig:
+ IPv4Address: "172.20.30.33"
+ IPv6Address: "2001:db8:abcd::3033"
+ LinkLocalIPs:
+ - "169.254.34.68"
+ - "fe80::3468"
+ Links:
+ - "container_1"
+ - "container_2"
+ Aliases:
+ - "server_x"
+ - "server_y"
+ database_nw: {}
+
+ required: true
+ responses:
+ 201:
+ description: "Container created successfully"
+ schema:
+ $ref: "#/definitions/ContainerCreateResponse"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such image"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such image: c2ada9df5af8"
+ 409:
+ description: "conflict"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Container"]
+ /containers/{id}/json:
+ get:
+ summary: "Inspect a container"
+ description: "Return low-level information about a container."
+ operationId: "ContainerInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "object"
+ title: "ContainerInspectResponse"
+ properties:
+ Id:
+ description: "The ID of the container"
+ type: "string"
+ Created:
+ description: "The time the container was created"
+ type: "string"
+ Path:
+ description: "The path to the command being run"
+ type: "string"
+ Args:
+ description: "The arguments to the command being run"
+ type: "array"
+ items:
+ type: "string"
+ State:
+ $ref: "#/definitions/ContainerState"
+ Image:
+ description: "The container's image ID"
+ type: "string"
+ ResolvConfPath:
+ type: "string"
+ HostnamePath:
+ type: "string"
+ HostsPath:
+ type: "string"
+ LogPath:
+ type: "string"
+ Name:
+ type: "string"
+ RestartCount:
+ type: "integer"
+ Driver:
+ type: "string"
+ Platform:
+ type: "string"
+ MountLabel:
+ type: "string"
+ ProcessLabel:
+ type: "string"
+ AppArmorProfile:
+ type: "string"
+ ExecIDs:
+ description: "IDs of exec instances that are running in the container."
+ type: "array"
+ items:
+ type: "string"
+ x-nullable: true
+ HostConfig:
+ $ref: "#/definitions/HostConfig"
+ GraphDriver:
+ $ref: "#/definitions/DriverData"
+ SizeRw:
+ description: |
+ The size of files that have been created or changed by this
+ container.
+ type: "integer"
+ format: "int64"
+ SizeRootFs:
+ description: "The total size of all the files in this container."
+ type: "integer"
+ format: "int64"
+ Mounts:
+ type: "array"
+ items:
+ $ref: "#/definitions/MountPoint"
+ Config:
+ $ref: "#/definitions/ContainerConfig"
+ NetworkSettings:
+ $ref: "#/definitions/NetworkSettings"
+ examples:
+ application/json:
+ AppArmorProfile: ""
+ Args:
+ - "-c"
+ - "exit 9"
+ Config:
+ AttachStderr: true
+ AttachStdin: false
+ AttachStdout: true
+ Cmd:
+ - "/bin/sh"
+ - "-c"
+ - "exit 9"
+ Domainname: ""
+ Env:
+ - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+ Healthcheck:
+ Test: ["CMD-SHELL", "exit 0"]
+ Hostname: "ba033ac44011"
+ Image: "ubuntu"
+ Labels:
+ com.example.vendor: "Acme"
+ com.example.license: "GPL"
+ com.example.version: "1.0"
+ MacAddress: ""
+ NetworkDisabled: false
+ OpenStdin: false
+ StdinOnce: false
+ Tty: false
+ User: ""
+ Volumes:
+ /volumes/data: {}
+ WorkingDir: ""
+ StopSignal: "SIGTERM"
+ StopTimeout: 10
+ Created: "2015-01-06T15:47:31.485331387Z"
+ Driver: "overlay2"
+ ExecIDs:
+ - "b35395de42bc8abd327f9dd65d913b9ba28c74d2f0734eeeae84fa1c616a0fca"
+ - "3fc1232e5cd20c8de182ed81178503dc6437f4e7ef12b52cc5e8de020652f1c4"
+ HostConfig:
+ MaximumIOps: 0
+ MaximumIOBps: 0
+ BlkioWeight: 0
+ BlkioWeightDevice:
+ - {}
+ BlkioDeviceReadBps:
+ - {}
+ BlkioDeviceWriteBps:
+ - {}
+ BlkioDeviceReadIOps:
+ - {}
+ BlkioDeviceWriteIOps:
+ - {}
+ ContainerIDFile: ""
+ CpusetCpus: ""
+ CpusetMems: ""
+ CpuPercent: 80
+ CpuShares: 0
+ CpuPeriod: 100000
+ CpuRealtimePeriod: 1000000
+ CpuRealtimeRuntime: 10000
+ Devices: []
+ DeviceRequests:
+ - Driver: "nvidia"
+ Count: -1
+ DeviceIDs": ["0", "1", "GPU-fef8089b-4820-abfc-e83e-94318197576e"]
+ Capabilities: [["gpu", "nvidia", "compute"]]
+ Options:
+ property1: "string"
+ property2: "string"
+ IpcMode: ""
+ Memory: 0
+ MemorySwap: 0
+ MemoryReservation: 0
+ OomKillDisable: false
+ OomScoreAdj: 500
+ NetworkMode: "bridge"
+ PidMode: ""
+ PortBindings: {}
+ Privileged: false
+ ReadonlyRootfs: false
+ PublishAllPorts: false
+ RestartPolicy:
+ MaximumRetryCount: 2
+ Name: "on-failure"
+ LogConfig:
+ Type: "json-file"
+ Sysctls:
+ net.ipv4.ip_forward: "1"
+ Ulimits:
+ - {}
+ VolumeDriver: ""
+ ShmSize: 67108864
+ HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
+ HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
+ LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
+ Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
+ Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
+ MountLabel: ""
+ Name: "/boring_euclid"
+ NetworkSettings:
+ Bridge: ""
+ SandboxID: ""
+ HairpinMode: false
+ LinkLocalIPv6Address: ""
+ LinkLocalIPv6PrefixLen: 0
+ SandboxKey: ""
+ EndpointID: ""
+ Gateway: ""
+ GlobalIPv6Address: ""
+ GlobalIPv6PrefixLen: 0
+ IPAddress: ""
+ IPPrefixLen: 0
+ IPv6Gateway: ""
+ MacAddress: ""
+ Networks:
+ bridge:
+ NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
+ EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
+ Gateway: "172.17.0.1"
+ IPAddress: "172.17.0.2"
+ IPPrefixLen: 16
+ IPv6Gateway: ""
+ GlobalIPv6Address: ""
+ GlobalIPv6PrefixLen: 0
+ MacAddress: "02:42:ac:12:00:02"
+ Path: "/bin/sh"
+ ProcessLabel: ""
+ ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
+ RestartCount: 1
+ State:
+ Error: ""
+ ExitCode: 9
+ FinishedAt: "2015-01-06T15:47:32.080254511Z"
+ Health:
+ Status: "healthy"
+ FailingStreak: 0
+ Log:
+ - Start: "2019-12-22T10:59:05.6385933Z"
+ End: "2019-12-22T10:59:05.8078452Z"
+ ExitCode: 0
+ Output: ""
+ OOMKilled: false
+ Dead: false
+ Paused: false
+ Pid: 0
+ Restarting: false
+ Running: true
+ StartedAt: "2015-01-06T15:47:32.072697474Z"
+ Status: "running"
+ Mounts:
+ - Name: "fac362...80535"
+ Source: "/data"
+ Destination: "/data"
+ Driver: "local"
+ Mode: "ro,Z"
+ RW: false
+ Propagation: ""
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "size"
+ in: "query"
+ type: "boolean"
+ default: false
+ description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+ tags: ["Container"]
+ /containers/{id}/top:
+ get:
+ summary: "List processes running inside a container"
+ description: |
+ On Unix systems, this is done by running the `ps` command. This endpoint
+ is not supported on Windows.
+ operationId: "ContainerTop"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "object"
+ title: "ContainerTopResponse"
+ description: "OK response to ContainerTop operation"
+ properties:
+ Titles:
+ description: "The ps column titles"
+ type: "array"
+ items:
+ type: "string"
+ Processes:
+ description: |
+ Each process running in the container, where each is process
+ is an array of values corresponding to the titles.
+ type: "array"
+ items:
+ type: "array"
+ items:
+ type: "string"
+ examples:
+ application/json:
+ Titles:
+ - "UID"
+ - "PID"
+ - "PPID"
+ - "C"
+ - "STIME"
+ - "TTY"
+ - "TIME"
+ - "CMD"
+ Processes:
+ -
+ - "root"
+ - "13642"
+ - "882"
+ - "0"
+ - "17:03"
+ - "pts/0"
+ - "00:00:00"
+ - "/bin/bash"
+ -
+ - "root"
+ - "13735"
+ - "13642"
+ - "0"
+ - "17:06"
+ - "pts/0"
+ - "00:00:00"
+ - "sleep 10"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "ps_args"
+ in: "query"
+ description: "The arguments to pass to `ps`. For example, `aux`"
+ type: "string"
+ default: "-ef"
+ tags: ["Container"]
+ /containers/{id}/logs:
+ get:
+ summary: "Get container logs"
+ description: |
+ Get `stdout` and `stderr` logs from a container.
+
+ Note: This endpoint works only for containers with the `json-file` or
+ `journald` logging driver.
+ produces:
+ - "application/vnd.docker.raw-stream"
+ - "application/vnd.docker.multiplexed-stream"
+ operationId: "ContainerLogs"
+ responses:
+ 200:
+ description: |
+ logs returned as a stream in response body.
+ For the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+ Note that unlike the attach endpoint, the logs endpoint does not
+ upgrade the connection and does not set Content-Type.
+ schema:
+ type: "string"
+ format: "binary"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "follow"
+ in: "query"
+ description: "Keep connection after returning logs."
+ type: "boolean"
+ default: false
+ - name: "stdout"
+ in: "query"
+ description: "Return logs from `stdout`"
+ type: "boolean"
+ default: false
+ - name: "stderr"
+ in: "query"
+ description: "Return logs from `stderr`"
+ type: "boolean"
+ default: false
+ - name: "since"
+ in: "query"
+ description: "Only return logs since this time, as a UNIX timestamp"
+ type: "integer"
+ default: 0
+ - name: "until"
+ in: "query"
+ description: "Only return logs before this time, as a UNIX timestamp"
+ type: "integer"
+ default: 0
+ - name: "timestamps"
+ in: "query"
+ description: "Add timestamps to every log line"
+ type: "boolean"
+ default: false
+ - name: "tail"
+ in: "query"
+ description: |
+ Only return this number of log lines from the end of the logs.
+ Specify as an integer or `all` to output all log lines.
+ type: "string"
+ default: "all"
+ tags: ["Container"]
+ /containers/{id}/changes:
+ get:
+ summary: "Get changes on a container’s filesystem"
+ description: |
+ Returns which files in a container's filesystem have been added, deleted,
+ or modified. The `Kind` of modification can be one of:
+
+ - `0`: Modified ("C")
+ - `1`: Added ("A")
+ - `2`: Deleted ("D")
+ operationId: "ContainerChanges"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "The list of changes"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/FilesystemChange"
+ examples:
+ application/json:
+ - Path: "/dev"
+ Kind: 0
+ - Path: "/dev/kmsg"
+ Kind: 1
+ - Path: "/test"
+ Kind: 1
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ tags: ["Container"]
+ /containers/{id}/export:
+ get:
+ summary: "Export a container"
+ description: "Export the contents of a container as a tarball."
+ operationId: "ContainerExport"
+ produces:
+ - "application/octet-stream"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ tags: ["Container"]
+ /containers/{id}/stats:
+ get:
+ summary: "Get container stats based on resource usage"
+ description: |
+ This endpoint returns a live stream of a container’s resource usage
+ statistics.
+
+ The `precpu_stats` is the CPU statistic of the *previous* read, and is
+ used to calculate the CPU usage percentage. It is not an exact copy
+ of the `cpu_stats` field.
+
+ If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+ nil then for compatibility with older daemons the length of the
+ corresponding `cpu_usage.percpu_usage` array should be used.
+
+ On a cgroup v2 host, the following fields are not set
+ * `blkio_stats`: all fields other than `io_service_bytes_recursive`
+ * `cpu_stats`: `cpu_usage.percpu_usage`
+ * `memory_stats`: `max_usage` and `failcnt`
+ Also, `memory_stats.stats` fields are incompatible with cgroup v1.
+
+ To calculate the values shown by the `stats` command of the docker cli tool
+ the following formulas can be used:
+ * used_memory = `memory_stats.usage - memory_stats.stats.cache`
+ * available_memory = `memory_stats.limit`
+ * Memory usage % = `(used_memory / available_memory) * 100.0`
+ * cpu_delta = `cpu_stats.cpu_usage.total_usage - precpu_stats.cpu_usage.total_usage`
+ * system_cpu_delta = `cpu_stats.system_cpu_usage - precpu_stats.system_cpu_usage`
+ * number_cpus = `length(cpu_stats.cpu_usage.percpu_usage)` or `cpu_stats.online_cpus`
+ * CPU usage % = `(cpu_delta / system_cpu_delta) * number_cpus * 100.0`
+ operationId: "ContainerStats"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "object"
+ examples:
+ application/json:
+ read: "2015-01-08T22:57:31.547920715Z"
+ pids_stats:
+ current: 3
+ networks:
+ eth0:
+ rx_bytes: 5338
+ rx_dropped: 0
+ rx_errors: 0
+ rx_packets: 36
+ tx_bytes: 648
+ tx_dropped: 0
+ tx_errors: 0
+ tx_packets: 8
+ eth5:
+ rx_bytes: 4641
+ rx_dropped: 0
+ rx_errors: 0
+ rx_packets: 26
+ tx_bytes: 690
+ tx_dropped: 0
+ tx_errors: 0
+ tx_packets: 9
+ memory_stats:
+ stats:
+ total_pgmajfault: 0
+ cache: 0
+ mapped_file: 0
+ total_inactive_file: 0
+ pgpgout: 414
+ rss: 6537216
+ total_mapped_file: 0
+ writeback: 0
+ unevictable: 0
+ pgpgin: 477
+ total_unevictable: 0
+ pgmajfault: 0
+ total_rss: 6537216
+ total_rss_huge: 6291456
+ total_writeback: 0
+ total_inactive_anon: 0
+ rss_huge: 6291456
+ hierarchical_memory_limit: 67108864
+ total_pgfault: 964
+ total_active_file: 0
+ active_anon: 6537216
+ total_active_anon: 6537216
+ total_pgpgout: 414
+ total_cache: 0
+ inactive_anon: 0
+ active_file: 0
+ pgfault: 964
+ inactive_file: 0
+ total_pgpgin: 477
+ max_usage: 6651904
+ usage: 6537216
+ failcnt: 0
+ limit: 67108864
+ blkio_stats: {}
+ cpu_stats:
+ cpu_usage:
+ percpu_usage:
+ - 8646879
+ - 24472255
+ - 36438778
+ - 30657443
+ usage_in_usermode: 50000000
+ total_usage: 100215355
+ usage_in_kernelmode: 30000000
+ system_cpu_usage: 739306590000000
+ online_cpus: 4
+ throttling_data:
+ periods: 0
+ throttled_periods: 0
+ throttled_time: 0
+ precpu_stats:
+ cpu_usage:
+ percpu_usage:
+ - 8646879
+ - 24350896
+ - 36438778
+ - 30657443
+ usage_in_usermode: 50000000
+ total_usage: 100093996
+ usage_in_kernelmode: 30000000
+ system_cpu_usage: 9492140000000
+ online_cpus: 4
+ throttling_data:
+ periods: 0
+ throttled_periods: 0
+ throttled_time: 0
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "stream"
+ in: "query"
+ description: |
+ Stream the output. If false, the stats will be output once and then
+ it will disconnect.
+ type: "boolean"
+ default: true
+ - name: "one-shot"
+ in: "query"
+ description: |
+ Only get a single stat instead of waiting for 2 cycles. Must be used
+ with `stream=false`.
+ type: "boolean"
+ default: false
+ tags: ["Container"]
+ /containers/{id}/resize:
+ post:
+ summary: "Resize a container TTY"
+ description: "Resize the TTY for a container."
+ operationId: "ContainerResize"
+ consumes:
+ - "application/octet-stream"
+ produces:
+ - "text/plain"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "cannot resize container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "h"
+ in: "query"
+ description: "Height of the TTY session in characters"
+ type: "integer"
+ - name: "w"
+ in: "query"
+ description: "Width of the TTY session in characters"
+ type: "integer"
+ tags: ["Container"]
+ /containers/{id}/start:
+ post:
+ summary: "Start a container"
+ operationId: "ContainerStart"
+ responses:
+ 204:
+ description: "no error"
+ 304:
+ description: "container already started"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "detachKeys"
+ in: "query"
+ description: |
+ Override the key sequence for detaching a container. Format is a
+ single character `[a-Z]` or `ctrl-` where `` is one
+ of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+ type: "string"
+ tags: ["Container"]
+ /containers/{id}/stop:
+ post:
+ summary: "Stop a container"
+ operationId: "ContainerStop"
+ responses:
+ 204:
+ description: "no error"
+ 304:
+ description: "container already stopped"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "signal"
+ in: "query"
+ description: |
+ Signal to send to the container as an integer or string (e.g. `SIGINT`).
+ type: "string"
+ - name: "t"
+ in: "query"
+ description: "Number of seconds to wait before killing the container"
+ type: "integer"
+ tags: ["Container"]
+ /containers/{id}/restart:
+ post:
+ summary: "Restart a container"
+ operationId: "ContainerRestart"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "signal"
+ in: "query"
+ description: |
+ Signal to send to the container as an integer or string (e.g. `SIGINT`).
+ type: "string"
+ - name: "t"
+ in: "query"
+ description: "Number of seconds to wait before killing the container"
+ type: "integer"
+ tags: ["Container"]
+ /containers/{id}/kill:
+ post:
+ summary: "Kill a container"
+ description: |
+ Send a POSIX signal to a container, defaulting to killing to the
+ container.
+ operationId: "ContainerKill"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 409:
+ description: "container is not running"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "Container d37cde0fe4ad63c3a7252023b2f9800282894247d145cb5933ddf6e52cc03a28 is not running"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "signal"
+ in: "query"
+ description: |
+ Signal to send to the container as an integer or string (e.g. `SIGINT`).
+ type: "string"
+ default: "SIGKILL"
+ tags: ["Container"]
+ /containers/{id}/update:
+ post:
+ summary: "Update a container"
+ description: |
+ Change various configuration options of a container without having to
+ recreate it.
+ operationId: "ContainerUpdate"
+ consumes: ["application/json"]
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "The container has been updated."
+ schema:
+ type: "object"
+ title: "ContainerUpdateResponse"
+ description: "OK response to ContainerUpdate operation"
+ properties:
+ Warnings:
+ type: "array"
+ items:
+ type: "string"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "update"
+ in: "body"
+ required: true
+ schema:
+ allOf:
+ - $ref: "#/definitions/Resources"
+ - type: "object"
+ properties:
+ RestartPolicy:
+ $ref: "#/definitions/RestartPolicy"
+ example:
+ BlkioWeight: 300
+ CpuShares: 512
+ CpuPeriod: 100000
+ CpuQuota: 50000
+ CpuRealtimePeriod: 1000000
+ CpuRealtimeRuntime: 10000
+ CpusetCpus: "0,1"
+ CpusetMems: "0"
+ Memory: 314572800
+ MemorySwap: 514288000
+ MemoryReservation: 209715200
+ RestartPolicy:
+ MaximumRetryCount: 4
+ Name: "on-failure"
+ tags: ["Container"]
+ /containers/{id}/rename:
+ post:
+ summary: "Rename a container"
+ operationId: "ContainerRename"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 409:
+ description: "name already in use"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "name"
+ in: "query"
+ required: true
+ description: "New name for the container"
+ type: "string"
+ tags: ["Container"]
+ /containers/{id}/pause:
+ post:
+ summary: "Pause a container"
+ description: |
+ Use the freezer cgroup to suspend all processes in a container.
+
+ Traditionally, when suspending a process the `SIGSTOP` signal is used,
+ which is observable by the process being suspended. With the freezer
+ cgroup the process is unaware, and unable to capture, that it is being
+ suspended, and subsequently resumed.
+ operationId: "ContainerPause"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ tags: ["Container"]
+ /containers/{id}/unpause:
+ post:
+ summary: "Unpause a container"
+ description: "Resume a container which has been paused."
+ operationId: "ContainerUnpause"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ tags: ["Container"]
+ /containers/{id}/attach:
+ post:
+ summary: "Attach to a container"
+ description: |
+ Attach to a container to read its output or send it input. You can attach
+ to the same container multiple times and you can reattach to containers
+ that have been detached.
+
+ Either the `stream` or `logs` parameter must be `true` for this endpoint
+ to do anything.
+
+ See the [documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/)
+ for more details.
+
+ ### Hijacking
+
+ This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`,
+ and `stderr` on the same socket.
+
+ This is the response from the daemon for an attach request:
+
+ ```
+ HTTP/1.1 200 OK
+ Content-Type: application/vnd.docker.raw-stream
+
+ [STREAM]
+ ```
+
+ After the headers and two new lines, the TCP connection can now be used
+ for raw, bidirectional communication between the client and server.
+
+ To hint potential proxies about connection hijacking, the Docker client
+ can also optionally send connection upgrade headers.
+
+ For example, the client sends this request to upgrade the connection:
+
+ ```
+ POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+ Upgrade: tcp
+ Connection: Upgrade
+ ```
+
+ The Docker daemon will respond with a `101 UPGRADED` response, and will
+ similarly follow with the raw stream:
+
+ ```
+ HTTP/1.1 101 UPGRADED
+ Content-Type: application/vnd.docker.raw-stream
+ Connection: Upgrade
+ Upgrade: tcp
+
+ [STREAM]
+ ```
+
+ ### Stream format
+
+ When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate),
+ the HTTP Content-Type header is set to application/vnd.docker.multiplexed-stream
+ and the stream over the hijacked connected is multiplexed to separate out
+ `stdout` and `stderr`. The stream consists of a series of frames, each
+ containing a header and a payload.
+
+ The header contains the information which the stream writes (`stdout` or
+ `stderr`). It also contains the size of the associated frame encoded in
+ the last four bytes (`uint32`).
+
+ It is encoded on the first eight bytes like this:
+
+ ```go
+ header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+ ```
+
+ `STREAM_TYPE` can be:
+
+ - 0: `stdin` (is written on `stdout`)
+ - 1: `stdout`
+ - 2: `stderr`
+
+ `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size
+ encoded as big endian.
+
+ Following the header is the payload, which is the specified number of
+ bytes of `STREAM_TYPE`.
+
+ The simplest way to implement this protocol is the following:
+
+ 1. Read 8 bytes.
+ 2. Choose `stdout` or `stderr` depending on the first byte.
+ 3. Extract the frame size from the last four bytes.
+ 4. Read the extracted size and output it on the correct output.
+ 5. Goto 1.
+
+ ### Stream format when using a TTY
+
+ When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate),
+ the stream is not multiplexed. The data exchanged over the hijacked
+ connection is simply the raw data from the process PTY and client's
+ `stdin`.
+
+ operationId: "ContainerAttach"
+ produces:
+ - "application/vnd.docker.raw-stream"
+ - "application/vnd.docker.multiplexed-stream"
+ responses:
+ 101:
+ description: "no error, hints proxy about hijacking"
+ 200:
+ description: "no error, no upgrade header found"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "detachKeys"
+ in: "query"
+ description: |
+ Override the key sequence for detaching a container.Format is a single
+ character `[a-Z]` or `ctrl-` where `` is one of: `a-z`,
+ `@`, `^`, `[`, `,` or `_`.
+ type: "string"
+ - name: "logs"
+ in: "query"
+ description: |
+ Replay previous logs from the container.
+
+ This is useful for attaching to a container that has started and you
+ want to output everything since the container started.
+
+ If `stream` is also enabled, once all the previous output has been
+ returned, it will seamlessly transition into streaming current
+ output.
+ type: "boolean"
+ default: false
+ - name: "stream"
+ in: "query"
+ description: |
+ Stream attached streams from the time the request was made onwards.
+ type: "boolean"
+ default: false
+ - name: "stdin"
+ in: "query"
+ description: "Attach to `stdin`"
+ type: "boolean"
+ default: false
+ - name: "stdout"
+ in: "query"
+ description: "Attach to `stdout`"
+ type: "boolean"
+ default: false
+ - name: "stderr"
+ in: "query"
+ description: "Attach to `stderr`"
+ type: "boolean"
+ default: false
+ tags: ["Container"]
+ /containers/{id}/attach/ws:
+ get:
+ summary: "Attach to a container via a websocket"
+ operationId: "ContainerAttachWebsocket"
+ responses:
+ 101:
+ description: "no error, hints proxy about hijacking"
+ 200:
+ description: "no error, no upgrade header found"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "detachKeys"
+ in: "query"
+ description: |
+ Override the key sequence for detaching a container.Format is a single
+ character `[a-Z]` or `ctrl-` where `` is one of: `a-z`,
+ `@`, `^`, `[`, `,`, or `_`.
+ type: "string"
+ - name: "logs"
+ in: "query"
+ description: "Return logs"
+ type: "boolean"
+ default: false
+ - name: "stream"
+ in: "query"
+ description: "Return stream"
+ type: "boolean"
+ default: false
+ - name: "stdin"
+ in: "query"
+ description: "Attach to `stdin`"
+ type: "boolean"
+ default: false
+ - name: "stdout"
+ in: "query"
+ description: "Attach to `stdout`"
+ type: "boolean"
+ default: false
+ - name: "stderr"
+ in: "query"
+ description: "Attach to `stderr`"
+ type: "boolean"
+ default: false
+ tags: ["Container"]
+ /containers/{id}/wait:
+ post:
+ summary: "Wait for a container"
+ description: "Block until a container stops, then returns the exit code."
+ operationId: "ContainerWait"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "The container has exit."
+ schema:
+ $ref: "#/definitions/ContainerWaitResponse"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "condition"
+ in: "query"
+ description: |
+ Wait until a container state reaches the given condition.
+
+ Defaults to `not-running` if omitted or empty.
+ type: "string"
+ enum:
+ - "not-running"
+ - "next-exit"
+ - "removed"
+ default: "not-running"
+ tags: ["Container"]
+ /containers/{id}:
+ delete:
+ summary: "Remove a container"
+ operationId: "ContainerDelete"
+ responses:
+ 204:
+ description: "no error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 409:
+ description: "conflict"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: |
+ You cannot remove a running container: c2ada9df5af8. Stop the
+ container before attempting removal or force remove
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "v"
+ in: "query"
+ description: "Remove anonymous volumes associated with the container."
+ type: "boolean"
+ default: false
+ - name: "force"
+ in: "query"
+ description: "If the container is running, kill it before removing it."
+ type: "boolean"
+ default: false
+ - name: "link"
+ in: "query"
+ description: "Remove the specified link associated with the container."
+ type: "boolean"
+ default: false
+ tags: ["Container"]
+ /containers/{id}/archive:
+ head:
+ summary: "Get information about files in a container"
+ description: |
+ A response header `X-Docker-Container-Path-Stat` is returned, containing
+ a base64 - encoded JSON object with some filesystem header information
+ about the path.
+ operationId: "ContainerArchiveInfo"
+ responses:
+ 200:
+ description: "no error"
+ headers:
+ X-Docker-Container-Path-Stat:
+ type: "string"
+ description: |
+ A base64 - encoded JSON object with some filesystem header
+ information about the path
+ 400:
+ description: "Bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "Container or path does not exist"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "path"
+ in: "query"
+ required: true
+ description: "Resource in the container’s filesystem to archive."
+ type: "string"
+ tags: ["Container"]
+ get:
+ summary: "Get an archive of a filesystem resource in a container"
+ description: "Get a tar archive of a resource in the filesystem of container id."
+ operationId: "ContainerArchive"
+ produces: ["application/x-tar"]
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "Bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "Container or path does not exist"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "path"
+ in: "query"
+ required: true
+ description: "Resource in the container’s filesystem to archive."
+ type: "string"
+ tags: ["Container"]
+ put:
+ summary: "Extract an archive of files or folders to a directory in a container"
+ description: |
+ Upload a tar archive to be extracted to a path in the filesystem of container id.
+ `path` parameter is asserted to be a directory. If it exists as a file, 400 error
+ will be returned with message "not a directory".
+ operationId: "PutContainerArchive"
+ consumes: ["application/x-tar", "application/octet-stream"]
+ responses:
+ 200:
+ description: "The content was extracted successfully"
+ 400:
+ description: "Bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "not a directory"
+ 403:
+ description: "Permission denied, the volume or container rootfs is marked as read-only."
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "No such container or path does not exist inside the container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "path"
+ in: "query"
+ required: true
+ description: "Path to a directory in the container to extract the archive’s contents into. "
+ type: "string"
+ - name: "noOverwriteDirNonDir"
+ in: "query"
+ description: |
+ If `1`, `true`, or `True` then it will be an error if unpacking the
+ given content would cause an existing directory to be replaced with
+ a non-directory and vice versa.
+ type: "string"
+ - name: "copyUIDGID"
+ in: "query"
+ description: |
+ If `1`, `true`, then it will copy UID/GID maps to the dest file or
+ dir
+ type: "string"
+ - name: "inputStream"
+ in: "body"
+ required: true
+ description: |
+ The input stream must be a tar archive compressed with one of the
+ following algorithms: `identity` (no compression), `gzip`, `bzip2`,
+ or `xz`.
+ schema:
+ type: "string"
+ format: "binary"
+ tags: ["Container"]
+ /containers/prune:
+ post:
+ summary: "Delete stopped containers"
+ produces:
+ - "application/json"
+ operationId: "ContainerPrune"
+ parameters:
+ - name: "filters"
+ in: "query"
+ description: |
+ Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+ Available filters:
+ - `until=` Prune containers created before this timestamp. The `` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+ - `label` (`label=`, `label==`, `label!=`, or `label!==`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
+ type: "string"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "object"
+ title: "ContainerPruneResponse"
+ properties:
+ ContainersDeleted:
+ description: "Container IDs that were deleted"
+ type: "array"
+ items:
+ type: "string"
+ SpaceReclaimed:
+ description: "Disk space reclaimed in bytes"
+ type: "integer"
+ format: "int64"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Container"]
+ /images/json:
+ get:
+ summary: "List Images"
+ description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+ operationId: "ImageList"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "Summary image data for the images matching the query"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/ImageSummary"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "all"
+ in: "query"
+ description: "Show all images. Only images from a final layer (no children) are shown by default."
+ type: "boolean"
+ default: false
+ - name: "filters"
+ in: "query"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to
+ process on the images list.
+
+ Available filters:
+
+ - `before`=(`[:]`, `` or ``)
+ - `dangling=true`
+ - `label=key` or `label="key=value"` of an image label
+ - `reference`=(`[:]`)
+ - `since`=(`[:]`, `` or ``)
+ - `until=`
+ type: "string"
+ - name: "shared-size"
+ in: "query"
+ description: "Compute and show shared size as a `SharedSize` field on each image."
+ type: "boolean"
+ default: false
+ - name: "digests"
+ in: "query"
+ description: "Show digest information as a `RepoDigests` field on each image."
+ type: "boolean"
+ default: false
+ - name: "manifests"
+ in: "query"
+ description: "Include `Manifests` in the image summary."
+ type: "boolean"
+ default: false
+ tags: ["Image"]
+ /build:
+ post:
+ summary: "Build an image"
+ description: |
+ Build an image from a tar archive with a `Dockerfile` in it.
+
+ The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+ The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+ The build is canceled if the client drops the connection by quitting or being killed.
+ operationId: "ImageBuild"
+ consumes:
+ - "application/octet-stream"
+ produces:
+ - "application/json"
+ parameters:
+ - name: "inputStream"
+ in: "body"
+ description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+ schema:
+ type: "string"
+ format: "binary"
+ - name: "dockerfile"
+ in: "query"
+ description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+ type: "string"
+ default: "Dockerfile"
+ - name: "t"
+ in: "query"
+ description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+ type: "string"
+ - name: "extrahosts"
+ in: "query"
+ description: "Extra hosts to add to /etc/hosts"
+ type: "string"
+ - name: "remote"
+ in: "query"
+ description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+ type: "string"
+ - name: "q"
+ in: "query"
+ description: "Suppress verbose build output."
+ type: "boolean"
+ default: false
+ - name: "nocache"
+ in: "query"
+ description: "Do not use the cache when building the image."
+ type: "boolean"
+ default: false
+ - name: "cachefrom"
+ in: "query"
+ description: "JSON array of images used for build cache resolution."
+ type: "string"
+ - name: "pull"
+ in: "query"
+ description: "Attempt to pull the image even if an older image exists locally."
+ type: "string"
+ - name: "rm"
+ in: "query"
+ description: "Remove intermediate containers after a successful build."
+ type: "boolean"
+ default: true
+ - name: "forcerm"
+ in: "query"
+ description: "Always remove intermediate containers, even upon failure."
+ type: "boolean"
+ default: false
+ - name: "memory"
+ in: "query"
+ description: "Set memory limit for build."
+ type: "integer"
+ - name: "memswap"
+ in: "query"
+ description: "Total memory (memory + swap). Set as `-1` to disable swap."
+ type: "integer"
+ - name: "cpushares"
+ in: "query"
+ description: "CPU shares (relative weight)."
+ type: "integer"
+ - name: "cpusetcpus"
+ in: "query"
+ description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+ type: "string"
+ - name: "cpuperiod"
+ in: "query"
+ description: "The length of a CPU period in microseconds."
+ type: "integer"
+ - name: "cpuquota"
+ in: "query"
+ description: "Microseconds of CPU time that the container can get in a CPU period."
+ type: "integer"
+ - name: "buildargs"
+ in: "query"
+ description: >
+ JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker
+ uses the buildargs as the environment context for commands run via the `Dockerfile` RUN
+ instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for
+ passing secret values.
+
+
+ For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
+ query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
+
+
+ [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)
+ type: "string"
+ - name: "shmsize"
+ in: "query"
+ description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+ type: "integer"
+ - name: "squash"
+ in: "query"
+ description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+ type: "boolean"
+ - name: "labels"
+ in: "query"
+ description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+ type: "string"
+ - name: "networkmode"
+ in: "query"
+ description: |
+ Sets the networking mode for the run commands during build. Supported
+ standard values are: `bridge`, `host`, `none`, and `container:`.
+ Any other value is taken as a custom network's name or ID to which this
+ container should connect to.
+ type: "string"
+ - name: "Content-type"
+ in: "header"
+ type: "string"
+ enum:
+ - "application/x-tar"
+ default: "application/x-tar"
+ - name: "X-Registry-Config"
+ in: "header"
+ description: |
+ This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+ The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+ ```
+ {
+ "docker.example.com": {
+ "username": "janedoe",
+ "password": "hunter2"
+ },
+ "https://index.docker.io/v1/": {
+ "username": "mobydock",
+ "password": "conta1n3rize14"
+ }
+ }
+ ```
+
+ Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+ type: "string"
+ - name: "platform"
+ in: "query"
+ description: "Platform in the format os[/arch[/variant]]"
+ type: "string"
+ default: ""
+ - name: "target"
+ in: "query"
+ description: "Target build stage"
+ type: "string"
+ default: ""
+ - name: "outputs"
+ in: "query"
+ description: "BuildKit output configuration"
+ type: "string"
+ default: ""
+ - name: "version"
+ in: "query"
+ type: "string"
+ default: "1"
+ enum: ["1", "2"]
+ description: |
+ Version of the builder backend to use.
+
+ - `1` is the first generation classic (deprecated) builder in the Docker daemon (default)
+ - `2` is [BuildKit](https://github.com/moby/buildkit)
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "Bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Image"]
+ /build/prune:
+ post:
+ summary: "Delete builder cache"
+ produces:
+ - "application/json"
+ operationId: "BuildPrune"
+ parameters:
+ - name: "keep-storage"
+ in: "query"
+ description: "Amount of disk space in bytes to keep for cache"
+ type: "integer"
+ format: "int64"
+ - name: "all"
+ in: "query"
+ type: "boolean"
+ description: "Remove all types of build cache"
+ - name: "filters"
+ in: "query"
+ type: "string"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to
+ process on the list of build cache objects.
+
+ Available filters:
+
+ - `until=` remove cache older than ``. The `` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon's local time.
+ - `id=`
+ - `parent=`
+ - `type=`
+ - `description=`
+ - `inuse`
+ - `shared`
+ - `private`
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "object"
+ title: "BuildPruneResponse"
+ properties:
+ CachesDeleted:
+ type: "array"
+ items:
+ description: "ID of build cache object"
+ type: "string"
+ SpaceReclaimed:
+ description: "Disk space reclaimed in bytes"
+ type: "integer"
+ format: "int64"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Image"]
+ /images/create:
+ post:
+ summary: "Create an image"
+ description: "Pull or import an image."
+ operationId: "ImageCreate"
+ consumes:
+ - "text/plain"
+ - "application/octet-stream"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "repository does not exist or no read access"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "fromImage"
+ in: "query"
+ description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
+ type: "string"
+ - name: "fromSrc"
+ in: "query"
+ description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+ type: "string"
+ - name: "repo"
+ in: "query"
+ description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+ type: "string"
+ - name: "tag"
+ in: "query"
+ description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+ type: "string"
+ - name: "message"
+ in: "query"
+ description: "Set commit message for imported image."
+ type: "string"
+ - name: "inputImage"
+ in: "body"
+ description: "Image content if the value `-` has been specified in fromSrc query parameter"
+ schema:
+ type: "string"
+ required: false
+ - name: "X-Registry-Auth"
+ in: "header"
+ description: |
+ A base64url-encoded auth configuration.
+
+ Refer to the [authentication section](#section/Authentication) for
+ details.
+ type: "string"
+ - name: "changes"
+ in: "query"
+ description: |
+ Apply `Dockerfile` instructions to the image that is created,
+ for example: `changes=ENV DEBUG=true`.
+ Note that `ENV DEBUG=true` should be URI component encoded.
+
+ Supported `Dockerfile` instructions:
+ `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
+ type: "array"
+ items:
+ type: "string"
+ - name: "platform"
+ in: "query"
+ description: |
+ Platform in the format os[/arch[/variant]].
+
+ When used in combination with the `fromImage` option, the daemon checks
+ if the given image is present in the local image cache with the given
+ OS and Architecture, and otherwise attempts to pull the image. If the
+ option is not set, the host's native OS and Architecture are used.
+ If the given image does not exist in the local image cache, the daemon
+ attempts to pull the image with the host's native OS and Architecture.
+ If the given image does exists in the local image cache, but its OS or
+ architecture does not match, a warning is produced.
+
+ When used with the `fromSrc` option to import an image from an archive,
+ this option sets the platform information for the imported image. If
+ the option is not set, the host's native OS and Architecture are used
+ for the imported image.
+ type: "string"
+ default: ""
+ tags: ["Image"]
+ /images/{name}/json:
+ get:
+ summary: "Inspect an image"
+ description: "Return low-level information about an image."
+ operationId: "ImageInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ $ref: "#/definitions/ImageInspect"
+ 404:
+ description: "No such image"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such image: someimage (tag: latest)"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: "Image name or id"
+ type: "string"
+ required: true
+ tags: ["Image"]
+ /images/{name}/history:
+ get:
+ summary: "Get the history of an image"
+ description: "Return parent layers of an image."
+ operationId: "ImageHistory"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "List of image layers"
+ schema:
+ type: "array"
+ items:
+ type: "object"
+ x-go-name: HistoryResponseItem
+ title: "HistoryResponseItem"
+ description: "individual image layer information in response to ImageHistory operation"
+ required: [Id, Created, CreatedBy, Tags, Size, Comment]
+ properties:
+ Id:
+ type: "string"
+ x-nullable: false
+ Created:
+ type: "integer"
+ format: "int64"
+ x-nullable: false
+ CreatedBy:
+ type: "string"
+ x-nullable: false
+ Tags:
+ type: "array"
+ items:
+ type: "string"
+ Size:
+ type: "integer"
+ format: "int64"
+ x-nullable: false
+ Comment:
+ type: "string"
+ x-nullable: false
+ examples:
+ application/json:
+ - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+ Created: 1398108230
+ CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+ Tags:
+ - "ubuntu:lucid"
+ - "ubuntu:10.04"
+ Size: 182964289
+ Comment: ""
+ - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+ Created: 1398108222
+ CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+ Tags: []
+ Size: 0
+ Comment: ""
+ - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+ Created: 1371157430
+ CreatedBy: ""
+ Tags:
+ - "scratch12:latest"
+ - "scratch:latest"
+ Size: 0
+ Comment: "Imported from -"
+ 404:
+ description: "No such image"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: "Image name or ID"
+ type: "string"
+ required: true
+ tags: ["Image"]
+ /images/{name}/push:
+ post:
+ summary: "Push an image"
+ description: |
+ Push an image to a registry.
+
+ If you wish to push an image on to a private registry, that image must
+ already have a tag which references the registry. For example,
+ `registry.example.com/myimage:latest`.
+
+ The push is cancelled if the HTTP connection is closed.
+ operationId: "ImagePush"
+ consumes:
+ - "application/octet-stream"
+ responses:
+ 200:
+ description: "No error"
+ 404:
+ description: "No such image"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ Name of the image to push. For example, `registry.example.com/myimage`.
+ The image must be present in the local image store with the same name.
+
+ The name should be provided without tag; if a tag is provided, it
+ is ignored. For example, `registry.example.com/myimage:latest` is
+ considered equivalent to `registry.example.com/myimage`.
+
+ Use the `tag` parameter to specify the tag to push.
+ type: "string"
+ required: true
+ - name: "tag"
+ in: "query"
+ description: |
+ Tag of the image to push. For example, `latest`. If no tag is provided,
+ all tags of the given image that are present in the local image store
+ are pushed.
+ type: "string"
+ - name: "X-Registry-Auth"
+ in: "header"
+ description: |
+ A base64url-encoded auth configuration.
+
+ Refer to the [authentication section](#section/Authentication) for
+ details.
+ type: "string"
+ required: true
+ - name: "platform"
+ in: "query"
+ description: "Select a platform-specific manifest to be pushed. OCI platform (JSON encoded)"
+ type: "string"
+ x-nullable: true
+ tags: ["Image"]
+ /images/{name}/tag:
+ post:
+ summary: "Tag an image"
+ description: "Tag an image so that it becomes part of a repository."
+ operationId: "ImageTag"
+ responses:
+ 201:
+ description: "No error"
+ 400:
+ description: "Bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "No such image"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 409:
+ description: "Conflict"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: "Image name or ID to tag."
+ type: "string"
+ required: true
+ - name: "repo"
+ in: "query"
+ description: "The repository to tag in. For example, `someuser/someimage`."
+ type: "string"
+ - name: "tag"
+ in: "query"
+ description: "The name of the new tag."
+ type: "string"
+ tags: ["Image"]
+ /images/{name}:
+ delete:
+ summary: "Remove an image"
+ description: |
+ Remove an image, along with any untagged parent images that were
+ referenced by that image.
+
+ Images can't be removed if they have descendant images, are being
+ used by a running container or are being used by a build.
+ operationId: "ImageDelete"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "The image was deleted successfully"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/ImageDeleteResponseItem"
+ examples:
+ application/json:
+ - Untagged: "3e2f21a89f"
+ - Deleted: "3e2f21a89f"
+ - Deleted: "53b4f83ac9"
+ 404:
+ description: "No such image"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 409:
+ description: "Conflict"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: "Image name or ID"
+ type: "string"
+ required: true
+ - name: "force"
+ in: "query"
+ description: "Remove the image even if it is being used by stopped containers or has other tags"
+ type: "boolean"
+ default: false
+ - name: "noprune"
+ in: "query"
+ description: "Do not delete untagged parent images"
+ type: "boolean"
+ default: false
+ tags: ["Image"]
+ /images/search:
+ get:
+ summary: "Search images"
+ description: "Search for an image on Docker Hub."
+ operationId: "ImageSearch"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "array"
+ items:
+ type: "object"
+ title: "ImageSearchResponseItem"
+ properties:
+ description:
+ type: "string"
+ is_official:
+ type: "boolean"
+ is_automated:
+ description: |
+ Whether this repository has automated builds enabled.
+
+
+
+ > **Deprecated**: This field is deprecated and will always be "false".
+ type: "boolean"
+ example: false
+ name:
+ type: "string"
+ star_count:
+ type: "integer"
+ examples:
+ application/json:
+ - description: "A minimal Docker image based on Alpine Linux with a complete package index and only 5 MB in size!"
+ is_official: true
+ is_automated: false
+ name: "alpine"
+ star_count: 10093
+ - description: "Busybox base image."
+ is_official: true
+ is_automated: false
+ name: "Busybox base image."
+ star_count: 3037
+ - description: "The PostgreSQL object-relational database system provides reliability and data integrity."
+ is_official: true
+ is_automated: false
+ name: "postgres"
+ star_count: 12408
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "term"
+ in: "query"
+ description: "Term to search"
+ type: "string"
+ required: true
+ - name: "limit"
+ in: "query"
+ description: "Maximum number of results to return"
+ type: "integer"
+ - name: "filters"
+ in: "query"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+ - `is-official=(true|false)`
+ - `stars=` Matches images that has at least 'number' stars.
+ type: "string"
+ tags: ["Image"]
+ /images/prune:
+ post:
+ summary: "Delete unused images"
+ produces:
+ - "application/json"
+ operationId: "ImagePrune"
+ parameters:
+ - name: "filters"
+ in: "query"
+ description: |
+ Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+ - `dangling=` When set to `true` (or `1`), prune only
+ unused *and* untagged images. When set to `false`
+ (or `0`), all unused images are pruned.
+ - `until=` Prune images created before this timestamp. The `` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+ - `label` (`label=`, `label==`, `label!=`, or `label!==`) Prune images with (or without, in case `label!=...` is used) the specified labels.
+ type: "string"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "object"
+ title: "ImagePruneResponse"
+ properties:
+ ImagesDeleted:
+ description: "Images that were deleted"
+ type: "array"
+ items:
+ $ref: "#/definitions/ImageDeleteResponseItem"
+ SpaceReclaimed:
+ description: "Disk space reclaimed in bytes"
+ type: "integer"
+ format: "int64"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Image"]
+ /auth:
+ post:
+ summary: "Check auth configuration"
+ description: |
+ Validate credentials for a registry and, if available, get an identity
+ token for accessing the registry without password.
+ operationId: "SystemAuth"
+ consumes: ["application/json"]
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "An identity token was generated successfully."
+ schema:
+ type: "object"
+ title: "SystemAuthResponse"
+ required: [Status]
+ properties:
+ Status:
+ description: "The status of the authentication"
+ type: "string"
+ x-nullable: false
+ IdentityToken:
+ description: "An opaque token used to authenticate a user after a successful login"
+ type: "string"
+ x-nullable: false
+ examples:
+ application/json:
+ Status: "Login Succeeded"
+ IdentityToken: "9cbaf023786cd7..."
+ 204:
+ description: "No error"
+ 401:
+ description: "Auth error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "authConfig"
+ in: "body"
+ description: "Authentication to check"
+ schema:
+ $ref: "#/definitions/AuthConfig"
+ tags: ["System"]
+ /info:
+ get:
+ summary: "Get system information"
+ operationId: "SystemInfo"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ $ref: "#/definitions/SystemInfo"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["System"]
+ /version:
+ get:
+ summary: "Get version"
+ description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+ operationId: "SystemVersion"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/SystemVersion"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["System"]
+ /_ping:
+ get:
+ summary: "Ping"
+ description: "This is a dummy endpoint you can use to test if the server is accessible."
+ operationId: "SystemPing"
+ produces: ["text/plain"]
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "string"
+ example: "OK"
+ headers:
+ API-Version:
+ type: "string"
+ description: "Max API Version the server supports"
+ Builder-Version:
+ type: "string"
+ description: |
+ Default version of docker image builder
+
+ The default on Linux is version "2" (BuildKit), but the daemon
+ can be configured to recommend version "1" (classic Builder).
+ Windows does not yet support BuildKit for native Windows images,
+ and uses "1" (classic builder) as a default.
+
+ This value is a recommendation as advertised by the daemon, and
+ it is up to the client to choose which builder to use.
+ default: "2"
+ Docker-Experimental:
+ type: "boolean"
+ description: "If the server is running with experimental mode enabled"
+ Swarm:
+ type: "string"
+ enum: ["inactive", "pending", "error", "locked", "active/worker", "active/manager"]
+ description: |
+ Contains information about Swarm status of the daemon,
+ and if the daemon is acting as a manager or worker node.
+ default: "inactive"
+ Cache-Control:
+ type: "string"
+ default: "no-cache, no-store, must-revalidate"
+ Pragma:
+ type: "string"
+ default: "no-cache"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ headers:
+ Cache-Control:
+ type: "string"
+ default: "no-cache, no-store, must-revalidate"
+ Pragma:
+ type: "string"
+ default: "no-cache"
+ tags: ["System"]
+ head:
+ summary: "Ping"
+ description: "This is a dummy endpoint you can use to test if the server is accessible."
+ operationId: "SystemPingHead"
+ produces: ["text/plain"]
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "string"
+ example: "(empty)"
+ headers:
+ API-Version:
+ type: "string"
+ description: "Max API Version the server supports"
+ Builder-Version:
+ type: "string"
+ description: "Default version of docker image builder"
+ Docker-Experimental:
+ type: "boolean"
+ description: "If the server is running with experimental mode enabled"
+ Swarm:
+ type: "string"
+ enum: ["inactive", "pending", "error", "locked", "active/worker", "active/manager"]
+ description: |
+ Contains information about Swarm status of the daemon,
+ and if the daemon is acting as a manager or worker node.
+ default: "inactive"
+ Cache-Control:
+ type: "string"
+ default: "no-cache, no-store, must-revalidate"
+ Pragma:
+ type: "string"
+ default: "no-cache"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["System"]
+ /commit:
+ post:
+ summary: "Create a new image from a container"
+ operationId: "ImageCommit"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/json"
+ responses:
+ 201:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/IdResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "containerConfig"
+ in: "body"
+ description: "The container configuration"
+ schema:
+ $ref: "#/definitions/ContainerConfig"
+ - name: "container"
+ in: "query"
+ description: "The ID or name of the container to commit"
+ type: "string"
+ - name: "repo"
+ in: "query"
+ description: "Repository name for the created image"
+ type: "string"
+ - name: "tag"
+ in: "query"
+ description: "Tag name for the create image"
+ type: "string"
+ - name: "comment"
+ in: "query"
+ description: "Commit message"
+ type: "string"
+ - name: "author"
+ in: "query"
+ description: "Author of the image (e.g., `John Hannibal Smith `)"
+ type: "string"
+ - name: "pause"
+ in: "query"
+ description: "Whether to pause the container before committing"
+ type: "boolean"
+ default: true
+ - name: "changes"
+ in: "query"
+ description: "`Dockerfile` instructions to apply while committing"
+ type: "string"
+ tags: ["Image"]
+ /events:
+ get:
+ summary: "Monitor events"
+ description: |
+ Stream real-time events from the server.
+
+ Various objects within Docker report events when something happens to them.
+
+ Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, `update`, and `prune`
+
+ Images report these events: `create`, `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, `untag`, and `prune`
+
+ Volumes report these events: `create`, `mount`, `unmount`, `destroy`, and `prune`
+
+ Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, `remove`, and `prune`
+
+ The Docker daemon reports these events: `reload`
+
+ Services report these events: `create`, `update`, and `remove`
+
+ Nodes report these events: `create`, `update`, and `remove`
+
+ Secrets report these events: `create`, `update`, and `remove`
+
+ Configs report these events: `create`, `update`, and `remove`
+
+ The Builder reports `prune` events
+
+ operationId: "SystemEvents"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/EventMessage"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "since"
+ in: "query"
+ description: "Show events created since this timestamp then stream new events."
+ type: "string"
+ - name: "until"
+ in: "query"
+ description: "Show events created until this timestamp then stop streaming."
+ type: "string"
+ - name: "filters"
+ in: "query"
+ description: |
+ A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+ - `config=` config name or ID
+ - `container=` container name or ID
+ - `daemon=` daemon name or ID
+ - `event=` event type
+ - `image=` image name or ID
+ - `label=` image or container label
+ - `network=` network name or ID
+ - `node=` node ID
+ - `plugin`= plugin name or ID
+ - `scope`= local or swarm
+ - `secret=` secret name or ID
+ - `service=` service name or ID
+ - `type=` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service`, `secret` or `config`
+ - `volume=` volume name
+ type: "string"
+ tags: ["System"]
+ /system/df:
+ get:
+ summary: "Get data usage information"
+ operationId: "SystemDataUsage"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "object"
+ title: "SystemDataUsageResponse"
+ properties:
+ LayersSize:
+ type: "integer"
+ format: "int64"
+ Images:
+ type: "array"
+ items:
+ $ref: "#/definitions/ImageSummary"
+ Containers:
+ type: "array"
+ items:
+ $ref: "#/definitions/ContainerSummary"
+ Volumes:
+ type: "array"
+ items:
+ $ref: "#/definitions/Volume"
+ BuildCache:
+ type: "array"
+ items:
+ $ref: "#/definitions/BuildCache"
+ example:
+ LayersSize: 1092588
+ Images:
+ -
+ Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+ ParentId: ""
+ RepoTags:
+ - "busybox:latest"
+ RepoDigests:
+ - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+ Created: 1466724217
+ Size: 1092588
+ SharedSize: 0
+ Labels: {}
+ Containers: 1
+ Containers:
+ -
+ Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+ Names:
+ - "/top"
+ Image: "busybox"
+ ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+ Command: "top"
+ Created: 1472592424
+ Ports: []
+ SizeRootFs: 1092588
+ Labels: {}
+ State: "exited"
+ Status: "Exited (0) 56 minutes ago"
+ HostConfig:
+ NetworkMode: "default"
+ NetworkSettings:
+ Networks:
+ bridge:
+ IPAMConfig: null
+ Links: null
+ Aliases: null
+ NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+ EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+ Gateway: "172.18.0.1"
+ IPAddress: "172.18.0.2"
+ IPPrefixLen: 16
+ IPv6Gateway: ""
+ GlobalIPv6Address: ""
+ GlobalIPv6PrefixLen: 0
+ MacAddress: "02:42:ac:12:00:02"
+ Mounts: []
+ Volumes:
+ -
+ Name: "my-volume"
+ Driver: "local"
+ Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
+ Labels: null
+ Scope: "local"
+ Options: null
+ UsageData:
+ Size: 10920104
+ RefCount: 2
+ BuildCache:
+ -
+ ID: "hw53o5aio51xtltp5xjp8v7fx"
+ Parents: []
+ Type: "regular"
+ Description: "pulled from docker.io/library/debian@sha256:234cb88d3020898631af0ccbbcca9a66ae7306ecd30c9720690858c1b007d2a0"
+ InUse: false
+ Shared: true
+ Size: 0
+ CreatedAt: "2021-06-28T13:31:01.474619385Z"
+ LastUsedAt: "2021-07-07T22:02:32.738075951Z"
+ UsageCount: 26
+ -
+ ID: "ndlpt0hhvkqcdfkputsk4cq9c"
+ Parents: ["ndlpt0hhvkqcdfkputsk4cq9c"]
+ Type: "regular"
+ Description: "mount / from exec /bin/sh -c echo 'Binary::apt::APT::Keep-Downloaded-Packages \"true\";' > /etc/apt/apt.conf.d/keep-cache"
+ InUse: false
+ Shared: true
+ Size: 51
+ CreatedAt: "2021-06-28T13:31:03.002625487Z"
+ LastUsedAt: "2021-07-07T22:02:32.773909517Z"
+ UsageCount: 26
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "type"
+ in: "query"
+ description: |
+ Object types, for which to compute and return data.
+ type: "array"
+ collectionFormat: multi
+ items:
+ type: "string"
+ enum: ["container", "image", "volume", "build-cache"]
+ tags: ["System"]
+ /images/{name}/get:
+ get:
+ summary: "Export an image"
+ description: |
+ Get a tarball containing all images and metadata for a repository.
+
+ If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+ ### Image tarball format
+
+ An image tarball contains one directory per image layer (named using its long ID), each containing these files:
+
+ - `VERSION`: currently `1.0` - the file format version
+ - `json`: detailed layer information, similar to `docker inspect layer_id`
+ - `layer.tar`: A tarfile containing the filesystem changes in this layer
+
+ The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
+
+ If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+ ```json
+ {
+ "hello-world": {
+ "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+ }
+ }
+ ```
+ operationId: "ImageGet"
+ produces:
+ - "application/x-tar"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "string"
+ format: "binary"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: "Image name or ID"
+ type: "string"
+ required: true
+ tags: ["Image"]
+ /images/get:
+ get:
+ summary: "Export several images"
+ description: |
+ Get a tarball containing all images and metadata for several image
+ repositories.
+
+ For each value of the `names` parameter: if it is a specific name and
+ tag (e.g. `ubuntu:latest`), then only that image (and its parents) are
+ returned; if it is an image ID, similarly only that image (and its parents)
+ are returned and there would be no names referenced in the 'repositories'
+ file for this image ID.
+
+ For details on the format, see the [export image endpoint](#operation/ImageGet).
+ operationId: "ImageGetAll"
+ produces:
+ - "application/x-tar"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "string"
+ format: "binary"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "names"
+ in: "query"
+ description: "Image names to filter by"
+ type: "array"
+ items:
+ type: "string"
+ tags: ["Image"]
+ /images/load:
+ post:
+ summary: "Import images"
+ description: |
+ Load a set of images and tags into a repository.
+
+ For details on the format, see the [export image endpoint](#operation/ImageGet).
+ operationId: "ImageLoad"
+ consumes:
+ - "application/x-tar"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "imagesTarball"
+ in: "body"
+ description: "Tar archive containing images"
+ schema:
+ type: "string"
+ format: "binary"
+ - name: "quiet"
+ in: "query"
+ description: "Suppress progress details during load."
+ type: "boolean"
+ default: false
+ tags: ["Image"]
+ /containers/{id}/exec:
+ post:
+ summary: "Create an exec instance"
+ description: "Run a command inside a running container."
+ operationId: "ContainerExec"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/json"
+ responses:
+ 201:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/IdResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 409:
+ description: "container is paused"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "execConfig"
+ in: "body"
+ description: "Exec configuration"
+ schema:
+ type: "object"
+ title: "ExecConfig"
+ properties:
+ AttachStdin:
+ type: "boolean"
+ description: "Attach to `stdin` of the exec command."
+ AttachStdout:
+ type: "boolean"
+ description: "Attach to `stdout` of the exec command."
+ AttachStderr:
+ type: "boolean"
+ description: "Attach to `stderr` of the exec command."
+ ConsoleSize:
+ type: "array"
+ description: "Initial console size, as an `[height, width]` array."
+ x-nullable: true
+ minItems: 2
+ maxItems: 2
+ items:
+ type: "integer"
+ minimum: 0
+ DetachKeys:
+ type: "string"
+ description: |
+ Override the key sequence for detaching a container. Format is
+ a single character `[a-Z]` or `ctrl-` where ``
+ is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+ Tty:
+ type: "boolean"
+ description: "Allocate a pseudo-TTY."
+ Env:
+ description: |
+ A list of environment variables in the form `["VAR=value", ...]`.
+ type: "array"
+ items:
+ type: "string"
+ Cmd:
+ type: "array"
+ description: "Command to run, as a string or array of strings."
+ items:
+ type: "string"
+ Privileged:
+ type: "boolean"
+ description: "Runs the exec process with extended privileges."
+ default: false
+ User:
+ type: "string"
+ description: |
+ The user, and optionally, group to run the exec process inside
+ the container. Format is one of: `user`, `user:group`, `uid`,
+ or `uid:gid`.
+ WorkingDir:
+ type: "string"
+ description: |
+ The working directory for the exec process inside the container.
+ example:
+ AttachStdin: false
+ AttachStdout: true
+ AttachStderr: true
+ DetachKeys: "ctrl-p,ctrl-q"
+ Tty: false
+ Cmd:
+ - "date"
+ Env:
+ - "FOO=bar"
+ - "BAZ=quux"
+ required: true
+ - name: "id"
+ in: "path"
+ description: "ID or name of container"
+ type: "string"
+ required: true
+ tags: ["Exec"]
+ /exec/{id}/start:
+ post:
+ summary: "Start an exec instance"
+ description: |
+ Starts a previously set up exec instance. If detach is true, this endpoint
+ returns immediately after starting the command. Otherwise, it sets up an
+ interactive session with the command.
+ operationId: "ExecStart"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/vnd.docker.raw-stream"
+ - "application/vnd.docker.multiplexed-stream"
+ responses:
+ 200:
+ description: "No error"
+ 404:
+ description: "No such exec instance"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 409:
+ description: "Container is stopped or paused"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "execStartConfig"
+ in: "body"
+ schema:
+ type: "object"
+ title: "ExecStartConfig"
+ properties:
+ Detach:
+ type: "boolean"
+ description: "Detach from the command."
+ Tty:
+ type: "boolean"
+ description: "Allocate a pseudo-TTY."
+ ConsoleSize:
+ type: "array"
+ description: "Initial console size, as an `[height, width]` array."
+ x-nullable: true
+ minItems: 2
+ maxItems: 2
+ items:
+ type: "integer"
+ minimum: 0
+ example:
+ Detach: false
+ Tty: true
+ ConsoleSize: [80, 64]
+ - name: "id"
+ in: "path"
+ description: "Exec instance ID"
+ required: true
+ type: "string"
+ tags: ["Exec"]
+ /exec/{id}/resize:
+ post:
+ summary: "Resize an exec instance"
+ description: |
+ Resize the TTY session used by an exec instance. This endpoint only works
+ if `tty` was specified as part of creating and starting the exec instance.
+ operationId: "ExecResize"
+ responses:
+ 200:
+ description: "No error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "No such exec instance"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "Exec instance ID"
+ required: true
+ type: "string"
+ - name: "h"
+ in: "query"
+ description: "Height of the TTY session in characters"
+ type: "integer"
+ - name: "w"
+ in: "query"
+ description: "Width of the TTY session in characters"
+ type: "integer"
+ tags: ["Exec"]
+ /exec/{id}/json:
+ get:
+ summary: "Inspect an exec instance"
+ description: "Return low-level information about an exec instance."
+ operationId: "ExecInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "object"
+ title: "ExecInspectResponse"
+ properties:
+ CanRemove:
+ type: "boolean"
+ DetachKeys:
+ type: "string"
+ ID:
+ type: "string"
+ Running:
+ type: "boolean"
+ ExitCode:
+ type: "integer"
+ ProcessConfig:
+ $ref: "#/definitions/ProcessConfig"
+ OpenStdin:
+ type: "boolean"
+ OpenStderr:
+ type: "boolean"
+ OpenStdout:
+ type: "boolean"
+ ContainerID:
+ type: "string"
+ Pid:
+ type: "integer"
+ description: "The system process ID for the exec process."
+ examples:
+ application/json:
+ CanRemove: false
+ ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+ DetachKeys: ""
+ ExitCode: 2
+ ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+ OpenStderr: true
+ OpenStdin: true
+ OpenStdout: true
+ ProcessConfig:
+ arguments:
+ - "-c"
+ - "exit 2"
+ entrypoint: "sh"
+ privileged: false
+ tty: true
+ user: "1000"
+ Running: false
+ Pid: 42000
+ 404:
+ description: "No such exec instance"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "Exec instance ID"
+ required: true
+ type: "string"
+ tags: ["Exec"]
+
+ /volumes:
+ get:
+ summary: "List volumes"
+ operationId: "VolumeList"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "Summary volume data that matches the query"
+ schema:
+ $ref: "#/definitions/VolumeListResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ description: |
+ JSON encoded value of the filters (a `map[string][]string`) to
+ process on the volumes list. Available filters:
+
+ - `dangling=` When set to `true` (or `1`), returns all
+ volumes that are not in use by a container. When set to `false`
+ (or `0`), only volumes that are in use by one or more
+ containers are returned.
+ - `driver=` Matches volumes based on their driver.
+ - `label=` or `label=:` Matches volumes based on
+ the presence of a `label` alone or a `label` and a value.
+ - `name=` Matches all or part of a volume name.
+ type: "string"
+ format: "json"
+ tags: ["Volume"]
+
+ /volumes/create:
+ post:
+ summary: "Create a volume"
+ operationId: "VolumeCreate"
+ consumes: ["application/json"]
+ produces: ["application/json"]
+ responses:
+ 201:
+ description: "The volume was created successfully"
+ schema:
+ $ref: "#/definitions/Volume"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "volumeConfig"
+ in: "body"
+ required: true
+ description: "Volume configuration"
+ schema:
+ $ref: "#/definitions/VolumeCreateOptions"
+ tags: ["Volume"]
+
+ /volumes/{name}:
+ get:
+ summary: "Inspect a volume"
+ operationId: "VolumeInspect"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ $ref: "#/definitions/Volume"
+ 404:
+ description: "No such volume"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ required: true
+ description: "Volume name or ID"
+ type: "string"
+ tags: ["Volume"]
+
+ put:
+ summary: |
+ "Update a volume. Valid only for Swarm cluster volumes"
+ operationId: "VolumeUpdate"
+ consumes: ["application/json"]
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such volume"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: "The name or ID of the volume"
+ type: "string"
+ required: true
+ - name: "body"
+ in: "body"
+ schema:
+ # though the schema for is an object that contains only a
+ # ClusterVolumeSpec, wrapping the ClusterVolumeSpec in this object
+ # means that if, later on, we support things like changing the
+ # labels, we can do so without duplicating that information to the
+ # ClusterVolumeSpec.
+ type: "object"
+ description: "Volume configuration"
+ properties:
+ Spec:
+ $ref: "#/definitions/ClusterVolumeSpec"
+ description: |
+ The spec of the volume to update. Currently, only Availability may
+ change. All other fields must remain unchanged.
+ - name: "version"
+ in: "query"
+ description: |
+ The version number of the volume being updated. This is required to
+ avoid conflicting writes. Found in the volume's `ClusterVolume`
+ field.
+ type: "integer"
+ format: "int64"
+ required: true
+ tags: ["Volume"]
+
+ delete:
+ summary: "Remove a volume"
+ description: "Instruct the driver to remove the volume."
+ operationId: "VolumeDelete"
+ responses:
+ 204:
+ description: "The volume was removed"
+ 404:
+ description: "No such volume or volume driver"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 409:
+ description: "Volume is in use and cannot be removed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ required: true
+ description: "Volume name or ID"
+ type: "string"
+ - name: "force"
+ in: "query"
+ description: "Force the removal of the volume"
+ type: "boolean"
+ default: false
+ tags: ["Volume"]
+
+ /volumes/prune:
+ post:
+ summary: "Delete unused volumes"
+ produces:
+ - "application/json"
+ operationId: "VolumePrune"
+ parameters:
+ - name: "filters"
+ in: "query"
+ description: |
+ Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+ Available filters:
+ - `label` (`label=`, `label==`, `label!=`, or `label!==`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
+ - `all` (`all=true`) - Consider all (local) volumes for pruning and not just anonymous volumes.
+ type: "string"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "object"
+ title: "VolumePruneResponse"
+ properties:
+ VolumesDeleted:
+ description: "Volumes that were deleted"
+ type: "array"
+ items:
+ type: "string"
+ SpaceReclaimed:
+ description: "Disk space reclaimed in bytes"
+ type: "integer"
+ format: "int64"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Volume"]
+ /networks:
+ get:
+ summary: "List networks"
+ description: |
+ Returns a list of networks. For details on the format, see the
+ [network inspect endpoint](#operation/NetworkInspect).
+
+ Note that it uses a different, smaller representation of a network than
+ inspecting a single network. For example, the list of containers attached
+ to the network is not propagated in API versions 1.28 and up.
+ operationId: "NetworkList"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/Network"
+ examples:
+ application/json:
+ - Name: "bridge"
+ Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+ Created: "2016-10-19T06:21:00.416543526Z"
+ Scope: "local"
+ Driver: "bridge"
+ EnableIPv4: true
+ EnableIPv6: false
+ Internal: false
+ Attachable: false
+ Ingress: false
+ IPAM:
+ Driver: "default"
+ Config:
+ -
+ Subnet: "172.17.0.0/16"
+ Options:
+ com.docker.network.bridge.default_bridge: "true"
+ com.docker.network.bridge.enable_icc: "true"
+ com.docker.network.bridge.enable_ip_masquerade: "true"
+ com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+ com.docker.network.bridge.name: "docker0"
+ com.docker.network.driver.mtu: "1500"
+ - Name: "none"
+ Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+ Created: "0001-01-01T00:00:00Z"
+ Scope: "local"
+ Driver: "null"
+ EnableIPv4: false
+ EnableIPv6: false
+ Internal: false
+ Attachable: false
+ Ingress: false
+ IPAM:
+ Driver: "default"
+ Config: []
+ Containers: {}
+ Options: {}
+ - Name: "host"
+ Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+ Created: "0001-01-01T00:00:00Z"
+ Scope: "local"
+ Driver: "host"
+ EnableIPv4: false
+ EnableIPv6: false
+ Internal: false
+ Attachable: false
+ Ingress: false
+ IPAM:
+ Driver: "default"
+ Config: []
+ Containers: {}
+ Options: {}
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ description: |
+ JSON encoded value of the filters (a `map[string][]string`) to process
+ on the networks list.
+
+ Available filters:
+
+ - `dangling=` When set to `true` (or `1`), returns all
+ networks that are not in use by a container. When set to `false`
+ (or `0`), only networks that are in use by one or more
+ containers are returned.
+ - `driver=` Matches a network's driver.
+ - `id=` Matches all or part of a network ID.
+ - `label=` or `label==` of a network label.
+ - `name=` Matches all or part of a network name.
+ - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
+ - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+ type: "string"
+ tags: ["Network"]
+
+ /networks/{id}:
+ get:
+ summary: "Inspect a network"
+ operationId: "NetworkInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ $ref: "#/definitions/Network"
+ 404:
+ description: "Network not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "Network ID or name"
+ required: true
+ type: "string"
+ - name: "verbose"
+ in: "query"
+ description: "Detailed inspect output for troubleshooting"
+ type: "boolean"
+ default: false
+ - name: "scope"
+ in: "query"
+ description: "Filter the network by scope (swarm, global, or local)"
+ type: "string"
+ tags: ["Network"]
+
+ delete:
+ summary: "Remove a network"
+ operationId: "NetworkDelete"
+ responses:
+ 204:
+ description: "No error"
+ 403:
+ description: "operation not supported for pre-defined networks"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such network"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "Network ID or name"
+ required: true
+ type: "string"
+ tags: ["Network"]
+
+ /networks/create:
+ post:
+ summary: "Create a network"
+ operationId: "NetworkCreate"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/json"
+ responses:
+ 201:
+ description: "Network created successfully"
+ schema:
+ $ref: "#/definitions/NetworkCreateResponse"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 403:
+ description: |
+ Forbidden operation. This happens when trying to create a network named after a pre-defined network,
+ or when trying to create an overlay network on a daemon which is not part of a Swarm cluster.
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "plugin not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "networkConfig"
+ in: "body"
+ description: "Network configuration"
+ required: true
+ schema:
+ type: "object"
+ title: "NetworkCreateRequest"
+ required: ["Name"]
+ properties:
+ Name:
+ description: "The network's name."
+ type: "string"
+ example: "my_network"
+ Driver:
+ description: "Name of the network driver plugin to use."
+ type: "string"
+ default: "bridge"
+ example: "bridge"
+ Scope:
+ description: |
+ The level at which the network exists (e.g. `swarm` for cluster-wide
+ or `local` for machine level).
+ type: "string"
+ Internal:
+ description: "Restrict external access to the network."
+ type: "boolean"
+ Attachable:
+ description: |
+ Globally scoped network is manually attachable by regular
+ containers from workers in swarm mode.
+ type: "boolean"
+ example: true
+ Ingress:
+ description: |
+ Ingress network is the network which provides the routing-mesh
+ in swarm mode.
+ type: "boolean"
+ example: false
+ ConfigOnly:
+ description: |
+ Creates a config-only network. Config-only networks are placeholder
+ networks for network configurations to be used by other networks.
+ Config-only networks cannot be used directly to run containers
+ or services.
+ type: "boolean"
+ default: false
+ example: false
+ ConfigFrom:
+ description: |
+ Specifies the source which will provide the configuration for
+ this network. The specified network must be an existing
+ config-only network; see ConfigOnly.
+ $ref: "#/definitions/ConfigReference"
+ IPAM:
+ description: "Optional custom IP scheme for the network."
+ $ref: "#/definitions/IPAM"
+ EnableIPv4:
+ description: |
+ Enable IPv4 on the network.
+ To disable IPv4, the daemon must be started with experimental features enabled.
+ type: "boolean"
+ example: true
+ EnableIPv6:
+ description: "Enable IPv6 on the network."
+ type: "boolean"
+ example: true
+ Options:
+ description: "Network specific options to be used by the drivers."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ example:
+ com.docker.network.bridge.default_bridge: "true"
+ com.docker.network.bridge.enable_icc: "true"
+ com.docker.network.bridge.enable_ip_masquerade: "true"
+ com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+ com.docker.network.bridge.name: "docker0"
+ com.docker.network.driver.mtu: "1500"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ example:
+ com.example.some-label: "some-value"
+ com.example.some-other-label: "some-other-value"
+ tags: ["Network"]
+
+ /networks/{id}/connect:
+ post:
+ summary: "Connect a container to a network"
+ description: "The network must be either a local-scoped network or a swarm-scoped network with the `attachable` option set. A network cannot be re-attached to a running container"
+ operationId: "NetworkConnect"
+ consumes:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 403:
+ description: "Operation forbidden"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "Network or container not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "Network ID or name"
+ required: true
+ type: "string"
+ - name: "container"
+ in: "body"
+ required: true
+ schema:
+ type: "object"
+ title: "NetworkConnectRequest"
+ properties:
+ Container:
+ type: "string"
+ description: "The ID or name of the container to connect to the network."
+ EndpointConfig:
+ $ref: "#/definitions/EndpointSettings"
+ example:
+ Container: "3613f73ba0e4"
+ EndpointConfig:
+ IPAMConfig:
+ IPv4Address: "172.24.56.89"
+ IPv6Address: "2001:db8::5689"
+ MacAddress: "02:42:ac:12:05:02"
+ tags: ["Network"]
+
+ /networks/{id}/disconnect:
+ post:
+ summary: "Disconnect a container from a network"
+ operationId: "NetworkDisconnect"
+ consumes:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ 403:
+ description: "Operation not supported for swarm scoped networks"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "Network or container not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "Network ID or name"
+ required: true
+ type: "string"
+ - name: "container"
+ in: "body"
+ required: true
+ schema:
+ type: "object"
+ title: "NetworkDisconnectRequest"
+ properties:
+ Container:
+ type: "string"
+ description: |
+ The ID or name of the container to disconnect from the network.
+ Force:
+ type: "boolean"
+ description: |
+ Force the container to disconnect from the network.
+ tags: ["Network"]
+ /networks/prune:
+ post:
+ summary: "Delete unused networks"
+ produces:
+ - "application/json"
+ operationId: "NetworkPrune"
+ parameters:
+ - name: "filters"
+ in: "query"
+ description: |
+ Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+ Available filters:
+ - `until=` Prune networks created before this timestamp. The `` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+ - `label` (`label=`, `label==`, `label!=`, or `label!==`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
+ type: "string"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "object"
+ title: "NetworkPruneResponse"
+ properties:
+ NetworksDeleted:
+ description: "Networks that were deleted"
+ type: "array"
+ items:
+ type: "string"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Network"]
+ /plugins:
+ get:
+ summary: "List plugins"
+ operationId: "PluginList"
+ description: "Returns information about installed plugins."
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/Plugin"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ type: "string"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to
+ process on the plugin list.
+
+ Available filters:
+
+ - `capability=`
+ - `enable=|`
+ tags: ["Plugin"]
+
+ /plugins/privileges:
+ get:
+ summary: "Get plugin privileges"
+ operationId: "GetPluginPrivileges"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginPrivilege"
+ example:
+ - Name: "network"
+ Description: ""
+ Value:
+ - "host"
+ - Name: "mount"
+ Description: ""
+ Value:
+ - "/data"
+ - Name: "device"
+ Description: ""
+ Value:
+ - "/dev/cpu_dma_latency"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "remote"
+ in: "query"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ tags:
+ - "Plugin"
+
+ /plugins/pull:
+ post:
+ summary: "Install a plugin"
+ operationId: "PluginPull"
+ description: |
+ Pulls and installs a plugin. After the plugin is installed, it can be
+ enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+ produces:
+ - "application/json"
+ responses:
+ 204:
+ description: "no error"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "remote"
+ in: "query"
+ description: |
+ Remote reference for plugin to install.
+
+ The `:latest` tag is optional, and is used as the default if omitted.
+ required: true
+ type: "string"
+ - name: "name"
+ in: "query"
+ description: |
+ Local name for the pulled plugin.
+
+ The `:latest` tag is optional, and is used as the default if omitted.
+ required: false
+ type: "string"
+ - name: "X-Registry-Auth"
+ in: "header"
+ description: |
+ A base64url-encoded auth configuration to use when pulling a plugin
+ from a registry.
+
+ Refer to the [authentication section](#section/Authentication) for
+ details.
+ type: "string"
+ - name: "body"
+ in: "body"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginPrivilege"
+ example:
+ - Name: "network"
+ Description: ""
+ Value:
+ - "host"
+ - Name: "mount"
+ Description: ""
+ Value:
+ - "/data"
+ - Name: "device"
+ Description: ""
+ Value:
+ - "/dev/cpu_dma_latency"
+ tags: ["Plugin"]
+ /plugins/{name}/json:
+ get:
+ summary: "Inspect a plugin"
+ operationId: "PluginInspect"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Plugin"
+ 404:
+ description: "plugin is not installed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ tags: ["Plugin"]
+ /plugins/{name}:
+ delete:
+ summary: "Remove a plugin"
+ operationId: "PluginDelete"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Plugin"
+ 404:
+ description: "plugin is not installed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ - name: "force"
+ in: "query"
+ description: |
+ Disable the plugin before removing. This may result in issues if the
+ plugin is in use by a container.
+ type: "boolean"
+ default: false
+ tags: ["Plugin"]
+ /plugins/{name}/enable:
+ post:
+ summary: "Enable a plugin"
+ operationId: "PluginEnable"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "plugin is not installed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ - name: "timeout"
+ in: "query"
+ description: "Set the HTTP client timeout (in seconds)"
+ type: "integer"
+ default: 0
+ tags: ["Plugin"]
+ /plugins/{name}/disable:
+ post:
+ summary: "Disable a plugin"
+ operationId: "PluginDisable"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "plugin is not installed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ - name: "force"
+ in: "query"
+ description: |
+ Force disable a plugin even if still in use.
+ required: false
+ type: "boolean"
+ tags: ["Plugin"]
+ /plugins/{name}/upgrade:
+ post:
+ summary: "Upgrade a plugin"
+ operationId: "PluginUpgrade"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "plugin not installed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ - name: "remote"
+ in: "query"
+ description: |
+ Remote reference to upgrade to.
+
+ The `:latest` tag is optional, and is used as the default if omitted.
+ required: true
+ type: "string"
+ - name: "X-Registry-Auth"
+ in: "header"
+ description: |
+ A base64url-encoded auth configuration to use when pulling a plugin
+ from a registry.
+
+ Refer to the [authentication section](#section/Authentication) for
+ details.
+ type: "string"
+ - name: "body"
+ in: "body"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginPrivilege"
+ example:
+ - Name: "network"
+ Description: ""
+ Value:
+ - "host"
+ - Name: "mount"
+ Description: ""
+ Value:
+ - "/data"
+ - Name: "device"
+ Description: ""
+ Value:
+ - "/dev/cpu_dma_latency"
+ tags: ["Plugin"]
+ /plugins/create:
+ post:
+ summary: "Create a plugin"
+ operationId: "PluginCreate"
+ consumes:
+ - "application/x-tar"
+ responses:
+ 204:
+ description: "no error"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "query"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ - name: "tarContext"
+ in: "body"
+ description: "Path to tar containing plugin rootfs and manifest"
+ schema:
+ type: "string"
+ format: "binary"
+ tags: ["Plugin"]
+ /plugins/{name}/push:
+ post:
+ summary: "Push a plugin"
+ operationId: "PluginPush"
+ description: |
+ Push a plugin to the registry.
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "plugin not installed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Plugin"]
+ /plugins/{name}/set:
+ post:
+ summary: "Configure a plugin"
+ operationId: "PluginSet"
+ consumes:
+ - "application/json"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ - name: "body"
+ in: "body"
+ schema:
+ type: "array"
+ items:
+ type: "string"
+ example: ["DEBUG=1"]
+ responses:
+ 204:
+ description: "No error"
+ 404:
+ description: "Plugin not installed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Plugin"]
+ /nodes:
+ get:
+ summary: "List nodes"
+ operationId: "NodeList"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/Node"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ description: |
+ Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+ Available filters:
+ - `id=`
+ - `label=`
+ - `membership=`(`accepted`|`pending`)`
+ - `name=`
+ - `node.label=`
+ - `role=`(`manager`|`worker`)`
+ type: "string"
+ tags: ["Node"]
+ /nodes/{id}:
+ get:
+ summary: "Inspect a node"
+ operationId: "NodeInspect"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Node"
+ 404:
+ description: "no such node"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "The ID or name of the node"
+ type: "string"
+ required: true
+ tags: ["Node"]
+ delete:
+ summary: "Delete a node"
+ operationId: "NodeDelete"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "no such node"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "The ID or name of the node"
+ type: "string"
+ required: true
+ - name: "force"
+ in: "query"
+ description: "Force remove a node from the swarm"
+ default: false
+ type: "boolean"
+ tags: ["Node"]
+ /nodes/{id}/update:
+ post:
+ summary: "Update a node"
+ operationId: "NodeUpdate"
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such node"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "The ID of the node"
+ type: "string"
+ required: true
+ - name: "body"
+ in: "body"
+ schema:
+ $ref: "#/definitions/NodeSpec"
+ - name: "version"
+ in: "query"
+ description: |
+ The version number of the node object being updated. This is required
+ to avoid conflicting writes.
+ type: "integer"
+ format: "int64"
+ required: true
+ tags: ["Node"]
+ /swarm:
+ get:
+ summary: "Inspect swarm"
+ operationId: "SwarmInspect"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Swarm"
+ 404:
+ description: "no such swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Swarm"]
+ /swarm/init:
+ post:
+ summary: "Initialize a new swarm"
+ operationId: "SwarmInit"
+ produces:
+ - "application/json"
+ - "text/plain"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ description: "The node ID"
+ type: "string"
+ example: "7v2t30z9blmxuhnyo6s4cpenp"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is already part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "body"
+ in: "body"
+ required: true
+ schema:
+ type: "object"
+ title: "SwarmInitRequest"
+ properties:
+ ListenAddr:
+ description: |
+ Listen address used for inter-manager communication, as well
+ as determining the networking interface used for the VXLAN
+ Tunnel Endpoint (VTEP). This can either be an address/port
+ combination in the form `192.168.1.1:4567`, or an interface
+ followed by a port number, like `eth0:4567`. If the port number
+ is omitted, the default swarm listening port is used.
+ type: "string"
+ AdvertiseAddr:
+ description: |
+ Externally reachable address advertised to other nodes. This
+ can either be an address/port combination in the form
+ `192.168.1.1:4567`, or an interface followed by a port number,
+ like `eth0:4567`. If the port number is omitted, the port
+ number from the listen address is used. If `AdvertiseAddr` is
+ not specified, it will be automatically detected when possible.
+ type: "string"
+ DataPathAddr:
+ description: |
+ Address or interface to use for data path traffic (format:
+ ``), for example, `192.168.1.1`, or an interface,
+ like `eth0`. If `DataPathAddr` is unspecified, the same address
+ as `AdvertiseAddr` is used.
+
+ The `DataPathAddr` specifies the address that global scope
+ network drivers will publish towards other nodes in order to
+ reach the containers running on this node. Using this parameter
+ it is possible to separate the container data traffic from the
+ management traffic of the cluster.
+ type: "string"
+ DataPathPort:
+ description: |
+ DataPathPort specifies the data path port number for data traffic.
+ Acceptable port range is 1024 to 49151.
+ if no port is set or is set to 0, default port 4789 will be used.
+ type: "integer"
+ format: "uint32"
+ DefaultAddrPool:
+ description: |
+ Default Address Pool specifies default subnet pools for global
+ scope networks.
+ type: "array"
+ items:
+ type: "string"
+ example: ["10.10.0.0/16", "20.20.0.0/16"]
+ ForceNewCluster:
+ description: "Force creation of a new swarm."
+ type: "boolean"
+ SubnetSize:
+ description: |
+ SubnetSize specifies the subnet size of the networks created
+ from the default subnet pool.
+ type: "integer"
+ format: "uint32"
+ Spec:
+ $ref: "#/definitions/SwarmSpec"
+ example:
+ ListenAddr: "0.0.0.0:2377"
+ AdvertiseAddr: "192.168.1.1:2377"
+ DataPathPort: 4789
+ DefaultAddrPool: ["10.10.0.0/8", "20.20.0.0/8"]
+ SubnetSize: 24
+ ForceNewCluster: false
+ Spec:
+ Orchestration: {}
+ Raft: {}
+ Dispatcher: {}
+ CAConfig: {}
+ EncryptionConfig:
+ AutoLockManagers: false
+ tags: ["Swarm"]
+ /swarm/join:
+ post:
+ summary: "Join an existing swarm"
+ operationId: "SwarmJoin"
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is already part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "body"
+ in: "body"
+ required: true
+ schema:
+ type: "object"
+ title: "SwarmJoinRequest"
+ properties:
+ ListenAddr:
+ description: |
+ Listen address used for inter-manager communication if the node
+ gets promoted to manager, as well as determining the networking
+ interface used for the VXLAN Tunnel Endpoint (VTEP).
+ type: "string"
+ AdvertiseAddr:
+ description: |
+ Externally reachable address advertised to other nodes. This
+ can either be an address/port combination in the form
+ `192.168.1.1:4567`, or an interface followed by a port number,
+ like `eth0:4567`. If the port number is omitted, the port
+ number from the listen address is used. If `AdvertiseAddr` is
+ not specified, it will be automatically detected when possible.
+ type: "string"
+ DataPathAddr:
+ description: |
+ Address or interface to use for data path traffic (format:
+ ``), for example, `192.168.1.1`, or an interface,
+ like `eth0`. If `DataPathAddr` is unspecified, the same address
+ as `AdvertiseAddr` is used.
+
+ The `DataPathAddr` specifies the address that global scope
+ network drivers will publish towards other nodes in order to
+ reach the containers running on this node. Using this parameter
+ it is possible to separate the container data traffic from the
+ management traffic of the cluster.
+
+ type: "string"
+ RemoteAddrs:
+ description: |
+ Addresses of manager nodes already participating in the swarm.
+ type: "array"
+ items:
+ type: "string"
+ JoinToken:
+ description: "Secret token for joining this swarm."
+ type: "string"
+ example:
+ ListenAddr: "0.0.0.0:2377"
+ AdvertiseAddr: "192.168.1.1:2377"
+ RemoteAddrs:
+ - "node1:2377"
+ JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+ tags: ["Swarm"]
+ /swarm/leave:
+ post:
+ summary: "Leave a swarm"
+ operationId: "SwarmLeave"
+ responses:
+ 200:
+ description: "no error"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "force"
+ description: |
+ Force leave swarm, even if this is the last manager or that it will
+ break the cluster.
+ in: "query"
+ type: "boolean"
+ default: false
+ tags: ["Swarm"]
+ /swarm/update:
+ post:
+ summary: "Update a swarm"
+ operationId: "SwarmUpdate"
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "body"
+ in: "body"
+ required: true
+ schema:
+ $ref: "#/definitions/SwarmSpec"
+ - name: "version"
+ in: "query"
+ description: |
+ The version number of the swarm object being updated. This is
+ required to avoid conflicting writes.
+ type: "integer"
+ format: "int64"
+ required: true
+ - name: "rotateWorkerToken"
+ in: "query"
+ description: "Rotate the worker join token."
+ type: "boolean"
+ default: false
+ - name: "rotateManagerToken"
+ in: "query"
+ description: "Rotate the manager join token."
+ type: "boolean"
+ default: false
+ - name: "rotateManagerUnlockKey"
+ in: "query"
+ description: "Rotate the manager unlock key."
+ type: "boolean"
+ default: false
+ tags: ["Swarm"]
+ /swarm/unlockkey:
+ get:
+ summary: "Get the unlock key"
+ operationId: "SwarmUnlockkey"
+ consumes:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "object"
+ title: "UnlockKeyResponse"
+ properties:
+ UnlockKey:
+ description: "The swarm's unlock key."
+ type: "string"
+ example:
+ UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Swarm"]
+ /swarm/unlock:
+ post:
+ summary: "Unlock a locked manager"
+ operationId: "SwarmUnlock"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/json"
+ parameters:
+ - name: "body"
+ in: "body"
+ required: true
+ schema:
+ type: "object"
+ title: "SwarmUnlockRequest"
+ properties:
+ UnlockKey:
+ description: "The swarm's unlock key."
+ type: "string"
+ example:
+ UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+ responses:
+ 200:
+ description: "no error"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Swarm"]
+ /services:
+ get:
+ summary: "List services"
+ operationId: "ServiceList"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/Service"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ type: "string"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to
+ process on the services list.
+
+ Available filters:
+
+ - `id=`
+ - `label=`
+ - `mode=["replicated"|"global"]`
+ - `name=`
+ - name: "status"
+ in: "query"
+ type: "boolean"
+ description: |
+ Include service status, with count of running and desired tasks.
+ tags: ["Service"]
+ /services/create:
+ post:
+ summary: "Create a service"
+ operationId: "ServiceCreate"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/json"
+ responses:
+ 201:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/ServiceCreateResponse"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 403:
+ description: "network is not eligible for services"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 409:
+ description: "name conflicts with an existing service"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "body"
+ in: "body"
+ required: true
+ schema:
+ allOf:
+ - $ref: "#/definitions/ServiceSpec"
+ - type: "object"
+ example:
+ Name: "web"
+ TaskTemplate:
+ ContainerSpec:
+ Image: "nginx:alpine"
+ Mounts:
+ -
+ ReadOnly: true
+ Source: "web-data"
+ Target: "/usr/share/nginx/html"
+ Type: "volume"
+ VolumeOptions:
+ DriverConfig: {}
+ Labels:
+ com.example.something: "something-value"
+ Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
+ User: "33"
+ DNSConfig:
+ Nameservers: ["8.8.8.8"]
+ Search: ["example.org"]
+ Options: ["timeout:3"]
+ Secrets:
+ -
+ File:
+ Name: "www.example.org.key"
+ UID: "33"
+ GID: "33"
+ Mode: 384
+ SecretID: "fpjqlhnwb19zds35k8wn80lq9"
+ SecretName: "example_org_domain_key"
+ OomScoreAdj: 0
+ LogDriver:
+ Name: "json-file"
+ Options:
+ max-file: "3"
+ max-size: "10M"
+ Placement: {}
+ Resources:
+ Limits:
+ MemoryBytes: 104857600
+ Reservations: {}
+ RestartPolicy:
+ Condition: "on-failure"
+ Delay: 10000000000
+ MaxAttempts: 10
+ Mode:
+ Replicated:
+ Replicas: 4
+ UpdateConfig:
+ Parallelism: 2
+ Delay: 1000000000
+ FailureAction: "pause"
+ Monitor: 15000000000
+ MaxFailureRatio: 0.15
+ RollbackConfig:
+ Parallelism: 1
+ Delay: 1000000000
+ FailureAction: "pause"
+ Monitor: 15000000000
+ MaxFailureRatio: 0.15
+ EndpointSpec:
+ Ports:
+ -
+ Protocol: "tcp"
+ PublishedPort: 8080
+ TargetPort: 80
+ Labels:
+ foo: "bar"
+ - name: "X-Registry-Auth"
+ in: "header"
+ description: |
+ A base64url-encoded auth configuration for pulling from private
+ registries.
+
+ Refer to the [authentication section](#section/Authentication) for
+ details.
+ type: "string"
+ tags: ["Service"]
+ /services/{id}:
+ get:
+ summary: "Inspect a service"
+ operationId: "ServiceInspect"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Service"
+ 404:
+ description: "no such service"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "ID or name of service."
+ required: true
+ type: "string"
+ - name: "insertDefaults"
+ in: "query"
+ description: "Fill empty fields with default values."
+ type: "boolean"
+ default: false
+ tags: ["Service"]
+ delete:
+ summary: "Delete a service"
+ operationId: "ServiceDelete"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "no such service"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "ID or name of service."
+ required: true
+ type: "string"
+ tags: ["Service"]
+ /services/{id}/update:
+ post:
+ summary: "Update a service"
+ operationId: "ServiceUpdate"
+ consumes: ["application/json"]
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/ServiceUpdateResponse"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such service"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "ID or name of service."
+ required: true
+ type: "string"
+ - name: "body"
+ in: "body"
+ required: true
+ schema:
+ allOf:
+ - $ref: "#/definitions/ServiceSpec"
+ - type: "object"
+ example:
+ Name: "top"
+ TaskTemplate:
+ ContainerSpec:
+ Image: "busybox"
+ Args:
+ - "top"
+ OomScoreAdj: 0
+ Resources:
+ Limits: {}
+ Reservations: {}
+ RestartPolicy:
+ Condition: "any"
+ MaxAttempts: 0
+ Placement: {}
+ ForceUpdate: 0
+ Mode:
+ Replicated:
+ Replicas: 1
+ UpdateConfig:
+ Parallelism: 2
+ Delay: 1000000000
+ FailureAction: "pause"
+ Monitor: 15000000000
+ MaxFailureRatio: 0.15
+ RollbackConfig:
+ Parallelism: 1
+ Delay: 1000000000
+ FailureAction: "pause"
+ Monitor: 15000000000
+ MaxFailureRatio: 0.15
+ EndpointSpec:
+ Mode: "vip"
+
+ - name: "version"
+ in: "query"
+ description: |
+ The version number of the service object being updated. This is
+ required to avoid conflicting writes.
+ This version number should be the value as currently set on the
+ service *before* the update. You can find the current version by
+ calling `GET /services/{id}`
+ required: true
+ type: "integer"
+ - name: "registryAuthFrom"
+ in: "query"
+ description: |
+ If the `X-Registry-Auth` header is not specified, this parameter
+ indicates where to find registry authorization credentials.
+ type: "string"
+ enum: ["spec", "previous-spec"]
+ default: "spec"
+ - name: "rollback"
+ in: "query"
+ description: |
+ Set to this parameter to `previous` to cause a server-side rollback
+ to the previous service spec. The supplied spec will be ignored in
+ this case.
+ type: "string"
+ - name: "X-Registry-Auth"
+ in: "header"
+ description: |
+ A base64url-encoded auth configuration for pulling from private
+ registries.
+
+ Refer to the [authentication section](#section/Authentication) for
+ details.
+ type: "string"
+
+ tags: ["Service"]
+ /services/{id}/logs:
+ get:
+ summary: "Get service logs"
+ description: |
+ Get `stdout` and `stderr` logs from a service. See also
+ [`/containers/{id}/logs`](#operation/ContainerLogs).
+
+ **Note**: This endpoint works only for services with the `local`,
+ `json-file` or `journald` logging drivers.
+ produces:
+ - "application/vnd.docker.raw-stream"
+ - "application/vnd.docker.multiplexed-stream"
+ operationId: "ServiceLogs"
+ responses:
+ 200:
+ description: "logs returned as a stream in response body"
+ schema:
+ type: "string"
+ format: "binary"
+ 404:
+ description: "no such service"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such service: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the service"
+ type: "string"
+ - name: "details"
+ in: "query"
+ description: "Show service context and extra details provided to logs."
+ type: "boolean"
+ default: false
+ - name: "follow"
+ in: "query"
+ description: "Keep connection after returning logs."
+ type: "boolean"
+ default: false
+ - name: "stdout"
+ in: "query"
+ description: "Return logs from `stdout`"
+ type: "boolean"
+ default: false
+ - name: "stderr"
+ in: "query"
+ description: "Return logs from `stderr`"
+ type: "boolean"
+ default: false
+ - name: "since"
+ in: "query"
+ description: "Only return logs since this time, as a UNIX timestamp"
+ type: "integer"
+ default: 0
+ - name: "timestamps"
+ in: "query"
+ description: "Add timestamps to every log line"
+ type: "boolean"
+ default: false
+ - name: "tail"
+ in: "query"
+ description: |
+ Only return this number of log lines from the end of the logs.
+ Specify as an integer or `all` to output all log lines.
+ type: "string"
+ default: "all"
+ tags: ["Service"]
+ /tasks:
+ get:
+ summary: "List tasks"
+ operationId: "TaskList"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/Task"
+ example:
+ - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+ Version:
+ Index: 71
+ CreatedAt: "2016-06-07T21:07:31.171892745Z"
+ UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+ Spec:
+ ContainerSpec:
+ Image: "redis"
+ Resources:
+ Limits: {}
+ Reservations: {}
+ RestartPolicy:
+ Condition: "any"
+ MaxAttempts: 0
+ Placement: {}
+ ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+ Slot: 1
+ NodeID: "60gvrl6tm78dmak4yl7srz94v"
+ Status:
+ Timestamp: "2016-06-07T21:07:31.290032978Z"
+ State: "running"
+ Message: "started"
+ ContainerStatus:
+ ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+ PID: 677
+ DesiredState: "running"
+ NetworksAttachments:
+ - Network:
+ ID: "4qvuz4ko70xaltuqbt8956gd1"
+ Version:
+ Index: 18
+ CreatedAt: "2016-06-07T20:31:11.912919752Z"
+ UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+ Spec:
+ Name: "ingress"
+ Labels:
+ com.docker.swarm.internal: "true"
+ DriverConfiguration: {}
+ IPAMOptions:
+ Driver: {}
+ Configs:
+ - Subnet: "10.255.0.0/16"
+ Gateway: "10.255.0.1"
+ DriverState:
+ Name: "overlay"
+ Options:
+ com.docker.network.driver.overlay.vxlanid_list: "256"
+ IPAMOptions:
+ Driver:
+ Name: "default"
+ Configs:
+ - Subnet: "10.255.0.0/16"
+ Gateway: "10.255.0.1"
+ Addresses:
+ - "10.255.0.10/16"
+ - ID: "1yljwbmlr8er2waf8orvqpwms"
+ Version:
+ Index: 30
+ CreatedAt: "2016-06-07T21:07:30.019104782Z"
+ UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+ Name: "hopeful_cori"
+ Spec:
+ ContainerSpec:
+ Image: "redis"
+ Resources:
+ Limits: {}
+ Reservations: {}
+ RestartPolicy:
+ Condition: "any"
+ MaxAttempts: 0
+ Placement: {}
+ ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+ Slot: 1
+ NodeID: "60gvrl6tm78dmak4yl7srz94v"
+ Status:
+ Timestamp: "2016-06-07T21:07:30.202183143Z"
+ State: "shutdown"
+ Message: "shutdown"
+ ContainerStatus:
+ ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+ DesiredState: "shutdown"
+ NetworksAttachments:
+ - Network:
+ ID: "4qvuz4ko70xaltuqbt8956gd1"
+ Version:
+ Index: 18
+ CreatedAt: "2016-06-07T20:31:11.912919752Z"
+ UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+ Spec:
+ Name: "ingress"
+ Labels:
+ com.docker.swarm.internal: "true"
+ DriverConfiguration: {}
+ IPAMOptions:
+ Driver: {}
+ Configs:
+ - Subnet: "10.255.0.0/16"
+ Gateway: "10.255.0.1"
+ DriverState:
+ Name: "overlay"
+ Options:
+ com.docker.network.driver.overlay.vxlanid_list: "256"
+ IPAMOptions:
+ Driver:
+ Name: "default"
+ Configs:
+ - Subnet: "10.255.0.0/16"
+ Gateway: "10.255.0.1"
+ Addresses:
+ - "10.255.0.5/16"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ type: "string"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to
+ process on the tasks list.
+
+ Available filters:
+
+ - `desired-state=(running | shutdown | accepted)`
+ - `id=`
+ - `label=key` or `label="key=value"`
+ - `name=`
+ - `node=`
+ - `service=`
+ tags: ["Task"]
+ /tasks/{id}:
+ get:
+ summary: "Inspect a task"
+ operationId: "TaskInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Task"
+ 404:
+ description: "no such task"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "ID of the task"
+ required: true
+ type: "string"
+ tags: ["Task"]
+ /tasks/{id}/logs:
+ get:
+ summary: "Get task logs"
+ description: |
+ Get `stdout` and `stderr` logs from a task.
+ See also [`/containers/{id}/logs`](#operation/ContainerLogs).
+
+ **Note**: This endpoint works only for services with the `local`,
+ `json-file` or `journald` logging drivers.
+ operationId: "TaskLogs"
+ produces:
+ - "application/vnd.docker.raw-stream"
+ - "application/vnd.docker.multiplexed-stream"
+ responses:
+ 200:
+ description: "logs returned as a stream in response body"
+ schema:
+ type: "string"
+ format: "binary"
+ 404:
+ description: "no such task"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such task: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID of the task"
+ type: "string"
+ - name: "details"
+ in: "query"
+ description: "Show task context and extra details provided to logs."
+ type: "boolean"
+ default: false
+ - name: "follow"
+ in: "query"
+ description: "Keep connection after returning logs."
+ type: "boolean"
+ default: false
+ - name: "stdout"
+ in: "query"
+ description: "Return logs from `stdout`"
+ type: "boolean"
+ default: false
+ - name: "stderr"
+ in: "query"
+ description: "Return logs from `stderr`"
+ type: "boolean"
+ default: false
+ - name: "since"
+ in: "query"
+ description: "Only return logs since this time, as a UNIX timestamp"
+ type: "integer"
+ default: 0
+ - name: "timestamps"
+ in: "query"
+ description: "Add timestamps to every log line"
+ type: "boolean"
+ default: false
+ - name: "tail"
+ in: "query"
+ description: |
+ Only return this number of log lines from the end of the logs.
+ Specify as an integer or `all` to output all log lines.
+ type: "string"
+ default: "all"
+ tags: ["Task"]
+ /secrets:
+ get:
+ summary: "List secrets"
+ operationId: "SecretList"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/Secret"
+ example:
+ - ID: "blt1owaxmitz71s9v5zh81zun"
+ Version:
+ Index: 85
+ CreatedAt: "2017-07-20T13:55:28.678958722Z"
+ UpdatedAt: "2017-07-20T13:55:28.678958722Z"
+ Spec:
+ Name: "mysql-passwd"
+ Labels:
+ some.label: "some.value"
+ Driver:
+ Name: "secret-bucket"
+ Options:
+ OptionA: "value for driver option A"
+ OptionB: "value for driver option B"
+ - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+ Version:
+ Index: 11
+ CreatedAt: "2016-11-05T01:20:17.327670065Z"
+ UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+ Spec:
+ Name: "app-dev.crt"
+ Labels:
+ foo: "bar"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ type: "string"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to
+ process on the secrets list.
+
+ Available filters:
+
+ - `id=`
+ - `label= or label==value`
+ - `name=`
+ - `names=`
+ tags: ["Secret"]
+ /secrets/create:
+ post:
+ summary: "Create a secret"
+ operationId: "SecretCreate"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/json"
+ responses:
+ 201:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/IdResponse"
+ 409:
+ description: "name conflicts with an existing object"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "body"
+ in: "body"
+ schema:
+ allOf:
+ - $ref: "#/definitions/SecretSpec"
+ - type: "object"
+ example:
+ Name: "app-key.crt"
+ Labels:
+ foo: "bar"
+ Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+ Driver:
+ Name: "secret-bucket"
+ Options:
+ OptionA: "value for driver option A"
+ OptionB: "value for driver option B"
+ tags: ["Secret"]
+ /secrets/{id}:
+ get:
+ summary: "Inspect a secret"
+ operationId: "SecretInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Secret"
+ examples:
+ application/json:
+ ID: "ktnbjxoalbkvbvedmg1urrz8h"
+ Version:
+ Index: 11
+ CreatedAt: "2016-11-05T01:20:17.327670065Z"
+ UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+ Spec:
+ Name: "app-dev.crt"
+ Labels:
+ foo: "bar"
+ Driver:
+ Name: "secret-bucket"
+ Options:
+ OptionA: "value for driver option A"
+ OptionB: "value for driver option B"
+
+ 404:
+ description: "secret not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ type: "string"
+ description: "ID of the secret"
+ tags: ["Secret"]
+ delete:
+ summary: "Delete a secret"
+ operationId: "SecretDelete"
+ produces:
+ - "application/json"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "secret not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ type: "string"
+ description: "ID of the secret"
+ tags: ["Secret"]
+ /secrets/{id}/update:
+ post:
+ summary: "Update a Secret"
+ operationId: "SecretUpdate"
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such secret"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "The ID or name of the secret"
+ type: "string"
+ required: true
+ - name: "body"
+ in: "body"
+ schema:
+ $ref: "#/definitions/SecretSpec"
+ description: |
+ The spec of the secret to update. Currently, only the Labels field
+ can be updated. All other fields must remain unchanged from the
+ [SecretInspect endpoint](#operation/SecretInspect) response values.
+ - name: "version"
+ in: "query"
+ description: |
+ The version number of the secret object being updated. This is
+ required to avoid conflicting writes.
+ type: "integer"
+ format: "int64"
+ required: true
+ tags: ["Secret"]
+ /configs:
+ get:
+ summary: "List configs"
+ operationId: "ConfigList"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/Config"
+ example:
+ - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+ Version:
+ Index: 11
+ CreatedAt: "2016-11-05T01:20:17.327670065Z"
+ UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+ Spec:
+ Name: "server.conf"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ type: "string"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to
+ process on the configs list.
+
+ Available filters:
+
+ - `id=`
+ - `label= or label==value`
+ - `name=`
+ - `names=`
+ tags: ["Config"]
+ /configs/create:
+ post:
+ summary: "Create a config"
+ operationId: "ConfigCreate"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/json"
+ responses:
+ 201:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/IdResponse"
+ 409:
+ description: "name conflicts with an existing object"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "body"
+ in: "body"
+ schema:
+ allOf:
+ - $ref: "#/definitions/ConfigSpec"
+ - type: "object"
+ example:
+ Name: "server.conf"
+ Labels:
+ foo: "bar"
+ Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+ tags: ["Config"]
+ /configs/{id}:
+ get:
+ summary: "Inspect a config"
+ operationId: "ConfigInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Config"
+ examples:
+ application/json:
+ ID: "ktnbjxoalbkvbvedmg1urrz8h"
+ Version:
+ Index: 11
+ CreatedAt: "2016-11-05T01:20:17.327670065Z"
+ UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+ Spec:
+ Name: "app-dev.crt"
+ 404:
+ description: "config not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ type: "string"
+ description: "ID of the config"
+ tags: ["Config"]
+ delete:
+ summary: "Delete a config"
+ operationId: "ConfigDelete"
+ produces:
+ - "application/json"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "config not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ type: "string"
+ description: "ID of the config"
+ tags: ["Config"]
+ /configs/{id}/update:
+ post:
+ summary: "Update a Config"
+ operationId: "ConfigUpdate"
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such config"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "The ID or name of the config"
+ type: "string"
+ required: true
+ - name: "body"
+ in: "body"
+ schema:
+ $ref: "#/definitions/ConfigSpec"
+ description: |
+ The spec of the config to update. Currently, only the Labels field
+ can be updated. All other fields must remain unchanged from the
+ [ConfigInspect endpoint](#operation/ConfigInspect) response values.
+ - name: "version"
+ in: "query"
+ description: |
+ The version number of the config object being updated. This is
+ required to avoid conflicting writes.
+ type: "integer"
+ format: "int64"
+ required: true
+ tags: ["Config"]
+ /distribution/{name}/json:
+ get:
+ summary: "Get image information from the registry"
+ description: |
+ Return image digest and platform information by contacting the registry.
+ operationId: "DistributionInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "descriptor and platform information"
+ schema:
+ $ref: "#/definitions/DistributionInspect"
+ 401:
+ description: "Failed authentication or no image found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such image: someimage (tag: latest)"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: "Image name or id"
+ type: "string"
+ required: true
+ tags: ["Distribution"]
+ /session:
+ post:
+ summary: "Initialize interactive session"
+ description: |
+ Start a new interactive session with a server. Session allows server to
+ call back to the client for advanced capabilities.
+
+ ### Hijacking
+
+ This endpoint hijacks the HTTP connection to HTTP2 transport that allows
+ the client to expose gPRC services on that connection.
+
+ For example, the client sends this request to upgrade the connection:
+
+ ```
+ POST /session HTTP/1.1
+ Upgrade: h2c
+ Connection: Upgrade
+ ```
+
+ The Docker daemon responds with a `101 UPGRADED` response follow with
+ the raw stream:
+
+ ```
+ HTTP/1.1 101 UPGRADED
+ Connection: Upgrade
+ Upgrade: h2c
+ ```
+ operationId: "Session"
+ produces:
+ - "application/vnd.docker.raw-stream"
+ responses:
+ 101:
+ description: "no error, hijacking successful"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Session"]
diff --git a/docs/api/version-history.md b/docs/api/version-history.md
index cf7188420b7e8..88f27bebec280 100644
--- a/docs/api/version-history.md
+++ b/docs/api/version-history.md
@@ -139,7 +139,7 @@ are not part of the underlying image's Config, and deprecated:
interval for health checks during the start period.
* `GET /info` now includes a `CDISpecDirs` field indicating the configured CDI
specifications directories. The use of the applied setting requires the daemon
- to have expermental enabled, and for non-experimental daemons an empty list is
+ to have experimental enabled, and for non-experimental daemons an empty list is
always returned.
* `POST /networks/create` now returns a 400 if the `IPAMConfig` has invalid
values. Note that this change is _unversioned_ and applied to all API
@@ -425,7 +425,7 @@ are not part of the underlying image's Config, and deprecated:
to return those without the specified labels.
* `POST /containers/create` now accepts a `fluentd-async` option in `HostConfig.LogConfig.Config`
when using the Fluentd logging driver. This option deprecates the `fluentd-async-connect`
- option, which remains funtional, but will be removed in a future release. Users
+ option, which remains functional, but will be removed in a future release. Users
are encouraged to use the `fluentd-async` option going forward. This change is
not versioned, and affects all API versions if the daemon has this patch.
* `POST /containers/create` now accepts a `fluentd-request-ack` option in
diff --git a/hack/dockerfile/install/containerd.installer b/hack/dockerfile/install/containerd.installer
index a549bd317c0a6..cc6b6b0d68ea5 100755
--- a/hack/dockerfile/install/containerd.installer
+++ b/hack/dockerfile/install/containerd.installer
@@ -15,7 +15,7 @@ set -e
# the binary version you may also need to update the vendor version to pick up
# bug fixes or new APIs, however, usually the Go packages are built from a
# commit from the master branch.
-: "${CONTAINERD_VERSION:=v1.7.21}"
+: "${CONTAINERD_VERSION:=v1.7.22}"
install_containerd() (
echo "Install containerd version $CONTAINERD_VERSION"
diff --git a/hack/dockerfile/install/rootlesskit.installer b/hack/dockerfile/install/rootlesskit.installer
index de6846ae17fa2..3c3e96189b499 100755
--- a/hack/dockerfile/install/rootlesskit.installer
+++ b/hack/dockerfile/install/rootlesskit.installer
@@ -1,7 +1,7 @@
#!/bin/sh
# When updating, also update vendor.mod and Dockerfile accordingly.
-: "${ROOTLESSKIT_VERSION:=v2.0.2}"
+: "${ROOTLESSKIT_VERSION:=v2.3.1}"
install_rootlesskit() {
case "$1" in
diff --git a/hack/dockerfile/install/runc.installer b/hack/dockerfile/install/runc.installer
index e73b2f15e0057..82f81ed23f8d6 100755
--- a/hack/dockerfile/install/runc.installer
+++ b/hack/dockerfile/install/runc.installer
@@ -9,7 +9,7 @@ set -e
# the containerd project first, and update both after that is merged.
#
# When updating RUNC_VERSION, consider updating runc in vendor.mod accordingly
-: "${RUNC_VERSION:=v1.1.13}"
+: "${RUNC_VERSION:=v1.1.14}"
install_runc() {
RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp"}"
diff --git a/hack/dockerfiles/generate-files.Dockerfile b/hack/dockerfiles/generate-files.Dockerfile
index a7303942f2c12..5e8fe3f145402 100644
--- a/hack/dockerfiles/generate-files.Dockerfile
+++ b/hack/dockerfiles/generate-files.Dockerfile
@@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1
-ARG GO_VERSION=1.21.13
+ARG GO_VERSION=1.22.7
ARG BASE_DEBIAN_DISTRO="bookworm"
ARG PROTOC_VERSION=3.11.4
diff --git a/hack/dockerfiles/govulncheck.Dockerfile b/hack/dockerfiles/govulncheck.Dockerfile
index 22353ed9d9e44..e1660f87e1b9b 100644
--- a/hack/dockerfiles/govulncheck.Dockerfile
+++ b/hack/dockerfiles/govulncheck.Dockerfile
@@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1
-ARG GO_VERSION=1.21.13
+ARG GO_VERSION=1.22.7
ARG GOVULNCHECK_VERSION=v1.1.3
ARG FORMAT=text
diff --git a/hack/make/.binary b/hack/make/.binary
index 1dc9eeb88a1cd..37c73d9390d2a 100644
--- a/hack/make/.binary
+++ b/hack/make/.binary
@@ -78,6 +78,18 @@ source "${MAKEDIR}/.go-autogen"
GCFLAGS="all=-N -l"
fi
+ if [ "$(go env GOARCH)" = "arm" ] && [ "$(go env GOARM)" = "5" ]; then
+ # cross-compiling for arm/v5 fails on go1.22; a fix is included for this
+ # in go1.23 (https://github.com/golang/go/issues/65290), but for go1.22
+ # we can set the correct option manually.
+ CGO_CFLAGS+=" -Wno-atomic-alignment"
+ export CGO_CFLAGS
+
+ # Make sure libatomic is included on arm/v5, because clang does not auto-link it.
+ # see https://github.com/moby/moby/pull/46982#issuecomment-2206992611
+ export CGO_LDFLAGS="-latomic"
+ fi
+
echo "Building $([ "$DOCKER_STATIC" = "1" ] && echo "static" || echo "dynamic") $DEST/$BINARY_FULLNAME ($PLATFORM_NAME)..."
if [ -n "$DOCKER_DEBUG" ]; then
set -x
diff --git a/integration-cli/benchmark_test.go b/integration-cli/benchmark_test.go
index 48521632a3e15..498910294f419 100644
--- a/integration-cli/benchmark_test.go
+++ b/integration-cli/benchmark_test.go
@@ -2,7 +2,7 @@ package main
import (
"context"
- "fmt"
+ "errors"
"os"
"runtime"
"strings"
@@ -46,7 +46,7 @@ func (s *DockerBenchmarkSuite) BenchmarkConcurrentContainerActions(c *testing.B)
args = append(args, sleepCommandForDaemonPlatform()...)
out, _, err := dockerCmdWithError(args...)
if err != nil {
- chErr <- fmt.Errorf(out)
+ chErr <- errors.New(out)
return
}
@@ -59,29 +59,29 @@ func (s *DockerBenchmarkSuite) BenchmarkConcurrentContainerActions(c *testing.B)
defer os.RemoveAll(tmpDir)
out, _, err = dockerCmdWithError("cp", id+":/tmp", tmpDir)
if err != nil {
- chErr <- fmt.Errorf(out)
+ chErr <- errors.New(out)
return
}
out, _, err = dockerCmdWithError("kill", id)
if err != nil {
- chErr <- fmt.Errorf(out)
+ chErr <- errors.New(out)
}
out, _, err = dockerCmdWithError("start", id)
if err != nil {
- chErr <- fmt.Errorf(out)
+ chErr <- errors.New(out)
}
out, _, err = dockerCmdWithError("kill", id)
if err != nil {
- chErr <- fmt.Errorf(out)
+ chErr <- errors.New(out)
}
// don't do an rm -f here since it can potentially ignore errors from the graphdriver
out, _, err = dockerCmdWithError("rm", id)
if err != nil {
- chErr <- fmt.Errorf(out)
+ chErr <- errors.New(out)
}
}
}()
@@ -91,7 +91,7 @@ func (s *DockerBenchmarkSuite) BenchmarkConcurrentContainerActions(c *testing.B)
for i := 0; i < numIterations; i++ {
out, _, err := dockerCmdWithError("ps")
if err != nil {
- chErr <- fmt.Errorf(out)
+ chErr <- errors.New(out)
}
}
}()
@@ -116,7 +116,7 @@ func (s *DockerBenchmarkSuite) BenchmarkLogsCLIRotateFollow(c *testing.B) {
ch <- nil
out, _, _ := dockerCmdWithError("logs", "-f", id)
// if this returns at all, it's an error
- ch <- fmt.Errorf(out)
+ ch <- errors.New(out)
}()
<-ch
diff --git a/integration-cli/docker_api_attach_test.go b/integration-cli/docker_api_attach_test.go
index 7dedb738a9181..1ada5ba8dca9c 100644
--- a/integration-cli/docker_api_attach_test.go
+++ b/integration-cli/docker_api_attach_test.go
@@ -224,7 +224,7 @@ func (s *DockerAPISuite) TestPostContainersAttach(c *testing.T) {
assert.Equal(c, outBuf.String(), "hello\nsuccess")
}
-// requestHijack create a http requst to specified host with `Upgrade` header (with method
+// requestHijack create a http request to specified host with `Upgrade` header (with method
// , contenttype, …), if receive a successful "101 Switching Protocols" response return
// a `io.WriteCloser` and `bufio.Reader`
func requestHijack(method, endpoint string, data io.Reader, ct, daemon string, modifiers ...func(*http.Request)) (io.WriteCloser, *bufio.Reader, error) {
diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go
index 66e30e296bccb..0dbfaab7d03e6 100644
--- a/integration-cli/docker_cli_build_test.go
+++ b/integration-cli/docker_cli_build_test.go
@@ -3521,7 +3521,7 @@ func (s *DockerCLIBuildSuite) TestBuildNotVerboseFailureRemote(c *testing.T) {
// An error message should contain name server IP and port, like this:
// "dial tcp: lookup something.invalid on 172.29.128.11:53: no such host"
- // The IP:port need to be removed in order to not trigger a test failur
+ // The IP:port need to be removed in order to not trigger a test failure
// when more than one nameserver is configured.
// While at it, also strip excessive newlines.
normalize := func(msg string) string {
diff --git a/integration-cli/docker_cli_network_unix_test.go b/integration-cli/docker_cli_network_unix_test.go
index a0af5a183b6e3..4973203c15629 100644
--- a/integration-cli/docker_cli_network_unix_test.go
+++ b/integration-cli/docker_cli_network_unix_test.go
@@ -60,16 +60,18 @@ func (s *DockerNetworkSuite) SetUpSuite(ctx context.Context, c *testing.T) {
setupRemoteNetworkDrivers(c, mux, s.server.URL, dummyNetworkDriver, dummyIPAMDriver)
}
-func setupRemoteNetworkDrivers(c *testing.T, mux *http.ServeMux, url, netDrv, ipamDrv string) {
+func setupRemoteNetworkDrivers(t *testing.T, mux *http.ServeMux, url, netDrv, ipamDrv string) {
mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, `{"Implements": ["%s", "%s"]}`, driverapi.NetworkPluginEndpointType, ipamapi.PluginEndpointType)
+ _, err := fmt.Fprintf(w, `{"Implements": ["%s", "%s"]}`, driverapi.NetworkPluginEndpointType, ipamapi.PluginEndpointType)
+ assert.NilError(t, err)
})
// Network driver implementation
mux.HandleFunc(fmt.Sprintf("/%s.GetCapabilities", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, `{"Scope":"local"}`)
+ _, err := fmt.Fprint(w, `{"Scope":"local"}`)
+ assert.NilError(t, err)
})
mux.HandleFunc(fmt.Sprintf("/%s.CreateNetwork", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
@@ -79,17 +81,20 @@ func setupRemoteNetworkDrivers(c *testing.T, mux *http.ServeMux, url, netDrv, ip
return
}
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, "null")
+ _, err = fmt.Fprint(w, "null")
+ assert.NilError(t, err)
})
mux.HandleFunc(fmt.Sprintf("/%s.DeleteNetwork", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, "null")
+ _, err := fmt.Fprint(w, "null")
+ assert.NilError(t, err)
})
mux.HandleFunc(fmt.Sprintf("/%s.CreateEndpoint", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, `{"Interface":{"MacAddress":"a0:b1:c2:d3:e4:f5"}}`)
+ _, err := fmt.Fprint(w, `{"Interface":{"MacAddress":"a0:b1:c2:d3:e4:f5"}}`)
+ assert.NilError(t, err)
})
mux.HandleFunc(fmt.Sprintf("/%s.Join", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
@@ -99,23 +104,28 @@ func setupRemoteNetworkDrivers(c *testing.T, mux *http.ServeMux, url, netDrv, ip
LinkAttrs: netlink.LinkAttrs{Name: "randomIfName", TxQLen: 0}, PeerName: "cnt0",
}
if err := netlink.LinkAdd(veth); err != nil {
- fmt.Fprintf(w, `{"Error":"failed to add veth pair: `+err.Error()+`"}`)
+ _, err = fmt.Fprintf(w, `{"Error":"failed to add veth pair: %v"}`, err)
+ assert.NilError(t, err)
} else {
- fmt.Fprintf(w, `{"InterfaceName":{ "SrcName":"cnt0", "DstPrefix":"veth"}}`)
+ _, err = fmt.Fprint(w, `{"InterfaceName":{ "SrcName":"cnt0", "DstPrefix":"veth"}}`)
+ assert.NilError(t, err)
}
})
mux.HandleFunc(fmt.Sprintf("/%s.Leave", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, "null")
+ _, err := fmt.Fprint(w, "null")
+ assert.NilError(t, err)
})
mux.HandleFunc(fmt.Sprintf("/%s.DeleteEndpoint", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", plugins.VersionMimetype)
if link, err := netlink.LinkByName("cnt0"); err == nil {
- netlink.LinkDel(link)
+ err = netlink.LinkDel(link)
+ assert.NilError(t, err)
}
- fmt.Fprintf(w, "null")
+ _, err := fmt.Fprint(w, "null")
+ assert.NilError(t, err)
})
// IPAM Driver implementation
@@ -124,16 +134,19 @@ func setupRemoteNetworkDrivers(c *testing.T, mux *http.ServeMux, url, netDrv, ip
poolReleaseReq remoteipam.ReleasePoolRequest
addressRequest remoteipam.RequestAddressRequest
addressReleaseReq remoteipam.ReleaseAddressRequest
- lAS = "localAS"
- gAS = "globalAS"
- pool = "172.28.0.0/16"
- poolID = lAS + "/" + pool
- gw = "172.28.255.254/16"
+ )
+ const (
+ lAS = "localAS"
+ gAS = "globalAS"
+ pool = "172.28.0.0/16"
+ poolID = lAS + "/" + pool
+ gw = "172.28.255.254/16"
)
mux.HandleFunc(fmt.Sprintf("/%s.GetDefaultAddressSpaces", ipamapi.PluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, `{"LocalDefaultAddressSpace":"`+lAS+`", "GlobalDefaultAddressSpace": "`+gAS+`"}`)
+ _, err := fmt.Fprint(w, `{"LocalDefaultAddressSpace":"`+lAS+`", "GlobalDefaultAddressSpace": "`+gAS+`"}`)
+ assert.NilError(t, err)
})
mux.HandleFunc(fmt.Sprintf("/%s.RequestPool", ipamapi.PluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
@@ -144,11 +157,14 @@ func setupRemoteNetworkDrivers(c *testing.T, mux *http.ServeMux, url, netDrv, ip
}
w.Header().Set("Content-Type", plugins.VersionMimetype)
if poolRequest.AddressSpace != lAS && poolRequest.AddressSpace != gAS {
- fmt.Fprintf(w, `{"Error":"Unknown address space in pool request: `+poolRequest.AddressSpace+`"}`)
+ _, err := fmt.Fprint(w, `{"Error":"Unknown address space in pool request: `+poolRequest.AddressSpace+`"}`)
+ assert.NilError(t, err)
} else if poolRequest.Pool != "" && poolRequest.Pool != pool {
- fmt.Fprintf(w, `{"Error":"Cannot handle explicit pool requests yet"}`)
+ _, err := fmt.Fprint(w, `{"Error":"Cannot handle explicit pool requests yet"}`)
+ assert.NilError(t, err)
} else {
- fmt.Fprintf(w, `{"PoolID":"`+poolID+`", "Pool":"`+pool+`"}`)
+ _, err := fmt.Fprint(w, `{"PoolID":"`+poolID+`", "Pool":"`+pool+`"}`)
+ assert.NilError(t, err)
}
})
@@ -161,11 +177,14 @@ func setupRemoteNetworkDrivers(c *testing.T, mux *http.ServeMux, url, netDrv, ip
w.Header().Set("Content-Type", plugins.VersionMimetype)
// make sure libnetwork is now querying on the expected pool id
if addressRequest.PoolID != poolID {
- fmt.Fprintf(w, `{"Error":"unknown pool id"}`)
+ _, err := fmt.Fprint(w, `{"Error":"unknown pool id"}`)
+ assert.NilError(t, err)
} else if addressRequest.Address != "" {
- fmt.Fprintf(w, `{"Error":"Cannot handle explicit address requests yet"}`)
+ _, err := fmt.Fprint(w, `{"Error":"Cannot handle explicit address requests yet"}`)
+ assert.NilError(t, err)
} else {
- fmt.Fprintf(w, `{"Address":"`+gw+`"}`)
+ _, err := fmt.Fprint(w, `{"Address":"`+gw+`"}`)
+ assert.NilError(t, err)
}
})
@@ -178,11 +197,14 @@ func setupRemoteNetworkDrivers(c *testing.T, mux *http.ServeMux, url, netDrv, ip
w.Header().Set("Content-Type", plugins.VersionMimetype)
// make sure libnetwork is now asking to release the expected address from the expected poolid
if addressRequest.PoolID != poolID {
- fmt.Fprintf(w, `{"Error":"unknown pool id"}`)
+ _, err := fmt.Fprint(w, `{"Error":"unknown pool id"}`)
+ assert.NilError(t, err)
} else if addressReleaseReq.Address != gw {
- fmt.Fprintf(w, `{"Error":"unknown address"}`)
+ _, err := fmt.Fprint(w, `{"Error":"unknown address"}`)
+ assert.NilError(t, err)
} else {
- fmt.Fprintf(w, "null")
+ _, err := fmt.Fprint(w, "null")
+ assert.NilError(t, err)
}
})
@@ -195,22 +217,24 @@ func setupRemoteNetworkDrivers(c *testing.T, mux *http.ServeMux, url, netDrv, ip
w.Header().Set("Content-Type", plugins.VersionMimetype)
// make sure libnetwork is now asking to release the expected poolid
if addressRequest.PoolID != poolID {
- fmt.Fprintf(w, `{"Error":"unknown pool id"}`)
+ _, err := fmt.Fprint(w, `{"Error":"unknown pool id"}`)
+ assert.NilError(t, err)
} else {
- fmt.Fprintf(w, "null")
+ _, err := fmt.Fprint(w, "null")
+ assert.NilError(t, err)
}
})
err := os.MkdirAll("/etc/docker/plugins", 0o755)
- assert.NilError(c, err)
+ assert.NilError(t, err)
fileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", netDrv)
err = os.WriteFile(fileName, []byte(url), 0o644)
- assert.NilError(c, err)
+ assert.NilError(t, err)
ipamFileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", ipamDrv)
err = os.WriteFile(ipamFileName, []byte(url), 0o644)
- assert.NilError(c, err)
+ assert.NilError(t, err)
}
func (s *DockerNetworkSuite) TearDownSuite(ctx context.Context, c *testing.T) {
@@ -509,9 +533,9 @@ func (s *DockerCLINetworkSuite) TestDockerInspectNetworkWithContainerName(c *tes
err := json.Unmarshal([]byte(out), &networkResources)
assert.NilError(c, err)
assert.Equal(c, len(networkResources), 1)
- container, ok := networkResources[0].Containers[containerID]
+ ctr, ok := networkResources[0].Containers[containerID]
assert.Assert(c, ok)
- assert.Equal(c, container.Name, "testNetInspect1")
+ assert.Equal(c, ctr.Name, "testNetInspect1")
// rename container and check docker inspect output update
newName := "HappyNewName"
@@ -826,12 +850,12 @@ func (s *DockerDaemonSuite) TestDockerNetworkNoDiscoveryDefaultBridgeNetwork(c *
assert.NilError(c, err)
assert.Equal(c, hosts, hostsPost, fmt.Sprintf("Unexpected %s change on second container creation", hostsFile))
// but discovery is on when connecting to non default bridge network
- network := "anotherbridge"
- out, err = s.d.Cmd("network", "create", network)
+ nw := "anotherbridge"
+ out, err = s.d.Cmd("network", "create", nw)
assert.NilError(c, err, out)
- defer s.d.Cmd("network", "rm", network)
+ defer s.d.Cmd("network", "rm", nw)
- out, err = s.d.Cmd("network", "connect", network, cid1)
+ out, err = s.d.Cmd("network", "connect", nw, cid1)
assert.NilError(c, err, out)
hosts, err = s.d.Cmd("exec", cid1, "cat", hostsFile)
@@ -898,15 +922,15 @@ func (s *DockerNetworkSuite) TestDockerNetworkLinkOnDefaultNetworkOnly(c *testin
// Legacy Link feature must work only on default network, and not across networks
cnt1 := "container1"
cnt2 := "container2"
- network := "anotherbridge"
+ nw := "anotherbridge"
// Run first container on default network
cli.DockerCmd(c, "run", "-d", "--name", cnt1, "busybox", "top")
// Create another network and run the second container on it
- cli.DockerCmd(c, "network", "create", network)
- assertNwIsAvailable(c, network)
- cli.DockerCmd(c, "run", "-d", "--net", network, "--name", cnt2, "busybox", "top")
+ cli.DockerCmd(c, "network", "create", nw)
+ assertNwIsAvailable(c, nw)
+ cli.DockerCmd(c, "run", "-d", "--net", nw, "--name", cnt2, "busybox", "top")
// Try launching a container on default network, linking to the first container. Must succeed
cli.DockerCmd(c, "run", "-d", "--link", fmt.Sprintf("%s:%s", cnt1, cnt1), "busybox", "top")
@@ -1727,12 +1751,12 @@ func (s *DockerNetworkSuite) TestDockerNetworkValidateIP(c *testing.T) {
// Test case for 26220
func (s *DockerNetworkSuite) TestDockerNetworkDisconnectFromBridge(c *testing.T) {
out := cli.DockerCmd(c, "network", "inspect", "--format", "{{.Id}}", "bridge").Stdout()
- network := strings.TrimSpace(out)
+ nw := strings.TrimSpace(out)
name := "test"
cli.DockerCmd(c, "create", "--name", name, "busybox", "top")
- _, _, err := dockerCmdWithError("network", "disconnect", network, name)
+ _, _, err := dockerCmdWithError("network", "disconnect", nw, name)
assert.NilError(c, err)
}
diff --git a/integration-cli/docker_cli_plugins_test.go b/integration-cli/docker_cli_plugins_test.go
index f3be79fbdd25b..162000dfbe5d2 100644
--- a/integration-cli/docker_cli_plugins_test.go
+++ b/integration-cli/docker_cli_plugins_test.go
@@ -468,7 +468,7 @@ func (s *DockerCLIPluginsSuite) TestPluginMetricsCollector(c *testing.T) {
r := cli.Docker(cli.Args("plugin", "install", "--grant-all-permissions", name), cli.Daemon(d))
assert.Assert(c, r.Error == nil, r.Combined())
- // plugin lisens on localhost:19393 and proxies the metrics
+ // plugin listens on localhost:19393 and proxies the metrics
resp, err := http.Get("http://localhost:19393/metrics")
assert.NilError(c, err)
defer resp.Body.Close()
diff --git a/integration-cli/docker_cli_port_test.go b/integration-cli/docker_cli_port_test.go
index 96b38e0216bb7..5c145bc3bcdb2 100644
--- a/integration-cli/docker_cli_port_test.go
+++ b/integration-cli/docker_cli_port_test.go
@@ -166,7 +166,7 @@ func (s *DockerCLIPortSuite) TestPortList(c *testing.T) {
func assertPortList(c *testing.T, out string, expected []string) {
c.Helper()
lines := strings.Split(strings.Trim(out, "\n "), "\n")
- assert.Assert(c, is.Len(lines, len(expected)), "exepcted: %s", strings.Join(expected, ", "))
+ assert.Assert(c, is.Len(lines, len(expected)), "expected: %s", strings.Join(expected, ", "))
sort.Strings(lines)
sort.Strings(expected)
diff --git a/integration-cli/docker_cli_pull_test.go b/integration-cli/docker_cli_pull_test.go
index 6fa73df4afae1..909418b501650 100644
--- a/integration-cli/docker_cli_pull_test.go
+++ b/integration-cli/docker_cli_pull_test.go
@@ -208,12 +208,7 @@ func (s *DockerCLIPullSuite) TestPullLinuxImageFailsOnWindows(c *testing.T) {
testRequires(c, DaemonIsWindows, Network)
_, _, err := dockerCmdWithError("pull", "ubuntu")
- errorMessage := "no matching manifest for windows"
- if testEnv.UsingSnapshotter() {
- errorMessage = "no match for platform in manifest"
- }
-
- assert.ErrorContains(c, err, errorMessage)
+ assert.ErrorContains(c, err, "no matching manifest for windows")
}
// Regression test for https://github.com/docker/docker/issues/28892
@@ -221,10 +216,5 @@ func (s *DockerCLIPullSuite) TestPullWindowsImageFailsOnLinux(c *testing.T) {
testRequires(c, DaemonIsLinux, Network)
_, _, err := dockerCmdWithError("pull", "mcr.microsoft.com/windows/servercore:ltsc2022")
- errorMessage := "no matching manifest for linux"
- if testEnv.UsingSnapshotter() {
- errorMessage = "no match for platform in manifest"
- }
-
- assert.ErrorContains(c, err, errorMessage)
+ assert.ErrorContains(c, err, "no matching manifest for linux")
}
diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go
index 8ddce7b4aa23a..2c7a07e846e65 100644
--- a/integration-cli/docker_cli_run_test.go
+++ b/integration-cli/docker_cli_run_test.go
@@ -1440,7 +1440,7 @@ func (s *DockerCLIRunSuite) TestRunResolvconfUpdate(c *testing.T) {
}
// This test case is meant to test monitoring resolv.conf when it is
- // a regular file not a bind mounc. So we unmount resolv.conf and replace
+ // a regular file not a bind mount. So we unmount resolv.conf and replace
// it with a file containing the original settings.
mounted, err := mountinfo.Mounted("/etc/resolv.conf")
if err != nil {
@@ -2089,7 +2089,7 @@ func (s *DockerCLIRunSuite) TestRunMountOrdering(c *testing.T) {
}
defer os.RemoveAll(tmpDir2)
- // Create a temporary tmpfs mounc.
+ // Create a temporary tmpfs mount.
fooDir := filepath.Join(tmpDir, "foo")
if err := os.MkdirAll(filepath.Join(tmpDir, "foo"), 0o755); err != nil {
c.Fatalf("failed to mkdir at %s - %s", fooDir, err)
diff --git a/integration-cli/docker_cli_run_unix_test.go b/integration-cli/docker_cli_run_unix_test.go
index 28ce715328498..297cda1b11010 100644
--- a/integration-cli/docker_cli_run_unix_test.go
+++ b/integration-cli/docker_cli_run_unix_test.go
@@ -10,7 +10,6 @@ import (
"os/exec"
"path/filepath"
"regexp"
- "runtime"
"strconv"
"strings"
"syscall"
@@ -251,11 +250,8 @@ func (s *DockerCLIRunSuite) TestRunAttachDetachFromConfig(c *testing.T) {
os.Mkdir(dotDocker, 0o600)
tmpCfg := filepath.Join(dotDocker, "config.json")
- if runtime.GOOS == "windows" {
- c.Setenv("USERPROFILE", tmpDir)
- } else {
- c.Setenv("HOME", tmpDir)
- }
+ // TODO(thaJeztah): migrate this test to docker/cli, and run on Windows as well (using USERPROFILE for home-dir)
+ c.Setenv("HOME", tmpDir)
data := `{
"detachKeys": "ctrl-a,a"
@@ -335,11 +331,8 @@ func (s *DockerCLIRunSuite) TestRunAttachDetachKeysOverrideConfig(c *testing.T)
os.Mkdir(dotDocker, 0o600)
tmpCfg := filepath.Join(dotDocker, "config.json")
- if runtime.GOOS == "windows" {
- c.Setenv("USERPROFILE", tmpDir)
- } else {
- c.Setenv("HOME", tmpDir)
- }
+ // TODO(thaJeztah): migrate this test to docker/cli, and run on Windows as well (using USERPROFILE for home-dir)
+ c.Setenv("HOME", tmpDir)
data := `{
"detachKeys": "ctrl-e,e"
diff --git a/integration-cli/docker_cli_swarm_test.go b/integration-cli/docker_cli_swarm_test.go
index 50479f496dd25..1420f1a8ed72c 100644
--- a/integration-cli/docker_cli_swarm_test.go
+++ b/integration-cli/docker_cli_swarm_test.go
@@ -386,7 +386,8 @@ func (s *DockerSwarmSuite) TestSwarmContainerAttachByNetworkId(c *testing.T) {
out, err = d.Cmd("run", "-d", "--net", networkID, "busybox", "top")
assert.NilError(c, err, out)
cID := strings.TrimSpace(out)
- d.WaitRun(cID)
+ err = d.WaitRun(cID)
+ assert.NilError(c, err)
out, err = d.Cmd("rm", "-f", cID)
assert.NilError(c, err, out)
@@ -640,16 +641,18 @@ const (
globalIPAMPlugin = "global-ipam-plugin"
)
-func setupRemoteGlobalNetworkPlugin(c *testing.T, mux *http.ServeMux, url, netDrv, ipamDrv string) {
+func setupRemoteGlobalNetworkPlugin(t *testing.T, mux *http.ServeMux, url, netDrv, ipamDrv string) {
mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, `{"Implements": ["%s", "%s"]}`, driverapi.NetworkPluginEndpointType, ipamapi.PluginEndpointType)
+ _, err := fmt.Fprintf(w, `{"Implements": ["%s", "%s"]}`, driverapi.NetworkPluginEndpointType, ipamapi.PluginEndpointType)
+ assert.NilError(t, err)
})
// Network driver implementation
mux.HandleFunc(fmt.Sprintf("/%s.GetCapabilities", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, `{"Scope":"global"}`)
+ _, err := fmt.Fprint(w, `{"Scope":"global"}`)
+ assert.NilError(t, err)
})
mux.HandleFunc(fmt.Sprintf("/%s.AllocateNetwork", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
@@ -659,12 +662,14 @@ func setupRemoteGlobalNetworkPlugin(c *testing.T, mux *http.ServeMux, url, netDr
return
}
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, "null")
+ _, err = fmt.Fprint(w, "null")
+ assert.NilError(t, err)
})
mux.HandleFunc(fmt.Sprintf("/%s.FreeNetwork", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, "null")
+ _, err := fmt.Fprint(w, "null")
+ assert.NilError(t, err)
})
mux.HandleFunc(fmt.Sprintf("/%s.CreateNetwork", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
@@ -674,17 +679,20 @@ func setupRemoteGlobalNetworkPlugin(c *testing.T, mux *http.ServeMux, url, netDr
return
}
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, "null")
+ _, err = fmt.Fprint(w, "null")
+ assert.NilError(t, err)
})
mux.HandleFunc(fmt.Sprintf("/%s.DeleteNetwork", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, "null")
+ _, err := fmt.Fprint(w, "null")
+ assert.NilError(t, err)
})
mux.HandleFunc(fmt.Sprintf("/%s.CreateEndpoint", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, `{"Interface":{"MacAddress":"a0:b1:c2:d3:e4:f5"}}`)
+ _, err := fmt.Fprint(w, `{"Interface":{"MacAddress":"a0:b1:c2:d3:e4:f5"}}`)
+ assert.NilError(t, err)
})
mux.HandleFunc(fmt.Sprintf("/%s.Join", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
@@ -694,23 +702,28 @@ func setupRemoteGlobalNetworkPlugin(c *testing.T, mux *http.ServeMux, url, netDr
LinkAttrs: netlink.LinkAttrs{Name: "randomIfName", TxQLen: 0}, PeerName: "cnt0",
}
if err := netlink.LinkAdd(veth); err != nil {
- fmt.Fprintf(w, `{"Error":"failed to add veth pair: `+err.Error()+`"}`)
+ _, err = fmt.Fprint(w, `{"Error":"failed to add veth pair: `+err.Error()+`"}`)
+ assert.NilError(t, err)
} else {
- fmt.Fprintf(w, `{"InterfaceName":{ "SrcName":"cnt0", "DstPrefix":"veth"}}`)
+ _, err = fmt.Fprint(w, `{"InterfaceName":{ "SrcName":"cnt0", "DstPrefix":"veth"}}`)
+ assert.NilError(t, err)
}
})
mux.HandleFunc(fmt.Sprintf("/%s.Leave", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, "null")
+ _, err := fmt.Fprint(w, "null")
+ assert.NilError(t, err)
})
mux.HandleFunc(fmt.Sprintf("/%s.DeleteEndpoint", driverapi.NetworkPluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", plugins.VersionMimetype)
if link, err := netlink.LinkByName("cnt0"); err == nil {
- netlink.LinkDel(link)
+ err := netlink.LinkDel(link)
+ assert.NilError(t, err)
}
- fmt.Fprintf(w, "null")
+ _, err := fmt.Fprint(w, "null")
+ assert.NilError(t, err)
})
// IPAM Driver implementation
@@ -719,16 +732,19 @@ func setupRemoteGlobalNetworkPlugin(c *testing.T, mux *http.ServeMux, url, netDr
poolReleaseReq remoteipam.ReleasePoolRequest
addressRequest remoteipam.RequestAddressRequest
addressReleaseReq remoteipam.ReleaseAddressRequest
- lAS = "localAS"
- gAS = "globalAS"
- pool = "172.28.0.0/16"
- poolID = lAS + "/" + pool
- gw = "172.28.255.254/16"
+ )
+ const (
+ lAS = "localAS"
+ gAS = "globalAS"
+ pool = "172.28.0.0/16"
+ poolID = lAS + "/" + pool
+ gw = "172.28.255.254/16"
)
mux.HandleFunc(fmt.Sprintf("/%s.GetDefaultAddressSpaces", ipamapi.PluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", plugins.VersionMimetype)
- fmt.Fprintf(w, `{"LocalDefaultAddressSpace":"`+lAS+`", "GlobalDefaultAddressSpace": "`+gAS+`"}`)
+ _, err := fmt.Fprint(w, `{"LocalDefaultAddressSpace":"`+lAS+`", "GlobalDefaultAddressSpace": "`+gAS+`"}`)
+ assert.NilError(t, err)
})
mux.HandleFunc(fmt.Sprintf("/%s.RequestPool", ipamapi.PluginEndpointType), func(w http.ResponseWriter, r *http.Request) {
@@ -739,11 +755,14 @@ func setupRemoteGlobalNetworkPlugin(c *testing.T, mux *http.ServeMux, url, netDr
}
w.Header().Set("Content-Type", plugins.VersionMimetype)
if poolRequest.AddressSpace != lAS && poolRequest.AddressSpace != gAS {
- fmt.Fprintf(w, `{"Error":"Unknown address space in pool request: `+poolRequest.AddressSpace+`"}`)
+ _, err := fmt.Fprint(w, `{"Error":"Unknown address space in pool request: `+poolRequest.AddressSpace+`"}`)
+ assert.NilError(t, err)
} else if poolRequest.Pool != "" && poolRequest.Pool != pool {
- fmt.Fprintf(w, `{"Error":"Cannot handle explicit pool requests yet"}`)
+ _, err := fmt.Fprint(w, `{"Error":"Cannot handle explicit pool requests yet"}`)
+ assert.NilError(t, err)
} else {
- fmt.Fprintf(w, `{"PoolID":"`+poolID+`", "Pool":"`+pool+`"}`)
+ _, err := fmt.Fprint(w, `{"PoolID":"`+poolID+`", "Pool":"`+pool+`"}`)
+ assert.NilError(t, err)
}
})
@@ -756,11 +775,14 @@ func setupRemoteGlobalNetworkPlugin(c *testing.T, mux *http.ServeMux, url, netDr
w.Header().Set("Content-Type", plugins.VersionMimetype)
// make sure libnetwork is now querying on the expected pool id
if addressRequest.PoolID != poolID {
- fmt.Fprintf(w, `{"Error":"unknown pool id"}`)
+ _, err := fmt.Fprint(w, `{"Error":"unknown pool id"}`)
+ assert.NilError(t, err)
} else if addressRequest.Address != "" {
- fmt.Fprintf(w, `{"Error":"Cannot handle explicit address requests yet"}`)
+ _, err := fmt.Fprint(w, `{"Error":"Cannot handle explicit address requests yet"}`)
+ assert.NilError(t, err)
} else {
- fmt.Fprintf(w, `{"Address":"`+gw+`"}`)
+ _, err := fmt.Fprint(w, `{"Address":"`+gw+`"}`)
+ assert.NilError(t, err)
}
})
@@ -773,11 +795,14 @@ func setupRemoteGlobalNetworkPlugin(c *testing.T, mux *http.ServeMux, url, netDr
w.Header().Set("Content-Type", plugins.VersionMimetype)
// make sure libnetwork is now asking to release the expected address from the expected poolid
if addressRequest.PoolID != poolID {
- fmt.Fprintf(w, `{"Error":"unknown pool id"}`)
+ _, err := fmt.Fprint(w, `{"Error":"unknown pool id"}`)
+ assert.NilError(t, err)
} else if addressReleaseReq.Address != gw {
- fmt.Fprintf(w, `{"Error":"unknown address"}`)
+ _, err := fmt.Fprint(w, `{"Error":"unknown address"}`)
+ assert.NilError(t, err)
} else {
- fmt.Fprintf(w, "null")
+ _, err := fmt.Fprint(w, "null")
+ assert.NilError(t, err)
}
})
@@ -790,22 +815,24 @@ func setupRemoteGlobalNetworkPlugin(c *testing.T, mux *http.ServeMux, url, netDr
w.Header().Set("Content-Type", plugins.VersionMimetype)
// make sure libnetwork is now asking to release the expected poolid
if addressRequest.PoolID != poolID {
- fmt.Fprintf(w, `{"Error":"unknown pool id"}`)
+ _, err := fmt.Fprint(w, `{"Error":"unknown pool id"}`)
+ assert.NilError(t, err)
} else {
- fmt.Fprintf(w, "null")
+ _, err := fmt.Fprint(w, "null")
+ assert.NilError(t, err)
}
})
err := os.MkdirAll("/etc/docker/plugins", 0o755)
- assert.NilError(c, err)
+ assert.NilError(t, err)
fileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", netDrv)
err = os.WriteFile(fileName, []byte(url), 0o644)
- assert.NilError(c, err)
+ assert.NilError(t, err)
ipamFileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", ipamDrv)
err = os.WriteFile(ipamFileName, []byte(url), 0o644)
- assert.NilError(c, err)
+ assert.NilError(t, err)
}
func (s *DockerSwarmSuite) TestSwarmNetworkPlugin(c *testing.T) {
diff --git a/integration-cli/docker_utils_test.go b/integration-cli/docker_utils_test.go
index 86a41607bbf2d..1b7ec97c64026 100644
--- a/integration-cli/docker_utils_test.go
+++ b/integration-cli/docker_utils_test.go
@@ -399,7 +399,7 @@ func checkGoroutineCount(ctx context.Context, apiClient client.APIClient, expect
t.Log("Waiting for goroutines to stabilize")
first = false
}
- return poll.Continue("exepcted %d goroutines, got %d", expected, n)
+ return poll.Continue("expected %d goroutines, got %d", expected, n)
}
return poll.Success()
}
@@ -439,7 +439,7 @@ func pollCheck(t *testing.T, f checkF, compare func(x interface{}) assert.BoolOr
default:
panic(fmt.Errorf("pollCheck: type %T not implemented", r))
}
- return poll.Continue(comment)
+ return poll.Continue("%v", comment)
}
}
diff --git a/integration/build/build_session_test.go b/integration/build/build_session_test.go
index 6c655c46a36fc..ea2473e5c0693 100644
--- a/integration/build/build_session_test.go
+++ b/integration/build/build_session_test.go
@@ -93,7 +93,7 @@ func TestBuildWithSession(t *testing.T) {
//nolint:unused // false positive: linter detects this as "unused"
func testBuildWithSession(ctx context.Context, t *testing.T, client dclient.APIClient, daemonHost string, dir, dockerfile string) (outStr string) {
- sess, err := session.NewSession(ctx, "foo1", "foo")
+ sess, err := session.NewSession(ctx, "foo")
assert.Check(t, err)
fs, err := fsutil.NewFS(dir)
diff --git a/integration/container/create_test.go b/integration/container/create_test.go
index bed416e3fdd65..9e12f42d8ff42 100644
--- a/integration/container/create_test.go
+++ b/integration/container/create_test.go
@@ -702,7 +702,7 @@ func TestContainerdContainerImageInfo(t *testing.T) {
if testEnv.UsingSnapshotter() {
assert.Equal(t, ctr.Image, "docker.io/library/busybox:latest")
} else {
- // This field is not set when not using contianerd backed storage.
+ // This field is not set when not using containerd backed storage.
assert.Equal(t, ctr.Image, "")
}
}
diff --git a/integration/container/daemon_linux_test.go b/integration/container/daemon_linux_test.go
index 292e3591dc89b..0f4c59e07d1af 100644
--- a/integration/container/daemon_linux_test.go
+++ b/integration/container/daemon_linux_test.go
@@ -182,7 +182,7 @@ func TestDaemonHostGatewayIP(t *testing.T) {
// In this test we'll change the container state to "restarting".
// This means that the container will not be 'alive' when we attempt to restore in on daemon startup.
//
-// We could do the same with `docker run -d --resetart=always busybox:latest exit 1`, and then
+// We could do the same with `docker run -d --restart=always busybox:latest exit 1`, and then
// `kill -9` dockerd while the container is in "restarting" state. This is difficult to reproduce reliably
// in an automated test, so we manipulate on disk state instead.
func TestRestartDaemonWithRestartingContainer(t *testing.T) {
diff --git a/integration/daemon/daemon_test.go b/integration/daemon/daemon_test.go
index 275a7b3010367..64589c38b619c 100644
--- a/integration/daemon/daemon_test.go
+++ b/integration/daemon/daemon_test.go
@@ -179,6 +179,74 @@ func TestConfigDaemonSeccompProfiles(t *testing.T) {
}
}
+func TestDaemonConfigFeatures(t *testing.T) {
+ skip.If(t, runtime.GOOS == "windows")
+ ctx := testutil.StartSpan(baseContext, t)
+
+ d := daemon.New(t)
+ dockerBinary, err := d.BinaryPath()
+ assert.NilError(t, err)
+ params := []string{"--validate", "--config-file"}
+
+ dest := os.Getenv("DOCKER_INTEGRATION_DAEMON_DEST")
+ if dest == "" {
+ dest = os.Getenv("DEST")
+ }
+ testdata := filepath.Join(dest, "..", "..", "integration", "daemon", "testdata")
+
+ const (
+ validOut = "configuration OK"
+ failedOut = "unable to configure the Docker daemon with file"
+ )
+
+ tests := []struct {
+ name string
+ args []string
+ expectedOut string
+ }{
+ {
+ name: "config with no content",
+ args: append(params, filepath.Join(testdata, "empty-config-1.json")),
+ expectedOut: validOut,
+ },
+ {
+ name: "config with {}",
+ args: append(params, filepath.Join(testdata, "empty-config-2.json")),
+ expectedOut: validOut,
+ },
+ {
+ name: "invalid config",
+ args: append(params, filepath.Join(testdata, "invalid-config-1.json")),
+ expectedOut: failedOut,
+ },
+ {
+ name: "malformed config",
+ args: append(params, filepath.Join(testdata, "malformed-config.json")),
+ expectedOut: failedOut,
+ },
+ {
+ name: "valid config",
+ args: append(params, filepath.Join(testdata, "valid-config-1.json")),
+ expectedOut: validOut,
+ },
+ }
+ for _, tc := range tests {
+ tc := tc
+ t.Run(tc.name, func(t *testing.T) {
+ t.Parallel()
+ _ = testutil.StartSpan(ctx, t)
+ cmd := exec.Command(dockerBinary, tc.args...)
+ out, err := cmd.CombinedOutput()
+ assert.Check(t, is.Contains(string(out), tc.expectedOut))
+ if tc.expectedOut == failedOut {
+ assert.ErrorContains(t, err, "", "expected an error, but got none")
+ } else {
+ assert.NilError(t, err)
+ }
+ })
+ }
+}
+
func TestDaemonProxy(t *testing.T) {
skip.If(t, runtime.GOOS == "windows", "cannot start multiple daemons on windows")
skip.If(t, os.Getenv("DOCKER_ROOTLESS") != "", "cannot connect to localhost proxy in rootless environment")
diff --git a/integration/image/prune_test.go b/integration/image/prune_test.go
index 2ad524086b71a..1b781123324f8 100644
--- a/integration/image/prune_test.go
+++ b/integration/image/prune_test.go
@@ -4,11 +4,17 @@ import (
"strings"
"testing"
+ "github.com/docker/docker/api/types"
+ containertypes "github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/filters"
+ "github.com/docker/docker/api/types/image"
+ "github.com/docker/docker/client"
"github.com/docker/docker/integration/internal/container"
"github.com/docker/docker/internal/testutils/specialimage"
+ "github.com/docker/docker/testutil"
"github.com/docker/docker/testutil/daemon"
"gotest.tools/v3/assert"
+ is "gotest.tools/v3/assert/cmp"
"gotest.tools/v3/skip"
)
@@ -47,3 +53,178 @@ func TestPruneDontDeleteUsedDangling(t *testing.T) {
_, _, err = client.ImageInspectWithRaw(ctx, danglingID)
assert.NilError(t, err, "Test dangling image should still exist")
}
+
+func TestPruneLexographicalOrder(t *testing.T) {
+ skip.If(t, testEnv.DaemonInfo.OSType == "windows", "cannot start multiple daemons on windows")
+ skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+
+ ctx := setupTest(t)
+
+ d := daemon.New(t)
+ d.Start(t)
+ defer d.Stop(t)
+
+ apiClient := d.NewClientT(t)
+ defer apiClient.Close()
+
+ d.LoadBusybox(ctx, t)
+
+ inspect, _, err := apiClient.ImageInspectWithRaw(ctx, "busybox:latest")
+ assert.NilError(t, err)
+
+ id := inspect.ID
+
+ var tags = []string{"h", "a", "j", "o", "s", "q", "w", "e", "r", "t"}
+ for _, tag := range tags {
+ err = apiClient.ImageTag(ctx, id, "busybox:"+tag)
+ assert.NilError(t, err)
+ }
+ err = apiClient.ImageTag(ctx, id, "busybox:z")
+ assert.NilError(t, err)
+
+ _, err = apiClient.ImageRemove(ctx, "busybox:latest", image.RemoveOptions{Force: true})
+ assert.NilError(t, err)
+
+ // run container
+ cid := container.Create(ctx, t, apiClient, container.WithImage(id))
+ defer container.Remove(ctx, t, apiClient, cid, containertypes.RemoveOptions{Force: true})
+
+ pruned, err := apiClient.ImagesPrune(ctx, filters.NewArgs(filters.Arg("dangling", "false")))
+ assert.NilError(t, err)
+
+ assert.Check(t, is.Len(pruned.ImagesDeleted, len(tags)))
+ for _, p := range pruned.ImagesDeleted {
+ assert.Check(t, is.Equal(p.Deleted, ""))
+ assert.Check(t, p.Untagged != "busybox:z")
+ }
+}
+
+// Regression test for https://github.com/moby/moby/issues/48063
+func TestPruneDontDeleteUsedImage(t *testing.T) {
+ skip.If(t, testEnv.DaemonInfo.OSType == "windows", "cannot start multiple daemons on windows")
+ skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
+
+ ctx := setupTest(t)
+
+ for _, env := range []struct {
+ name string
+ prepare func(t *testing.T, client *daemon.Daemon, apiClient *client.Client) error
+ check func(t *testing.T, apiClient *client.Client, pruned image.PruneReport)
+ }{
+ {
+ // Container uses the busybox:latest image and it's the only image
+ // tag with the same target.
+ name: "single tag",
+ check: func(t *testing.T, apiClient *client.Client, pruned image.PruneReport) {
+ assert.Check(t, is.Len(pruned.ImagesDeleted, 0))
+
+ _, _, err := apiClient.ImageInspectWithRaw(ctx, "busybox:latest")
+ assert.NilError(t, err, "Busybox image should still exist")
+ },
+ },
+ {
+ // Container uses the busybox:latest image and there's also a second
+ // busybox:other tag pointing to the same image.
+ name: "two tags",
+ prepare: func(t *testing.T, d *daemon.Daemon, apiClient *client.Client) error {
+ return apiClient.ImageTag(ctx, "busybox:latest", "busybox:a")
+ },
+ check: func(t *testing.T, apiClient *client.Client, pruned image.PruneReport) {
+ if assert.Check(t, is.Len(pruned.ImagesDeleted, 1)) {
+ assert.Check(t, is.Equal(pruned.ImagesDeleted[0].Deleted, ""))
+ assert.Check(t, is.Equal(pruned.ImagesDeleted[0].Untagged, "busybox:a"))
+ }
+
+ _, _, err := apiClient.ImageInspectWithRaw(ctx, "busybox:a")
+ assert.Check(t, err != nil, "Busybox:a image should be deleted")
+
+ _, _, err = apiClient.ImageInspectWithRaw(ctx, "busybox:latest")
+ assert.Check(t, err == nil, "Busybox:latest image should still exist")
+ },
+ },
+ } {
+ for _, tc := range []struct {
+ name string
+ imageID func(t *testing.T, inspect types.ImageInspect) string
+ }{
+ {
+ name: "full id",
+ imageID: func(t *testing.T, inspect types.ImageInspect) string {
+ return inspect.ID
+ },
+ },
+ {
+ name: "full id without sha256 prefix",
+ imageID: func(t *testing.T, inspect types.ImageInspect) string {
+ return strings.TrimPrefix(inspect.ID, "sha256:")
+ },
+ },
+ {
+ name: "truncated id (without sha256 prefix)",
+ imageID: func(t *testing.T, inspect types.ImageInspect) string {
+ return strings.TrimPrefix(inspect.ID, "sha256:")[:8]
+ },
+ },
+ {
+ name: "repo and digest without tag",
+ imageID: func(t *testing.T, inspect types.ImageInspect) string {
+ skip.If(t, !testEnv.UsingSnapshotter())
+
+ return "busybox@" + inspect.ID
+ },
+ },
+ {
+ name: "tagged and digested",
+ imageID: func(t *testing.T, inspect types.ImageInspect) string {
+ skip.If(t, !testEnv.UsingSnapshotter())
+
+ return "busybox:latest@" + inspect.ID
+ },
+ },
+ {
+ name: "repo digest",
+ imageID: func(t *testing.T, inspect types.ImageInspect) string {
+ // graphdriver won't have a repo digest
+ skip.If(t, len(inspect.RepoDigests) == 0, "no repo digest")
+
+ return inspect.RepoDigests[0]
+ },
+ },
+ } {
+ tc := tc
+ t.Run(env.name+"/"+tc.name, func(t *testing.T) {
+ ctx := testutil.StartSpan(ctx, t)
+ d := daemon.New(t)
+ d.Start(t)
+ defer d.Stop(t)
+
+ apiClient := d.NewClientT(t)
+ defer apiClient.Close()
+
+ d.LoadBusybox(ctx, t)
+
+ if env.prepare != nil {
+ err := env.prepare(t, d, apiClient)
+ assert.NilError(t, err, "prepare failed")
+ }
+
+ inspect, _, err := apiClient.ImageInspectWithRaw(ctx, "busybox:latest")
+ assert.NilError(t, err)
+
+ image := tc.imageID(t, inspect)
+ t.Log(image)
+
+ cid := container.Run(ctx, t, apiClient,
+ container.WithImage(image),
+ container.WithCmd("sleep", "60"))
+ defer container.Remove(ctx, t, apiClient, cid, containertypes.RemoveOptions{Force: true})
+
+ // dangling=false also prunes unused images
+ pruned, err := apiClient.ImagesPrune(ctx, filters.NewArgs(filters.Arg("dangling", "false")))
+ assert.NilError(t, err)
+
+ env.check(t, apiClient, pruned)
+ })
+ }
+ }
+}
diff --git a/integration/internal/container/ops.go b/integration/internal/container/ops.go
index a874b0672da7c..3e0bbaa41049f 100644
--- a/integration/internal/container/ops.go
+++ b/integration/internal/container/ops.go
@@ -34,7 +34,7 @@ func WithImage(image string) func(*TestContainerConfig) {
}
}
-// WithCmd sets the comannds of the container
+// WithCmd sets the commands of the container
func WithCmd(cmds ...string) func(*TestContainerConfig) {
return func(c *TestContainerConfig) {
c.Config.Cmd = strslice.StrSlice(cmds)
diff --git a/integration/internal/system/goroutines.go b/integration/internal/system/goroutines.go
index 09f2ddb47842a..9d8d1f4e4e5ca 100644
--- a/integration/internal/system/goroutines.go
+++ b/integration/internal/system/goroutines.go
@@ -63,7 +63,7 @@ func CheckGoroutineCount(ctx context.Context, apiClient client.SystemAPIClient,
t.Log("Waiting for goroutines to stabilize")
first = false
}
- return poll.Continue("exepcted %d goroutines, got %d", expected, n)
+ return poll.Continue("expected %d goroutines, got %d", expected, n)
}
return poll.Success()
}
diff --git a/integration/network/bridge_test.go b/integration/network/bridge_test.go
index e0c45ad67e625..d3849349f5e74 100644
--- a/integration/network/bridge_test.go
+++ b/integration/network/bridge_test.go
@@ -193,7 +193,7 @@ func TestIPRangeAt64BitLimit(t *testing.T) {
err := c.ContainerStart(ctx, id, containertypes.StartOptions{})
if tc.expCtrFail {
assert.Assert(t, err != nil)
- t.Skipf("XFAIL: Container startup failed with error: %v", err)
+ t.Skipf("XFAIL Container startup failed with error: %v", err)
} else {
assert.NilError(t, err)
}
diff --git a/integration/network/ipvlan/ipvlan_test.go b/integration/network/ipvlan/ipvlan_test.go
index fe077c951c72a..08689b4e01fc1 100644
--- a/integration/network/ipvlan/ipvlan_test.go
+++ b/integration/network/ipvlan/ipvlan_test.go
@@ -21,7 +21,7 @@ import (
"gotest.tools/v3/skip"
)
-func TestDockerNetworkIpvlanPersistance(t *testing.T) {
+func TestDockerNetworkIpvlanPersistence(t *testing.T) {
// verify the driver automatically provisions the 802.1q link (di-dummy0.70)
skip.If(t, testEnv.IsRemoteDaemon)
skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
diff --git a/integration/network/macvlan/macvlan_test.go b/integration/network/macvlan/macvlan_test.go
index 929f785505007..3f84866b08546 100644
--- a/integration/network/macvlan/macvlan_test.go
+++ b/integration/network/macvlan/macvlan_test.go
@@ -20,7 +20,7 @@ import (
"gotest.tools/v3/skip"
)
-func TestDockerNetworkMacvlanPersistance(t *testing.T) {
+func TestDockerNetworkMacvlanPersistence(t *testing.T) {
// verify the driver automatically provisions the 802.1q link (dm-dummy0.60)
skip.If(t, testEnv.IsRemoteDaemon)
skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
diff --git a/integration/plugin/logging/cmd/close_on_start/main.go b/integration/plugin/logging/cmd/close_on_start/main.go
index 6398397712b8a..a8b230fd58d48 100644
--- a/integration/plugin/logging/cmd/close_on_start/main.go
+++ b/integration/plugin/logging/cmd/close_on_start/main.go
@@ -43,7 +43,7 @@ func main() {
server := http.Server{
Addr: l.Addr().String(),
Handler: mux,
- ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
+ ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to satisfy gosec (G112: Potential Slowloris Attack)
}
server.Serve(l)
diff --git a/integration/plugin/logging/cmd/discard/main.go b/integration/plugin/logging/cmd/discard/main.go
index 3a7f2a88c1aa8..89ef5e2584fa3 100644
--- a/integration/plugin/logging/cmd/discard/main.go
+++ b/integration/plugin/logging/cmd/discard/main.go
@@ -18,7 +18,7 @@ func main() {
server := http.Server{
Addr: l.Addr().String(),
Handler: mux,
- ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
+ ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to satisfy gosec (G112: Potential Slowloris Attack)
}
server.Serve(l)
}
diff --git a/integration/plugin/logging/cmd/dummy/main.go b/integration/plugin/logging/cmd/dummy/main.go
index f2c81229a323c..b413ba455dfb4 100644
--- a/integration/plugin/logging/cmd/dummy/main.go
+++ b/integration/plugin/logging/cmd/dummy/main.go
@@ -15,7 +15,7 @@ func main() {
server := http.Server{
Addr: l.Addr().String(),
Handler: http.NewServeMux(),
- ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
+ ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to satisfy gosec (G112: Potential Slowloris Attack)
}
server.Serve(l)
}
diff --git a/integration/plugin/volumes/cmd/dummy/main.go b/integration/plugin/volumes/cmd/dummy/main.go
index f2c81229a323c..b413ba455dfb4 100644
--- a/integration/plugin/volumes/cmd/dummy/main.go
+++ b/integration/plugin/volumes/cmd/dummy/main.go
@@ -15,7 +15,7 @@ func main() {
server := http.Server{
Addr: l.Addr().String(),
Handler: http.NewServeMux(),
- ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
+ ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to satisfy gosec (G112: Potential Slowloris Attack)
}
server.Serve(l)
}
diff --git a/integration/service/create_test.go b/integration/service/create_test.go
index aff1a29a42684..1500e50d5865d 100644
--- a/integration/service/create_test.go
+++ b/integration/service/create_test.go
@@ -120,7 +120,7 @@ func TestCreateServiceMultipleTimes(t *testing.T) {
// we can't just wait on no tasks for the service, counter-intuitively.
// Tasks may briefly exist but not show up, if they are in the process
// of being deallocated. To avoid this case, we should retry network remove
- // a few times, to give tasks time to be deallcoated
+ // a few times, to give tasks time to be deallocated
poll.WaitOn(t, swarm.NoTasksForService(ctx, client, serviceID2), swarm.ServicePoll)
for retry := 0; retry < 5; retry++ {
@@ -336,7 +336,7 @@ func TestCreateServiceSysctls(t *testing.T) {
client := d.NewClientT(t)
defer client.Close()
- // run thie block twice, so that no matter what the default value of
+ // run this block twice, so that no matter what the default value of
// net.ipv4.ip_nonlocal_bind is, we can verify that setting the sysctl
// options works
for _, expected := range []string{"0", "1"} {
diff --git a/internal/cleanups/composite_test.go b/internal/cleanups/composite_test.go
index f95f146808a75..d495a82b38cca 100644
--- a/internal/cleanups/composite_test.go
+++ b/internal/cleanups/composite_test.go
@@ -43,7 +43,7 @@ func TestCall(t *testing.T) {
assert.Check(t, is.ErrorContains(err, errZ.Error()))
assert.Check(t, is.ErrorContains(err, "something happened: "+err2.Error()))
- t.Logf(err.Error())
+ t.Log(err)
assert.Assert(t, is.Len(errs, 3))
// Cleanups executed in reverse order.
diff --git a/internal/opts/opts.go b/internal/opts/opts.go
new file mode 100644
index 0000000000000..d518fbb690106
--- /dev/null
+++ b/internal/opts/opts.go
@@ -0,0 +1,83 @@
+package opts
+
+import (
+ "errors"
+ "fmt"
+ "strconv"
+ "strings"
+
+ "github.com/docker/docker/opts"
+)
+
+// SetOpts holds a map of values and a validation function.
+type SetOpts struct {
+ values map[string]bool
+}
+
+// Set validates if needed the input value and add it to the
+// internal map, by splitting on '='.
+func (opts *SetOpts) Set(value string) error {
+ k, v, found := strings.Cut(value, "=")
+ if k == "" {
+ return errors.New("invalid option name: " + value)
+ }
+ var isSet bool
+ if !found {
+ isSet = true
+ } else {
+ var err error
+ isSet, err = strconv.ParseBool(v)
+ if err != nil {
+ return err
+ }
+ }
+ opts.values[k] = isSet
+ return nil
+}
+
+// GetAll returns the values of SetOpts as a map.
+func (opts *SetOpts) GetAll() map[string]bool {
+ return opts.values
+}
+
+func (opts *SetOpts) String() string {
+ return fmt.Sprintf("%v", opts.values)
+}
+
+// Type returns a string name for this Option type
+func (opts *SetOpts) Type() string {
+ return "map"
+}
+
+// NewSetOpts creates a new SetOpts with the specified set of values as a map of string to bool.
+func NewSetOpts(values map[string]bool) *SetOpts {
+ if values == nil {
+ values = make(map[string]bool)
+ }
+ return &SetOpts{
+ values: values,
+ }
+}
+
+// NamedSetOpts is a SetOpts struct with a configuration name.
+// This struct is useful to keep reference to the assigned
+// field name in the internal configuration struct.
+type NamedSetOpts struct {
+ SetOpts
+ name string
+}
+
+var _ opts.NamedOption = &NamedSetOpts{}
+
+// NewNamedSetOpts creates a reference to a new NamedSetOpts struct.
+func NewNamedSetOpts(name string, values map[string]bool) *NamedSetOpts {
+ return &NamedSetOpts{
+ SetOpts: *NewSetOpts(values),
+ name: name,
+ }
+}
+
+// Name returns the name of the NamedSetOpts in the configuration.
+func (o *NamedSetOpts) Name() string {
+ return o.name
+}
diff --git a/internal/opts/opts_test.go b/internal/opts/opts_test.go
new file mode 100644
index 0000000000000..70263d75aef16
--- /dev/null
+++ b/internal/opts/opts_test.go
@@ -0,0 +1,56 @@
+package opts
+
+import (
+ "testing"
+
+ "gotest.tools/v3/assert"
+ is "gotest.tools/v3/assert/cmp"
+)
+
+func TestSetOpts(t *testing.T) {
+ tmpMap := make(map[string]bool)
+ o := NewSetOpts(tmpMap)
+ assert.NilError(t, o.Set("feature-a=1"))
+ assert.NilError(t, o.Set("feature-b=true"))
+ assert.NilError(t, o.Set("feature-c=0"))
+ assert.NilError(t, o.Set("feature-d=false"))
+ assert.NilError(t, o.Set("feature-e"))
+
+ expected := "map[feature-a:true feature-b:true feature-c:false feature-d:false feature-e:true]"
+ assert.Check(t, is.Equal(expected, o.String()))
+
+ expectedValue := map[string]bool{"feature-a": true, "feature-b": true, "feature-c": false, "feature-d": false, "feature-e": true}
+ assert.Check(t, is.DeepEqual(expectedValue, o.GetAll()))
+
+ err := o.Set("feature=not-a-bool")
+ assert.Check(t, is.Error(err, `strconv.ParseBool: parsing "not-a-bool": invalid syntax`))
+ err = o.Set("feature=")
+ assert.Check(t, is.Error(err, `strconv.ParseBool: parsing "": invalid syntax`))
+ err = o.Set("=true")
+ assert.Check(t, is.Error(err, `invalid option name: =true`))
+}
+
+func TestNamedSetOpts(t *testing.T) {
+ tmpMap := make(map[string]bool)
+ o := NewNamedSetOpts("features", tmpMap)
+ assert.Check(t, is.Equal("features", o.Name()))
+
+ assert.NilError(t, o.Set("feature-a=1"))
+ assert.NilError(t, o.Set("feature-b=true"))
+ assert.NilError(t, o.Set("feature-c=0"))
+ assert.NilError(t, o.Set("feature-d=false"))
+ assert.NilError(t, o.Set("feature-e"))
+
+ expected := "map[feature-a:true feature-b:true feature-c:false feature-d:false feature-e:true]"
+ assert.Check(t, is.Equal(expected, o.String()))
+
+ expectedValue := map[string]bool{"feature-a": true, "feature-b": true, "feature-c": false, "feature-d": false, "feature-e": true}
+ assert.Check(t, is.DeepEqual(expectedValue, o.GetAll()))
+
+ err := o.Set("feature=not-a-bool")
+ assert.Check(t, is.Error(err, `strconv.ParseBool: parsing "not-a-bool": invalid syntax`))
+ err = o.Set("feature=")
+ assert.Check(t, is.Error(err, `strconv.ParseBool: parsing "": invalid syntax`))
+ err = o.Set("=true")
+ assert.Check(t, is.Error(err, `invalid option name: =true`))
+}
diff --git a/internal/rootless/specconv/specconv_linux.go b/internal/rootless/specconv/specconv_linux.go
index e5c85c4439e65..365b946bf0cb4 100644
--- a/internal/rootless/specconv/specconv_linux.go
+++ b/internal/rootless/specconv/specconv_linux.go
@@ -16,7 +16,7 @@ import (
// ToRootfulInRootless is used for "rootful-in-rootless" dind;
// the daemon is running in UserNS but has no access to RootlessKit API socket, host filesystem, etc.
//
-// This fuction does:
+// This function does:
// * Fix up OOMScoreAdj (needed since systemd v250: https://github.com/moby/moby/issues/46563)
func ToRootfulInRootless(spec *specs.Spec) {
if spec.Process == nil || spec.Process.OOMScoreAdj == nil {
diff --git a/internal/safepath/join_test.go b/internal/safepath/join_test.go
index 8d447ae030b7f..c1e5b93886f73 100644
--- a/internal/safepath/join_test.go
+++ b/internal/safepath/join_test.go
@@ -112,7 +112,7 @@ func TestJoinWithSymlinkReplace(t *testing.T) {
// On Linux we can delete it just fine.
assert.NilError(t, err, "failed to remove symlink")
- // Replace target with a symlink to /etc/paswd
+ // Replace target with a symlink to /etc/passwd
err = os.Symlink("/etc/passwd", target)
assert.NilError(t, err, "failed to create symlink")
}
diff --git a/internal/testutils/specialimage/textplain.go b/internal/testutils/specialimage/textplain.go
new file mode 100644
index 0000000000000..fbfc8f733db0f
--- /dev/null
+++ b/internal/testutils/specialimage/textplain.go
@@ -0,0 +1,39 @@
+package specialimage
+
+import (
+ "strings"
+
+ "github.com/distribution/reference"
+ ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// TextPlain creates an non-container image that only contains a text/plain blob.
+func TextPlain(dir string) (*ocispec.Index, error) {
+ ref, err := reference.ParseNormalizedNamed("tianon/test:text-plain")
+ if err != nil {
+ return nil, err
+ }
+
+ emptyJsonDesc, err := writeBlob(dir, "text/plain", strings.NewReader("{}"))
+ if err != nil {
+ return nil, err
+ }
+
+ configDesc := emptyJsonDesc
+ configDesc.MediaType = "application/vnd.oci.empty.v1+json"
+
+ desc, err := writeJsonBlob(dir, ocispec.MediaTypeImageManifest, ocispec.Manifest{
+ Config: configDesc,
+ Layers: []ocispec.Descriptor{
+ emptyJsonDesc,
+ },
+ })
+ if err != nil {
+ return nil, err
+ }
+ desc.Annotations = map[string]string{
+ "io.containerd.image.name": ref.String(),
+ }
+
+ return ociImage(dir, nil, desc)
+}
diff --git a/layer/layer.go b/layer/layer.go
index 28ad0fc9c7068..3f2d3adcaac41 100644
--- a/layer/layer.go
+++ b/layer/layer.go
@@ -199,11 +199,11 @@ func createChainIDFromParent(parent ChainID, dgsts ...DiffID) ChainID {
return parent
}
if parent == "" {
- return createChainIDFromParent(ChainID(dgsts[0]), dgsts[1:]...)
+ return createChainIDFromParent(ChainID(dgsts[0]), dgsts[1:]...) // #nosec G602 -- slice index out of range, which is a false positive
}
// H = "H(n-1) SHA256(n)"
- dgst := digest.FromBytes([]byte(string(parent) + " " + string(dgsts[0])))
- return createChainIDFromParent(ChainID(dgst), dgsts[1:]...)
+ dgst := digest.FromBytes([]byte(string(parent) + " " + string(dgsts[0]))) // #nosec G602 -- slice index out of range, which is a false positive
+ return createChainIDFromParent(ChainID(dgst), dgsts[1:]...) // #nosec G602 -- slice index out of range, which is a false positive
}
// ReleaseAndLog releases the provided layer from the given layer
diff --git a/libnetwork/agent.go b/libnetwork/agent.go
index 501889ab2ed74..440f82cd39969 100644
--- a/libnetwork/agent.go
+++ b/libnetwork/agent.go
@@ -689,7 +689,7 @@ func (ep *Endpoint) deleteServiceInfoFromCluster(sb *Sandbox, fullRemove bool, m
log.G(context.TODO()).Debugf("deleteServiceInfoFromCluster from %s START for %s %s", method, ep.svcName, ep.ID())
// Avoid a race w/ with a container that aborts preemptively. This would
- // get caught in disableServceInNetworkDB, but we check here to make the
+ // get caught in disableServiceInNetworkDB, but we check here to make the
// nature of the condition more clear.
// See comment in addServiceInfoToCluster()
if err := sb.GetEndpoint(ep.ID()); err == nil {
@@ -779,7 +779,7 @@ func (n *Network) addDriverWatches() {
go c.handleTableEvents(ch, n.handleDriverTableEvent)
d, err := n.driver(false)
if err != nil {
- log.G(context.TODO()).Errorf("Could not resolve driver %s while walking driver tabl: %v", n.networkType, err)
+ log.G(context.TODO()).Errorf("Could not resolve driver %s while walking driver table: %v", n.networkType, err)
return
}
diff --git a/libnetwork/agent.pb.go b/libnetwork/agent.pb.go
index f543d3e0c40a1..144c160bb2205 100644
--- a/libnetwork/agent.pb.go
+++ b/libnetwork/agent.pb.go
@@ -72,7 +72,7 @@ type EndpointRecord struct {
Aliases []string `protobuf:"bytes,7,rep,name=aliases,proto3" json:"aliases,omitempty"`
// List of aliases task specific aliases
TaskAliases []string `protobuf:"bytes,8,rep,name=task_aliases,json=taskAliases,proto3" json:"task_aliases,omitempty"`
- // Whether this enpoint's service has been disabled
+ // Whether this endpoint's service has been disabled
ServiceDisabled bool `protobuf:"varint,9,opt,name=service_disabled,json=serviceDisabled,proto3" json:"service_disabled,omitempty"`
}
diff --git a/libnetwork/agent.proto b/libnetwork/agent.proto
index 05c6419c14b41..0fb04731c3ea9 100644
--- a/libnetwork/agent.proto
+++ b/libnetwork/agent.proto
@@ -38,7 +38,7 @@ message EndpointRecord {
// List of aliases task specific aliases
repeated string task_aliases = 8;
- // Whether this enpoint's service has been disabled
+ // Whether this endpoint's service has been disabled
bool service_disabled = 9;
}
diff --git a/libnetwork/bitmap/sequence.go b/libnetwork/bitmap/sequence.go
index 2644c5d354cab..203fbaa6b4d98 100644
--- a/libnetwork/bitmap/sequence.go
+++ b/libnetwork/bitmap/sequence.go
@@ -505,7 +505,7 @@ func pushReservation(bytePos, bitPos uint64, head *sequence, release bool) *sequ
return newHead
}
- // Current sequence inevitably looses one block, upadate count
+ // Current sequence inevitably looses one block, update count
current.count--
// Create new sequence
diff --git a/libnetwork/bitmap/sequence_test.go b/libnetwork/bitmap/sequence_test.go
index f04ff56945bcf..fb3f74c90b699 100644
--- a/libnetwork/bitmap/sequence_test.go
+++ b/libnetwork/bitmap/sequence_test.go
@@ -1109,7 +1109,7 @@ func testSetRollover(t *testing.T, serial bool) {
t.Fatalf("Unexpected failure on allocation %d: %v\nSeed: %d\n%s", i, err, seed, hnd)
}
}
- // Now requesting to allocate the unallocated random bits (qurter of the number of bits) should
+ // Now requesting to allocate the unallocated random bits (quarter of the number of bits) should
// leave no more bits that can be allocated.
if hnd.Unselected() != 0 {
t.Fatalf("Unexpected number of unselected bits %d, Expected %d", hnd.Unselected(), 0)
diff --git a/libnetwork/cmd/networkdb-test/dbclient/ndbClient.go b/libnetwork/cmd/networkdb-test/dbclient/ndbClient.go
index 1c0704ded7d4a..ce1e26571d7a8 100644
--- a/libnetwork/cmd/networkdb-test/dbclient/ndbClient.go
+++ b/libnetwork/cmd/networkdb-test/dbclient/ndbClient.go
@@ -759,7 +759,7 @@ func doWriteWaitLeaveJoin(ips []string, args []string) {
fmt.Fprintf(os.Stderr, "doWriteWaitLeaveJoin succeeded in %d msec", opTime)
}
-var cmdArgChec = map[string]int{
+var cmdArgCheck = map[string]int{
"debug": 0,
"fail": 0,
"ready": 2,
@@ -777,8 +777,8 @@ func Client(args []string) {
log.G(context.TODO()).Infof("[CLIENT] Starting with arguments %v", args)
command := args[0]
- if len(args) < cmdArgChec[command] {
- log.G(context.TODO()).Fatalf("Command %s requires %d arguments, passed %d, aborting...", command, cmdArgChec[command], len(args))
+ if len(args) < cmdArgCheck[command] {
+ log.G(context.TODO()).Fatalf("Command %s requires %d arguments, passed %d, aborting...", command, cmdArgCheck[command], len(args))
}
switch command {
diff --git a/libnetwork/cmd/networkdb-test/dummyclient/dummyClient.go b/libnetwork/cmd/networkdb-test/dummyclient/dummyClient.go
index ab24de8f95eb2..c550ffe1fbec4 100644
--- a/libnetwork/cmd/networkdb-test/dummyclient/dummyClient.go
+++ b/libnetwork/cmd/networkdb-test/dummyclient/dummyClient.go
@@ -95,7 +95,7 @@ func handleTableEvents(tableName string, ch *events.Channel) {
return
case evt := <-ch.C:
- log.G(context.TODO()).Infof("Recevied new event on:%s", tableName)
+ log.G(context.TODO()).Infof("Received new event on:%s", tableName)
switch event := evt.(type) {
case networkdb.CreateEvent:
// nid = event.NetworkID
diff --git a/libnetwork/cnmallocator/drivers_ipam.go b/libnetwork/cnmallocator/drivers_ipam.go
index 37b8ba7d9767d..afecc29bd7abe 100644
--- a/libnetwork/cnmallocator/drivers_ipam.go
+++ b/libnetwork/cnmallocator/drivers_ipam.go
@@ -40,7 +40,7 @@ func initIPAMDrivers(r ipamapi.Registerer, netConfig *networkallocator.Config) e
}
if len(addressPool) > 0 {
- log.G(context.TODO()).Infof("Swarm initialized global default address pool to: " + str.String())
+ log.G(context.TODO()).Info("Swarm initialized global default address pool to: " + str.String())
}
if err := ipams.Register(r, nil, nil, addressPool); err != nil {
diff --git a/libnetwork/cnmallocator/networkallocator_test.go b/libnetwork/cnmallocator/networkallocator_test.go
index 71ae50818d241..d1ca16056efd2 100644
--- a/libnetwork/cnmallocator/networkallocator_test.go
+++ b/libnetwork/cnmallocator/networkallocator_test.go
@@ -658,7 +658,7 @@ func TestServiceNetworkUpdate(t *testing.T) {
err = na.Allocate(n2)
assert.Check(t, err)
- // Attach a network to a service spec nd allocate a service
+ // Attach a network to a service spec and allocate a service
s := &api.Service{
ID: "testID1",
Spec: api.ServiceSpec{
diff --git a/libnetwork/controller.go b/libnetwork/controller.go
index 1e3d2112483d9..5ee8999d9ae3c 100644
--- a/libnetwork/controller.go
+++ b/libnetwork/controller.go
@@ -1046,7 +1046,7 @@ func (c *Controller) loadDriver(networkType string) error {
if err != nil {
if errors.Cause(err) == plugins.ErrNotFound {
- return types.NotFoundErrorf(err.Error())
+ return types.NotFoundErrorf("%v", err)
}
return err
}
@@ -1065,7 +1065,7 @@ func (c *Controller) loadIPAMDriver(name string) error {
if err != nil {
if errors.Cause(err) == plugins.ErrNotFound {
- return types.NotFoundErrorf(err.Error())
+ return types.NotFoundErrorf("%v", err)
}
return err
}
diff --git a/libnetwork/diagnostic/server.go b/libnetwork/diagnostic/server.go
index c773b96918f08..e9da6630c8b80 100644
--- a/libnetwork/diagnostic/server.go
+++ b/libnetwork/diagnostic/server.go
@@ -100,7 +100,7 @@ func (s *Server) EnableDiagnostic(ip string, port int) {
}(s)
}
-// DisableDiagnostic stop the dubug and closes the tcp socket
+// DisableDiagnostic stop the debug and closes the tcp socket
func (s *Server) DisableDiagnostic() {
s.mu.Lock()
defer s.mu.Unlock()
diff --git a/libnetwork/docs/network.md b/libnetwork/docs/network.md
index 9f79d9c04592f..2fabd95325abc 100644
--- a/libnetwork/docs/network.md
+++ b/libnetwork/docs/network.md
@@ -115,7 +115,7 @@ This section describes traffic flow of request and reply to/from a service with
4. The request arrives at eth0 of container NS with dstIP=10.255.0.5, dstPort=30000, srcIP=10.255.0.x (eth1 IP in ingress_sbox NS), srcPort=EMPHEMERAL_PORT. Before routing, it?s dstPort is changed to 80 via nat rule in service setup (3), and is allowed to be forwarded to local process by INPUT rule in service setup (2) post routig. The process listening on tcp:80 receives request with dstIP=10.255.0.5, dstPort=80, srcIP=10.255.0.2, , srcPort=EPHEMERAL_PORT.
5. The process replies, The reply has dstIP=10.255.0.2, dstPort=EPHEMERAL_PORT, srcIp=not_known, srcPort=80. It goes through filter rule in OUTPUT chain in service setup(2), which allows it to pass. It goes through routing that determines outbound interface is eth1, and srcIP=10.255.0.5; and it ?un-dnats? srcPort=80 to 30000 via nat table rule in service setup (3).
6. The reply arrives at br0 in ingress NS with dstIP=10.255.0.2, dstPort=EPHEMERAL_PORT, srcIP=10.255.0.5, srcPort=30000, which duly forwarded it to ...
-7. The eh0 interface in sb_ingress NS. The reply first go through ipvs LB that ?un-dnats? srcIP from 10.255.0.5 to 172.18.0.2; then ?un-snats? via nat rule in service setup (8) dstIP from 10.255.0.2 to CLIENT_IP, dstPort from EMPHERAL_PORT to CLIENT_PORT.
+7. The eh0 interface in sb_ingress NS. The reply first go through ipvs LB that ?un-dnats? srcIP from 10.255.0.5 to 172.18.0.2; then ?un-snats? via nat rule in service setup (8) dstIP from 10.255.0.2 to CLIENT_IP, dstPort from EPHEMERAL_PORT to CLIENT_PORT.
8. The reply arrives at docker_gwbridge0 interface of host NS with dstIP=CLIENT_IP, dstPort=CLIENT_PORT, srcIP=172.18.0.2, srcPort=30000. The reply ?un-snats? with nat rule in service setup(6) with srcIP changes to 172.31.2.1. And is then forwarded out of eth0 interface, and complete the traffic flow. From external view, request enters host with dstIP=172.31.2.1, dstPort=30000, srcIP=CLIENT_IP, srcPort=CLIENT_PORT; and reply exits with dstIP=CLIENT_IP, dstPort=CLIENT_PORT, srcIP=172.31.2.1, srcPort=30000.
diff --git a/libnetwork/drivers/bridge/bridge_linux.go b/libnetwork/drivers/bridge/bridge_linux.go
index d0ffa1a809fa3..4fae4ebd04ec8 100644
--- a/libnetwork/drivers/bridge/bridge_linux.go
+++ b/libnetwork/drivers/bridge/bridge_linux.go
@@ -5,8 +5,6 @@ import (
"fmt"
"net"
"net/netip"
- "os"
- "os/exec"
"strconv"
"sync"
@@ -482,14 +480,6 @@ func (d *driver) configure(option map[string]interface{}) error {
return &ErrInvalidDriverConfig{}
}
- if config.EnableIPTables || config.EnableIP6Tables {
- if _, err := os.Stat("/proc/sys/net/bridge"); err != nil {
- if out, err := exec.Command("modprobe", "-va", "bridge", "br_netfilter").CombinedOutput(); err != nil {
- log.G(context.TODO()).Warnf("Running modprobe bridge br_netfilter failed with message: %s, error: %v", out, err)
- }
- }
- }
-
if config.EnableIPTables {
removeIPChains(iptables.IPv4)
@@ -926,7 +916,7 @@ func (d *driver) deleteNetwork(nid string) error {
config := n.config
n.Unlock()
- // delele endpoints belong to this network
+ // delete endpoints belong to this network
for _, ep := range n.endpoints {
if err := n.releasePorts(ep); err != nil {
log.G(context.TODO()).Warn(err)
diff --git a/libnetwork/drivers/bridge/setup_bridgenetfiltering.go b/libnetwork/drivers/bridge/setup_bridgenetfiltering.go
index be8d56bcbceb2..9fb367d9fbe6c 100644
--- a/libnetwork/drivers/bridge/setup_bridgenetfiltering.go
+++ b/libnetwork/drivers/bridge/setup_bridgenetfiltering.go
@@ -7,6 +7,7 @@ import (
"errors"
"fmt"
"os"
+ "os/exec"
"syscall"
"github.com/containerd/log"
@@ -44,8 +45,14 @@ func setupIPv6BridgeNetFiltering(config *networkConfiguration, _ *bridgeInterfac
return nil
}
-// Enable bridge net filtering if not already enabled. See github issue #11404
+// Enable bridge net filtering if not already enabled. See GitHub issue #11404
func enableBridgeNetFiltering(nfParam string) error {
+ if _, err := os.Stat("/proc/sys/net/bridge"); err != nil {
+ if out, err := exec.Command("modprobe", "-va", "bridge", "br_netfilter").CombinedOutput(); err != nil {
+ log.G(context.TODO()).WithError(err).Errorf("Running modprobe bridge br_netfilter failed with message: %s", out)
+ return fmt.Errorf("cannot restrict inter-container communication: modprobe br_netfilter failed: %w", err)
+ }
+ }
enabled, err := getKernelBoolParam(nfParam)
if err != nil {
var pathErr *os.PathError
diff --git a/libnetwork/drivers/bridge/setup_ip_tables_linux.go b/libnetwork/drivers/bridge/setup_ip_tables_linux.go
index 71a6203f2b2e9..3d6150d7556ae 100644
--- a/libnetwork/drivers/bridge/setup_ip_tables_linux.go
+++ b/libnetwork/drivers/bridge/setup_ip_tables_linux.go
@@ -5,6 +5,7 @@ import (
"errors"
"fmt"
"net"
+ "os"
"strings"
"github.com/containerd/log"
@@ -32,6 +33,11 @@ const (
IsolationChain2 = "DOCKER-ISOLATION-STAGE-2"
)
+// Path to the executable installed in Linux under WSL2 that reports on
+// WSL config. https://github.com/microsoft/WSL/releases/tag/2.0.4
+// Can be modified by tests.
+var wslinfoPath = "/usr/bin/wslinfo"
+
func setupIPChains(config configuration, version iptables.IPVersion) (natChain *iptables.ChainInfo, filterChain *iptables.ChainInfo, isolationChain1 *iptables.ChainInfo, isolationChain2 *iptables.ChainInfo, retErr error) {
// Sanity check.
if version == iptables.IPv4 && !config.EnableIPTables {
@@ -99,6 +105,10 @@ func setupIPChains(config configuration, version iptables.IPVersion) (natChain *
return nil, nil, nil, nil, err
}
+ if err := mirroredWSL2Workaround(config, version); err != nil {
+ return nil, nil, nil, nil, err
+ }
+
return natChain, filterChain, isolationChain1, isolationChain2, nil
}
@@ -382,7 +392,7 @@ func setINC(version iptables.IPVersion, iface string, enable bool) error {
log.G(context.TODO()).Warnf("Failed to rollback iptables rule after failure (%v): %v", err, err2)
}
}
- return fmt.Errorf(msg)
+ return errors.New(msg)
}
log.G(context.TODO()).Warn(msg)
}
@@ -502,3 +512,81 @@ func clearConntrackEntries(nlh *netlink.Handle, ep *bridgeEndpoint) {
iptables.DeleteConntrackEntries(nlh, ipv4List, ipv6List)
iptables.DeleteConntrackEntriesByPort(nlh, types.UDP, udpPorts)
}
+
+// mirroredWSL2Workaround adds or removes an IPv4 NAT rule, depending on whether
+// docker's host Linux appears to be a guest running under WSL2 in with mirrored
+// mode networking.
+// https://learn.microsoft.com/en-us/windows/wsl/networking#mirrored-mode-networking
+//
+// Without mirrored mode networking, or for a packet sent from Linux, packets
+// sent to 127.0.0.1 are processed as outgoing - they hit the nat-OUTPUT chain,
+// which does not jump to the nat-DOCKER chain because the rule has an exception
+// for "-d 127.0.0.0/8". The default action on the nat-OUTPUT chain is ACCEPT (by
+// default), so the packet is delivered to 127.0.0.1 on lo, where docker-proxy
+// picks it up and acts as a man-in-the-middle; it receives the packet and
+// re-sends it to the container (or acks a SYN and sets up a second TCP
+// connection to the container). So, the container sees packets arrive with a
+// source address belonging to the network's bridge, and it is able to reply to
+// that address.
+//
+// In WSL2's mirrored networking mode, Linux has a loopback0 device as well as lo
+// (which owns 127.0.0.1 as normal). Packets sent to 127.0.0.1 from Windows to a
+// server listening on Linux's 127.0.0.1 are delivered via loopback0, and
+// processed as packets arriving from outside the Linux host (which they are).
+//
+// So, these packets hit the nat-PREROUTING chain instead of nat-OUTPUT. It would
+// normally be impossible for a packet ->127.0.0.1 to arrive from outside the
+// host, so the nat-PREROUTING jump to nat-DOCKER has no exception for it. The
+// packet is processed by a per-bridge DNAT rule in that chain, so it is
+// delivered directly to the container (not via docker-proxy) with source address
+// 127.0.0.1, so the container can't respond.
+//
+// DNAT is normally skipped by RETURN rules in the nat-DOCKER chain for packets
+// arriving from any other bridge network. Similarly, this function adds (or
+// removes) a rule to RETURN early for packets delivered via loopback0 with
+// destination 127.0.0.0/8.
+func mirroredWSL2Workaround(config configuration, ipv iptables.IPVersion) error {
+ // WSL2 does not (currently) support Windows<->Linux communication via ::1.
+ if ipv != iptables.IPv4 {
+ return nil
+ }
+ return programChainRule(mirroredWSL2Rule(), "WSL2 loopback", insertMirroredWSL2Rule(config))
+}
+
+// insertMirroredWSL2Rule returns true if the NAT rule for mirrored WSL2 workaround
+// is required. It is required if:
+// - the userland proxy is running. If not, there's nothing on the host to catch
+// the packet, so the loopback0 rule as wouldn't be useful. However, without
+// the workaround, with improvements in WSL2 v2.3.11, and without userland proxy
+// running - no workaround is needed, the normal DNAT/masquerading works.
+// - and, the host Linux appears to be running under Windows WSL2 with mirrored
+// mode networking. If a loopback0 device exists, and there's an executable at
+// /usr/bin/wslinfo, infer that this is WSL2 with mirrored networking. ("wslinfo
+// --networking-mode" reports "mirrored", but applying the workaround for WSL2's
+// loopback device when it's not needed is low risk, compared with executing
+// wslinfo with dockerd's elevated permissions.)
+func insertMirroredWSL2Rule(config configuration) bool {
+ if !config.EnableUserlandProxy || config.UserlandProxyPath == "" {
+ return false
+ }
+ if _, err := netlink.LinkByName("loopback0"); err != nil {
+ if !errors.As(err, &netlink.LinkNotFoundError{}) {
+ log.G(context.TODO()).WithError(err).Warn("Failed to check for WSL interface")
+ }
+ return false
+ }
+ stat, err := os.Stat(wslinfoPath)
+ if err != nil {
+ return false
+ }
+ return stat.Mode().IsRegular() && (stat.Mode().Perm()&0111) != 0
+}
+
+func mirroredWSL2Rule() iptRule {
+ return iptRule{
+ ipv: iptables.IPv4,
+ table: iptables.Nat,
+ chain: DockerChain,
+ args: []string{"-i", "loopback0", "-d", "127.0.0.0/8", "-j", "RETURN"},
+ }
+}
diff --git a/libnetwork/drivers/bridge/setup_ip_tables_linux_test.go b/libnetwork/drivers/bridge/setup_ip_tables_linux_test.go
index 440286cd73476..17e573b6f7c68 100644
--- a/libnetwork/drivers/bridge/setup_ip_tables_linux_test.go
+++ b/libnetwork/drivers/bridge/setup_ip_tables_linux_test.go
@@ -2,6 +2,8 @@ package bridge
import (
"net"
+ "os"
+ "path/filepath"
"testing"
"github.com/docker/docker/internal/testutils/netnsutils"
@@ -10,6 +12,7 @@ import (
"github.com/docker/docker/libnetwork/netlabel"
"github.com/vishvananda/netlink"
"gotest.tools/v3/assert"
+ is "gotest.tools/v3/assert/cmp"
)
const (
@@ -374,3 +377,74 @@ func TestOutgoingNATRules(t *testing.T) {
})
}
}
+
+func TestMirroredWSL2Workaround(t *testing.T) {
+ for _, tc := range []struct {
+ desc string
+ loopback0 bool
+ userlandProxy bool
+ wslinfoPerm os.FileMode // 0 for no-file
+ expLoopback0Rule bool
+ }{
+ {
+ desc: "No loopback0",
+ },
+ {
+ desc: "WSL2 mirrored",
+ loopback0: true,
+ userlandProxy: true,
+ wslinfoPerm: 0777,
+ expLoopback0Rule: true,
+ },
+ {
+ desc: "loopback0 but wslinfo not executable",
+ loopback0: true,
+ userlandProxy: true,
+ wslinfoPerm: 0666,
+ },
+ {
+ desc: "loopback0 but no wslinfo",
+ loopback0: true,
+ userlandProxy: true,
+ },
+ {
+ desc: "loopback0 but no userland proxy",
+ loopback0: true,
+ wslinfoPerm: 0777,
+ },
+ } {
+ t.Run(tc.desc, func(t *testing.T) {
+ defer netnsutils.SetupTestOSContext(t)()
+
+ if tc.loopback0 {
+ loopback0 := &netlink.Dummy{
+ LinkAttrs: netlink.LinkAttrs{
+ Name: "loopback0",
+ },
+ }
+ err := netlink.LinkAdd(loopback0)
+ assert.NilError(t, err)
+ }
+
+ if tc.wslinfoPerm != 0 {
+ wslinfoPathOrig := wslinfoPath
+ defer func() {
+ wslinfoPath = wslinfoPathOrig
+ }()
+ tmpdir := t.TempDir()
+ wslinfoPath = filepath.Join(tmpdir, "wslinfo")
+ err := os.WriteFile(wslinfoPath, []byte("#!/bin/sh\necho dummy file\n"), tc.wslinfoPerm)
+ assert.NilError(t, err)
+ }
+
+ config := configuration{EnableIPTables: true}
+ if tc.userlandProxy {
+ config.UserlandProxyPath = "some-proxy"
+ config.EnableUserlandProxy = true
+ }
+ _, _, _, _, err := setupIPChains(config, iptables.IPv4)
+ assert.NilError(t, err)
+ assert.Check(t, is.Equal(mirroredWSL2Rule().Exists(), tc.expLoopback0Rule))
+ })
+ }
+}
diff --git a/libnetwork/drivers/overlay/peerdb.go b/libnetwork/drivers/overlay/peerdb.go
index 815790ded8590..91c3d07877cfd 100644
--- a/libnetwork/drivers/overlay/peerdb.go
+++ b/libnetwork/drivers/overlay/peerdb.go
@@ -299,7 +299,7 @@ func (d *driver) peerAddOp(nid, eid string, peerIP net.IP, peerIPMask net.IPMask
sbox := n.sandbox()
if sbox == nil {
// We are hitting this case for all the events that are arriving before that the sandbox
- // is being created. The peer got already added into the database and the sanbox init will
+ // is being created. The peer got already added into the database and the sandbox init will
// call the peerDbUpdateSandbox that will configure all these peers from the database
return nil
}
diff --git a/libnetwork/drivers/windows/windows.go b/libnetwork/drivers/windows/windows.go
index 495a8b7fbd618..0c7d78ab82a43 100644
--- a/libnetwork/drivers/windows/windows.go
+++ b/libnetwork/drivers/windows/windows.go
@@ -442,7 +442,7 @@ func (d *driver) DeleteNetwork(nid string) error {
delete(d.networks, nid)
d.Unlock()
- // delele endpoints belong to this network
+ // delete endpoints belong to this network
for _, ep := range n.endpoints {
if err := d.storeDelete(ep); err != nil {
log.G(context.TODO()).Warnf("Failed to remove bridge endpoint %.7s from store: %v", ep.id, err)
diff --git a/libnetwork/endpoint.go b/libnetwork/endpoint.go
index 332f4b3e91ee4..f72007ea4cfb8 100644
--- a/libnetwork/endpoint.go
+++ b/libnetwork/endpoint.go
@@ -776,7 +776,7 @@ func (ep *Endpoint) sbLeave(ctx context.Context, sb *Sandbox, force bool) error
}
// Update the store about the sandbox detach only after we
- // have completed sb.clearNetworkresources above to avoid
+ // have completed sb.clearNetworkResources above to avoid
// spurious logs when cleaning up the sandbox when the daemon
// ungracefully exits and restarts before completing sandbox
// detach but after store has been updated.
diff --git a/libnetwork/internal/kvstore/boltdb/boltdb.go b/libnetwork/internal/kvstore/boltdb/boltdb.go
index 8ca8822e08f26..a311b2fe3b803 100644
--- a/libnetwork/internal/kvstore/boltdb/boltdb.go
+++ b/libnetwork/internal/kvstore/boltdb/boltdb.go
@@ -14,7 +14,7 @@ import (
bolt "go.etcd.io/bbolt"
)
-// ErrBoltBucketOptionMissing is thrown when boltBcuket config option is missing
+// ErrBoltBucketOptionMissing is thrown when boltBucket config option is missing
var ErrBoltBucketOptionMissing = errors.New("boltBucket config option missing")
const filePerm = 0o644
diff --git a/libnetwork/internal/kvstore/kvstore.go b/libnetwork/internal/kvstore/kvstore.go
index 8347b33dad774..84e7300b5c5f6 100644
--- a/libnetwork/internal/kvstore/kvstore.go
+++ b/libnetwork/internal/kvstore/kvstore.go
@@ -59,7 +59,7 @@ type Store interface {
Close()
}
-// KVPair represents {Key, Value, Lastindex} tuple
+// KVPair represents {Key, Value, LastIndex} tuple
type KVPair struct {
Key string
Value []byte
diff --git a/libnetwork/ipamutils/utils.go b/libnetwork/ipamutils/utils.go
index 8454c760871cb..581a8376c6975 100644
--- a/libnetwork/ipamutils/utils.go
+++ b/libnetwork/ipamutils/utils.go
@@ -44,7 +44,7 @@ func (n NetworkToSplit) Overlaps(p netip.Prefix) bool {
return n.Base.Overlaps(p)
}
-// GetGlobalScopeDefaultNetworks returns a copy of the global-sopce network list.
+// GetGlobalScopeDefaultNetworks returns a copy of the global-scope network list.
func GetGlobalScopeDefaultNetworks() []*NetworkToSplit {
return slices.Clone(globalScopeDefaultNetworks)
}
diff --git a/libnetwork/network.go b/libnetwork/network.go
index 42040bf803645..8396792c3edd7 100644
--- a/libnetwork/network.go
+++ b/libnetwork/network.go
@@ -2011,7 +2011,7 @@ func (n *Network) ResolveIP(_ context.Context, ip string) string {
// because of interleave of different events from different sources (local container create vs
// network db notifications)
// In such cases the resolution will be based on the first element of the set, and can vary
- // during the system stabilitation
+ // during the system stabilization
elem := elemSet[0]
if elem.extResolver {
return ""
diff --git a/libnetwork/networkdb/cluster.go b/libnetwork/networkdb/cluster.go
index f04ac7ecc2c6d..b1c4bffe3b7f4 100644
--- a/libnetwork/networkdb/cluster.go
+++ b/libnetwork/networkdb/cluster.go
@@ -294,7 +294,7 @@ func (nDB *NetworkDB) rejoinClusterBootStrap() {
}
bootStrapIPs := make([]string, 0, len(nDB.bootStrapIP))
for _, bootIP := range nDB.bootStrapIP {
- // botostrap IPs are usually IP:port from the Join
+ // bootstrap IPs are usually IP:port from the Join
var bootstrapIP net.IP
ipStr, _, err := net.SplitHostPort(bootIP)
if err != nil {
diff --git a/libnetwork/networkdb/delegate.go b/libnetwork/networkdb/delegate.go
index c891d411fe957..0be1620498d63 100644
--- a/libnetwork/networkdb/delegate.go
+++ b/libnetwork/networkdb/delegate.go
@@ -213,7 +213,7 @@ func (nDB *NetworkDB) handleTableEvent(tEvent *TableEvent, isBulkSync bool) bool
// 2) the residual reapTime is higher than 1/6 of the total reapTime.
// If the residual reapTime is lower or equal to 1/6 of the total reapTime don't bother broadcasting it around
// most likely the cluster is already aware of it
- // This also reduce the possibility that deletion of entries close to their garbage collection ends up circuling around
+ // This also reduce the possibility that deletion of entries close to their garbage collection ends up circling around
// forever
// log.G(ctx).Infof("exiting on delete not knowing the obj with rebroadcast:%t", network.inSync)
return network.inSync && e.reapTime > nDB.config.reapEntryInterval/6
diff --git a/libnetwork/networkdb/networkdb.go b/libnetwork/networkdb/networkdb.go
index 66c0b81744139..1b06bee49d276 100644
--- a/libnetwork/networkdb/networkdb.go
+++ b/libnetwork/networkdb/networkdb.go
@@ -189,7 +189,7 @@ type Config struct {
// reapEntryInterval duration of a deleted entry before being garbage collected
reapEntryInterval time.Duration
- // reapNetworkInterval duration of a delted network before being garbage collected
+ // reapNetworkInterval duration of a deleted network before being garbage collected
// NOTE this MUST always be higher than reapEntryInterval
reapNetworkInterval time.Duration
@@ -724,7 +724,7 @@ func (nDB *NetworkDB) deleteNetworkNode(nid string, nodeName string) {
nDB.networkNodes[nid] = newNodes
}
-// findCommonnetworks find the networks that both this node and the
+// findCommonNetworks find the networks that both this node and the
// passed node have joined.
func (nDB *NetworkDB) findCommonNetworks(nodeName string) []string {
nDB.RLock()
diff --git a/libnetwork/networkdb/networkdb_test.go b/libnetwork/networkdb/networkdb_test.go
index 2f6287f0a9b13..621cf7a44fbf0 100644
--- a/libnetwork/networkdb/networkdb_test.go
+++ b/libnetwork/networkdb/networkdb_test.go
@@ -875,7 +875,7 @@ func TestNetworkDBIslands(t *testing.T) {
// Give some time to let the system propagate the messages and free up the ports
check := func(t poll.LogT) poll.Result {
- // Verify that the nodes are actually all gone and marked appropiately
+ // Verify that the nodes are actually all gone and marked appropriately
for name, db := range checkDBs {
db.RLock()
if (len(db.leftNodes) != 3) || (len(db.failedNodes) != 0) {
diff --git a/libnetwork/resolver.go b/libnetwork/resolver.go
index 322ddb3e3e6e0..70d37c752f446 100644
--- a/libnetwork/resolver.go
+++ b/libnetwork/resolver.go
@@ -91,7 +91,7 @@ type Resolver struct {
logger *log.Entry
fwdSem *semaphore.Weighted // Limit the number of concurrent external DNS requests in-flight
- logInverval rate.Sometimes // Rate-limit logging about hitting the fwdSem limit
+ logInterval rate.Sometimes // Rate-limit logging about hitting the fwdSem limit
}
// NewResolver creates a new instance of the Resolver
@@ -101,7 +101,7 @@ func NewResolver(address string, proxyDNS bool, backend DNSBackend) *Resolver {
err: fmt.Errorf("setup not done yet"),
startCh: make(chan struct{}, 1),
fwdSem: semaphore.NewWeighted(maxConcurrent),
- logInverval: rate.Sometimes{Interval: logInterval},
+ logInterval: rate.Sometimes{Interval: logInterval},
}
r.listenAddress, _ = netip.ParseAddr(address)
r.proxyDNS.Store(proxyDNS)
@@ -559,7 +559,7 @@ func (r *Resolver) forwardExtDNS(ctx context.Context, proto string, remoteAddr n
if err != nil {
if errors.Is(err, context.DeadlineExceeded) {
- r.logInverval.Do(func() {
+ r.logInterval.Do(func() {
r.log(ctx).Errorf("[resolver] more than %v concurrent queries", maxConcurrent)
})
}
@@ -647,7 +647,7 @@ func (r *Resolver) exchange(ctx context.Context, proto string, extDNS extDNSEntr
// truncating them on our end to forward verbatim to the client.
// Some DNS servers (e.g. Mikrotik RouterOS) don't support
// EDNS(0) and may send replies over UDP longer than 512 bytes
- // regardless of what size limit, if any, was advertized in the
+ // regardless of what size limit, if any, was advertised in the
// query message. Note that ExchangeWithConn will override this
// value if it detects an EDNS OPT record in query so only
// oversized replies to non-EDNS queries will benefit.
diff --git a/libnetwork/resolver_unix_test.go b/libnetwork/resolver_unix_test.go
index 7cb578c936491..e0242886b282a 100644
--- a/libnetwork/resolver_unix_test.go
+++ b/libnetwork/resolver_unix_test.go
@@ -56,11 +56,11 @@ func TestDNSIPQuery(t *testing.T) {
t.Fatal(err)
}
- // add service records which are used to resolve names. These are the real targets for the DNS querries
+ // add service records which are used to resolve names. These are the real targets for the DNS queries
n.addSvcRecords("ep1", "name1", "svc1", net.ParseIP("192.168.0.1"), net.IP{}, true, "test")
w := new(tstwriter)
- // the unit tests right now will focus on non-proxyed DNS requests
+ // the unit tests right now will focus on non-proxied DNS requests
r := NewResolver(resolverIPSandbox, false, sb)
// test name1's IP is resolved correctly with the default A type query
@@ -177,7 +177,7 @@ func TestDNSProxyServFail(t *testing.T) {
r.SetExtServers(localDNSEntries)
r.serveDNS(w, q)
if nRequests != 2 {
- t.Fatalf("Expected 2 DNS querries. Found: %d", nRequests)
+ t.Fatalf("Expected 2 DNS queries. Found: %d", nRequests)
}
t.Logf("Expected number of DNS requests generated")
}
diff --git a/libnetwork/sandbox.go b/libnetwork/sandbox.go
index e390e09776bd5..fe47f3c825b3a 100644
--- a/libnetwork/sandbox.go
+++ b/libnetwork/sandbox.go
@@ -161,7 +161,7 @@ func (sb *Sandbox) delete(ctx context.Context, force bool) error {
if ep.endpointInGWNetwork() && !force {
continue
}
- // Retain the sanbdox if we can't obtain the network from store.
+ // Retain the sandbox if we can't obtain the network from store.
if _, err := c.getNetworkFromStore(ep.getNetwork().ID()); err != nil {
if !c.isSwarmNode() {
retain = true
diff --git a/libnetwork/sandbox_dns_unix_test.go b/libnetwork/sandbox_dns_unix_test.go
index 689b2a70f18e1..95f0f731fb899 100644
--- a/libnetwork/sandbox_dns_unix_test.go
+++ b/libnetwork/sandbox_dns_unix_test.go
@@ -4,18 +4,14 @@ package libnetwork
import (
"context"
- "runtime"
"testing"
"github.com/docker/docker/libnetwork/resolvconf"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
- "gotest.tools/v3/skip"
)
func TestDNSOptions(t *testing.T) {
- skip.If(t, runtime.GOOS == "windows", "test only works on linux")
-
c, err := New(OptionBoltdbWithRandomDBFile(t))
assert.NilError(t, err)
diff --git a/libnetwork/sandbox_externalkey_unix.go b/libnetwork/sandbox_externalkey_unix.go
index 855cae6af7bcf..cadb02014027c 100644
--- a/libnetwork/sandbox_externalkey_unix.go
+++ b/libnetwork/sandbox_externalkey_unix.go
@@ -110,7 +110,7 @@ func processReturn(r io.Reader) error {
return fmt.Errorf("failed to read buf in processReturn : %v", err)
}
if string(buf[0:n]) != success {
- return fmt.Errorf(string(buf[0:n]))
+ return fmt.Errorf("%s", buf[0:n])
}
return nil
}
diff --git a/libnetwork/service_common.go b/libnetwork/service_common.go
index 6c97fc8f496bd..38a313db031a5 100644
--- a/libnetwork/service_common.go
+++ b/libnetwork/service_common.go
@@ -216,7 +216,7 @@ func (c *Controller) cleanupServiceBindings(cleanupNID string) {
func makeServiceCleanupFunc(c *Controller, s *service, nID, eID string, vip net.IP, ip net.IP) func() {
// ContainerName and taskAliases are not available here, this is still fine because the Service discovery
// cleanup already happened before. The only thing that rmServiceBinding is still doing here a part from the Load
- // Balancer bookeeping, is to keep consistent the mapping of endpoint to IP.
+ // Balancer bookkeeping, is to keep consistent the mapping of endpoint to IP.
return func() {
if err := c.rmServiceBinding(s.name, s.id, nID, eID, "", vip, s.ingressPorts, s.aliases, []string{}, ip, "cleanupServiceBindings", false, true); err != nil {
log.G(context.TODO()).Errorf("Failed to remove service bindings for service %s network %s endpoint %s while cleanup: %v", s.id, nID, eID, err)
diff --git a/libnetwork/service_linux.go b/libnetwork/service_linux.go
index 79e12255f8376..6d6e716d4f330 100644
--- a/libnetwork/service_linux.go
+++ b/libnetwork/service_linux.go
@@ -77,7 +77,7 @@ func findIfaceDstName(sb *Sandbox, ep *Endpoint) string {
return ""
}
-// Add loadbalancer backend to the loadbalncer sandbox for the network.
+// Add loadbalancer backend to the loadbalancer sandbox for the network.
// If needed add the service as well.
func (n *Network) addLBBackend(ip net.IP, lb *loadBalancer) {
if len(lb.vip) == 0 {
diff --git a/libnetwork/types/types.go b/libnetwork/types/types.go
index f17e3f11c88f4..578d179b13f04 100644
--- a/libnetwork/types/types.go
+++ b/libnetwork/types/types.go
@@ -40,7 +40,7 @@ type TransportPort struct {
Port uint16
}
-// Equal checks if this instance of Transportport is equal to the passed one
+// Equal checks if this instance of TransportPort is equal to the passed one
func (t *TransportPort) Equal(o *TransportPort) bool {
if t == o {
return true
diff --git a/man/Makefile b/man/Makefile
index b91f7ecf5aaaf..397830dc1e428 100644
--- a/man/Makefile
+++ b/man/Makefile
@@ -35,7 +35,9 @@ man%:
.PHONY: install
install: all
+ @set -ex; \
for sec in $(sections); do \
+ $(INSTALL) -d $(DESTDIR)$(mandir)/man$$sec && \
$(INSTALL_DATA) man$$sec/* $(DESTDIR)$(mandir)/man$$sec; \
done
diff --git a/man/dockerd.8.md b/man/dockerd.8.md
index 2a769e5671dc1..4f2d4b809b302 100644
--- a/man/dockerd.8.md
+++ b/man/dockerd.8.md
@@ -31,6 +31,7 @@ dockerd - Enable daemon mode
[**--exec-opt**[=*[]*]]
[**--exec-root**[=*/var/run/docker*]]
[**--experimental**[=**false**]]
+[**--feature**[=*NAME*[=**true**|**false**]]
[**--fixed-cidr**[=*FIXED-CIDR*]]
[**--fixed-cidr-v6**[=*FIXED-CIDR-V6*]]
[**-G**|**--group**[=*docker*]]
@@ -52,6 +53,7 @@ dockerd - Enable daemon mode
[**--label**[=*[]*]]
[**--live-restore**[=**false**]]
[**--log-driver**[=*json-file*]]
+[**--log-format**="*text*|*json*"]
[**--log-opt**[=*map[]*]]
[**--mtu**[=*0*]]
[**--max-concurrent-downloads**[=*3*]]
@@ -222,6 +224,14 @@ $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-ru
**--experimental**=""
Enable the daemon experimental features.
+**--feature**=*NAME*[=**true**|**false**]
+ Enable or disable a feature in the daemon. This option corresponds
+ with the "features" field in the daemon.json configuration file. Using
+ both the command-line option and the "features" field in the configuration
+ file produces an error. The feature option can be specified multiple times
+ to configure multiple features.
+ Usage example: `--feature containerd-snapshotter` or `--feature containerd-snapshotter=true`.
+
**--fixed-cidr**=""
IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in
the bridge subnet (which is defined by \-b or \-\-bip).
@@ -324,6 +334,9 @@ unix://[/path/to/socket] to use.
Default driver for container logs. Default is **json-file**.
**Warning**: **docker logs** command works only for **json-file** logging driver.
+**--log-format**="*text*|*json*"
+ Set the format for logs produced by the daemon. Default is "text".
+
**--log-opt**=[]
Logging driver specific options.
diff --git a/oci/caps/utils.go b/oci/caps/utils.go
index c61f6b49e93e5..1cdcf5b7b3998 100644
--- a/oci/caps/utils.go
+++ b/oci/caps/utils.go
@@ -21,7 +21,7 @@ var (
knownCaps map[string]*struct{}
)
-// GetAllCapabilities returns all capabilities that are availeble in the current
+// GetAllCapabilities returns all capabilities that are available in the current
// environment.
func GetAllCapabilities() []string {
initCaps()
diff --git a/opts/opts_test.go b/opts/opts_test.go
index 3f7f33a246649..e9fe09a35d90d 100644
--- a/opts/opts_test.go
+++ b/opts/opts_test.go
@@ -142,7 +142,7 @@ func TestListOptsWithoutValidator(t *testing.T) {
}
func TestListOptsWithValidator(t *testing.T) {
- // Re-using logOptsvalidator (used by MapOpts)
+ // Re-using logOptsValidator (used by MapOpts)
o := NewListOpts(logOptsValidator)
o.Set("foo")
if o.String() != "" {
@@ -233,7 +233,7 @@ func TestValidateLabel(t *testing.T) {
expectedErr string
}{
{
- name: "lable with bad attribute format",
+ name: "label with bad attribute format",
label: "label",
expectedErr: "bad attribute format: label",
},
diff --git a/pkg/chrootarchive/archive.go b/pkg/chrootarchive/archive.go
index 3b6d8a77aa340..07739462e0542 100644
--- a/pkg/chrootarchive/archive.go
+++ b/pkg/chrootarchive/archive.go
@@ -36,7 +36,7 @@ func Untar(tarArchive io.Reader, dest string, options *archive.TarOptions) error
// This should be used to prevent a potential attacker from manipulating `dest`
// such that it would provide access to files outside of `dest` through things
// like symlinks. Normally `ResolveSymlinksInScope` would handle this, however
-// sanitizing symlinks in this manner is inherrently racey:
+// sanitizing symlinks in this manner is inherently racey:
// ref: CVE-2018-15664
func UntarWithRoot(tarArchive io.Reader, dest string, options *archive.TarOptions, root string) error {
return untarHandler(tarArchive, dest, options, true, root)
diff --git a/pkg/jsonmessage/jsonmessage.go b/pkg/jsonmessage/jsonmessage.go
index 035160c834e4d..8d2c8857fb03a 100644
--- a/pkg/jsonmessage/jsonmessage.go
+++ b/pkg/jsonmessage/jsonmessage.go
@@ -290,7 +290,7 @@ func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr,
}
// Stream is an io.Writer for output with utilities to get the output's file
-// descriptor and to detect wether it's a terminal.
+// descriptor and to detect whether it's a terminal.
//
// it is subset of the streams.Out type in
// https://pkg.go.dev/github.com/docker/cli@v20.10.17+incompatible/cli/streams#Out
diff --git a/pkg/meminfo/meminfo.go b/pkg/meminfo/meminfo.go
index 4f33ad26bf5ab..3d095579e5ead 100644
--- a/pkg/meminfo/meminfo.go
+++ b/pkg/meminfo/meminfo.go
@@ -1,4 +1,4 @@
-// Package meminfo provides utilites to retrieve memory statistics of
+// Package meminfo provides utilities to retrieve memory statistics of
// the host system.
package meminfo
diff --git a/pkg/pools/pools.go b/pkg/pools/pools.go
index 3792c67a9e454..3ea3012b188ba 100644
--- a/pkg/pools/pools.go
+++ b/pkg/pools/pools.go
@@ -124,7 +124,7 @@ func (bufPool *BufioWriterPool) Put(b *bufio.Writer) {
}
// NewWriteCloserWrapper returns a wrapper which puts the bufio.Writer back
-// into the pool and closes the writer if it's an io.Writecloser.
+// into the pool and closes the writer if it's an io.WriteCloser.
func (bufPool *BufioWriterPool) NewWriteCloserWrapper(buf *bufio.Writer, w io.Writer) io.WriteCloser {
return ioutils.NewWriteCloserWrapper(w, func() error {
buf.Flush()
diff --git a/pkg/pools/pools_test.go b/pkg/pools/pools_test.go
index 6d1ca0598a1ea..0a8e92a3b09a7 100644
--- a/pkg/pools/pools_test.go
+++ b/pkg/pools/pools_test.go
@@ -116,7 +116,7 @@ func TestBufioWriterPoolPutAndGet(t *testing.T) {
// recover it
defer func() {
if r := recover(); r == nil {
- t.Fatal("Trying to flush the writter should have 'paniced', did not.")
+ t.Fatal("Trying to flush the writter should have 'panicked', did not.")
}
}()
writer.Flush()
diff --git a/pkg/system/xattrs_linux.go b/pkg/system/xattrs_linux.go
index facfbb3126f15..b877ecc5a9425 100644
--- a/pkg/system/xattrs_linux.go
+++ b/pkg/system/xattrs_linux.go
@@ -6,7 +6,7 @@ import (
// Lgetxattr retrieves the value of the extended attribute identified by attr
// and associated with the given path in the file system.
-// It will returns a nil slice and nil error if the xattr is not set.
+// It returns a nil slice and nil error if the xattr is not set.
func Lgetxattr(path string, attr string) ([]byte, error) {
sysErr := func(err error) ([]byte, error) {
return nil, &XattrError{Op: "lgetxattr", Attr: attr, Path: path, Err: err}
diff --git a/plugin/store_test.go b/plugin/store_test.go
index 47b4bd7d4ddd6..e68172257e3e3 100644
--- a/plugin/store_test.go
+++ b/plugin/store_test.go
@@ -46,7 +46,7 @@ func TestStoreGetPluginNotMatchCapRefs(t *testing.T) {
}
if _, err := s.Get("test", "volumedriver", plugingetter.Acquire); err == nil {
- t.Fatal("exepcted error when getting plugin that doesn't match the passed in capability")
+ t.Fatal("expected error when getting plugin that doesn't match the passed in capability")
}
if refs := p.GetRefCount(); refs != 0 {
@@ -55,7 +55,7 @@ func TestStoreGetPluginNotMatchCapRefs(t *testing.T) {
p.PluginObj.Enabled = true
if _, err := s.Get("test", "volumedriver", plugingetter.Acquire); err == nil {
- t.Fatal("exepcted error when getting plugin that doesn't match the passed in capability")
+ t.Fatal("expected error when getting plugin that doesn't match the passed in capability")
}
if refs := p.GetRefCount(); refs != 0 {
diff --git a/profiles/seccomp/seccomp_linux.go b/profiles/seccomp/seccomp_linux.go
index 4d8fed68c6a19..17ee350e274ae 100644
--- a/profiles/seccomp/seccomp_linux.go
+++ b/profiles/seccomp/seccomp_linux.go
@@ -39,6 +39,7 @@ var nativeToSeccomp = map[string]specs.Arch{
"ppc": specs.ArchPPC,
"ppc64": specs.ArchPPC64,
"ppc64le": specs.ArchPPC64LE,
+ "riscv64": specs.ArchRISCV64,
"s390": specs.ArchS390,
"s390x": specs.ArchS390X,
}
@@ -57,6 +58,7 @@ var goToNative = map[string]string{
"ppc": "ppc",
"ppc64": "ppc64",
"ppc64le": "ppc64le",
+ "riscv64": "riscv64",
"s390": "s390",
"s390x": "s390x",
}
diff --git a/registry/config.go b/registry/config.go
index 84b0a63ad25b5..e1b0a0ca14c62 100644
--- a/registry/config.go
+++ b/registry/config.go
@@ -359,7 +359,7 @@ func hasScheme(reposName string) bool {
}
func validateHostPort(s string) error {
- // Split host and port, and in case s can not be splitted, assume host only
+ // Split host and port, and in case s can not be split, assume host only
host, port, err := net.SplitHostPort(s)
if err != nil {
host = s
diff --git a/reports/2017-06-12.md b/reports/2017-06-12.md
index 8aef38c6b03c8..5264c9d89fca9 100644
--- a/reports/2017-06-12.md
+++ b/reports/2017-06-12.md
@@ -13,8 +13,8 @@ Man pages, docs and completion scripts will be removed next week thanks to @tibo
### Find a good and non-confusing home for the remaining monolith
-Lot's of dicussion happened on the [forums](https://forums.mobyproject.org/t/topic-find-a-good-an-non-confusing-home-for-the-remaining-monolith)
-We should expect to do those changes after the moby summit. We contacted github to work with them so we have a smooth move.
+Lots of discussion happened on the [forums](https://forums.mobyproject.org/t/topic-find-a-good-an-non-confusing-home-for-the-remaining-monolith)
+We should expect to do those changes after the moby summit. We contacted GitHub to work with them so we have a smooth move.
### Moby tool
diff --git a/testutil/fixtures/plugin/basic/basic.go b/testutil/fixtures/plugin/basic/basic.go
index 2eebe249fc514..401bccafd493d 100644
--- a/testutil/fixtures/plugin/basic/basic.go
+++ b/testutil/fixtures/plugin/basic/basic.go
@@ -26,7 +26,7 @@ func main() {
server := http.Server{
Addr: l.Addr().String(),
Handler: http.NewServeMux(),
- ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
+ ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to satisfy gosec (G112: Potential Slowloris Attack)
}
mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1.1+json")
diff --git a/vendor.mod b/vendor.mod
index 974b6aad69b4e..3c7441b504166 100644
--- a/vendor.mod
+++ b/vendor.mod
@@ -25,14 +25,14 @@ require (
github.com/aws/smithy-go v1.19.0
github.com/cloudflare/cfssl v1.6.4
github.com/containerd/cgroups/v3 v3.0.3
- github.com/containerd/containerd v1.7.21
+ github.com/containerd/containerd v1.7.22
github.com/containerd/containerd/api v1.7.19
github.com/containerd/continuity v0.4.3
github.com/containerd/errdefs v0.1.0
github.com/containerd/fifo v1.1.0
github.com/containerd/log v0.1.0
github.com/containerd/platforms v0.2.1
- github.com/containerd/typeurl/v2 v2.1.1
+ github.com/containerd/typeurl/v2 v2.2.0
github.com/coreos/go-systemd/v22 v22.5.0
github.com/cpuguy83/tar2go v0.3.1
github.com/creack/pty v1.1.21
@@ -62,25 +62,25 @@ require (
github.com/miekg/dns v1.1.57
github.com/mistifyio/go-zfs/v3 v3.0.1
github.com/mitchellh/copystructure v1.2.0
- github.com/moby/buildkit v0.15.2
+ github.com/moby/buildkit v0.16.0
github.com/moby/docker-image-spec v1.3.1
github.com/moby/ipvs v1.1.0
github.com/moby/locker v1.0.1
github.com/moby/patternmatcher v0.6.0
github.com/moby/pubsub v1.0.0
github.com/moby/swarmkit/v2 v2.0.0-20240611172349-ea1a7cec35cb
- github.com/moby/sys/mount v0.3.3
- github.com/moby/sys/mountinfo v0.7.1
- github.com/moby/sys/sequential v0.5.0
- github.com/moby/sys/signal v0.7.0
- github.com/moby/sys/symlink v0.2.0
+ github.com/moby/sys/mount v0.3.4
+ github.com/moby/sys/mountinfo v0.7.2
+ github.com/moby/sys/sequential v0.6.0
+ github.com/moby/sys/signal v0.7.1
+ github.com/moby/sys/symlink v0.3.0
github.com/moby/sys/user v0.3.0
github.com/moby/sys/userns v0.1.0
github.com/moby/term v0.5.0
github.com/morikuni/aec v1.0.0
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.0
- github.com/opencontainers/runc v1.1.13
+ github.com/opencontainers/runc v1.1.14
github.com/opencontainers/runtime-spec v1.2.0
github.com/opencontainers/selinux v1.11.0
github.com/pelletier/go-toml v1.9.5
@@ -102,15 +102,14 @@ require (
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0
go.opentelemetry.io/otel/sdk v1.21.0
go.opentelemetry.io/otel/trace v1.21.0
- golang.org/x/exp v0.0.0-20231006140011-7918f672742d
- golang.org/x/mod v0.17.0
- golang.org/x/net v0.25.0
- golang.org/x/sync v0.7.0
- golang.org/x/sys v0.22.0
- golang.org/x/text v0.15.0
- golang.org/x/time v0.3.0
- google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f
- google.golang.org/grpc v1.59.0
+ golang.org/x/mod v0.20.0
+ golang.org/x/net v0.28.0
+ golang.org/x/sync v0.8.0
+ golang.org/x/sys v0.24.0
+ golang.org/x/text v0.17.0
+ golang.org/x/time v0.6.0
+ google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80
+ google.golang.org/grpc v1.62.0
google.golang.org/protobuf v1.33.0
gotest.tools/v3 v3.5.1
resenje.org/singleflight v0.4.1
@@ -118,7 +117,7 @@ require (
)
require (
- cloud.google.com/go v0.110.10 // indirect
+ cloud.google.com/go v0.112.0 // indirect
cloud.google.com/go/longrunning v0.5.4 // indirect
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
github.com/agext/levenshtein v1.2.3 // indirect
@@ -145,7 +144,7 @@ require (
github.com/containerd/console v1.0.4 // indirect
github.com/containerd/go-cni v1.1.10 // indirect
github.com/containerd/go-runc v1.1.0 // indirect
- github.com/containerd/nydus-snapshotter v0.13.7 // indirect
+ github.com/containerd/nydus-snapshotter v0.14.0 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
github.com/containerd/ttrpc v1.2.5 // indirect
github.com/containernetworking/cni v1.2.2 // indirect
@@ -210,9 +209,8 @@ require (
go.etcd.io/etcd/server/v3 v3.5.6 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.46.1 // indirect
- go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.42.0 // indirect
- go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.42.0 // indirect
- go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.42.0 // indirect
+ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 // indirect
+ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 // indirect
go.opentelemetry.io/otel/metric v1.21.0 // indirect
@@ -221,12 +219,13 @@ require (
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.8.0 // indirect
go.uber.org/zap v1.21.0 // indirect
- golang.org/x/crypto v0.23.0 // indirect
- golang.org/x/oauth2 v0.21.0 // indirect
- golang.org/x/tools v0.21.0 // indirect
- google.golang.org/api v0.149.0 // indirect
- google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 // indirect
+ golang.org/x/crypto v0.26.0 // indirect
+ golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 // indirect
+ golang.org/x/oauth2 v0.22.0 // indirect
+ golang.org/x/tools v0.24.0 // indirect
+ google.golang.org/api v0.155.0 // indirect
+ google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/klog/v2 v2.90.1 // indirect
diff --git a/vendor.sum b/vendor.sum
index 9d41b4d9383fd..22ac2d37c704b 100644
--- a/vendor.sum
+++ b/vendor.sum
@@ -5,8 +5,8 @@ cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6A
cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.110.10 h1:LXy9GEO+timppncPIAZoOj3l58LIU9k+kn48AN7IO3Y=
-cloud.google.com/go v0.110.10/go.mod h1:v1OoFqYxiBkUrruItNM3eT4lLByNjxmJSV/xDKJNnic=
+cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM=
+cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4=
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
@@ -130,8 +130,8 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k=
-github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ=
+github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM=
github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5 h1:xD/lrqdvwsc+O2bjSSi3YqY73Ke3LAiSCx49aCesA0E=
github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo=
github.com/cockroachdb/errors v1.2.4 h1:Lap807SXTH5tri2TivECb/4abUkMZC9zRoLarvcKDqs=
@@ -148,8 +148,8 @@ github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGD
github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0=
github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro=
github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk=
-github.com/containerd/containerd v1.7.21 h1:USGXRK1eOC/SX0L195YgxTHb0a00anxajOzgfN0qrCA=
-github.com/containerd/containerd v1.7.21/go.mod h1:e3Jz1rYRUZ2Lt51YrH9Rz0zPyJBOlSvB3ghr2jbVD8g=
+github.com/containerd/containerd v1.7.22 h1:nZuNnNRA6T6jB975rx2RRNqqH2k6ELYKDZfqTHqwyy0=
+github.com/containerd/containerd v1.7.22/go.mod h1:e3Jz1rYRUZ2Lt51YrH9Rz0zPyJBOlSvB3ghr2jbVD8g=
github.com/containerd/containerd/api v1.7.19 h1:VWbJL+8Ap4Ju2mx9c9qS1uFSB1OVYr5JJrW2yT5vFoA=
github.com/containerd/containerd/api v1.7.19/go.mod h1:fwGavl3LNwAV5ilJ0sbrABL44AQxmNjDRcwheXDb6Ig=
github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8=
@@ -164,16 +164,16 @@ github.com/containerd/go-runc v1.1.0 h1:OX4f+/i2y5sUT7LhmcJH7GYrjjhHa1QI4e8yO0gG
github.com/containerd/go-runc v1.1.0/go.mod h1:xJv2hFF7GvHtTJd9JqTS2UVxMkULUYw4JN5XAUZqH5U=
github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
-github.com/containerd/nydus-snapshotter v0.13.7 h1:x7DHvGnzJOu1ZPwPYkeOPk5MjZZYbdddygEjaSDoFTk=
-github.com/containerd/nydus-snapshotter v0.13.7/go.mod h1:VPVKQ3jmHFIcUIV2yiQ1kImZuBFS3GXDohKs9mRABVE=
+github.com/containerd/nydus-snapshotter v0.14.0 h1:6/eAi6d7MjaeLLuMO8Udfe5GVsDudmrDNO4SGETMBco=
+github.com/containerd/nydus-snapshotter v0.14.0/go.mod h1:TT4jv2SnIDxEBu4H2YOvWQHPOap031ydTaHTuvc5VQk=
github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=
github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk=
github.com/containerd/ttrpc v1.2.5 h1:IFckT1EFQoFBMG4c3sMdT8EP3/aKfumK1msY+Ze4oLU=
github.com/containerd/ttrpc v1.2.5/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o=
-github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4=
-github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0=
+github.com/containerd/typeurl/v2 v2.2.0 h1:6NBDbQzr7I5LHgp34xAXYF5DOTQDn05X58lsPEmzLso=
+github.com/containerd/typeurl/v2 v2.2.0/go.mod h1:8XOOxnyatxSWuG8OfsZXVnAF4iZfedjS/8UHSPJnX4g=
github.com/containernetworking/cni v1.2.2 h1:9IbP6KJQQxVKo4hhnm8r50YcVKrJbJu3Dqw+Rbt1vYk=
github.com/containernetworking/cni v1.2.2/go.mod h1:DuLgF+aPd3DzcTQTtp/Nvl1Kim23oFKdm2okJzBQA5M=
github.com/containernetworking/plugins v1.4.0 h1:+w22VPYgk7nQHw7KT92lsRmuToHvb7wwSv9iTbXzzic=
@@ -230,8 +230,8 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m
github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA=
-github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE=
+github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
+github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
@@ -283,8 +283,8 @@ github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w
github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2 h1:xisWqjiKEff2B0KfFYGpCqc3M3zdTz+OHQHRc09FeYk=
github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo=
-github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ=
+github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=
+github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
@@ -476,8 +476,8 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh
github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
github.com/mndrix/tap-go v0.0.0-20171203230836-629fa407e90b/go.mod h1:pzzDgJWZ34fGzaAZGFW22KVZDfyrYW+QABMrWnJBnSs=
-github.com/moby/buildkit v0.15.2 h1:DnONr0AoceTWyv+plsQ7IhkSaj+6o0WyoaxYPyTFIxs=
-github.com/moby/buildkit v0.15.2/go.mod h1:Yis8ZMUJTHX9XhH9zVyK2igqSHV3sxi3UN0uztZocZk=
+github.com/moby/buildkit v0.16.0 h1:wOVBj1o5YNVad/txPQNXUXdelm7Hs/i0PUFjzbK0VKE=
+github.com/moby/buildkit v0.16.0/go.mod h1:Xqx/5GlrqE1yIRORk0NSCVDFpQAU1WjlT6KHYZdisIQ=
github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
github.com/moby/ipvs v1.1.0 h1:ONN4pGaZQgAx+1Scz5RvWV4Q7Gb+mvfRh3NsPS+1XQQ=
@@ -490,17 +490,16 @@ github.com/moby/pubsub v1.0.0 h1:jkp/imWsmJz2f6LyFsk7EkVeN2HxR/HTTOY8kHrsxfA=
github.com/moby/pubsub v1.0.0/go.mod h1:bXSO+3h5MNXXCaEG+6/NlAIk7MMZbySZlnB+cUQhKKc=
github.com/moby/swarmkit/v2 v2.0.0-20240611172349-ea1a7cec35cb h1:1UTTg2EgO3nuyV03wREDzldqqePzQ4+0a5G1C1y1bIo=
github.com/moby/swarmkit/v2 v2.0.0-20240611172349-ea1a7cec35cb/go.mod h1:kNy225f/gWAnF8wPftteMc5nbAHhrH+HUfvyjmhFjeQ=
-github.com/moby/sys/mount v0.3.3 h1:fX1SVkXFJ47XWDoeFW4Sq7PdQJnV2QIDZAqjNqgEjUs=
-github.com/moby/sys/mount v0.3.3/go.mod h1:PBaEorSNTLG5t/+4EgukEQVlAvVEc6ZjTySwKdqp5K0=
-github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
-github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g=
-github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
-github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
-github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
-github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI=
-github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg=
-github.com/moby/sys/symlink v0.2.0 h1:tk1rOM+Ljp0nFmfOIBtlV3rTDlWOwFRhjEeAhZB0nZc=
-github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs=
+github.com/moby/sys/mount v0.3.4 h1:yn5jq4STPztkkzSKpZkLcmjue+bZJ0u2AuQY1iNI1Ww=
+github.com/moby/sys/mount v0.3.4/go.mod h1:KcQJMbQdJHPlq5lcYT+/CjatWM4PuxKe+XLSVS4J6Os=
+github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg=
+github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4=
+github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
+github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
+github.com/moby/sys/signal v0.7.1 h1:PrQxdvxcGijdo6UXXo/lU/TvHUWyPhj7UOpSo8tuvk0=
+github.com/moby/sys/signal v0.7.1/go.mod h1:Se1VGehYokAkrSQwL4tDzHvETwUZlnY7S5XtQ50mQp8=
+github.com/moby/sys/symlink v0.3.0 h1:GZX89mEZ9u53f97npBy4Rc3vJKj7JBDj/PN2I22GrNU=
+github.com/moby/sys/symlink v0.3.0/go.mod h1:3eNdhduHmYPcgsJtZXW1W4XUJdZGBIkttZ8xKqPUJq0=
github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo=
github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs=
github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
@@ -531,8 +530,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
-github.com/opencontainers/runc v1.1.13 h1:98S2srgG9vw0zWcDpFMn5TRrh8kLxa/5OFUstuUhmRs=
-github.com/opencontainers/runc v1.1.13/go.mod h1:R016aXacfp/gwQBYw2FDGa9m+n6atbLWrYY8hNMT/sA=
+github.com/opencontainers/runc v1.1.14 h1:rgSuzbmgz5DUJjeSnw337TxDbRuqjs6iqQck/2weR6w=
+github.com/opencontainers/runc v1.1.14/go.mod h1:E4C2z+7BxR7GHXp0hAY53mek+x49X1LjPNeMTfRGvOA=
github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=
github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
@@ -600,8 +599,8 @@ github.com/rexray/gocsi v1.2.2/go.mod h1:X9oJHHpIVGmfKdK8e+JuCXafggk7HxL9mWQOgrs
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
github.com/rootless-containers/rootlesskit/v2 v2.0.2 h1:wztWcDYFlk+EVAUuPJwlNMFXZIk1G14T45lv47WWGuA=
github.com/rootless-containers/rootlesskit/v2 v2.0.2/go.mod h1:hE+ztevrQxNi+tdZyPKumzDk7VKDAf0E4seOzlOyBsY=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@@ -739,12 +738,10 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:
go.opentelemetry.io/otel v1.0.1/go.mod h1:OPEOD4jIT2SlZPMmwT6FqZz2C0ZNdQqiWcoK6M0SNFU=
go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.42.0 h1:ZtfnDL+tUrs1F0Pzfwbg2d59Gru9NCH3bgSHBM6LDwU=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.42.0/go.mod h1:hG4Fj/y8TR/tlEDREo8tWstl9fO9gcFkn4xrx0Io8xU=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.42.0 h1:NmnYCiR0qNufkldjVvyQfZTHSdzeHoZ41zggMsdMcLM=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.42.0/go.mod h1:UVAO61+umUsHLtYb8KXXRoHtxUkdOPkYidzW3gipRLQ=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.42.0 h1:wNMDy/LVGLj2h3p6zg4d0gypKfWKSWI14E1C4smOgl8=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.42.0/go.mod h1:YfbDdXAAkemWJK3H/DshvlrxqFB2rtW4rY6ky/3x/H0=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 h1:jd0+5t/YynESZqsSyPz+7PAFdEop0dlN0+PkyHYo8oI=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0/go.mod h1:U707O40ee1FpQGyhvqnzmCJm1Wh6OX6GGBVn0E6Uyyk=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bflGWrfYyuulcdxf14V6n9+CoQcu5SAAdHmDPAJnlps=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0/go.mod h1:qcTO4xHAxZLaLxPd60TdE88rxtItPHgHWqOhOGRr0as=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.0.1/go.mod h1:Kv8liBeVNFkkkbilbgWRpV+wWuu+H5xdOT6HAgd30iw=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg=
@@ -793,15 +790,15 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
-golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
+golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
-golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
+golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 h1:kx6Ds3MlpiUHKj7syVnbp57++8WpuKPcR5yjLBjvLEA=
+golang.org/x/exp v0.0.0-20240823005443-9b4947da3948/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -822,8 +819,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
-golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=
+golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -852,14 +849,14 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
-golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
-golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
+golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
-golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
+golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -871,8 +868,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -912,7 +909,6 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -920,14 +916,14 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
+golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
-golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw=
-golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
+golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
+golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
@@ -937,13 +933,13 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
-golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
+golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -972,8 +968,8 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ=
-golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw=
-golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
+golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -983,8 +979,8 @@ google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E
google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.149.0 h1:b2CqT6kG+zqJIVKRQ3ELJVLN1PwHZ6DJ3dW8yl82rgY=
-google.golang.org/api v0.149.0/go.mod h1:Mwn1B7JTXrzXtnvmzQE2BD6bYZQ8DShKZDZbeN9I7qI=
+google.golang.org/api v0.155.0 h1:vBmGhCYs0djJttDNynWo44zosHlPvHmA0XiN2zP2DtA=
+google.golang.org/api v0.155.0/go.mod h1:GI5qK5f40kCpHfPn6+YzGAByIKWv8ujFnmoWm7Igduk=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1002,12 +998,12 @@ google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfG
google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg=
-google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic=
-google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f h1:2yNACc1O40tTnrsbk9Cv6oxiW8pxI/pXj0wRtdlYmgY=
-google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f/go.mod h1:Uy9bTZJqmfrw2rIBxgGLnamc78euZULUBrLZ9XTITKI=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 h1:/jFB8jK5R3Sq3i/lmeZO0cATSzFfZaJq1J2Euan3XKU=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0/go.mod h1:FUoWkonphQm3RhTS+kOEhF8h0iDpm4tdXolVCeZ9KKA=
+google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
+google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro=
+google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 h1:Lj5rbfG876hIAYFjqiJnPHfhXbv+nzTWfm04Fg/XSVU=
+google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 h1:AjyfHzEPEFp/NpvfN5g+KDla3EMojjhRVZc1i7cj+oM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1023,8 +1019,8 @@ google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ
google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
-google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
-google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
+google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk=
+google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
diff --git a/vendor/cloud.google.com/go/.release-please-manifest-individual.json b/vendor/cloud.google.com/go/.release-please-manifest-individual.json
index 38a67bae445bd..bcbd757af9619 100644
--- a/vendor/cloud.google.com/go/.release-please-manifest-individual.json
+++ b/vendor/cloud.google.com/go/.release-please-manifest-individual.json
@@ -1,15 +1,16 @@
{
"auth": "0.1.0",
"auth/oauth2adapt": "0.1.0",
- "bigquery": "1.57.0",
- "bigtable": "1.20.0",
+ "bigquery": "1.57.1",
+ "bigtable": "1.21.0",
"datastore": "1.15.0",
"errorreporting": "0.3.0",
"firestore": "1.14.0",
- "logging": "1.8.1",
+ "logging": "1.9.0",
"profiler": "0.4.0",
"pubsub": "1.33.0",
"pubsublite": "1.8.1",
- "spanner": "1.51.0",
- "storage": "1.34.0"
+ "spanner": "1.55.0",
+ "storage": "1.36.0",
+ "vertexai": "0.6.0"
}
diff --git a/vendor/cloud.google.com/go/.release-please-manifest-submodules.json b/vendor/cloud.google.com/go/.release-please-manifest-submodules.json
index 12fed1bc181e0..b761f5a7fcfee 100644
--- a/vendor/cloud.google.com/go/.release-please-manifest-submodules.json
+++ b/vendor/cloud.google.com/go/.release-please-manifest-submodules.json
@@ -1,131 +1,137 @@
{
- "accessapproval": "1.7.3",
- "accesscontextmanager": "1.8.3",
- "advisorynotifications": "1.2.2",
- "ai": "0.1.3",
- "aiplatform": "1.51.2",
- "alloydb": "1.6.2",
- "analytics": "0.21.5",
- "apigateway": "1.6.3",
- "apigeeconnect": "1.6.3",
- "apigeeregistry": "0.8.1",
- "apikeys": "1.1.3",
- "appengine": "1.8.3",
- "area120": "0.8.3",
- "artifactregistry": "1.14.5",
- "asset": "1.15.2",
- "assuredworkloads": "1.11.3",
- "automl": "1.13.3",
- "baremetalsolution": "1.2.2",
- "batch": "1.6.2",
- "beyondcorp": "1.0.2",
- "billing": "1.17.3",
- "binaryauthorization": "1.7.2",
- "certificatemanager": "1.7.3",
- "channel": "1.17.2",
- "cloudbuild": "1.14.2",
- "clouddms": "1.7.2",
- "cloudtasks": "1.12.3",
- "commerce": "0.1.2",
- "compute": "1.23.2",
+ "accessapproval": "1.7.4",
+ "accesscontextmanager": "1.8.4",
+ "advisorynotifications": "1.3.0",
+ "ai": "0.3.0",
+ "aiplatform": "1.58.0",
+ "alloydb": "1.8.0",
+ "analytics": "0.22.0",
+ "apigateway": "1.6.4",
+ "apigeeconnect": "1.6.4",
+ "apigeeregistry": "0.8.2",
+ "apikeys": "1.1.4",
+ "appengine": "1.8.4",
+ "apps": "0.2.0",
+ "area120": "0.8.4",
+ "artifactregistry": "1.14.6",
+ "asset": "1.17.0",
+ "assuredworkloads": "1.11.4",
+ "automl": "1.13.4",
+ "baremetalsolution": "1.2.3",
+ "batch": "1.7.0",
+ "beyondcorp": "1.0.3",
+ "billing": "1.18.0",
+ "binaryauthorization": "1.8.0",
+ "certificatemanager": "1.7.4",
+ "channel": "1.17.4",
+ "cloudbuild": "1.15.0",
+ "clouddms": "1.7.3",
+ "cloudprofiler": "0.2.0",
+ "cloudquotas": "0.1.0",
+ "cloudtasks": "1.12.4",
+ "commerce": "0.1.3",
+ "compute": "1.23.3",
"compute/metadata": "0.2.3",
- "confidentialcomputing": "1.3.2",
- "config": "0.1.3",
- "contactcenterinsights": "1.11.2",
- "container": "1.27.0",
- "containeranalysis": "0.11.2",
- "datacatalog": "1.18.2",
- "dataflow": "0.9.3",
- "dataform": "0.9.0",
- "datafusion": "1.7.3",
- "datalabeling": "0.8.3",
- "dataplex": "1.11.0",
- "dataproc": "2.2.2",
- "dataqna": "0.8.3",
- "datastream": "1.10.2",
- "deploy": "1.14.1",
- "dialogflow": "1.44.2",
- "discoveryengine": "1.2.2",
- "dlp": "1.11.0",
- "documentai": "1.23.4",
- "domains": "0.9.3",
- "edgecontainer": "1.1.3",
- "essentialcontacts": "1.6.4",
- "eventarc": "1.13.2",
- "filestore": "1.7.3",
- "functions": "1.15.3",
- "gkebackup": "1.3.3",
- "gkeconnect": "0.8.3",
- "gkehub": "0.14.3",
- "gkemulticloud": "1.0.2",
- "grafeas": "0.3.3",
- "gsuiteaddons": "1.6.3",
- "iam": "1.1.4",
- "iap": "1.9.2",
- "ids": "1.4.3",
- "iot": "1.7.3",
- "kms": "1.15.4",
- "language": "1.12.1",
- "lifesciences": "0.9.3",
- "longrunning": "0.5.3",
- "managedidentities": "1.6.3",
- "maps": "1.6.0",
- "mediatranslation": "0.8.3",
- "memcache": "1.10.3",
- "metastore": "1.13.2",
- "migrationcenter": "0.2.2",
- "monitoring": "1.16.2",
- "netapp": "0.2.2",
- "networkconnectivity": "1.14.2",
- "networkmanagement": "1.9.2",
- "networksecurity": "0.9.3",
- "notebooks": "1.11.1",
- "optimization": "1.6.1",
- "orchestration": "1.8.3",
- "orgpolicy": "1.11.3",
- "osconfig": "1.12.3",
- "oslogin": "1.12.1",
- "phishingprotection": "0.8.3",
- "policysimulator": "0.2.1",
- "policytroubleshooter": "1.10.1",
- "privatecatalog": "0.9.3",
- "rapidmigrationassessment": "1.0.3",
- "recaptchaenterprise": "2.8.2",
- "recommendationengine": "0.8.3",
- "recommender": "1.11.2",
- "redis": "1.14.0",
- "resourcemanager": "1.9.3",
- "resourcesettings": "1.6.3",
- "retail": "1.14.3",
- "run": "1.3.2",
- "scheduler": "1.10.3",
- "secretmanager": "1.11.3",
- "securesourcemanager": "0.1.1",
- "security": "1.15.3",
- "securitycenter": "1.24.1",
- "servicecontrol": "1.12.3",
- "servicedirectory": "1.11.2",
- "servicemanagement": "1.9.4",
- "serviceusage": "1.8.2",
- "shell": "1.7.3",
- "shopping": "0.2.1",
- "speech": "1.20.0",
- "storageinsights": "1.0.3",
- "storagetransfer": "1.10.2",
- "support": "1.0.2",
- "talent": "1.6.4",
- "texttospeech": "1.7.3",
- "tpu": "1.6.3",
- "trace": "1.10.3",
- "translate": "1.9.2",
- "video": "1.20.2",
- "videointelligence": "1.11.3",
- "vision": "2.7.4",
- "vmmigration": "1.7.3",
- "vmwareengine": "1.0.2",
- "vpcaccess": "1.7.3",
- "webrisk": "1.9.3",
- "websecurityscanner": "1.6.3",
- "workflows": "1.12.2",
- "workstations": "0.5.2"
+ "confidentialcomputing": "1.4.0",
+ "config": "0.1.4",
+ "contactcenterinsights": "1.12.1",
+ "container": "1.29.0",
+ "containeranalysis": "0.11.3",
+ "datacatalog": "1.19.1",
+ "dataflow": "0.9.4",
+ "dataform": "0.9.1",
+ "datafusion": "1.7.4",
+ "datalabeling": "0.8.4",
+ "dataplex": "1.14.0",
+ "dataproc": "2.3.0",
+ "dataqna": "0.8.4",
+ "datastream": "1.10.3",
+ "deploy": "1.17.0",
+ "dialogflow": "1.48.0",
+ "discoveryengine": "1.4.0",
+ "dlp": "1.11.1",
+ "documentai": "1.23.7",
+ "domains": "0.9.4",
+ "edgecontainer": "1.1.4",
+ "edgenetwork": "0.1.0",
+ "essentialcontacts": "1.6.5",
+ "eventarc": "1.13.3",
+ "filestore": "1.8.0",
+ "functions": "1.15.4",
+ "gkebackup": "1.3.4",
+ "gkeconnect": "0.8.4",
+ "gkehub": "0.14.4",
+ "gkemulticloud": "1.1.0",
+ "grafeas": "0.3.4",
+ "gsuiteaddons": "1.6.4",
+ "iam": "1.1.5",
+ "iap": "1.9.3",
+ "ids": "1.4.4",
+ "iot": "1.7.4",
+ "kms": "1.15.5",
+ "language": "1.12.2",
+ "lifesciences": "0.9.4",
+ "longrunning": "0.5.4",
+ "managedidentities": "1.6.4",
+ "maps": "1.6.2",
+ "mediatranslation": "0.8.4",
+ "memcache": "1.10.4",
+ "metastore": "1.13.3",
+ "migrationcenter": "0.2.3",
+ "monitoring": "1.17.0",
+ "netapp": "0.2.3",
+ "networkconnectivity": "1.14.3",
+ "networkmanagement": "1.9.3",
+ "networksecurity": "0.9.4",
+ "notebooks": "1.11.2",
+ "optimization": "1.6.2",
+ "orchestration": "1.8.4",
+ "orgpolicy": "1.12.0",
+ "osconfig": "1.12.4",
+ "oslogin": "1.12.2",
+ "phishingprotection": "0.8.4",
+ "policysimulator": "0.2.2",
+ "policytroubleshooter": "1.10.2",
+ "privatecatalog": "0.9.4",
+ "rapidmigrationassessment": "1.0.4",
+ "recaptchaenterprise": "2.9.0",
+ "recommendationengine": "0.8.4",
+ "recommender": "1.12.0",
+ "redis": "1.14.1",
+ "resourcemanager": "1.9.4",
+ "resourcesettings": "1.6.4",
+ "retail": "1.14.4",
+ "run": "1.3.3",
+ "scheduler": "1.10.5",
+ "secretmanager": "1.11.4",
+ "securesourcemanager": "0.1.2",
+ "security": "1.15.4",
+ "securitycenter": "1.24.3",
+ "securitycentermanagement": "0.1.1",
+ "servicecontrol": "1.12.4",
+ "servicedirectory": "1.11.3",
+ "servicemanagement": "1.9.5",
+ "serviceusage": "1.8.3",
+ "shell": "1.7.4",
+ "shopping": "0.3.0",
+ "speech": "1.21.0",
+ "storageinsights": "1.0.4",
+ "storagetransfer": "1.10.3",
+ "support": "1.0.3",
+ "talent": "1.6.5",
+ "telcoautomation": "0.1.1",
+ "texttospeech": "1.7.4",
+ "tpu": "1.6.4",
+ "trace": "1.10.4",
+ "translate": "1.10.0",
+ "video": "1.20.3",
+ "videointelligence": "1.11.4",
+ "vision": "2.7.5",
+ "vmmigration": "1.7.4",
+ "vmwareengine": "1.0.3",
+ "vpcaccess": "1.7.4",
+ "webrisk": "1.9.4",
+ "websecurityscanner": "1.6.4",
+ "workflows": "1.12.3",
+ "workstations": "0.5.3"
}
diff --git a/vendor/cloud.google.com/go/.release-please-manifest.json b/vendor/cloud.google.com/go/.release-please-manifest.json
index f1afd6591f971..333e70a10a79a 100644
--- a/vendor/cloud.google.com/go/.release-please-manifest.json
+++ b/vendor/cloud.google.com/go/.release-please-manifest.json
@@ -1,3 +1,3 @@
{
- ".": "0.110.10"
+ ".": "0.112.0"
}
diff --git a/vendor/cloud.google.com/go/CHANGES.md b/vendor/cloud.google.com/go/CHANGES.md
index a418e2ee1cfb7..2a2b4cbb43fcb 100644
--- a/vendor/cloud.google.com/go/CHANGES.md
+++ b/vendor/cloud.google.com/go/CHANGES.md
@@ -1,5 +1,29 @@
# Changes
+## [0.112.0](https://github.com/googleapis/google-cloud-go/compare/v0.111.0...v0.112.0) (2024-01-11)
+
+
+### Features
+
+* **internal/trace:** Export internal/trace package constants and vars ([#9242](https://github.com/googleapis/google-cloud-go/issues/9242)) ([941c16f](https://github.com/googleapis/google-cloud-go/commit/941c16f3a2602e9bdc737b139060a7dd8318f9dd))
+
+
+### Documentation
+
+* **main:** Add telemetry discussion to debug.md ([#9074](https://github.com/googleapis/google-cloud-go/issues/9074)) ([90ed12e](https://github.com/googleapis/google-cloud-go/commit/90ed12e1dffe722b42f58556f0e17b808da9714d)), refs [#8655](https://github.com/googleapis/google-cloud-go/issues/8655)
+
+## [0.111.0](https://github.com/googleapis/google-cloud-go/compare/v0.110.10...v0.111.0) (2023-11-29)
+
+
+### Features
+
+* **internal/trace:** Add OpenTelemetry support ([#8655](https://github.com/googleapis/google-cloud-go/issues/8655)) ([7a46b54](https://github.com/googleapis/google-cloud-go/commit/7a46b5428f239871993d66be2c7c667121f60a6f)), refs [#2205](https://github.com/googleapis/google-cloud-go/issues/2205)
+
+
+### Bug Fixes
+
+* **all:** Bump google.golang.org/api to v0.149.0 ([#8959](https://github.com/googleapis/google-cloud-go/issues/8959)) ([8d2ab9f](https://github.com/googleapis/google-cloud-go/commit/8d2ab9f320a86c1c0fab90513fc05861561d0880))
+
## [0.110.10](https://github.com/googleapis/google-cloud-go/compare/v0.110.9...v0.110.10) (2023-10-31)
diff --git a/vendor/cloud.google.com/go/CONTRIBUTING.md b/vendor/cloud.google.com/go/CONTRIBUTING.md
index 18f175dac99be..d07f81f1797f1 100644
--- a/vendor/cloud.google.com/go/CONTRIBUTING.md
+++ b/vendor/cloud.google.com/go/CONTRIBUTING.md
@@ -62,10 +62,14 @@ intend only to run integration tests on a single package.
#### GCP Setup
-To run the integrations tests, creation and configuration of two projects in
+To run the integrations tests, creation and configuration of three projects in
the Google Developers Console is required: one specifically for Firestore
-integration tests, and another for all other integration tests. We'll refer to
-these projects as "general project" and "Firestore project".
+integration tests, one specifically for Bigtable integration tests, and another
+for all other integration tests. We'll refer to these projects as
+"Firestore project", "Bigtable project" and "general project".
+
+Note: You can skip setting up Bigtable project if you do not plan working on or running a few Bigtable
+tests that require a secondary project
After creating each project, you must [create a service account](https://developers.google.com/identity/protocols/OAuth2ServiceAccount#creatinganaccount)
for each project. Ensure the project-level **Owner**
@@ -118,7 +122,7 @@ Finally, in the general project, create an API key for the translate API:
#### Local Setup
-Once the two projects are created and configured, set the following environment
+Once the three projects are created and configured, set the following environment
variables:
- `GCLOUD_TESTS_GOLANG_PROJECT_ID`: Developers Console project's ID (e.g.
@@ -132,6 +136,7 @@ project's service account.
- `GCLOUD_TESTS_GOLANG_FIRESTORE_KEY`: The path to the JSON key file of the
Firestore project's service account.
- `GCLOUD_TESTS_API_KEY`: API key for using the Translate API created above.
+- `GCLOUD_TESTS_GOLANG_SECONDARY_BIGTABLE_PROJECT_ID`: Developers Console project's ID (e.g. doorway-cliff-677) for Bigtable optional secondary project. This can be same as Firestore project or any project other than the general project.
As part of the setup that follows, the following variables will be configured:
@@ -219,6 +224,9 @@ For instance, in `.zshrc`:
# Developers Console project's ID (e.g. bamboo-shift-455) for the general project.
export GCLOUD_TESTS_GOLANG_PROJECT_ID=your-project
+# Developers Console project's ID (e.g. bamboo-shift-455) for the Bigtable project.
+export GCLOUD_TESTS_GOLANG_SECONDARY_BIGTABLE_PROJECT_ID=your-bigtable-optional-secondary-project
+
# The path to the JSON key file of the general project's service account.
export GCLOUD_TESTS_GOLANG_KEY=~/directory/your-project-abcd1234.json
diff --git a/vendor/cloud.google.com/go/debug.md b/vendor/cloud.google.com/go/debug.md
index f2a608ce24d77..0c9826544c929 100644
--- a/vendor/cloud.google.com/go/debug.md
+++ b/vendor/cloud.google.com/go/debug.md
@@ -1,21 +1,37 @@
-# Debugging tips and tricks
+# Logging, Debugging and Telemetry
+
+**Warning:The OpenCensus project is obsolete and was archived on July 31st,
+2023.** This means that any security vulnerabilities that are found will not be
+patched. We recommend that you begin migrating to OpenCensus tracing to
+OpenTelemetry, the successor project. See [OpenCensus](#opencensus) below for
+details.
+
+Logging, debugging and telemetry all capture data that can be used for
+troubleshooting. Logging records specific events and transactions. Debugging
+exposes values for immediate analysis. Telemetry is suitable for production use
+and can serve both logging and monitoring purposes. Telemetry tracing follows
+requests through a system to provide a view of component interactions. Telemetry
+metrics collects data for significant performance indicators, offering insights
+into a system's health.
+
+## Logging and debugging
While working with the Go Client libraries you may run into some situations
where you need a deeper level of understanding about what is going on in order
to solve your problem. Here are some tips and tricks that you can use in these
-cases. *Note* that many of the tips in this document will have a performance
+cases. *Note* that many of the tips in this section will have a performance
impact and are therefore not recommended for sustained production use. Use these
tips locally or in production for a *limited time* to help get a better
understanding of what is going on.
-## HTTP based clients
+### HTTP based clients
All of our auto-generated clients have a constructor to create a client that
uses HTTP/JSON instead of gRPC. Additionally a couple of our hand-written
clients like Storage and Bigquery are also HTTP based. Here are some tips for
debugging these clients.
-### Try setting Go's HTTP debug variable
+#### Try setting Go's HTTP debug variable
Try setting the following environment variable for verbose Go HTTP logging:
GODEBUG=http2debug=1. To read more about this feature please see the godoc for
@@ -24,7 +40,7 @@ GODEBUG=http2debug=1. To read more about this feature please see the godoc for
*WARNING*: Enabling this debug variable will log headers and payloads which may
contain private information.
-### Add in your own logging with an HTTP middleware
+#### Add in your own logging with an HTTP middleware
You may want to add in your own logging around HTTP requests. One way to do this
is to register a custom HTTP client with a logging transport built in. Here is
@@ -92,16 +108,16 @@ func main() {
}
```
-## gRPC based clients
+### gRPC based clients
-### Try setting grpc-go's debug variables
+#### Try setting grpc-go's debug variables
Try setting the following environment variables for grpc-go:
`GRPC_GO_LOG_VERBOSITY_LEVEL=99` `GRPC_GO_LOG_SEVERITY_LEVEL=info`. These are
good for diagnosing connection level failures. For more information please see
[grpc-go's debug documentation](https://pkg.go.dev/google.golang.org/grpc/examples/features/debugging#section-readme).
-### Add in your own logging with a gRPC interceptors
+#### Add in your own logging with a gRPC interceptors
You may want to add in your own logging around gRPC requests. One way to do this
is to register a custom interceptor that adds logging. Here is
@@ -160,3 +176,220 @@ func main() {
// Use the client
}
```
+
+## Telemetry
+
+**Warning:The OpenCensus project is obsolete and was archived on July 31st,
+2023.** This means that any security vulnerabilities that are found will not be
+patched. We recommend that you begin migrating to OpenCensus tracing to
+OpenTelemetry, the successor project. See [OpenCensus](#opencensus) below for
+details.
+
+The Google Cloud client libraries for Go still use the OpenCensus project by
+default. However, opt-in support for
+[OpenTelemetry](https://opentelemetry.io/docs/what-is-opentelemetry/) is now
+available. The transition from OpenCensus to OpenTelemetry is covered in the
+following sections.
+
+### Tracing (experimental)
+
+Apart from spans created by underlying libraries such as gRPC, Google Cloud Go
+generated clients do not create spans. Only the spans created by following
+hand-written clients are in scope for the discussion in this section:
+
+* [cloud.google.com/go/bigquery](https://pkg.go.dev/cloud.google.com/go/bigquery)
+* [cloud.google.com/go/bigtable](https://pkg.go.dev/cloud.google.com/go/bigtable)
+* [cloud.google.com/go/datastore](https://pkg.go.dev/cloud.google.com/go/datastore)
+* [cloud.google.com/go/firestore](https://pkg.go.dev/cloud.google.com/go/firestore)
+* [cloud.google.com/go/spanner](https://pkg.go.dev/cloud.google.com/go/spanner)
+* [cloud.google.com/go/storage](https://pkg.go.dev/cloud.google.com/go/storage)
+
+Currently, the spans created by these clients are for OpenCensus. However,
+OpenCensus users are urged to transition to OpenTelemetry as soon as possible,
+as explained in the next section. OpenTelemetry users can opt-in to experimental
+OpenTelemetry support via an environment variable, as described below.
+
+#### OpenCensus
+
+**Warning:The OpenCensus project is obsolete and was archived on July 31st,
+2023.** This means that any security vulnerabilities that are found will not be
+patched. We recommend that you begin migrating to OpenCensus tracing to
+OpenTelemetry, the successor project.
+
+Using the [OpenTelemetry-Go - OpenCensus Bridge](https://pkg.go.dev/go.opentelemetry.io/otel/bridge/opencensus), you can immediately begin exporting your traces with OpenTelemetry, even while
+dependencies of your application remain instrumented with OpenCensus. If you do
+not use the bridge, you will need to migrate your entire application and all of
+its instrumented dependencies at once. For simple applications, this may be
+possible, but we expect the bridge to be helpful if multiple libraries with
+instrumentation are used.
+
+On May 29, 2024, six months after the
+[release](https://github.com/googleapis/google-cloud-go/releases/tag/v0.111.0)
+of experimental, opt-in support for OpenTelemetry tracing, the default tracing
+support in the clients above will change from OpenCensus to OpenTelemetry, and
+the experimental OpenCensus support will be marked as deprecated. To continue
+using the OpenCensus support after this change, set the environment variable
+`GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING` to the case-insensitive
+value `opencensus` before loading the client library.
+
+```sh
+export GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING=opencensus
+```
+
+On December 2nd, 2024, one year after the release of OpenTelemetry support, the
+experimental and deprecated support for OpenCensus tracing will be removed.
+
+Please note that all Google Cloud Go clients currently provide experimental
+support for the propagation of both OpenCensus and OpenTelemetry trace context
+to their receiving endpoints. The experimental support for OpenCensus trace
+context propagation will be removed at the same time as the experimental
+OpenCensus tracing support.
+
+Please refer to the following resources:
+
+* [Sunsetting OpenCensus](https://opentelemetry.io/blog/2023/sunsetting-opencensus/)
+* [OpenTelemetry-Go - OpenCensus Bridge](https://pkg.go.dev/go.opentelemetry.io/otel/bridge/opencensus)
+
+#### OpenTelemetry
+
+To opt-in to experimental OpenTelemetry tracing currently available in the
+clients listed above, set the environment variable
+`GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING` to the case-insensitive
+value `opentelemetry` before loading the client library.
+
+```sh
+export GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING=opentelemetry
+```
+
+On May 29, 2024, the default tracing support will change from OpenCensus to
+OpenTelemetry, and this environment variable will no longer be needed.
+
+Please refer to the following resources:
+
+* [What is OpenTelemetry?](https://opentelemetry.io/docs/what-is-opentelemetry/)
+* [Cloud Trace - Go and OpenTelemetry](https://cloud.google.com/trace/docs/setup/go-ot)
+* On GCE, [use Ops Agent and OpenTelemetry](https://cloud.google.com/trace/docs/otlp)
+
+##### Configuring the OpenTelemetry-Go - OpenCensus Bridge
+
+To configure the OpenCensus bridge with OpenTelemetry and Cloud Trace:
+
+```go
+import (
+ "context"
+ "log"
+ "os"
+ texporter "github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace"
+ octrace "go.opencensus.io/trace"
+ "go.opentelemetry.io/contrib/detectors/gcp"
+ "go.opentelemetry.io/otel"
+ "go.opentelemetry.io/otel/bridge/opencensus"
+ "go.opentelemetry.io/otel/sdk/resource"
+ sdktrace "go.opentelemetry.io/otel/sdk/trace"
+ semconv "go.opentelemetry.io/otel/semconv/v1.7.0"
+)
+
+func main() {
+ // Create exporter.
+ ctx := context.Background()
+ projectID := os.Getenv("GOOGLE_CLOUD_PROJECT")
+ exporter, err := texporter.New(texporter.WithProjectID(projectID))
+ if err != nil {
+ log.Fatalf("texporter.New: %v", err)
+ }
+ // Identify your application using resource detection
+ res, err := resource.New(ctx,
+ // Use the GCP resource detector to detect information about the GCP platform
+ resource.WithDetectors(gcp.NewDetector()),
+ // Keep the default detectors
+ resource.WithTelemetrySDK(),
+ // Add your own custom attributes to identify your application
+ resource.WithAttributes(
+ semconv.ServiceNameKey.String("my-application"),
+ ),
+ )
+ if err != nil {
+ log.Fatalf("resource.New: %v", err)
+ }
+ // Create trace provider with the exporter.
+ //
+ // By default it uses AlwaysSample() which samples all traces.
+ // In a production environment or high QPS setup please use
+ // probabilistic sampling.
+ // Example:
+ // tp := sdktrace.NewTracerProvider(sdktrace.WithSampler(sdktrace.TraceIDRatioBased(0.0001)), ...)
+ tp := sdktrace.NewTracerProvider(
+ sdktrace.WithBatcher(exporter),
+ sdktrace.WithResource(res),
+ )
+ defer tp.Shutdown(ctx) // flushes any pending spans, and closes connections.
+ otel.SetTracerProvider(tp)
+ tracer := otel.GetTracerProvider().Tracer("example.com/trace")
+ // Configure the OpenCensus tracer to use the bridge.
+ octrace.DefaultTracer = opencensus.NewTracer(tracer)
+ // Use otel tracer to create spans...
+}
+
+```
+
+
+##### Configuring context propagation
+
+In order to pass options to OpenTelemetry trace context propagation, follow the
+appropriate example for the client's underlying transport.
+
+###### Passing options in HTTP-based clients
+
+```go
+ctx := context.Background()
+trans, err := htransport.NewTransport(ctx,
+ http.DefaultTransport,
+ option.WithScopes(storage.ScopeFullControl),
+)
+if err != nil {
+ log.Fatal(err)
+}
+// An example of passing options to the otelhttp.Transport.
+otelOpts := otelhttp.WithFilter(func(r *http.Request) bool {
+ return r.URL.Path != "/ping"
+})
+hc := &http.Client{
+ Transport: otelhttp.NewTransport(trans, otelOpts),
+}
+client, err := storage.NewClient(ctx, option.WithHTTPClient(hc))
+```
+
+Note that scopes must be set manually in this user-configured solution.
+
+###### Passing options in gRPC-based clients
+
+```go
+projectID := "..."
+ctx := context.Background()
+
+// An example of passing options to grpc.WithStatsHandler.
+otelOpts := otelgrpc.WithMessageEvents(otelgrpc.ReceivedEvents)
+dialOpts := grpc.WithStatsHandler(otelgrpc.NewClientHandler(otelOpts))
+
+ctx := context.Background()
+c, err := datastore.NewClient(ctx, projectID, option.WithGRPCDialOption(dialOpts))
+if err != nil {
+ log.Fatal(err)
+}
+defer c.Close()
+```
+
+
+### Metrics (experimental)
+
+The generated clients do not create metrics. Only the following hand-written
+clients create experimental OpenCensus metrics:
+
+* [cloud.google.com/go/bigquery](https://pkg.go.dev/cloud.google.com/go/bigquery)
+* [cloud.google.com/go/pubsub](https://pkg.go.dev/cloud.google.com/go/pubsub)
+* [cloud.google.com/go/spanner](https://pkg.go.dev/cloud.google.com/go/spanner)
+
+#### OpenTelemetry
+
+The transition of the experimental metrics in the clients above from OpenCensus
+to OpenTelemetry is still TBD.
\ No newline at end of file
diff --git a/vendor/cloud.google.com/go/doc.go b/vendor/cloud.google.com/go/doc.go
index d15db660e6a24..a90d072f0f056 100644
--- a/vendor/cloud.google.com/go/doc.go
+++ b/vendor/cloud.google.com/go/doc.go
@@ -250,7 +250,7 @@ situations, including:
[testing against fake servers]: https://github.com/googleapis/google-cloud-go/blob/main/testing.md#testing-grpc-services-using-fakes
[Vertex AI - Locations]: https://cloud.google.com/vertex-ai/docs/general/locations
[Google Application Default Credentials]: https://cloud.google.com/docs/authentication/external/set-up-adc
-[Debugging Guide]: https://github.com/googleapis/google-cloud-go/blob/main/debug.md
+[Logging, Debugging and Telemetry Guide]: https://github.com/googleapis/google-cloud-go/blob/main/debug.md
[Testing Guide]: https://github.com/googleapis/google-cloud-go/blob/main/testing.md
*/
package cloud // import "cloud.google.com/go"
diff --git a/vendor/cloud.google.com/go/go.work b/vendor/cloud.google.com/go/go.work
index 09b4ea64a2285..88670504dc242 100644
--- a/vendor/cloud.google.com/go/go.work
+++ b/vendor/cloud.google.com/go/go.work
@@ -14,6 +14,7 @@ use (
./apigeeregistry
./apikeys
./appengine
+ ./apps
./area120
./artifactregistry
./asset
@@ -32,6 +33,8 @@ use (
./channel
./cloudbuild
./clouddms
+ ./cloudprofiler
+ ./cloudquotas
./cloudtasks
./commerce
./compute
@@ -58,6 +61,7 @@ use (
./documentai
./domains
./edgecontainer
+ ./edgenetwork
./errorreporting
./essentialcontacts
./eventarc
@@ -127,6 +131,7 @@ use (
./securesourcemanager
./security
./securitycenter
+ ./securitycentermanagement
./servicecontrol
./servicedirectory
./servicemanagement
@@ -141,10 +146,12 @@ use (
./storagetransfer
./support
./talent
+ ./telcoautomation
./texttospeech
./tpu
./trace
./translate
+ ./vertexai
./video
./videointelligence
./vision
diff --git a/vendor/cloud.google.com/go/go.work.sum b/vendor/cloud.google.com/go/go.work.sum
index 1d48c1d9edb62..b7500f493a0d5 100644
--- a/vendor/cloud.google.com/go/go.work.sum
+++ b/vendor/cloud.google.com/go/go.work.sum
@@ -1,10 +1,10 @@
cloud.google.com/go/gaming v1.9.0 h1:7vEhFnZmd931Mo7sZ6pJy7uQPDxF7m7v8xtBheG08tc=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.18.0 h1:ugYJK/neZQtQeh2jc5xNoDFiMQojlAkoqJMRb7vTu1U=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.18.0/go.mod h1:Xx0VKh7GJ4si3rmElbh19Mejxz68ibWg/J30ZOMrqzU=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk=
-github.com/cloudprober/cloudprober v0.12.8/go.mod h1:RBgsmwfacACvW/VX6/iNVEK+WnNXDhj/5WvII8N76KQ=
github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo=
@@ -12,29 +12,17 @@ github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkj
github.com/googleapis/gax-go/v2 v2.9.1/go.mod h1:4FG3gMrVZlyMp5itSYKMU9z/lBE7+SbnUOvzH2HqbEY=
github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw=
github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/mmcloughlin/avo v0.5.0/go.mod h1:ChHFdoV7ql95Wi7vuq2YT1bwCJqiWdZrQ1im3VujLYM=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs=
golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
-golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=
golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg=
-google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98/go.mod h1:S7mY02OqCJTD0E1OiQy1F72PWFB4bZJ87cAtLPYgDR0=
-google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
-google.golang.org/genproto v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:CCviP9RmpZ1mxVr8MUjCnSiY09IbAXZxhLE6EhHIdPU=
-google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk=
-google.golang.org/genproto v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:EMfReVxb80Dq1hhioy0sOsY9jCE46YDgHlJ7fWVUWRE=
-google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ=
-google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
-google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97/go.mod h1:iargEX0SFPm3xcfMI0d1domjg0ZF4Aa0p2awqyxhvF0=
-google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:SUBoKXbI1Efip18FClrQVGjWcyd0QZd8KkvdP34t7ww=
-google.golang.org/genproto/googleapis/bytestream v0.0.0-20230629202037-9506855d4529/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA=
-google.golang.org/genproto/googleapis/bytestream v0.0.0-20230911183012-2d3300fd4832/go.mod h1:NjCQG/D8JandXxM57PZbAJL1DCNL6EypA0vPPwfsc7c=
-google.golang.org/genproto/googleapis/bytestream v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:qDbnxtViX5J6CvFbxeNUSzKgVlDLJ/6L+caxye9+Flo=
-google.golang.org/genproto/googleapis/bytestream v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:itlFWGBbEyD32PUeJsTG8h8Wz7iJXfVK4gt1EJ+pAG0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0=
-google.golang.org/grpc v1.58.2/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
-google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
+google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0/go.mod h1:CAny0tYF+0/9rmDB9fahA9YLzX3+AEVl1qXbv5hhj6c=
+google.golang.org/genproto/googleapis/bytestream v0.0.0-20231120223509-83a465c0220f/go.mod h1:iIgEblxoG4klcXsG0d9cpoxJ4xndv6+1FkDROCHhPRI=
+google.golang.org/genproto/googleapis/bytestream v0.0.0-20231212172506-995d672761c0/go.mod h1:guYXGPwC6jwxgWKW5Y405fKWOFNwlvUlUnzyp9i0uqo=
diff --git a/vendor/cloud.google.com/go/release-please-config-individual.json b/vendor/cloud.google.com/go/release-please-config-individual.json
index fd6db8b96122d..529f7db353a04 100644
--- a/vendor/cloud.google.com/go/release-please-config-individual.json
+++ b/vendor/cloud.google.com/go/release-please-config-individual.json
@@ -43,6 +43,9 @@
},
"storage": {
"component": "storage"
+ },
+ "vertexai": {
+ "component": "vertexai"
}
},
"plugins": [
diff --git a/vendor/cloud.google.com/go/release-please-config-yoshi-submodules.json b/vendor/cloud.google.com/go/release-please-config-yoshi-submodules.json
index d2bd9b417b30a..e6a2b0ed66cca 100644
--- a/vendor/cloud.google.com/go/release-please-config-yoshi-submodules.json
+++ b/vendor/cloud.google.com/go/release-please-config-yoshi-submodules.json
@@ -39,6 +39,9 @@
"appengine": {
"component": "appengine"
},
+ "apps": {
+ "component": "apps"
+ },
"area120": {
"component": "area120"
},
@@ -81,6 +84,12 @@
"clouddms": {
"component": "clouddms"
},
+ "cloudprofiler": {
+ "component": "cloudprofiler"
+ },
+ "cloudquotas": {
+ "component": "cloudquotas"
+ },
"cloudtasks": {
"component": "cloudtasks"
},
@@ -156,6 +165,9 @@
"edgecontainer": {
"component": "edgecontainer"
},
+ "edgenetwork": {
+ "component": "edgenetwork"
+ },
"essentialcontacts": {
"component": "essentialcontacts"
},
@@ -315,6 +327,9 @@
"securitycenter": {
"component": "securitycenter"
},
+ "securitycentermanagement": {
+ "component": "securitycentermanagement"
+ },
"servicecontrol": {
"component": "servicecontrol"
},
@@ -348,6 +363,9 @@
"talent": {
"component": "talent"
},
+ "telcoautomation": {
+ "component": "telcoautomation"
+ },
"texttospeech": {
"component": "texttospeech"
},
diff --git a/vendor/github.com/containerd/containerd/Vagrantfile b/vendor/github.com/containerd/containerd/Vagrantfile
index 401f7198f0a2a..a428145d8682d 100644
--- a/vendor/github.com/containerd/containerd/Vagrantfile
+++ b/vendor/github.com/containerd/containerd/Vagrantfile
@@ -104,7 +104,7 @@ EOF
config.vm.provision "install-golang", type: "shell", run: "once" do |sh|
sh.upload_path = "/tmp/vagrant-install-golang"
sh.env = {
- 'GO_VERSION': ENV['GO_VERSION'] || "1.22.6",
+ 'GO_VERSION': ENV['GO_VERSION'] || "1.22.7",
}
sh.inline = <<~SHELL
#!/usr/bin/env bash
diff --git a/vendor/github.com/containerd/containerd/pkg/userns/userns_deprecated.go b/vendor/github.com/containerd/containerd/pkg/userns/userns_deprecated.go
deleted file mode 100644
index 79d22a5d1d611..0000000000000
--- a/vendor/github.com/containerd/containerd/pkg/userns/userns_deprecated.go
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- Copyright The containerd Authors.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-// Deprecated: use github.com/moby/sys/userns
-package userns
-
-import "github.com/moby/sys/userns"
-
-// RunningInUserNS detects whether we are currently running in a Linux
-// user namespace and memoizes the result. It returns false on non-Linux
-// platforms.
-//
-// Deprecated: use [userns.RunningInUserNS].
-func RunningInUserNS() bool {
- return userns.RunningInUserNS()
-}
diff --git a/vendor/github.com/containerd/containerd/version/version.go b/vendor/github.com/containerd/containerd/version/version.go
index 315867d21f5a4..4546b9445d83b 100644
--- a/vendor/github.com/containerd/containerd/version/version.go
+++ b/vendor/github.com/containerd/containerd/version/version.go
@@ -23,7 +23,7 @@ var (
Package = "github.com/containerd/containerd"
// Version holds the complete version number. Filled in at linking time.
- Version = "1.7.21+unknown"
+ Version = "1.7.22+unknown"
// Revision is filled with the VCS (e.g. git) revision being used to build
// the program at linking time.
diff --git a/vendor/github.com/containerd/nydus-snapshotter/pkg/converter/convert_unix.go b/vendor/github.com/containerd/nydus-snapshotter/pkg/converter/convert_unix.go
index 9cbc2a90363a5..c892c685117b6 100644
--- a/vendor/github.com/containerd/nydus-snapshotter/pkg/converter/convert_unix.go
+++ b/vendor/github.com/containerd/nydus-snapshotter/pkg/converter/convert_unix.go
@@ -25,10 +25,11 @@ import (
"github.com/containerd/containerd/archive"
"github.com/containerd/containerd/archive/compression"
"github.com/containerd/containerd/content"
- "github.com/containerd/containerd/errdefs"
+ "github.com/containerd/containerd/content/local"
"github.com/containerd/containerd/images"
"github.com/containerd/containerd/images/converter"
"github.com/containerd/containerd/labels"
+ "github.com/containerd/errdefs"
"github.com/containerd/fifo"
"github.com/klauspost/compress/zstd"
"github.com/opencontainers/go-digest"
@@ -108,7 +109,7 @@ func unpackOciTar(ctx context.Context, dst string, reader io.Reader) error {
ctx,
dst,
ds,
- archive.WithConvertWhiteout(func(hdr *tar.Header, file string) (bool, error) {
+ archive.WithConvertWhiteout(func(_ *tar.Header, _ string) (bool, error) {
// Keep to extract all whiteout files.
return true, nil
}),
@@ -624,13 +625,23 @@ func Merge(ctx context.Context, layers []Layer, dest io.Writer, opt MergeOption)
return nil, errors.Wrap(err, "merge bootstrap")
}
+ bootstrapRa, err := local.OpenReader(targetBootstrapPath)
+ if err != nil {
+ return nil, errors.Wrap(err, "open bootstrap reader")
+ }
+ defer bootstrapRa.Close()
+
+ files := append([]File{
+ {
+ Name: EntryBootstrap,
+ Reader: content.NewReader(bootstrapRa),
+ Size: bootstrapRa.Size(),
+ },
+ }, opt.AppendFiles...)
var rc io.ReadCloser
if opt.WithTar {
- rc, err = packToTar(targetBootstrapPath, fmt.Sprintf("image/%s", EntryBootstrap), false)
- if err != nil {
- return nil, errors.Wrap(err, "pack bootstrap to tar")
- }
+ rc = packToTar(files, false)
} else {
rc, err = os.Open(targetBootstrapPath)
if err != nil {
diff --git a/vendor/github.com/containerd/nydus-snapshotter/pkg/converter/types.go b/vendor/github.com/containerd/nydus-snapshotter/pkg/converter/types.go
index 94a68041a171f..6bd54a6afc445 100644
--- a/vendor/github.com/containerd/nydus-snapshotter/pkg/converter/types.go
+++ b/vendor/github.com/containerd/nydus-snapshotter/pkg/converter/types.go
@@ -125,6 +125,8 @@ type MergeOption struct {
Timeout *time.Duration
// Encrypt encrypts the bootstrap layer if it's specified.
Encrypt Encrypter
+ // AppendFiles specifies the files that need to be appended to the bootstrap layer.
+ AppendFiles []File
}
type UnpackOption struct {
diff --git a/vendor/github.com/containerd/nydus-snapshotter/pkg/converter/utils.go b/vendor/github.com/containerd/nydus-snapshotter/pkg/converter/utils.go
index b0b04d8b5fc09..7c09f76d0b20b 100644
--- a/vendor/github.com/containerd/nydus-snapshotter/pkg/converter/utils.go
+++ b/vendor/github.com/containerd/nydus-snapshotter/pkg/converter/utils.go
@@ -14,7 +14,6 @@ import (
"encoding/json"
"fmt"
"io"
- "os"
"path/filepath"
"github.com/containerd/containerd/content"
@@ -22,6 +21,12 @@ import (
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
)
+type File struct {
+ Name string
+ Reader io.Reader
+ Size int64
+}
+
type writeCloser struct {
closed bool
io.WriteCloser
@@ -83,39 +88,27 @@ func newSeekReader(ra io.ReaderAt) *seekReader {
}
}
-// packToTar makes .tar(.gz) stream of file named `name` and return reader.
-func packToTar(src string, name string, compress bool) (io.ReadCloser, error) {
- fi, err := os.Stat(src)
- if err != nil {
- return nil, err
- }
-
+// packToTar packs files to .tar(.gz) stream then return reader.
+func packToTar(files []File, compress bool) io.ReadCloser {
dirHdr := &tar.Header{
- Name: filepath.Dir(name),
+ Name: "image",
Mode: 0755,
Typeflag: tar.TypeDir,
}
- hdr := &tar.Header{
- Name: name,
- Mode: 0444,
- Size: fi.Size(),
- }
-
- reader, writer := io.Pipe()
+ pr, pw := io.Pipe()
go func() {
// Prepare targz writer
var tw *tar.Writer
var gw *gzip.Writer
var err error
- var file *os.File
if compress {
- gw = gzip.NewWriter(writer)
+ gw = gzip.NewWriter(pw)
tw = tar.NewWriter(gw)
} else {
- tw = tar.NewWriter(writer)
+ tw = tar.NewWriter(pw)
}
defer func() {
@@ -137,30 +130,30 @@ func packToTar(src string, name string, compress bool) (io.ReadCloser, error) {
finalErr = err2
}
- writer.CloseWithError(finalErr)
+ pw.CloseWithError(finalErr)
}()
- file, err = os.Open(src)
- if err != nil {
- return
- }
- defer file.Close()
-
// Write targz stream
if err = tw.WriteHeader(dirHdr); err != nil {
return
}
- if err = tw.WriteHeader(hdr); err != nil {
- return
- }
-
- if _, err = io.Copy(tw, file); err != nil {
- return
+ for _, file := range files {
+ hdr := tar.Header{
+ Name: filepath.Join("image", file.Name),
+ Mode: 0444,
+ Size: file.Size,
+ }
+ if err = tw.WriteHeader(&hdr); err != nil {
+ return
+ }
+ if _, err = io.Copy(tw, file.Reader); err != nil {
+ return
+ }
}
}()
- return reader, nil
+ return pr
}
// Copied from containerd/containerd project, copyright The containerd Authors.
diff --git a/vendor/github.com/containerd/typeurl/v2/README.md b/vendor/github.com/containerd/typeurl/v2/README.md
index e3d0742f456c3..8d86600a40b36 100644
--- a/vendor/github.com/containerd/typeurl/v2/README.md
+++ b/vendor/github.com/containerd/typeurl/v2/README.md
@@ -2,7 +2,7 @@
[](https://pkg.go.dev/github.com/containerd/typeurl)
[](https://github.com/containerd/typeurl/actions?query=workflow%3ACI)
-[](https://codecov.io/gh/containerd/typeurl)
+[](https://codecov.io/gh/containerd/typeurl)
[](https://goreportcard.com/report/github.com/containerd/typeurl)
A Go package for managing the registration, marshaling, and unmarshaling of encoded types.
@@ -13,8 +13,8 @@ This package helps when types are sent over a ttrpc/GRPC API and marshaled as a
**typeurl** is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE).
As a containerd sub-project, you will find the:
- * [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md),
- * [Maintainers](https://github.com/containerd/project/blob/master/MAINTAINERS),
- * and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md)
+ * [Project governance](https://github.com/containerd/project/blob/main/GOVERNANCE.md),
+ * [Maintainers](https://github.com/containerd/project/blob/main/MAINTAINERS),
+ * and [Contributing guidelines](https://github.com/containerd/project/blob/main/CONTRIBUTING.md)
information in our [`containerd/project`](https://github.com/containerd/project) repository.
diff --git a/vendor/github.com/containerd/typeurl/v2/types.go b/vendor/github.com/containerd/typeurl/v2/types.go
index 8d6665bb5ba76..78817b701e3ad 100644
--- a/vendor/github.com/containerd/typeurl/v2/types.go
+++ b/vendor/github.com/containerd/typeurl/v2/types.go
@@ -27,6 +27,7 @@ import (
gogoproto "github.com/gogo/protobuf/proto"
"google.golang.org/protobuf/proto"
"google.golang.org/protobuf/reflect/protoregistry"
+ "google.golang.org/protobuf/types/known/anypb"
)
var (
@@ -122,6 +123,9 @@ func TypeURL(v interface{}) (string, error) {
// Is returns true if the type of the Any is the same as v.
func Is(any Any, v interface{}) bool {
+ if any == nil {
+ return false
+ }
// call to check that v is a pointer
tryDereference(v)
url, err := TypeURL(v)
@@ -193,6 +197,31 @@ func UnmarshalToByTypeURL(typeURL string, value []byte, out interface{}) error {
return err
}
+// MarshalProto converts typeurl.Any to google.golang.org/protobuf/types/known/anypb.Any.
+func MarshalProto(from Any) *anypb.Any {
+ if from == nil {
+ return nil
+ }
+
+ if pbany, ok := from.(*anypb.Any); ok {
+ return pbany
+ }
+
+ return &anypb.Any{
+ TypeUrl: from.GetTypeUrl(),
+ Value: from.GetValue(),
+ }
+}
+
+// MarshalAnyToProto converts an arbitrary interface to google.golang.org/protobuf/types/known/anypb.Any.
+func MarshalAnyToProto(from interface{}) (*anypb.Any, error) {
+ anyType, err := MarshalAny(from)
+ if err != nil {
+ return nil, err
+ }
+ return MarshalProto(anyType), nil
+}
+
func unmarshal(typeURL string, value []byte, v interface{}) (interface{}, error) {
t, err := getTypeByUrl(typeURL)
if err != nil {
diff --git a/vendor/github.com/moby/buildkit/AUTHORS b/vendor/github.com/moby/buildkit/AUTHORS
index c5ae03bfcb8d6..7a9966ff25185 100644
--- a/vendor/github.com/moby/buildkit/AUTHORS
+++ b/vendor/github.com/moby/buildkit/AUTHORS
@@ -6,11 +6,16 @@ Aaron L. Xu
Aaron Lehmann
Aaron Lehmann
Abdur Rehman
+adamperlin
Addam Hardy
Adrian Plata
+Adrien Delorme
+Ahmon Dancy
Aidan Hobson Sayers
Akihiro Suda
Alan Fregtman <941331+darkvertex@users.noreply.github.com>
+Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
+Aleksa Sarai
Alex Couture-Beil
Alex Mayer
Alex Suraci
@@ -29,17 +34,27 @@ Andrey Smirnov
Andy Alt
Andy Caldwell
Ankush Agarwal
+Anthony Nandaa
Anthony Sottile
Anurag Goel
Anusha Ragunathan
+Arkadiusz Drabczyk
+Arnaldo Garcia Rincon
Arnaud Bailly
+Artem Khramov
+Austin Vazquez
Avi Deitcher
Bastiaan Bakker
Ben Longo
Bertrand Paquet
+Billy Owire
Bin Liu
+Bjorn Neergaard
Brandon Mitchell
+Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Brian Goff
+Bunyamin Dokmetas <19335284+ztzxt@users.noreply.github.com>
+Burt Holzman
Ce Gao
Chaerim Yeo
Changwei Ge
@@ -60,8 +75,10 @@ Corey Larson
Cory Bennett
Cory Snider
coryb
+Craig Andrews
CrazyMax
Csaba Apagyi
+cuiyourong
Dan Duvall
Daniel Cassidy
Daniel Nephin
@@ -74,9 +91,11 @@ David Dooling
David Gageot
David Karlsson
Davis Schirmer
+Debosmit Ray
Dennis Chen
+Dennis Haney
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-Derek McGowan
+Derek McGowan
Dharmit Shah
Ding Fei
dito
@@ -86,16 +105,21 @@ Eli Uriegas
Elias Faxö
Eng Zer Jun
Eric Engestrom
+Erik McKelvey
Erik Sipsma
eyherabh
f0
+fanjiyun.fjy
+Felix Fontein
Fernando Miguel
Fiona Klute
Foysal Iqbal
+Frank Villaro-Dixon
+frankyang
Fred Cox
Frieder Bluemle
-Gabriel
-Gabriel Adrian Samfira
+Félix Mattrat
+Gabriel-Adrian Samfira
Gaetan de Villele
Gahl Saraf
genglu.gl
@@ -103,7 +127,10 @@ George
ggjulio
Govind Rai
Grant Reaber
-Guilhem C