config

package
v27.4.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 17, 2024 License: Apache-2.0 Imports: 33 Imported by: 363

Documentation

Index

Constants

View Source
const (
	// DefaultMaxConcurrentDownloads is the default value for
	// maximum number of downloads that
	// may take place at a time.
	DefaultMaxConcurrentDownloads = 3
	// DefaultMaxConcurrentUploads is the default value for
	// maximum number of uploads that
	// may take place at a time.
	DefaultMaxConcurrentUploads = 5
	// DefaultDownloadAttempts is the default value for
	// maximum number of attempts that
	// may take place at a time for each pull when the connection is lost.
	DefaultDownloadAttempts = 5
	// DefaultShmSize is the default value for container's shm size (64 MiB)
	DefaultShmSize int64 = 64 * 1024 * 1024
	// DefaultNetworkMtu is the default value for network MTU
	DefaultNetworkMtu = 1500
	// DisableNetworkBridge is the default value of the option to disable network bridge
	DisableNetworkBridge = "none"
	// DefaultShutdownTimeout is the default shutdown timeout (in seconds) for
	// the daemon for containers to stop when it is shutting down.
	DefaultShutdownTimeout = 15
	// DefaultInitBinary is the name of the default init binary
	DefaultInitBinary = "docker-init"
	// DefaultRuntimeBinary is the default runtime to be used by
	// containerd if none is specified
	DefaultRuntimeBinary = "runc"
	// DefaultContainersNamespace is the name of the default containerd namespace used for users containers.
	DefaultContainersNamespace = "moby"
	// DefaultPluginNamespace is the name of the default containerd namespace used for plugins.
	DefaultPluginNamespace = "plugins.moby"

	// SeccompProfileDefault is the built-in default seccomp profile.
	SeccompProfileDefault = "builtin"
	// SeccompProfileUnconfined is a special profile name for seccomp to use an
	// "unconfined" seccomp profile.
	SeccompProfileUnconfined = "unconfined"
)
View Source
const (
	// DefaultIpcMode is default for container's IpcMode, if not set otherwise
	DefaultIpcMode = container.IPCModePrivate

	// DefaultCgroupNamespaceMode is the default mode for containers cgroup namespace when using cgroups v2.
	DefaultCgroupNamespaceMode = container.CgroupnsModePrivate

	// DefaultCgroupV1NamespaceMode is the default mode for containers cgroup namespace when using cgroups v1.
	DefaultCgroupV1NamespaceMode = container.CgroupnsModeHost

	// StockRuntimeName is the reserved name/alias used to represent the
	// OCI runtime being shipped with the docker daemon package.
	StockRuntimeName = "runc"
)

Variables

This section is empty.

Functions

func GetConflictFreeLabels

func GetConflictFreeLabels(labels []string) ([]string, error)

GetConflictFreeLabels validates Labels for conflict In swarm the duplicates for labels are removed so we only take same values here, no conflict values If the key-value is the same we will only take the last label

func MaskCredentials

func MaskCredentials(rawURL string) string

MaskCredentials masks credentials that are in an URL.

func ParseGenericResources

func ParseGenericResources(value []string) ([]swarm.GenericResource, error)

ParseGenericResources parses and validates the specified string as a list of GenericResource

func Reload

func Reload(configFile string, flags *pflag.FlagSet, reload func(*Config)) error

Reload reads the configuration in the host and reloads the daemon and server.

func Validate

func Validate(config *Config) error

Validate validates some specific configs. such as config.DNS, config.Labels, config.DNSSearch, as well as config.MaxConcurrentDownloads, config.MaxConcurrentUploads and config.MaxDownloadAttempts.

func ValidateMinAPIVersion

func ValidateMinAPIVersion(ver string) error

ValidateMinAPIVersion verifies if the given API version is within the range supported by the daemon. It is used to validate a custom minimum API version set through DOCKER_MIN_API_VERSION.

Types

type BridgeConfig

type BridgeConfig struct {
	DefaultBridgeConfig

	EnableIPTables      bool   `json:"iptables,omitempty"`
	EnableIP6Tables     bool   `json:"ip6tables,omitempty"`
	EnableIPForward     bool   `json:"ip-forward,omitempty"`
	EnableIPMasq        bool   `json:"ip-masq,omitempty"`
	EnableUserlandProxy bool   `json:"userland-proxy,omitempty"`
	UserlandProxyPath   string `json:"userland-proxy-path,omitempty"`
}

BridgeConfig stores all the parameters for both the bridge driver and the default bridge network.

type BuilderConfig

type BuilderConfig struct {
	GC           BuilderGCConfig       `json:",omitempty"`
	Entitlements BuilderEntitlements   `json:",omitempty"`
	History      *BuilderHistoryConfig `json:",omitempty"`
}

BuilderConfig contains config for the builder

type BuilderEntitlements

type BuilderEntitlements struct {
	NetworkHost      *bool `json:"network-host,omitempty"`
	SecurityInsecure *bool `json:"security-insecure,omitempty"`
}

BuilderEntitlements contains settings to enable/disable entitlements

type BuilderGCConfig

type BuilderGCConfig struct {
	Enabled            bool            `json:",omitempty"`
	Policy             []BuilderGCRule `json:",omitempty"`
	DefaultKeepStorage string          `json:",omitempty"`
}

BuilderGCConfig contains GC config for a buildkit builder

type BuilderGCFilter

type BuilderGCFilter filters.Args

BuilderGCFilter contains garbage-collection filter rules for a BuildKit builder

func (*BuilderGCFilter) MarshalJSON

func (x *BuilderGCFilter) MarshalJSON() ([]byte, error)

MarshalJSON returns a JSON byte representation of the BuilderGCFilter

func (*BuilderGCFilter) UnmarshalJSON

func (x *BuilderGCFilter) UnmarshalJSON(data []byte) error

UnmarshalJSON fills the BuilderGCFilter values structure from JSON input

type BuilderGCRule

type BuilderGCRule struct {
	All         bool            `json:",omitempty"`
	Filter      BuilderGCFilter `json:",omitempty"`
	KeepStorage string          `json:",omitempty"`
}

BuilderGCRule represents a GC rule for buildkit cache

type BuilderHistoryConfig

type BuilderHistoryConfig struct {
	MaxAge     bkconfig.Duration `json:",omitempty"`
	MaxEntries int64             `json:",omitempty"`
}

BuilderHistoryConfig contains history config for a buildkit builder

type CommonConfig

type CommonConfig struct {
	AuthorizationPlugins  []string `json:"authorization-plugins,omitempty"` // AuthorizationPlugins holds list of authorization plugins
	AutoRestart           bool     `json:"-"`
	DisableBridge         bool     `json:"-"`
	ExecOptions           []string `json:"exec-opts,omitempty"`
	GraphDriver           string   `json:"storage-driver,omitempty"`
	GraphOptions          []string `json:"storage-opts,omitempty"`
	Labels                []string `json:"labels,omitempty"`
	NetworkDiagnosticPort int      `json:"network-diagnostic-port,omitempty"`
	Pidfile               string   `json:"pidfile,omitempty"`
	RawLogs               bool     `json:"raw-logs,omitempty"`
	Root                  string   `json:"data-root,omitempty"`
	ExecRoot              string   `json:"exec-root,omitempty"`
	SocketGroup           string   `json:"group,omitempty"`
	CorsHeaders           string   `json:"api-cors-header,omitempty"` // Deprecated: CORS headers should not be set on the API. This feature will be removed in the next release.

	// Proxies holds the proxies that are configured for the daemon.
	Proxies `json:"proxies"`

	// LiveRestoreEnabled determines whether we should keep containers
	// alive upon daemon shutdown/start
	LiveRestoreEnabled bool `json:"live-restore,omitempty"`

	// MaxConcurrentDownloads is the maximum number of downloads that
	// may take place at a time for each pull.
	MaxConcurrentDownloads int `json:"max-concurrent-downloads,omitempty"`

	// MaxConcurrentUploads is the maximum number of uploads that
	// may take place at a time for each push.
	MaxConcurrentUploads int `json:"max-concurrent-uploads,omitempty"`

	// MaxDownloadAttempts is the maximum number of attempts that
	// may take place at a time for each push.
	MaxDownloadAttempts int `json:"max-download-attempts,omitempty"`

	// ShutdownTimeout is the timeout value (in seconds) the daemon will wait for the container
	// to stop when daemon is being shutdown
	ShutdownTimeout int `json:"shutdown-timeout,omitempty"`

	Debug     bool             `json:"debug,omitempty"`
	Hosts     []string         `json:"hosts,omitempty"`
	LogLevel  string           `json:"log-level,omitempty"`
	LogFormat log.OutputFormat `json:"log-format,omitempty"`
	TLS       *bool            `json:"tls,omitempty"`
	TLSVerify *bool            `json:"tlsverify,omitempty"`

	// Embedded structs that allow config
	// deserialization without the full struct.
	TLSOptions

	// SwarmDefaultAdvertiseAddr is the default host/IP or network interface
	// to use if a wildcard address is specified in the ListenAddr value
	// given to the /swarm/init endpoint and no advertise address is
	// specified.
	SwarmDefaultAdvertiseAddr string `json:"swarm-default-advertise-addr"`

	// SwarmRaftHeartbeatTick is the number of ticks in time for swarm mode raft quorum heartbeat
	// Typical value is 1
	SwarmRaftHeartbeatTick uint32 `json:"swarm-raft-heartbeat-tick"`

	// SwarmRaftElectionTick is the number of ticks to elapse before followers in the quorum can propose
	// a new round of leader election.  Default, recommended value is at least 10X that of Heartbeat tick.
	// Higher values can make the quorum less sensitive to transient faults in the environment, but this also
	// means it takes longer for the managers to detect a down leader.
	SwarmRaftElectionTick uint32 `json:"swarm-raft-election-tick"`

	MetricsAddress string `json:"metrics-addr"`

	DNSConfig
	LogConfig
	BridgeConfig // BridgeConfig holds bridge network specific configuration.
	NetworkConfig
	registry.ServiceOptions

	// FIXME(vdemeester) This part is not that clear and is mainly dependent on cli flags
	// It should probably be handled outside this package.
	ValuesSet map[string]interface{} `json:"-"`

	Experimental bool `json:"experimental"` // Experimental indicates whether experimental features should be exposed or not

	// Exposed node Generic Resources
	// e.g: ["orange=red", "orange=green", "orange=blue", "apple=3"]
	NodeGenericResources []string `json:"node-generic-resources,omitempty"`

	// ContainerAddr is the address used to connect to containerd if we're
	// not starting it ourselves
	ContainerdAddr string `json:"containerd,omitempty"`

	// CriContainerd determines whether a supervised containerd instance
	// should be configured with the CRI plugin enabled. This allows using
	// Docker's containerd instance directly with a Kubernetes kubelet.
	CriContainerd bool `json:"cri-containerd,omitempty"`

	// Features contains a list of feature key value pairs indicating what features are enabled or disabled.
	// If a certain feature doesn't appear in this list then it's unset (i.e. neither true nor false).
	Features map[string]bool `json:"features,omitempty"`

	Builder BuilderConfig `json:"builder,omitempty"`

	ContainerdNamespace       string `json:"containerd-namespace,omitempty"`
	ContainerdPluginNamespace string `json:"containerd-plugin-namespace,omitempty"`

	DefaultRuntime string `json:"default-runtime,omitempty"`

	// CDISpecDirs is a list of directories in which CDI specifications can be found.
	CDISpecDirs []string `json:"cdi-spec-dirs,omitempty"`

	// The minimum API version provided by the daemon. Defaults to [defaultMinAPIVersion].
	//
	// The DOCKER_MIN_API_VERSION allows overriding the minimum API version within
	// constraints of the minimum and maximum (current) supported API versions.
	//
	// API versions older than [defaultMinAPIVersion] are deprecated and
	// to be removed in a future release. The "DOCKER_MIN_API_VERSION" env
	// var should only be used for exceptional cases, and the MinAPIVersion
	// field is therefore not included in the JSON representation.
	MinAPIVersion string `json:"-"`
}

CommonConfig defines the configuration of a docker daemon which is common across platforms. It includes json tags to deserialize configuration from a file using the same names that the flags in the command line use.

type Config

type Config struct {
	CommonConfig

	// Fields below here are platform specific.
	Runtimes             map[string]system.Runtime    `json:"runtimes,omitempty"`
	DefaultInitBinary    string                       `json:"default-init,omitempty"`
	CgroupParent         string                       `json:"cgroup-parent,omitempty"`
	EnableSelinuxSupport bool                         `json:"selinux-enabled,omitempty"`
	RemappedRoot         string                       `json:"userns-remap,omitempty"`
	Ulimits              map[string]*container.Ulimit `json:"default-ulimits,omitempty"`
	CPURealtimePeriod    int64                        `json:"cpu-rt-period,omitempty"`
	CPURealtimeRuntime   int64                        `json:"cpu-rt-runtime,omitempty"`
	Init                 bool                         `json:"init,omitempty"`
	InitPath             string                       `json:"init-path,omitempty"`
	SeccompProfile       string                       `json:"seccomp-profile,omitempty"`
	ShmSize              opts.MemBytes                `json:"default-shm-size,omitempty"`
	NoNewPrivileges      bool                         `json:"no-new-privileges,omitempty"`
	IpcMode              string                       `json:"default-ipc-mode,omitempty"`
	CgroupNamespaceMode  string                       `json:"default-cgroupns-mode,omitempty"`
	// ResolvConf is the path to the configuration of the host resolver
	ResolvConf string `json:"resolv-conf,omitempty"`
	Rootless   bool   `json:"rootless,omitempty"`
}

Config defines the configuration of a docker daemon. It includes json tags to deserialize configuration from a file using the same names that the flags in the command line uses.

func MergeDaemonConfigurations

func MergeDaemonConfigurations(flagsConfig *Config, flags *pflag.FlagSet, configFile string) (*Config, error)

MergeDaemonConfigurations reads a configuration file, loads the file configuration in an isolated structure, and merges the configuration provided from flags on top if there are no conflicts.

func New

func New() (*Config, error)

New returns a new fully initialized Config struct with default values set.

func (*Config) GetExecRoot

func (conf *Config) GetExecRoot() string

GetExecRoot returns the user configured Exec-root

func (*Config) GetInitPath

func (conf *Config) GetInitPath() string

GetInitPath returns the configured docker-init path

func (*Config) GetResolvConf

func (conf *Config) GetResolvConf() string

GetResolvConf returns the appropriate resolv.conf Check setupResolvConf on how this is selected

func (*Config) IsRootless

func (conf *Config) IsRootless() bool

IsRootless returns conf.Rootless on Linux but false on Windows

func (*Config) IsSwarmCompatible

func (conf *Config) IsSwarmCompatible() error

IsSwarmCompatible defines if swarm mode can be enabled in this config

func (*Config) IsValueSet

func (conf *Config) IsValueSet(name string) bool

IsValueSet returns true if a configuration value was explicitly set in the configuration file.

func (*Config) LookupInitPath

func (conf *Config) LookupInitPath() (string, error)

LookupInitPath returns an absolute path to the "docker-init" binary by searching relevant "libexec" directories (per FHS 3.0 & 2.3) followed by PATH

func (*Config) ValidatePlatformConfig

func (conf *Config) ValidatePlatformConfig() error

ValidatePlatformConfig checks if any platform-specific configuration settings are invalid.

type DNSConfig

type DNSConfig struct {
	DNS           []net.IP `json:"dns,omitempty"`
	DNSOptions    []string `json:"dns-opts,omitempty"`
	DNSSearch     []string `json:"dns-search,omitempty"`
	HostGatewayIP net.IP   `json:"host-gateway-ip,omitempty"`
}

DNSConfig defines the DNS configurations.

type DefaultBridgeConfig

type DefaultBridgeConfig struct {

	// Fields below here are platform specific.
	EnableIPv6                  bool   `json:"ipv6,omitempty"`
	FixedCIDRv6                 string `json:"fixed-cidr-v6,omitempty"`
	MTU                         int    `json:"mtu,omitempty"`
	DefaultIP                   net.IP `json:"ip,omitempty"`
	IP                          string `json:"bip,omitempty"`
	DefaultGatewayIPv4          net.IP `json:"default-gateway,omitempty"`
	DefaultGatewayIPv6          net.IP `json:"default-gateway-v6,omitempty"`
	InterContainerCommunication bool   `json:"icc,omitempty"`
	// contains filtered or unexported fields
}

DefaultBridgeConfig stores all the parameters for the default bridge network.

type LogConfig

type LogConfig struct {
	Type   string            `json:"log-driver,omitempty"`
	Config map[string]string `json:"log-opts,omitempty"`
}

LogConfig represents the default log configuration. It includes json tags to deserialize configuration from a file using the same names that the flags in the command line use.

type NetworkConfig

type NetworkConfig struct {
	// Default address pools for docker networks
	DefaultAddressPools opts.PoolsOpt `json:"default-address-pools,omitempty"`
	// NetworkControlPlaneMTU allows to specify the control plane MTU, this will allow to optimize the network use in some components
	NetworkControlPlaneMTU int `json:"network-control-plane-mtu,omitempty"`
	// Default options for newly created networks
	DefaultNetworkOpts map[string]map[string]string `json:"default-network-opts,omitempty"`
}

NetworkConfig stores the daemon-wide networking configurations

type Proxies

type Proxies struct {
	HTTPProxy  string `json:"http-proxy,omitempty"`
	HTTPSProxy string `json:"https-proxy,omitempty"`
	NoProxy    string `json:"no-proxy,omitempty"`
}

Proxies holds the proxies that are configured for the daemon.

type TLSOptions

type TLSOptions struct {
	CAFile   string `json:"tlscacert,omitempty"`
	CertFile string `json:"tlscert,omitempty"`
	KeyFile  string `json:"tlskey,omitempty"`
}

TLSOptions defines TLS configuration for the daemon server. It includes json tags to deserialize configuration from a file using the same names that the flags in the command line use.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL