[epic] add more options to service create / service update #25303
Open
Description
The service create and service update commands do not support all options that docker run / docker create supports. Some options are not implemented yet, whereas other options may either not be implemented (because they don't make sense in the context of a service, or are not portable / cross platform).
We should add more options for services, however instead of blindly copying every option, we should make sure the options are implemented properly, which may require using different names for the options and/or different kind of values.
I tried to create an overview of all options on docker run, and to match them with the docker service create options we currently have; I may have missed some, or made the wrong "translation", so input is welcome here
| Status | Issue | docker run |
docker service |
Notes |
|---|---|---|---|---|
| ✅ | #27902 | --add-host |
||
| ❓ | #27552 (for exec) |
-a, --attach |
n/a | |
--blkio-weight |
||||
--blkio-weight-device |
||||
| ✅ | #25885 | --cap-add |
||
| ✅ | #25885 | --cap-drop |
||
--cgroup-parent |
||||
| ❌ | --cidfile |
does not apply to services, as there are multiple containers backing it | ||
| ❓ | --cpu-percent |
|||
| ✅ | --cpu-period |
--limit-cpu |
--limit-cpu sets a combination of "cpu period" and "cpu quota" see #27958 for the docker run implementation |
|
| ✅ | --cpu-quota |
--limit-cpu |
--limit-cpu sets a combination of "cpu period" and "cpu quota" see #27958 for the docker run implementation |
|
| ❓ | --cpu-rt-period |
|||
| ❓ | --cpu-rt-runtime |
|||
| ❓ | -c, --cpu-shares |
|||
| ✅ | --cpus |
--limit-cpu |
--limit-cpu sets a combination of "cpu period" and "cpu quota" see #27958 for the docker run implementation |
|
| ❓ | #30477 | --cpuset-cpus |
||
| ❓ | --cpuset-mems |
|||
| ✅ | -d, --detach |
-d is the default |
||
| ❌ | --detach-keys |
No interactive services, so not needed | ||
| ❓ | #24865 / moby/swarmkit#1244 | --device |
||
| ❓ | --device-cgroup-rule |
devices are host specific, so may not make sense:question: | ||
| ❓ | #32602 | --device-read-bps |
devices are host specific, so may not make sense:question: | |
| ❓ | #32602 | --device-read-iops |
devices are host specific, so may not make sense:question: | |
| ❓ | #32602 | --device-write-bps |
devices are host specific, so may not make sense:question: | |
| ❓ | #32602 | --device-write-iops |
devices are host specific, so may not make sense:question: | |
--disable-content-trust |
||||
| ✅ | #24391 | --dns |
PR #27567 | |
| ✅ | #24391 | --dns-option |
--dns-option, --dns-option-add, --dns-option-rm |
PR #27567 |
| ✅ | #24391 | --dns-search |
--dns-search, --dns-search-add, --dns-search-rm |
PR #27567 |
| ❓ | #29171 | --entrypoint |
||
| ✅ | -e, --env |
-e, --env |
||
| ✅ | #24712 #31595 | --env-file |
PR #24844 | |
--expose |
||||
--gpus |
||||
| ✅ | #25317 | --group-add |
--group |
|
| ✅ | #27369 | --health-cmd |
||
| ✅ | #27369 | --health-interval duration |
||
| ✅ | #27369 | --health-retries |
||
| ❓ | --health-start-period |
|||
| ✅ | #27369 | --health-timeout duration |
||
| ✅ | #24877 | -h, --hostname |
||
| ✅ | #34529, docker/cli#51 #34639 | --init |
--init |
PR moby/swarmkit#2350, moby/swarmkit#2652, #36895, #37183, docker/cli#1116, docker/cli#479, docker/cli#1129 |
| ❓ | #32300 | -i, --interactive |
||
| ❓ | #24170 / #29816 | --ip |
||
| ❓ | #24170 / #29816 | --ip6 |
||
--ipc |
||||
| ✅ | #31616, docker/cli#414 | --isolation |
PR #34424, docker/cli#426, moby/swarmkit#2342 | |
| ❌ | --kernel-memory |
Feature is deprecated in the kernel; see #41254, #41252 | ||
| ✅ | -l, --label |
--container-label |
||
--label-file |
||||
| ❌ | --link |
will be resolved through --network-alias❓ |
||
| ❌ | --link-local-ip |
does not apply to services, as there are multiple containers backing it | ||
| ✅ | --log-driver |
--log-driver |
||
| ✅ | --log-opt |
--log-opt |
||
| ❓ | #31092 | --mac-address |
does not apply to services, as there are multiple containers backing it | |
| ✅ | -m, --memory |
--limit-memory |
||
| ✅ | --memory-reservation |
--reserve-memory |
||
| 🚧 | #34654 | --memory-swap |
PR: #37872 | |
| 🚧 | #34654 | --memory-swappiness |
PR: #37872 | |
| ✅ | --mount |
--mount, --mount-add, --mount-rm |
||
| 🔳 | --name |
NOTE: --name sets the service name, not the container's name |
||
| ✅ | #28573 | --network |
--network |
host networking (see #25873) added through #32981. |
| ✅ | #28247 | -- | --network-add/--network-rm are added in docker 17.05 |
moby/swarmkit#1029 |
| #24787 | --network-alias |
|||
| ✅ | --no-healthcheck |
|||
--oom-kill-disable |
||||
| 🔳 | #34703 | --oom-score-adj |
swarmkit PR: moby/swarmkit#2371 | |
| moby/swarmkit#1605 | --pid |
|||
| ✅ | #28618 | --pids-limit |
PR: #39882 swarmkit PR: moby/swarmkit#2415 (vendored: #35326) | |
| ❓ | --platform |
|||
| #24862 / moby/swarmkit#1030 | --privileged |
moby/swarmkit#1722 | ||
| ✅ | -p, --publish |
-p, --publish |
NOTE: does not support <ip-address> (#26696, #32299) |
|
| ❌ | -P, --publish-all |
when defining a service; explicitly define ports to publish | ||
| ✅ | #30162 | --read-only |
#29972 | |
| ✅ | --restart |
--restart-condition, --restart-delay, --restart-max-attempts, --restart-window |
||
| ❌ | --rm |
SwarmKit keeps old tasks (containers) around, but removes them, based on --task-history-limit |
||
--runtime |
||||
--security-opt |
--credential-spec (#32339) is equivalent for --security opt credentialspec=... |
SELinux can be set through API (#32339) | ||
| ❓ | #26714 | --shm-size |
Possible through --mount type=tmpfs,target=/dev/shm |
|
--sig-proxy |
||||
| ✅ | #25696 | --stop-signal |
PR #30754 | |
| ✅ | --stop-timeout |
--stop-grace-period |
New in 1.13 (see #22566) | |
| #28619 | --storage-opt |
|||
| ✅ | #25209, #31961, moby/libentitlement#35 | --sysctl |
PR #37701, moby/swarmkit#2729, docker/cli#1754 | |
| ✅ | --tmpfs |
--mount type=tmpfs |
||
| ✅ | #25644 | -t, --tty |
Implemented in SwarmKit moby/swarmkit#1370. Docker PR is #28076 | |
| ✅ | #25209 | --ulimit |
PRs: moby/swarmkit#2967, #41284, |
|
| ✅ | -u, --user |
-u, --user |
||
| ❓ | #37560 | --userns |
||
--uts |
||||
| ✅ | -v, --volume |
--mount |
UX improvement needed (add -v flag?) |
|
| ✅ | --volume-driver |
--mount |
UX improvement needed (add -v flag?) |
|
| ❌ | --volumes-from |
does not apply to services, as there are multiple containers backing it | ||
| ✅ | -w, --workdir |
-w, --workdir |
Activity