Merge pull request #32322 from thaJeztah/17.03.1-cherry-picks
[17.03.x] docs cherry picks
This commit is contained in:
commit
c79660699b
31 changed files with 675 additions and 136 deletions
|
@ -69,7 +69,7 @@ Upgrading from Docker 1.13.1 to 17.03.0 is expected to be simple and low-risk.
|
|||
|
||||
* Fix a deadlock in docker logs [#30223](https://github.com/docker/docker/pull/30223)
|
||||
* Fix cpu spin waiting for log write events [#31070](https://github.com/docker/docker/pull/31070)
|
||||
* Fix a possible crash when using journald [#31231](https://github.com/docker/docker/pull/31231) [#31263](https://github.com/docker/docker/pull/31231)
|
||||
* Fix a possible crash when using journald [#31231](https://github.com/docker/docker/pull/31231) [#31263](https://github.com/docker/docker/pull/31263)
|
||||
* Fix a panic on close of nil channel [#31274](https://github.com/docker/docker/pull/31274)
|
||||
* Fix duplicate mount point for `--volumes-from` in `docker run` [#29563](https://github.com/docker/docker/pull/29563)
|
||||
* Fix `--cache-from` does not cache last step [#31189](https://github.com/docker/docker/pull/31189)
|
||||
|
|
|
@ -479,10 +479,10 @@ definitions:
|
|||
description: |
|
||||
The test to perform. Possible values are:
|
||||
|
||||
- `{}` inherit healthcheck from image or parent image
|
||||
- `{"NONE"}` disable healthcheck
|
||||
- `{"CMD", args...}` exec arguments directly
|
||||
- `{"CMD-SHELL", command}` run command with system's default shell
|
||||
- `[]` inherit healthcheck from image or parent image
|
||||
- `["NONE"]` disable healthcheck
|
||||
- `["CMD", args...]` exec arguments directly
|
||||
- `["CMD-SHELL", command]` run command with system's default shell
|
||||
type: "array"
|
||||
items:
|
||||
type: "string"
|
||||
|
|
|
@ -25,7 +25,7 @@ see [Feature Deprecation Policy](https://docs.docker.com/engine/#feature-depreca
|
|||
|
||||
**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
|
||||
|
||||
**Target For Removal In Release: v1.16**
|
||||
**Target For Removal In Release: v17.12**
|
||||
|
||||
When inspecting a container, `NetworkSettings` contains top-level information
|
||||
about the default ("bridge") network;
|
||||
|
@ -40,31 +40,31 @@ docker 1.9, but kept around for backward compatibility.
|
|||
Refer to [#17538](https://github.com/docker/docker/pull/17538) for further
|
||||
information.
|
||||
|
||||
## `filter` param for `/images/json` endpoint
|
||||
### `filter` param for `/images/json` endpoint
|
||||
**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
|
||||
|
||||
**Target For Removal In Release: v1.16**
|
||||
**Target For Removal In Release: v17.12**
|
||||
|
||||
The `filter` param to filter the list of image by reference (name or name:tag) is now implemented as a regular filter, named `reference`.
|
||||
|
||||
### `repository:shortid` image references
|
||||
**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
|
||||
|
||||
**Target For Removal In Release: v1.16**
|
||||
**Target For Removal In Release: v17.12**
|
||||
|
||||
`repository:shortid` syntax for referencing images is very little used, collides with tag references can be confused with digest references.
|
||||
|
||||
### `docker daemon` subcommand
|
||||
**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
|
||||
|
||||
**Target For Removal In Release: v1.16**
|
||||
**Target For Removal In Release: v17.12**
|
||||
|
||||
The daemon is moved to a separate binary (`dockerd`), and should be used instead.
|
||||
|
||||
### Duplicate keys with conflicting values in engine labels
|
||||
**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
|
||||
|
||||
**Target For Removal In Release: v1.16**
|
||||
**Target For Removal In Release: v17.12**
|
||||
|
||||
Duplicate keys with conflicting values have been deprecated. A warning is displayed
|
||||
in the output, and an error will be returned in the future.
|
||||
|
@ -77,7 +77,7 @@ in the output, and an error will be returned in the future.
|
|||
### API calls without a version
|
||||
**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
|
||||
|
||||
**Target For Removal In Release: v1.16**
|
||||
**Target For Removal In Release: v17.12**
|
||||
|
||||
API versions should be supplied to all API calls to ensure compatibility with
|
||||
future Engine versions. Instead of just requesting, for example, the URL
|
||||
|
@ -86,7 +86,7 @@ future Engine versions. Instead of just requesting, for example, the URL
|
|||
### Backing filesystem without `d_type` support for overlay/overlay2
|
||||
**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)**
|
||||
|
||||
**Target For Removal In Release: v1.16**
|
||||
**Target For Removal In Release: v17.12**
|
||||
|
||||
The overlay and overlay2 storage driver does not work as expected if the backing
|
||||
filesystem does not support `d_type`. For example, XFS does not support `d_type`
|
||||
|
@ -106,7 +106,7 @@ The `docker import` command format `file|URL|- [REPOSITORY [TAG]]` is deprecated
|
|||
|
||||
**Deprecated In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
|
||||
|
||||
**Target For Removal In Release: v1.15**
|
||||
**Target For Removal In Release: v17.09**
|
||||
|
||||
The shorthand (`-h`) is less common than `--help` on Linux and cannot be used
|
||||
on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on
|
||||
|
@ -116,14 +116,14 @@ on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on
|
|||
### `-e` and `--email` flags on `docker login`
|
||||
**Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)**
|
||||
|
||||
**Target For Removal In Release: v1.14**
|
||||
**Target For Removal In Release: v17.06**
|
||||
|
||||
The docker login command is removing the ability to automatically register for an account with the target registry if the given username doesn't exist. Due to this change, the email flag is no longer required, and will be deprecated.
|
||||
|
||||
### Separator (`:`) of `--security-opt` flag on `docker run`
|
||||
**Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)**
|
||||
|
||||
**Target For Removal In Release: v1.14**
|
||||
**Target For Removal In Release: v17.06**
|
||||
|
||||
The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide keys and values, it uses the equal symbol(`=`) for consistency with other similar flags, like `--storage-opt`.
|
||||
|
||||
|
@ -169,7 +169,7 @@ Use `docker ps --filter=before=...` and `docker ps --filter=since=...` instead.
|
|||
|
||||
**Deprecated in Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)**
|
||||
|
||||
**Target For Removal In Release: v1.15**
|
||||
**Target For Removal In Release: v17.09**
|
||||
|
||||
The `docker search --automated` and `docker search --stars` options are deprecated.
|
||||
Use `docker search --filter=is-automated=...` and `docker search --filter=stars=...` instead.
|
||||
|
@ -266,9 +266,9 @@ of the `--changes` flag that allows to pass `Dockerfile` commands.
|
|||
|
||||
### Interacting with V1 registries
|
||||
|
||||
**Disabled By Default In Release: v1.14**
|
||||
**Disabled By Default In Release: v17.04**
|
||||
|
||||
**Target For Removal In Release: v1.17**
|
||||
**Target For Removal In Release: v17.10**
|
||||
|
||||
Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the
|
||||
docker daemon from `pull`, `push`, and `login` operations against v1
|
||||
|
|
|
@ -19,7 +19,7 @@ title: Managed plugin system
|
|||
* [Developing a plugin](index.md#developing-a-plugin)
|
||||
* [Debugging plugins](index.md#debugging-plugins)
|
||||
|
||||
Docker Engine's plugins system allows you to install, start, stop, and remove
|
||||
Docker Engine's plugin system allows you to install, start, stop, and remove
|
||||
plugins using Docker Engine.
|
||||
|
||||
For information about the legacy plugin system available in Docker Engine 1.12
|
||||
|
@ -34,7 +34,7 @@ Plugins are distributed as Docker images and can be hosted on Docker Hub or on
|
|||
a private registry.
|
||||
|
||||
To install a plugin, use the `docker plugin install` command, which pulls the
|
||||
plugin from Docker hub or your private registry, prompts you to grant
|
||||
plugin from Docker Hub or your private registry, prompts you to grant
|
||||
permissions or capabilities if necessary, and enables the plugin.
|
||||
|
||||
To check the status of installed plugins, use the `docker plugin ls` command.
|
||||
|
@ -62,6 +62,7 @@ enabled, and use it to create a volume.
|
|||
```
|
||||
|
||||
The plugin requests 2 privileges:
|
||||
|
||||
- It needs access to the `host` network.
|
||||
- It needs the `CAP_SYS_ADMIN` capability, which allows the plugin to run
|
||||
the `mount` command.
|
||||
|
@ -206,7 +207,7 @@ Consider the following `config.json` file.
|
|||
{
|
||||
"description": "sshFS plugin for Docker",
|
||||
"documentation": "https://docs.docker.com/engine/extend/plugins/",
|
||||
"entrypoint": ["/go/bin/docker-volume-sshfs"],
|
||||
"entrypoint": ["/docker-volume-sshfs"],
|
||||
"network": {
|
||||
"type": "host"
|
||||
},
|
||||
|
@ -221,7 +222,7 @@ Consider the following `config.json` file.
|
|||
```
|
||||
|
||||
This plugin is a volume driver. It requires a `host` network and the
|
||||
`CAP_SYS_ADMIN` capability. It depends upon the `/go/bin/docker-volume-sshfs`
|
||||
`CAP_SYS_ADMIN` capability. It depends upon the `/docker-volume-sshfs`
|
||||
entrypoint and uses the `/run/docker/plugins/sshfs.sock` socket to communicate
|
||||
with Docker Engine. This plugin has no runtime parameters.
|
||||
|
||||
|
|
|
@ -15,8 +15,6 @@ keywords: "Examples, Usage, plugins, docker, documentation, user guide"
|
|||
will be rejected.
|
||||
-->
|
||||
|
||||
# Use Docker Engine plugins
|
||||
|
||||
This document describes the Docker Engine plugins generally available in Docker
|
||||
Engine. To view information on plugins managed by Docker,
|
||||
refer to [Docker Engine plugin system](index.md).
|
||||
|
@ -77,6 +75,7 @@ Plugin
|
|||
[Local Persist Plugin](https://github.com/CWSpear/local-persist) | A volume plugin that extends the default `local` driver's functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to *always persist*, even if the volume is removed via `docker volume rm`.
|
||||
[NetApp Plugin](https://github.com/NetApp/netappdvp) (nDVP) | A volume plugin that provides direct integration with the Docker ecosystem for the NetApp storage portfolio. The nDVP package supports the provisioning and management of storage resources from the storage platform to Docker hosts, with a robust framework for adding additional platforms in the future.
|
||||
[Netshare plugin](https://github.com/ContainX/docker-volume-netshare) | A volume plugin that provides volume management for NFS 3/4, AWS EFS and CIFS file systems.
|
||||
[Nimble Storage Volume Plugin](https://connect.nimblestorage.com/community/app-integration/docker)| A volume plug-in that integrates with Nimble Storage Unified Flash Fabric arrays. The plug-in abstracts array volume capabilities to the Docker administrator to allow self-provisioning of secure multi-tenant volumes and clones.
|
||||
[OpenStorage Plugin](https://github.com/libopenstorage/openstorage) | A cluster-aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few.
|
||||
[Portworx Volume Plugin](https://github.com/portworx/px-dev) | A volume plugin that turns any server into a scale-out converged compute/storage node, providing container granular storage and highly available volumes across any node, using a shared-nothing storage backend that works with any docker scheduler.
|
||||
[Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform.
|
||||
|
|
|
@ -1222,6 +1222,11 @@ This Dockerfile results in an image that causes `docker run`, to
|
|||
create a new mount point at `/myvol` and copy the `greeting` file
|
||||
into the newly created volume.
|
||||
|
||||
> **Note**:
|
||||
> When using Windows-based containers, the destination of a volume inside the
|
||||
> container must be one of: a non-existing or empty directory; or a drive other
|
||||
> than C:.
|
||||
|
||||
> **Note**:
|
||||
> If any build steps change the data within the volume after it has been
|
||||
> declared, those changes will be discarded.
|
||||
|
|
|
@ -74,7 +74,7 @@ svendowideit/testimage version3 f5283438590d 16 sec
|
|||
```bash
|
||||
$ docker ps
|
||||
|
||||
ICONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||
c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky
|
||||
197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton
|
||||
|
||||
|
|
61
docs/reference/commandline/container.md
Normal file
61
docs/reference/commandline/container.md
Normal file
|
@ -0,0 +1,61 @@
|
|||
|
||||
---
|
||||
title: "container"
|
||||
description: "The container command description and usage"
|
||||
keywords: "container"
|
||||
---
|
||||
|
||||
<!-- This file is maintained within the docker/docker Github
|
||||
repository at https://github.com/docker/docker/. Make all
|
||||
pull requests against that repo. If you see this file in
|
||||
another repository, consider it read-only there, as it will
|
||||
periodically be overwritten by the definitive file. Pull
|
||||
requests which include edits to this file in other repositories
|
||||
will be rejected.
|
||||
-->
|
||||
|
||||
# container
|
||||
|
||||
```markdown
|
||||
Usage: docker container COMMAND
|
||||
|
||||
Manage containers
|
||||
|
||||
Options:
|
||||
--help Print usage
|
||||
|
||||
Commands:
|
||||
attach Attach to a running container
|
||||
commit Create a new image from a container's changes
|
||||
cp Copy files/folders between a container and the local filesystem
|
||||
create Create a new container
|
||||
diff Inspect changes to files or directories on a container's filesystem
|
||||
exec Run a command in a running container
|
||||
export Export a container's filesystem as a tar archive
|
||||
inspect Display detailed information on one or more containers
|
||||
kill Kill one or more running containers
|
||||
logs Fetch the logs of a container
|
||||
ls List containers
|
||||
pause Pause all processes within one or more containers
|
||||
port List port mappings or a specific mapping for the container
|
||||
prune Remove all stopped containers
|
||||
rename Rename a container
|
||||
restart Restart one or more containers
|
||||
rm Remove one or more containers
|
||||
run Run a command in a new container
|
||||
start Start one or more stopped containers
|
||||
stats Display a live stream of container(s) resource usage statistics
|
||||
stop Stop one or more running containers
|
||||
top Display the running processes of a container
|
||||
unpause Unpause all processes within one or more containers
|
||||
update Update configuration of one or more containers
|
||||
wait Block until one or more containers stop, then print their exit codes
|
||||
|
||||
Run 'docker container COMMAND --help' for more information on a command.
|
||||
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
Manage containers.
|
||||
|
|
@ -17,32 +17,34 @@ keywords: "container, daemon, runtime"
|
|||
# daemon
|
||||
|
||||
```markdown
|
||||
Usage: dockerd [OPTIONS]
|
||||
Usage: dockerd COMMAND
|
||||
|
||||
A self-sufficient runtime for containers.
|
||||
|
||||
Options:
|
||||
--add-runtime value Register an additional OCI compatible runtime (default [])
|
||||
--add-runtime runtime Register an additional OCI compatible runtime (default [])
|
||||
--api-cors-header string Set CORS headers in the Engine API
|
||||
--authorization-plugin value Authorization plugins to load (default [])
|
||||
--authorization-plugin list Authorization plugins to load (default [])
|
||||
--bip string Specify network bridge IP
|
||||
-b, --bridge string Attach containers to a network bridge
|
||||
--cgroup-parent string Set parent cgroup for all containers
|
||||
--cluster-advertise string Address or interface name to advertise
|
||||
--cluster-store string URL of the distributed storage backend
|
||||
--cluster-store-opt value Set cluster store options (default map[])
|
||||
--cluster-store-opt map Set cluster store options (default map[])
|
||||
--config-file string Daemon configuration file (default "/etc/docker/daemon.json")
|
||||
--containerd string Path to containerd socket
|
||||
--cpu-rt-period int Limit the CPU real-time period in microseconds
|
||||
--cpu-rt-runtime int Limit the CPU real-time runtime in microseconds
|
||||
-D, --debug Enable debug mode
|
||||
--default-gateway value Container default gateway IPv4 address
|
||||
--default-gateway-v6 value Container default gateway IPv6 address
|
||||
--default-gateway ip Container default gateway IPv4 address
|
||||
--default-gateway-v6 ip Container default gateway IPv6 address
|
||||
--default-runtime string Default OCI runtime for containers (default "runc")
|
||||
--default-ulimit value Default ulimits for containers (default [])
|
||||
--default-ulimit ulimit Default ulimits for containers (default [])
|
||||
--disable-legacy-registry Disable contacting legacy registries
|
||||
--dns value DNS server to use (default [])
|
||||
--dns-opt value DNS options to use (default [])
|
||||
--dns-search value DNS search domains to use (default [])
|
||||
--exec-opt value Runtime execution options (default [])
|
||||
--dns list DNS server to use (default [])
|
||||
--dns-opt list DNS options to use (default [])
|
||||
--dns-search list DNS search domains to use (default [])
|
||||
--exec-opt list Runtime execution options (default [])
|
||||
--exec-root string Root directory for execution state files (default "/var/run/docker")
|
||||
--experimental Enable experimental features
|
||||
--fixed-cidr string IPv4 subnet for fixed IPs
|
||||
|
@ -50,39 +52,39 @@ Options:
|
|||
-g, --graph string Root of the Docker runtime (default "/var/lib/docker")
|
||||
-G, --group string Group for the unix socket (default "docker")
|
||||
--help Print usage
|
||||
-H, --host value Daemon socket(s) to connect to (default [])
|
||||
-H, --host list Daemon socket(s) to connect to (default [])
|
||||
--icc Enable inter-container communication (default true)
|
||||
--init Run an init in the container to forward signals and reap processes
|
||||
--init-path string Path to the docker-init binary
|
||||
--insecure-registry value Enable insecure registry communication (default [])
|
||||
--ip value Default IP when binding container ports (default 0.0.0.0)
|
||||
--insecure-registry list Enable insecure registry communication (default [])
|
||||
--ip ip Default IP when binding container ports (default 0.0.0.0)
|
||||
--ip-forward Enable net.ipv4.ip_forward (default true)
|
||||
--ip-masq Enable IP masquerading (default true)
|
||||
--iptables Enable addition of iptables rules (default true)
|
||||
--ipv6 Enable IPv6 networking
|
||||
--label value Set key=value labels to the daemon (default [])
|
||||
--live-restore Enable live restore of docker when containers are still running (Linux only)
|
||||
--label list Set key=value labels to the daemon (default [])
|
||||
--live-restore Enable live restore of docker when containers are still running
|
||||
--log-driver string Default driver for container logs (default "json-file")
|
||||
-l, --log-level string Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info")
|
||||
--log-opt value Default log driver options for containers (default map[])
|
||||
--log-opt map Default log driver options for containers (default map[])
|
||||
--max-concurrent-downloads int Set the max concurrent downloads for each pull (default 3)
|
||||
--max-concurrent-uploads int Set the max concurrent uploads for each push (default 5)
|
||||
--metrics-addr string Set address and port to serve the metrics api (default "")
|
||||
--metrics-addr string Set default address and port to serve the metrics api on
|
||||
--mtu int Set the containers network MTU
|
||||
--oom-score-adjust int Set the oom_score_adj for the daemon (default -500)
|
||||
-p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid")
|
||||
--raw-logs Full timestamps without ANSI coloring
|
||||
--registry-mirror value Preferred Docker registry mirror (default [])
|
||||
--seccomp-profile value Path to seccomp profile
|
||||
--registry-mirror list Preferred Docker registry mirror (default [])
|
||||
--seccomp-profile string Path to seccomp profile
|
||||
--selinux-enabled Enable selinux support
|
||||
--shutdown-timeout=15 Set the shutdown timeout value in seconds
|
||||
--shutdown-timeout int Set the default shutdown timeout (default 15)
|
||||
-s, --storage-driver string Storage driver to use
|
||||
--storage-opt value Storage driver options (default [])
|
||||
--storage-opt list Storage driver options (default [])
|
||||
--swarm-default-advertise-addr string Set default address or interface for swarm advertised address
|
||||
--tls Use TLS; implied by --tlsverify
|
||||
--tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem")
|
||||
--tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")
|
||||
--tlskey string Path to TLS key file (default "/root/.docker/key.pem")
|
||||
--tlscacert string Trust certs signed only by this CA (default "~/.docker/ca.pem")
|
||||
--tlscert string Path to TLS certificate file (default "~/.docker/cert.pem")
|
||||
--tlskey string Path to TLS key file (default ~/.docker/key.pem")
|
||||
--tlsverify Use TLS and verify the remote
|
||||
--userland-proxy Use userland proxy for loopback traffic (default true)
|
||||
--userland-proxy-path string Path to the userland proxy binary
|
||||
|
@ -98,7 +100,13 @@ Options with [] may be specified multiple times.
|
|||
uses different binaries for the daemon and client. To run the daemon you
|
||||
type `dockerd`.
|
||||
|
||||
To run the daemon with debug output, use `dockerd -D`.
|
||||
To run the daemon with debug output, use `dockerd -D` or add `debug: true` to
|
||||
the `daemon.json` file.
|
||||
|
||||
> **Note**: In Docker 1.13 and higher, enable experimental features by starting
|
||||
> `dockerd` with the `--experimental` flag or adding `experimental: true` to the
|
||||
> `daemon.json` file. In earlier Docker versions, a different build was required
|
||||
> to enable experimental features.
|
||||
|
||||
## Examples
|
||||
|
||||
|
|
47
docs/reference/commandline/image.md
Normal file
47
docs/reference/commandline/image.md
Normal file
|
@ -0,0 +1,47 @@
|
|||
|
||||
---
|
||||
title: "image"
|
||||
description: "The image command description and usage"
|
||||
keywords: "image"
|
||||
---
|
||||
|
||||
<!-- This file is maintained within the docker/docker Github
|
||||
repository at https://github.com/docker/docker/. Make all
|
||||
pull requests against that repo. If you see this file in
|
||||
another repository, consider it read-only there, as it will
|
||||
periodically be overwritten by the definitive file. Pull
|
||||
requests which include edits to this file in other repositories
|
||||
will be rejected.
|
||||
-->
|
||||
|
||||
# image
|
||||
|
||||
```markdown
|
||||
Usage: docker image COMMAND
|
||||
|
||||
Manage images
|
||||
|
||||
Options:
|
||||
--help Print usage
|
||||
|
||||
Commands:
|
||||
build Build an image from a Dockerfile
|
||||
history Show the history of an image
|
||||
import Import the contents from a tarball to create a filesystem image
|
||||
inspect Display detailed information on one or more images
|
||||
load Load an image from a tar archive or STDIN
|
||||
ls List images
|
||||
prune Remove unused images
|
||||
pull Pull an image or a repository from a registry
|
||||
push Push an image or a repository to a registry
|
||||
rm Remove one or more images
|
||||
save Save one or more images to a tar archive (streamed to STDOUT by default)
|
||||
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
|
||||
|
||||
Run 'docker image COMMAND --help' for more information on a command.
|
||||
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
Manage images.
|
|
@ -158,6 +158,7 @@ The currently supported filters are:
|
|||
* label (`label=<key>` or `label=<key>=<value>`)
|
||||
* before (`<image-name>[:<tag>]`, `<image id>` or `<image@digest>`) - filter images created before given id or references
|
||||
* since (`<image-name>[:<tag>]`, `<image id>` or `<image@digest>`) - filter images created since given id or references
|
||||
* reference (pattern of an image reference) - filter images whose reference matches the specified pattern
|
||||
|
||||
#### Show untagged images (dangling)
|
||||
|
||||
|
|
|
@ -63,7 +63,7 @@ $ docker inspect --format='{{.LogPath}}' $INSTANCE_ID
|
|||
### Get an instance's image name
|
||||
|
||||
```bash
|
||||
$ docker inspect --format='{{.Container.Spec.Image}}' $INSTANCE_ID
|
||||
$ docker inspect --format='{{.Config.Image}}' $INSTANCE_ID
|
||||
```
|
||||
|
||||
### List all port bindings
|
||||
|
|
49
docs/reference/commandline/network.md
Normal file
49
docs/reference/commandline/network.md
Normal file
|
@ -0,0 +1,49 @@
|
|||
---
|
||||
title: "network"
|
||||
description: "The network command description and usage"
|
||||
keywords: "network"
|
||||
---
|
||||
|
||||
<!-- This file is maintained within the docker/docker Github
|
||||
repository at https://github.com/docker/docker/. Make all
|
||||
pull requests against that repo. If you see this file in
|
||||
another repository, consider it read-only there, as it will
|
||||
periodically be overwritten by the definitive file. Pull
|
||||
requests which include edits to this file in other repositories
|
||||
will be rejected.
|
||||
-->
|
||||
|
||||
# network
|
||||
|
||||
```markdown
|
||||
Usage: docker network COMMAND
|
||||
|
||||
Manage networks
|
||||
|
||||
Options:
|
||||
--help Print usage
|
||||
|
||||
Commands:
|
||||
connect Connect a container to a network
|
||||
create Create a network
|
||||
disconnect Disconnect a container from a network
|
||||
inspect Display detailed information on one or more networks
|
||||
ls List networks
|
||||
prune Remove all unused networks
|
||||
rm Remove one or more networks
|
||||
|
||||
Run 'docker network COMMAND --help' for more information on a command.
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
Manage networks. You can use subcommand to create, list, inspect, remove,
|
||||
connect and disconnect networks.
|
||||
|
||||
## Related commands
|
||||
|
||||
* [network create](network_create.md)
|
||||
* [network inspect](network_inspect.md)
|
||||
* [network list](network_list.md)
|
||||
* [network rm](network_rm.md)
|
||||
* [network prune](network_prune.md)
|
42
docs/reference/commandline/node.md
Normal file
42
docs/reference/commandline/node.md
Normal file
|
@ -0,0 +1,42 @@
|
|||
|
||||
---
|
||||
title: "node"
|
||||
description: "The node command description and usage"
|
||||
keywords: "node"
|
||||
---
|
||||
|
||||
<!-- This file is maintained within the docker/docker Github
|
||||
repository at https://github.com/docker/docker/. Make all
|
||||
pull requests against that repo. If you see this file in
|
||||
another repository, consider it read-only there, as it will
|
||||
periodically be overwritten by the definitive file. Pull
|
||||
requests which include edits to this file in other repositories
|
||||
will be rejected.
|
||||
-->
|
||||
|
||||
# node
|
||||
|
||||
```markdown
|
||||
Usage: docker node COMMAND
|
||||
|
||||
Manage Swarm nodes
|
||||
|
||||
Options:
|
||||
--help Print usage
|
||||
|
||||
Commands:
|
||||
demote Demote one or more nodes from manager in the swarm
|
||||
inspect Display detailed information on one or more nodes
|
||||
ls List nodes in the swarm
|
||||
promote Promote one or more nodes to manager in the swarm
|
||||
ps List tasks running on one or more nodes, defaults to current node
|
||||
rm Remove one or more nodes from the swarm
|
||||
update Update a node
|
||||
|
||||
Run 'docker node COMMAND --help' for more information on a command.
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
Manage nodes.
|
||||
|
44
docs/reference/commandline/plugin.md
Normal file
44
docs/reference/commandline/plugin.md
Normal file
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
title: "plugin"
|
||||
description: "The plugin command description and usage"
|
||||
keywords: "plugin"
|
||||
---
|
||||
|
||||
<!-- This file is maintained within the docker/docker Github
|
||||
repository at https://github.com/docker/docker/. Make all
|
||||
pull requests against that repo. If you see this file in
|
||||
another repository, consider it read-only there, as it will
|
||||
periodically be overwritten by the definitive file. Pull
|
||||
requests which include edits to this file in other repositories
|
||||
will be rejected.
|
||||
-->
|
||||
|
||||
# plugin
|
||||
|
||||
```markdown
|
||||
Usage: docker plugin COMMAND
|
||||
|
||||
Manage plugins
|
||||
|
||||
Options:
|
||||
--help Print usage
|
||||
|
||||
Commands:
|
||||
create Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.
|
||||
disable Disable a plugin
|
||||
enable Enable a plugin
|
||||
inspect Display detailed information on one or more plugins
|
||||
install Install a plugin
|
||||
ls List plugins
|
||||
push Push a plugin to a registry
|
||||
rm Remove one or more plugins
|
||||
set Change settings for a plugin
|
||||
upgrade Upgrade an existing plugin
|
||||
|
||||
Run 'docker plugin COMMAND --help' for more information on a command.
|
||||
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
Manage plugins.
|
|
@ -36,6 +36,10 @@ image and tag names.
|
|||
Killing the `docker push` process, for example by pressing `CTRL-c` while it is
|
||||
running in a terminal, terminates the push operation.
|
||||
|
||||
Progress bars are shown during docker push, which show the uncompressed size. The
|
||||
actual amount of data that's pushed will be compressed before sending, so the uploaded
|
||||
size will not be reflected by the progress bar.
|
||||
|
||||
Registry credentials are managed by [docker login](login.md).
|
||||
|
||||
### Concurrent uploads
|
||||
|
|
45
docs/reference/commandline/secret.md
Normal file
45
docs/reference/commandline/secret.md
Normal file
|
@ -0,0 +1,45 @@
|
|||
---
|
||||
title: "secret"
|
||||
description: "The secret command description and usage"
|
||||
keywords: "secret"
|
||||
---
|
||||
|
||||
<!-- This file is maintained within the docker/docker Github
|
||||
repository at https://github.com/docker/docker/. Make all
|
||||
pull requests against that repo. If you see this file in
|
||||
another repository, consider it read-only there, as it will
|
||||
periodically be overwritten by the definitive file. Pull
|
||||
requests which include edits to this file in other repositories
|
||||
will be rejected.
|
||||
-->
|
||||
|
||||
# secret
|
||||
|
||||
```markdown
|
||||
Usage: docker secret COMMAND
|
||||
|
||||
Manage Docker secrets
|
||||
|
||||
Options:
|
||||
--help Print usage
|
||||
|
||||
Commands:
|
||||
create Create a secret from a file or STDIN as content
|
||||
inspect Display detailed information on one or more secrets
|
||||
ls List secrets
|
||||
rm Remove one or more secrets
|
||||
|
||||
Run 'docker secret COMMAND --help' for more information on a command.
|
||||
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
Manage secrets.
|
||||
|
||||
## Related commands
|
||||
|
||||
* [secret create](secret_create.md)
|
||||
* [secret inspect](secret_inspect.md)
|
||||
* [secret list](secret_list.md)
|
||||
* [secret rm](secret_rm.md)
|
|
@ -27,8 +27,9 @@ Options:
|
|||
|
||||
## Description
|
||||
|
||||
Creates a secret using standard input or from a file for the secret content. You must run this
|
||||
command on a manager node.
|
||||
Creates a secret using standard input or from a file for the secret content. You must run this command on a manager node.
|
||||
|
||||
For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/).
|
||||
|
||||
## Examples
|
||||
|
||||
|
|
|
@ -36,6 +36,8 @@ the given template will be executed for each result.
|
|||
Go's [text/template](http://golang.org/pkg/text/template/) package
|
||||
describes all the details of the format.
|
||||
|
||||
For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/).
|
||||
|
||||
## Examples
|
||||
|
||||
### Inspect a secret by name or ID
|
||||
|
|
|
@ -31,6 +31,8 @@ Options:
|
|||
|
||||
Run this command on a manager node to list the secrets in the swarm.
|
||||
|
||||
For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/).
|
||||
|
||||
## Examples
|
||||
|
||||
```bash
|
||||
|
|
|
@ -32,6 +32,8 @@ Options:
|
|||
Removes the specified secrets from the swarm. This command has to be run
|
||||
targeting a manager node.
|
||||
|
||||
For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/).
|
||||
|
||||
## Examples
|
||||
|
||||
This example removes a secret:
|
||||
|
|
42
docs/reference/commandline/service.md
Normal file
42
docs/reference/commandline/service.md
Normal file
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
title: "service"
|
||||
description: "The service command description and usage"
|
||||
keywords: "service"
|
||||
---
|
||||
|
||||
<!-- This file is maintained within the docker/docker Github
|
||||
repository at https://github.com/docker/docker/. Make all
|
||||
pull requests against that repo. If you see this file in
|
||||
another repository, consider it read-only there, as it will
|
||||
periodically be overwritten by the definitive file. Pull
|
||||
requests which include edits to this file in other repositories
|
||||
will be rejected.
|
||||
-->
|
||||
|
||||
# service
|
||||
|
||||
```markdown
|
||||
Usage: docker service COMMAND
|
||||
|
||||
Manage services
|
||||
|
||||
Options:
|
||||
--help Print usage
|
||||
|
||||
Commands:
|
||||
create Create a new service
|
||||
inspect Display detailed information on one or more services
|
||||
logs Fetch the logs of a service
|
||||
ls List services
|
||||
ps List the tasks of a service
|
||||
rm Remove one or more services
|
||||
scale Scale one or multiple replicated services
|
||||
update Update a service
|
||||
|
||||
Run 'docker service COMMAND --help' for more information on a command.
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
Manage services.
|
||||
|
39
docs/reference/commandline/stack.md
Normal file
39
docs/reference/commandline/stack.md
Normal file
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
title: "stack"
|
||||
description: "The stack command description and usage"
|
||||
keywords: "stack"
|
||||
---
|
||||
|
||||
<!-- This file is maintained within the docker/docker Github
|
||||
repository at https://github.com/docker/docker/. Make all
|
||||
pull requests against that repo. If you see this file in
|
||||
another repository, consider it read-only there, as it will
|
||||
periodically be overwritten by the definitive file. Pull
|
||||
requests which include edits to this file in other repositories
|
||||
will be rejected.
|
||||
-->
|
||||
|
||||
# stack
|
||||
|
||||
```markdown
|
||||
Usage: docker stack COMMAND
|
||||
|
||||
Manage Docker stacks
|
||||
|
||||
Options:
|
||||
--help Print usage
|
||||
|
||||
Commands:
|
||||
deploy Deploy a new stack or update an existing stack
|
||||
ls List stacks
|
||||
ps List the tasks in the stack
|
||||
rm Remove the stack
|
||||
services List the services in the stack
|
||||
|
||||
Run 'docker stack COMMAND --help' for more information on a command.
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
Manage stacks.
|
||||
|
40
docs/reference/commandline/swarm.md
Normal file
40
docs/reference/commandline/swarm.md
Normal file
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
title: "swarm"
|
||||
description: "The swarm command description and usage"
|
||||
keywords: "swarm"
|
||||
---
|
||||
|
||||
<!-- This file is maintained within the docker/docker Github
|
||||
repository at https://github.com/docker/docker/. Make all
|
||||
pull requests against that repo. If you see this file in
|
||||
another repository, consider it read-only there, as it will
|
||||
periodically be overwritten by the definitive file. Pull
|
||||
requests which include edits to this file in other repositories
|
||||
will be rejected.
|
||||
-->
|
||||
|
||||
# swarm
|
||||
|
||||
```markdown
|
||||
Usage: docker swarm COMMAND
|
||||
|
||||
Manage Swarm
|
||||
|
||||
Options:
|
||||
--help Print usage
|
||||
|
||||
Commands:
|
||||
init Initialize a swarm
|
||||
join Join a swarm as a node and/or manager
|
||||
join-token Manage join tokens
|
||||
leave Leave the swarm
|
||||
unlock Unlock swarm
|
||||
unlock-key Manage the unlock key
|
||||
update Update the swarm
|
||||
|
||||
Run 'docker swarm COMMAND --help' for more information on a command.
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
Manage the swarm.
|
37
docs/reference/commandline/system.md
Normal file
37
docs/reference/commandline/system.md
Normal file
|
@ -0,0 +1,37 @@
|
|||
---
|
||||
title: "system"
|
||||
description: "The system command description and usage"
|
||||
keywords: "system"
|
||||
---
|
||||
|
||||
<!-- This file is maintained within the docker/docker Github
|
||||
repository at https://github.com/docker/docker/. Make all
|
||||
pull requests against that repo. If you see this file in
|
||||
another repository, consider it read-only there, as it will
|
||||
periodically be overwritten by the definitive file. Pull
|
||||
requests which include edits to this file in other repositories
|
||||
will be rejected.
|
||||
-->
|
||||
|
||||
# system
|
||||
|
||||
```markdown
|
||||
Usage: docker system COMMAND
|
||||
|
||||
Manage Docker
|
||||
|
||||
Options:
|
||||
--help Print usage
|
||||
|
||||
Commands:
|
||||
df Show docker disk usage
|
||||
events Get real time events from the server
|
||||
info Display system-wide information
|
||||
prune Remove unused data
|
||||
|
||||
Run 'docker system COMMAND --help' for more information on a command.
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
Manage docker.
|
|
@ -77,6 +77,15 @@ my-named-vol 0
|
|||
> **Note**: Network information is not shown because it doesn't consume the disk
|
||||
> space.
|
||||
|
||||
## Performance
|
||||
|
||||
The `system df` command can be very resource-intensive. It traverses the
|
||||
filesystem of every image, container, and volume in the system. You should be
|
||||
careful running this command in systems with lots of images, containers, or
|
||||
volumes or in systems where some images, containers, or volumes have very large
|
||||
filesystems with many files. You should also be careful not to run this command
|
||||
in systems where performance is critical.
|
||||
|
||||
## Related commands
|
||||
* [system prune](system_prune.md)
|
||||
* [container prune](container_prune.md)
|
||||
|
|
48
docs/reference/commandline/volume.md
Normal file
48
docs/reference/commandline/volume.md
Normal file
|
@ -0,0 +1,48 @@
|
|||
---
|
||||
title: "volume"
|
||||
description: "The volume command description and usage"
|
||||
keywords: "volume"
|
||||
---
|
||||
|
||||
<!-- This file is maintained within the docker/docker Github
|
||||
repository at https://github.com/docker/docker/. Make all
|
||||
pull requests against that repo. If you see this file in
|
||||
another repository, consider it read-only there, as it will
|
||||
periodically be overwritten by the definitive file. Pull
|
||||
requests which include edits to this file in other repositories
|
||||
will be rejected.
|
||||
-->
|
||||
|
||||
# volume
|
||||
|
||||
```markdown
|
||||
Usage: docker volume COMMAND
|
||||
|
||||
Manage volumes
|
||||
|
||||
Options:
|
||||
--help Print usage
|
||||
|
||||
Commands:
|
||||
create Create a volume
|
||||
inspect Display detailed information on one or more volumes
|
||||
ls List volumes
|
||||
prune Remove all unused volumes
|
||||
rm Remove one or more volumes
|
||||
|
||||
Run 'docker volume COMMAND --help' for more information on a command.
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
Manage volumes. You can use subcommand to create, list, inspect, remove
|
||||
volumes.
|
||||
|
||||
## Related commands
|
||||
|
||||
* [volume create](volume_create.md)
|
||||
* [volume inspect](volume_inspect.md)
|
||||
* [volume list](volume_list.md)
|
||||
* [volume rm](volume_rm.md)
|
||||
* [volume prune](volume_prune.md)
|
||||
* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/)
|
|
@ -458,10 +458,6 @@ If a container is connected to the default bridge network and `linked`
|
|||
with other containers, then the container's `/etc/hosts` file is updated
|
||||
with the linked container's name.
|
||||
|
||||
If the container is connected to user-defined network, the container's
|
||||
`/etc/hosts` file is updated with names of all other containers in that
|
||||
user-defined network.
|
||||
|
||||
> **Note** Since Docker may live update the container’s `/etc/hosts` file, there
|
||||
may be situations when processes inside the container can end up reading an
|
||||
empty or incomplete `/etc/hosts` file. In most cases, retrying the read again
|
||||
|
|
|
@ -13,9 +13,9 @@ please feel free to provide any feedback on these features you wish.
|
|||
|
||||
Experimental features are now included in the standard Docker binaries as of
|
||||
version 1.13.0.
|
||||
For enabling experimental features, you need to start the Docker daemon with
|
||||
`--experimental` flag.
|
||||
You can also enable the daemon flag via `/etc/docker/daemon.json`. e.g.
|
||||
To enable experimental features, start the Docker daemon with the
|
||||
`--experimental` flag or enable the daemon flag in the
|
||||
`/etc/docker/daemon.json` configuration file:
|
||||
|
||||
```json
|
||||
{
|
||||
|
@ -23,7 +23,8 @@ You can also enable the daemon flag via `/etc/docker/daemon.json`. e.g.
|
|||
}
|
||||
```
|
||||
|
||||
Then make sure the experimental flag is enabled:
|
||||
You can check to see if experimental features are enabled on a running daemon
|
||||
using the following command:
|
||||
|
||||
```bash
|
||||
$ docker version -f '{{.Server.Experimental}}'
|
||||
|
@ -32,9 +33,18 @@ true
|
|||
|
||||
## Current experimental features
|
||||
|
||||
Docker service logs command to view logs for a Docker service. This is needed in Swarm mode.
|
||||
Option to squash image layers to the base image after successful builds.
|
||||
Checkpoint and restore support for Containers.
|
||||
Metrics (Prometheus) output for basic container, image, and daemon operations.
|
||||
|
||||
* The top-level [docker deploy](../../docs/reference/deploy.md) command. The
|
||||
`docker stack deploy` command is **not** experimental.
|
||||
* [`docker service logs` command](../docs/reference/commandline/service_logs.md)
|
||||
* [`--squash` option to `docker build` command](../docs/reference/commandline/build.md##squash-an-images-layers---squash-experimental-only)
|
||||
* [External graphdriver plugins](../docs/extend/plugins_graphdriver.md)
|
||||
* [Ipvlan Network Drivers](vlan-networks.md)
|
||||
* [Docker Stacks and Distributed Application Bundles](docker-stacks-and-bundles.md)
|
||||
* [Distributed Application Bundles](docker-stacks-and-bundles.md)
|
||||
* [Checkpoint & Restore](checkpoint-restore.md)
|
||||
|
||||
## How to comment on an experimental feature
|
||||
|
|
|
@ -6,7 +6,7 @@ The Ipvlan driver is currently in experimental mode in order to incubate Docker
|
|||
|
||||
Ipvlan is a new twist on the tried and true network virtualization technique. The Linux implementations are extremely lightweight because rather than using the traditional Linux bridge for isolation, they are simply associated to a Linux Ethernet interface or sub-interface to enforce separation between networks and connectivity to the physical network.
|
||||
|
||||
Ipvlan offers a number of unique features and plenty of room for further innovations with the various modes. Two high level advantages of these approaches are, the positive performance implications of bypassing the Linux bridge and the simplicity of having less moving parts. Removing the bridge that traditionally resides in between the Docker host NIC and container interface leaves a very simple setup consisting of container interfaces, attached directly to the Docker host interface. This result is easy access for external facing services as there is no port mappings in these scenarios.
|
||||
Ipvlan offers a number of unique features and plenty of room for further innovations with the various modes. Two high level advantages of these approaches are, the positive performance implications of bypassing the Linux bridge and the simplicity of having fewer moving parts. Removing the bridge that traditionally resides in between the Docker host NIC and container interface leaves a simple setup consisting of container interfaces, attached directly to the Docker host interface. This result is easy access for external facing services as there is no need for port mappings in these scenarios.
|
||||
|
||||
### Pre-Requisites
|
||||
|
||||
|
@ -21,14 +21,14 @@ Ipvlan offers a number of unique features and plenty of room for further innovat
|
|||
|
||||
### Ipvlan L2 Mode Example Usage
|
||||
|
||||
The ipvlan `L2` mode example is like the following image. The driver is specified with `-d driver_name` option. In this case `-d ipvlan`.
|
||||
An example of the ipvlan `L2` mode topology is shown in the following image. The driver is specified with `-d driver_name` option. In this case `-d ipvlan`.
|
||||
|
||||
![Simple Ipvlan L2 Mode Example](images/ipvlan_l2_simple.png)
|
||||
|
||||
The parent interface in the next example `-o parent=eth0` is configured as followed:
|
||||
|
||||
```
|
||||
ip addr show eth0
|
||||
$ ip addr show eth0
|
||||
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
|
||||
inet 192.168.1.250/24 brd 192.168.1.255 scope global eth0
|
||||
```
|
||||
|
@ -39,14 +39,14 @@ Create the ipvlan network and run a container attaching to it:
|
|||
|
||||
```
|
||||
# Ipvlan (-o ipvlan_mode= Defaults to L2 mode if not specified)
|
||||
docker network create -d ipvlan \
|
||||
$ docker network create -d ipvlan \
|
||||
--subnet=192.168.1.0/24 \
|
||||
--gateway=192.168.1.1 \
|
||||
-o ipvlan_mode=l2 \
|
||||
-o parent=eth0 db_net
|
||||
|
||||
# Start a container on the db_net network
|
||||
docker run --net=db_net -it --rm alpine /bin/sh
|
||||
$ docker run --net=db_net -it --rm alpine /bin/sh
|
||||
|
||||
# NOTE: the containers can NOT ping the underlying host interfaces as
|
||||
# they are intentionally filtered by Linux for additional isolation.
|
||||
|
@ -62,47 +62,47 @@ The following will create the exact same network as the network `db_net` created
|
|||
|
||||
```
|
||||
# Ipvlan (-o ipvlan_mode= Defaults to L2 mode if not specified)
|
||||
docker network create -d ipvlan \
|
||||
$ docker network create -d ipvlan \
|
||||
--subnet=192.168.1.0/24 \
|
||||
-o parent=eth0 db_net_ipv
|
||||
|
||||
# Start a container with an explicit name in daemon mode
|
||||
docker run --net=db_net_ipv --name=ipv1 -itd alpine /bin/sh
|
||||
$ docker run --net=db_net_ipv --name=ipv1 -itd alpine /bin/sh
|
||||
|
||||
# Start a second container and ping using the container name
|
||||
# to see the docker included name resolution functionality
|
||||
docker run --net=db_net_ipv --name=ipv2 -it --rm alpine /bin/sh
|
||||
ping -c 4 ipv1
|
||||
$ docker run --net=db_net_ipv --name=ipv2 -it --rm alpine /bin/sh
|
||||
$ ping -c 4 ipv1
|
||||
|
||||
# NOTE: the containers can NOT ping the underlying host interfaces as
|
||||
# they are intentionally filtered by Linux for additional isolation.
|
||||
```
|
||||
|
||||
The drivers also support the `--internal` flag that will completely isolate containers on a network from any communications external to that network. Since network isolation is tightly coupled to the network's parent interface the result of leaving the `-o parent=` option off of a network create is the exact same as the `--internal` option. If the parent interface is not specified or the `--internal` flag is used, a netlink type `dummy` parent interface is created for the user and used as the parent interface effectively isolating the network completely.
|
||||
The drivers also support the `--internal` flag that will completely isolate containers on a network from any communications external to that network. Since network isolation is tightly coupled to the network's parent interface the result of leaving the `-o parent=` option off of a `docker network create` is the exact same as the `--internal` option. If the parent interface is not specified or the `--internal` flag is used, a netlink type `dummy` parent interface is created for the user and used as the parent interface effectively isolating the network completely.
|
||||
|
||||
The following two `docker network create` examples result in identical networks that you can attach container to:
|
||||
|
||||
```
|
||||
# Empty '-o parent=' creates an isolated network
|
||||
docker network create -d ipvlan \
|
||||
$ docker network create -d ipvlan \
|
||||
--subnet=192.168.10.0/24 isolated1
|
||||
|
||||
# Explicit '--internal' flag is the same:
|
||||
docker network create -d ipvlan \
|
||||
$ docker network create -d ipvlan \
|
||||
--subnet=192.168.11.0/24 --internal isolated2
|
||||
|
||||
# Even the '--subnet=' can be left empty and the default
|
||||
# IPAM subnet of 172.18.0.0/16 will be assigned
|
||||
docker network create -d ipvlan isolated3
|
||||
$ docker network create -d ipvlan isolated3
|
||||
|
||||
docker run --net=isolated1 --name=cid1 -it --rm alpine /bin/sh
|
||||
docker run --net=isolated2 --name=cid2 -it --rm alpine /bin/sh
|
||||
docker run --net=isolated3 --name=cid3 -it --rm alpine /bin/sh
|
||||
$ docker run --net=isolated1 --name=cid1 -it --rm alpine /bin/sh
|
||||
$ docker run --net=isolated2 --name=cid2 -it --rm alpine /bin/sh
|
||||
$ docker run --net=isolated3 --name=cid3 -it --rm alpine /bin/sh
|
||||
|
||||
# To attach to any use `docker exec` and start a shell
|
||||
docker exec -it cid1 /bin/sh
|
||||
docker exec -it cid2 /bin/sh
|
||||
docker exec -it cid3 /bin/sh
|
||||
$ docker exec -it cid1 /bin/sh
|
||||
$ docker exec -it cid2 /bin/sh
|
||||
$ docker exec -it cid3 /bin/sh
|
||||
```
|
||||
|
||||
### Ipvlan 802.1q Trunk L2 Mode Example Usage
|
||||
|
@ -119,7 +119,7 @@ For the driver to add/delete the vlan sub-interfaces the format needs to be `int
|
|||
|
||||
The option to use either existing parent vlan sub-interfaces or let Docker manage them enables the user to either completely manage the Linux interfaces and networking or let Docker create and delete the Vlan parent sub-interfaces (netlink `ip link`) with no effort from the user.
|
||||
|
||||
For example: `eth0.10` to denote a sub-interface of `eth0` tagged with vlan id `10`. The equivalent `ip link` command would be `ip link add link eth0 name eth0.10 type vlan id 10`.
|
||||
For example: use `eth0.10` to denote a sub-interface of `eth0` tagged with the vlan id of `10`. The equivalent `ip link` command would be `ip link add link eth0 name eth0.10 type vlan id 10`.
|
||||
|
||||
The example creates the vlan tagged networks and then start two containers to test connectivity between containers. Different Vlans cannot ping one another without a router routing between the two networks. The default namespace is not reachable per ipvlan design in order to isolate container namespaces from the underlying host.
|
||||
|
||||
|
@ -129,14 +129,14 @@ In the first network tagged and isolated by the Docker host, `eth0.20` is the pa
|
|||
|
||||
```
|
||||
# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged
|
||||
docker network create -d ipvlan \
|
||||
$ docker network create -d ipvlan \
|
||||
--subnet=192.168.20.0/24 \
|
||||
--gateway=192.168.20.1 \
|
||||
-o parent=eth0.20 ipvlan20
|
||||
|
||||
# in two separate terminals, start a Docker container and the containers can now ping one another.
|
||||
docker run --net=ipvlan20 -it --name ivlan_test1 --rm alpine /bin/sh
|
||||
docker run --net=ipvlan20 -it --name ivlan_test2 --rm alpine /bin/sh
|
||||
$ docker run --net=ipvlan20 -it --name ivlan_test1 --rm alpine /bin/sh
|
||||
$ docker run --net=ipvlan20 -it --name ivlan_test2 --rm alpine /bin/sh
|
||||
```
|
||||
|
||||
**Vlan ID 30**
|
||||
|
@ -145,21 +145,21 @@ In the second network, tagged and isolated by the Docker host, `eth0.30` is the
|
|||
|
||||
```
|
||||
# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged.
|
||||
docker network create -d ipvlan \
|
||||
$ docker network create -d ipvlan \
|
||||
--subnet=192.168.30.0/24 \
|
||||
--gateway=192.168.30.1 \
|
||||
-o parent=eth0.30 \
|
||||
-o ipvlan_mode=l2 ipvlan30
|
||||
|
||||
# in two separate terminals, start a Docker container and the containers can now ping one another.
|
||||
docker run --net=ipvlan30 -it --name ivlan_test3 --rm alpine /bin/sh
|
||||
docker run --net=ipvlan30 -it --name ivlan_test4 --rm alpine /bin/sh
|
||||
$ docker run --net=ipvlan30 -it --name ivlan_test3 --rm alpine /bin/sh
|
||||
$ docker run --net=ipvlan30 -it --name ivlan_test4 --rm alpine /bin/sh
|
||||
```
|
||||
|
||||
The gateway is set inside of the container as the default gateway. That gateway would typically be an external router on the network.
|
||||
|
||||
```
|
||||
$ ip route
|
||||
$$ ip route
|
||||
default via 192.168.30.1 dev eth0
|
||||
192.168.30.0/24 dev eth0 src 192.168.30.2
|
||||
```
|
||||
|
@ -169,14 +169,14 @@ Example: Multi-Subnet Ipvlan L2 Mode starting two containers on the same subnet
|
|||
Secondary addresses on network routers are common as an address space becomes exhausted to add another secondary to an L3 vlan interface or commonly referred to as a "switched virtual interface" (SVI).
|
||||
|
||||
```
|
||||
docker network create -d ipvlan \
|
||||
$ docker network create -d ipvlan \
|
||||
--subnet=192.168.114.0/24 --subnet=192.168.116.0/24 \
|
||||
--gateway=192.168.114.254 --gateway=192.168.116.254 \
|
||||
-o parent=eth0.114 \
|
||||
-o ipvlan_mode=l2 ipvlan114
|
||||
|
||||
docker run --net=ipvlan114 --ip=192.168.114.10 -it --rm alpine /bin/sh
|
||||
docker run --net=ipvlan114 --ip=192.168.114.11 -it --rm alpine /bin/sh
|
||||
$ docker run --net=ipvlan114 --ip=192.168.114.10 -it --rm alpine /bin/sh
|
||||
$ docker run --net=ipvlan114 --ip=192.168.114.11 -it --rm alpine /bin/sh
|
||||
```
|
||||
|
||||
A key takeaway is, operators have the ability to map their physical network into their virtual network for integrating containers into their environment with no operational overhauls required. NetOps simply drops an 802.1q trunk into the Docker host. That virtual link would be the `-o parent=` passed in the network creation. For untagged (non-VLAN) links, it is as simple as `-o parent=eth0` or for 802.1q trunks with VLAN IDs each network gets mapped to the corresponding VLAN/Subnet from the network.
|
||||
|
@ -210,13 +210,13 @@ Ipvlan L3 mode drops all broadcast and multicast traffic. This reason alone make
|
|||
- Unlike ipvlan l2 modes, different subnets/networks can ping one another as long as they share the same parent interface `-o parent=`.
|
||||
|
||||
```
|
||||
ip a show eth0
|
||||
$$ ip a show eth0
|
||||
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
|
||||
link/ether 00:50:56:39:45:2e brd ff:ff:ff:ff:ff:ff
|
||||
inet 192.168.1.250/24 brd 192.168.1.255 scope global eth0
|
||||
```
|
||||
|
||||
-A traditional gateway doesn't mean much to an L3 mode Ipvlan interface since there is no broadcast traffic allowed. Because of that, the container default gateway simply point the the containers `eth0` device. See below for CLI output of `ip route` or `ip -6 route` from inside an L3 container for details.
|
||||
- A traditional gateway doesn't mean much to an L3 mode Ipvlan interface since there is no broadcast traffic allowed. Because of that, the container default gateway simply point the the containers `eth0` device. See below for CLI output of `ip route` or `ip -6 route` from inside an L3 container for details.
|
||||
|
||||
The mode ` -o ipvlan_mode=l3` must be explicitly specified since the default ipvlan mode is `l2`.
|
||||
|
||||
|
@ -224,20 +224,20 @@ The following example does not specify a parent interface. The network drivers w
|
|||
|
||||
```
|
||||
# Create the Ipvlan L3 network
|
||||
docker network create -d ipvlan \
|
||||
$ docker network create -d ipvlan \
|
||||
--subnet=192.168.214.0/24 \
|
||||
--subnet=10.1.214.0/24 \
|
||||
-o ipvlan_mode=l3 ipnet210
|
||||
|
||||
# Test 192.168.214.0/24 connectivity
|
||||
docker run --net=ipnet210 --ip=192.168.214.10 -itd alpine /bin/sh
|
||||
docker run --net=ipnet210 --ip=10.1.214.10 -itd alpine /bin/sh
|
||||
$ docker run --net=ipnet210 --ip=192.168.214.10 -itd alpine /bin/sh
|
||||
$ docker run --net=ipnet210 --ip=10.1.214.10 -itd alpine /bin/sh
|
||||
|
||||
# Test L3 connectivity from 10.1.214.0/24 to 192.168.212.0/24
|
||||
docker run --net=ipnet210 --ip=192.168.214.9 -it --rm alpine ping -c 2 10.1.214.10
|
||||
$ docker run --net=ipnet210 --ip=192.168.214.9 -it --rm alpine ping -c 2 10.1.214.10
|
||||
|
||||
# Test L3 connectivity from 192.168.212.0/24 to 10.1.214.0/24
|
||||
docker run --net=ipnet210 --ip=10.1.214.9 -it --rm alpine ping -c 2 192.168.214.10
|
||||
$ docker run --net=ipnet210 --ip=10.1.214.9 -it --rm alpine ping -c 2 192.168.214.10
|
||||
|
||||
```
|
||||
|
||||
|
@ -245,9 +245,9 @@ Notice there is no `--gateway=` option in the network create. The field is ignor
|
|||
|
||||
```
|
||||
# Inside an L3 mode container
|
||||
$ ip route
|
||||
$$ ip route
|
||||
default dev eth0
|
||||
192.168.120.0/24 dev eth0 src 192.168.120.2
|
||||
192.168.214.0/24 dev eth0 src 192.168.214.10
|
||||
```
|
||||
|
||||
In order to ping the containers from a remote Docker host or the container be able to ping a remote host, the remote host or the physical network in between need to have a route pointing to the host IP address of the container's Docker host eth interface. More on this as we evolve the Ipvlan `L3` story.
|
||||
|
@ -260,19 +260,21 @@ In order to ping the containers from a remote Docker host or the container be ab
|
|||
|
||||
```
|
||||
# Create a v6 network
|
||||
docker network create -d ipvlan \
|
||||
$ docker network create -d ipvlan \
|
||||
--subnet=2001:db8:abc2::/64 --gateway=2001:db8:abc2::22 \
|
||||
-o parent=eth0.139 v6ipvlan139
|
||||
|
||||
# Start a container on the network
|
||||
docker run --net=v6ipvlan139 -it --rm alpine /bin/sh
|
||||
$ docker run --net=v6ipvlan139 -it --rm alpine /bin/sh
|
||||
|
||||
```
|
||||
|
||||
View the container eth0 interface and v6 routing table:
|
||||
|
||||
```
|
||||
eth0@if55: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
|
||||
# Inside the IPv6 container
|
||||
$$ ip a show eth0
|
||||
75: eth0@if55: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
|
||||
link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff
|
||||
inet 172.18.0.2/16 scope global eth0
|
||||
valid_lft forever preferred_lft forever
|
||||
|
@ -281,7 +283,7 @@ View the container eth0 interface and v6 routing table:
|
|||
inet6 2001:db8:abc2::1/64 scope link nodad
|
||||
valid_lft forever preferred_lft forever
|
||||
|
||||
root@5c1dc74b1daa:/# ip -6 route
|
||||
$$ ip -6 route
|
||||
2001:db8:abc4::/64 dev eth0 proto kernel metric 256
|
||||
2001:db8:abc2::/64 dev eth0 proto kernel metric 256
|
||||
default via 2001:db8:abc2::22 dev eth0 metric 1024
|
||||
|
@ -290,9 +292,11 @@ default via 2001:db8:abc2::22 dev eth0 metric 1024
|
|||
Start a second container and ping the first container's v6 address.
|
||||
|
||||
```
|
||||
# Test L2 connectivity over IPv6
|
||||
$ docker run --net=v6ipvlan139 -it --rm alpine /bin/sh
|
||||
|
||||
root@b817e42fcc54:/# ip a show eth0
|
||||
# Inside the second IPv6 container
|
||||
$$ ip a show eth0
|
||||
75: eth0@if55: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
|
||||
link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff
|
||||
inet 172.18.0.3/16 scope global eth0
|
||||
|
@ -302,7 +306,7 @@ root@b817e42fcc54:/# ip a show eth0
|
|||
inet6 2001:db8:abc2::2/64 scope link nodad
|
||||
valid_lft forever preferred_lft forever
|
||||
|
||||
root@b817e42fcc54:/# ping6 2001:db8:abc2::1
|
||||
$$ ping6 2001:db8:abc2::1
|
||||
PING 2001:db8:abc2::1 (2001:db8:abc2::1): 56 data bytes
|
||||
64 bytes from 2001:db8:abc2::1%eth0: icmp_seq=0 ttl=64 time=0.044 ms
|
||||
64 bytes from 2001:db8:abc2::1%eth0: icmp_seq=1 ttl=64 time=0.058 ms
|
||||
|
@ -316,7 +320,7 @@ The next example with setup a dual stack IPv4/IPv6 network with an example VLAN
|
|||
Next create a network with two IPv4 subnets and one IPv6 subnets, all of which have explicit gateways:
|
||||
|
||||
```
|
||||
docker network create -d ipvlan \
|
||||
$ docker network create -d ipvlan \
|
||||
--subnet=192.168.140.0/24 --subnet=192.168.142.0/24 \
|
||||
--gateway=192.168.140.1 --gateway=192.168.142.1 \
|
||||
--subnet=2001:db8:abc9::/64 --gateway=2001:db8:abc9::22 \
|
||||
|
@ -327,9 +331,9 @@ docker network create -d ipvlan \
|
|||
Start a container and view eth0 and both v4 & v6 routing tables:
|
||||
|
||||
```
|
||||
docker run --net=v6ipvlan139 --ip6=2001:db8:abc2::51 -it --rm alpine /bin/sh
|
||||
$ docker run --net=ipvlan140 --ip6=2001:db8:abc2::51 -it --rm alpine /bin/sh
|
||||
|
||||
root@3cce0d3575f3:/# ip a show eth0
|
||||
$ ip a show eth0
|
||||
78: eth0@if77: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
|
||||
link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff
|
||||
inet 192.168.140.2/24 scope global eth0
|
||||
|
@ -339,11 +343,11 @@ root@3cce0d3575f3:/# ip a show eth0
|
|||
inet6 2001:db8:abc9::1/64 scope link nodad
|
||||
valid_lft forever preferred_lft forever
|
||||
|
||||
root@3cce0d3575f3:/# ip route
|
||||
$$ ip route
|
||||
default via 192.168.140.1 dev eth0
|
||||
192.168.140.0/24 dev eth0 proto kernel scope link src 192.168.140.2
|
||||
|
||||
root@3cce0d3575f3:/# ip -6 route
|
||||
$$ ip -6 route
|
||||
2001:db8:abc4::/64 dev eth0 proto kernel metric 256
|
||||
2001:db8:abc9::/64 dev eth0 proto kernel metric 256
|
||||
default via 2001:db8:abc9::22 dev eth0 metric 1024
|
||||
|
@ -352,7 +356,7 @@ default via 2001:db8:abc9::22 dev eth0 metric 1024
|
|||
Start a second container with a specific `--ip4` address and ping the first host using IPv4 packets:
|
||||
|
||||
```
|
||||
docker run --net=ipvlan140 --ip=192.168.140.10 -it --rm alpine /bin/sh
|
||||
$ docker run --net=ipvlan140 --ip=192.168.140.10 -it --rm alpine /bin/sh
|
||||
```
|
||||
|
||||
**Note**: Different subnets on the same parent interface in Ipvlan `L2` mode cannot ping one another. That requires a router to proxy-arp the requests with a secondary subnet. However, Ipvlan `L3` will route the unicast traffic between disparate subnets as long as they share the same `-o parent` parent link.
|
||||
|
@ -368,7 +372,7 @@ The primary difference you will see is that L3 mode does not create a default ro
|
|||
```
|
||||
# Create an IPv6+IPv4 Dual Stack Ipvlan L3 network
|
||||
# Gateways for both v4 and v6 are set to a dev e.g. 'default dev eth0'
|
||||
docker network create -d ipvlan \
|
||||
$ docker network create -d ipvlan \
|
||||
--subnet=192.168.110.0/24 \
|
||||
--subnet=192.168.112.0/24 \
|
||||
--subnet=2001:db8:abc6::/64 \
|
||||
|
@ -378,19 +382,19 @@ docker network create -d ipvlan \
|
|||
|
||||
# Start a few of containers on the network (ipnet110)
|
||||
# in separate terminals and check connectivity
|
||||
docker run --net=ipnet110 -it --rm alpine /bin/sh
|
||||
$ docker run --net=ipnet110 -it --rm alpine /bin/sh
|
||||
# Start a second container specifying the v6 address
|
||||
docker run --net=ipnet110 --ip6=2001:db8:abc6::10 -it --rm alpine /bin/sh
|
||||
$ docker run --net=ipnet110 --ip6=2001:db8:abc6::10 -it --rm alpine /bin/sh
|
||||
# Start a third specifying the IPv4 address
|
||||
docker run --net=ipnet110 --ip=192.168.112.50 -it --rm alpine /bin/sh
|
||||
$ docker run --net=ipnet110 --ip=192.168.112.30 -it --rm alpine /bin/sh
|
||||
# Start a 4th specifying both the IPv4 and IPv6 addresses
|
||||
docker run --net=ipnet110 --ip6=2001:db8:abc6::50 --ip=192.168.112.50 -it --rm alpine /bin/sh
|
||||
$ docker run --net=ipnet110 --ip6=2001:db8:abc6::50 --ip=192.168.112.50 -it --rm alpine /bin/sh
|
||||
```
|
||||
|
||||
Interface and routing table outputs are as follows:
|
||||
|
||||
```
|
||||
root@3a368b2a982e:/# ip a show eth0
|
||||
$$ ip a show eth0
|
||||
63: eth0@if59: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
|
||||
link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff
|
||||
inet 192.168.112.2/24 scope global eth0
|
||||
|
@ -401,11 +405,11 @@ root@3a368b2a982e:/# ip a show eth0
|
|||
valid_lft forever preferred_lft forever
|
||||
|
||||
# Note the default route is simply the eth device because ARPs are filtered.
|
||||
root@3a368b2a982e:/# ip route
|
||||
$$ ip route
|
||||
default dev eth0 scope link
|
||||
192.168.112.0/24 dev eth0 proto kernel scope link src 192.168.112.2
|
||||
|
||||
root@3a368b2a982e:/# ip -6 route
|
||||
$$ ip -6 route
|
||||
2001:db8:abc4::/64 dev eth0 proto kernel metric 256
|
||||
2001:db8:abc6::/64 dev eth0 proto kernel metric 256
|
||||
default dev eth0 metric 1024
|
||||
|
@ -421,51 +425,51 @@ docker: Error response from daemon: Address already in use.
|
|||
|
||||
**Vlan ID 40**
|
||||
|
||||
If a user does not want the driver to create the vlan sub-interface it simply needs to exist prior to the `docker network create`. If you have sub-interface naming that is not `interface.vlan_id` it is honored in the `-o parent=` option again as long as the interface exists and us up.
|
||||
If a user does not want the driver to create the vlan sub-interface it simply needs to exist prior to the `docker network create`. If you have sub-interface naming that is not `interface.vlan_id` it is honored in the `-o parent=` option again as long as the interface exists and is up.
|
||||
|
||||
Links if manually created can be named anything you want. As long as the exist when the network is created that is all that matters. Manually created links do not get deleted regardless of the name when the network is deleted with `docker network rm`.
|
||||
Links, when manually created, can be named anything as long as they exist when the network is created. Manually created links do not get deleted regardless of the name when the network is deleted with `docker network rm`.
|
||||
|
||||
```
|
||||
# create a new sub-interface tied to dot1q vlan 40
|
||||
ip link add link eth0 name eth0.40 type vlan id 40
|
||||
$ ip link add link eth0 name eth0.40 type vlan id 40
|
||||
|
||||
# enable the new sub-interface
|
||||
ip link set eth0.40 up
|
||||
$ ip link set eth0.40 up
|
||||
|
||||
# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged
|
||||
docker network create -d ipvlan \
|
||||
$ docker network create -d ipvlan \
|
||||
--subnet=192.168.40.0/24 \
|
||||
--gateway=192.168.40.1 \
|
||||
-o parent=eth0.40 ipvlan40
|
||||
|
||||
# in two separate terminals, start a Docker container and the containers can now ping one another.
|
||||
docker run --net=ipvlan40 -it --name ivlan_test5 --rm alpine /bin/sh
|
||||
docker run --net=ipvlan40 -it --name ivlan_test6 --rm alpine /bin/sh
|
||||
$ docker run --net=ipvlan40 -it --name ivlan_test5 --rm alpine /bin/sh
|
||||
$ docker run --net=ipvlan40 -it --name ivlan_test6 --rm alpine /bin/sh
|
||||
```
|
||||
|
||||
**Example:** Vlan sub-interface manually created with any name:
|
||||
|
||||
```
|
||||
# create a new sub interface tied to dot1q vlan 40
|
||||
ip link add link eth0 name foo type vlan id 40
|
||||
$ ip link add link eth0 name foo type vlan id 40
|
||||
|
||||
# enable the new sub-interface
|
||||
ip link set foo up
|
||||
$ ip link set foo up
|
||||
|
||||
# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged
|
||||
docker network create -d ipvlan \
|
||||
$ docker network create -d ipvlan \
|
||||
--subnet=192.168.40.0/24 --gateway=192.168.40.1 \
|
||||
-o parent=foo ipvlan40
|
||||
|
||||
# in two separate terminals, start a Docker container and the containers can now ping one another.
|
||||
docker run --net=ipvlan40 -it --name ivlan_test5 --rm alpine /bin/sh
|
||||
docker run --net=ipvlan40 -it --name ivlan_test6 --rm alpine /bin/sh
|
||||
$ docker run --net=ipvlan40 -it --name ivlan_test5 --rm alpine /bin/sh
|
||||
$ docker run --net=ipvlan40 -it --name ivlan_test6 --rm alpine /bin/sh
|
||||
```
|
||||
|
||||
Manually created links can be cleaned up with:
|
||||
|
||||
```
|
||||
ip link del foo
|
||||
$ ip link del foo
|
||||
```
|
||||
|
||||
As with all of the Libnetwork drivers, they can be mixed and matched, even as far as running 3rd party ecosystem drivers in parallel for maximum flexibility to the Docker user.
|
||||
|
|
|
@ -44,6 +44,7 @@ versions.
|
|||
- label=<key> or label=<key>=<value>
|
||||
- before=(<image-name>[:tag]|<image-id>|<image@digest>)
|
||||
- since=(<image-name>[:tag]|<image-id>|<image@digest>)
|
||||
- reference=(pattern of an image reference)
|
||||
|
||||
**--format**="*TEMPLATE*"
|
||||
Pretty-print images using a Go template.
|
||||
|
|
Loading…
Reference in a new issue