moby/api/swagger.yaml
Cory Snider 57d2d6ef62 Update container OOMKilled flag immediately
The OOMKilled flag on a container's state has historically behaved
rather unintuitively: it is updated on container exit to reflect whether
or not any process within the container has been OOM-killed during the
preceding run of the container. The OOMKilled flag would be set to true
when the container exits if any process within the container---including
execs---was OOM-killed at any time while the container was running,
whether or not the OOM-kill was the cause of the container exiting. The
flag is "sticky," persisting through the next start of the container;
only being cleared once the container exits without any processes having
been OOM-killed that run.

Alter the behavior of the OOMKilled flag such that it signals whether
any process in the container had been OOM-killed since the most recent
start of the container. Set the flag immediately upon any process being
OOM-killed, and clear it when the container transitions to the "running"
state.

There is an ulterior motive for this change. It reduces the amount of
state the libcontainerd client needs to keep track of and clean up on
container exit. It's one less place the client could leak memory if a
container was to be deleted without going through libcontainerd.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-24 14:59:07 -04:00

12146 lines
402 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
#
# This is used for generating API documentation and the types used by the
# client/server. See api/README.md for more information.
#
# Some style notes:
# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
# descriptions.
# - There is no maximum line length, for ease of editing and pretty diffs.
# - operationIds are in the format "NounVerb", with a singular noun.
swagger: "2.0"
schemes:
- "http"
- "https"
produces:
- "application/json"
- "text/plain"
consumes:
- "application/json"
- "text/plain"
basePath: "/v1.43"
info:
title: "Docker Engine API"
version: "1.43"
x-logo:
url: "https://docs.docker.com/images/logo-docker-main.png"
description: |
The Engine API is an HTTP API served by Docker Engine. It is the API the
Docker client uses to communicate with the Engine, so everything the Docker
client can do can be done with the API.
Most of the client's commands map directly to API endpoints (e.g. `docker ps`
is `GET /containers/json`). The notable exception is running containers,
which consists of several API calls.
# Errors
The API uses standard HTTP status codes to indicate the success or failure
of the API call. The body of the response will be JSON in the following
format:
```
{
"message": "page not found"
}
```
# Versioning
The API is usually changed in each release, so API calls are versioned to
ensure that clients don't break. To lock to a specific version of the API,
you prefix the URL with its version, for example, call `/v1.30/info` to use
the v1.30 version of the `/info` endpoint. If the API version specified in
the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
is returned.
If you omit the version-prefix, the current version of the API (v1.43) is used.
For example, calling `/info` is the same as calling `/v1.43/info`. Using the
API without a version-prefix is deprecated and will be removed in a future release.
Engine releases in the near future should support this version of the API,
so your client will continue to work even if it is talking to a newer Engine.
The API uses an open schema model, which means server may add extra properties
to responses. Likewise, the server will ignore any extra query parameters and
request body properties. When you write clients, you need to ignore additional
properties in responses to ensure they do not break when talking to newer
daemons.
# Authentication
Authentication for registries is handled client side. The client has to send
authentication details to various endpoints that need to communicate with
registries, such as `POST /images/(name)/push`. These are sent as
`X-Registry-Auth` header as a [base64url encoded](https://tools.ietf.org/html/rfc4648#section-5)
(JSON) string with the following structure:
```
{
"username": "string",
"password": "string",
"email": "string",
"serveraddress": "string"
}
```
The `serveraddress` is a domain/IP without a protocol. Throughout this
structure, double quotes are required.
If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth),
you can just pass this instead of credentials:
```
{
"identitytoken": "9cbaf023786cd7..."
}
```
# The tags on paths define the menu sections in the ReDoc documentation, so
# the usage of tags must make sense for that:
# - They should be singular, not plural.
# - There should not be too many tags, or the menu becomes unwieldy. For
# example, it is preferable to add a path to the "System" tag instead of
# creating a tag with a single path in it.
# - The order of tags in this list defines the order in the menu.
tags:
# Primary objects
- name: "Container"
x-displayName: "Containers"
description: |
Create and manage containers.
- name: "Image"
x-displayName: "Images"
- name: "Network"
x-displayName: "Networks"
description: |
Networks are user-defined networks that containers can be attached to.
See the [networking documentation](https://docs.docker.com/network/)
for more information.
- name: "Volume"
x-displayName: "Volumes"
description: |
Create and manage persistent storage that can be attached to containers.
- name: "Exec"
x-displayName: "Exec"
description: |
Run new commands inside running containers. Refer to the
[command-line reference](https://docs.docker.com/engine/reference/commandline/exec/)
for more information.
To exec a command in a container, you first need to create an exec instance,
then start it. These two API endpoints are wrapped up in a single command-line
command, `docker exec`.
# Swarm things
- name: "Swarm"
x-displayName: "Swarm"
description: |
Engines can be clustered together in a swarm. Refer to the
[swarm mode documentation](https://docs.docker.com/engine/swarm/)
for more information.
- name: "Node"
x-displayName: "Nodes"
description: |
Nodes are instances of the Engine participating in a swarm. Swarm mode
must be enabled for these endpoints to work.
- name: "Service"
x-displayName: "Services"
description: |
Services are the definitions of tasks to run on a swarm. Swarm mode must
be enabled for these endpoints to work.
- name: "Task"
x-displayName: "Tasks"
description: |
A task is a container running on a swarm. It is the atomic scheduling unit
of swarm. Swarm mode must be enabled for these endpoints to work.
- name: "Secret"
x-displayName: "Secrets"
description: |
Secrets are sensitive data that can be used by services. Swarm mode must
be enabled for these endpoints to work.
- name: "Config"
x-displayName: "Configs"
description: |
Configs are application configurations that can be used by services. Swarm
mode must be enabled for these endpoints to work.
# System things
- name: "Plugin"
x-displayName: "Plugins"
- name: "System"
x-displayName: "System"
definitions:
Port:
type: "object"
description: "An open port on a container"
required: [PrivatePort, Type]
properties:
IP:
type: "string"
format: "ip-address"
description: "Host IP address that the container's port is mapped to"
PrivatePort:
type: "integer"
format: "uint16"
x-nullable: false
description: "Port on the container"
PublicPort:
type: "integer"
format: "uint16"
description: "Port exposed on the host"
Type:
type: "string"
x-nullable: false
enum: ["tcp", "udp", "sctp"]
example:
PrivatePort: 8080
PublicPort: 80
Type: "tcp"
MountPoint:
type: "object"
description: |
MountPoint represents a mount point configuration inside the container.
This is used for reporting the mountpoints in use by a container.
properties:
Type:
description: |
The mount type:
- `bind` a mount of a file or directory from the host into the container.
- `volume` a docker volume with the given `Name`.
- `tmpfs` a `tmpfs`.
- `npipe` a named pipe from the host into the container.
- `cluster` a Swarm cluster volume
type: "string"
enum:
- "bind"
- "volume"
- "tmpfs"
- "npipe"
- "cluster"
example: "volume"
Name:
description: |
Name is the name reference to the underlying data defined by `Source`
e.g., the volume name.
type: "string"
example: "myvolume"
Source:
description: |
Source location of the mount.
For volumes, this contains the storage location of the volume (within
`/var/lib/docker/volumes/`). For bind-mounts, and `npipe`, this contains
the source (host) part of the bind-mount. For `tmpfs` mount points, this
field is empty.
type: "string"
example: "/var/lib/docker/volumes/myvolume/_data"
Destination:
description: |
Destination is the path relative to the container root (`/`) where
the `Source` is mounted inside the container.
type: "string"
example: "/usr/share/nginx/html/"
Driver:
description: |
Driver is the volume driver used to create the volume (if it is a volume).
type: "string"
example: "local"
Mode:
description: |
Mode is a comma separated list of options supplied by the user when
creating the bind/volume mount.
The default is platform-specific (`"z"` on Linux, empty on Windows).
type: "string"
example: "z"
RW:
description: |
Whether the mount is mounted writable (read-write).
type: "boolean"
example: true
Propagation:
description: |
Propagation describes how mounts are propagated from the host into the
mount point, and vice-versa. Refer to the [Linux kernel documentation](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt)
for details. This field is not used on Windows.
type: "string"
example: ""
DeviceMapping:
type: "object"
description: "A device mapping between the host and container"
properties:
PathOnHost:
type: "string"
PathInContainer:
type: "string"
CgroupPermissions:
type: "string"
example:
PathOnHost: "/dev/deviceName"
PathInContainer: "/dev/deviceName"
CgroupPermissions: "mrw"
DeviceRequest:
type: "object"
description: "A request for devices to be sent to device drivers"
properties:
Driver:
type: "string"
example: "nvidia"
Count:
type: "integer"
example: -1
DeviceIDs:
type: "array"
items:
type: "string"
example:
- "0"
- "1"
- "GPU-fef8089b-4820-abfc-e83e-94318197576e"
Capabilities:
description: |
A list of capabilities; an OR list of AND lists of capabilities.
type: "array"
items:
type: "array"
items:
type: "string"
example:
# gpu AND nvidia AND compute
- ["gpu", "nvidia", "compute"]
Options:
description: |
Driver-specific options, specified as a key/value pairs. These options
are passed directly to the driver.
type: "object"
additionalProperties:
type: "string"
ThrottleDevice:
type: "object"
properties:
Path:
description: "Device path"
type: "string"
Rate:
description: "Rate"
type: "integer"
format: "int64"
minimum: 0
Mount:
type: "object"
properties:
Target:
description: "Container path."
type: "string"
Source:
description: "Mount source (e.g. a volume name, a host path)."
type: "string"
Type:
description: |
The mount type. Available types:
- `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
- `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
- `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
- `npipe` Mounts a named pipe from the host into the container. Must exist prior to creating the container.
- `cluster` a Swarm cluster volume
type: "string"
enum:
- "bind"
- "volume"
- "tmpfs"
- "npipe"
- "cluster"
ReadOnly:
description: "Whether the mount should be read-only."
type: "boolean"
Consistency:
description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
type: "string"
BindOptions:
description: "Optional configuration for the `bind` type."
type: "object"
properties:
Propagation:
description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
type: "string"
enum:
- "private"
- "rprivate"
- "shared"
- "rshared"
- "slave"
- "rslave"
NonRecursive:
description: "Disable recursive bind mount."
type: "boolean"
default: false
CreateMountpoint:
description: "Create mount point on host if missing"
type: "boolean"
default: false
VolumeOptions:
description: "Optional configuration for the `volume` type."
type: "object"
properties:
NoCopy:
description: "Populate volume with data from the target."
type: "boolean"
default: false
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
DriverConfig:
description: "Map of driver specific options"
type: "object"
properties:
Name:
description: "Name of the driver to use to create the volume."
type: "string"
Options:
description: "key/value map of driver specific options."
type: "object"
additionalProperties:
type: "string"
TmpfsOptions:
description: "Optional configuration for the `tmpfs` type."
type: "object"
properties:
SizeBytes:
description: "The size for the tmpfs mount in bytes."
type: "integer"
format: "int64"
Mode:
description: "The permission mode for the tmpfs mount in an integer."
type: "integer"
RestartPolicy:
description: |
The behavior to apply when the container exits. The default is not to
restart.
An ever increasing delay (double the previous delay, starting at 100ms) is
added before each restart to prevent flooding the server.
type: "object"
properties:
Name:
type: "string"
description: |
- Empty string means not to restart
- `no` Do not automatically restart
- `always` Always restart
- `unless-stopped` Restart always except when the user has manually stopped the container
- `on-failure` Restart only when the container exit code is non-zero
enum:
- ""
- "no"
- "always"
- "unless-stopped"
- "on-failure"
MaximumRetryCount:
type: "integer"
description: |
If `on-failure` is used, the number of times to retry before giving up.
Resources:
description: "A container's resources (cgroups config, ulimits, etc)"
type: "object"
properties:
# Applicable to all platforms
CpuShares:
description: |
An integer value representing this container's relative CPU weight
versus other containers.
type: "integer"
Memory:
description: "Memory limit in bytes."
type: "integer"
format: "int64"
default: 0
# Applicable to UNIX platforms
CgroupParent:
description: |
Path to `cgroups` under which the container's `cgroup` is created. If
the path is not absolute, the path is considered to be relative to the
`cgroups` path of the init process. Cgroups are created if they do not
already exist.
type: "string"
BlkioWeight:
description: "Block IO weight (relative weight)."
type: "integer"
minimum: 0
maximum: 1000
BlkioWeightDevice:
description: |
Block IO weight (relative device weight) in the form:
```
[{"Path": "device_path", "Weight": weight}]
```
type: "array"
items:
type: "object"
properties:
Path:
type: "string"
Weight:
type: "integer"
minimum: 0
BlkioDeviceReadBps:
description: |
Limit read rate (bytes per second) from a device, in the form:
```
[{"Path": "device_path", "Rate": rate}]
```
type: "array"
items:
$ref: "#/definitions/ThrottleDevice"
BlkioDeviceWriteBps:
description: |
Limit write rate (bytes per second) to a device, in the form:
```
[{"Path": "device_path", "Rate": rate}]
```
type: "array"
items:
$ref: "#/definitions/ThrottleDevice"
BlkioDeviceReadIOps:
description: |
Limit read rate (IO per second) from a device, in the form:
```
[{"Path": "device_path", "Rate": rate}]
```
type: "array"
items:
$ref: "#/definitions/ThrottleDevice"
BlkioDeviceWriteIOps:
description: |
Limit write rate (IO per second) to a device, in the form:
```
[{"Path": "device_path", "Rate": rate}]
```
type: "array"
items:
$ref: "#/definitions/ThrottleDevice"
CpuPeriod:
description: "The length of a CPU period in microseconds."
type: "integer"
format: "int64"
CpuQuota:
description: |
Microseconds of CPU time that the container can get in a CPU period.
type: "integer"
format: "int64"
CpuRealtimePeriod:
description: |
The length of a CPU real-time period in microseconds. Set to 0 to
allocate no time allocated to real-time tasks.
type: "integer"
format: "int64"
CpuRealtimeRuntime:
description: |
The length of a CPU real-time runtime in microseconds. Set to 0 to
allocate no time allocated to real-time tasks.
type: "integer"
format: "int64"
CpusetCpus:
description: |
CPUs in which to allow execution (e.g., `0-3`, `0,1`).
type: "string"
example: "0-3"
CpusetMems:
description: |
Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only
effective on NUMA systems.
type: "string"
Devices:
description: "A list of devices to add to the container."
type: "array"
items:
$ref: "#/definitions/DeviceMapping"
DeviceCgroupRules:
description: "a list of cgroup rules to apply to the container"
type: "array"
items:
type: "string"
example: "c 13:* rwm"
DeviceRequests:
description: |
A list of requests for devices to be sent to device drivers.
type: "array"
items:
$ref: "#/definitions/DeviceRequest"
KernelMemoryTCP:
description: |
Hard limit for kernel TCP buffer memory (in bytes). Depending on the
OCI runtime in use, this option may be ignored. It is no longer supported
by the default (runc) runtime.
This field is omitted when empty.
type: "integer"
format: "int64"
MemoryReservation:
description: "Memory soft limit in bytes."
type: "integer"
format: "int64"
MemorySwap:
description: |
Total memory limit (memory + swap). Set as `-1` to enable unlimited
swap.
type: "integer"
format: "int64"
MemorySwappiness:
description: |
Tune a container's memory swappiness behavior. Accepts an integer
between 0 and 100.
type: "integer"
format: "int64"
minimum: 0
maximum: 100
NanoCpus:
description: "CPU quota in units of 10<sup>-9</sup> CPUs."
type: "integer"
format: "int64"
OomKillDisable:
description: "Disable OOM Killer for the container."
type: "boolean"
Init:
description: |
Run an init inside the container that forwards signals and reaps
processes. This field is omitted if empty, and the default (as
configured on the daemon) is used.
type: "boolean"
x-nullable: true
PidsLimit:
description: |
Tune a container's PIDs limit. Set `0` or `-1` for unlimited, or `null`
to not change.
type: "integer"
format: "int64"
x-nullable: true
Ulimits:
description: |
A list of resource limits to set in the container. For example:
```
{"Name": "nofile", "Soft": 1024, "Hard": 2048}
```
type: "array"
items:
type: "object"
properties:
Name:
description: "Name of ulimit"
type: "string"
Soft:
description: "Soft limit"
type: "integer"
Hard:
description: "Hard limit"
type: "integer"
# Applicable to Windows
CpuCount:
description: |
The number of usable CPUs (Windows only).
On Windows Server containers, the processor resource controls are
mutually exclusive. The order of precedence is `CPUCount` first, then
`CPUShares`, and `CPUPercent` last.
type: "integer"
format: "int64"
CpuPercent:
description: |
The usable percentage of the available CPUs (Windows only).
On Windows Server containers, the processor resource controls are
mutually exclusive. The order of precedence is `CPUCount` first, then
`CPUShares`, and `CPUPercent` last.
type: "integer"
format: "int64"
IOMaximumIOps:
description: "Maximum IOps for the container system drive (Windows only)"
type: "integer"
format: "int64"
IOMaximumBandwidth:
description: |
Maximum IO in bytes per second for the container system drive
(Windows only).
type: "integer"
format: "int64"
Limit:
description: |
An object describing a limit on resources which can be requested by a task.
type: "object"
properties:
NanoCPUs:
type: "integer"
format: "int64"
example: 4000000000
MemoryBytes:
type: "integer"
format: "int64"
example: 8272408576
Pids:
description: |
Limits the maximum number of PIDs in the container. Set `0` for unlimited.
type: "integer"
format: "int64"
default: 0
example: 100
ResourceObject:
description: |
An object describing the resources which can be advertised by a node and
requested by a task.
type: "object"
properties:
NanoCPUs:
type: "integer"
format: "int64"
example: 4000000000
MemoryBytes:
type: "integer"
format: "int64"
example: 8272408576
GenericResources:
$ref: "#/definitions/GenericResources"
GenericResources:
description: |
User-defined resources can be either Integer resources (e.g, `SSD=3`) or
String resources (e.g, `GPU=UUID1`).
type: "array"
items:
type: "object"
properties:
NamedResourceSpec:
type: "object"
properties:
Kind:
type: "string"
Value:
type: "string"
DiscreteResourceSpec:
type: "object"
properties:
Kind:
type: "string"
Value:
type: "integer"
format: "int64"
example:
- DiscreteResourceSpec:
Kind: "SSD"
Value: 3
- NamedResourceSpec:
Kind: "GPU"
Value: "UUID1"
- NamedResourceSpec:
Kind: "GPU"
Value: "UUID2"
HealthConfig:
description: "A test to perform to check that the container is healthy."
type: "object"
properties:
Test:
description: |
The test to perform. Possible values are:
- `[]` inherit healthcheck from image or parent image
- `["NONE"]` disable healthcheck
- `["CMD", args...]` exec arguments directly
- `["CMD-SHELL", command]` run command with system's default shell
type: "array"
items:
type: "string"
Interval:
description: |
The time to wait between checks in nanoseconds. It should be 0 or at
least 1000000 (1 ms). 0 means inherit.
type: "integer"
format: "int64"
Timeout:
description: |
The time to wait before considering the check to have hung. It should
be 0 or at least 1000000 (1 ms). 0 means inherit.
type: "integer"
format: "int64"
Retries:
description: |
The number of consecutive failures needed to consider a container as
unhealthy. 0 means inherit.
type: "integer"
StartPeriod:
description: |
Start period for the container to initialize before starting
health-retries countdown in nanoseconds. It should be 0 or at least
1000000 (1 ms). 0 means inherit.
type: "integer"
format: "int64"
Health:
description: |
Health stores information about the container's healthcheck results.
type: "object"
x-nullable: true
properties:
Status:
description: |
Status is one of `none`, `starting`, `healthy` or `unhealthy`
- "none" Indicates there is no healthcheck
- "starting" Starting indicates that the container is not yet ready
- "healthy" Healthy indicates that the container is running correctly
- "unhealthy" Unhealthy indicates that the container has a problem
type: "string"
enum:
- "none"
- "starting"
- "healthy"
- "unhealthy"
example: "healthy"
FailingStreak:
description: "FailingStreak is the number of consecutive failures"
type: "integer"
example: 0
Log:
type: "array"
description: |
Log contains the last few results (oldest first)
items:
$ref: "#/definitions/HealthcheckResult"
HealthcheckResult:
description: |
HealthcheckResult stores information about a single run of a healthcheck probe
type: "object"
x-nullable: true
properties:
Start:
description: |
Date and time at which this check started in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "date-time"
example: "2020-01-04T10:44:24.496525531Z"
End:
description: |
Date and time at which this check ended in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "dateTime"
example: "2020-01-04T10:45:21.364524523Z"
ExitCode:
description: |
ExitCode meanings:
- `0` healthy
- `1` unhealthy
- `2` reserved (considered unhealthy)
- other values: error running probe
type: "integer"
example: 0
Output:
description: "Output from last check"
type: "string"
HostConfig:
description: "Container configuration that depends on the host we are running on"
allOf:
- $ref: "#/definitions/Resources"
- type: "object"
properties:
# Applicable to all platforms
Binds:
type: "array"
description: |
A list of volume bindings for this container. Each volume binding
is a string in one of these forms:
- `host-src:container-dest[:options]` to bind-mount a host path
into the container. Both `host-src`, and `container-dest` must
be an _absolute_ path.
- `volume-name:container-dest[:options]` to bind-mount a volume
managed by a volume driver into the container. `container-dest`
must be an _absolute_ path.
`options` is an optional, comma-delimited list of:
- `nocopy` disables automatic copying of data from the container
path to the volume. The `nocopy` flag only applies to named volumes.
- `[ro|rw]` mounts a volume read-only or read-write, respectively.
If omitted or set to `rw`, volumes are mounted read-write.
- `[z|Z]` applies SELinux labels to allow or deny multiple containers
to read and write to the same volume.
- `z`: a _shared_ content label is applied to the content. This
label indicates that multiple containers can share the volume
content, for both reading and writing.
- `Z`: a _private unshared_ label is applied to the content.
This label indicates that only the current container can use
a private volume. Labeling systems such as SELinux require
proper labels to be placed on volume content that is mounted
into a container. Without a label, the security system can
prevent a container's processes from using the content. By
default, the labels set by the host operating system are not
modified.
- `[[r]shared|[r]slave|[r]private]` specifies mount
[propagation behavior](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt).
This only applies to bind-mounted volumes, not internal volumes
or named volumes. Mount propagation requires the source mount
point (the location where the source directory is mounted in the
host operating system) to have the correct propagation properties.
For shared volumes, the source mount point must be set to `shared`.
For slave volumes, the mount must be set to either `shared` or
`slave`.
items:
type: "string"
ContainerIDFile:
type: "string"
description: "Path to a file where the container ID is written"
LogConfig:
type: "object"
description: "The logging configuration for this container"
properties:
Type:
type: "string"
enum:
- "json-file"
- "syslog"
- "journald"
- "gelf"
- "fluentd"
- "awslogs"
- "splunk"
- "etwlogs"
- "none"
Config:
type: "object"
additionalProperties:
type: "string"
NetworkMode:
type: "string"
description: |
Network mode to use for this container. Supported standard values
are: `bridge`, `host`, `none`, and `container:<name|id>`. Any
other value is taken as a custom network's name to which this
container should connect to.
PortBindings:
$ref: "#/definitions/PortMap"
RestartPolicy:
$ref: "#/definitions/RestartPolicy"
AutoRemove:
type: "boolean"
description: |
Automatically remove the container when the container's process
exits. This has no effect if `RestartPolicy` is set.
VolumeDriver:
type: "string"
description: "Driver that this container uses to mount volumes."
VolumesFrom:
type: "array"
description: |
A list of volumes to inherit from another container, specified in
the form `<container name>[:<ro|rw>]`.
items:
type: "string"
Mounts:
description: |
Specification for mounts to be added to the container.
type: "array"
items:
$ref: "#/definitions/Mount"
ConsoleSize:
type: "array"
description: |
Initial console size, as an `[height, width]` array.
x-nullable: true
minItems: 2
maxItems: 2
items:
type: "integer"
minimum: 0
# Applicable to UNIX platforms
CapAdd:
type: "array"
description: |
A list of kernel capabilities to add to the container. Conflicts
with option 'Capabilities'.
items:
type: "string"
CapDrop:
type: "array"
description: |
A list of kernel capabilities to drop from the container. Conflicts
with option 'Capabilities'.
items:
type: "string"
CgroupnsMode:
type: "string"
enum:
- "private"
- "host"
description: |
cgroup namespace mode for the container. Possible values are:
- `"private"`: the container runs in its own private cgroup namespace
- `"host"`: use the host system's cgroup namespace
If not specified, the daemon default is used, which can either be `"private"`
or `"host"`, depending on daemon version, kernel support and configuration.
Dns:
type: "array"
description: "A list of DNS servers for the container to use."
items:
type: "string"
DnsOptions:
type: "array"
description: "A list of DNS options."
items:
type: "string"
DnsSearch:
type: "array"
description: "A list of DNS search domains."
items:
type: "string"
ExtraHosts:
type: "array"
description: |
A list of hostnames/IP mappings to add to the container's `/etc/hosts`
file. Specified in the form `["hostname:IP"]`.
items:
type: "string"
GroupAdd:
type: "array"
description: |
A list of additional groups that the container process will run as.
items:
type: "string"
IpcMode:
type: "string"
description: |
IPC sharing mode for the container. Possible values are:
- `"none"`: own private IPC namespace, with /dev/shm not mounted
- `"private"`: own private IPC namespace
- `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
- `"container:<name|id>"`: join another (shareable) container's IPC namespace
- `"host"`: use the host system's IPC namespace
If not specified, daemon default is used, which can either be `"private"`
or `"shareable"`, depending on daemon version and configuration.
Cgroup:
type: "string"
description: "Cgroup to use for the container."
Links:
type: "array"
description: |
A list of links for the container in the form `container_name:alias`.
items:
type: "string"
OomScoreAdj:
type: "integer"
description: |
An integer value containing the score given to the container in
order to tune OOM killer preferences.
example: 500
PidMode:
type: "string"
description: |
Set the PID (Process) Namespace mode for the container. It can be
either:
- `"container:<name|id>"`: joins another container's PID namespace
- `"host"`: use the host's PID namespace inside the container
Privileged:
type: "boolean"
description: "Gives the container full access to the host."
PublishAllPorts:
type: "boolean"
description: |
Allocates an ephemeral host port for all of a container's
exposed ports.
Ports are de-allocated when the container stops and allocated when
the container starts. The allocated port might be changed when
restarting the container.
The port is selected from the ephemeral port range that depends on
the kernel. For example, on Linux the range is defined by
`/proc/sys/net/ipv4/ip_local_port_range`.
ReadonlyRootfs:
type: "boolean"
description: "Mount the container's root filesystem as read only."
SecurityOpt:
type: "array"
description: |
A list of string values to customize labels for MLS systems, such
as SELinux.
items:
type: "string"
StorageOpt:
type: "object"
description: |
Storage driver options for this container, in the form `{"size": "120G"}`.
additionalProperties:
type: "string"
Tmpfs:
type: "object"
description: |
A map of container directories which should be replaced by tmpfs
mounts, and their corresponding mount options. For example:
```
{ "/run": "rw,noexec,nosuid,size=65536k" }
```
additionalProperties:
type: "string"
UTSMode:
type: "string"
description: "UTS namespace to use for the container."
UsernsMode:
type: "string"
description: |
Sets the usernamespace mode for the container when usernamespace
remapping option is enabled.
ShmSize:
type: "integer"
description: |
Size of `/dev/shm` in bytes. If omitted, the system uses 64MB.
minimum: 0
Sysctls:
type: "object"
description: |
A list of kernel parameters (sysctls) to set in the container.
For example:
```
{"net.ipv4.ip_forward": "1"}
```
additionalProperties:
type: "string"
Runtime:
type: "string"
description: "Runtime to use with this container."
# Applicable to Windows
Isolation:
type: "string"
description: |
Isolation technology of the container. (Windows only)
enum:
- "default"
- "process"
- "hyperv"
MaskedPaths:
type: "array"
description: |
The list of paths to be masked inside the container (this overrides
the default set of paths).
items:
type: "string"
ReadonlyPaths:
type: "array"
description: |
The list of paths to be set as read-only inside the container
(this overrides the default set of paths).
items:
type: "string"
ContainerConfig:
description: |
Configuration for a container that is portable between hosts.
When used as `ContainerConfig` field in an image, `ContainerConfig` is an
optional field containing the configuration of the container that was last
committed when creating the image.
Previous versions of Docker builder used this field to store build cache,
and it is not in active use anymore.
type: "object"
properties:
Hostname:
description: |
The hostname to use for the container, as a valid RFC 1123 hostname.
type: "string"
example: "439f4e91bd1d"
Domainname:
description: |
The domain name to use for the container.
type: "string"
User:
description: "The user that commands are run as inside the container."
type: "string"
AttachStdin:
description: "Whether to attach to `stdin`."
type: "boolean"
default: false
AttachStdout:
description: "Whether to attach to `stdout`."
type: "boolean"
default: true
AttachStderr:
description: "Whether to attach to `stderr`."
type: "boolean"
default: true
ExposedPorts:
description: |
An object mapping ports to an empty object in the form:
`{"<port>/<tcp|udp|sctp>": {}}`
type: "object"
x-nullable: true
additionalProperties:
type: "object"
enum:
- {}
default: {}
example: {
"80/tcp": {},
"443/tcp": {}
}
Tty:
description: |
Attach standard streams to a TTY, including `stdin` if it is not closed.
type: "boolean"
default: false
OpenStdin:
description: "Open `stdin`"
type: "boolean"
default: false
StdinOnce:
description: "Close `stdin` after one attached client disconnects"
type: "boolean"
default: false
Env:
description: |
A list of environment variables to set inside the container in the
form `["VAR=value", ...]`. A variable without `=` is removed from the
environment, rather than to have an empty value.
type: "array"
items:
type: "string"
example:
- "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Cmd:
description: |
Command to run specified as a string or an array of strings.
type: "array"
items:
type: "string"
example: ["/bin/sh"]
Healthcheck:
$ref: "#/definitions/HealthConfig"
ArgsEscaped:
description: "Command is already escaped (Windows only)"
type: "boolean"
default: false
example: false
x-nullable: true
Image:
description: |
The name (or reference) of the image to use when creating the container,
or which was used when the container was created.
type: "string"
example: "example-image:1.0"
Volumes:
description: |
An object mapping mount point paths inside the container to empty
objects.
type: "object"
additionalProperties:
type: "object"
enum:
- {}
default: {}
WorkingDir:
description: "The working directory for commands to run in."
type: "string"
example: "/public/"
Entrypoint:
description: |
The entry point for the container as a string or an array of strings.
If the array consists of exactly one empty string (`[""]`) then the
entry point is reset to system default (i.e., the entry point used by
docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
type: "array"
items:
type: "string"
example: []
NetworkDisabled:
description: "Disable networking for the container."
type: "boolean"
x-nullable: true
MacAddress:
description: "MAC address of the container."
type: "string"
x-nullable: true
OnBuild:
description: |
`ONBUILD` metadata that were defined in the image's `Dockerfile`.
type: "array"
x-nullable: true
items:
type: "string"
example: []
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
example:
com.example.some-label: "some-value"
com.example.some-other-label: "some-other-value"
StopSignal:
description: |
Signal to stop a container as a string or unsigned integer.
type: "string"
example: "SIGTERM"
x-nullable: true
StopTimeout:
description: "Timeout to stop a container in seconds."
type: "integer"
default: 10
x-nullable: true
Shell:
description: |
Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell.
type: "array"
x-nullable: true
items:
type: "string"
example: ["/bin/sh", "-c"]
NetworkingConfig:
description: |
NetworkingConfig represents the container's networking configuration for
each of its interfaces.
It is used for the networking configs specified in the `docker create`
and `docker network connect` commands.
type: "object"
properties:
EndpointsConfig:
description: |
A mapping of network name to endpoint configuration for that network.
type: "object"
additionalProperties:
$ref: "#/definitions/EndpointSettings"
example:
# putting an example here, instead of using the example values from
# /definitions/EndpointSettings, because containers/create currently
# does not support attaching to multiple networks, so the example request
# would be confusing if it showed that multiple networks can be contained
# in the EndpointsConfig.
# TODO remove once we support multiple networks on container create (see https://github.com/moby/moby/blob/07e6b843594e061f82baa5fa23c2ff7d536c2a05/daemon/create.go#L323)
EndpointsConfig:
isolated_nw:
IPAMConfig:
IPv4Address: "172.20.30.33"
IPv6Address: "2001:db8:abcd::3033"
LinkLocalIPs:
- "169.254.34.68"
- "fe80::3468"
Links:
- "container_1"
- "container_2"
Aliases:
- "server_x"
- "server_y"
NetworkSettings:
description: "NetworkSettings exposes the network settings in the API"
type: "object"
properties:
Bridge:
description: Name of the network's bridge (for example, `docker0`).
type: "string"
example: "docker0"
SandboxID:
description: SandboxID uniquely represents a container's network stack.
type: "string"
example: "9d12daf2c33f5959c8bf90aa513e4f65b561738661003029ec84830cd503a0c3"
HairpinMode:
description: |
Indicates if hairpin NAT should be enabled on the virtual interface.
type: "boolean"
example: false
LinkLocalIPv6Address:
description: IPv6 unicast address using the link-local prefix.
type: "string"
example: "fe80::42:acff:fe11:1"
LinkLocalIPv6PrefixLen:
description: Prefix length of the IPv6 unicast address.
type: "integer"
example: "64"
Ports:
$ref: "#/definitions/PortMap"
SandboxKey:
description: SandboxKey identifies the sandbox
type: "string"
example: "/var/run/docker/netns/8ab54b426c38"
# TODO is SecondaryIPAddresses actually used?
SecondaryIPAddresses:
description: ""
type: "array"
items:
$ref: "#/definitions/Address"
x-nullable: true
# TODO is SecondaryIPv6Addresses actually used?
SecondaryIPv6Addresses:
description: ""
type: "array"
items:
$ref: "#/definitions/Address"
x-nullable: true
# TODO properties below are part of DefaultNetworkSettings, which is
# marked as deprecated since Docker 1.9 and to be removed in Docker v17.12
EndpointID:
description: |
EndpointID uniquely represents a service endpoint in a Sandbox.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "string"
example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
Gateway:
description: |
Gateway address for the default "bridge" network.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "string"
example: "172.17.0.1"
GlobalIPv6Address:
description: |
Global IPv6 address for the default "bridge" network.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "string"
example: "2001:db8::5689"
GlobalIPv6PrefixLen:
description: |
Mask length of the global IPv6 address.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "integer"
example: 64
IPAddress:
description: |
IPv4 address for the default "bridge" network.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "string"
example: "172.17.0.4"
IPPrefixLen:
description: |
Mask length of the IPv4 address.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "integer"
example: 16
IPv6Gateway:
description: |
IPv6 gateway address for this network.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "string"
example: "2001:db8:2::100"
MacAddress:
description: |
MAC address for the container on the default "bridge" network.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "string"
example: "02:42:ac:11:00:04"
Networks:
description: |
Information about all networks that the container is connected to.
type: "object"
additionalProperties:
$ref: "#/definitions/EndpointSettings"
Address:
description: Address represents an IPv4 or IPv6 IP address.
type: "object"
properties:
Addr:
description: IP address.
type: "string"
PrefixLen:
description: Mask length of the IP address.
type: "integer"
PortMap:
description: |
PortMap describes the mapping of container ports to host ports, using the
container's port-number and protocol as key in the format `<port>/<protocol>`,
for example, `80/udp`.
If a container's port is mapped for multiple protocols, separate entries
are added to the mapping table.
type: "object"
additionalProperties:
type: "array"
x-nullable: true
items:
$ref: "#/definitions/PortBinding"
example:
"443/tcp":
- HostIp: "127.0.0.1"
HostPort: "4443"
"80/tcp":
- HostIp: "0.0.0.0"
HostPort: "80"
- HostIp: "0.0.0.0"
HostPort: "8080"
"80/udp":
- HostIp: "0.0.0.0"
HostPort: "80"
"53/udp":
- HostIp: "0.0.0.0"
HostPort: "53"
"2377/tcp": null
PortBinding:
description: |
PortBinding represents a binding between a host IP address and a host
port.
type: "object"
properties:
HostIp:
description: "Host IP address that the container's port is mapped to."
type: "string"
example: "127.0.0.1"
HostPort:
description: "Host port number that the container's port is mapped to."
type: "string"
example: "4443"
GraphDriverData:
description: |
Information about the storage driver used to store the container's and
image's filesystem.
type: "object"
required: [Name, Data]
properties:
Name:
description: "Name of the storage driver."
type: "string"
x-nullable: false
example: "overlay2"
Data:
description: |
Low-level storage metadata, provided as key/value pairs.
This information is driver-specific, and depends on the storage-driver
in use, and should be used for informational purposes only.
type: "object"
x-nullable: false
additionalProperties:
type: "string"
example: {
"MergedDir": "/var/lib/docker/overlay2/ef749362d13333e65fc95c572eb525abbe0052e16e086cb64bc3b98ae9aa6d74/merged",
"UpperDir": "/var/lib/docker/overlay2/ef749362d13333e65fc95c572eb525abbe0052e16e086cb64bc3b98ae9aa6d74/diff",
"WorkDir": "/var/lib/docker/overlay2/ef749362d13333e65fc95c572eb525abbe0052e16e086cb64bc3b98ae9aa6d74/work"
}
ImageInspect:
description: |
Information about an image in the local image cache.
type: "object"
properties:
Id:
description: |
ID is the content-addressable ID of an image.
This identifier is a content-addressable digest calculated from the
image's configuration (which includes the digests of layers used by
the image).
Note that this digest differs from the `RepoDigests` below, which
holds digests of image manifests that reference the image.
type: "string"
x-nullable: false
example: "sha256:ec3f0931a6e6b6855d76b2d7b0be30e81860baccd891b2e243280bf1cd8ad710"
RepoTags:
description: |
List of image names/tags in the local image cache that reference this
image.
Multiple image tags can refer to the same image, and this list may be
empty if no tags reference the image, in which case the image is
"untagged", in which case it can still be referenced by its ID.
type: "array"
items:
type: "string"
example:
- "example:1.0"
- "example:latest"
- "example:stable"
- "internal.registry.example.com:5000/example:1.0"
RepoDigests:
description: |
List of content-addressable digests of locally available image manifests
that the image is referenced from. Multiple manifests can refer to the
same image.
These digests are usually only available if the image was either pulled
from a registry, or if the image was pushed to a registry, which is when
the manifest is generated and its digest calculated.
type: "array"
items:
type: "string"
example:
- "example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb"
- "internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578"
Parent:
description: |
ID of the parent image.
Depending on how the image was created, this field may be empty and
is only set for images that were built/created locally. This field
is empty if the image was pulled from an image registry.
type: "string"
x-nullable: false
example: ""
Comment:
description: |
Optional message that was set when committing or importing the image.
type: "string"
x-nullable: false
example: ""
Created:
description: |
Date and time at which the image was created, formatted in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
x-nullable: false
example: "2022-02-04T21:20:12.497794809Z"
Container:
description: |
The ID of the container that was used to create the image.
Depending on how the image was created, this field may be empty.
type: "string"
x-nullable: false
example: "65974bc86f1770ae4bff79f651ebdbce166ae9aada632ee3fa9af3a264911735"
ContainerConfig:
$ref: "#/definitions/ContainerConfig"
DockerVersion:
description: |
The version of Docker that was used to build the image.
Depending on how the image was created, this field may be empty.
type: "string"
x-nullable: false
example: "20.10.7"
Author:
description: |
Name of the author that was specified when committing the image, or as
specified through MAINTAINER (deprecated) in the Dockerfile.
type: "string"
x-nullable: false
example: ""
Config:
$ref: "#/definitions/ContainerConfig"
Architecture:
description: |
Hardware CPU architecture that the image runs on.
type: "string"
x-nullable: false
example: "arm"
Variant:
description: |
CPU architecture variant (presently ARM-only).
type: "string"
x-nullable: true
example: "v7"
Os:
description: |
Operating System the image is built to run on.
type: "string"
x-nullable: false
example: "linux"
OsVersion:
description: |
Operating System version the image is built to run on (especially
for Windows).
type: "string"
example: ""
x-nullable: true
Size:
description: |
Total size of the image including all layers it is composed of.
type: "integer"
format: "int64"
x-nullable: false
example: 1239828
VirtualSize:
description: |
Total size of the image including all layers it is composed of.
In versions of Docker before v1.10, this field was calculated from
the image itself and all of its parent images. Docker v1.10 and up
store images self-contained, and no longer use a parent-chain, making
this field an equivalent of the Size field.
This field is kept for backward compatibility, but may be removed in
a future version of the API.
type: "integer"
format: "int64"
x-nullable: false
example: 1239828
GraphDriver:
$ref: "#/definitions/GraphDriverData"
RootFS:
description: |
Information about the image's RootFS, including the layer IDs.
type: "object"
required: [Type]
properties:
Type:
type: "string"
x-nullable: false
example: "layers"
Layers:
type: "array"
items:
type: "string"
example:
- "sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6"
- "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
Metadata:
description: |
Additional metadata of the image in the local cache. This information
is local to the daemon, and not part of the image itself.
type: "object"
properties:
LastTagTime:
description: |
Date and time at which the image was last tagged in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
This information is only available if the image was tagged locally,
and omitted otherwise.
type: "string"
format: "dateTime"
example: "2022-02-28T14:40:02.623929178Z"
x-nullable: true
ImageSummary:
type: "object"
required:
- Id
- ParentId
- RepoTags
- RepoDigests
- Created
- Size
- SharedSize
- VirtualSize
- Labels
- Containers
properties:
Id:
description: |
ID is the content-addressable ID of an image.
This identifier is a content-addressable digest calculated from the
image's configuration (which includes the digests of layers used by
the image).
Note that this digest differs from the `RepoDigests` below, which
holds digests of image manifests that reference the image.
type: "string"
x-nullable: false
example: "sha256:ec3f0931a6e6b6855d76b2d7b0be30e81860baccd891b2e243280bf1cd8ad710"
ParentId:
description: |
ID of the parent image.
Depending on how the image was created, this field may be empty and
is only set for images that were built/created locally. This field
is empty if the image was pulled from an image registry.
type: "string"
x-nullable: false
example: ""
RepoTags:
description: |
List of image names/tags in the local image cache that reference this
image.
Multiple image tags can refer to the same image, and this list may be
empty if no tags reference the image, in which case the image is
"untagged", in which case it can still be referenced by its ID.
type: "array"
x-nullable: false
items:
type: "string"
example:
- "example:1.0"
- "example:latest"
- "example:stable"
- "internal.registry.example.com:5000/example:1.0"
RepoDigests:
description: |
List of content-addressable digests of locally available image manifests
that the image is referenced from. Multiple manifests can refer to the
same image.
These digests are usually only available if the image was either pulled
from a registry, or if the image was pushed to a registry, which is when
the manifest is generated and its digest calculated.
type: "array"
x-nullable: false
items:
type: "string"
example:
- "example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb"
- "internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578"
Created:
description: |
Date and time at which the image was created as a Unix timestamp
(number of seconds sinds EPOCH).
type: "integer"
x-nullable: false
example: "1644009612"
Size:
description: |
Total size of the image including all layers it is composed of.
type: "integer"
format: "int64"
x-nullable: false
example: 172064416
SharedSize:
description: |
Total size of image layers that are shared between this image and other
images.
This size is not calculated by default. `-1` indicates that the value
has not been set / calculated.
type: "integer"
format: "int64"
x-nullable: false
example: 1239828
VirtualSize:
description: |
Total size of the image including all layers it is composed of.
In versions of Docker before v1.10, this field was calculated from
the image itself and all of its parent images. Docker v1.10 and up
store images self-contained, and no longer use a parent-chain, making
this field an equivalent of the Size field.
This field is kept for backward compatibility, but may be removed in
a future version of the API.
type: "integer"
format: "int64"
x-nullable: false
example: 172064416
Labels:
description: "User-defined key/value metadata."
type: "object"
x-nullable: false
additionalProperties:
type: "string"
example:
com.example.some-label: "some-value"
com.example.some-other-label: "some-other-value"
Containers:
description: |
Number of containers using this image. Includes both stopped and running
containers.
This size is not calculated by default, and depends on which API endpoint
is used. `-1` indicates that the value has not been set / calculated.
x-nullable: false
type: "integer"
example: 2
AuthConfig:
type: "object"
properties:
username:
type: "string"
password:
type: "string"
email:
type: "string"
serveraddress:
type: "string"
example:
username: "hannibal"
password: "xxxx"
serveraddress: "https://index.docker.io/v1/"
ProcessConfig:
type: "object"
properties:
privileged:
type: "boolean"
user:
type: "string"
tty:
type: "boolean"
entrypoint:
type: "string"
arguments:
type: "array"
items:
type: "string"
Volume:
type: "object"
required: [Name, Driver, Mountpoint, Labels, Scope, Options]
properties:
Name:
type: "string"
description: "Name of the volume."
x-nullable: false
example: "tardis"
Driver:
type: "string"
description: "Name of the volume driver used by the volume."
x-nullable: false
example: "custom"
Mountpoint:
type: "string"
description: "Mount path of the volume on the host."
x-nullable: false
example: "/var/lib/docker/volumes/tardis"
CreatedAt:
type: "string"
format: "dateTime"
description: "Date/Time the volume was created."
example: "2016-06-07T20:31:11.853781916Z"
Status:
type: "object"
description: |
Low-level details about the volume, provided by the volume driver.
Details are returned as a map with key/value pairs:
`{"key":"value","key2":"value2"}`.
The `Status` field is optional, and is omitted if the volume driver
does not support this feature.
additionalProperties:
type: "object"
example:
hello: "world"
Labels:
type: "object"
description: "User-defined key/value metadata."
x-nullable: false
additionalProperties:
type: "string"
example:
com.example.some-label: "some-value"
com.example.some-other-label: "some-other-value"
Scope:
type: "string"
description: |
The level at which the volume exists. Either `global` for cluster-wide,
or `local` for machine level.
default: "local"
x-nullable: false
enum: ["local", "global"]
example: "local"
ClusterVolume:
$ref: "#/definitions/ClusterVolume"
Options:
type: "object"
description: |
The driver specific options used when creating the volume.
additionalProperties:
type: "string"
example:
device: "tmpfs"
o: "size=100m,uid=1000"
type: "tmpfs"
UsageData:
type: "object"
x-nullable: true
x-go-name: "UsageData"
required: [Size, RefCount]
description: |
Usage details about the volume. This information is used by the
`GET /system/df` endpoint, and omitted in other endpoints.
properties:
Size:
type: "integer"
format: "int64"
default: -1
description: |
Amount of disk space used by the volume (in bytes). This information
is only available for volumes created with the `"local"` volume
driver. For volumes created with other volume drivers, this field
is set to `-1` ("not available")
x-nullable: false
RefCount:
type: "integer"
format: "int64"
default: -1
description: |
The number of containers referencing this volume. This field
is set to `-1` if the reference-count is not available.
x-nullable: false
VolumeCreateOptions:
description: "Volume configuration"
type: "object"
title: "VolumeConfig"
x-go-name: "CreateOptions"
properties:
Name:
description: |
The new volume's name. If not specified, Docker generates a name.
type: "string"
x-nullable: false
example: "tardis"
Driver:
description: "Name of the volume driver to use."
type: "string"
default: "local"
x-nullable: false
example: "custom"
DriverOpts:
description: |
A mapping of driver options and values. These options are
passed directly to the driver and are driver specific.
type: "object"
additionalProperties:
type: "string"
example:
device: "tmpfs"
o: "size=100m,uid=1000"
type: "tmpfs"
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
example:
com.example.some-label: "some-value"
com.example.some-other-label: "some-other-value"
ClusterVolumeSpec:
$ref: "#/definitions/ClusterVolumeSpec"
VolumeListResponse:
type: "object"
title: "VolumeListResponse"
x-go-name: "ListResponse"
description: "Volume list response"
properties:
Volumes:
type: "array"
description: "List of volumes"
items:
$ref: "#/definitions/Volume"
Warnings:
type: "array"
description: |
Warnings that occurred when fetching the list of volumes.
items:
type: "string"
example: []
Network:
type: "object"
properties:
Name:
type: "string"
Id:
type: "string"
Created:
type: "string"
format: "dateTime"
Scope:
type: "string"
Driver:
type: "string"
EnableIPv6:
type: "boolean"
IPAM:
$ref: "#/definitions/IPAM"
Internal:
type: "boolean"
Attachable:
type: "boolean"
Ingress:
type: "boolean"
Containers:
type: "object"
additionalProperties:
$ref: "#/definitions/NetworkContainer"
Options:
type: "object"
additionalProperties:
type: "string"
Labels:
type: "object"
additionalProperties:
type: "string"
example:
Name: "net01"
Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
Created: "2016-10-19T04:33:30.360899459Z"
Scope: "local"
Driver: "bridge"
EnableIPv6: false
IPAM:
Driver: "default"
Config:
- Subnet: "172.19.0.0/16"
Gateway: "172.19.0.1"
Options:
foo: "bar"
Internal: false
Attachable: false
Ingress: false
Containers:
19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
Name: "test"
EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
MacAddress: "02:42:ac:13:00:02"
IPv4Address: "172.19.0.2/16"
IPv6Address: ""
Options:
com.docker.network.bridge.default_bridge: "true"
com.docker.network.bridge.enable_icc: "true"
com.docker.network.bridge.enable_ip_masquerade: "true"
com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
com.docker.network.bridge.name: "docker0"
com.docker.network.driver.mtu: "1500"
Labels:
com.example.some-label: "some-value"
com.example.some-other-label: "some-other-value"
IPAM:
type: "object"
properties:
Driver:
description: "Name of the IPAM driver to use."
type: "string"
default: "default"
Config:
description: |
List of IPAM configuration options, specified as a map:
```
{"Subnet": <CIDR>, "IPRange": <CIDR>, "Gateway": <IP address>, "AuxAddress": <device_name:IP address>}
```
type: "array"
items:
$ref: "#/definitions/IPAMConfig"
Options:
description: "Driver-specific options, specified as a map."
type: "object"
additionalProperties:
type: "string"
IPAMConfig:
type: "object"
properties:
Subnet:
type: "string"
IPRange:
type: "string"
Gateway:
type: "string"
AuxiliaryAddresses:
type: "object"
additionalProperties:
type: "string"
NetworkContainer:
type: "object"
properties:
Name:
type: "string"
EndpointID:
type: "string"
MacAddress:
type: "string"
IPv4Address:
type: "string"
IPv6Address:
type: "string"
BuildInfo:
type: "object"
properties:
id:
type: "string"
stream:
type: "string"
error:
type: "string"
errorDetail:
$ref: "#/definitions/ErrorDetail"
status:
type: "string"
progress:
type: "string"
progressDetail:
$ref: "#/definitions/ProgressDetail"
aux:
$ref: "#/definitions/ImageID"
BuildCache:
type: "object"
description: |
BuildCache contains information about a build cache record.
properties:
ID:
type: "string"
description: |
Unique ID of the build cache record.
example: "ndlpt0hhvkqcdfkputsk4cq9c"
Parent:
description: |
ID of the parent build cache record.
> **Deprecated**: This field is deprecated, and omitted if empty.
type: "string"
x-nullable: true
example: ""
Parents:
description: |
List of parent build cache record IDs.
type: "array"
items:
type: "string"
x-nullable: true
example: ["hw53o5aio51xtltp5xjp8v7fx"]
Type:
type: "string"
description: |
Cache record type.
example: "regular"
# see https://github.com/moby/buildkit/blob/fce4a32258dc9d9664f71a4831d5de10f0670677/client/diskusage.go#L75-L84
enum:
- "internal"
- "frontend"
- "source.local"
- "source.git.checkout"
- "exec.cachemount"
- "regular"
Description:
type: "string"
description: |
Description of the build-step that produced the build cache.
example: "mount / from exec /bin/sh -c echo 'Binary::apt::APT::Keep-Downloaded-Packages \"true\";' > /etc/apt/apt.conf.d/keep-cache"
InUse:
type: "boolean"
description: |
Indicates if the build cache is in use.
example: false
Shared:
type: "boolean"
description: |
Indicates if the build cache is shared.
example: true
Size:
description: |
Amount of disk space used by the build cache (in bytes).
type: "integer"
example: 51
CreatedAt:
description: |
Date and time at which the build cache was created in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "dateTime"
example: "2016-08-18T10:44:24.496525531Z"
LastUsedAt:
description: |
Date and time at which the build cache was last used in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "dateTime"
x-nullable: true
example: "2017-08-09T07:09:37.632105588Z"
UsageCount:
type: "integer"
example: 26
ImageID:
type: "object"
description: "Image ID or Digest"
properties:
ID:
type: "string"
example:
ID: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
CreateImageInfo:
type: "object"
properties:
id:
type: "string"
error:
type: "string"
status:
type: "string"
progress:
type: "string"
progressDetail:
$ref: "#/definitions/ProgressDetail"
PushImageInfo:
type: "object"
properties:
error:
type: "string"
status:
type: "string"
progress:
type: "string"
progressDetail:
$ref: "#/definitions/ProgressDetail"
ErrorDetail:
type: "object"
properties:
code:
type: "integer"
message:
type: "string"
ProgressDetail:
type: "object"
properties:
current:
type: "integer"
total:
type: "integer"
ErrorResponse:
description: "Represents an error."
type: "object"
required: ["message"]
properties:
message:
description: "The error message."
type: "string"
x-nullable: false
example:
message: "Something went wrong."
IdResponse:
description: "Response to an API call that returns just an Id"
type: "object"
required: ["Id"]
properties:
Id:
description: "The id of the newly created object."
type: "string"
x-nullable: false
EndpointSettings:
description: "Configuration for a network endpoint."
type: "object"
properties:
# Configurations
IPAMConfig:
$ref: "#/definitions/EndpointIPAMConfig"
Links:
type: "array"
items:
type: "string"
example:
- "container_1"
- "container_2"
Aliases:
type: "array"
items:
type: "string"
example:
- "server_x"
- "server_y"
# Operational data
NetworkID:
description: |
Unique ID of the network.
type: "string"
example: "08754567f1f40222263eab4102e1c733ae697e8e354aa9cd6e18d7402835292a"
EndpointID:
description: |
Unique ID for the service endpoint in a Sandbox.
type: "string"
example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
Gateway:
description: |
Gateway address for this network.
type: "string"
example: "172.17.0.1"
IPAddress:
description: |
IPv4 address.
type: "string"
example: "172.17.0.4"
IPPrefixLen:
description: |
Mask length of the IPv4 address.
type: "integer"
example: 16
IPv6Gateway:
description: |
IPv6 gateway address.
type: "string"
example: "2001:db8:2::100"
GlobalIPv6Address:
description: |
Global IPv6 address.
type: "string"
example: "2001:db8::5689"
GlobalIPv6PrefixLen:
description: |
Mask length of the global IPv6 address.
type: "integer"
format: "int64"
example: 64
MacAddress:
description: |
MAC address for the endpoint on this network.
type: "string"
example: "02:42:ac:11:00:04"
DriverOpts:
description: |
DriverOpts is a mapping of driver options and values. These options
are passed directly to the driver and are driver specific.
type: "object"
x-nullable: true
additionalProperties:
type: "string"
example:
com.example.some-label: "some-value"
com.example.some-other-label: "some-other-value"
EndpointIPAMConfig:
description: |
EndpointIPAMConfig represents an endpoint's IPAM configuration.
type: "object"
x-nullable: true
properties:
IPv4Address:
type: "string"
example: "172.20.30.33"
IPv6Address:
type: "string"
example: "2001:db8:abcd::3033"
LinkLocalIPs:
type: "array"
items:
type: "string"
example:
- "169.254.34.68"
- "fe80::3468"
PluginMount:
type: "object"
x-nullable: false
required: [Name, Description, Settable, Source, Destination, Type, Options]
properties:
Name:
type: "string"
x-nullable: false
example: "some-mount"
Description:
type: "string"
x-nullable: false
example: "This is a mount that's used by the plugin."
Settable:
type: "array"
items:
type: "string"
Source:
type: "string"
example: "/var/lib/docker/plugins/"
Destination:
type: "string"
x-nullable: false
example: "/mnt/state"
Type:
type: "string"
x-nullable: false
example: "bind"
Options:
type: "array"
items:
type: "string"
example:
- "rbind"
- "rw"
PluginDevice:
type: "object"
required: [Name, Description, Settable, Path]
x-nullable: false
properties:
Name:
type: "string"
x-nullable: false
Description:
type: "string"
x-nullable: false
Settable:
type: "array"
items:
type: "string"
Path:
type: "string"
example: "/dev/fuse"
PluginEnv:
type: "object"
x-nullable: false
required: [Name, Description, Settable, Value]
properties:
Name:
x-nullable: false
type: "string"
Description:
x-nullable: false
type: "string"
Settable:
type: "array"
items:
type: "string"
Value:
type: "string"
PluginInterfaceType:
type: "object"
x-nullable: false
required: [Prefix, Capability, Version]
properties:
Prefix:
type: "string"
x-nullable: false
Capability:
type: "string"
x-nullable: false
Version:
type: "string"
x-nullable: false
PluginPrivilege:
description: |
Describes a permission the user has to accept upon installing
the plugin.
type: "object"
x-go-name: "PluginPrivilege"
properties:
Name:
type: "string"
example: "network"
Description:
type: "string"
Value:
type: "array"
items:
type: "string"
example:
- "host"
Plugin:
description: "A plugin for the Engine API"
type: "object"
required: [Settings, Enabled, Config, Name]
properties:
Id:
type: "string"
example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
Name:
type: "string"
x-nullable: false
example: "tiborvass/sample-volume-plugin"
Enabled:
description:
True if the plugin is running. False if the plugin is not running,
only installed.
type: "boolean"
x-nullable: false
example: true
Settings:
description: "Settings that can be modified by users."
type: "object"
x-nullable: false
required: [Args, Devices, Env, Mounts]
properties:
Mounts:
type: "array"
items:
$ref: "#/definitions/PluginMount"
Env:
type: "array"
items:
type: "string"
example:
- "DEBUG=0"
Args:
type: "array"
items:
type: "string"
Devices:
type: "array"
items:
$ref: "#/definitions/PluginDevice"
PluginReference:
description: "plugin remote reference used to push/pull the plugin"
type: "string"
x-nullable: false
example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
Config:
description: "The config of a plugin."
type: "object"
x-nullable: false
required:
- Description
- Documentation
- Interface
- Entrypoint
- WorkDir
- Network
- Linux
- PidHost
- PropagatedMount
- IpcHost
- Mounts
- Env
- Args
properties:
DockerVersion:
description: "Docker Version used to create the plugin"
type: "string"
x-nullable: false
example: "17.06.0-ce"
Description:
type: "string"
x-nullable: false
example: "A sample volume plugin for Docker"
Documentation:
type: "string"
x-nullable: false
example: "https://docs.docker.com/engine/extend/plugins/"
Interface:
description: "The interface between Docker and the plugin"
x-nullable: false
type: "object"
required: [Types, Socket]
properties:
Types:
type: "array"
items:
$ref: "#/definitions/PluginInterfaceType"
example:
- "docker.volumedriver/1.0"
Socket:
type: "string"
x-nullable: false
example: "plugins.sock"
ProtocolScheme:
type: "string"
example: "some.protocol/v1.0"
description: "Protocol to use for clients connecting to the plugin."
enum:
- ""
- "moby.plugins.http/v1"
Entrypoint:
type: "array"
items:
type: "string"
example:
- "/usr/bin/sample-volume-plugin"
- "/data"
WorkDir:
type: "string"
x-nullable: false
example: "/bin/"
User:
type: "object"
x-nullable: false
properties:
UID:
type: "integer"
format: "uint32"
example: 1000
GID:
type: "integer"
format: "uint32"
example: 1000
Network:
type: "object"
x-nullable: false
required: [Type]
properties:
Type:
x-nullable: false
type: "string"
example: "host"
Linux:
type: "object"
x-nullable: false
required: [Capabilities, AllowAllDevices, Devices]
properties:
Capabilities:
type: "array"
items:
type: "string"
example:
- "CAP_SYS_ADMIN"
- "CAP_SYSLOG"
AllowAllDevices:
type: "boolean"
x-nullable: false
example: false
Devices:
type: "array"
items:
$ref: "#/definitions/PluginDevice"
PropagatedMount:
type: "string"
x-nullable: false
example: "/mnt/volumes"
IpcHost:
type: "boolean"
x-nullable: false
example: false
PidHost:
type: "boolean"
x-nullable: false
example: false
Mounts:
type: "array"
items:
$ref: "#/definitions/PluginMount"
Env:
type: "array"
items:
$ref: "#/definitions/PluginEnv"
example:
- Name: "DEBUG"
Description: "If set, prints debug messages"
Settable: null
Value: "0"
Args:
type: "object"
x-nullable: false
required: [Name, Description, Settable, Value]
properties:
Name:
x-nullable: false
type: "string"
example: "args"
Description:
x-nullable: false
type: "string"
example: "command line arguments"
Settable:
type: "array"
items:
type: "string"
Value:
type: "array"
items:
type: "string"
rootfs:
type: "object"
properties:
type:
type: "string"
example: "layers"
diff_ids:
type: "array"
items:
type: "string"
example:
- "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
- "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
ObjectVersion:
description: |
The version number of the object such as node, service, etc. This is needed
to avoid conflicting writes. The client must send the version number along
with the modified specification when updating these objects.
This approach ensures safe concurrency and determinism in that the change
on the object may not be applied if the version number has changed from the
last read. In other words, if two update requests specify the same base
version, only one of the requests can succeed. As a result, two separate
update requests that happen at the same time will not unintentionally
overwrite each other.
type: "object"
properties:
Index:
type: "integer"
format: "uint64"
example: 373531
NodeSpec:
type: "object"
properties:
Name:
description: "Name for the node."
type: "string"
example: "my-node"
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
Role:
description: "Role of the node."
type: "string"
enum:
- "worker"
- "manager"
example: "manager"
Availability:
description: "Availability of the node."
type: "string"
enum:
- "active"
- "pause"
- "drain"
example: "active"
example:
Availability: "active"
Name: "node-name"
Role: "manager"
Labels:
foo: "bar"
Node:
type: "object"
properties:
ID:
type: "string"
example: "24ifsmvkjbyhk"
Version:
$ref: "#/definitions/ObjectVersion"
CreatedAt:
description: |
Date and time at which the node was added to the swarm in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "dateTime"
example: "2016-08-18T10:44:24.496525531Z"
UpdatedAt:
description: |
Date and time at which the node was last updated in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "dateTime"
example: "2017-08-09T07:09:37.632105588Z"
Spec:
$ref: "#/definitions/NodeSpec"
Description:
$ref: "#/definitions/NodeDescription"
Status:
$ref: "#/definitions/NodeStatus"
ManagerStatus:
$ref: "#/definitions/ManagerStatus"
NodeDescription:
description: |
NodeDescription encapsulates the properties of the Node as reported by the
agent.
type: "object"
properties:
Hostname:
type: "string"
example: "bf3067039e47"
Platform:
$ref: "#/definitions/Platform"
Resources:
$ref: "#/definitions/ResourceObject"
Engine:
$ref: "#/definitions/EngineDescription"
TLSInfo:
$ref: "#/definitions/TLSInfo"
Platform:
description: |
Platform represents the platform (Arch/OS).
type: "object"
properties:
Architecture:
description: |
Architecture represents the hardware architecture (for example,
`x86_64`).
type: "string"
example: "x86_64"
OS:
description: |
OS represents the Operating System (for example, `linux` or `windows`).
type: "string"
example: "linux"
EngineDescription:
description: "EngineDescription provides information about an engine."
type: "object"
properties:
EngineVersion:
type: "string"
example: "17.06.0"
Labels:
type: "object"
additionalProperties:
type: "string"
example:
foo: "bar"
Plugins:
type: "array"
items:
type: "object"
properties:
Type:
type: "string"
Name:
type: "string"
example:
- Type: "Log"
Name: "awslogs"
- Type: "Log"
Name: "fluentd"
- Type: "Log"
Name: "gcplogs"
- Type: "Log"
Name: "gelf"
- Type: "Log"
Name: "journald"
- Type: "Log"
Name: "json-file"
- Type: "Log"
Name: "logentries"
- Type: "Log"
Name: "splunk"
- Type: "Log"
Name: "syslog"
- Type: "Network"
Name: "bridge"
- Type: "Network"
Name: "host"
- Type: "Network"
Name: "ipvlan"
- Type: "Network"
Name: "macvlan"
- Type: "Network"
Name: "null"
- Type: "Network"
Name: "overlay"
- Type: "Volume"
Name: "local"
- Type: "Volume"
Name: "localhost:5000/vieux/sshfs:latest"
- Type: "Volume"
Name: "vieux/sshfs:latest"
TLSInfo:
description: |
Information about the issuer of leaf TLS certificates and the trusted root
CA certificate.
type: "object"
properties:
TrustRoot:
description: |
The root CA certificate(s) that are used to validate leaf TLS
certificates.
type: "string"
CertIssuerSubject:
description:
The base64-url-safe-encoded raw subject bytes of the issuer.
type: "string"
CertIssuerPublicKey:
description: |
The base64-url-safe-encoded raw public key bytes of the issuer.
type: "string"
example:
TrustRoot: |
-----BEGIN CERTIFICATE-----
MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
-----END CERTIFICATE-----
CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
NodeStatus:
description: |
NodeStatus represents the status of a node.
It provides the current status of the node, as seen by the manager.
type: "object"
properties:
State:
$ref: "#/definitions/NodeState"
Message:
type: "string"
example: ""
Addr:
description: "IP address of the node."
type: "string"
example: "172.17.0.2"
NodeState:
description: "NodeState represents the state of a node."
type: "string"
enum:
- "unknown"
- "down"
- "ready"
- "disconnected"
example: "ready"
ManagerStatus:
description: |
ManagerStatus represents the status of a manager.
It provides the current status of a node's manager component, if the node
is a manager.
x-nullable: true
type: "object"
properties:
Leader:
type: "boolean"
default: false
example: true
Reachability:
$ref: "#/definitions/Reachability"
Addr:
description: |
The IP address and port at which the manager is reachable.
type: "string"
example: "10.0.0.46:2377"
Reachability:
description: "Reachability represents the reachability of a node."
type: "string"
enum:
- "unknown"
- "unreachable"
- "reachable"
example: "reachable"
SwarmSpec:
description: "User modifiable swarm configuration."
type: "object"
properties:
Name:
description: "Name of the swarm."
type: "string"
example: "default"
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
example:
com.example.corp.type: "production"
com.example.corp.department: "engineering"
Orchestration:
description: "Orchestration configuration."
type: "object"
x-nullable: true
properties:
TaskHistoryRetentionLimit:
description: |
The number of historic tasks to keep per instance or node. If
negative, never remove completed or failed tasks.
type: "integer"
format: "int64"
example: 10
Raft:
description: "Raft configuration."
type: "object"
properties:
SnapshotInterval:
description: "The number of log entries between snapshots."
type: "integer"
format: "uint64"
example: 10000
KeepOldSnapshots:
description: |
The number of snapshots to keep beyond the current snapshot.
type: "integer"
format: "uint64"
LogEntriesForSlowFollowers:
description: |
The number of log entries to keep around to sync up slow followers
after a snapshot is created.
type: "integer"
format: "uint64"
example: 500
ElectionTick:
description: |
The number of ticks that a follower will wait for a message from
the leader before becoming a candidate and starting an election.
`ElectionTick` must be greater than `HeartbeatTick`.
A tick currently defaults to one second, so these translate
directly to seconds currently, but this is NOT guaranteed.
type: "integer"
example: 3
HeartbeatTick:
description: |
The number of ticks between heartbeats. Every HeartbeatTick ticks,
the leader will send a heartbeat to the followers.
A tick currently defaults to one second, so these translate
directly to seconds currently, but this is NOT guaranteed.
type: "integer"
example: 1
Dispatcher:
description: "Dispatcher configuration."
type: "object"
x-nullable: true
properties:
HeartbeatPeriod:
description: |
The delay for an agent to send a heartbeat to the dispatcher.
type: "integer"
format: "int64"
example: 5000000000
CAConfig:
description: "CA configuration."
type: "object"
x-nullable: true
properties:
NodeCertExpiry:
description: "The duration node certificates are issued for."
type: "integer"
format: "int64"
example: 7776000000000000
ExternalCAs:
description: |
Configuration for forwarding signing requests to an external
certificate authority.
type: "array"
items:
type: "object"
properties:
Protocol:
description: |
Protocol for communication with the external CA (currently
only `cfssl` is supported).
type: "string"
enum:
- "cfssl"
default: "cfssl"
URL:
description: |
URL where certificate signing requests should be sent.
type: "string"
Options:
description: |
An object with key/value pairs that are interpreted as
protocol-specific options for the external CA driver.
type: "object"
additionalProperties:
type: "string"
CACert:
description: |
The root CA certificate (in PEM format) this external CA uses
to issue TLS certificates (assumed to be to the current swarm
root CA certificate if not provided).
type: "string"
SigningCACert:
description: |
The desired signing CA certificate for all swarm node TLS leaf
certificates, in PEM format.
type: "string"
SigningCAKey:
description: |
The desired signing CA key for all swarm node TLS leaf certificates,
in PEM format.
type: "string"
ForceRotate:
description: |
An integer whose purpose is to force swarm to generate a new
signing CA certificate and key, if none have been specified in
`SigningCACert` and `SigningCAKey`
format: "uint64"
type: "integer"
EncryptionConfig:
description: "Parameters related to encryption-at-rest."
type: "object"
properties:
AutoLockManagers:
description: |
If set, generate a key and use it to lock data stored on the
managers.
type: "boolean"
example: false
TaskDefaults:
description: "Defaults for creating tasks in this cluster."
type: "object"
properties:
LogDriver:
description: |
The log driver to use for tasks created in the orchestrator if
unspecified by a service.
Updating this value only affects new tasks. Existing tasks continue
to use their previously configured log driver until recreated.
type: "object"
properties:
Name:
description: |
The log driver to use as a default for new tasks.
type: "string"
example: "json-file"
Options:
description: |
Driver-specific options for the selectd log driver, specified
as key/value pairs.
type: "object"
additionalProperties:
type: "string"
example:
"max-file": "10"
"max-size": "100m"
# The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
# without `JoinTokens`.
ClusterInfo:
description: |
ClusterInfo represents information about the swarm as is returned by the
"/info" endpoint. Join-tokens are not included.
x-nullable: true
type: "object"
properties:
ID:
description: "The ID of the swarm."
type: "string"
example: "abajmipo7b4xz5ip2nrla6b11"
Version:
$ref: "#/definitions/ObjectVersion"
CreatedAt:
description: |
Date and time at which the swarm was initialised in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "dateTime"
example: "2016-08-18T10:44:24.496525531Z"
UpdatedAt:
description: |
Date and time at which the swarm was last updated in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "dateTime"
example: "2017-08-09T07:09:37.632105588Z"
Spec:
$ref: "#/definitions/SwarmSpec"
TLSInfo:
$ref: "#/definitions/TLSInfo"
RootRotationInProgress:
description: |
Whether there is currently a root CA rotation in progress for the swarm
type: "boolean"
example: false
DataPathPort:
description: |
DataPathPort specifies the data path port number for data traffic.
Acceptable port range is 1024 to 49151.
If no port is set or is set to 0, the default port (4789) is used.
type: "integer"
format: "uint32"
default: 4789
example: 4789
DefaultAddrPool:
description: |
Default Address Pool specifies default subnet pools for global scope
networks.
type: "array"
items:
type: "string"
format: "CIDR"
example: ["10.10.0.0/16", "20.20.0.0/16"]
SubnetSize:
description: |
SubnetSize specifies the subnet size of the networks created from the
default subnet pool.
type: "integer"
format: "uint32"
maximum: 29
default: 24
example: 24
JoinTokens:
description: |
JoinTokens contains the tokens workers and managers need to join the swarm.
type: "object"
properties:
Worker:
description: |
The token workers can use to join the swarm.
type: "string"
example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
Manager:
description: |
The token managers can use to join the swarm.
type: "string"
example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
Swarm:
type: "object"
allOf:
- $ref: "#/definitions/ClusterInfo"
- type: "object"
properties:
JoinTokens:
$ref: "#/definitions/JoinTokens"
TaskSpec:
description: "User modifiable task configuration."
type: "object"
properties:
PluginSpec:
type: "object"
description: |
Plugin spec for the service. *(Experimental release only.)*
<p><br /></p>
> **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
> mutually exclusive. PluginSpec is only used when the Runtime field
> is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
> field is set to `attachment`.
properties:
Name:
description: "The name or 'alias' to use for the plugin."
type: "string"
Remote:
description: "The plugin image reference to use."
type: "string"
Disabled:
description: "Disable the plugin once scheduled."
type: "boolean"
PluginPrivilege:
type: "array"
items:
$ref: "#/definitions/PluginPrivilege"
ContainerSpec:
type: "object"
description: |
Container spec for the service.
<p><br /></p>
> **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
> mutually exclusive. PluginSpec is only used when the Runtime field
> is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
> field is set to `attachment`.
properties:
Image:
description: "The image name to use for the container"
type: "string"
Labels:
description: "User-defined key/value data."
type: "object"
additionalProperties:
type: "string"
Command:
description: "The command to be run in the image."
type: "array"
items:
type: "string"
Args:
description: "Arguments to the command."
type: "array"
items:
type: "string"
Hostname:
description: |
The hostname to use for the container, as a valid
[RFC 1123](https://tools.ietf.org/html/rfc1123) hostname.
type: "string"
Env:
description: |
A list of environment variables in the form `VAR=value`.
type: "array"
items:
type: "string"
Dir:
description: "The working directory for commands to run in."
type: "string"
User:
description: "The user inside the container."
type: "string"
Groups:
type: "array"
description: |
A list of additional groups that the container process will run as.
items:
type: "string"
Privileges:
type: "object"
description: "Security options for the container"
properties:
CredentialSpec:
type: "object"
description: "CredentialSpec for managed service account (Windows only)"
properties:
Config:
type: "string"
example: "0bt9dmxjvjiqermk6xrop3ekq"
description: |
Load credential spec from a Swarm Config with the given ID.
The specified config must also be present in the Configs
field with the Runtime property set.
<p><br /></p>
> **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
> and `CredentialSpec.Config` are mutually exclusive.
File:
type: "string"
example: "spec.json"
description: |
Load credential spec from this file. The file is read by
the daemon, and must be present in the `CredentialSpecs`
subdirectory in the docker data directory, which defaults
to `C:\ProgramData\Docker\` on Windows.
For example, specifying `spec.json` loads
`C:\ProgramData\Docker\CredentialSpecs\spec.json`.
<p><br /></p>
> **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
> and `CredentialSpec.Config` are mutually exclusive.
Registry:
type: "string"
description: |
Load credential spec from this value in the Windows
registry. The specified registry value must be located in:
`HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
<p><br /></p>
> **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
> and `CredentialSpec.Config` are mutually exclusive.
SELinuxContext:
type: "object"
description: "SELinux labels of the container"
properties:
Disable:
type: "boolean"
description: "Disable SELinux"
User:
type: "string"
description: "SELinux user label"
Role:
type: "string"
description: "SELinux role label"
Type:
type: "string"
description: "SELinux type label"
Level:
type: "string"
description: "SELinux level label"
TTY:
description: "Whether a pseudo-TTY should be allocated."
type: "boolean"
OpenStdin:
description: "Open `stdin`"
type: "boolean"
ReadOnly:
description: "Mount the container's root filesystem as read only."
type: "boolean"
Mounts:
description: |
Specification for mounts to be added to containers created as part
of the service.
type: "array"
items:
$ref: "#/definitions/Mount"
StopSignal:
description: "Signal to stop the container."
type: "string"
StopGracePeriod:
description: |
Amount of time to wait for the container to terminate before
forcefully killing it.
type: "integer"
format: "int64"
HealthCheck:
$ref: "#/definitions/HealthConfig"
Hosts:
type: "array"
description: |
A list of hostname/IP mappings to add to the container's `hosts`
file. The format of extra hosts is specified in the
[hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
man page:
IP_address canonical_hostname [aliases...]
items:
type: "string"
DNSConfig:
description: |
Specification for DNS related configurations in resolver configuration
file (`resolv.conf`).
type: "object"
properties:
Nameservers:
description: "The IP addresses of the name servers."
type: "array"
items:
type: "string"
Search:
description: "A search list for host-name lookup."
type: "array"
items:
type: "string"
Options:
description: |
A list of internal resolver variables to be modified (e.g.,
`debug`, `ndots:3`, etc.).
type: "array"
items:
type: "string"
Secrets:
description: |
Secrets contains references to zero or more secrets that will be
exposed to the service.
type: "array"
items:
type: "object"
properties:
File:
description: |
File represents a specific target that is backed by a file.
type: "object"
properties:
Name:
description: |
Name represents the final filename in the filesystem.
type: "string"
UID:
description: "UID represents the file UID."
type: "string"
GID:
description: "GID represents the file GID."
type: "string"
Mode:
description: "Mode represents the FileMode of the file."
type: "integer"
format: "uint32"
SecretID:
description: |
SecretID represents the ID of the specific secret that we're
referencing.
type: "string"
SecretName:
description: |
SecretName is the name of the secret that this references,
but this is just provided for lookup/display purposes. The
secret in the reference will be identified by its ID.
type: "string"
Configs:
description: |
Configs contains references to zero or more configs that will be
exposed to the service.
type: "array"
items:
type: "object"
properties:
File:
description: |
File represents a specific target that is backed by a file.
<p><br /><p>
> **Note**: `Configs.File` and `Configs.Runtime` are mutually exclusive
type: "object"
properties:
Name:
description: |
Name represents the final filename in the filesystem.
type: "string"
UID:
description: "UID represents the file UID."
type: "string"
GID:
description: "GID represents the file GID."
type: "string"
Mode:
description: "Mode represents the FileMode of the file."
type: "integer"
format: "uint32"
Runtime:
description: |
Runtime represents a target that is not mounted into the
container but is used by the task
<p><br /><p>
> **Note**: `Configs.File` and `Configs.Runtime` are mutually
> exclusive
type: "object"
ConfigID:
description: |
ConfigID represents the ID of the specific config that we're
referencing.
type: "string"
ConfigName:
description: |
ConfigName is the name of the config that this references,
but this is just provided for lookup/display purposes. The
config in the reference will be identified by its ID.
type: "string"
Isolation:
type: "string"
description: |
Isolation technology of the containers running the service.
(Windows only)
enum:
- "default"
- "process"
- "hyperv"
Init:
description: |
Run an init inside the container that forwards signals and reaps
processes. This field is omitted if empty, and the default (as
configured on the daemon) is used.
type: "boolean"
x-nullable: true
Sysctls:
description: |
Set kernel namedspaced parameters (sysctls) in the container.
The Sysctls option on services accepts the same sysctls as the
are supported on containers. Note that while the same sysctls are
supported, no guarantees or checks are made about their
suitability for a clustered environment, and it's up to the user
to determine whether a given sysctl will work properly in a
Service.
type: "object"
additionalProperties:
type: "string"
# This option is not used by Windows containers
CapabilityAdd:
type: "array"
description: |
A list of kernel capabilities to add to the default set
for the container.
items:
type: "string"
example:
- "CAP_NET_RAW"
- "CAP_SYS_ADMIN"
- "CAP_SYS_CHROOT"
- "CAP_SYSLOG"
CapabilityDrop:
type: "array"
description: |
A list of kernel capabilities to drop from the default set
for the container.
items:
type: "string"
example:
- "CAP_NET_RAW"
Ulimits:
description: |
A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
type: "array"
items:
type: "object"
properties:
Name:
description: "Name of ulimit"
type: "string"
Soft:
description: "Soft limit"
type: "integer"
Hard:
description: "Hard limit"
type: "integer"
NetworkAttachmentSpec:
description: |
Read-only spec type for non-swarm containers attached to swarm overlay
networks.
<p><br /></p>
> **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
> mutually exclusive. PluginSpec is only used when the Runtime field
> is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
> field is set to `attachment`.
type: "object"
properties:
ContainerID:
description: "ID of the container represented by this task"
type: "string"
Resources:
description: |
Resource requirements which apply to each individual container created
as part of the service.
type: "object"
properties:
Limits:
description: "Define resources limits."
$ref: "#/definitions/Limit"
Reservations:
description: "Define resources reservation."
$ref: "#/definitions/ResourceObject"
RestartPolicy:
description: |
Specification for the restart policy which applies to containers
created as part of this service.
type: "object"
properties:
Condition:
description: "Condition for restart."
type: "string"
enum:
- "none"
- "on-failure"
- "any"
Delay:
description: "Delay between restart attempts."
type: "integer"
format: "int64"
MaxAttempts:
description: |
Maximum attempts to restart a given container before giving up
(default value is 0, which is ignored).
type: "integer"
format: "int64"
default: 0
Window:
description: |
Windows is the time window used to evaluate the restart policy
(default value is 0, which is unbounded).
type: "integer"
format: "int64"
default: 0
Placement:
type: "object"
properties:
Constraints:
description: |
An array of constraint expressions to limit the set of nodes where
a task can be scheduled. Constraint expressions can either use a
_match_ (`==`) or _exclude_ (`!=`) rule. Multiple constraints find
nodes that satisfy every expression (AND match). Constraints can
match node or Docker Engine labels as follows:
node attribute | matches | example
---------------------|--------------------------------|-----------------------------------------------
`node.id` | Node ID | `node.id==2ivku8v2gvtg4`
`node.hostname` | Node hostname | `node.hostname!=node-2`
`node.role` | Node role (`manager`/`worker`) | `node.role==manager`
`node.platform.os` | Node operating system | `node.platform.os==windows`
`node.platform.arch` | Node architecture | `node.platform.arch==x86_64`
`node.labels` | User-defined node labels | `node.labels.security==high`
`engine.labels` | Docker Engine's labels | `engine.labels.operatingsystem==ubuntu-14.04`
`engine.labels` apply to Docker Engine labels like operating system,
drivers, etc. Swarm administrators add `node.labels` for operational
purposes by using the [`node update endpoint`](#operation/NodeUpdate).
type: "array"
items:
type: "string"
example:
- "node.hostname!=node3.corp.example.com"
- "node.role!=manager"
- "node.labels.type==production"
- "node.platform.os==linux"
- "node.platform.arch==x86_64"
Preferences:
description: |
Preferences provide a way to make the scheduler aware of factors
such as topology. They are provided in order from highest to
lowest precedence.
type: "array"
items:
type: "object"
properties:
Spread:
type: "object"
properties:
SpreadDescriptor:
description: |
label descriptor, such as `engine.labels.az`.
type: "string"
example:
- Spread:
SpreadDescriptor: "node.labels.datacenter"
- Spread:
SpreadDescriptor: "node.labels.rack"
MaxReplicas:
description: |
Maximum number of replicas for per node (default value is 0, which
is unlimited)
type: "integer"
format: "int64"
default: 0
Platforms:
description: |
Platforms stores all the platforms that the service's image can
run on. This field is used in the platform filter for scheduling.
If empty, then the platform filter is off, meaning there are no
scheduling restrictions.
type: "array"
items:
$ref: "#/definitions/Platform"
ForceUpdate:
description: |
A counter that triggers an update even if no relevant parameters have
been changed.
type: "integer"
Runtime:
description: |
Runtime is the type of runtime specified for the task executor.
type: "string"
Networks:
description: "Specifies which networks the service should attach to."
type: "array"
items:
$ref: "#/definitions/NetworkAttachmentConfig"
LogDriver:
description: |
Specifies the log driver to use for tasks created from this spec. If
not present, the default one for the swarm will be used, finally
falling back to the engine default if not specified.
type: "object"
properties:
Name:
type: "string"
Options:
type: "object"
additionalProperties:
type: "string"
TaskState:
type: "string"
enum:
- "new"
- "allocated"
- "pending"
- "assigned"
- "accepted"
- "preparing"
- "ready"
- "starting"
- "running"
- "complete"
- "shutdown"
- "failed"
- "rejected"
- "remove"
- "orphaned"
Task:
type: "object"
properties:
ID:
description: "The ID of the task."
type: "string"
Version:
$ref: "#/definitions/ObjectVersion"
CreatedAt:
type: "string"
format: "dateTime"
UpdatedAt:
type: "string"
format: "dateTime"
Name:
description: "Name of the task."
type: "string"
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
Spec:
$ref: "#/definitions/TaskSpec"
ServiceID:
description: "The ID of the service this task is part of."
type: "string"
Slot:
type: "integer"
NodeID:
description: "The ID of the node that this task is on."
type: "string"
AssignedGenericResources:
$ref: "#/definitions/GenericResources"
Status:
type: "object"
properties:
Timestamp:
type: "string"
format: "dateTime"
State:
$ref: "#/definitions/TaskState"
Message:
type: "string"
Err:
type: "string"
ContainerStatus:
type: "object"
properties:
ContainerID:
type: "string"
PID:
type: "integer"
ExitCode:
type: "integer"
DesiredState:
$ref: "#/definitions/TaskState"
JobIteration:
description: |
If the Service this Task belongs to is a job-mode service, contains
the JobIteration of the Service this Task was created for. Absent if
the Task was created for a Replicated or Global Service.
$ref: "#/definitions/ObjectVersion"
example:
ID: "0kzzo1i0y4jz6027t0k7aezc7"
Version:
Index: 71
CreatedAt: "2016-06-07T21:07:31.171892745Z"
UpdatedAt: "2016-06-07T21:07:31.376370513Z"
Spec:
ContainerSpec:
Image: "redis"
Resources:
Limits: {}
Reservations: {}
RestartPolicy:
Condition: "any"
MaxAttempts: 0
Placement: {}
ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
Slot: 1
NodeID: "60gvrl6tm78dmak4yl7srz94v"
Status:
Timestamp: "2016-06-07T21:07:31.290032978Z"
State: "running"
Message: "started"
ContainerStatus:
ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
PID: 677
DesiredState: "running"
NetworksAttachments:
- Network:
ID: "4qvuz4ko70xaltuqbt8956gd1"
Version:
Index: 18
CreatedAt: "2016-06-07T20:31:11.912919752Z"
UpdatedAt: "2016-06-07T21:07:29.955277358Z"
Spec:
Name: "ingress"
Labels:
com.docker.swarm.internal: "true"
DriverConfiguration: {}
IPAMOptions:
Driver: {}
Configs:
- Subnet: "10.255.0.0/16"
Gateway: "10.255.0.1"
DriverState:
Name: "overlay"
Options:
com.docker.network.driver.overlay.vxlanid_list: "256"
IPAMOptions:
Driver:
Name: "default"
Configs:
- Subnet: "10.255.0.0/16"
Gateway: "10.255.0.1"
Addresses:
- "10.255.0.10/16"
AssignedGenericResources:
- DiscreteResourceSpec:
Kind: "SSD"
Value: 3
- NamedResourceSpec:
Kind: "GPU"
Value: "UUID1"
- NamedResourceSpec:
Kind: "GPU"
Value: "UUID2"
ServiceSpec:
description: "User modifiable configuration for a service."
type: object
properties:
Name:
description: "Name of the service."
type: "string"
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
TaskTemplate:
$ref: "#/definitions/TaskSpec"
Mode:
description: "Scheduling mode for the service."
type: "object"
properties:
Replicated:
type: "object"
properties:
Replicas:
type: "integer"
format: "int64"
Global:
type: "object"
ReplicatedJob:
description: |
The mode used for services with a finite number of tasks that run
to a completed state.
type: "object"
properties:
MaxConcurrent:
description: |
The maximum number of replicas to run simultaneously.
type: "integer"
format: "int64"
default: 1
TotalCompletions:
description: |
The total number of replicas desired to reach the Completed
state. If unset, will default to the value of `MaxConcurrent`
type: "integer"
format: "int64"
GlobalJob:
description: |
The mode used for services which run a task to the completed state
on each valid node.
type: "object"
UpdateConfig:
description: "Specification for the update strategy of the service."
type: "object"
properties:
Parallelism:
description: |
Maximum number of tasks to be updated in one iteration (0 means
unlimited parallelism).
type: "integer"
format: "int64"
Delay:
description: "Amount of time between updates, in nanoseconds."
type: "integer"
format: "int64"
FailureAction:
description: |
Action to take if an updated task fails to run, or stops running
during the update.
type: "string"
enum:
- "continue"
- "pause"
- "rollback"
Monitor:
description: |
Amount of time to monitor each updated task for failures, in
nanoseconds.
type: "integer"
format: "int64"
MaxFailureRatio:
description: |
The fraction of tasks that may fail during an update before the
failure action is invoked, specified as a floating point number
between 0 and 1.
type: "number"
default: 0
Order:
description: |
The order of operations when rolling out an updated task. Either
the old task is shut down before the new task is started, or the
new task is started before the old task is shut down.
type: "string"
enum:
- "stop-first"
- "start-first"
RollbackConfig:
description: "Specification for the rollback strategy of the service."
type: "object"
properties:
Parallelism:
description: |
Maximum number of tasks to be rolled back in one iteration (0 means
unlimited parallelism).
type: "integer"
format: "int64"
Delay:
description: |
Amount of time between rollback iterations, in nanoseconds.
type: "integer"
format: "int64"
FailureAction:
description: |
Action to take if an rolled back task fails to run, or stops
running during the rollback.
type: "string"
enum:
- "continue"
- "pause"
Monitor:
description: |
Amount of time to monitor each rolled back task for failures, in
nanoseconds.
type: "integer"
format: "int64"
MaxFailureRatio:
description: |
The fraction of tasks that may fail during a rollback before the
failure action is invoked, specified as a floating point number
between 0 and 1.
type: "number"
default: 0
Order:
description: |
The order of operations when rolling back a task. Either the old
task is shut down before the new task is started, or the new task
is started before the old task is shut down.
type: "string"
enum:
- "stop-first"
- "start-first"
Networks:
description: "Specifies which networks the service should attach to."
type: "array"
items:
$ref: "#/definitions/NetworkAttachmentConfig"
EndpointSpec:
$ref: "#/definitions/EndpointSpec"
EndpointPortConfig:
type: "object"
properties:
Name:
type: "string"
Protocol:
type: "string"
enum:
- "tcp"
- "udp"
- "sctp"
TargetPort:
description: "The port inside the container."
type: "integer"
PublishedPort:
description: "The port on the swarm hosts."
type: "integer"
PublishMode:
description: |
The mode in which port is published.
<p><br /></p>
- "ingress" makes the target port accessible on every node,
regardless of whether there is a task for the service running on
that node or not.
- "host" bypasses the routing mesh and publish the port directly on
the swarm node where that service is running.
type: "string"
enum:
- "ingress"
- "host"
default: "ingress"
example: "ingress"
EndpointSpec:
description: "Properties that can be configured to access and load balance a service."
type: "object"
properties:
Mode:
description: |
The mode of resolution to use for internal load balancing between tasks.
type: "string"
enum:
- "vip"
- "dnsrr"
default: "vip"
Ports:
description: |
List of exposed ports that this service is accessible on from the
outside. Ports can only be provided if `vip` resolution mode is used.
type: "array"
items:
$ref: "#/definitions/EndpointPortConfig"
Service:
type: "object"
properties:
ID:
type: "string"
Version:
$ref: "#/definitions/ObjectVersion"
CreatedAt:
type: "string"
format: "dateTime"
UpdatedAt:
type: "string"
format: "dateTime"
Spec:
$ref: "#/definitions/ServiceSpec"
Endpoint:
type: "object"
properties:
Spec:
$ref: "#/definitions/EndpointSpec"
Ports:
type: "array"
items:
$ref: "#/definitions/EndpointPortConfig"
VirtualIPs:
type: "array"
items:
type: "object"
properties:
NetworkID:
type: "string"
Addr:
type: "string"
UpdateStatus:
description: "The status of a service update."
type: "object"
properties:
State:
type: "string"
enum:
- "updating"
- "paused"
- "completed"
StartedAt:
type: "string"
format: "dateTime"
CompletedAt:
type: "string"
format: "dateTime"
Message:
type: "string"
ServiceStatus:
description: |
The status of the service's tasks. Provided only when requested as
part of a ServiceList operation.
type: "object"
properties:
RunningTasks:
description: |
The number of tasks for the service currently in the Running state.
type: "integer"
format: "uint64"
example: 7
DesiredTasks:
description: |
The number of tasks for the service desired to be running.
For replicated services, this is the replica count from the
service spec. For global services, this is computed by taking
count of all tasks for the service with a Desired State other
than Shutdown.
type: "integer"
format: "uint64"
example: 10
CompletedTasks:
description: |
The number of tasks for a job that are in the Completed state.
This field must be cross-referenced with the service type, as the
value of 0 may mean the service is not in a job mode, or it may
mean the job-mode service has no tasks yet Completed.
type: "integer"
format: "uint64"
JobStatus:
description: |
The status of the service when it is in one of ReplicatedJob or
GlobalJob modes. Absent on Replicated and Global mode services. The
JobIteration is an ObjectVersion, but unlike the Service's version,
does not need to be sent with an update request.
type: "object"
properties:
JobIteration:
description: |
JobIteration is a value increased each time a Job is executed,
successfully or otherwise. "Executed", in this case, means the
job as a whole has been started, not that an individual Task has
been launched. A job is "Executed" when its ServiceSpec is
updated. JobIteration can be used to disambiguate Tasks belonging
to different executions of a job. Though JobIteration will
increase with each subsequent execution, it may not necessarily
increase by 1, and so JobIteration should not be used to
$ref: "#/definitions/ObjectVersion"
LastExecution:
description: |
The last time, as observed by the server, that this job was
started.
type: "string"
format: "dateTime"
example:
ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
Version:
Index: 19
CreatedAt: "2016-06-07T21:05:51.880065305Z"
UpdatedAt: "2016-06-07T21:07:29.962229872Z"
Spec:
Name: "hopeful_cori"
TaskTemplate:
ContainerSpec:
Image: "redis"
Resources:
Limits: {}
Reservations: {}
RestartPolicy:
Condition: "any"
MaxAttempts: 0
Placement: {}
ForceUpdate: 0
Mode:
Replicated:
Replicas: 1
UpdateConfig:
Parallelism: 1
Delay: 1000000000
FailureAction: "pause"
Monitor: 15000000000
MaxFailureRatio: 0.15
RollbackConfig:
Parallelism: 1
Delay: 1000000000
FailureAction: "pause"
Monitor: 15000000000
MaxFailureRatio: 0.15
EndpointSpec:
Mode: "vip"
Ports:
-
Protocol: "tcp"
TargetPort: 6379
PublishedPort: 30001
Endpoint:
Spec:
Mode: "vip"
Ports:
-
Protocol: "tcp"
TargetPort: 6379
PublishedPort: 30001
Ports:
-
Protocol: "tcp"
TargetPort: 6379
PublishedPort: 30001
VirtualIPs:
-
NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
Addr: "10.255.0.2/16"
-
NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
Addr: "10.255.0.3/16"
ImageDeleteResponseItem:
type: "object"
properties:
Untagged:
description: "The image ID of an image that was untagged"
type: "string"
Deleted:
description: "The image ID of an image that was deleted"
type: "string"
ServiceUpdateResponse:
type: "object"
properties:
Warnings:
description: "Optional warning messages"
type: "array"
items:
type: "string"
example:
Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
ContainerSummary:
type: "object"
properties:
Id:
description: "The ID of this container"
type: "string"
x-go-name: "ID"
Names:
description: "The names that this container has been given"
type: "array"
items:
type: "string"
Image:
description: "The name of the image used when creating this container"
type: "string"
ImageID:
description: "The ID of the image that this container was created from"
type: "string"
Command:
description: "Command to run when starting the container"
type: "string"
Created:
description: "When the container was created"
type: "integer"
format: "int64"
Ports:
description: "The ports exposed by this container"
type: "array"
items:
$ref: "#/definitions/Port"
SizeRw:
description: "The size of files that have been created or changed by this container"
type: "integer"
format: "int64"
SizeRootFs:
description: "The total size of all the files in this container"
type: "integer"
format: "int64"
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
State:
description: "The state of this container (e.g. `Exited`)"
type: "string"
Status:
description: "Additional human-readable status of this container (e.g. `Exit 0`)"
type: "string"
HostConfig:
type: "object"
properties:
NetworkMode:
type: "string"
NetworkSettings:
description: "A summary of the container's network settings"
type: "object"
properties:
Networks:
type: "object"
additionalProperties:
$ref: "#/definitions/EndpointSettings"
Mounts:
type: "array"
items:
$ref: "#/definitions/MountPoint"
Driver:
description: "Driver represents a driver (network, logging, secrets)."
type: "object"
required: [Name]
properties:
Name:
description: "Name of the driver."
type: "string"
x-nullable: false
example: "some-driver"
Options:
description: "Key/value map of driver-specific options."
type: "object"
x-nullable: false
additionalProperties:
type: "string"
example:
OptionA: "value for driver-specific option A"
OptionB: "value for driver-specific option B"
SecretSpec:
type: "object"
properties:
Name:
description: "User-defined name of the secret."
type: "string"
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
example:
com.example.some-label: "some-value"
com.example.some-other-label: "some-other-value"
Data:
description: |
Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5))
data to store as secret.
This field is only used to _create_ a secret, and is not returned by
other endpoints.
type: "string"
example: ""
Driver:
description: |
Name of the secrets driver used to fetch the secret's value from an
external secret store.
$ref: "#/definitions/Driver"
Templating:
description: |
Templating driver, if applicable
Templating controls whether and how to evaluate the config payload as
a template. If no driver is set, no templating is used.
$ref: "#/definitions/Driver"
Secret:
type: "object"
properties:
ID:
type: "string"
example: "blt1owaxmitz71s9v5zh81zun"
Version:
$ref: "#/definitions/ObjectVersion"
CreatedAt:
type: "string"
format: "dateTime"
example: "2017-07-20T13:55:28.678958722Z"
UpdatedAt:
type: "string"
format: "dateTime"
example: "2017-07-20T13:55:28.678958722Z"
Spec:
$ref: "#/definitions/SecretSpec"
ConfigSpec:
type: "object"
properties:
Name:
description: "User-defined name of the config."
type: "string"
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
Data:
description: |
Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5))
config data.
type: "string"
Templating:
description: |
Templating driver, if applicable
Templating controls whether and how to evaluate the config payload as
a template. If no driver is set, no templating is used.
$ref: "#/definitions/Driver"
Config:
type: "object"
properties:
ID:
type: "string"
Version:
$ref: "#/definitions/ObjectVersion"
CreatedAt:
type: "string"
format: "dateTime"
UpdatedAt:
type: "string"
format: "dateTime"
Spec:
$ref: "#/definitions/ConfigSpec"
ContainerState:
description: |
ContainerState stores container's running state. It's part of ContainerJSONBase
and will be returned by the "inspect" command.
type: "object"
x-nullable: true
properties:
Status:
description: |
String representation of the container state. Can be one of "created",
"running", "paused", "restarting", "removing", "exited", or "dead".
type: "string"
enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
example: "running"
Running:
description: |
Whether this container is running.
Note that a running container can be _paused_. The `Running` and `Paused`
booleans are not mutually exclusive:
When pausing a container (on Linux), the freezer cgroup is used to suspend
all processes in the container. Freezing the process requires the process to
be running. As a result, paused containers are both `Running` _and_ `Paused`.
Use the `Status` field instead to determine if a container's state is "running".
type: "boolean"
example: true
Paused:
description: "Whether this container is paused."
type: "boolean"
example: false
Restarting:
description: "Whether this container is restarting."
type: "boolean"
example: false
OOMKilled:
description: |
Whether a process within this container has been killed because it ran
out of memory since the container was last started.
type: "boolean"
example: false
Dead:
type: "boolean"
example: false
Pid:
description: "The process ID of this container"
type: "integer"
example: 1234
ExitCode:
description: "The last exit code of this container"
type: "integer"
example: 0
Error:
type: "string"
StartedAt:
description: "The time when this container was last started."
type: "string"
example: "2020-01-06T09:06:59.461876391Z"
FinishedAt:
description: "The time when this container last exited."
type: "string"
example: "2020-01-06T09:07:59.461876391Z"
Health:
$ref: "#/definitions/Health"
ContainerCreateResponse:
description: "OK response to ContainerCreate operation"
type: "object"
title: "ContainerCreateResponse"
x-go-name: "CreateResponse"
required: [Id, Warnings]
properties:
Id:
description: "The ID of the created container"
type: "string"
x-nullable: false
example: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
Warnings:
description: "Warnings encountered when creating the container"
type: "array"
x-nullable: false
items:
type: "string"
example: []
ContainerWaitResponse:
description: "OK response to ContainerWait operation"
type: "object"
x-go-name: "WaitResponse"
title: "ContainerWaitResponse"
required: [StatusCode]
properties:
StatusCode:
description: "Exit code of the container"
type: "integer"
format: "int64"
x-nullable: false
Error:
$ref: "#/definitions/ContainerWaitExitError"
ContainerWaitExitError:
description: "container waiting error, if any"
type: "object"
x-go-name: "WaitExitError"
properties:
Message:
description: "Details of an error"
type: "string"
SystemVersion:
type: "object"
description: |
Response of Engine API: GET "/version"
properties:
Platform:
type: "object"
required: [Name]
properties:
Name:
type: "string"
Components:
type: "array"
description: |
Information about system components
items:
type: "object"
x-go-name: ComponentVersion
required: [Name, Version]
properties:
Name:
description: |
Name of the component
type: "string"
example: "Engine"
Version:
description: |
Version of the component
type: "string"
x-nullable: false
example: "19.03.12"
Details:
description: |
Key/value pairs of strings with additional information about the
component. These values are intended for informational purposes
only, and their content is not defined, and not part of the API
specification.
These messages can be printed by the client as information to the user.
type: "object"
x-nullable: true
Version:
description: "The version of the daemon"
type: "string"
example: "19.03.12"
ApiVersion:
description: |
The default (and highest) API version that is supported by the daemon
type: "string"
example: "1.40"
MinAPIVersion:
description: |
The minimum API version that is supported by the daemon
type: "string"
example: "1.12"
GitCommit:
description: |
The Git commit of the source code that was used to build the daemon
type: "string"
example: "48a66213fe"
GoVersion:
description: |
The version Go used to compile the daemon, and the version of the Go
runtime in use.
type: "string"
example: "go1.13.14"
Os:
description: |
The operating system that the daemon is running on ("linux" or "windows")
type: "string"
example: "linux"
Arch:
description: |
The architecture that the daemon is running on
type: "string"
example: "amd64"
KernelVersion:
description: |
The kernel version (`uname -r`) that the daemon is running on.
This field is omitted when empty.
type: "string"
example: "4.19.76-linuxkit"
Experimental:
description: |
Indicates if the daemon is started with experimental features enabled.
This field is omitted when empty / false.
type: "boolean"
example: true
BuildTime:
description: |
The date and time that the daemon was compiled.
type: "string"
example: "2020-06-22T15:49:27.000000000+00:00"
SystemInfo:
type: "object"
properties:
ID:
description: |
Unique identifier of the daemon.
<p><br /></p>
> **Note**: The format of the ID itself is not part of the API, and
> should not be considered stable.
type: "string"
example: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
Containers:
description: "Total number of containers on the host."
type: "integer"
example: 14
ContainersRunning:
description: |
Number of containers with status `"running"`.
type: "integer"
example: 3
ContainersPaused:
description: |
Number of containers with status `"paused"`.
type: "integer"
example: 1
ContainersStopped:
description: |
Number of containers with status `"stopped"`.
type: "integer"
example: 10
Images:
description: |
Total number of images on the host.
Both _tagged_ and _untagged_ (dangling) images are counted.
type: "integer"
example: 508
Driver:
description: "Name of the storage driver in use."
type: "string"
example: "overlay2"
DriverStatus:
description: |
Information specific to the storage driver, provided as
"label" / "value" pairs.
This information is provided by the storage driver, and formatted
in a way consistent with the output of `docker info` on the command
line.
<p><br /></p>
> **Note**: The information returned in this field, including the
> formatting of values and labels, should not be considered stable,
> and may change without notice.
type: "array"
items:
type: "array"
items:
type: "string"
example:
- ["Backing Filesystem", "extfs"]
- ["Supports d_type", "true"]
- ["Native Overlay Diff", "true"]
DockerRootDir:
description: |
Root directory of persistent Docker state.
Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
on Windows.
type: "string"
example: "/var/lib/docker"
Plugins:
$ref: "#/definitions/PluginsInfo"
MemoryLimit:
description: "Indicates if the host has memory limit support enabled."
type: "boolean"
example: true
SwapLimit:
description: "Indicates if the host has memory swap limit support enabled."
type: "boolean"
example: true
KernelMemoryTCP:
description: |
Indicates if the host has kernel memory TCP limit support enabled. This
field is omitted if not supported.
Kernel memory TCP limits are not supported when using cgroups v2, which
does not support the corresponding `memory.kmem.tcp.limit_in_bytes` cgroup.
type: "boolean"
example: true
CpuCfsPeriod:
description: |
Indicates if CPU CFS(Completely Fair Scheduler) period is supported by
the host.
type: "boolean"
example: true
CpuCfsQuota:
description: |
Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by
the host.
type: "boolean"
example: true
CPUShares:
description: |
Indicates if CPU Shares limiting is supported by the host.
type: "boolean"
example: true
CPUSet:
description: |
Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
type: "boolean"
example: true
PidsLimit:
description: "Indicates if the host kernel has PID limit support enabled."
type: "boolean"
example: true
OomKillDisable:
description: "Indicates if OOM killer disable is supported on the host."
type: "boolean"
IPv4Forwarding:
description: "Indicates IPv4 forwarding is enabled."
type: "boolean"
example: true
BridgeNfIptables:
description: "Indicates if `bridge-nf-call-iptables` is available on the host."
type: "boolean"
example: true
BridgeNfIp6tables:
description: "Indicates if `bridge-nf-call-ip6tables` is available on the host."
type: "boolean"
example: true
Debug:
description: |
Indicates if the daemon is running in debug-mode / with debug-level
logging enabled.
type: "boolean"
example: true
NFd:
description: |
The total number of file Descriptors in use by the daemon process.
This information is only returned if debug-mode is enabled.
type: "integer"
example: 64
NGoroutines:
description: |
The number of goroutines that currently exist.
This information is only returned if debug-mode is enabled.
type: "integer"
example: 174
SystemTime:
description: |
Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
format with nano-seconds.
type: "string"
example: "2017-08-08T20:28:29.06202363Z"
LoggingDriver:
description: |
The logging driver to use as a default for new containers.
type: "string"
CgroupDriver:
description: |
The driver to use for managing cgroups.
type: "string"
enum: ["cgroupfs", "systemd", "none"]
default: "cgroupfs"
example: "cgroupfs"
CgroupVersion:
description: |
The version of the cgroup.
type: "string"
enum: ["1", "2"]
default: "1"
example: "1"
NEventsListener:
description: "Number of event listeners subscribed."
type: "integer"
example: 30
KernelVersion:
description: |
Kernel version of the host.
On Linux, this information obtained from `uname`. On Windows this
information is queried from the <kbd>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\</kbd>
registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
type: "string"
example: "4.9.38-moby"
OperatingSystem:
description: |
Name of the host's operating system, for example: "Ubuntu 16.04.2 LTS"
or "Windows Server 2016 Datacenter"
type: "string"
example: "Alpine Linux v3.5"
OSVersion:
description: |
Version of the host's operating system
<p><br /></p>
> **Note**: The information returned in this field, including its
> very existence, and the formatting of values, should not be considered
> stable, and may change without notice.
type: "string"
example: "16.04"
OSType:
description: |
Generic type of the operating system of the host, as returned by the
Go runtime (`GOOS`).
Currently returned values are "linux" and "windows". A full list of
possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
type: "string"
example: "linux"
Architecture:
description: |
Hardware architecture of the host, as returned by the Go runtime
(`GOARCH`).
A full list of possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
type: "string"
example: "x86_64"
NCPU:
description: |
The number of logical CPUs usable by the daemon.
The number of available CPUs is checked by querying the operating
system when the daemon starts. Changes to operating system CPU
allocation after the daemon is started are not reflected.
type: "integer"
example: 4
MemTotal:
description: |
Total amount of physical memory available on the host, in bytes.
type: "integer"
format: "int64"
example: 2095882240
IndexServerAddress:
description: |
Address / URL of the index server that is used for image search,
and as a default for user authentication for Docker Hub and Docker Cloud.
default: "https://index.docker.io/v1/"
type: "string"
example: "https://index.docker.io/v1/"
RegistryConfig:
$ref: "#/definitions/RegistryServiceConfig"
GenericResources:
$ref: "#/definitions/GenericResources"
HttpProxy:
description: |
HTTP-proxy configured for the daemon. This value is obtained from the
[`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
are masked in the API response.
Containers do not automatically inherit this configuration.
type: "string"
example: "http://xxxxx:xxxxx@proxy.corp.example.com:8080"
HttpsProxy:
description: |
HTTPS-proxy configured for the daemon. This value is obtained from the
[`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
are masked in the API response.
Containers do not automatically inherit this configuration.
type: "string"
example: "https://xxxxx:xxxxx@proxy.corp.example.com:4443"
NoProxy:
description: |
Comma-separated list of domain extensions for which no proxy should be
used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
environment variable.
Containers do not automatically inherit this configuration.
type: "string"
example: "*.local, 169.254/16"
Name:
description: "Hostname of the host."
type: "string"
example: "node5.corp.example.com"
Labels:
description: |
User-defined labels (key/value metadata) as set on the daemon.
<p><br /></p>
> **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
> set through the daemon configuration, and _node_ labels, set from a
> manager node in the Swarm. Node labels are not included in this
> field. Node labels can be retrieved using the `/nodes/(id)` endpoint
> on a manager node in the Swarm.
type: "array"
items:
type: "string"
example: ["storage=ssd", "production"]
ExperimentalBuild:
description: |
Indicates if experimental features are enabled on the daemon.
type: "boolean"
example: true
ServerVersion:
description: |
Version string of the daemon.
> **Note**: the [standalone Swarm API](https://docs.docker.com/swarm/swarm-api/)
> returns the Swarm version instead of the daemon version, for example
> `swarm/1.2.8`.
type: "string"
example: "17.06.0-ce"
ClusterStore:
description: |
URL of the distributed storage backend.
The storage backend is used for multihost networking (to store
network and endpoint information) and by the node discovery mechanism.
<p><br /></p>
> **Deprecated**: This field is only propagated when using standalone Swarm
> mode, and overlay networking using an external k/v store. Overlay
> networks with Swarm mode enabled use the built-in raft store, and
> this field will be empty.
type: "string"
example: "consul://consul.corp.example.com:8600/some/path"
ClusterAdvertise:
description: |
The network endpoint that the Engine advertises for the purpose of
node discovery. ClusterAdvertise is a `host:port` combination on which
the daemon is reachable by other hosts.
<p><br /></p>
> **Deprecated**: This field is only propagated when using standalone Swarm
> mode, and overlay networking using an external k/v store. Overlay
> networks with Swarm mode enabled use the built-in raft store, and
> this field will be empty.
type: "string"
example: "node5.corp.example.com:8000"
Runtimes:
description: |
List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
runtimes configured on the daemon. Keys hold the "name" used to
reference the runtime.
The Docker daemon relies on an OCI compliant runtime (invoked via the
`containerd` daemon) as its interface to the Linux kernel namespaces,
cgroups, and SELinux.
The default runtime is `runc`, and automatically configured. Additional
runtimes can be configured by the user and will be listed here.
type: "object"
additionalProperties:
$ref: "#/definitions/Runtime"
default:
runc:
path: "runc"
example:
runc:
path: "runc"
runc-master:
path: "/go/bin/runc"
custom:
path: "/usr/local/bin/my-oci-runtime"
runtimeArgs: ["--debug", "--systemd-cgroup=false"]
DefaultRuntime:
description: |
Name of the default OCI runtime that is used when starting containers.
The default can be overridden per-container at create time.
type: "string"
default: "runc"
example: "runc"
Swarm:
$ref: "#/definitions/SwarmInfo"
LiveRestoreEnabled:
description: |
Indicates if live restore is enabled.
If enabled, containers are kept running when the daemon is shutdown
or upon daemon start if running containers are detected.
type: "boolean"
default: false
example: false
Isolation:
description: |
Represents the isolation technology to use as a default for containers.
The supported values are platform-specific.
If no isolation value is specified on daemon start, on Windows client,
the default is `hyperv`, and on Windows server, the default is `process`.
This option is currently not used on other platforms.
default: "default"
type: "string"
enum:
- "default"
- "hyperv"
- "process"
InitBinary:
description: |
Name and, optional, path of the `docker-init` binary.
If the path is omitted, the daemon searches the host's `$PATH` for the
binary and uses the first result.
type: "string"
example: "docker-init"
ContainerdCommit:
$ref: "#/definitions/Commit"
RuncCommit:
$ref: "#/definitions/Commit"
InitCommit:
$ref: "#/definitions/Commit"
SecurityOptions:
description: |
List of security features that are enabled on the daemon, such as
apparmor, seccomp, SELinux, user-namespaces (userns), and rootless.
Additional configuration options for each security feature may
be present, and are included as a comma-separated list of key/value
pairs.
type: "array"
items:
type: "string"
example:
- "name=apparmor"
- "name=seccomp,profile=default"
- "name=selinux"
- "name=userns"
- "name=rootless"
ProductLicense:
description: |
Reports a summary of the product license on the daemon.
If a commercial license has been applied to the daemon, information
such as number of nodes, and expiration are included.
type: "string"
example: "Community Engine"
DefaultAddressPools:
description: |
List of custom default address pools for local networks, which can be
specified in the daemon.json file or dockerd option.
Example: a Base "10.10.0.0/16" with Size 24 will define the set of 256
10.10.[0-255].0/24 address pools.
type: "array"
items:
type: "object"
properties:
Base:
description: "The network address in CIDR format"
type: "string"
example: "10.10.0.0/16"
Size:
description: "The network pool size"
type: "integer"
example: "24"
Warnings:
description: |
List of warnings / informational messages about missing features, or
issues related to the daemon configuration.
These messages can be printed by the client as information to the user.
type: "array"
items:
type: "string"
example:
- "WARNING: No memory limit support"
- "WARNING: bridge-nf-call-iptables is disabled"
- "WARNING: bridge-nf-call-ip6tables is disabled"
# PluginsInfo is a temp struct holding Plugins name
# registered with docker daemon. It is used by Info struct
PluginsInfo:
description: |
Available plugins per type.
<p><br /></p>
> **Note**: Only unmanaged (V1) plugins are included in this list.
> V1 plugins are "lazily" loaded, and are not returned in this list
> if there is no resource using the plugin.
type: "object"
properties:
Volume:
description: "Names of available volume-drivers, and network-driver plugins."
type: "array"
items:
type: "string"
example: ["local"]
Network:
description: "Names of available network-drivers, and network-driver plugins."
type: "array"
items:
type: "string"
example: ["bridge", "host", "ipvlan", "macvlan", "null", "overlay"]
Authorization:
description: "Names of available authorization plugins."
type: "array"
items:
type: "string"
example: ["img-authz-plugin", "hbm"]
Log:
description: "Names of available logging-drivers, and logging-driver plugins."
type: "array"
items:
type: "string"
example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "logentries", "splunk", "syslog"]
RegistryServiceConfig:
description: |
RegistryServiceConfig stores daemon registry services configuration.
type: "object"
x-nullable: true
properties:
AllowNondistributableArtifactsCIDRs:
description: |
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax
([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
from unknown CAs) communication.
By default, local registries (`127.0.0.0/8`) are configured as
insecure. All other registries are secure. Communicating with an
insecure registry is not possible if the daemon assumes that registry
is secure.
This configuration override this behavior, insecure communication with
registries whose resolved IP address is within the subnet described by
the CIDR syntax.
Registries can also be marked insecure by hostname. Those registries
are listed under `IndexConfigs` and have their `Secure` field set to
`false`.
> **Warning**: Using this option can be useful when running a local
> registry, but introduces security vulnerabilities. This option
> should therefore ONLY be used for testing purposes. For increased
> security, users should add their CA to their system's list of trusted
> CAs instead of enabling this option.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
IndexConfigs:
type: "object"
additionalProperties:
$ref: "#/definitions/IndexInfo"
example:
"127.0.0.1:5000":
"Name": "127.0.0.1:5000"
"Mirrors": []
"Secure": false
"Official": false
"[2001:db8:a0b:12f0::1]:80":
"Name": "[2001:db8:a0b:12f0::1]:80"
"Mirrors": []
"Secure": false
"Official": false
"docker.io":
Name: "docker.io"
Mirrors: ["https://hub-mirror.corp.example.com:5000/"]
Secure: true
Official: true
"registry.internal.corp.example.com:3000":
Name: "registry.internal.corp.example.com:3000"
Mirrors: []
Secure: false
Official: false
Mirrors:
description: |
List of registry URLs that act as a mirror for the official
(`docker.io`) registry.
type: "array"
items:
type: "string"
example:
- "https://hub-mirror.corp.example.com:5000/"
- "https://[2001:db8:a0b:12f0::1]/"
IndexInfo:
description:
IndexInfo contains information about a registry.
type: "object"
x-nullable: true
properties:
Name:
description: |
Name of the registry, such as "docker.io".
type: "string"
example: "docker.io"
Mirrors:
description: |
List of mirrors, expressed as URIs.
type: "array"
items:
type: "string"
example:
- "https://hub-mirror.corp.example.com:5000/"
- "https://registry-2.docker.io/"
- "https://registry-3.docker.io/"
Secure:
description: |
Indicates if the registry is part of the list of insecure
registries.
If `false`, the registry is insecure. Insecure registries accept
un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
unknown CAs) communication.
> **Warning**: Insecure registries can be useful when running a local
> registry. However, because its use creates security vulnerabilities
> it should ONLY be enabled for testing purposes. For increased
> security, users should add their CA to their system's list of
> trusted CAs instead of enabling this option.
type: "boolean"
example: true
Official:
description: |
Indicates whether this is an official registry (i.e., Docker Hub / docker.io)
type: "boolean"
example: true
Runtime:
description: |
Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
runtime.
The runtime is invoked by the daemon via the `containerd` daemon. OCI
runtimes act as an interface to the Linux kernel namespaces, cgroups,
and SELinux.
type: "object"
properties:
path:
description: |
Name and, optional, path, of the OCI executable binary.
If the path is omitted, the daemon searches the host's `$PATH` for the
binary and uses the first result.
type: "string"
example: "/usr/local/bin/my-oci-runtime"
runtimeArgs:
description: |
List of command-line arguments to pass to the runtime when invoked.
type: "array"
x-nullable: true
items:
type: "string"
example: ["--debug", "--systemd-cgroup=false"]
Commit:
description: |
Commit holds the Git-commit (SHA1) that a binary was built from, as
reported in the version-string of external tools, such as `containerd`,
or `runC`.
type: "object"
properties:
ID:
description: "Actual commit ID of external tool."
type: "string"
example: "cfb82a876ecc11b5ca0977d1733adbe58599088a"
Expected:
description: |
Commit ID of external tool expected by dockerd as set at build time.
type: "string"
example: "2d41c047c83e09a6d61d464906feb2a2f3c52aa4"
SwarmInfo:
description: |
Represents generic information about swarm.
type: "object"
properties:
NodeID:
description: "Unique identifier of for this node in the swarm."
type: "string"
default: ""
example: "k67qz4598weg5unwwffg6z1m1"
NodeAddr:
description: |
IP address at which this node can be reached by other nodes in the
swarm.
type: "string"
default: ""
example: "10.0.0.46"
LocalNodeState:
$ref: "#/definitions/LocalNodeState"
ControlAvailable:
type: "boolean"
default: false
example: true
Error:
type: "string"
default: ""
RemoteManagers:
description: |
List of ID's and addresses of other managers in the swarm.
type: "array"
default: null
x-nullable: true
items:
$ref: "#/definitions/PeerNode"
example:
- NodeID: "71izy0goik036k48jg985xnds"
Addr: "10.0.0.158:2377"
- NodeID: "79y6h1o4gv8n120drcprv5nmc"
Addr: "10.0.0.159:2377"
- NodeID: "k67qz4598weg5unwwffg6z1m1"
Addr: "10.0.0.46:2377"
Nodes:
description: "Total number of nodes in the swarm."
type: "integer"
x-nullable: true
example: 4
Managers:
description: "Total number of managers in the swarm."
type: "integer"
x-nullable: true
example: 3
Cluster:
$ref: "#/definitions/ClusterInfo"
LocalNodeState:
description: "Current local status of this node."
type: "string"
default: ""
enum:
- ""
- "inactive"
- "pending"
- "active"
- "error"
- "locked"
example: "active"
PeerNode:
description: "Represents a peer-node in the swarm"
type: "object"
properties:
NodeID:
description: "Unique identifier of for this node in the swarm."
type: "string"
Addr:
description: |
IP address and ports at which this node can be reached.
type: "string"
NetworkAttachmentConfig:
description: |
Specifies how a service should be attached to a particular network.
type: "object"
properties:
Target:
description: |
The target network for attachment. Must be a network name or ID.
type: "string"
Aliases:
description: |
Discoverable alternate names for the service on this network.
type: "array"
items:
type: "string"
DriverOpts:
description: |
Driver attachment options for the network target.
type: "object"
additionalProperties:
type: "string"
EventActor:
description: |
Actor describes something that generates events, like a container, network,
or a volume.
type: "object"
properties:
ID:
description: "The ID of the object emitting the event"
type: "string"
example: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
Attributes:
description: |
Various key/value attributes of the object, depending on its type.
type: "object"
additionalProperties:
type: "string"
example:
com.example.some-label: "some-label-value"
image: "alpine:latest"
name: "my-container"
EventMessage:
description: |
EventMessage represents the information an event contains.
type: "object"
title: "SystemEventsResponse"
properties:
Type:
description: "The type of object emitting the event"
type: "string"
enum: ["builder", "config", "container", "daemon", "image", "network", "node", "plugin", "secret", "service", "volume"]
example: "container"
Action:
description: "The type of event"
type: "string"
example: "create"
Actor:
$ref: "#/definitions/EventActor"
scope:
description: |
Scope of the event. Engine events are `local` scope. Cluster (Swarm)
events are `swarm` scope.
type: "string"
enum: ["local", "swarm"]
time:
description: "Timestamp of event"
type: "integer"
format: "int64"
example: 1629574695
timeNano:
description: "Timestamp of event, with nanosecond accuracy"
type: "integer"
format: "int64"
example: 1629574695515050031
OCIDescriptor:
type: "object"
x-go-name: Descriptor
description: |
A descriptor struct containing digest, media type, and size, as defined in
the [OCI Content Descriptors Specification](https://github.com/opencontainers/image-spec/blob/v1.0.1/descriptor.md).
properties:
mediaType:
description: |
The media type of the object this schema refers to.
type: "string"
example: "application/vnd.docker.distribution.manifest.v2+json"
digest:
description: |
The digest of the targeted content.
type: "string"
example: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
size:
description: |
The size in bytes of the blob.
type: "integer"
format: "int64"
example: 3987495
# TODO Not yet including these fields for now, as they are nil / omitted in our response.
# urls:
# description: |
# List of URLs from which this object MAY be downloaded.
# type: "array"
# items:
# type: "string"
# format: "uri"
# annotations:
# description: |
# Arbitrary metadata relating to the targeted content.
# type: "object"
# additionalProperties:
# type: "string"
# platform:
# $ref: "#/definitions/OCIPlatform"
OCIPlatform:
type: "object"
x-go-name: Platform
description: |
Describes the platform which the image in the manifest runs on, as defined
in the [OCI Image Index Specification](https://github.com/opencontainers/image-spec/blob/v1.0.1/image-index.md).
properties:
architecture:
description: |
The CPU architecture, for example `amd64` or `ppc64`.
type: "string"
example: "arm"
os:
description: |
The operating system, for example `linux` or `windows`.
type: "string"
example: "windows"
os.version:
description: |
Optional field specifying the operating system version, for example on
Windows `10.0.19041.1165`.
type: "string"
example: "10.0.19041.1165"
os.features:
description: |
Optional field specifying an array of strings, each listing a required
OS feature (for example on Windows `win32k`).
type: "array"
items:
type: "string"
example:
- "win32k"
variant:
description: |
Optional field specifying a variant of the CPU, for example `v7` to
specify ARMv7 when architecture is `arm`.
type: "string"
example: "v7"
DistributionInspect:
type: "object"
x-go-name: DistributionInspect
title: "DistributionInspectResponse"
required: [Descriptor, Platforms]
description: |
Describes the result obtained from contacting the registry to retrieve
image metadata.
properties:
Descriptor:
$ref: "#/definitions/OCIDescriptor"
Platforms:
type: "array"
description: |
An array containing all platforms supported by the image.
items:
$ref: "#/definitions/OCIPlatform"
ClusterVolume:
type: "object"
description: |
Options and information specific to, and only present on, Swarm CSI
cluster volumes.
properties:
ID:
type: "string"
description: |
The Swarm ID of this volume. Because cluster volumes are Swarm
objects, they have an ID, unlike non-cluster volumes. This ID can
be used to refer to the Volume instead of the name.
Version:
$ref: "#/definitions/ObjectVersion"
CreatedAt:
type: "string"
format: "dateTime"
UpdatedAt:
type: "string"
format: "dateTime"
Spec:
$ref: "#/definitions/ClusterVolumeSpec"
Info:
type: "object"
description: |
Information about the global status of the volume.
properties:
CapacityBytes:
type: "integer"
format: "int64"
description: |
The capacity of the volume in bytes. A value of 0 indicates that
the capacity is unknown.
VolumeContext:
type: "object"
description: |
A map of strings to strings returned from the storage plugin when
the volume is created.
additionalProperties:
type: "string"
VolumeID:
type: "string"
description: |
The ID of the volume as returned by the CSI storage plugin. This
is distinct from the volume's ID as provided by Docker. This ID
is never used by the user when communicating with Docker to refer
to this volume. If the ID is blank, then the Volume has not been
successfully created in the plugin yet.
AccessibleTopology:
type: "array"
description: |
The topology this volume is actually accessible from.
items:
$ref: "#/definitions/Topology"
PublishStatus:
type: "array"
description: |
The status of the volume as it pertains to its publishing and use on
specific nodes
items:
type: "object"
properties:
NodeID:
type: "string"
description: |
The ID of the Swarm node the volume is published on.
State:
type: "string"
description: |
The published state of the volume.
* `pending-publish` The volume should be published to this node, but the call to the controller plugin to do so has not yet been successfully completed.
* `published` The volume is published successfully to the node.
* `pending-node-unpublish` The volume should be unpublished from the node, and the manager is awaiting confirmation from the worker that it has done so.
* `pending-controller-unpublish` The volume is successfully unpublished from the node, but has not yet been successfully unpublished on the controller.
enum:
- "pending-publish"
- "published"
- "pending-node-unpublish"
- "pending-controller-unpublish"
PublishContext:
type: "object"
description: |
A map of strings to strings returned by the CSI controller
plugin when a volume is published.
additionalProperties:
type: "string"
ClusterVolumeSpec:
type: "object"
description: |
Cluster-specific options used to create the volume.
properties:
Group:
type: "string"
description: |
Group defines the volume group of this volume. Volumes belonging to
the same group can be referred to by group name when creating
Services. Referring to a volume by group instructs Swarm to treat
volumes in that group interchangeably for the purpose of scheduling.
Volumes with an empty string for a group technically all belong to
the same, emptystring group.
AccessMode:
type: "object"
description: |
Defines how the volume is used by tasks.
properties:
Scope:
type: "string"
description: |
The set of nodes this volume can be used on at one time.
- `single` The volume may only be scheduled to one node at a time.
- `multi` the volume may be scheduled to any supported number of nodes at a time.
default: "single"
enum: ["single", "multi"]
x-nullable: false
Sharing:
type: "string"
description: |
The number and way that different tasks can use this volume
at one time.
- `none` The volume may only be used by one task at a time.
- `readonly` The volume may be used by any number of tasks, but they all must mount the volume as readonly
- `onewriter` The volume may be used by any number of tasks, but only one may mount it as read/write.
- `all` The volume may have any number of readers and writers.
default: "none"
enum: ["none", "readonly", "onewriter", "all"]
x-nullable: false
MountVolume:
type: "object"
description: |
Options for using this volume as a Mount-type volume.
Either MountVolume or BlockVolume, but not both, must be
present.
properties:
FsType:
type: "string"
description: |
Specifies the filesystem type for the mount volume.
Optional.
MountFlags:
type: "array"
description: |
Flags to pass when mounting the volume. Optional.
items:
type: "string"
BlockVolume:
type: "object"
description: |
Options for using this volume as a Block-type volume.
Intentionally empty.
Secrets:
type: "array"
description: |
Swarm Secrets that are passed to the CSI storage plugin when
operating on this volume.
items:
type: "object"
description: |
One cluster volume secret entry. Defines a key-value pair that
is passed to the plugin.
properties:
Key:
type: "string"
description: |
Key is the name of the key of the key-value pair passed to
the plugin.
Secret:
type: "string"
description: |
Secret is the swarm Secret object from which to read data.
This can be a Secret name or ID. The Secret data is
retrieved by swarm and used as the value of the key-value
pair passed to the plugin.
AccessibilityRequirements:
type: "object"
description: |
Requirements for the accessible topology of the volume. These
fields are optional. For an in-depth description of what these
fields mean, see the CSI specification.
properties:
Requisite:
type: "array"
description: |
A list of required topologies, at least one of which the
volume must be accessible from.
items:
$ref: "#/definitions/Topology"
Preferred:
type: "array"
description: |
A list of topologies that the volume should attempt to be
provisioned in.
items:
$ref: "#/definitions/Topology"
CapacityRange:
type: "object"
description: |
The desired capacity that the volume should be created with. If
empty, the plugin will decide the capacity.
properties:
RequiredBytes:
type: "integer"
format: "int64"
description: |
The volume must be at least this big. The value of 0
indicates an unspecified minimum
LimitBytes:
type: "integer"
format: "int64"
description: |
The volume must not be bigger than this. The value of 0
indicates an unspecified maximum.
Availability:
type: "string"
description: |
The availability of the volume for use in tasks.
- `active` The volume is fully available for scheduling on the cluster
- `pause` No new workloads should use the volume, but existing workloads are not stopped.
- `drain` All workloads using this volume should be stopped and rescheduled, and no new ones should be started.
default: "active"
x-nullable: false
enum:
- "active"
- "pause"
- "drain"
Topology:
description: |
A map of topological domains to topological segments. For in depth
details, see documentation for the Topology object in the CSI
specification.
type: "object"
additionalProperties:
type: "string"
paths:
/containers/json:
get:
summary: "List containers"
description: |
Returns a list of containers. For details on the format, see the
[inspect endpoint](#operation/ContainerInspect).
Note that it uses a different, smaller representation of a container
than inspecting a single container. For example, the list of linked
containers is not propagated .
operationId: "ContainerList"
produces:
- "application/json"
parameters:
- name: "all"
in: "query"
description: |
Return all containers. By default, only running containers are shown.
type: "boolean"
default: false
- name: "limit"
in: "query"
description: |
Return this number of most recently created containers, including
non-running ones.
type: "integer"
- name: "size"
in: "query"
description: |
Return the size of container as fields `SizeRw` and `SizeRootFs`.
type: "boolean"
default: false
- name: "filters"
in: "query"
description: |
Filters to process on the container list, encoded as JSON (a
`map[string][]string`). For example, `{"status": ["paused"]}` will
only return paused containers.
Available filters:
- `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
- `before`=(`<container id>` or `<container name>`)
- `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
- `exited=<int>` containers with exit code of `<int>`
- `health`=(`starting`|`healthy`|`unhealthy`|`none`)
- `id=<ID>` a container's ID
- `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
- `is-task=`(`true`|`false`)
- `label=key` or `label="key=value"` of a container label
- `name=<name>` a container's name
- `network`=(`<network id>` or `<network name>`)
- `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
- `since`=(`<container id>` or `<container name>`)
- `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
- `volume`=(`<volume name>` or `<mount point destination>`)
type: "string"
responses:
200:
description: "no error"
schema:
type: "array"
items:
$ref: "#/definitions/ContainerSummary"
examples:
application/json:
- Id: "8dfafdbc3a40"
Names:
- "/boring_feynman"
Image: "ubuntu:latest"
ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
Command: "echo 1"
Created: 1367854155
State: "Exited"
Status: "Exit 0"
Ports:
- PrivatePort: 2222
PublicPort: 3333
Type: "tcp"
Labels:
com.example.vendor: "Acme"
com.example.license: "GPL"
com.example.version: "1.0"
SizeRw: 12288
SizeRootFs: 0
HostConfig:
NetworkMode: "default"
NetworkSettings:
Networks:
bridge:
NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
EndpointID: "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f"
Gateway: "172.17.0.1"
IPAddress: "172.17.0.2"
IPPrefixLen: 16
IPv6Gateway: ""
GlobalIPv6Address: ""
GlobalIPv6PrefixLen: 0
MacAddress: "02:42:ac:11:00:02"
Mounts:
- Name: "fac362...80535"
Source: "/data"
Destination: "/data"
Driver: "local"
Mode: "ro,Z"
RW: false
Propagation: ""
- Id: "9cd87474be90"
Names:
- "/coolName"
Image: "ubuntu:latest"
ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
Command: "echo 222222"
Created: 1367854155
State: "Exited"
Status: "Exit 0"
Ports: []
Labels: {}
SizeRw: 12288
SizeRootFs: 0
HostConfig:
NetworkMode: "default"
NetworkSettings:
Networks:
bridge:
NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
EndpointID: "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a"
Gateway: "172.17.0.1"
IPAddress: "172.17.0.8"
IPPrefixLen: 16
IPv6Gateway: ""
GlobalIPv6Address: ""
GlobalIPv6PrefixLen: 0
MacAddress: "02:42:ac:11:00:08"
Mounts: []
- Id: "3176a2479c92"
Names:
- "/sleepy_dog"
Image: "ubuntu:latest"
ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
Command: "echo 3333333333333333"
Created: 1367854154
State: "Exited"
Status: "Exit 0"
Ports: []
Labels: {}
SizeRw: 12288
SizeRootFs: 0
HostConfig:
NetworkMode: "default"
NetworkSettings:
Networks:
bridge:
NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
EndpointID: "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d"
Gateway: "172.17.0.1"
IPAddress: "172.17.0.6"
IPPrefixLen: 16
IPv6Gateway: ""
GlobalIPv6Address: ""
GlobalIPv6PrefixLen: 0
MacAddress: "02:42:ac:11:00:06"
Mounts: []
- Id: "4cb07b47f9fb"
Names:
- "/running_cat"
Image: "ubuntu:latest"
ImageID: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82"
Command: "echo 444444444444444444444444444444444"
Created: 1367854152
State: "Exited"
Status: "Exit 0"
Ports: []
Labels: {}
SizeRw: 12288
SizeRootFs: 0
HostConfig:
NetworkMode: "default"
NetworkSettings:
Networks:
bridge:
NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
EndpointID: "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9"
Gateway: "172.17.0.1"
IPAddress: "172.17.0.5"
IPPrefixLen: 16
IPv6Gateway: ""
GlobalIPv6Address: ""
GlobalIPv6PrefixLen: 0
MacAddress: "02:42:ac:11:00:05"
Mounts: []
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["Container"]
/containers/create:
post:
summary: "Create a container"
operationId: "ContainerCreate"
consumes:
- "application/json"
- "application/octet-stream"
produces:
- "application/json"
parameters:
- name: "name"
in: "query"
description: |
Assign the specified name to the container. Must match
`/?[a-zA-Z0-9][a-zA-Z0-9_.-]+`.
type: "string"
pattern: "^/?[a-zA-Z0-9][a-zA-Z0-9_.-]+$"
- name: "platform"
in: "query"
description: |
Platform in the format `os[/arch[/variant]]` used for image lookup.
When specified, the daemon checks if the requested image is present
in the local image cache with the given OS and Architecture, and
otherwise returns a `404` status.
If the option is not set, the host's native OS and Architecture are
used to look up the image in the image cache. However, if no platform
is passed and the given image does exist in the local image cache,
but its OS or architecture does not match, the container is created
with the available image, and a warning is added to the `Warnings`
field in the response, for example;
WARNING: The requested image's platform (linux/arm64/v8) does not
match the detected host platform (linux/amd64) and no
specific platform was requested
type: "string"
default: ""
- name: "body"
in: "body"
description: "Container to create"
schema:
allOf:
- $ref: "#/definitions/ContainerConfig"
- type: "object"
properties:
HostConfig:
$ref: "#/definitions/HostConfig"
NetworkingConfig:
$ref: "#/definitions/NetworkingConfig"
example:
Hostname: ""
Domainname: ""
User: ""
AttachStdin: false
AttachStdout: true
AttachStderr: true
Tty: false
OpenStdin: false
StdinOnce: false
Env:
- "FOO=bar"
- "BAZ=quux"
Cmd:
- "date"
Entrypoint: ""
Image: "ubuntu"
Labels:
com.example.vendor: "Acme"
com.example.license: "GPL"
com.example.version: "1.0"
Volumes:
/volumes/data: {}
WorkingDir: ""
NetworkDisabled: false
MacAddress: "12:34:56:78:9a:bc"
ExposedPorts:
22/tcp: {}
StopSignal: "SIGTERM"
StopTimeout: 10
HostConfig:
Binds:
- "/tmp:/tmp"
Links:
- "redis3:redis"
Memory: 0
MemorySwap: 0
MemoryReservation: 0
NanoCpus: 500000
CpuPercent: 80
CpuShares: 512
CpuPeriod: 100000
CpuRealtimePeriod: 1000000
CpuRealtimeRuntime: 10000
CpuQuota: 50000
CpusetCpus: "0,1"
CpusetMems: "0,1"
MaximumIOps: 0
MaximumIOBps: 0
BlkioWeight: 300
BlkioWeightDevice:
- {}
BlkioDeviceReadBps:
- {}
BlkioDeviceReadIOps:
- {}
BlkioDeviceWriteBps:
- {}
BlkioDeviceWriteIOps:
- {}
DeviceRequests:
- Driver: "nvidia"
Count: -1
DeviceIDs": ["0", "1", "GPU-fef8089b-4820-abfc-e83e-94318197576e"]
Capabilities: [["gpu", "nvidia", "compute"]]
Options:
property1: "string"
property2: "string"
MemorySwappiness: 60
OomKillDisable: false
OomScoreAdj: 500
PidMode: ""
PidsLimit: 0
PortBindings:
22/tcp:
- HostPort: "11022"
PublishAllPorts: false
Privileged: false
ReadonlyRootfs: false
Dns:
- "8.8.8.8"
DnsOptions:
- ""
DnsSearch:
- ""
VolumesFrom:
- "parent"
- "other:ro"
CapAdd:
- "NET_ADMIN"
CapDrop:
- "MKNOD"
GroupAdd:
- "newgroup"
RestartPolicy:
Name: ""
MaximumRetryCount: 0
AutoRemove: true
NetworkMode: "bridge"
Devices: []
Ulimits:
- {}
LogConfig:
Type: "json-file"
Config: {}
SecurityOpt: []
StorageOpt: {}
CgroupParent: ""
VolumeDriver: ""
ShmSize: 67108864
NetworkingConfig:
EndpointsConfig:
isolated_nw:
IPAMConfig:
IPv4Address: "172.20.30.33"
IPv6Address: "2001:db8:abcd::3033"
LinkLocalIPs:
- "169.254.34.68"
- "fe80::3468"
Links:
- "container_1"
- "container_2"
Aliases:
- "server_x"
- "server_y"
required: true
responses:
201:
description: "Container created successfully"
schema:
$ref: "#/definitions/ContainerCreateResponse"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "no such image"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such image: c2ada9df5af8"
409:
description: "conflict"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["Container"]
/containers/{id}/json:
get:
summary: "Inspect a container"
description: "Return low-level information about a container."
operationId: "ContainerInspect"
produces:
- "application/json"
responses:
200:
description: "no error"
schema:
type: "object"
title: "ContainerInspectResponse"
properties:
Id:
description: "The ID of the container"
type: "string"
Created:
description: "The time the container was created"
type: "string"
Path:
description: "The path to the command being run"
type: "string"
Args:
description: "The arguments to the command being run"
type: "array"
items:
type: "string"
State:
$ref: "#/definitions/ContainerState"
Image:
description: "The container's image ID"
type: "string"
ResolvConfPath:
type: "string"
HostnamePath:
type: "string"
HostsPath:
type: "string"
LogPath:
type: "string"
Name:
type: "string"
RestartCount:
type: "integer"
Driver:
type: "string"
Platform:
type: "string"
MountLabel:
type: "string"
ProcessLabel:
type: "string"
AppArmorProfile:
type: "string"
ExecIDs:
description: "IDs of exec instances that are running in the container."
type: "array"
items:
type: "string"
x-nullable: true
HostConfig:
$ref: "#/definitions/HostConfig"
GraphDriver:
$ref: "#/definitions/GraphDriverData"
SizeRw:
description: |
The size of files that have been created or changed by this
container.
type: "integer"
format: "int64"
SizeRootFs:
description: "The total size of all the files in this container."
type: "integer"
format: "int64"
Mounts:
type: "array"
items:
$ref: "#/definitions/MountPoint"
Config:
$ref: "#/definitions/ContainerConfig"
NetworkSettings:
$ref: "#/definitions/NetworkSettings"
examples:
application/json:
AppArmorProfile: ""
Args:
- "-c"
- "exit 9"
Config:
AttachStderr: true
AttachStdin: false
AttachStdout: true
Cmd:
- "/bin/sh"
- "-c"
- "exit 9"
Domainname: ""
Env:
- "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Healthcheck:
Test: ["CMD-SHELL", "exit 0"]
Hostname: "ba033ac44011"
Image: "ubuntu"
Labels:
com.example.vendor: "Acme"
com.example.license: "GPL"
com.example.version: "1.0"
MacAddress: ""
NetworkDisabled: false
OpenStdin: false
StdinOnce: false
Tty: false
User: ""
Volumes:
/volumes/data: {}
WorkingDir: ""
StopSignal: "SIGTERM"
StopTimeout: 10
Created: "2015-01-06T15:47:31.485331387Z"
Driver: "devicemapper"
ExecIDs:
- "b35395de42bc8abd327f9dd65d913b9ba28c74d2f0734eeeae84fa1c616a0fca"
- "3fc1232e5cd20c8de182ed81178503dc6437f4e7ef12b52cc5e8de020652f1c4"
HostConfig:
MaximumIOps: 0
MaximumIOBps: 0
BlkioWeight: 0
BlkioWeightDevice:
- {}
BlkioDeviceReadBps:
- {}
BlkioDeviceWriteBps:
- {}
BlkioDeviceReadIOps:
- {}
BlkioDeviceWriteIOps:
- {}
ContainerIDFile: ""
CpusetCpus: ""
CpusetMems: ""
CpuPercent: 80
CpuShares: 0
CpuPeriod: 100000
CpuRealtimePeriod: 1000000
CpuRealtimeRuntime: 10000
Devices: []
DeviceRequests:
- Driver: "nvidia"
Count: -1
DeviceIDs": ["0", "1", "GPU-fef8089b-4820-abfc-e83e-94318197576e"]
Capabilities: [["gpu", "nvidia", "compute"]]
Options:
property1: "string"
property2: "string"
IpcMode: ""
Memory: 0
MemorySwap: 0
MemoryReservation: 0
OomKillDisable: false
OomScoreAdj: 500
NetworkMode: "bridge"
PidMode: ""
PortBindings: {}
Privileged: false
ReadonlyRootfs: false
PublishAllPorts: false
RestartPolicy:
MaximumRetryCount: 2
Name: "on-failure"
LogConfig:
Type: "json-file"
Sysctls:
net.ipv4.ip_forward: "1"
Ulimits:
- {}
VolumeDriver: ""
ShmSize: 67108864
HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
Id: "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39"
Image: "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2"
MountLabel: ""
Name: "/boring_euclid"
NetworkSettings:
Bridge: ""
SandboxID: ""
HairpinMode: false
LinkLocalIPv6Address: ""
LinkLocalIPv6PrefixLen: 0
SandboxKey: ""
EndpointID: ""
Gateway: ""
GlobalIPv6Address: ""
GlobalIPv6PrefixLen: 0
IPAddress: ""
IPPrefixLen: 0
IPv6Gateway: ""
MacAddress: ""
Networks:
bridge:
NetworkID: "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812"
EndpointID: "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d"
Gateway: "172.17.0.1"
IPAddress: "172.17.0.2"
IPPrefixLen: 16
IPv6Gateway: ""
GlobalIPv6Address: ""
GlobalIPv6PrefixLen: 0
MacAddress: "02:42:ac:12:00:02"
Path: "/bin/sh"
ProcessLabel: ""
ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
RestartCount: 1
State:
Error: ""
ExitCode: 9
FinishedAt: "2015-01-06T15:47:32.080254511Z"
Health:
Status: "healthy"
FailingStreak: 0
Log:
- Start: "2019-12-22T10:59:05.6385933Z"
End: "2019-12-22T10:59:05.8078452Z"
ExitCode: 0
Output: ""
OOMKilled: false
Dead: false
Paused: false
Pid: 0
Restarting: false
Running: true
StartedAt: "2015-01-06T15:47:32.072697474Z"
Status: "running"
Mounts:
- Name: "fac362...80535"
Source: "/data"
Destination: "/data"
Driver: "local"
Mode: "ro,Z"
RW: false
Propagation: ""
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "size"
in: "query"
type: "boolean"
default: false
description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
tags: ["Container"]
/containers/{id}/top:
get:
summary: "List processes running inside a container"
description: |
On Unix systems, this is done by running the `ps` command. This endpoint
is not supported on Windows.
operationId: "ContainerTop"
responses:
200:
description: "no error"
schema:
type: "object"
title: "ContainerTopResponse"
description: "OK response to ContainerTop operation"
properties:
Titles:
description: "The ps column titles"
type: "array"
items:
type: "string"
Processes:
description: |
Each process running in the container, where each is process
is an array of values corresponding to the titles.
type: "array"
items:
type: "array"
items:
type: "string"
examples:
application/json:
Titles:
- "UID"
- "PID"
- "PPID"
- "C"
- "STIME"
- "TTY"
- "TIME"
- "CMD"
Processes:
-
- "root"
- "13642"
- "882"
- "0"
- "17:03"
- "pts/0"
- "00:00:00"
- "/bin/bash"
-
- "root"
- "13735"
- "13642"
- "0"
- "17:06"
- "pts/0"
- "00:00:00"
- "sleep 10"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "ps_args"
in: "query"
description: "The arguments to pass to `ps`. For example, `aux`"
type: "string"
default: "-ef"
tags: ["Container"]
/containers/{id}/logs:
get:
summary: "Get container logs"
description: |
Get `stdout` and `stderr` logs from a container.
Note: This endpoint works only for containers with the `json-file` or
`journald` logging driver.
produces:
- "application/vnd.docker.raw-stream"
- "application/vnd.docker.multiplexed-stream"
operationId: "ContainerLogs"
responses:
200:
description: |
logs returned as a stream in response body.
For the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
Note that unlike the attach endpoint, the logs endpoint does not
upgrade the connection and does not set Content-Type.
schema:
type: "string"
format: "binary"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "follow"
in: "query"
description: "Keep connection after returning logs."
type: "boolean"
default: false
- name: "stdout"
in: "query"
description: "Return logs from `stdout`"
type: "boolean"
default: false
- name: "stderr"
in: "query"
description: "Return logs from `stderr`"
type: "boolean"
default: false
- name: "since"
in: "query"
description: "Only return logs since this time, as a UNIX timestamp"
type: "integer"
default: 0
- name: "until"
in: "query"
description: "Only return logs before this time, as a UNIX timestamp"
type: "integer"
default: 0
- name: "timestamps"
in: "query"
description: "Add timestamps to every log line"
type: "boolean"
default: false
- name: "tail"
in: "query"
description: |
Only return this number of log lines from the end of the logs.
Specify as an integer or `all` to output all log lines.
type: "string"
default: "all"
tags: ["Container"]
/containers/{id}/changes:
get:
summary: "Get changes on a containers filesystem"
description: |
Returns which files in a container's filesystem have been added, deleted,
or modified. The `Kind` of modification can be one of:
- `0`: Modified
- `1`: Added
- `2`: Deleted
operationId: "ContainerChanges"
produces: ["application/json"]
responses:
200:
description: "The list of changes"
schema:
type: "array"
items:
type: "object"
x-go-name: "ContainerChangeResponseItem"
title: "ContainerChangeResponseItem"
description: "change item in response to ContainerChanges operation"
required: [Path, Kind]
properties:
Path:
description: "Path to file that has changed"
type: "string"
x-nullable: false
Kind:
description: "Kind of change"
type: "integer"
format: "uint8"
enum: [0, 1, 2]
x-nullable: false
examples:
application/json:
- Path: "/dev"
Kind: 0
- Path: "/dev/kmsg"
Kind: 1
- Path: "/test"
Kind: 1
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
tags: ["Container"]
/containers/{id}/export:
get:
summary: "Export a container"
description: "Export the contents of a container as a tarball."
operationId: "ContainerExport"
produces:
- "application/octet-stream"
responses:
200:
description: "no error"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
tags: ["Container"]
/containers/{id}/stats:
get:
summary: "Get container stats based on resource usage"
description: |
This endpoint returns a live stream of a containers resource usage
statistics.
The `precpu_stats` is the CPU statistic of the *previous* read, and is
used to calculate the CPU usage percentage. It is not an exact copy
of the `cpu_stats` field.
If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
nil then for compatibility with older daemons the length of the
corresponding `cpu_usage.percpu_usage` array should be used.
On a cgroup v2 host, the following fields are not set
* `blkio_stats`: all fields other than `io_service_bytes_recursive`
* `cpu_stats`: `cpu_usage.percpu_usage`
* `memory_stats`: `max_usage` and `failcnt`
Also, `memory_stats.stats` fields are incompatible with cgroup v1.
To calculate the values shown by the `stats` command of the docker cli tool
the following formulas can be used:
* used_memory = `memory_stats.usage - memory_stats.stats.cache`
* available_memory = `memory_stats.limit`
* Memory usage % = `(used_memory / available_memory) * 100.0`
* cpu_delta = `cpu_stats.cpu_usage.total_usage - precpu_stats.cpu_usage.total_usage`
* system_cpu_delta = `cpu_stats.system_cpu_usage - precpu_stats.system_cpu_usage`
* number_cpus = `lenght(cpu_stats.cpu_usage.percpu_usage)` or `cpu_stats.online_cpus`
* CPU usage % = `(cpu_delta / system_cpu_delta) * number_cpus * 100.0`
operationId: "ContainerStats"
produces: ["application/json"]
responses:
200:
description: "no error"
schema:
type: "object"
examples:
application/json:
read: "2015-01-08T22:57:31.547920715Z"
pids_stats:
current: 3
networks:
eth0:
rx_bytes: 5338
rx_dropped: 0
rx_errors: 0
rx_packets: 36
tx_bytes: 648
tx_dropped: 0
tx_errors: 0
tx_packets: 8
eth5:
rx_bytes: 4641
rx_dropped: 0
rx_errors: 0
rx_packets: 26
tx_bytes: 690
tx_dropped: 0
tx_errors: 0
tx_packets: 9
memory_stats:
stats:
total_pgmajfault: 0
cache: 0
mapped_file: 0
total_inactive_file: 0
pgpgout: 414
rss: 6537216
total_mapped_file: 0
writeback: 0
unevictable: 0
pgpgin: 477
total_unevictable: 0
pgmajfault: 0
total_rss: 6537216
total_rss_huge: 6291456
total_writeback: 0
total_inactive_anon: 0
rss_huge: 6291456
hierarchical_memory_limit: 67108864
total_pgfault: 964
total_active_file: 0
active_anon: 6537216
total_active_anon: 6537216
total_pgpgout: 414
total_cache: 0
inactive_anon: 0
active_file: 0
pgfault: 964
inactive_file: 0
total_pgpgin: 477
max_usage: 6651904
usage: 6537216
failcnt: 0
limit: 67108864
blkio_stats: {}
cpu_stats:
cpu_usage:
percpu_usage:
- 8646879
- 24472255
- 36438778
- 30657443
usage_in_usermode: 50000000
total_usage: 100215355
usage_in_kernelmode: 30000000
system_cpu_usage: 739306590000000
online_cpus: 4
throttling_data:
periods: 0
throttled_periods: 0
throttled_time: 0
precpu_stats:
cpu_usage:
percpu_usage:
- 8646879
- 24350896
- 36438778
- 30657443
usage_in_usermode: 50000000
total_usage: 100093996
usage_in_kernelmode: 30000000
system_cpu_usage: 9492140000000
online_cpus: 4
throttling_data:
periods: 0
throttled_periods: 0
throttled_time: 0
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "stream"
in: "query"
description: |
Stream the output. If false, the stats will be output once and then
it will disconnect.
type: "boolean"
default: true
- name: "one-shot"
in: "query"
description: |
Only get a single stat instead of waiting for 2 cycles. Must be used
with `stream=false`.
type: "boolean"
default: false
tags: ["Container"]
/containers/{id}/resize:
post:
summary: "Resize a container TTY"
description: "Resize the TTY for a container."
operationId: "ContainerResize"
consumes:
- "application/octet-stream"
produces:
- "text/plain"
responses:
200:
description: "no error"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "cannot resize container"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "h"
in: "query"
description: "Height of the TTY session in characters"
type: "integer"
- name: "w"
in: "query"
description: "Width of the TTY session in characters"
type: "integer"
tags: ["Container"]
/containers/{id}/start:
post:
summary: "Start a container"
operationId: "ContainerStart"
responses:
204:
description: "no error"
304:
description: "container already started"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "detachKeys"
in: "query"
description: |
Override the key sequence for detaching a container. Format is a
single character `[a-Z]` or `ctrl-<value>` where `<value>` is one
of: `a-z`, `@`, `^`, `[`, `,` or `_`.
type: "string"
tags: ["Container"]
/containers/{id}/stop:
post:
summary: "Stop a container"
operationId: "ContainerStop"
responses:
204:
description: "no error"
304:
description: "container already stopped"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "signal"
in: "query"
description: |
Signal to send to the container as an integer or string (e.g. `SIGINT`).
type: "string"
- name: "t"
in: "query"
description: "Number of seconds to wait before killing the container"
type: "integer"
tags: ["Container"]
/containers/{id}/restart:
post:
summary: "Restart a container"
operationId: "ContainerRestart"
responses:
204:
description: "no error"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "signal"
in: "query"
description: |
Signal to send to the container as an integer or string (e.g. `SIGINT`).
type: "string"
- name: "t"
in: "query"
description: "Number of seconds to wait before killing the container"
type: "integer"
tags: ["Container"]
/containers/{id}/kill:
post:
summary: "Kill a container"
description: |
Send a POSIX signal to a container, defaulting to killing to the
container.
operationId: "ContainerKill"
responses:
204:
description: "no error"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
409:
description: "container is not running"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "Container d37cde0fe4ad63c3a7252023b2f9800282894247d145cb5933ddf6e52cc03a28 is not running"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "signal"
in: "query"
description: |
Signal to send to the container as an integer or string (e.g. `SIGINT`).
type: "string"
default: "SIGKILL"
tags: ["Container"]
/containers/{id}/update:
post:
summary: "Update a container"
description: |
Change various configuration options of a container without having to
recreate it.
operationId: "ContainerUpdate"
consumes: ["application/json"]
produces: ["application/json"]
responses:
200:
description: "The container has been updated."
schema:
type: "object"
title: "ContainerUpdateResponse"
description: "OK response to ContainerUpdate operation"
properties:
Warnings:
type: "array"
items:
type: "string"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "update"
in: "body"
required: true
schema:
allOf:
- $ref: "#/definitions/Resources"
- type: "object"
properties:
RestartPolicy:
$ref: "#/definitions/RestartPolicy"
example:
BlkioWeight: 300
CpuShares: 512
CpuPeriod: 100000
CpuQuota: 50000
CpuRealtimePeriod: 1000000
CpuRealtimeRuntime: 10000
CpusetCpus: "0,1"
CpusetMems: "0"
Memory: 314572800
MemorySwap: 514288000
MemoryReservation: 209715200
RestartPolicy:
MaximumRetryCount: 4
Name: "on-failure"
tags: ["Container"]
/containers/{id}/rename:
post:
summary: "Rename a container"
operationId: "ContainerRename"
responses:
204:
description: "no error"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
409:
description: "name already in use"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "name"
in: "query"
required: true
description: "New name for the container"
type: "string"
tags: ["Container"]
/containers/{id}/pause:
post:
summary: "Pause a container"
description: |
Use the freezer cgroup to suspend all processes in a container.
Traditionally, when suspending a process the `SIGSTOP` signal is used,
which is observable by the process being suspended. With the freezer
cgroup the process is unaware, and unable to capture, that it is being
suspended, and subsequently resumed.
operationId: "ContainerPause"
responses:
204:
description: "no error"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
tags: ["Container"]
/containers/{id}/unpause:
post:
summary: "Unpause a container"
description: "Resume a container which has been paused."
operationId: "ContainerUnpause"
responses:
204:
description: "no error"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
tags: ["Container"]
/containers/{id}/attach:
post:
summary: "Attach to a container"
description: |
Attach to a container to read its output or send it input. You can attach
to the same container multiple times and you can reattach to containers
that have been detached.
Either the `stream` or `logs` parameter must be `true` for this endpoint
to do anything.
See the [documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/)
for more details.
### Hijacking
This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`,
and `stderr` on the same socket.
This is the response from the daemon for an attach request:
```
HTTP/1.1 200 OK
Content-Type: application/vnd.docker.raw-stream
[STREAM]
```
After the headers and two new lines, the TCP connection can now be used
for raw, bidirectional communication between the client and server.
To hint potential proxies about connection hijacking, the Docker client
can also optionally send connection upgrade headers.
For example, the client sends this request to upgrade the connection:
```
POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
Upgrade: tcp
Connection: Upgrade
```
The Docker daemon will respond with a `101 UPGRADED` response, and will
similarly follow with the raw stream:
```
HTTP/1.1 101 UPGRADED
Content-Type: application/vnd.docker.raw-stream
Connection: Upgrade
Upgrade: tcp
[STREAM]
```
### Stream format
When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate),
the HTTP Content-Type header is set to application/vnd.docker.multiplexed-stream
and the stream over the hijacked connected is multiplexed to separate out
`stdout` and `stderr`. The stream consists of a series of frames, each
containing a header and a payload.
The header contains the information which the stream writes (`stdout` or
`stderr`). It also contains the size of the associated frame encoded in
the last four bytes (`uint32`).
It is encoded on the first eight bytes like this:
```go
header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
```
`STREAM_TYPE` can be:
- 0: `stdin` (is written on `stdout`)
- 1: `stdout`
- 2: `stderr`
`SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size
encoded as big endian.
Following the header is the payload, which is the specified number of
bytes of `STREAM_TYPE`.
The simplest way to implement this protocol is the following:
1. Read 8 bytes.
2. Choose `stdout` or `stderr` depending on the first byte.
3. Extract the frame size from the last four bytes.
4. Read the extracted size and output it on the correct output.
5. Goto 1.
### Stream format when using a TTY
When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate),
the stream is not multiplexed. The data exchanged over the hijacked
connection is simply the raw data from the process PTY and client's
`stdin`.
operationId: "ContainerAttach"
produces:
- "application/vnd.docker.raw-stream"
- "application/vnd.docker.multiplexed-stream"
responses:
101:
description: "no error, hints proxy about hijacking"
200:
description: "no error, no upgrade header found"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "detachKeys"
in: "query"
description: |
Override the key sequence for detaching a container.Format is a single
character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`,
`@`, `^`, `[`, `,` or `_`.
type: "string"
- name: "logs"
in: "query"
description: |
Replay previous logs from the container.
This is useful for attaching to a container that has started and you
want to output everything since the container started.
If `stream` is also enabled, once all the previous output has been
returned, it will seamlessly transition into streaming current
output.
type: "boolean"
default: false
- name: "stream"
in: "query"
description: |
Stream attached streams from the time the request was made onwards.
type: "boolean"
default: false
- name: "stdin"
in: "query"
description: "Attach to `stdin`"
type: "boolean"
default: false
- name: "stdout"
in: "query"
description: "Attach to `stdout`"
type: "boolean"
default: false
- name: "stderr"
in: "query"
description: "Attach to `stderr`"
type: "boolean"
default: false
tags: ["Container"]
/containers/{id}/attach/ws:
get:
summary: "Attach to a container via a websocket"
operationId: "ContainerAttachWebsocket"
responses:
101:
description: "no error, hints proxy about hijacking"
200:
description: "no error, no upgrade header found"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "detachKeys"
in: "query"
description: |
Override the key sequence for detaching a container.Format is a single
character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`,
`@`, `^`, `[`, `,`, or `_`.
type: "string"
- name: "logs"
in: "query"
description: "Return logs"
type: "boolean"
default: false
- name: "stream"
in: "query"
description: "Return stream"
type: "boolean"
default: false
- name: "stdin"
in: "query"
description: "Attach to `stdin`"
type: "boolean"
default: false
- name: "stdout"
in: "query"
description: "Attach to `stdout`"
type: "boolean"
default: false
- name: "stderr"
in: "query"
description: "Attach to `stderr`"
type: "boolean"
default: false
tags: ["Container"]
/containers/{id}/wait:
post:
summary: "Wait for a container"
description: "Block until a container stops, then returns the exit code."
operationId: "ContainerWait"
produces: ["application/json"]
responses:
200:
description: "The container has exit."
schema:
$ref: "#/definitions/ContainerWaitResponse"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "condition"
in: "query"
description: |
Wait until a container state reaches the given condition.
Defaults to `not-running` if omitted or empty.
type: "string"
enum:
- "not-running"
- "next-exit"
- "removed"
default: "not-running"
tags: ["Container"]
/containers/{id}:
delete:
summary: "Remove a container"
operationId: "ContainerDelete"
responses:
204:
description: "no error"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
409:
description: "conflict"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: |
You cannot remove a running container: c2ada9df5af8. Stop the
container before attempting removal or force remove
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "v"
in: "query"
description: "Remove anonymous volumes associated with the container."
type: "boolean"
default: false
- name: "force"
in: "query"
description: "If the container is running, kill it before removing it."
type: "boolean"
default: false
- name: "link"
in: "query"
description: "Remove the specified link associated with the container."
type: "boolean"
default: false
tags: ["Container"]
/containers/{id}/archive:
head:
summary: "Get information about files in a container"
description: |
A response header `X-Docker-Container-Path-Stat` is returned, containing
a base64 - encoded JSON object with some filesystem header information
about the path.
operationId: "ContainerArchiveInfo"
responses:
200:
description: "no error"
headers:
X-Docker-Container-Path-Stat:
type: "string"
description: |
A base64 - encoded JSON object with some filesystem header
information about the path
400:
description: "Bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "Container or path does not exist"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "path"
in: "query"
required: true
description: "Resource in the containers filesystem to archive."
type: "string"
tags: ["Container"]
get:
summary: "Get an archive of a filesystem resource in a container"
description: "Get a tar archive of a resource in the filesystem of container id."
operationId: "ContainerArchive"
produces: ["application/x-tar"]
responses:
200:
description: "no error"
400:
description: "Bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "Container or path does not exist"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "path"
in: "query"
required: true
description: "Resource in the containers filesystem to archive."
type: "string"
tags: ["Container"]
put:
summary: "Extract an archive of files or folders to a directory in a container"
description: |
Upload a tar archive to be extracted to a path in the filesystem of container id.
`path` parameter is asserted to be a directory. If it exists as a file, 400 error
will be returned with message "not a directory".
operationId: "PutContainerArchive"
consumes: ["application/x-tar", "application/octet-stream"]
responses:
200:
description: "The content was extracted successfully"
400:
description: "Bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "not a directory"
403:
description: "Permission denied, the volume or container rootfs is marked as read-only."
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "No such container or path does not exist inside the container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the container"
type: "string"
- name: "path"
in: "query"
required: true
description: "Path to a directory in the container to extract the archives contents into. "
type: "string"
- name: "noOverwriteDirNonDir"
in: "query"
description: |
If `1`, `true`, or `True` then it will be an error if unpacking the
given content would cause an existing directory to be replaced with
a non-directory and vice versa.
type: "string"
- name: "copyUIDGID"
in: "query"
description: |
If `1`, `true`, then it will copy UID/GID maps to the dest file or
dir
type: "string"
- name: "inputStream"
in: "body"
required: true
description: |
The input stream must be a tar archive compressed with one of the
following algorithms: `identity` (no compression), `gzip`, `bzip2`,
or `xz`.
schema:
type: "string"
format: "binary"
tags: ["Container"]
/containers/prune:
post:
summary: "Delete stopped containers"
produces:
- "application/json"
operationId: "ContainerPrune"
parameters:
- name: "filters"
in: "query"
description: |
Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
Available filters:
- `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machines time.
- `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
type: "string"
responses:
200:
description: "No error"
schema:
type: "object"
title: "ContainerPruneResponse"
properties:
ContainersDeleted:
description: "Container IDs that were deleted"
type: "array"
items:
type: "string"
SpaceReclaimed:
description: "Disk space reclaimed in bytes"
type: "integer"
format: "int64"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["Container"]
/images/json:
get:
summary: "List Images"
description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
operationId: "ImageList"
produces:
- "application/json"
responses:
200:
description: "Summary image data for the images matching the query"
schema:
type: "array"
items:
$ref: "#/definitions/ImageSummary"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "all"
in: "query"
description: "Show all images. Only images from a final layer (no children) are shown by default."
type: "boolean"
default: false
- name: "filters"
in: "query"
description: |
A JSON encoded value of the filters (a `map[string][]string`) to
process on the images list.
Available filters:
- `before`=(`<image-name>[:<tag>]`, `<image id>` or `<image@digest>`)
- `dangling=true`
- `label=key` or `label="key=value"` of an image label
- `reference`=(`<image-name>[:<tag>]`)
- `since`=(`<image-name>[:<tag>]`, `<image id>` or `<image@digest>`)
type: "string"
- name: "shared-size"
in: "query"
description: "Compute and show shared size as a `SharedSize` field on each image."
type: "boolean"
default: false
- name: "digests"
in: "query"
description: "Show digest information as a `RepoDigests` field on each image."
type: "boolean"
default: false
tags: ["Image"]
/build:
post:
summary: "Build an image"
description: |
Build an image from a tar archive with a `Dockerfile` in it.
The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
The build is canceled if the client drops the connection by quitting or being killed.
operationId: "ImageBuild"
consumes:
- "application/octet-stream"
produces:
- "application/json"
parameters:
- name: "inputStream"
in: "body"
description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
schema:
type: "string"
format: "binary"
- name: "dockerfile"
in: "query"
description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
type: "string"
default: "Dockerfile"
- name: "t"
in: "query"
description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
type: "string"
- name: "extrahosts"
in: "query"
description: "Extra hosts to add to /etc/hosts"
type: "string"
- name: "remote"
in: "query"
description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the files contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
type: "string"
- name: "q"
in: "query"
description: "Suppress verbose build output."
type: "boolean"
default: false
- name: "nocache"
in: "query"
description: "Do not use the cache when building the image."
type: "boolean"
default: false
- name: "cachefrom"
in: "query"
description: "JSON array of images used for build cache resolution."
type: "string"
- name: "pull"
in: "query"
description: "Attempt to pull the image even if an older image exists locally."
type: "string"
- name: "rm"
in: "query"
description: "Remove intermediate containers after a successful build."
type: "boolean"
default: true
- name: "forcerm"
in: "query"
description: "Always remove intermediate containers, even upon failure."
type: "boolean"
default: false
- name: "memory"
in: "query"
description: "Set memory limit for build."
type: "integer"
- name: "memswap"
in: "query"
description: "Total memory (memory + swap). Set as `-1` to disable swap."
type: "integer"
- name: "cpushares"
in: "query"
description: "CPU shares (relative weight)."
type: "integer"
- name: "cpusetcpus"
in: "query"
description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
type: "string"
- name: "cpuperiod"
in: "query"
description: "The length of a CPU period in microseconds."
type: "integer"
- name: "cpuquota"
in: "query"
description: "Microseconds of CPU time that the container can get in a CPU period."
type: "integer"
- name: "buildargs"
in: "query"
description: >
JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker
uses the buildargs as the environment context for commands run via the `Dockerfile` RUN
instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for
passing secret values.
For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
[Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)
type: "string"
- name: "shmsize"
in: "query"
description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
type: "integer"
- name: "squash"
in: "query"
description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
type: "boolean"
- name: "labels"
in: "query"
description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
type: "string"
- name: "networkmode"
in: "query"
description: |
Sets the networking mode for the run commands during build. Supported
standard values are: `bridge`, `host`, `none`, and `container:<name|id>`.
Any other value is taken as a custom network's name or ID to which this
container should connect to.
type: "string"
- name: "Content-type"
in: "header"
type: "string"
enum:
- "application/x-tar"
default: "application/x-tar"
- name: "X-Registry-Config"
in: "header"
description: |
This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
```
{
"docker.example.com": {
"username": "janedoe",
"password": "hunter2"
},
"https://index.docker.io/v1/": {
"username": "mobydock",
"password": "conta1n3rize14"
}
}
```
Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
type: "string"
- name: "platform"
in: "query"
description: "Platform in the format os[/arch[/variant]]"
type: "string"
default: ""
- name: "target"
in: "query"
description: "Target build stage"
type: "string"
default: ""
- name: "outputs"
in: "query"
description: "BuildKit output configuration"
type: "string"
default: ""
responses:
200:
description: "no error"
400:
description: "Bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["Image"]
/build/prune:
post:
summary: "Delete builder cache"
produces:
- "application/json"
operationId: "BuildPrune"
parameters:
- name: "keep-storage"
in: "query"
description: "Amount of disk space in bytes to keep for cache"
type: "integer"
format: "int64"
- name: "all"
in: "query"
type: "boolean"
description: "Remove all types of build cache"
- name: "filters"
in: "query"
type: "string"
description: |
A JSON encoded value of the filters (a `map[string][]string`) to
process on the list of build cache objects.
Available filters:
- `until=<duration>`: duration relative to daemon's time, during which build cache was not used, in Go's duration format (e.g., '24h')
- `id=<id>`
- `parent=<id>`
- `type=<string>`
- `description=<string>`
- `inuse`
- `shared`
- `private`
responses:
200:
description: "No error"
schema:
type: "object"
title: "BuildPruneResponse"
properties:
CachesDeleted:
type: "array"
items:
description: "ID of build cache object"
type: "string"
SpaceReclaimed:
description: "Disk space reclaimed in bytes"
type: "integer"
format: "int64"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["Image"]
/images/create:
post:
summary: "Create an image"
description: "Create an image by either pulling it from a registry or importing it."
operationId: "ImageCreate"
consumes:
- "text/plain"
- "application/octet-stream"
produces:
- "application/json"
responses:
200:
description: "no error"
404:
description: "repository does not exist or no read access"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "fromImage"
in: "query"
description: "Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
type: "string"
- name: "fromSrc"
in: "query"
description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
type: "string"
- name: "repo"
in: "query"
description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
type: "string"
- name: "tag"
in: "query"
description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
type: "string"
- name: "message"
in: "query"
description: "Set commit message for imported image."
type: "string"
- name: "inputImage"
in: "body"
description: "Image content if the value `-` has been specified in fromSrc query parameter"
schema:
type: "string"
required: false
- name: "X-Registry-Auth"
in: "header"
description: |
A base64url-encoded auth configuration.
Refer to the [authentication section](#section/Authentication) for
details.
type: "string"
- name: "changes"
in: "query"
description: |
Apply `Dockerfile` instructions to the image that is created,
for example: `changes=ENV DEBUG=true`.
Note that `ENV DEBUG=true` should be URI component encoded.
Supported `Dockerfile` instructions:
`CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
type: "array"
items:
type: "string"
- name: "platform"
in: "query"
description: |
Platform in the format os[/arch[/variant]].
When used in combination with the `fromImage` option, the daemon checks
if the given image is present in the local image cache with the given
OS and Architecture, and otherwise attempts to pull the image. If the
option is not set, the host's native OS and Architecture are used.
If the given image does not exist in the local image cache, the daemon
attempts to pull the image with the host's native OS and Architecture.
If the given image does exists in the local image cache, but its OS or
architecture does not match, a warning is produced.
When used with the `fromSrc` option to import an image from an archive,
this option sets the platform information for the imported image. If
the option is not set, the host's native OS and Architecture are used
for the imported image.
type: "string"
default: ""
tags: ["Image"]
/images/{name}/json:
get:
summary: "Inspect an image"
description: "Return low-level information about an image."
operationId: "ImageInspect"
produces:
- "application/json"
responses:
200:
description: "No error"
schema:
$ref: "#/definitions/ImageInspect"
404:
description: "No such image"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such image: someimage (tag: latest)"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "path"
description: "Image name or id"
type: "string"
required: true
tags: ["Image"]
/images/{name}/history:
get:
summary: "Get the history of an image"
description: "Return parent layers of an image."
operationId: "ImageHistory"
produces: ["application/json"]
responses:
200:
description: "List of image layers"
schema:
type: "array"
items:
type: "object"
x-go-name: HistoryResponseItem
title: "HistoryResponseItem"
description: "individual image layer information in response to ImageHistory operation"
required: [Id, Created, CreatedBy, Tags, Size, Comment]
properties:
Id:
type: "string"
x-nullable: false
Created:
type: "integer"
format: "int64"
x-nullable: false
CreatedBy:
type: "string"
x-nullable: false
Tags:
type: "array"
items:
type: "string"
Size:
type: "integer"
format: "int64"
x-nullable: false
Comment:
type: "string"
x-nullable: false
examples:
application/json:
- Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
Created: 1398108230
CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
Tags:
- "ubuntu:lucid"
- "ubuntu:10.04"
Size: 182964289
Comment: ""
- Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
Created: 1398108222
CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
Tags: []
Size: 0
Comment: ""
- Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
Created: 1371157430
CreatedBy: ""
Tags:
- "scratch12:latest"
- "scratch:latest"
Size: 0
Comment: "Imported from -"
404:
description: "No such image"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "path"
description: "Image name or ID"
type: "string"
required: true
tags: ["Image"]
/images/{name}/push:
post:
summary: "Push an image"
description: |
Push an image to a registry.
If you wish to push an image on to a private registry, that image must
already have a tag which references the registry. For example,
`registry.example.com/myimage:latest`.
The push is cancelled if the HTTP connection is closed.
operationId: "ImagePush"
consumes:
- "application/octet-stream"
responses:
200:
description: "No error"
404:
description: "No such image"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "path"
description: "Image name or ID."
type: "string"
required: true
- name: "tag"
in: "query"
description: "The tag to associate with the image on the registry."
type: "string"
- name: "X-Registry-Auth"
in: "header"
description: |
A base64url-encoded auth configuration.
Refer to the [authentication section](#section/Authentication) for
details.
type: "string"
required: true
tags: ["Image"]
/images/{name}/tag:
post:
summary: "Tag an image"
description: "Tag an image so that it becomes part of a repository."
operationId: "ImageTag"
responses:
201:
description: "No error"
400:
description: "Bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "No such image"
schema:
$ref: "#/definitions/ErrorResponse"
409:
description: "Conflict"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "path"
description: "Image name or ID to tag."
type: "string"
required: true
- name: "repo"
in: "query"
description: "The repository to tag in. For example, `someuser/someimage`."
type: "string"
- name: "tag"
in: "query"
description: "The name of the new tag."
type: "string"
tags: ["Image"]
/images/{name}:
delete:
summary: "Remove an image"
description: |
Remove an image, along with any untagged parent images that were
referenced by that image.
Images can't be removed if they have descendant images, are being
used by a running container or are being used by a build.
operationId: "ImageDelete"
produces: ["application/json"]
responses:
200:
description: "The image was deleted successfully"
schema:
type: "array"
items:
$ref: "#/definitions/ImageDeleteResponseItem"
examples:
application/json:
- Untagged: "3e2f21a89f"
- Deleted: "3e2f21a89f"
- Deleted: "53b4f83ac9"
404:
description: "No such image"
schema:
$ref: "#/definitions/ErrorResponse"
409:
description: "Conflict"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "path"
description: "Image name or ID"
type: "string"
required: true
- name: "force"
in: "query"
description: "Remove the image even if it is being used by stopped containers or has other tags"
type: "boolean"
default: false
- name: "noprune"
in: "query"
description: "Do not delete untagged parent images"
type: "boolean"
default: false
tags: ["Image"]
/images/search:
get:
summary: "Search images"
description: "Search for an image on Docker Hub."
operationId: "ImageSearch"
produces:
- "application/json"
responses:
200:
description: "No error"
schema:
type: "array"
items:
type: "object"
title: "ImageSearchResponseItem"
properties:
description:
type: "string"
is_official:
type: "boolean"
is_automated:
type: "boolean"
name:
type: "string"
star_count:
type: "integer"
examples:
application/json:
- description: ""
is_official: false
is_automated: false
name: "wma55/u1210sshd"
star_count: 0
- description: ""
is_official: false
is_automated: false
name: "jdswinbank/sshd"
star_count: 0
- description: ""
is_official: false
is_automated: false
name: "vgauthier/sshd"
star_count: 0
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "term"
in: "query"
description: "Term to search"
type: "string"
required: true
- name: "limit"
in: "query"
description: "Maximum number of results to return"
type: "integer"
- name: "filters"
in: "query"
description: |
A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
- `is-automated=(true|false)`
- `is-official=(true|false)`
- `stars=<number>` Matches images that has at least 'number' stars.
type: "string"
tags: ["Image"]
/images/prune:
post:
summary: "Delete unused images"
produces:
- "application/json"
operationId: "ImagePrune"
parameters:
- name: "filters"
in: "query"
description: |
Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
- `dangling=<boolean>` When set to `true` (or `1`), prune only
unused *and* untagged images. When set to `false`
(or `0`), all unused images are pruned.
- `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machines time.
- `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
type: "string"
responses:
200:
description: "No error"
schema:
type: "object"
title: "ImagePruneResponse"
properties:
ImagesDeleted:
description: "Images that were deleted"
type: "array"
items:
$ref: "#/definitions/ImageDeleteResponseItem"
SpaceReclaimed:
description: "Disk space reclaimed in bytes"
type: "integer"
format: "int64"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["Image"]
/auth:
post:
summary: "Check auth configuration"
description: |
Validate credentials for a registry and, if available, get an identity
token for accessing the registry without password.
operationId: "SystemAuth"
consumes: ["application/json"]
produces: ["application/json"]
responses:
200:
description: "An identity token was generated successfully."
schema:
type: "object"
title: "SystemAuthResponse"
required: [Status]
properties:
Status:
description: "The status of the authentication"
type: "string"
x-nullable: false
IdentityToken:
description: "An opaque token used to authenticate a user after a successful login"
type: "string"
x-nullable: false
examples:
application/json:
Status: "Login Succeeded"
IdentityToken: "9cbaf023786cd7..."
204:
description: "No error"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "authConfig"
in: "body"
description: "Authentication to check"
schema:
$ref: "#/definitions/AuthConfig"
tags: ["System"]
/info:
get:
summary: "Get system information"
operationId: "SystemInfo"
produces:
- "application/json"
responses:
200:
description: "No error"
schema:
$ref: "#/definitions/SystemInfo"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["System"]
/version:
get:
summary: "Get version"
description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
operationId: "SystemVersion"
produces: ["application/json"]
responses:
200:
description: "no error"
schema:
$ref: "#/definitions/SystemVersion"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["System"]
/_ping:
get:
summary: "Ping"
description: "This is a dummy endpoint you can use to test if the server is accessible."
operationId: "SystemPing"
produces: ["text/plain"]
responses:
200:
description: "no error"
schema:
type: "string"
example: "OK"
headers:
API-Version:
type: "string"
description: "Max API Version the server supports"
Builder-Version:
type: "string"
description: |
Default version of docker image builder
The default on Linux is version "2" (BuildKit), but the daemon
can be configured to recommend version "1" (classic Builder).
Windows does not yet support BuildKit for native Windows images,
and uses "1" (classic builder) as a default.
This value is a recommendation as advertised by the daemon, and
it is up to the client to choose which builder to use.
default: "2"
Docker-Experimental:
type: "boolean"
description: "If the server is running with experimental mode enabled"
Swarm:
type: "string"
enum: ["inactive", "pending", "error", "locked", "active/worker", "active/manager"]
description: |
Contains information about Swarm status of the daemon,
and if the daemon is acting as a manager or worker node.
default: "inactive"
Cache-Control:
type: "string"
default: "no-cache, no-store, must-revalidate"
Pragma:
type: "string"
default: "no-cache"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
headers:
Cache-Control:
type: "string"
default: "no-cache, no-store, must-revalidate"
Pragma:
type: "string"
default: "no-cache"
tags: ["System"]
head:
summary: "Ping"
description: "This is a dummy endpoint you can use to test if the server is accessible."
operationId: "SystemPingHead"
produces: ["text/plain"]
responses:
200:
description: "no error"
schema:
type: "string"
example: "(empty)"
headers:
API-Version:
type: "string"
description: "Max API Version the server supports"
Builder-Version:
type: "string"
description: "Default version of docker image builder"
Docker-Experimental:
type: "boolean"
description: "If the server is running with experimental mode enabled"
Swarm:
type: "string"
enum: ["inactive", "pending", "error", "locked", "active/worker", "active/manager"]
description: |
Contains information about Swarm status of the daemon,
and if the daemon is acting as a manager or worker node.
default: "inactive"
Cache-Control:
type: "string"
default: "no-cache, no-store, must-revalidate"
Pragma:
type: "string"
default: "no-cache"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["System"]
/commit:
post:
summary: "Create a new image from a container"
operationId: "ImageCommit"
consumes:
- "application/json"
produces:
- "application/json"
responses:
201:
description: "no error"
schema:
$ref: "#/definitions/IdResponse"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "containerConfig"
in: "body"
description: "The container configuration"
schema:
$ref: "#/definitions/ContainerConfig"
- name: "container"
in: "query"
description: "The ID or name of the container to commit"
type: "string"
- name: "repo"
in: "query"
description: "Repository name for the created image"
type: "string"
- name: "tag"
in: "query"
description: "Tag name for the create image"
type: "string"
- name: "comment"
in: "query"
description: "Commit message"
type: "string"
- name: "author"
in: "query"
description: "Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)"
type: "string"
- name: "pause"
in: "query"
description: "Whether to pause the container before committing"
type: "boolean"
default: true
- name: "changes"
in: "query"
description: "`Dockerfile` instructions to apply while committing"
type: "string"
tags: ["Image"]
/events:
get:
summary: "Monitor events"
description: |
Stream real-time events from the server.
Various objects within Docker report events when something happens to them.
Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, `update`, and `prune`
Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, `untag`, and `prune`
Volumes report these events: `create`, `mount`, `unmount`, `destroy`, and `prune`
Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, `remove`, and `prune`
The Docker daemon reports these events: `reload`
Services report these events: `create`, `update`, and `remove`
Nodes report these events: `create`, `update`, and `remove`
Secrets report these events: `create`, `update`, and `remove`
Configs report these events: `create`, `update`, and `remove`
The Builder reports `prune` events
operationId: "SystemEvents"
produces:
- "application/json"
responses:
200:
description: "no error"
schema:
$ref: "#/definitions/EventMessage"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "since"
in: "query"
description: "Show events created since this timestamp then stream new events."
type: "string"
- name: "until"
in: "query"
description: "Show events created until this timestamp then stop streaming."
type: "string"
- name: "filters"
in: "query"
description: |
A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
- `config=<string>` config name or ID
- `container=<string>` container name or ID
- `daemon=<string>` daemon name or ID
- `event=<string>` event type
- `image=<string>` image name or ID
- `label=<string>` image or container label
- `network=<string>` network name or ID
- `node=<string>` node ID
- `plugin`=<string> plugin name or ID
- `scope`=<string> local or swarm
- `secret=<string>` secret name or ID
- `service=<string>` service name or ID
- `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service`, `secret` or `config`
- `volume=<string>` volume name
type: "string"
tags: ["System"]
/system/df:
get:
summary: "Get data usage information"
operationId: "SystemDataUsage"
responses:
200:
description: "no error"
schema:
type: "object"
title: "SystemDataUsageResponse"
properties:
LayersSize:
type: "integer"
format: "int64"
Images:
type: "array"
items:
$ref: "#/definitions/ImageSummary"
Containers:
type: "array"
items:
$ref: "#/definitions/ContainerSummary"
Volumes:
type: "array"
items:
$ref: "#/definitions/Volume"
BuildCache:
type: "array"
items:
$ref: "#/definitions/BuildCache"
example:
LayersSize: 1092588
Images:
-
Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
ParentId: ""
RepoTags:
- "busybox:latest"
RepoDigests:
- "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
Created: 1466724217
Size: 1092588
SharedSize: 0
VirtualSize: 1092588
Labels: {}
Containers: 1
Containers:
-
Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
Names:
- "/top"
Image: "busybox"
ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
Command: "top"
Created: 1472592424
Ports: []
SizeRootFs: 1092588
Labels: {}
State: "exited"
Status: "Exited (0) 56 minutes ago"
HostConfig:
NetworkMode: "default"
NetworkSettings:
Networks:
bridge:
IPAMConfig: null
Links: null
Aliases: null
NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
Gateway: "172.18.0.1"
IPAddress: "172.18.0.2"
IPPrefixLen: 16
IPv6Gateway: ""
GlobalIPv6Address: ""
GlobalIPv6PrefixLen: 0
MacAddress: "02:42:ac:12:00:02"
Mounts: []
Volumes:
-
Name: "my-volume"
Driver: "local"
Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
Labels: null
Scope: "local"
Options: null
UsageData:
Size: 10920104
RefCount: 2
BuildCache:
-
ID: "hw53o5aio51xtltp5xjp8v7fx"
Parents: []
Type: "regular"
Description: "pulled from docker.io/library/debian@sha256:234cb88d3020898631af0ccbbcca9a66ae7306ecd30c9720690858c1b007d2a0"
InUse: false
Shared: true
Size: 0
CreatedAt: "2021-06-28T13:31:01.474619385Z"
LastUsedAt: "2021-07-07T22:02:32.738075951Z"
UsageCount: 26
-
ID: "ndlpt0hhvkqcdfkputsk4cq9c"
Parents: ["ndlpt0hhvkqcdfkputsk4cq9c"]
Type: "regular"
Description: "mount / from exec /bin/sh -c echo 'Binary::apt::APT::Keep-Downloaded-Packages \"true\";' > /etc/apt/apt.conf.d/keep-cache"
InUse: false
Shared: true
Size: 51
CreatedAt: "2021-06-28T13:31:03.002625487Z"
LastUsedAt: "2021-07-07T22:02:32.773909517Z"
UsageCount: 26
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "type"
in: "query"
description: |
Object types, for which to compute and return data.
type: "array"
collectionFormat: multi
items:
type: "string"
enum: ["container", "image", "volume", "build-cache"]
tags: ["System"]
/images/{name}/get:
get:
summary: "Export an image"
description: |
Get a tarball containing all images and metadata for a repository.
If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
### Image tarball format
An image tarball contains one directory per image layer (named using its long ID), each containing these files:
- `VERSION`: currently `1.0` - the file format version
- `json`: detailed layer information, similar to `docker inspect layer_id`
- `layer.tar`: A tarfile containing the filesystem changes in this layer
The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
```json
{
"hello-world": {
"latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
}
}
```
operationId: "ImageGet"
produces:
- "application/x-tar"
responses:
200:
description: "no error"
schema:
type: "string"
format: "binary"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "path"
description: "Image name or ID"
type: "string"
required: true
tags: ["Image"]
/images/get:
get:
summary: "Export several images"
description: |
Get a tarball containing all images and metadata for several image
repositories.
For each value of the `names` parameter: if it is a specific name and
tag (e.g. `ubuntu:latest`), then only that image (and its parents) are
returned; if it is an image ID, similarly only that image (and its parents)
are returned and there would be no names referenced in the 'repositories'
file for this image ID.
For details on the format, see the [export image endpoint](#operation/ImageGet).
operationId: "ImageGetAll"
produces:
- "application/x-tar"
responses:
200:
description: "no error"
schema:
type: "string"
format: "binary"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "names"
in: "query"
description: "Image names to filter by"
type: "array"
items:
type: "string"
tags: ["Image"]
/images/load:
post:
summary: "Import images"
description: |
Load a set of images and tags into a repository.
For details on the format, see the [export image endpoint](#operation/ImageGet).
operationId: "ImageLoad"
consumes:
- "application/x-tar"
produces:
- "application/json"
responses:
200:
description: "no error"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "imagesTarball"
in: "body"
description: "Tar archive containing images"
schema:
type: "string"
format: "binary"
- name: "quiet"
in: "query"
description: "Suppress progress details during load."
type: "boolean"
default: false
tags: ["Image"]
/containers/{id}/exec:
post:
summary: "Create an exec instance"
description: "Run a command inside a running container."
operationId: "ContainerExec"
consumes:
- "application/json"
produces:
- "application/json"
responses:
201:
description: "no error"
schema:
$ref: "#/definitions/IdResponse"
404:
description: "no such container"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such container: c2ada9df5af8"
409:
description: "container is paused"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "execConfig"
in: "body"
description: "Exec configuration"
schema:
type: "object"
title: "ExecConfig"
properties:
AttachStdin:
type: "boolean"
description: "Attach to `stdin` of the exec command."
AttachStdout:
type: "boolean"
description: "Attach to `stdout` of the exec command."
AttachStderr:
type: "boolean"
description: "Attach to `stderr` of the exec command."
ConsoleSize:
type: "array"
description: "Initial console size, as an `[height, width]` array."
x-nullable: true
minItems: 2
maxItems: 2
items:
type: "integer"
minimum: 0
DetachKeys:
type: "string"
description: |
Override the key sequence for detaching a container. Format is
a single character `[a-Z]` or `ctrl-<value>` where `<value>`
is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
Tty:
type: "boolean"
description: "Allocate a pseudo-TTY."
Env:
description: |
A list of environment variables in the form `["VAR=value", ...]`.
type: "array"
items:
type: "string"
Cmd:
type: "array"
description: "Command to run, as a string or array of strings."
items:
type: "string"
Privileged:
type: "boolean"
description: "Runs the exec process with extended privileges."
default: false
User:
type: "string"
description: |
The user, and optionally, group to run the exec process inside
the container. Format is one of: `user`, `user:group`, `uid`,
or `uid:gid`.
WorkingDir:
type: "string"
description: |
The working directory for the exec process inside the container.
example:
AttachStdin: false
AttachStdout: true
AttachStderr: true
DetachKeys: "ctrl-p,ctrl-q"
Tty: false
Cmd:
- "date"
Env:
- "FOO=bar"
- "BAZ=quux"
required: true
- name: "id"
in: "path"
description: "ID or name of container"
type: "string"
required: true
tags: ["Exec"]
/exec/{id}/start:
post:
summary: "Start an exec instance"
description: |
Starts a previously set up exec instance. If detach is true, this endpoint
returns immediately after starting the command. Otherwise, it sets up an
interactive session with the command.
operationId: "ExecStart"
consumes:
- "application/json"
produces:
- "application/vnd.docker.raw-stream"
- "application/vnd.docker.multiplexed-stream"
responses:
200:
description: "No error"
404:
description: "No such exec instance"
schema:
$ref: "#/definitions/ErrorResponse"
409:
description: "Container is stopped or paused"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "execStartConfig"
in: "body"
schema:
type: "object"
title: "ExecStartConfig"
properties:
Detach:
type: "boolean"
description: "Detach from the command."
Tty:
type: "boolean"
description: "Allocate a pseudo-TTY."
ConsoleSize:
type: "array"
description: "Initial console size, as an `[height, width]` array."
x-nullable: true
minItems: 2
maxItems: 2
items:
type: "integer"
minimum: 0
example:
Detach: false
Tty: true
ConsoleSize: [80, 64]
- name: "id"
in: "path"
description: "Exec instance ID"
required: true
type: "string"
tags: ["Exec"]
/exec/{id}/resize:
post:
summary: "Resize an exec instance"
description: |
Resize the TTY session used by an exec instance. This endpoint only works
if `tty` was specified as part of creating and starting the exec instance.
operationId: "ExecResize"
responses:
200:
description: "No error"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "No such exec instance"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
description: "Exec instance ID"
required: true
type: "string"
- name: "h"
in: "query"
description: "Height of the TTY session in characters"
type: "integer"
- name: "w"
in: "query"
description: "Width of the TTY session in characters"
type: "integer"
tags: ["Exec"]
/exec/{id}/json:
get:
summary: "Inspect an exec instance"
description: "Return low-level information about an exec instance."
operationId: "ExecInspect"
produces:
- "application/json"
responses:
200:
description: "No error"
schema:
type: "object"
title: "ExecInspectResponse"
properties:
CanRemove:
type: "boolean"
DetachKeys:
type: "string"
ID:
type: "string"
Running:
type: "boolean"
ExitCode:
type: "integer"
ProcessConfig:
$ref: "#/definitions/ProcessConfig"
OpenStdin:
type: "boolean"
OpenStderr:
type: "boolean"
OpenStdout:
type: "boolean"
ContainerID:
type: "string"
Pid:
type: "integer"
description: "The system process ID for the exec process."
examples:
application/json:
CanRemove: false
ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
DetachKeys: ""
ExitCode: 2
ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
OpenStderr: true
OpenStdin: true
OpenStdout: true
ProcessConfig:
arguments:
- "-c"
- "exit 2"
entrypoint: "sh"
privileged: false
tty: true
user: "1000"
Running: false
Pid: 42000
404:
description: "No such exec instance"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
description: "Exec instance ID"
required: true
type: "string"
tags: ["Exec"]
/volumes:
get:
summary: "List volumes"
operationId: "VolumeList"
produces: ["application/json"]
responses:
200:
description: "Summary volume data that matches the query"
schema:
$ref: "#/definitions/VolumeListResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "filters"
in: "query"
description: |
JSON encoded value of the filters (a `map[string][]string`) to
process on the volumes list. Available filters:
- `dangling=<boolean>` When set to `true` (or `1`), returns all
volumes that are not in use by a container. When set to `false`
(or `0`), only volumes that are in use by one or more
containers are returned.
- `driver=<volume-driver-name>` Matches volumes based on their driver.
- `label=<key>` or `label=<key>:<value>` Matches volumes based on
the presence of a `label` alone or a `label` and a value.
- `name=<volume-name>` Matches all or part of a volume name.
type: "string"
format: "json"
tags: ["Volume"]
/volumes/create:
post:
summary: "Create a volume"
operationId: "VolumeCreate"
consumes: ["application/json"]
produces: ["application/json"]
responses:
201:
description: "The volume was created successfully"
schema:
$ref: "#/definitions/Volume"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "volumeConfig"
in: "body"
required: true
description: "Volume configuration"
schema:
$ref: "#/definitions/VolumeCreateOptions"
tags: ["Volume"]
/volumes/{name}:
get:
summary: "Inspect a volume"
operationId: "VolumeInspect"
produces: ["application/json"]
responses:
200:
description: "No error"
schema:
$ref: "#/definitions/Volume"
404:
description: "No such volume"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "path"
required: true
description: "Volume name or ID"
type: "string"
tags: ["Volume"]
put:
summary: |
"Update a volume. Valid only for Swarm cluster volumes"
operationId: "VolumeUpdate"
consumes: ["application/json"]
produces: ["application/json"]
responses:
200:
description: "no error"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "no such volume"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "path"
description: "The name or ID of the volume"
type: "string"
required: true
- name: "body"
in: "body"
schema:
# though the schema for is an object that contains only a
# ClusterVolumeSpec, wrapping the ClusterVolumeSpec in this object
# means that if, later on, we support things like changing the
# labels, we can do so without duplicating that information to the
# ClusterVolumeSpec.
type: "object"
description: "Volume configuration"
properties:
Spec:
$ref: "#/definitions/ClusterVolumeSpec"
description: |
The spec of the volume to update. Currently, only Availability may
change. All other fields must remain unchanged.
- name: "version"
in: "query"
description: |
The version number of the volume being updated. This is required to
avoid conflicting writes. Found in the volume's `ClusterVolume`
field.
type: "integer"
format: "int64"
required: true
tags: ["Volume"]
delete:
summary: "Remove a volume"
description: "Instruct the driver to remove the volume."
operationId: "VolumeDelete"
responses:
204:
description: "The volume was removed"
404:
description: "No such volume or volume driver"
schema:
$ref: "#/definitions/ErrorResponse"
409:
description: "Volume is in use and cannot be removed"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "path"
required: true
description: "Volume name or ID"
type: "string"
- name: "force"
in: "query"
description: "Force the removal of the volume"
type: "boolean"
default: false
tags: ["Volume"]
/volumes/prune:
post:
summary: "Delete unused volumes"
produces:
- "application/json"
operationId: "VolumePrune"
parameters:
- name: "filters"
in: "query"
description: |
Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
Available filters:
- `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
type: "string"
responses:
200:
description: "No error"
schema:
type: "object"
title: "VolumePruneResponse"
properties:
VolumesDeleted:
description: "Volumes that were deleted"
type: "array"
items:
type: "string"
SpaceReclaimed:
description: "Disk space reclaimed in bytes"
type: "integer"
format: "int64"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["Volume"]
/networks:
get:
summary: "List networks"
description: |
Returns a list of networks. For details on the format, see the
[network inspect endpoint](#operation/NetworkInspect).
Note that it uses a different, smaller representation of a network than
inspecting a single network. For example, the list of containers attached
to the network is not propagated in API versions 1.28 and up.
operationId: "NetworkList"
produces:
- "application/json"
responses:
200:
description: "No error"
schema:
type: "array"
items:
$ref: "#/definitions/Network"
examples:
application/json:
- Name: "bridge"
Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
Created: "2016-10-19T06:21:00.416543526Z"
Scope: "local"
Driver: "bridge"
EnableIPv6: false
Internal: false
Attachable: false
Ingress: false
IPAM:
Driver: "default"
Config:
-
Subnet: "172.17.0.0/16"
Options:
com.docker.network.bridge.default_bridge: "true"
com.docker.network.bridge.enable_icc: "true"
com.docker.network.bridge.enable_ip_masquerade: "true"
com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
com.docker.network.bridge.name: "docker0"
com.docker.network.driver.mtu: "1500"
- Name: "none"
Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
Created: "0001-01-01T00:00:00Z"
Scope: "local"
Driver: "null"
EnableIPv6: false
Internal: false
Attachable: false
Ingress: false
IPAM:
Driver: "default"
Config: []
Containers: {}
Options: {}
- Name: "host"
Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
Created: "0001-01-01T00:00:00Z"
Scope: "local"
Driver: "host"
EnableIPv6: false
Internal: false
Attachable: false
Ingress: false
IPAM:
Driver: "default"
Config: []
Containers: {}
Options: {}
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "filters"
in: "query"
description: |
JSON encoded value of the filters (a `map[string][]string`) to process
on the networks list.
Available filters:
- `dangling=<boolean>` When set to `true` (or `1`), returns all
networks that are not in use by a container. When set to `false`
(or `0`), only networks that are in use by one or more
containers are returned.
- `driver=<driver-name>` Matches a network's driver.
- `id=<network-id>` Matches all or part of a network ID.
- `label=<key>` or `label=<key>=<value>` of a network label.
- `name=<network-name>` Matches all or part of a network name.
- `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
- `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
type: "string"
tags: ["Network"]
/networks/{id}:
get:
summary: "Inspect a network"
operationId: "NetworkInspect"
produces:
- "application/json"
responses:
200:
description: "No error"
schema:
$ref: "#/definitions/Network"
404:
description: "Network not found"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
description: "Network ID or name"
required: true
type: "string"
- name: "verbose"
in: "query"
description: "Detailed inspect output for troubleshooting"
type: "boolean"
default: false
- name: "scope"
in: "query"
description: "Filter the network by scope (swarm, global, or local)"
type: "string"
tags: ["Network"]
delete:
summary: "Remove a network"
operationId: "NetworkDelete"
responses:
204:
description: "No error"
403:
description: "operation not supported for pre-defined networks"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "no such network"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
description: "Network ID or name"
required: true
type: "string"
tags: ["Network"]
/networks/create:
post:
summary: "Create a network"
operationId: "NetworkCreate"
consumes:
- "application/json"
produces:
- "application/json"
responses:
201:
description: "No error"
schema:
type: "object"
title: "NetworkCreateResponse"
properties:
Id:
description: "The ID of the created network."
type: "string"
Warning:
type: "string"
example:
Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
Warning: ""
403:
description: "operation not supported for pre-defined networks"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "plugin not found"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "networkConfig"
in: "body"
description: "Network configuration"
required: true
schema:
type: "object"
title: "NetworkCreateRequest"
required: ["Name"]
properties:
Name:
description: "The network's name."
type: "string"
CheckDuplicate:
description: |
Check for networks with duplicate names. Since Network is
primarily keyed based on a random ID and not on the name, and
network name is strictly a user-friendly alias to the network
which is uniquely identified using ID, there is no guaranteed
way to check for duplicates. CheckDuplicate is there to provide
a best effort checking of any networks which has the same name
but it is not guaranteed to catch all name collisions.
type: "boolean"
Driver:
description: "Name of the network driver plugin to use."
type: "string"
default: "bridge"
Internal:
description: "Restrict external access to the network."
type: "boolean"
Attachable:
description: |
Globally scoped network is manually attachable by regular
containers from workers in swarm mode.
type: "boolean"
Ingress:
description: |
Ingress network is the network which provides the routing-mesh
in swarm mode.
type: "boolean"
IPAM:
description: "Optional custom IP scheme for the network."
$ref: "#/definitions/IPAM"
EnableIPv6:
description: "Enable IPv6 on the network."
type: "boolean"
Options:
description: "Network specific options to be used by the drivers."
type: "object"
additionalProperties:
type: "string"
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
example:
Name: "isolated_nw"
CheckDuplicate: false
Driver: "bridge"
EnableIPv6: true
IPAM:
Driver: "default"
Config:
- Subnet: "172.20.0.0/16"
IPRange: "172.20.10.0/24"
Gateway: "172.20.10.11"
- Subnet: "2001:db8:abcd::/64"
Gateway: "2001:db8:abcd::1011"
Options:
foo: "bar"
Internal: true
Attachable: false
Ingress: false
Options:
com.docker.network.bridge.default_bridge: "true"
com.docker.network.bridge.enable_icc: "true"
com.docker.network.bridge.enable_ip_masquerade: "true"
com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
com.docker.network.bridge.name: "docker0"
com.docker.network.driver.mtu: "1500"
Labels:
com.example.some-label: "some-value"
com.example.some-other-label: "some-other-value"
tags: ["Network"]
/networks/{id}/connect:
post:
summary: "Connect a container to a network"
operationId: "NetworkConnect"
consumes:
- "application/json"
responses:
200:
description: "No error"
403:
description: "Operation not supported for swarm scoped networks"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "Network or container not found"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
description: "Network ID or name"
required: true
type: "string"
- name: "container"
in: "body"
required: true
schema:
type: "object"
title: "NetworkConnectRequest"
properties:
Container:
type: "string"
description: "The ID or name of the container to connect to the network."
EndpointConfig:
$ref: "#/definitions/EndpointSettings"
example:
Container: "3613f73ba0e4"
EndpointConfig:
IPAMConfig:
IPv4Address: "172.24.56.89"
IPv6Address: "2001:db8::5689"
tags: ["Network"]
/networks/{id}/disconnect:
post:
summary: "Disconnect a container from a network"
operationId: "NetworkDisconnect"
consumes:
- "application/json"
responses:
200:
description: "No error"
403:
description: "Operation not supported for swarm scoped networks"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "Network or container not found"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
description: "Network ID or name"
required: true
type: "string"
- name: "container"
in: "body"
required: true
schema:
type: "object"
title: "NetworkDisconnectRequest"
properties:
Container:
type: "string"
description: |
The ID or name of the container to disconnect from the network.
Force:
type: "boolean"
description: |
Force the container to disconnect from the network.
tags: ["Network"]
/networks/prune:
post:
summary: "Delete unused networks"
produces:
- "application/json"
operationId: "NetworkPrune"
parameters:
- name: "filters"
in: "query"
description: |
Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
Available filters:
- `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machines time.
- `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
type: "string"
responses:
200:
description: "No error"
schema:
type: "object"
title: "NetworkPruneResponse"
properties:
NetworksDeleted:
description: "Networks that were deleted"
type: "array"
items:
type: "string"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["Network"]
/plugins:
get:
summary: "List plugins"
operationId: "PluginList"
description: "Returns information about installed plugins."
produces: ["application/json"]
responses:
200:
description: "No error"
schema:
type: "array"
items:
$ref: "#/definitions/Plugin"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "filters"
in: "query"
type: "string"
description: |
A JSON encoded value of the filters (a `map[string][]string`) to
process on the plugin list.
Available filters:
- `capability=<capability name>`
- `enable=<true>|<false>`
tags: ["Plugin"]
/plugins/privileges:
get:
summary: "Get plugin privileges"
operationId: "GetPluginPrivileges"
responses:
200:
description: "no error"
schema:
type: "array"
items:
$ref: "#/definitions/PluginPrivilege"
example:
- Name: "network"
Description: ""
Value:
- "host"
- Name: "mount"
Description: ""
Value:
- "/data"
- Name: "device"
Description: ""
Value:
- "/dev/cpu_dma_latency"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "remote"
in: "query"
description: |
The name of the plugin. The `:latest` tag is optional, and is the
default if omitted.
required: true
type: "string"
tags:
- "Plugin"
/plugins/pull:
post:
summary: "Install a plugin"
operationId: "PluginPull"
description: |
Pulls and installs a plugin. After the plugin is installed, it can be
enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
produces:
- "application/json"
responses:
204:
description: "no error"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "remote"
in: "query"
description: |
Remote reference for plugin to install.
The `:latest` tag is optional, and is used as the default if omitted.
required: true
type: "string"
- name: "name"
in: "query"
description: |
Local name for the pulled plugin.
The `:latest` tag is optional, and is used as the default if omitted.
required: false
type: "string"
- name: "X-Registry-Auth"
in: "header"
description: |
A base64url-encoded auth configuration to use when pulling a plugin
from a registry.
Refer to the [authentication section](#section/Authentication) for
details.
type: "string"
- name: "body"
in: "body"
schema:
type: "array"
items:
$ref: "#/definitions/PluginPrivilege"
example:
- Name: "network"
Description: ""
Value:
- "host"
- Name: "mount"
Description: ""
Value:
- "/data"
- Name: "device"
Description: ""
Value:
- "/dev/cpu_dma_latency"
tags: ["Plugin"]
/plugins/{name}/json:
get:
summary: "Inspect a plugin"
operationId: "PluginInspect"
responses:
200:
description: "no error"
schema:
$ref: "#/definitions/Plugin"
404:
description: "plugin is not installed"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "path"
description: |
The name of the plugin. The `:latest` tag is optional, and is the
default if omitted.
required: true
type: "string"
tags: ["Plugin"]
/plugins/{name}:
delete:
summary: "Remove a plugin"
operationId: "PluginDelete"
responses:
200:
description: "no error"
schema:
$ref: "#/definitions/Plugin"
404:
description: "plugin is not installed"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "path"
description: |
The name of the plugin. The `:latest` tag is optional, and is the
default if omitted.
required: true
type: "string"
- name: "force"
in: "query"
description: |
Disable the plugin before removing. This may result in issues if the
plugin is in use by a container.
type: "boolean"
default: false
tags: ["Plugin"]
/plugins/{name}/enable:
post:
summary: "Enable a plugin"
operationId: "PluginEnable"
responses:
200:
description: "no error"
404:
description: "plugin is not installed"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "path"
description: |
The name of the plugin. The `:latest` tag is optional, and is the
default if omitted.
required: true
type: "string"
- name: "timeout"
in: "query"
description: "Set the HTTP client timeout (in seconds)"
type: "integer"
default: 0
tags: ["Plugin"]
/plugins/{name}/disable:
post:
summary: "Disable a plugin"
operationId: "PluginDisable"
responses:
200:
description: "no error"
404:
description: "plugin is not installed"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "path"
description: |
The name of the plugin. The `:latest` tag is optional, and is the
default if omitted.
required: true
type: "string"
tags: ["Plugin"]
/plugins/{name}/upgrade:
post:
summary: "Upgrade a plugin"
operationId: "PluginUpgrade"
responses:
204:
description: "no error"
404:
description: "plugin not installed"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "path"
description: |
The name of the plugin. The `:latest` tag is optional, and is the
default if omitted.
required: true
type: "string"
- name: "remote"
in: "query"
description: |
Remote reference to upgrade to.
The `:latest` tag is optional, and is used as the default if omitted.
required: true
type: "string"
- name: "X-Registry-Auth"
in: "header"
description: |
A base64url-encoded auth configuration to use when pulling a plugin
from a registry.
Refer to the [authentication section](#section/Authentication) for
details.
type: "string"
- name: "body"
in: "body"
schema:
type: "array"
items:
$ref: "#/definitions/PluginPrivilege"
example:
- Name: "network"
Description: ""
Value:
- "host"
- Name: "mount"
Description: ""
Value:
- "/data"
- Name: "device"
Description: ""
Value:
- "/dev/cpu_dma_latency"
tags: ["Plugin"]
/plugins/create:
post:
summary: "Create a plugin"
operationId: "PluginCreate"
consumes:
- "application/x-tar"
responses:
204:
description: "no error"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "query"
description: |
The name of the plugin. The `:latest` tag is optional, and is the
default if omitted.
required: true
type: "string"
- name: "tarContext"
in: "body"
description: "Path to tar containing plugin rootfs and manifest"
schema:
type: "string"
format: "binary"
tags: ["Plugin"]
/plugins/{name}/push:
post:
summary: "Push a plugin"
operationId: "PluginPush"
description: |
Push a plugin to the registry.
parameters:
- name: "name"
in: "path"
description: |
The name of the plugin. The `:latest` tag is optional, and is the
default if omitted.
required: true
type: "string"
responses:
200:
description: "no error"
404:
description: "plugin not installed"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["Plugin"]
/plugins/{name}/set:
post:
summary: "Configure a plugin"
operationId: "PluginSet"
consumes:
- "application/json"
parameters:
- name: "name"
in: "path"
description: |
The name of the plugin. The `:latest` tag is optional, and is the
default if omitted.
required: true
type: "string"
- name: "body"
in: "body"
schema:
type: "array"
items:
type: "string"
example: ["DEBUG=1"]
responses:
204:
description: "No error"
404:
description: "Plugin not installed"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["Plugin"]
/nodes:
get:
summary: "List nodes"
operationId: "NodeList"
responses:
200:
description: "no error"
schema:
type: "array"
items:
$ref: "#/definitions/Node"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "filters"
in: "query"
description: |
Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
Available filters:
- `id=<node id>`
- `label=<engine label>`
- `membership=`(`accepted`|`pending`)`
- `name=<node name>`
- `node.label=<node label>`
- `role=`(`manager`|`worker`)`
type: "string"
tags: ["Node"]
/nodes/{id}:
get:
summary: "Inspect a node"
operationId: "NodeInspect"
responses:
200:
description: "no error"
schema:
$ref: "#/definitions/Node"
404:
description: "no such node"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
description: "The ID or name of the node"
type: "string"
required: true
tags: ["Node"]
delete:
summary: "Delete a node"
operationId: "NodeDelete"
responses:
200:
description: "no error"
404:
description: "no such node"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
description: "The ID or name of the node"
type: "string"
required: true
- name: "force"
in: "query"
description: "Force remove a node from the swarm"
default: false
type: "boolean"
tags: ["Node"]
/nodes/{id}/update:
post:
summary: "Update a node"
operationId: "NodeUpdate"
responses:
200:
description: "no error"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "no such node"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
description: "The ID of the node"
type: "string"
required: true
- name: "body"
in: "body"
schema:
$ref: "#/definitions/NodeSpec"
- name: "version"
in: "query"
description: |
The version number of the node object being updated. This is required
to avoid conflicting writes.
type: "integer"
format: "int64"
required: true
tags: ["Node"]
/swarm:
get:
summary: "Inspect swarm"
operationId: "SwarmInspect"
responses:
200:
description: "no error"
schema:
$ref: "#/definitions/Swarm"
404:
description: "no such swarm"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["Swarm"]
/swarm/init:
post:
summary: "Initialize a new swarm"
operationId: "SwarmInit"
produces:
- "application/json"
- "text/plain"
responses:
200:
description: "no error"
schema:
description: "The node ID"
type: "string"
example: "7v2t30z9blmxuhnyo6s4cpenp"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is already part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "body"
in: "body"
required: true
schema:
type: "object"
title: "SwarmInitRequest"
properties:
ListenAddr:
description: |
Listen address used for inter-manager communication, as well
as determining the networking interface used for the VXLAN
Tunnel Endpoint (VTEP). This can either be an address/port
combination in the form `192.168.1.1:4567`, or an interface
followed by a port number, like `eth0:4567`. If the port number
is omitted, the default swarm listening port is used.
type: "string"
AdvertiseAddr:
description: |
Externally reachable address advertised to other nodes. This
can either be an address/port combination in the form
`192.168.1.1:4567`, or an interface followed by a port number,
like `eth0:4567`. If the port number is omitted, the port
number from the listen address is used. If `AdvertiseAddr` is
not specified, it will be automatically detected when possible.
type: "string"
DataPathAddr:
description: |
Address or interface to use for data path traffic (format:
`<ip|interface>`), for example, `192.168.1.1`, or an interface,
like `eth0`. If `DataPathAddr` is unspecified, the same address
as `AdvertiseAddr` is used.
The `DataPathAddr` specifies the address that global scope
network drivers will publish towards other nodes in order to
reach the containers running on this node. Using this parameter
it is possible to separate the container data traffic from the
management traffic of the cluster.
type: "string"
DataPathPort:
description: |
DataPathPort specifies the data path port number for data traffic.
Acceptable port range is 1024 to 49151.
if no port is set or is set to 0, default port 4789 will be used.
type: "integer"
format: "uint32"
DefaultAddrPool:
description: |
Default Address Pool specifies default subnet pools for global
scope networks.
type: "array"
items:
type: "string"
example: ["10.10.0.0/16", "20.20.0.0/16"]
ForceNewCluster:
description: "Force creation of a new swarm."
type: "boolean"
SubnetSize:
description: |
SubnetSize specifies the subnet size of the networks created
from the default subnet pool.
type: "integer"
format: "uint32"
Spec:
$ref: "#/definitions/SwarmSpec"
example:
ListenAddr: "0.0.0.0:2377"
AdvertiseAddr: "192.168.1.1:2377"
DataPathPort: 4789
DefaultAddrPool: ["10.10.0.0/8", "20.20.0.0/8"]
SubnetSize: 24
ForceNewCluster: false
Spec:
Orchestration: {}
Raft: {}
Dispatcher: {}
CAConfig: {}
EncryptionConfig:
AutoLockManagers: false
tags: ["Swarm"]
/swarm/join:
post:
summary: "Join an existing swarm"
operationId: "SwarmJoin"
responses:
200:
description: "no error"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is already part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "body"
in: "body"
required: true
schema:
type: "object"
title: "SwarmJoinRequest"
properties:
ListenAddr:
description: |
Listen address used for inter-manager communication if the node
gets promoted to manager, as well as determining the networking
interface used for the VXLAN Tunnel Endpoint (VTEP).
type: "string"
AdvertiseAddr:
description: |
Externally reachable address advertised to other nodes. This
can either be an address/port combination in the form
`192.168.1.1:4567`, or an interface followed by a port number,
like `eth0:4567`. If the port number is omitted, the port
number from the listen address is used. If `AdvertiseAddr` is
not specified, it will be automatically detected when possible.
type: "string"
DataPathAddr:
description: |
Address or interface to use for data path traffic (format:
`<ip|interface>`), for example, `192.168.1.1`, or an interface,
like `eth0`. If `DataPathAddr` is unspecified, the same address
as `AdvertiseAddr` is used.
The `DataPathAddr` specifies the address that global scope
network drivers will publish towards other nodes in order to
reach the containers running on this node. Using this parameter
it is possible to separate the container data traffic from the
management traffic of the cluster.
type: "string"
RemoteAddrs:
description: |
Addresses of manager nodes already participating in the swarm.
type: "array"
items:
type: "string"
JoinToken:
description: "Secret token for joining this swarm."
type: "string"
example:
ListenAddr: "0.0.0.0:2377"
AdvertiseAddr: "192.168.1.1:2377"
RemoteAddrs:
- "node1:2377"
JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
tags: ["Swarm"]
/swarm/leave:
post:
summary: "Leave a swarm"
operationId: "SwarmLeave"
responses:
200:
description: "no error"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "force"
description: |
Force leave swarm, even if this is the last manager or that it will
break the cluster.
in: "query"
type: "boolean"
default: false
tags: ["Swarm"]
/swarm/update:
post:
summary: "Update a swarm"
operationId: "SwarmUpdate"
responses:
200:
description: "no error"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "body"
in: "body"
required: true
schema:
$ref: "#/definitions/SwarmSpec"
- name: "version"
in: "query"
description: |
The version number of the swarm object being updated. This is
required to avoid conflicting writes.
type: "integer"
format: "int64"
required: true
- name: "rotateWorkerToken"
in: "query"
description: "Rotate the worker join token."
type: "boolean"
default: false
- name: "rotateManagerToken"
in: "query"
description: "Rotate the manager join token."
type: "boolean"
default: false
- name: "rotateManagerUnlockKey"
in: "query"
description: "Rotate the manager unlock key."
type: "boolean"
default: false
tags: ["Swarm"]
/swarm/unlockkey:
get:
summary: "Get the unlock key"
operationId: "SwarmUnlockkey"
consumes:
- "application/json"
responses:
200:
description: "no error"
schema:
type: "object"
title: "UnlockKeyResponse"
properties:
UnlockKey:
description: "The swarm's unlock key."
type: "string"
example:
UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["Swarm"]
/swarm/unlock:
post:
summary: "Unlock a locked manager"
operationId: "SwarmUnlock"
consumes:
- "application/json"
produces:
- "application/json"
parameters:
- name: "body"
in: "body"
required: true
schema:
type: "object"
title: "SwarmUnlockRequest"
properties:
UnlockKey:
description: "The swarm's unlock key."
type: "string"
example:
UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
responses:
200:
description: "no error"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["Swarm"]
/services:
get:
summary: "List services"
operationId: "ServiceList"
responses:
200:
description: "no error"
schema:
type: "array"
items:
$ref: "#/definitions/Service"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "filters"
in: "query"
type: "string"
description: |
A JSON encoded value of the filters (a `map[string][]string`) to
process on the services list.
Available filters:
- `id=<service id>`
- `label=<service label>`
- `mode=["replicated"|"global"]`
- `name=<service name>`
- name: "status"
in: "query"
type: "boolean"
description: |
Include service status, with count of running and desired tasks.
tags: ["Service"]
/services/create:
post:
summary: "Create a service"
operationId: "ServiceCreate"
consumes:
- "application/json"
produces:
- "application/json"
responses:
201:
description: "no error"
schema:
type: "object"
title: "ServiceCreateResponse"
properties:
ID:
description: "The ID of the created service."
type: "string"
Warning:
description: "Optional warning message"
type: "string"
example:
ID: "ak7w3gjqoa3kuz8xcpnyy0pvl"
Warning: "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
403:
description: "network is not eligible for services"
schema:
$ref: "#/definitions/ErrorResponse"
409:
description: "name conflicts with an existing service"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "body"
in: "body"
required: true
schema:
allOf:
- $ref: "#/definitions/ServiceSpec"
- type: "object"
example:
Name: "web"
TaskTemplate:
ContainerSpec:
Image: "nginx:alpine"
Mounts:
-
ReadOnly: true
Source: "web-data"
Target: "/usr/share/nginx/html"
Type: "volume"
VolumeOptions:
DriverConfig: {}
Labels:
com.example.something: "something-value"
Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
User: "33"
DNSConfig:
Nameservers: ["8.8.8.8"]
Search: ["example.org"]
Options: ["timeout:3"]
Secrets:
-
File:
Name: "www.example.org.key"
UID: "33"
GID: "33"
Mode: 384
SecretID: "fpjqlhnwb19zds35k8wn80lq9"
SecretName: "example_org_domain_key"
LogDriver:
Name: "json-file"
Options:
max-file: "3"
max-size: "10M"
Placement: {}
Resources:
Limits:
MemoryBytes: 104857600
Reservations: {}
RestartPolicy:
Condition: "on-failure"
Delay: 10000000000
MaxAttempts: 10
Mode:
Replicated:
Replicas: 4
UpdateConfig:
Parallelism: 2
Delay: 1000000000
FailureAction: "pause"
Monitor: 15000000000
MaxFailureRatio: 0.15
RollbackConfig:
Parallelism: 1
Delay: 1000000000
FailureAction: "pause"
Monitor: 15000000000
MaxFailureRatio: 0.15
EndpointSpec:
Ports:
-
Protocol: "tcp"
PublishedPort: 8080
TargetPort: 80
Labels:
foo: "bar"
- name: "X-Registry-Auth"
in: "header"
description: |
A base64url-encoded auth configuration for pulling from private
registries.
Refer to the [authentication section](#section/Authentication) for
details.
type: "string"
tags: ["Service"]
/services/{id}:
get:
summary: "Inspect a service"
operationId: "ServiceInspect"
responses:
200:
description: "no error"
schema:
$ref: "#/definitions/Service"
404:
description: "no such service"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
description: "ID or name of service."
required: true
type: "string"
- name: "insertDefaults"
in: "query"
description: "Fill empty fields with default values."
type: "boolean"
default: false
tags: ["Service"]
delete:
summary: "Delete a service"
operationId: "ServiceDelete"
responses:
200:
description: "no error"
404:
description: "no such service"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
description: "ID or name of service."
required: true
type: "string"
tags: ["Service"]
/services/{id}/update:
post:
summary: "Update a service"
operationId: "ServiceUpdate"
consumes: ["application/json"]
produces: ["application/json"]
responses:
200:
description: "no error"
schema:
$ref: "#/definitions/ServiceUpdateResponse"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "no such service"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
description: "ID or name of service."
required: true
type: "string"
- name: "body"
in: "body"
required: true
schema:
allOf:
- $ref: "#/definitions/ServiceSpec"
- type: "object"
example:
Name: "top"
TaskTemplate:
ContainerSpec:
Image: "busybox"
Args:
- "top"
Resources:
Limits: {}
Reservations: {}
RestartPolicy:
Condition: "any"
MaxAttempts: 0
Placement: {}
ForceUpdate: 0
Mode:
Replicated:
Replicas: 1
UpdateConfig:
Parallelism: 2
Delay: 1000000000
FailureAction: "pause"
Monitor: 15000000000
MaxFailureRatio: 0.15
RollbackConfig:
Parallelism: 1
Delay: 1000000000
FailureAction: "pause"
Monitor: 15000000000
MaxFailureRatio: 0.15
EndpointSpec:
Mode: "vip"
- name: "version"
in: "query"
description: |
The version number of the service object being updated. This is
required to avoid conflicting writes.
This version number should be the value as currently set on the
service *before* the update. You can find the current version by
calling `GET /services/{id}`
required: true
type: "integer"
- name: "registryAuthFrom"
in: "query"
description: |
If the `X-Registry-Auth` header is not specified, this parameter
indicates where to find registry authorization credentials.
type: "string"
enum: ["spec", "previous-spec"]
default: "spec"
- name: "rollback"
in: "query"
description: |
Set to this parameter to `previous` to cause a server-side rollback
to the previous service spec. The supplied spec will be ignored in
this case.
type: "string"
- name: "X-Registry-Auth"
in: "header"
description: |
A base64url-encoded auth configuration for pulling from private
registries.
Refer to the [authentication section](#section/Authentication) for
details.
type: "string"
tags: ["Service"]
/services/{id}/logs:
get:
summary: "Get service logs"
description: |
Get `stdout` and `stderr` logs from a service. See also
[`/containers/{id}/logs`](#operation/ContainerLogs).
**Note**: This endpoint works only for services with the `local`,
`json-file` or `journald` logging drivers.
produces:
- "application/vnd.docker.raw-stream"
- "application/vnd.docker.multiplexed-stream"
operationId: "ServiceLogs"
responses:
200:
description: "logs returned as a stream in response body"
schema:
type: "string"
format: "binary"
404:
description: "no such service"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such service: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID or name of the service"
type: "string"
- name: "details"
in: "query"
description: "Show service context and extra details provided to logs."
type: "boolean"
default: false
- name: "follow"
in: "query"
description: "Keep connection after returning logs."
type: "boolean"
default: false
- name: "stdout"
in: "query"
description: "Return logs from `stdout`"
type: "boolean"
default: false
- name: "stderr"
in: "query"
description: "Return logs from `stderr`"
type: "boolean"
default: false
- name: "since"
in: "query"
description: "Only return logs since this time, as a UNIX timestamp"
type: "integer"
default: 0
- name: "timestamps"
in: "query"
description: "Add timestamps to every log line"
type: "boolean"
default: false
- name: "tail"
in: "query"
description: |
Only return this number of log lines from the end of the logs.
Specify as an integer or `all` to output all log lines.
type: "string"
default: "all"
tags: ["Service"]
/tasks:
get:
summary: "List tasks"
operationId: "TaskList"
produces:
- "application/json"
responses:
200:
description: "no error"
schema:
type: "array"
items:
$ref: "#/definitions/Task"
example:
- ID: "0kzzo1i0y4jz6027t0k7aezc7"
Version:
Index: 71
CreatedAt: "2016-06-07T21:07:31.171892745Z"
UpdatedAt: "2016-06-07T21:07:31.376370513Z"
Spec:
ContainerSpec:
Image: "redis"
Resources:
Limits: {}
Reservations: {}
RestartPolicy:
Condition: "any"
MaxAttempts: 0
Placement: {}
ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
Slot: 1
NodeID: "60gvrl6tm78dmak4yl7srz94v"
Status:
Timestamp: "2016-06-07T21:07:31.290032978Z"
State: "running"
Message: "started"
ContainerStatus:
ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
PID: 677
DesiredState: "running"
NetworksAttachments:
- Network:
ID: "4qvuz4ko70xaltuqbt8956gd1"
Version:
Index: 18
CreatedAt: "2016-06-07T20:31:11.912919752Z"
UpdatedAt: "2016-06-07T21:07:29.955277358Z"
Spec:
Name: "ingress"
Labels:
com.docker.swarm.internal: "true"
DriverConfiguration: {}
IPAMOptions:
Driver: {}
Configs:
- Subnet: "10.255.0.0/16"
Gateway: "10.255.0.1"
DriverState:
Name: "overlay"
Options:
com.docker.network.driver.overlay.vxlanid_list: "256"
IPAMOptions:
Driver:
Name: "default"
Configs:
- Subnet: "10.255.0.0/16"
Gateway: "10.255.0.1"
Addresses:
- "10.255.0.10/16"
- ID: "1yljwbmlr8er2waf8orvqpwms"
Version:
Index: 30
CreatedAt: "2016-06-07T21:07:30.019104782Z"
UpdatedAt: "2016-06-07T21:07:30.231958098Z"
Name: "hopeful_cori"
Spec:
ContainerSpec:
Image: "redis"
Resources:
Limits: {}
Reservations: {}
RestartPolicy:
Condition: "any"
MaxAttempts: 0
Placement: {}
ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
Slot: 1
NodeID: "60gvrl6tm78dmak4yl7srz94v"
Status:
Timestamp: "2016-06-07T21:07:30.202183143Z"
State: "shutdown"
Message: "shutdown"
ContainerStatus:
ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
DesiredState: "shutdown"
NetworksAttachments:
- Network:
ID: "4qvuz4ko70xaltuqbt8956gd1"
Version:
Index: 18
CreatedAt: "2016-06-07T20:31:11.912919752Z"
UpdatedAt: "2016-06-07T21:07:29.955277358Z"
Spec:
Name: "ingress"
Labels:
com.docker.swarm.internal: "true"
DriverConfiguration: {}
IPAMOptions:
Driver: {}
Configs:
- Subnet: "10.255.0.0/16"
Gateway: "10.255.0.1"
DriverState:
Name: "overlay"
Options:
com.docker.network.driver.overlay.vxlanid_list: "256"
IPAMOptions:
Driver:
Name: "default"
Configs:
- Subnet: "10.255.0.0/16"
Gateway: "10.255.0.1"
Addresses:
- "10.255.0.5/16"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "filters"
in: "query"
type: "string"
description: |
A JSON encoded value of the filters (a `map[string][]string`) to
process on the tasks list.
Available filters:
- `desired-state=(running | shutdown | accepted)`
- `id=<task id>`
- `label=key` or `label="key=value"`
- `name=<task name>`
- `node=<node id or name>`
- `service=<service name>`
tags: ["Task"]
/tasks/{id}:
get:
summary: "Inspect a task"
operationId: "TaskInspect"
produces:
- "application/json"
responses:
200:
description: "no error"
schema:
$ref: "#/definitions/Task"
404:
description: "no such task"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
description: "ID of the task"
required: true
type: "string"
tags: ["Task"]
/tasks/{id}/logs:
get:
summary: "Get task logs"
description: |
Get `stdout` and `stderr` logs from a task.
See also [`/containers/{id}/logs`](#operation/ContainerLogs).
**Note**: This endpoint works only for services with the `local`,
`json-file` or `journald` logging drivers.
operationId: "TaskLogs"
produces:
- "application/vnd.docker.raw-stream"
- "application/vnd.docker.multiplexed-stream"
responses:
200:
description: "logs returned as a stream in response body"
schema:
type: "string"
format: "binary"
404:
description: "no such task"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such task: c2ada9df5af8"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
description: "ID of the task"
type: "string"
- name: "details"
in: "query"
description: "Show task context and extra details provided to logs."
type: "boolean"
default: false
- name: "follow"
in: "query"
description: "Keep connection after returning logs."
type: "boolean"
default: false
- name: "stdout"
in: "query"
description: "Return logs from `stdout`"
type: "boolean"
default: false
- name: "stderr"
in: "query"
description: "Return logs from `stderr`"
type: "boolean"
default: false
- name: "since"
in: "query"
description: "Only return logs since this time, as a UNIX timestamp"
type: "integer"
default: 0
- name: "timestamps"
in: "query"
description: "Add timestamps to every log line"
type: "boolean"
default: false
- name: "tail"
in: "query"
description: |
Only return this number of log lines from the end of the logs.
Specify as an integer or `all` to output all log lines.
type: "string"
default: "all"
tags: ["Task"]
/secrets:
get:
summary: "List secrets"
operationId: "SecretList"
produces:
- "application/json"
responses:
200:
description: "no error"
schema:
type: "array"
items:
$ref: "#/definitions/Secret"
example:
- ID: "blt1owaxmitz71s9v5zh81zun"
Version:
Index: 85
CreatedAt: "2017-07-20T13:55:28.678958722Z"
UpdatedAt: "2017-07-20T13:55:28.678958722Z"
Spec:
Name: "mysql-passwd"
Labels:
some.label: "some.value"
Driver:
Name: "secret-bucket"
Options:
OptionA: "value for driver option A"
OptionB: "value for driver option B"
- ID: "ktnbjxoalbkvbvedmg1urrz8h"
Version:
Index: 11
CreatedAt: "2016-11-05T01:20:17.327670065Z"
UpdatedAt: "2016-11-05T01:20:17.327670065Z"
Spec:
Name: "app-dev.crt"
Labels:
foo: "bar"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "filters"
in: "query"
type: "string"
description: |
A JSON encoded value of the filters (a `map[string][]string`) to
process on the secrets list.
Available filters:
- `id=<secret id>`
- `label=<key> or label=<key>=value`
- `name=<secret name>`
- `names=<secret name>`
tags: ["Secret"]
/secrets/create:
post:
summary: "Create a secret"
operationId: "SecretCreate"
consumes:
- "application/json"
produces:
- "application/json"
responses:
201:
description: "no error"
schema:
$ref: "#/definitions/IdResponse"
409:
description: "name conflicts with an existing object"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "body"
in: "body"
schema:
allOf:
- $ref: "#/definitions/SecretSpec"
- type: "object"
example:
Name: "app-key.crt"
Labels:
foo: "bar"
Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
Driver:
Name: "secret-bucket"
Options:
OptionA: "value for driver option A"
OptionB: "value for driver option B"
tags: ["Secret"]
/secrets/{id}:
get:
summary: "Inspect a secret"
operationId: "SecretInspect"
produces:
- "application/json"
responses:
200:
description: "no error"
schema:
$ref: "#/definitions/Secret"
examples:
application/json:
ID: "ktnbjxoalbkvbvedmg1urrz8h"
Version:
Index: 11
CreatedAt: "2016-11-05T01:20:17.327670065Z"
UpdatedAt: "2016-11-05T01:20:17.327670065Z"
Spec:
Name: "app-dev.crt"
Labels:
foo: "bar"
Driver:
Name: "secret-bucket"
Options:
OptionA: "value for driver option A"
OptionB: "value for driver option B"
404:
description: "secret not found"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
type: "string"
description: "ID of the secret"
tags: ["Secret"]
delete:
summary: "Delete a secret"
operationId: "SecretDelete"
produces:
- "application/json"
responses:
204:
description: "no error"
404:
description: "secret not found"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
type: "string"
description: "ID of the secret"
tags: ["Secret"]
/secrets/{id}/update:
post:
summary: "Update a Secret"
operationId: "SecretUpdate"
responses:
200:
description: "no error"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "no such secret"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
description: "The ID or name of the secret"
type: "string"
required: true
- name: "body"
in: "body"
schema:
$ref: "#/definitions/SecretSpec"
description: |
The spec of the secret to update. Currently, only the Labels field
can be updated. All other fields must remain unchanged from the
[SecretInspect endpoint](#operation/SecretInspect) response values.
- name: "version"
in: "query"
description: |
The version number of the secret object being updated. This is
required to avoid conflicting writes.
type: "integer"
format: "int64"
required: true
tags: ["Secret"]
/configs:
get:
summary: "List configs"
operationId: "ConfigList"
produces:
- "application/json"
responses:
200:
description: "no error"
schema:
type: "array"
items:
$ref: "#/definitions/Config"
example:
- ID: "ktnbjxoalbkvbvedmg1urrz8h"
Version:
Index: 11
CreatedAt: "2016-11-05T01:20:17.327670065Z"
UpdatedAt: "2016-11-05T01:20:17.327670065Z"
Spec:
Name: "server.conf"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "filters"
in: "query"
type: "string"
description: |
A JSON encoded value of the filters (a `map[string][]string`) to
process on the configs list.
Available filters:
- `id=<config id>`
- `label=<key> or label=<key>=value`
- `name=<config name>`
- `names=<config name>`
tags: ["Config"]
/configs/create:
post:
summary: "Create a config"
operationId: "ConfigCreate"
consumes:
- "application/json"
produces:
- "application/json"
responses:
201:
description: "no error"
schema:
$ref: "#/definitions/IdResponse"
409:
description: "name conflicts with an existing object"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "body"
in: "body"
schema:
allOf:
- $ref: "#/definitions/ConfigSpec"
- type: "object"
example:
Name: "server.conf"
Labels:
foo: "bar"
Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
tags: ["Config"]
/configs/{id}:
get:
summary: "Inspect a config"
operationId: "ConfigInspect"
produces:
- "application/json"
responses:
200:
description: "no error"
schema:
$ref: "#/definitions/Config"
examples:
application/json:
ID: "ktnbjxoalbkvbvedmg1urrz8h"
Version:
Index: 11
CreatedAt: "2016-11-05T01:20:17.327670065Z"
UpdatedAt: "2016-11-05T01:20:17.327670065Z"
Spec:
Name: "app-dev.crt"
404:
description: "config not found"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
type: "string"
description: "ID of the config"
tags: ["Config"]
delete:
summary: "Delete a config"
operationId: "ConfigDelete"
produces:
- "application/json"
responses:
204:
description: "no error"
404:
description: "config not found"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
required: true
type: "string"
description: "ID of the config"
tags: ["Config"]
/configs/{id}/update:
post:
summary: "Update a Config"
operationId: "ConfigUpdate"
responses:
200:
description: "no error"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "no such config"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
503:
description: "node is not part of a swarm"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"
description: "The ID or name of the config"
type: "string"
required: true
- name: "body"
in: "body"
schema:
$ref: "#/definitions/ConfigSpec"
description: |
The spec of the config to update. Currently, only the Labels field
can be updated. All other fields must remain unchanged from the
[ConfigInspect endpoint](#operation/ConfigInspect) response values.
- name: "version"
in: "query"
description: |
The version number of the config object being updated. This is
required to avoid conflicting writes.
type: "integer"
format: "int64"
required: true
tags: ["Config"]
/distribution/{name}/json:
get:
summary: "Get image information from the registry"
description: |
Return image digest and platform information by contacting the registry.
operationId: "DistributionInspect"
produces:
- "application/json"
responses:
200:
description: "descriptor and platform information"
schema:
$ref: "#/definitions/DistributionInspect"
401:
description: "Failed authentication or no image found"
schema:
$ref: "#/definitions/ErrorResponse"
examples:
application/json:
message: "No such image: someimage (tag: latest)"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "name"
in: "path"
description: "Image name or id"
type: "string"
required: true
tags: ["Distribution"]
/session:
post:
summary: "Initialize interactive session"
description: |
Start a new interactive session with a server. Session allows server to
call back to the client for advanced capabilities.
### Hijacking
This endpoint hijacks the HTTP connection to HTTP2 transport that allows
the client to expose gPRC services on that connection.
For example, the client sends this request to upgrade the connection:
```
POST /session HTTP/1.1
Upgrade: h2c
Connection: Upgrade
```
The Docker daemon responds with a `101 UPGRADED` response follow with
the raw stream:
```
HTTP/1.1 101 UPGRADED
Connection: Upgrade
Upgrade: h2c
```
operationId: "Session"
produces:
- "application/vnd.docker.raw-stream"
responses:
101:
description: "no error, hijacking successful"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "server error"
schema:
$ref: "#/definitions/ErrorResponse"
tags: ["Session"]