Add docs for option --isolation
Add docs for `run`/`create`/`build` command option `isolation` Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
This commit is contained in:
parent
db6c4c99d8
commit
38ec5d86a3
7 changed files with 150 additions and 0 deletions
|
@ -25,6 +25,7 @@ parent = "smn_cli"
|
|||
-f, --file="" Name of the Dockerfile (Default is 'PATH/Dockerfile')
|
||||
--force-rm=false Always remove intermediate containers
|
||||
--help=false Print usage
|
||||
--isolation="" Container isolation technology
|
||||
-m, --memory="" Memory limit for all build containers
|
||||
--memory-swap="" Total memory (memory + swap), `-1` to disable swap
|
||||
--no-cache=false Do not use cache when building the image
|
||||
|
@ -301,3 +302,19 @@ like `ENV` values do.
|
|||
|
||||
For detailed information on using `ARG` and `ENV` instructions, see the
|
||||
[Dockerfile reference](../builder.md).
|
||||
|
||||
### Specify isolation technology for container (--isolation)
|
||||
|
||||
This option is useful in situations where you are running Docker containers on
|
||||
Windows. The `--isolation=<value>` option sets a container's isolation
|
||||
technology. On Linux, the only supported is the `default` option which uses
|
||||
Linux namespaces. On Microsoft Windows, you can specify these values:
|
||||
|
||||
|
||||
| Value | Description |
|
||||
|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. |
|
||||
| `process` | Namespace isolation only. |
|
||||
| `hyperv` | Hyper-V hypervisor partition-based isolation. |
|
||||
|
||||
Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
|
||||
|
|
|
@ -43,6 +43,7 @@ Creates a new container.
|
|||
--help=false Print usage
|
||||
-i, --interactive=false Keep STDIN open even if not attached
|
||||
--ipc="" IPC namespace to use
|
||||
--isolation="" Container isolation technology
|
||||
--kernel-memory="" Kernel memory limit
|
||||
-l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value)
|
||||
--label-file=[] Read in a line delimited file of labels
|
||||
|
@ -125,3 +126,19 @@ then be used from the subsequent container:
|
|||
-rw-r--r-- 1 1000 staff 920 Nov 28 11:51 .profile
|
||||
drwx--S--- 2 1000 staff 460 Dec 5 00:51 .ssh
|
||||
drwxr-xr-x 32 1000 staff 1140 Dec 5 04:01 docker
|
||||
|
||||
### Specify isolation technology for container (--isolation)
|
||||
|
||||
This option is useful in situations where you are running Docker containers on
|
||||
Windows. The `--isolation=<value>` option sets a container's isolation
|
||||
technology. On Linux, the only supported is the `default` option which uses
|
||||
Linux namespaces. On Microsoft Windows, you can specify these values:
|
||||
|
||||
|
||||
| Value | Description |
|
||||
|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. |
|
||||
| `process` | Namespace isolation only. |
|
||||
| `hyperv` | Hyper-V hypervisor partition-based isolation. |
|
||||
|
||||
Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
|
||||
|
|
|
@ -454,6 +454,14 @@ This example sets the `cgroupdriver` to `systemd`:
|
|||
|
||||
Setting this option applies to all containers the daemon launches.
|
||||
|
||||
Also Windows Container makes use of `--exec-opt` for special purpose. Docker user
|
||||
can specify default container isolation technology with this, for example:
|
||||
|
||||
$ docker daemon --exec-opt isolation=hyperv
|
||||
|
||||
Will make `hyperv` the default isolation technology on Windows, without specifying
|
||||
isolation value on daemon start, Windows isolation technology will default to `process`.
|
||||
|
||||
## Daemon DNS options
|
||||
|
||||
To set the DNS server for all Docker containers, use
|
||||
|
|
|
@ -42,6 +42,7 @@ parent = "smn_cli"
|
|||
--help=false Print usage
|
||||
-i, --interactive=false Keep STDIN open even if not attached
|
||||
--ipc="" IPC namespace to use
|
||||
--isolation="" Container isolation technology
|
||||
--kernel-memory="" Kernel memory limit
|
||||
-l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value)
|
||||
--label-file=[] Read in a file of labels (EOL delimited)
|
||||
|
@ -546,3 +547,38 @@ the three processes quota set for the `daemon` user.
|
|||
The `--stop-signal` flag sets the system call signal that will be sent to the container to exit.
|
||||
This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9,
|
||||
or a signal name in the format SIGNAME, for instance SIGKILL.
|
||||
|
||||
### Specify isolation technology for container (--isolation)
|
||||
|
||||
This option is useful in situations where you are running Docker containers on
|
||||
Microsoft Windows. The `--isolation <value>` option sets a container's isolation
|
||||
technology. On Linux, the only supported is the `default` option which uses
|
||||
Linux namespaces. These two commands are equivalent on Linux:
|
||||
|
||||
```
|
||||
$ docker run -d busybox top
|
||||
$ docker run -d --isolation default busybox top
|
||||
```
|
||||
|
||||
On Microsoft Windows, can take any of these values:
|
||||
|
||||
|
||||
| Value | Description |
|
||||
|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. |
|
||||
| `process` | Namespace isolation only. |
|
||||
| `hyperv` | Hyper-V hypervisor partition-based isolation. |
|
||||
|
||||
In practice, when running on Microsoft Windows without a `daemon` option set, these two commands are equivalent:
|
||||
|
||||
```
|
||||
$ docker run -d --isolation default busybox top
|
||||
$ docker run -d --isolation process busybox top
|
||||
```
|
||||
|
||||
If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`, any of these commands also result in `hyperv` isolation:
|
||||
|
||||
```
|
||||
$ docker run -d --isolation default busybox top
|
||||
$ docker run -d --isolation hyperv busybox top
|
||||
```
|
||||
|
|
|
@ -12,6 +12,7 @@ docker-build - Build a new image from the source code at PATH
|
|||
[**--help**]
|
||||
[**-f**|**--file**[=*PATH/Dockerfile*]]
|
||||
[**--force-rm**[=*false*]]
|
||||
[**--isolation**[=*default*]]
|
||||
[**--no-cache**[=*false*]]
|
||||
[**--pull**[=*false*]]
|
||||
[**-q**|**--quiet**[=*false*]]
|
||||
|
@ -67,6 +68,9 @@ set as the **URL**, the repository is cloned locally and then sent as the contex
|
|||
**--force-rm**=*true*|*false*
|
||||
Always remove intermediate containers, even after unsuccessful builds. The default is *false*.
|
||||
|
||||
**--isolation**="*default*"
|
||||
Isolation specifies the type of isolation technology used by containers.
|
||||
|
||||
**--no-cache**=*true*|*false*
|
||||
Do not use cache when building the image. The default is *false*.
|
||||
|
||||
|
@ -277,6 +281,19 @@ the system will look for that file inside the contents of the tarball.
|
|||
|
||||
Note: supported compression formats are 'xz', 'bzip2', 'gzip' and 'identity' (no compression).
|
||||
|
||||
## Specify isolation technology for container (--isolation)
|
||||
|
||||
This option is useful in situations where you are running Docker containers on
|
||||
Windows. The `--isolation=<value>` option sets a container's isolation
|
||||
technology. On Linux, the only supported is the `default` option which uses
|
||||
Linux namespaces. On Microsoft Windows, you can specify these values:
|
||||
|
||||
* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.
|
||||
* `process`: Namespace isolation only.
|
||||
* `hyperv`: Hyper-V hypervisor partition-based isolation.
|
||||
|
||||
Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
|
||||
|
||||
# HISTORY
|
||||
March 2014, Originally compiled by William Henry (whenry at redhat dot com)
|
||||
based on docker.com source material and internal work.
|
||||
|
|
|
@ -32,6 +32,7 @@ docker-create - Create a new container
|
|||
[**--help**]
|
||||
[**-i**|**--interactive**[=*false*]]
|
||||
[**--ipc**[=*IPC*]]
|
||||
[**--isolation**[=*default*]]
|
||||
[**--kernel-memory**[=*KERNEL-MEMORY*]]
|
||||
[**-l**|**--label**[=*[]*]]
|
||||
[**--label-file**[=*[]*]]
|
||||
|
@ -159,6 +160,9 @@ two memory nodes.
|
|||
'container:<name|id>': reuses another container shared memory, semaphores and message queues
|
||||
'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
|
||||
|
||||
**--isolation**="*default*"
|
||||
Isolation specifies the type of isolation technology used by containers.
|
||||
|
||||
**--kernel-memory**=""
|
||||
Kernel memory limit (format: `<number>[<unit>]`, where unit = b, k, m or g)
|
||||
|
||||
|
@ -287,6 +291,21 @@ This value should always larger than **-m**, so you should always use this with
|
|||
**-w**, **--workdir**=""
|
||||
Working directory inside the container
|
||||
|
||||
# EXAMPLES
|
||||
|
||||
## Specify isolation technology for container (--isolation)
|
||||
|
||||
This option is useful in situations where you are running Docker containers on
|
||||
Windows. The `--isolation=<value>` option sets a container's isolation
|
||||
technology. On Linux, the only supported is the `default` option which uses
|
||||
Linux namespaces. On Microsoft Windows, you can specify these values:
|
||||
|
||||
* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.
|
||||
* `process`: Namespace isolation only.
|
||||
* `hyperv`: Hyper-V hypervisor partition-based isolation.
|
||||
|
||||
Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
|
||||
|
||||
# HISTORY
|
||||
August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
|
||||
September 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
|
||||
|
|
|
@ -33,6 +33,7 @@ docker-run - Run a command in a new container
|
|||
[**--help**]
|
||||
[**-i**|**--interactive**[=*false*]]
|
||||
[**--ipc**[=*IPC*]]
|
||||
[**--isolation**[=*default*]]
|
||||
[**--kernel-memory**[=*KERNEL-MEMORY*]]
|
||||
[**-l**|**--label**[=*[]*]]
|
||||
[**--label-file**[=*[]*]]
|
||||
|
@ -253,6 +254,9 @@ redirection on the host system.
|
|||
'container:<name|id>': reuses another container shared memory, semaphores and message queues
|
||||
'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
|
||||
|
||||
**--isolation**="*default*"
|
||||
Isolation specifies the type of isolation technology used by containers.
|
||||
|
||||
**-l**, **--label**=[]
|
||||
Set metadata on the container (e.g., --label com.example.key=value)
|
||||
|
||||
|
@ -772,6 +776,38 @@ weight by `--blkio-weight-device` flag. Use the following command:
|
|||
|
||||
# docker run -it --blkio-weight-device "/dev/sda:200" ubuntu
|
||||
|
||||
## Specify isolation technology for container (--isolation)
|
||||
|
||||
This option is useful in situations where you are running Docker containers on
|
||||
Microsoft Windows. The `--isolation <value>` option sets a container's isolation
|
||||
technology. On Linux, the only supported is the `default` option which uses
|
||||
Linux namespaces. These two commands are equivalent on Linux:
|
||||
|
||||
```
|
||||
$ docker run -d busybox top
|
||||
$ docker run -d --isolation default busybox top
|
||||
```
|
||||
|
||||
On Microsoft Windows, can take any of these values:
|
||||
|
||||
* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value.
|
||||
* `process`: Namespace isolation only.
|
||||
* `hyperv`: Hyper-V hypervisor partition-based isolation.
|
||||
|
||||
In practice, when running on Microsoft Windows without a `daemon` option set, these two commands are equivalent:
|
||||
|
||||
```
|
||||
$ docker run -d --isolation default busybox top
|
||||
$ docker run -d --isolation process busybox top
|
||||
```
|
||||
|
||||
If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`, any of these commands also result in `hyperv` isolation:
|
||||
|
||||
```
|
||||
$ docker run -d --isolation default busybox top
|
||||
$ docker run -d --isolation hyperv busybox top
|
||||
```
|
||||
|
||||
# HISTORY
|
||||
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
|
||||
based on docker.com source material and internal work.
|
||||
|
|
Loading…
Reference in a new issue