blob: 6c096c28fc66c1122e7de5008705b4ebaab0d942 [file] [log] [blame]
# A Swagger 2.0 (a.k.a. OpenAPI) definition of the Engine API.
#
# This is used for generating API documentation and the types used by the
# client/server. See api/README.md for more information.
#
# Some style notes:
# - This file is used by ReDoc, which allows GitHub Flavored Markdown in
# descriptions.
# - There is no maximum line length, for ease of editing and pretty diffs.
# - operationIds are in the format "NounVerb", with a singular noun.
swagger: "2.0"
schemes:
- "http"
- "https"
produces:
- "application/json"
- "text/plain"
consumes:
- "application/json"
- "text/plain"
basePath: "/v1.40"
info:
title: "Docker Engine API"
version: "1.40"
x-logo:
url: "https://docs.docker.com/images/logo-docker-main.png"
description: |
The Engine API is an HTTP API served by Docker Engine. It is the API the
Docker client uses to communicate with the Engine, so everything the Docker
client can do can be done with the API.
Most of the client's commands map directly to API endpoints (e.g. `docker ps`
is `GET /containers/json`). The notable exception is running containers,
which consists of several API calls.
# Errors
The API uses standard HTTP status codes to indicate the success or failure
of the API call. The body of the response will be JSON in the following
format:
```
{
"message": "page not found"
}
```
# Versioning
The API is usually changed in each release, so API calls are versioned to
ensure that clients don't break. To lock to a specific version of the API,
you prefix the URL with its version, for example, call `/v1.30/info` to use
the v1.30 version of the `/info` endpoint. If the API version specified in
the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
is returned.
If you omit the version-prefix, the current version of the API (v1.40) is used.
For example, calling `/info` is the same as calling `/v1.40/info`. Using the
API without a version-prefix is deprecated and will be removed in a future release.
Engine releases in the near future should support this version of the API,
so your client will continue to work even if it is talking to a newer Engine.
The API uses an open schema model, which means server may add extra properties
to responses. Likewise, the server will ignore any extra query parameters and
request body properties. When you write clients, you need to ignore additional
properties in responses to ensure they do not break when talking to newer
daemons.
# Authentication
Authentication for registries is handled client side. The client has to send
authentication details to various endpoints that need to communicate with
registries, such as `POST /images/(name)/push`. These are sent as
`X-Registry-Auth` header as a [base64url encoded](https://tools.ietf.org/html/rfc4648#section-5)
(JSON) string with the following structure:
```
{
"username": "string",
"password": "string",
"email": "string",
"serveraddress": "string"
}
```
The `serveraddress` is a domain/IP without a protocol. Throughout this
structure, double quotes are required.
If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth),
you can just pass this instead of credentials:
```
{
"identitytoken": "9cbaf023786cd7..."
}
```
# The tags on paths define the menu sections in the ReDoc documentation, so
# the usage of tags must make sense for that:
# - They should be singular, not plural.
# - There should not be too many tags, or the menu becomes unwieldy. For
# example, it is preferable to add a path to the "System" tag instead of
# creating a tag with a single path in it.
# - The order of tags in this list defines the order in the menu.
tags:
# Primary objects
- name: "Container"
x-displayName: "Containers"
description: |
Create and manage containers.
- name: "Image"
x-displayName: "Images"
- name: "Network"
x-displayName: "Networks"
description: |
Networks are user-defined networks that containers can be attached to.
See the [networking documentation](https://docs.docker.com/network/)
for more information.
- name: "Volume"
x-displayName: "Volumes"
description: |
Create and manage persistent storage that can be attached to containers.
- name: "Exec"
x-displayName: "Exec"
description: |
Run new commands inside running containers. Refer to the
[command-line reference](https://docs.docker.com/engine/reference/commandline/exec/)
for more information.
To exec a command in a container, you first need to create an exec instance,
then start it. These two API endpoints are wrapped up in a single command-line
command, `docker exec`.
# Swarm things
- name: "Swarm"
x-displayName: "Swarm"
description: |
Engines can be clustered together in a swarm. Refer to the
[swarm mode documentation](https://docs.docker.com/engine/swarm/)
for more information.
- name: "Node"
x-displayName: "Nodes"
description: |
Nodes are instances of the Engine participating in a swarm. Swarm mode
must be enabled for these endpoints to work.
- name: "Service"
x-displayName: "Services"
description: |
Services are the definitions of tasks to run on a swarm. Swarm mode must
be enabled for these endpoints to work.
- name: "Task"
x-displayName: "Tasks"
description: |
A task is a container running on a swarm. It is the atomic scheduling unit
of swarm. Swarm mode must be enabled for these endpoints to work.
- name: "Secret"
x-displayName: "Secrets"
description: |
Secrets are sensitive data that can be used by services. Swarm mode must
be enabled for these endpoints to work.
- name: "Config"
x-displayName: "Configs"
description: |
Configs are application configurations that can be used by services. Swarm
mode must be enabled for these endpoints to work.
# System things
- name: "Plugin"
x-displayName: "Plugins"
- name: "System"
x-displayName: "System"
definitions:
Port:
type: "object"
description: "An open port on a container"
required: [PrivatePort, Type]
properties:
IP:
type: "string"
format: "ip-address"
description: "Host IP address that the container's port is mapped to"
PrivatePort:
type: "integer"
format: "uint16"
x-nullable: false
description: "Port on the container"
PublicPort:
type: "integer"
format: "uint16"
description: "Port exposed on the host"
Type:
type: "string"
x-nullable: false
enum: ["tcp", "udp", "sctp"]
example:
PrivatePort: 8080
PublicPort: 80
Type: "tcp"
MountPoint:
type: "object"
description: "A mount point inside a container"
properties:
Type:
type: "string"
Name:
type: "string"
Source:
type: "string"
Destination:
type: "string"
Driver:
type: "string"
Mode:
type: "string"
RW:
type: "boolean"
Propagation:
type: "string"
DeviceMapping:
type: "object"
description: "A device mapping between the host and container"
properties:
PathOnHost:
type: "string"
PathInContainer:
type: "string"
CgroupPermissions:
type: "string"
example:
PathOnHost: "/dev/deviceName"
PathInContainer: "/dev/deviceName"
CgroupPermissions: "mrw"
DeviceRequest:
type: "object"
description: "A request for devices to be sent to device drivers"
properties:
Driver:
type: "string"
example: "nvidia"
Count:
type: "integer"
example: -1
DeviceIDs:
type: "array"
items:
type: "string"
example:
- "0"
- "1"
- "GPU-fef8089b-4820-abfc-e83e-94318197576e"
Capabilities:
description: |
A list of capabilities; an OR list of AND lists of capabilities.
type: "array"
items:
type: "array"
items:
type: "string"
example:
# gpu AND nvidia AND compute
- ["gpu", "nvidia", "compute"]
Options:
description: |
Driver-specific options, specified as a key/value pairs. These options
are passed directly to the driver.
type: "object"
additionalProperties:
type: "string"
ThrottleDevice:
type: "object"
properties:
Path:
description: "Device path"
type: "string"
Rate:
description: "Rate"
type: "integer"
format: "int64"
minimum: 0
Mount:
type: "object"
properties:
Target:
description: "Container path."
type: "string"
Source:
description: "Mount source (e.g. a volume name, a host path)."
type: "string"
Type:
description: |
The mount type. Available types:
- `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
- `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
- `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
- `npipe` Mounts a named pipe from the host into the container. Must exist prior to creating the container.
type: "string"
enum:
- "bind"
- "volume"
- "tmpfs"
- "npipe"
ReadOnly:
description: "Whether the mount should be read-only."
type: "boolean"
Consistency:
description: "The consistency requirement for the mount: `default`, `consistent`, `cached`, or `delegated`."
type: "string"
BindOptions:
description: "Optional configuration for the `bind` type."
type: "object"
properties:
Propagation:
description: "A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
type: "string"
enum:
- "private"
- "rprivate"
- "shared"
- "rshared"
- "slave"
- "rslave"
NonRecursive:
description: "Disable recursive bind mount."
type: "boolean"
default: false
VolumeOptions:
description: "Optional configuration for the `volume` type."
type: "object"
properties:
NoCopy:
description: "Populate volume with data from the target."
type: "boolean"
default: false
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
DriverConfig:
description: "Map of driver specific options"
type: "object"
properties:
Name:
description: "Name of the driver to use to create the volume."
type: "string"
Options:
description: "key/value map of driver specific options."
type: "object"
additionalProperties:
type: "string"
TmpfsOptions:
description: "Optional configuration for the `tmpfs` type."
type: "object"
properties:
SizeBytes:
description: "The size for the tmpfs mount in bytes."
type: "integer"
format: "int64"
Mode:
description: "The permission mode for the tmpfs mount in an integer."
type: "integer"
RestartPolicy:
description: |
The behavior to apply when the container exits. The default is not to
restart.
An ever increasing delay (double the previous delay, starting at 100ms) is
added before each restart to prevent flooding the server.
type: "object"
properties:
Name:
type: "string"
description: |
- Empty string means not to restart
- `always` Always restart
- `unless-stopped` Restart always except when the user has manually stopped the container
- `on-failure` Restart only when the container exit code is non-zero
enum:
- ""
- "always"
- "unless-stopped"
- "on-failure"
MaximumRetryCount:
type: "integer"
description: |
If `on-failure` is used, the number of times to retry before giving up.
Resources:
description: "A container's resources (cgroups config, ulimits, etc)"
type: "object"
properties:
# Applicable to all platforms
CpuShares:
description: |
An integer value representing this container's relative CPU weight
versus other containers.
type: "integer"
Memory:
description: "Memory limit in bytes."
type: "integer"
format: "int64"
default: 0
# Applicable to UNIX platforms
CgroupParent:
description: |
Path to `cgroups` under which the container's `cgroup` is created. If
the path is not absolute, the path is considered to be relative to the
`cgroups` path of the init process. Cgroups are created if they do not
already exist.
type: "string"
BlkioWeight:
description: "Block IO weight (relative weight)."
type: "integer"
minimum: 0
maximum: 1000
BlkioWeightDevice:
description: |
Block IO weight (relative device weight) in the form:
```
[{"Path": "device_path", "Weight": weight}]
```
type: "array"
items:
type: "object"
properties:
Path:
type: "string"
Weight:
type: "integer"
minimum: 0
BlkioDeviceReadBps:
description: |
Limit read rate (bytes per second) from a device, in the form:
```
[{"Path": "device_path", "Rate": rate}]
```
type: "array"
items:
$ref: "#/definitions/ThrottleDevice"
BlkioDeviceWriteBps:
description: |
Limit write rate (bytes per second) to a device, in the form:
```
[{"Path": "device_path", "Rate": rate}]
```
type: "array"
items:
$ref: "#/definitions/ThrottleDevice"
BlkioDeviceReadIOps:
description: |
Limit read rate (IO per second) from a device, in the form:
```
[{"Path": "device_path", "Rate": rate}]
```
type: "array"
items:
$ref: "#/definitions/ThrottleDevice"
BlkioDeviceWriteIOps:
description: |
Limit write rate (IO per second) to a device, in the form:
```
[{"Path": "device_path", "Rate": rate}]
```
type: "array"
items:
$ref: "#/definitions/ThrottleDevice"
CpuPeriod:
description: "The length of a CPU period in microseconds."
type: "integer"
format: "int64"
CpuQuota:
description: |
Microseconds of CPU time that the container can get in a CPU period.
type: "integer"
format: "int64"
CpuRealtimePeriod:
description: |
The length of a CPU real-time period in microseconds. Set to 0 to
allocate no time allocated to real-time tasks.
type: "integer"
format: "int64"
CpuRealtimeRuntime:
description: |
The length of a CPU real-time runtime in microseconds. Set to 0 to
allocate no time allocated to real-time tasks.
type: "integer"
format: "int64"
CpusetCpus:
description: |
CPUs in which to allow execution (e.g., `0-3`, `0,1`).
type: "string"
example: "0-3"
CpusetMems:
description: |
Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only
effective on NUMA systems.
type: "string"
Devices:
description: "A list of devices to add to the container."
type: "array"
items:
$ref: "#/definitions/DeviceMapping"
DeviceCgroupRules:
description: "a list of cgroup rules to apply to the container"
type: "array"
items:
type: "string"
example: "c 13:* rwm"
DeviceRequests:
description: |
A list of requests for devices to be sent to device drivers.
type: "array"
items:
$ref: "#/definitions/DeviceRequest"
KernelMemory:
description: "Kernel memory limit in bytes."
type: "integer"
format: "int64"
example: 209715200
KernelMemoryTCP:
description: "Hard limit for kernel TCP buffer memory (in bytes)."
type: "integer"
format: "int64"
MemoryReservation:
description: "Memory soft limit in bytes."
type: "integer"
format: "int64"
MemorySwap:
description: |
Total memory limit (memory + swap). Set as `-1` to enable unlimited
swap.
type: "integer"
format: "int64"
MemorySwappiness:
description: |
Tune a container's memory swappiness behavior. Accepts an integer
between 0 and 100.
type: "integer"
format: "int64"
minimum: 0
maximum: 100
NanoCPUs:
description: "CPU quota in units of 10<sup>-9</sup> CPUs."
type: "integer"
format: "int64"
OomKillDisable:
description: "Disable OOM Killer for the container."
type: "boolean"
Init:
description: |
Run an init inside the container that forwards signals and reaps
processes. This field is omitted if empty, and the default (as
configured on the daemon) is used.
type: "boolean"
x-nullable: true
PidsLimit:
description: |
Tune a container's PIDs limit. Set `0` or `-1` for unlimited, or `null`
to not change.
type: "integer"
format: "int64"
x-nullable: true
Ulimits:
description: |
A list of resource limits to set in the container. For example:
```
{"Name": "nofile", "Soft": 1024, "Hard": 2048}
```
type: "array"
items:
type: "object"
properties:
Name:
description: "Name of ulimit"
type: "string"
Soft:
description: "Soft limit"
type: "integer"
Hard:
description: "Hard limit"
type: "integer"
# Applicable to Windows
CpuCount:
description: |
The number of usable CPUs (Windows only).
On Windows Server containers, the processor resource controls are
mutually exclusive. The order of precedence is `CPUCount` first, then
`CPUShares`, and `CPUPercent` last.
type: "integer"
format: "int64"
CpuPercent:
description: |
The usable percentage of the available CPUs (Windows only).
On Windows Server containers, the processor resource controls are
mutually exclusive. The order of precedence is `CPUCount` first, then
`CPUShares`, and `CPUPercent` last.
type: "integer"
format: "int64"
IOMaximumIOps:
description: "Maximum IOps for the container system drive (Windows only)"
type: "integer"
format: "int64"
IOMaximumBandwidth:
description: |
Maximum IO in bytes per second for the container system drive
(Windows only).
type: "integer"
format: "int64"
ResourceObject:
description: |
An object describing the resources which can be advertised by a node and
requested by a task.
type: "object"
properties:
NanoCPUs:
type: "integer"
format: "int64"
example: 4000000000
MemoryBytes:
type: "integer"
format: "int64"
example: 8272408576
GenericResources:
$ref: "#/definitions/GenericResources"
GenericResources:
description: |
User-defined resources can be either Integer resources (e.g, `SSD=3`) or
String resources (e.g, `GPU=UUID1`).
type: "array"
items:
type: "object"
properties:
NamedResourceSpec:
type: "object"
properties:
Kind:
type: "string"
Value:
type: "string"
DiscreteResourceSpec:
type: "object"
properties:
Kind:
type: "string"
Value:
type: "integer"
format: "int64"
example:
- DiscreteResourceSpec:
Kind: "SSD"
Value: 3
- NamedResourceSpec:
Kind: "GPU"
Value: "UUID1"
- NamedResourceSpec:
Kind: "GPU"
Value: "UUID2"
HealthConfig:
description: "A test to perform to check that the container is healthy."
type: "object"
properties:
Test:
description: |
The test to perform. Possible values are:
- `[]` inherit healthcheck from image or parent image
- `["NONE"]` disable healthcheck
- `["CMD", args...]` exec arguments directly
- `["CMD-SHELL", command]` run command with system's default shell
type: "array"
items:
type: "string"
Interval:
description: |
The time to wait between checks in nanoseconds. It should be 0 or at
least 1000000 (1 ms). 0 means inherit.
type: "integer"
Timeout:
description: |
The time to wait before considering the check to have hung. It should
be 0 or at least 1000000 (1 ms). 0 means inherit.
type: "integer"
Retries:
description: |
The number of consecutive failures needed to consider a container as
unhealthy. 0 means inherit.
type: "integer"
StartPeriod:
description: |
Start period for the container to initialize before starting
health-retries countdown in nanoseconds. It should be 0 or at least
1000000 (1 ms). 0 means inherit.
type: "integer"
Health:
description: |
Health stores information about the container's healthcheck results.
type: "object"
properties:
Status:
description: |
Status is one of `none`, `starting`, `healthy` or `unhealthy`
- "none" Indicates there is no healthcheck
- "starting" Starting indicates that the container is not yet ready
- "healthy" Healthy indicates that the container is running correctly
- "unhealthy" Unhealthy indicates that the container has a problem
type: "string"
enum:
- "none"
- "starting"
- "healthy"
- "unhealthy"
example: "healthy"
FailingStreak:
description: "FailingStreak is the number of consecutive failures"
type: "integer"
example: 0
Log:
type: "array"
description: |
Log contains the last few results (oldest first)
items:
x-nullable: true
$ref: "#/definitions/HealthcheckResult"
HealthcheckResult:
description: |
HealthcheckResult stores information about a single run of a healthcheck probe
type: "object"
properties:
Start:
description: |
Date and time at which this check started in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "date-time"
example: "2020-01-04T10:44:24.496525531Z"
End:
description: |
Date and time at which this check ended in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "dateTime"
example: "2020-01-04T10:45:21.364524523Z"
ExitCode:
description: |
ExitCode meanings:
- `0` healthy
- `1` unhealthy
- `2` reserved (considered unhealthy)
- other values: error running probe
type: "integer"
example: 0
Output:
description: "Output from last check"
type: "string"
HostConfig:
description: "Container configuration that depends on the host we are running on"
allOf:
- $ref: "#/definitions/Resources"
- type: "object"
properties:
# Applicable to all platforms
Binds:
type: "array"
description: |
A list of volume bindings for this container. Each volume binding
is a string in one of these forms:
- `host-src:container-dest[:options]` to bind-mount a host path
into the container. Both `host-src`, and `container-dest` must
be an _absolute_ path.
- `volume-name:container-dest[:options]` to bind-mount a volume
managed by a volume driver into the container. `container-dest`
must be an _absolute_ path.
`options` is an optional, comma-delimited list of:
- `nocopy` disables automatic copying of data from the container
path to the volume. The `nocopy` flag only applies to named volumes.
- `[ro|rw]` mounts a volume read-only or read-write, respectively.
If omitted or set to `rw`, volumes are mounted read-write.
- `[z|Z]` applies SELinux labels to allow or deny multiple containers
to read and write to the same volume.
- `z`: a _shared_ content label is applied to the content. This
label indicates that multiple containers can share the volume
content, for both reading and writing.
- `Z`: a _private unshared_ label is applied to the content.
This label indicates that only the current container can use
a private volume. Labeling systems such as SELinux require
proper labels to be placed on volume content that is mounted
into a container. Without a label, the security system can
prevent a container's processes from using the content. By
default, the labels set by the host operating system are not
modified.
- `[[r]shared|[r]slave|[r]private]` specifies mount
[propagation behavior](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt).
This only applies to bind-mounted volumes, not internal volumes
or named volumes. Mount propagation requires the source mount
point (the location where the source directory is mounted in the
host operating system) to have the correct propagation properties.
For shared volumes, the source mount point must be set to `shared`.
For slave volumes, the mount must be set to either `shared` or
`slave`.
items:
type: "string"
ContainerIDFile:
type: "string"
description: "Path to a file where the container ID is written"
LogConfig:
type: "object"
description: "The logging configuration for this container"
properties:
Type:
type: "string"
enum:
- "json-file"
- "syslog"
- "journald"
- "gelf"
- "fluentd"
- "awslogs"
- "splunk"
- "etwlogs"
- "none"
Config:
type: "object"
additionalProperties:
type: "string"
NetworkMode:
type: "string"
description: |
Network mode to use for this container. Supported standard values
are: `bridge`, `host`, `none`, and `container:<name|id>`. Any
other value is taken as a custom network's name to which this
container should connect to.
PortBindings:
$ref: "#/definitions/PortMap"
RestartPolicy:
$ref: "#/definitions/RestartPolicy"
AutoRemove:
type: "boolean"
description: |
Automatically remove the container when the container's process
exits. This has no effect if `RestartPolicy` is set.
VolumeDriver:
type: "string"
description: "Driver that this container uses to mount volumes."
VolumesFrom:
type: "array"
description: |
A list of volumes to inherit from another container, specified in
the form `<container name>[:<ro|rw>]`.
items:
type: "string"
Mounts:
description: |
Specification for mounts to be added to the container.
type: "array"
items:
$ref: "#/definitions/Mount"
# Applicable to UNIX platforms
Capabilities:
type: "array"
description: |
A list of kernel capabilities to be available for container (this
overrides the default set).
Conflicts with options 'CapAdd' and 'CapDrop'"
items:
type: "string"
CapAdd:
type: "array"
description: |
A list of kernel capabilities to add to the container. Conflicts
with option 'Capabilities'.
items:
type: "string"
CapDrop:
type: "array"
description: |
A list of kernel capabilities to drop from the container. Conflicts
with option 'Capabilities'.
items:
type: "string"
Dns:
type: "array"
description: "A list of DNS servers for the container to use."
items:
type: "string"
DnsOptions:
type: "array"
description: "A list of DNS options."
items:
type: "string"
DnsSearch:
type: "array"
description: "A list of DNS search domains."
items:
type: "string"
ExtraHosts:
type: "array"
description: |
A list of hostnames/IP mappings to add to the container's `/etc/hosts`
file. Specified in the form `["hostname:IP"]`.
items:
type: "string"
GroupAdd:
type: "array"
description: |
A list of additional groups that the container process will run as.
items:
type: "string"
IpcMode:
type: "string"
description: |
IPC sharing mode for the container. Possible values are:
- `"none"`: own private IPC namespace, with /dev/shm not mounted
- `"private"`: own private IPC namespace
- `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
- `"container:<name|id>"`: join another (shareable) container's IPC namespace
- `"host"`: use the host system's IPC namespace
If not specified, daemon default is used, which can either be `"private"`
or `"shareable"`, depending on daemon version and configuration.
Cgroup:
type: "string"
description: "Cgroup to use for the container."
Links:
type: "array"
description: |
A list of links for the container in the form `container_name:alias`.
items:
type: "string"
OomScoreAdj:
type: "integer"
description: |
An integer value containing the score given to the container in
order to tune OOM killer preferences.
example: 500
PidMode:
type: "string"
description: |
Set the PID (Process) Namespace mode for the container. It can be
either:
- `"container:<name|id>"`: joins another container's PID namespace
- `"host"`: use the host's PID namespace inside the container
Privileged:
type: "boolean"
description: "Gives the container full access to the host."
PublishAllPorts:
type: "boolean"
description: |
Allocates an ephemeral host port for all of a container's
exposed ports.
Ports are de-allocated when the container stops and allocated when
the container starts. The allocated port might be changed when
restarting the container.
The port is selected from the ephemeral port range that depends on
the kernel. For example, on Linux the range is defined by
`/proc/sys/net/ipv4/ip_local_port_range`.
ReadonlyRootfs:
type: "boolean"
description: "Mount the container's root filesystem as read only."
SecurityOpt:
type: "array"
description: "A list of string values to customize labels for MLS
systems, such as SELinux."
items:
type: "string"
StorageOpt:
type: "object"
description: |
Storage driver options for this container, in the form `{"size": "120G"}`.
additionalProperties:
type: "string"
Tmpfs:
type: "object"
description: |
A map of container directories which should be replaced by tmpfs
mounts, and their corresponding mount options. For example:
```
{ "/run": "rw,noexec,nosuid,size=65536k" }
```
additionalProperties:
type: "string"
UTSMode:
type: "string"
description: "UTS namespace to use for the container."
UsernsMode:
type: "string"
description: |
Sets the usernamespace mode for the container when usernamespace
remapping option is enabled.
ShmSize:
type: "integer"
description: |
Size of `/dev/shm` in bytes. If omitted, the system uses 64MB.
minimum: 0
Sysctls:
type: "object"
description: |
A list of kernel parameters (sysctls) to set in the container.
For example:
```
{"net.ipv4.ip_forward": "1"}
```
additionalProperties:
type: "string"
Runtime:
type: "string"
description: "Runtime to use with this container."
# Applicable to Windows
ConsoleSize:
type: "array"
description: |
Initial console size, as an `[height, width]` array. (Windows only)
minItems: 2
maxItems: 2
items:
type: "integer"
minimum: 0
Isolation:
type: "string"
description: |
Isolation technology of the container. (Windows only)
enum:
- "default"
- "process"
- "hyperv"
MaskedPaths:
type: "array"
description: |
The list of paths to be masked inside the container (this overrides
the default set of paths).
items:
type: "string"
ReadonlyPaths:
type: "array"
description: |
The list of paths to be set as read-only inside the container
(this overrides the default set of paths).
items:
type: "string"
ContainerConfig:
description: "Configuration for a container that is portable between hosts"
type: "object"
properties:
Hostname:
description: "The hostname to use for the container, as a valid RFC 1123 hostname."
type: "string"
Domainname:
description: "The domain name to use for the container."
type: "string"
User:
description: "The user that commands are run as inside the container."
type: "string"
AttachStdin:
description: "Whether to attach to `stdin`."
type: "boolean"
default: false
AttachStdout:
description: "Whether to attach to `stdout`."
type: "boolean"
default: true
AttachStderr:
description: "Whether to attach to `stderr`."
type: "boolean"
default: true
ExposedPorts:
description: |
An object mapping ports to an empty object in the form:
`{"<port>/<tcp|udp|sctp>": {}}`
type: "object"
additionalProperties:
type: "object"
enum:
- {}
default: {}
Tty:
description: |
Attach standard streams to a TTY, including `stdin` if it is not closed.
type: "boolean"
default: false
OpenStdin:
description: "Open `stdin`"
type: "boolean"
default: false
StdinOnce:
description: "Close `stdin` after one attached client disconnects"
type: "boolean"
default: false
Env:
description: |
A list of environment variables to set inside the container in the
form `["VAR=value", ...]`. A variable without `=` is removed from the
environment, rather than to have an empty value.
type: "array"
items:
type: "string"
Cmd:
description: |
Command to run specified as a string or an array of strings.
type: "array"
items:
type: "string"
Healthcheck:
$ref: "#/definitions/HealthConfig"
ArgsEscaped:
description: "Command is already escaped (Windows only)"
type: "boolean"
Image:
description: |
The name of the image to use when creating the container/
type: "string"
Volumes:
description: |
An object mapping mount point paths inside the container to empty
objects.
type: "object"
additionalProperties:
type: "object"
enum:
- {}
default: {}
WorkingDir:
description: "The working directory for commands to run in."
type: "string"
Entrypoint:
description: |
The entry point for the container as a string or an array of strings.
If the array consists of exactly one empty string (`[""]`) then the
entry point is reset to system default (i.e., the entry point used by
docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
type: "array"
items:
type: "string"
NetworkDisabled:
description: "Disable networking for the container."
type: "boolean"
MacAddress:
description: "MAC address of the container."
type: "string"
OnBuild:
description: |
`ONBUILD` metadata that were defined in the image's `Dockerfile`.
type: "array"
items:
type: "string"
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
StopSignal:
description: |
Signal to stop a container as a string or unsigned integer.
type: "string"
default: "SIGTERM"
StopTimeout:
description: "Timeout to stop a container in seconds."
type: "integer"
default: 10
Shell:
description: |
Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell.
type: "array"
items:
type: "string"
NetworkingConfig:
description: |
NetworkingConfig represents the container's networking configuration for
each of its interfaces.
It is used for the networking configs specified in the `docker create`
and `docker network connect` commands.
type: "object"
properties:
EndpointsConfig:
description: |
A mapping of network name to endpoint configuration for that network.
type: "object"
additionalProperties:
$ref: "#/definitions/EndpointSettings"
example:
# putting an example here, instead of using the example values from
# /definitions/EndpointSettings, because containers/create currently
# does not support attaching to multiple networks, so the example request
# would be confusing if it showed that multiple networks can be contained
# in the EndpointsConfig.
# TODO remove once we support multiple networks on container create (see https://github.com/moby/moby/blob/07e6b843594e061f82baa5fa23c2ff7d536c2a05/daemon/create.go#L323)
EndpointsConfig:
isolated_nw:
IPAMConfig:
IPv4Address: "172.20.30.33"
IPv6Address: "2001:db8:abcd::3033"
LinkLocalIPs:
- "169.254.34.68"
- "fe80::3468"
Links:
- "container_1"
- "container_2"
Aliases:
- "server_x"
- "server_y"
NetworkSettings:
description: "NetworkSettings exposes the network settings in the API"
type: "object"
properties:
Bridge:
description: Name of the network'a bridge (for example, `docker0`).
type: "string"
example: "docker0"
SandboxID:
description: SandboxID uniquely represents a container's network stack.
type: "string"
example: "9d12daf2c33f5959c8bf90aa513e4f65b561738661003029ec84830cd503a0c3"
HairpinMode:
description: |
Indicates if hairpin NAT should be enabled on the virtual interface.
type: "boolean"
example: false
LinkLocalIPv6Address:
description: IPv6 unicast address using the link-local prefix.
type: "string"
example: "fe80::42:acff:fe11:1"
LinkLocalIPv6PrefixLen:
description: Prefix length of the IPv6 unicast address.
type: "integer"
example: "64"
Ports:
$ref: "#/definitions/PortMap"
SandboxKey:
description: SandboxKey identifies the sandbox
type: "string"
example: "/var/run/docker/netns/8ab54b426c38"
# TODO is SecondaryIPAddresses actually used?
SecondaryIPAddresses:
description: ""
type: "array"
items:
$ref: "#/definitions/Address"
x-nullable: true
# TODO is SecondaryIPv6Addresses actually used?
SecondaryIPv6Addresses:
description: ""
type: "array"
items:
$ref: "#/definitions/Address"
x-nullable: true
# TODO properties below are part of DefaultNetworkSettings, which is
# marked as deprecated since Docker 1.9 and to be removed in Docker v17.12
EndpointID:
description: |
EndpointID uniquely represents a service endpoint in a Sandbox.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "string"
example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
Gateway:
description: |
Gateway address for the default "bridge" network.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "string"
example: "172.17.0.1"
GlobalIPv6Address:
description: |
Global IPv6 address for the default "bridge" network.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "string"
example: "2001:db8::5689"
GlobalIPv6PrefixLen:
description: |
Mask length of the global IPv6 address.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "integer"
example: 64
IPAddress:
description: |
IPv4 address for the default "bridge" network.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "string"
example: "172.17.0.4"
IPPrefixLen:
description: |
Mask length of the IPv4 address.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "integer"
example: 16
IPv6Gateway:
description: |
IPv6 gateway address for this network.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "string"
example: "2001:db8:2::100"
MacAddress:
description: |
MAC address for the container on the default "bridge" network.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: "string"
example: "02:42:ac:11:00:04"
Networks:
description: |
Information about all networks that the container is connected to.
type: "object"
additionalProperties:
$ref: "#/definitions/EndpointSettings"
Address:
description: Address represents an IPv4 or IPv6 IP address.
type: "object"
properties:
Addr:
description: IP address.
type: "string"
PrefixLen:
description: Mask length of the IP address.
type: "integer"
PortMap:
description: |
PortMap describes the mapping of container ports to host ports, using the
container's port-number and protocol as key in the format `<port>/<protocol>`,
for example, `80/udp`.
If a container's port is mapped for multiple protocols, separate entries
are added to the mapping table.
type: "object"
additionalProperties:
type: "array"
x-nullable: true
items:
$ref: "#/definitions/PortBinding"
example:
"443/tcp":
- HostIp: "127.0.0.1"
HostPort: "4443"
"80/tcp":
- HostIp: "0.0.0.0"
HostPort: "80"
- HostIp: "0.0.0.0"
HostPort: "8080"
"80/udp":
- HostIp: "0.0.0.0"
HostPort: "80"
"53/udp":
- HostIp: "0.0.0.0"
HostPort: "53"
"2377/tcp": null
PortBinding:
description: |
PortBinding represents a binding between a host IP address and a host
port.
type: "object"
properties:
HostIp:
description: "Host IP address that the container's port is mapped to."
type: "string"
example: "127.0.0.1"
HostPort:
description: "Host port number that the container's port is mapped to."
type: "string"
example: "4443"
GraphDriverData:
description: "Information about a container's graph driver."
type: "object"
required: [Name, Data]
properties:
Name:
type: "string"
x-nullable: false
Data:
type: "object"
x-nullable: false
additionalProperties:
type: "string"
Image:
type: "object"
required:
- Id
- Parent
- Comment
- Created
- Container
- DockerVersion
- Author
- Architecture
- Os
- Size
- VirtualSize
- GraphDriver
- RootFS
properties:
Id:
type: "string"
x-nullable: false
RepoTags:
type: "array"
items:
type: "string"
RepoDigests:
type: "array"
items:
type: "string"
Parent:
type: "string"
x-nullable: false
Comment:
type: "string"
x-nullable: false
Created:
type: "string"
x-nullable: false
Container:
type: "string"
x-nullable: false
ContainerConfig:
$ref: "#/definitions/ContainerConfig"
DockerVersion:
type: "string"
x-nullable: false
Author:
type: "string"
x-nullable: false
Config:
$ref: "#/definitions/ContainerConfig"
Architecture:
type: "string"
x-nullable: false
Os:
type: "string"
x-nullable: false
OsVersion:
type: "string"
Size:
type: "integer"
format: "int64"
x-nullable: false
VirtualSize:
type: "integer"
format: "int64"
x-nullable: false
GraphDriver:
$ref: "#/definitions/GraphDriverData"
RootFS:
type: "object"
required: [Type]
properties:
Type:
type: "string"
x-nullable: false
Layers:
type: "array"
items:
type: "string"
BaseLayer:
type: "string"
Metadata:
type: "object"
properties:
LastTagTime:
type: "string"
format: "dateTime"
ImageSummary:
type: "object"
required:
- Id
- ParentId
- RepoTags
- RepoDigests
- Created
- Size
- SharedSize
- VirtualSize
- Labels
- Containers
properties:
Id:
type: "string"
x-nullable: false
ParentId:
type: "string"
x-nullable: false
RepoTags:
type: "array"
x-nullable: false
items:
type: "string"
RepoDigests:
type: "array"
x-nullable: false
items:
type: "string"
Created:
type: "integer"
x-nullable: false
Size:
type: "integer"
x-nullable: false
SharedSize:
type: "integer"
x-nullable: false
VirtualSize:
type: "integer"
x-nullable: false
Labels:
type: "object"
x-nullable: false
additionalProperties:
type: "string"
Containers:
x-nullable: false
type: "integer"
AuthConfig:
type: "object"
properties:
username:
type: "string"
password:
type: "string"
email:
type: "string"
serveraddress:
type: "string"
example:
username: "hannibal"
password: "xxxx"
serveraddress: "https://index.docker.io/v1/"
ProcessConfig:
type: "object"
properties:
privileged:
type: "boolean"
user:
type: "string"
tty:
type: "boolean"
entrypoint:
type: "string"
arguments:
type: "array"
items:
type: "string"
Volume:
type: "object"
required: [Name, Driver, Mountpoint, Labels, Scope, Options]
properties:
Name:
type: "string"
description: "Name of the volume."
x-nullable: false
Driver:
type: "string"
description: "Name of the volume driver used by the volume."
x-nullable: false
Mountpoint:
type: "string"
description: "Mount path of the volume on the host."
x-nullable: false
CreatedAt:
type: "string"
format: "dateTime"
description: "Date/Time the volume was created."
Status:
type: "object"
description: |
Low-level details about the volume, provided by the volume driver.
Details are returned as a map with key/value pairs:
`{"key":"value","key2":"value2"}`.
The `Status` field is optional, and is omitted if the volume driver
does not support this feature.
additionalProperties:
type: "object"
Labels:
type: "object"
description: "User-defined key/value metadata."
x-nullable: false
additionalProperties:
type: "string"
Scope:
type: "string"
description: |
The level at which the volume exists. Either `global` for cluster-wide,
or `local` for machine level.
default: "local"
x-nullable: false
enum: ["local", "global"]
Options:
type: "object"
description: |
The driver specific options used when creating the volume.
additionalProperties:
type: "string"
UsageData:
type: "object"
x-nullable: true
required: [Size, RefCount]
description: |
Usage details about the volume. This information is used by the
`GET /system/df` endpoint, and omitted in other endpoints.
properties:
Size:
type: "integer"
default: -1
description: |
Amount of disk space used by the volume (in bytes). This information
is only available for volumes created with the `"local"` volume
driver. For volumes created with other volume drivers, this field
is set to `-1` ("not available")
x-nullable: false
RefCount:
type: "integer"
default: -1
description: |
The number of containers referencing this volume. This field
is set to `-1` if the reference-count is not available.
x-nullable: false
example:
Name: "tardis"
Driver: "custom"
Mountpoint: "/var/lib/docker/volumes/tardis"
Status:
hello: "world"
Labels:
com.example.some-label: "some-value"
com.example.some-other-label: "some-other-value"
Scope: "local"
CreatedAt: "2016-06-07T20:31:11.853781916Z"
Network:
type: "object"
properties:
Name:
type: "string"
Id:
type: "string"
Created:
type: "string"
format: "dateTime"
Scope:
type: "string"
Driver:
type: "string"
EnableIPv6:
type: "boolean"
IPAM:
$ref: "#/definitions/IPAM"
Internal:
type: "boolean"
Attachable:
type: "boolean"
Ingress:
type: "boolean"
Containers:
type: "object"
additionalProperties:
$ref: "#/definitions/NetworkContainer"
Options:
type: "object"
additionalProperties:
type: "string"
Labels:
type: "object"
additionalProperties:
type: "string"
example:
Name: "net01"
Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99"
Created: "2016-10-19T04:33:30.360899459Z"
Scope: "local"
Driver: "bridge"
EnableIPv6: false
IPAM:
Driver: "default"
Config:
- Subnet: "172.19.0.0/16"
Gateway: "172.19.0.1"
Options:
foo: "bar"
Internal: false
Attachable: false
Ingress: false
Containers:
19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
Name: "test"
EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a"
MacAddress: "02:42:ac:13:00:02"
IPv4Address: "172.19.0.2/16"
IPv6Address: ""
Options:
com.docker.network.bridge.default_bridge: "true"
com.docker.network.bridge.enable_icc: "true"
com.docker.network.bridge.enable_ip_masquerade: "true"
com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
com.docker.network.bridge.name: "docker0"
com.docker.network.driver.mtu: "1500"
Labels:
com.example.some-label: "some-value"
com.example.some-other-label: "some-other-value"
IPAM:
type: "object"
properties:
Driver:
description: "Name of the IPAM driver to use."
type: "string"
default: "default"
Config:
description: |
List of IPAM configuration options, specified as a map:
```
{"Subnet": <CIDR>, "IPRange": <CIDR>, "Gateway": <IP address>, "AuxAddress": <device_name:IP address>}
```
type: "array"
items:
type: "object"
additionalProperties:
type: "string"
Options:
description: "Driver-specific options, specified as a map."
type: "object"
additionalProperties:
type: "string"
NetworkContainer:
type: "object"
properties:
Name:
type: "string"
EndpointID:
type: "string"
MacAddress:
type: "string"
IPv4Address:
type: "string"
IPv6Address:
type: "string"
BuildInfo:
type: "object"
properties:
id:
type: "string"
stream:
type: "string"
error:
type: "string"
errorDetail:
$ref: "#/definitions/ErrorDetail"
status:
type: "string"
progress:
type: "string"
progressDetail:
$ref: "#/definitions/ProgressDetail"
aux:
$ref: "#/definitions/ImageID"
BuildCache:
type: "object"
properties:
ID:
type: "string"
Parent:
type: "string"
Type:
type: "string"
Description:
type: "string"
InUse:
type: "boolean"
Shared:
type: "boolean"
Size:
description: |
Amount of disk space used by the build cache (in bytes).
type: "integer"
CreatedAt:
description: |
Date and time at which the build cache was created in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "dateTime"
example: "2016-08-18T10:44:24.496525531Z"
LastUsedAt:
description: |
Date and time at which the build cache was last used in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "dateTime"
x-nullable: true
example: "2017-08-09T07:09:37.632105588Z"
UsageCount:
type: "integer"
ImageID:
type: "object"
description: "Image ID or Digest"
properties:
ID:
type: "string"
example:
ID: "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c"
CreateImageInfo:
type: "object"
properties:
id:
type: "string"
error:
type: "string"
status:
type: "string"
progress:
type: "string"
progressDetail:
$ref: "#/definitions/ProgressDetail"
PushImageInfo:
type: "object"
properties:
error:
type: "string"
status:
type: "string"
progress:
type: "string"
progressDetail:
$ref: "#/definitions/ProgressDetail"
ErrorDetail:
type: "object"
properties:
code:
type: "integer"
message:
type: "string"
ProgressDetail:
type: "object"
properties:
current:
type: "integer"
total:
type: "integer"
ErrorResponse:
description: "Represents an error."
type: "object"
required: ["message"]
properties:
message:
description: "The error message."
type: "string"
x-nullable: false
example:
message: "Something went wrong."
IdResponse:
description: "Response to an API call that returns just an Id"
type: "object"
required: ["Id"]
properties:
Id:
description: "The id of the newly created object."
type: "string"
x-nullable: false
EndpointSettings:
description: "Configuration for a network endpoint."
type: "object"
properties:
# Configurations
IPAMConfig:
$ref: "#/definitions/EndpointIPAMConfig"
Links:
type: "array"
items:
type: "string"
example:
- "container_1"
- "container_2"
Aliases:
type: "array"
items:
type: "string"
example:
- "server_x"
- "server_y"
# Operational data
NetworkID:
description: |
Unique ID of the network.
type: "string"
example: "08754567f1f40222263eab4102e1c733ae697e8e354aa9cd6e18d7402835292a"
EndpointID:
description: |
Unique ID for the service endpoint in a Sandbox.
type: "string"
example: "b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b"
Gateway:
description: |
Gateway address for this network.
type: "string"
example: "172.17.0.1"
IPAddress:
description: |
IPv4 address.
type: "string"
example: "172.17.0.4"
IPPrefixLen:
description: |
Mask length of the IPv4 address.
type: "integer"
example: 16
IPv6Gateway:
description: |
IPv6 gateway address.
type: "string"
example: "2001:db8:2::100"
GlobalIPv6Address:
description: |
Global IPv6 address.
type: "string"
example: "2001:db8::5689"
GlobalIPv6PrefixLen:
description: |
Mask length of the global IPv6 address.
type: "integer"
format: "int64"
example: 64
MacAddress:
description: |
MAC address for the endpoint on this network.
type: "string"
example: "02:42:ac:11:00:04"
DriverOpts:
description: |
DriverOpts is a mapping of driver options and values. These options
are passed directly to the driver and are driver specific.
type: "object"
x-nullable: true
additionalProperties:
type: "string"
example:
com.example.some-label: "some-value"
com.example.some-other-label: "some-other-value"
EndpointIPAMConfig:
description: |
EndpointIPAMConfig represents an endpoint's IPAM configuration.
type: "object"
x-nullable: true
properties:
IPv4Address:
type: "string"
example: "172.20.30.33"
IPv6Address:
type: "string"
example: "2001:db8:abcd::3033"
LinkLocalIPs:
type: "array"
items:
type: "string"
example:
- "169.254.34.68"
- "fe80::3468"
PluginMount:
type: "object"
x-nullable: false
required: [Name, Description, Settable, Source, Destination, Type, Options]
properties:
Name:
type: "string"
x-nullable: false
example: "some-mount"
Description:
type: "string"
x-nullable: false
example: "This is a mount that's used by the plugin."
Settable:
type: "array"
items:
type: "string"
Source:
type: "string"
example: "/var/lib/docker/plugins/"
Destination:
type: "string"
x-nullable: false
example: "/mnt/state"
Type:
type: "string"
x-nullable: false
example: "bind"
Options:
type: "array"
items:
type: "string"
example:
- "rbind"
- "rw"
PluginDevice:
type: "object"
required: [Name, Description, Settable, Path]
x-nullable: false
properties:
Name:
type: "string"
x-nullable: false
Description:
type: "string"
x-nullable: false
Settable:
type: "array"
items:
type: "string"
Path:
type: "string"
example: "/dev/fuse"
PluginEnv:
type: "object"
x-nullable: false
required: [Name, Description, Settable, Value]
properties:
Name:
x-nullable: false
type: "string"
Description:
x-nullable: false
type: "string"
Settable:
type: "array"
items:
type: "string"
Value:
type: "string"
PluginInterfaceType:
type: "object"
x-nullable: false
required: [Prefix, Capability, Version]
properties:
Prefix:
type: "string"
x-nullable: false
Capability:
type: "string"
x-nullable: false
Version:
type: "string"
x-nullable: false
Plugin:
description: "A plugin for the Engine API"
type: "object"
required: [Settings, Enabled, Config, Name]
properties:
Id:
type: "string"
example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
Name:
type: "string"
x-nullable: false
example: "tiborvass/sample-volume-plugin"
Enabled:
description:
True if the plugin is running. False if the plugin is not running,
only installed.
type: "boolean"
x-nullable: false
example: true
Settings:
description: "Settings that can be modified by users."
type: "object"
x-nullable: false
required: [Args, Devices, Env, Mounts]
properties:
Mounts:
type: "array"
items:
$ref: "#/definitions/PluginMount"
Env:
type: "array"
items:
type: "string"
example:
- "DEBUG=0"
Args:
type: "array"
items:
type: "string"
Devices:
type: "array"
items:
$ref: "#/definitions/PluginDevice"
PluginReference:
description: "plugin remote reference used to push/pull the plugin"
type: "string"
x-nullable: false
example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
Config:
description: "The config of a plugin."
type: "object"
x-nullable: false
required:
- Description
- Documentation
- Interface
- Entrypoint
- WorkDir
- Network
- Linux
- PidHost
- PropagatedMount
- IpcHost
- Mounts
- Env
- Args
properties:
DockerVersion:
description: "Docker Version used to create the plugin"
type: "string"
x-nullable: false
example: "17.06.0-ce"
Description:
type: "string"
x-nullable: false
example: "A sample volume plugin for Docker"
Documentation:
type: "string"
x-nullable: false
example: "https://docs.docker.com/engine/extend/plugins/"
Interface:
description: "The interface between Docker and the plugin"
x-nullable: false
type: "object"
required: [Types, Socket]
properties:
Types:
type: "array"
items:
$ref: "#/definitions/PluginInterfaceType"
example:
- "docker.volumedriver/1.0"
Socket:
type: "string"
x-nullable: false
example: "plugins.sock"
ProtocolScheme:
type: "string"
example: "some.protocol/v1.0"
description: "Protocol to use for clients connecting to the plugin."
enum:
- ""
- "moby.plugins.http/v1"
Entrypoint:
type: "array"
items:
type: "string"
example:
- "/usr/bin/sample-volume-plugin"
- "/data"
WorkDir:
type: "string"
x-nullable: false
example: "/bin/"
User:
type: "object"
x-nullable: false
properties:
UID:
type: "integer"
format: "uint32"
example: 1000
GID:
type: "integer"
format: "uint32"
example: 1000
Network:
type: "object"
x-nullable: false
required: [Type]
properties:
Type:
x-nullable: false
type: "string"
example: "host"
Linux:
type: "object"
x-nullable: false
required: [Capabilities, AllowAllDevices, Devices]
properties:
Capabilities:
type: "array"
items:
type: "string"
example:
- "CAP_SYS_ADMIN"
- "CAP_SYSLOG"
AllowAllDevices:
type: "boolean"
x-nullable: false
example: false
Devices:
type: "array"
items:
$ref: "#/definitions/PluginDevice"
PropagatedMount:
type: "string"
x-nullable: false
example: "/mnt/volumes"
IpcHost:
type: "boolean"
x-nullable: false
example: false
PidHost:
type: "boolean"
x-nullable: false
example: false
Mounts:
type: "array"
items:
$ref: "#/definitions/PluginMount"
Env:
type: "array"
items:
$ref: "#/definitions/PluginEnv"
example:
- Name: "DEBUG"
Description: "If set, prints debug messages"
Settable: null
Value: "0"
Args:
type: "object"
x-nullable: false
required: [Name, Description, Settable, Value]
properties:
Name:
x-nullable: false
type: "string"
example: "args"
Description:
x-nullable: false
type: "string"
example: "command line arguments"
Settable:
type: "array"
items:
type: "string"
Value:
type: "array"
items:
type: "string"
rootfs:
type: "object"
properties:
type:
type: "string"
example: "layers"
diff_ids:
type: "array"
items:
type: "string"
example:
- "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
- "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
ObjectVersion:
description: |
The version number of the object such as node, service, etc. This is needed
to avoid conflicting writes. The client must send the version number along
with the modified specification when updating these objects.
This approach ensures safe concurrency and determinism in that the change
on the object may not be applied if the version number has changed from the
last read. In other words, if two update requests specify the same base
version, only one of the requests can succeed. As a result, two separate
update requests that happen at the same time will not unintentionally
overwrite each other.
type: "object"
properties:
Index:
type: "integer"
format: "uint64"
example: 373531
NodeSpec:
type: "object"
properties:
Name:
description: "Name for the node."
type: "string"
example: "my-node"
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
Role:
description: "Role of the node."
type: "string"
enum:
- "worker"
- "manager"
example: "manager"
Availability:
description: "Availability of the node."
type: "string"
enum:
- "active"
- "pause"
- "drain"
example: "active"
example:
Availability: "active"
Name: "node-name"
Role: "manager"
Labels:
foo: "bar"
Node:
type: "object"
properties:
ID:
type: "string"
example: "24ifsmvkjbyhk"
Version:
$ref: "#/definitions/ObjectVersion"
CreatedAt:
description: |
Date and time at which the node was added to the swarm in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "dateTime"
example: "2016-08-18T10:44:24.496525531Z"
UpdatedAt:
description: |
Date and time at which the node was last updated in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "dateTime"
example: "2017-08-09T07:09:37.632105588Z"
Spec:
$ref: "#/definitions/NodeSpec"
Description:
$ref: "#/definitions/NodeDescription"
Status:
$ref: "#/definitions/NodeStatus"
ManagerStatus:
$ref: "#/definitions/ManagerStatus"
NodeDescription:
description: |
NodeDescription encapsulates the properties of the Node as reported by the
agent.
type: "object"
properties:
Hostname:
type: "string"
example: "bf3067039e47"
Platform:
$ref: "#/definitions/Platform"
Resources:
$ref: "#/definitions/ResourceObject"
Engine:
$ref: "#/definitions/EngineDescription"
TLSInfo:
$ref: "#/definitions/TLSInfo"
Platform:
description: |
Platform represents the platform (Arch/OS).
type: "object"
properties:
Architecture:
description: |
Architecture represents the hardware architecture (for example,
`x86_64`).
type: "string"
example: "x86_64"
OS:
description: |
OS represents the Operating System (for example, `linux` or `windows`).
type: "string"
example: "linux"
EngineDescription:
description: "EngineDescription provides information about an engine."
type: "object"
properties:
EngineVersion:
type: "string"
example: "17.06.0"
Labels:
type: "object"
additionalProperties:
type: "string"
example:
foo: "bar"
Plugins:
type: "array"
items:
type: "object"
properties:
Type:
type: "string"
Name:
type: "string"
example:
- Type: "Log"
Name: "awslogs"
- Type: "Log"
Name: "fluentd"
- Type: "Log"
Name: "gcplogs"
- Type: "Log"
Name: "gelf"
- Type: "Log"
Name: "journald"
- Type: "Log"
Name: "json-file"
- Type: "Log"
Name: "logentries"
- Type: "Log"
Name: "splunk"
- Type: "Log"
Name: "syslog"
- Type: "Network"
Name: "bridge"
- Type: "Network"
Name: "host"
- Type: "Network"
Name: "ipvlan"
- Type: "Network"
Name: "macvlan"
- Type: "Network"
Name: "null"
- Type: "Network"
Name: "overlay"
- Type: "Volume"
Name: "local"
- Type: "Volume"
Name: "localhost:5000/vieux/sshfs:latest"
- Type: "Volume"
Name: "vieux/sshfs:latest"
TLSInfo:
description: |
Information about the issuer of leaf TLS certificates and the trusted root
CA certificate.
type: "object"
properties:
TrustRoot:
description: |
The root CA certificate(s) that are used to validate leaf TLS
certificates.
type: "string"
CertIssuerSubject:
description:
The base64-url-safe-encoded raw subject bytes of the issuer.
type: "string"
CertIssuerPublicKey:
description: |
The base64-url-safe-encoded raw public key bytes of the issuer.
type: "string"
example:
TrustRoot: |
-----BEGIN CERTIFICATE-----
MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
-----END CERTIFICATE-----
CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
NodeStatus:
description: |
NodeStatus represents the status of a node.
It provides the current status of the node, as seen by the manager.
type: "object"
properties:
State:
$ref: "#/definitions/NodeState"
Message:
type: "string"
example: ""
Addr:
description: "IP address of the node."
type: "string"
example: "172.17.0.2"
NodeState:
description: "NodeState represents the state of a node."
type: "string"
enum:
- "unknown"
- "down"
- "ready"
- "disconnected"
example: "ready"
ManagerStatus:
description: |
ManagerStatus represents the status of a manager.
It provides the current status of a node's manager component, if the node
is a manager.
x-nullable: true
type: "object"
properties:
Leader:
type: "boolean"
default: false
example: true
Reachability:
$ref: "#/definitions/Reachability"
Addr:
description: |
The IP address and port at which the manager is reachable.
type: "string"
example: "10.0.0.46:2377"
Reachability:
description: "Reachability represents the reachability of a node."
type: "string"
enum:
- "unknown"
- "unreachable"
- "reachable"
example: "reachable"
SwarmSpec:
description: "User modifiable swarm configuration."
type: "object"
properties:
Name:
description: "Name of the swarm."
type: "string"
example: "default"
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
example:
com.example.corp.type: "production"
com.example.corp.department: "engineering"
Orchestration:
description: "Orchestration configuration."
type: "object"
x-nullable: true
properties:
TaskHistoryRetentionLimit:
description: |
The number of historic tasks to keep per instance or node. If
negative, never remove completed or failed tasks.
type: "integer"
format: "int64"
example: 10
Raft:
description: "Raft configuration."
type: "object"
properties:
SnapshotInterval:
description: "The number of log entries between snapshots."
type: "integer"
format: "uint64"
example: 10000
KeepOldSnapshots:
description: |
The number of snapshots to keep beyond the current snapshot.
type: "integer"
format: "uint64"
LogEntriesForSlowFollowers:
description: |
The number of log entries to keep around to sync up slow followers
after a snapshot is created.
type: "integer"
format: "uint64"
example: 500
ElectionTick:
description: |
The number of ticks that a follower will wait for a message from
the leader before becoming a candidate and starting an election.
`ElectionTick` must be greater than `HeartbeatTick`.
A tick currently defaults to one second, so these translate
directly to seconds currently, but this is NOT guaranteed.
type: "integer"
example: 3
HeartbeatTick:
description: |
The number of ticks between heartbeats. Every HeartbeatTick ticks,
the leader will send a heartbeat to the followers.
A tick currently defaults to one second, so these translate
directly to seconds currently, but this is NOT guaranteed.
type: "integer"
example: 1
Dispatcher:
description: "Dispatcher configuration."
type: "object"
x-nullable: true
properties:
HeartbeatPeriod:
description: |
The delay for an agent to send a heartbeat to the dispatcher.
type: "integer"
format: "int64"
example: 5000000000
CAConfig:
description: "CA configuration."
type: "object"
x-nullable: true
properties:
NodeCertExpiry:
description: "The duration node certificates are issued for."
type: "integer"
format: "int64"
example: 7776000000000000
ExternalCAs:
description: |
Configuration for forwarding signing requests to an external
certificate authority.
type: "array"
items:
type: "object"
properties:
Protocol:
description: |
Protocol for communication with the external CA (currently
only `cfssl` is supported).
type: "string"
enum:
- "cfssl"
default: "cfssl"
URL:
description: |
URL where certificate signing requests should be sent.
type: "string"
Options:
description: |
An object with key/value pairs that are interpreted as
protocol-specific options for the external CA driver.
type: "object"
additionalProperties:
type: "string"
CACert:
description: |
The root CA certificate (in PEM format) this external CA uses
to issue TLS certificates (assumed to be to the current swarm
root CA certificate if not provided).
type: "string"
SigningCACert:
description: |
The desired signing CA certificate for all swarm node TLS leaf
certificates, in PEM format.
type: "string"
SigningCAKey:
description: |
The desired signing CA key for all swarm node TLS leaf certificates,
in PEM format.
type: "string"
ForceRotate:
description: |
An integer whose purpose is to force swarm to generate a new
signing CA certificate and key, if none have been specified in
`SigningCACert` and `SigningCAKey`
format: "uint64"
type: "integer"
EncryptionConfig:
description: "Parameters related to encryption-at-rest."
type: "object"
properties:
AutoLockManagers:
description: |
If set, generate a key and use it to lock data stored on the
managers.
type: "boolean"
example: false
TaskDefaults:
description: "Defaults for creating tasks in this cluster."
type: "object"
properties:
LogDriver:
description: |
The log driver to use for tasks created in the orchestrator if
unspecified by a service.
Updating this value only affects new tasks. Existing tasks continue
to use their previously configured log driver until recreated.
type: "object"
properties:
Name:
description: |
The log driver to use as a default for new tasks.
type: "string"
example: "json-file"
Options:
description: |
Driver-specific options for the selectd log driver, specified
as key/value pairs.
type: "object"
additionalProperties:
type: "string"
example:
"max-file": "10"
"max-size": "100m"
# The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
# without `JoinTokens`.
ClusterInfo:
description: |
ClusterInfo represents information about the swarm as is returned by the
"/info" endpoint. Join-tokens are not included.
x-nullable: true
type: "object"
properties:
ID:
description: "The ID of the swarm."
type: "string"
example: "abajmipo7b4xz5ip2nrla6b11"
Version:
$ref: "#/definitions/ObjectVersion"
CreatedAt:
description: |
Date and time at which the swarm was initialised in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "dateTime"
example: "2016-08-18T10:44:24.496525531Z"
UpdatedAt:
description: |
Date and time at which the swarm was last updated in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: "string"
format: "dateTime"
example: "2017-08-09T07:09:37.632105588Z"
Spec:
$ref: "#/definitions/SwarmSpec"
TLSInfo:
$ref: "#/definitions/TLSInfo"
RootRotationInProgress:
description: |
Whether there is currently a root CA rotation in progress for the swarm
type: "boolean"
example: false
DataPathPort:
description: |
DataPathPort specifies the data path port number for data traffic.
Acceptable port range is 1024 to 49151.
If no port is set or is set to 0, the default port (4789) is used.
type: "integer"
format: "uint32"
default: 4789
example: 4789
DefaultAddrPool:
description: |
Default Address Pool specifies default subnet pools for global scope
networks.
type: "array"
items:
type: "string"
format: "CIDR"
example: ["10.10.0.0/16", "20.20.0.0/16"]
SubnetSize:
description: |
SubnetSize specifies the subnet size of the networks created from the
default subnet pool.
type: "integer"
format: "uint32"
maximum: 29
default: 24
example: 24
JoinTokens:
description: |
JoinTokens contains the tokens workers and managers need to join the swarm.
type: "object"
properties:
Worker:
description: |
The token workers can use to join the swarm.
type: "string"
example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
Manager:
description: |
The token managers can use to join the swarm.
type: "string"
example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
Swarm:
type: "object"
allOf:
- $ref: "#/definitions/ClusterInfo"
- type: "object"
properties:
JoinTokens:
$ref: "#/definitions/JoinTokens"
TaskSpec:
description: "User modifiable task configuration."
type: "object"
properties:
PluginSpec:
type: "object"
description: |
Plugin spec for the service. *(Experimental release only.)*
<p><br /></p>
> **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
> mutually exclusive. PluginSpec is only used when the Runtime field
> is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
> field is set to `attachment`.
properties:
Name:
description: "The name or 'alias' to use for the plugin."
type: "string"
Remote:
description: "The plugin image reference to use."
type: "string"
Disabled:
description: "Disable the plugin once scheduled."
type: "boolean"
PluginPrivilege:
type: "array"
items:
description: |
Describes a permission accepted by the user upon installing the
plugin.
type: "object"
properties:
Name:
type: "string"
Description:
type: "string"
Value:
type: "array"
items:
type: "string"
ContainerSpec:
type: "object"
description: |
Container spec for the service.
<p><br /></p>
> **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
> mutually exclusive. PluginSpec is only used when the Runtime field
> is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
> field is set to `attachment`.
properties:
Image:
description: "The image name to use for the container"
type: "string"
Labels:
description: "User-defined key/value data."
type: "object"
additionalProperties:
type: "string"
Command:
description: "The command to be run in the image."
type: "array"
items:
type: "string"
Args:
description: "Arguments to the command."
type: "array"
items:
type: "string"
Hostname:
description: |
The hostname to use for the container, as a valid
[RFC 1123](https://tools.ietf.org/html/rfc1123) hostname.
type: "string"
Env:
description: |
A list of environment variables in the form `VAR=value`.
type: "array"
items:
type: "string"
Dir:
description: "The working directory for commands to run in."
type: "string"
User:
description: "The user inside the container."
type: "string"
Groups:
type: "array"
description: |
A list of additional groups that the container process will run as.
items:
type: "string"
Privileges:
type: "object"
description: "Security options for the container"
properties:
CredentialSpec:
type: "object"
description: "CredentialSpec for managed service account (Windows only)"
properties:
Config:
type: "string"
example: "0bt9dmxjvjiqermk6xrop3ekq"
description: |
Load credential spec from a Swarm Config with the given ID.
The specified config must also be present in the Configs
field with the Runtime property set.
<p><br /></p>
> **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
> and `CredentialSpec.Config` are mutually exclusive.
File:
type: "string"
example: "spec.json"
description: |
Load credential spec from this file. The file is read by
the daemon, and must be present in the `CredentialSpecs`
subdirectory in the docker data directory, which defaults
to `C:\ProgramData\Docker\` on Windows.
For example, specifying `spec.json` loads
`C:\ProgramData\Docker\CredentialSpecs\spec.json`.
<p><br /></p>
> **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
> and `CredentialSpec.Config` are mutually exclusive.
Registry:
type: "string"
description: |
Load credential spec from this value in the Windows
registry. The specified registry value must be located in:
`HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
<p><br /></p>
> **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
> and `CredentialSpec.Config` are mutually exclusive.
SELinuxContext:
type: "object"
description: "SELinux labels of the container"
properties:
Disable:
type: "boolean"
description: "Disable SELinux"
User:
type: "string"
description: "SELinux user label"
Role:
type: "string"
description: "SELinux role label"
Type:
type: "string"
description: "SELinux type label"
Level:
type: "string"
description: "SELinux level label"
TTY:
description: "Whether a pseudo-TTY should be allocated."
type: "boolean"
OpenStdin:
description: "Open `stdin`"
type: "boolean"
ReadOnly:
description: "Mount the container's root filesystem as read only."
type: "boolean"
Mounts:
description: |
Specification for mounts to be added to containers created as part
of the service.
type: "array"
items:
$ref: "#/definitions/Mount"
StopSignal:
description: "Signal to stop the container."
type: "string"
StopGracePeriod:
description: |
Amount of time to wait for the container to terminate before
forcefully killing it.
type: "integer"
format: "int64"
HealthCheck:
$ref: "#/definitions/HealthConfig"
Hosts:
type: "array"
description: |
A list of hostname/IP mappings to add to the container's `hosts`
file. The format of extra hosts is specified in the
[hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
man page:
IP_address canonical_hostname [aliases...]
items:
type: "string"
DNSConfig:
description: |
Specification for DNS related configurations in resolver configuration
file (`resolv.conf`).
type: "object"
properties:
Nameservers:
description: "The IP addresses of the name servers."
type: "array"
items:
type: "string"
Search:
description: "A search list for host-name lookup."
type: "array"
items:
type: "string"
Options:
description: |
A list of internal resolver variables to be modified (e.g.,
`debug`, `ndots:3`, etc.).
type: "array"
items:
type: "string"
Secrets:
description: |
Secrets contains references to zero or more secrets that will be
exposed to the service.
type: "array"
items:
type: "object"
properties:
File:
description: |
File represents a specific target that is backed by a file.
type: "object"
properties:
Name:
description: |
Name represents the final filename in the filesystem.
type: "string"
UID:
description: "UID represents the file UID."
type: "string"
GID:
description: "GID represents the file GID."
type: "string"
Mode:
description: "Mode represents the FileMode of the file."
type: "integer"
format: "uint32"
SecretID:
description: |
SecretID represents the ID of the specific secret that we're
referencing.
type: "string"
SecretName:
description: |
SecretName is the name of the secret that this references,
but this is just provided for lookup/display purposes. The
secret in the reference will be identified by its ID.
type: "string"
Configs:
description: |
Configs contains references to zero or more configs that will be
exposed to the service.
type: "array"
items:
type: "object"
properties:
File:
description: |
File represents a specific target that is backed by a file.
<p><br /><p>
> **Note**: `Configs.File` and `Configs.Runtime` are mutually exclusive
type: "object"
properties:
Name:
description: |
Name represents the final filename in the filesystem.
type: "string"
UID:
description: "UID represents the file UID."
type: "string"
GID:
description: "GID represents the file GID."
type: "string"
Mode:
description: "Mode represents the FileMode of the file."
type: "integer"
format: "uint32"
Runtime:
description: |
Runtime represents a target that is not mounted into the
container but is used by the task
<p><br /><p>
> **Note**: `Configs.File` and `Configs.Runtime` are mutually
> exclusive
type: "object"
ConfigID:
description: |
ConfigID represents the ID of the specific config that we're
referencing.
type: "string"
ConfigName:
description: |
ConfigName is the name of the config that this references,
but this is just provided for lookup/display purposes. The
config in the reference will be identified by its ID.
type: "string"
Isolation:
type: "string"
description: |
Isolation technology of the containers running the service.
(Windows only)
enum:
- "default"
- "process"
- "hyperv"
Init:
description: |
Run an init inside the container that forwards signals and reaps
processes. This field is omitted if empty, and the default (as
configured on the daemon) is used.
type: "boolean"
x-nullable: true
Sysctls:
description: |
Set kernel namedspaced parameters (sysctls) in the container.
The Sysctls option on services accepts the same sysctls as the
are supported on containers. Note that while the same sysctls are
supported, no guarantees or checks are made about their
suitability for a clustered environment, and it's up to the user
to determine whether a given sysctl will work properly in a
Service.
type: "object"
additionalProperties:
type: "string"
NetworkAttachmentSpec:
description: |
Read-only spec type for non-swarm containers attached to swarm overlay
networks.
<p><br /></p>
> **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
> mutually exclusive. PluginSpec is only used when the Runtime field
> is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
> field is set to `attachment`.
type: "object"
properties:
ContainerID:
description: "ID of the container represented by this task"
type: "string"
Resources:
description: |
Resource requirements which apply to each individual container created
as part of the service.
type: "object"
properties:
Limits:
description: "Define resources limits."
$ref: "#/definitions/ResourceObject"
Reservation:
description: "Define resources reservation."
$ref: "#/definitions/ResourceObject"
RestartPolicy:
description: |
Specification for the restart policy which applies to containers
created as part of this service.
type: "object"
properties:
Condition:
description: "Condition for restart."
type: "string"
enum:
- "none"
- "on-failure"
- "any"
Delay:
description: "Delay between restart attempts."
type: "integer"
format: "int64"
MaxAttempts:
description: |
Maximum attempts to restart a given container before giving up
(default value is 0, which is ignored).
type: "integer"
format: "int64"
default: 0
Window:
description: |
Windows is the time window used to evaluate the restart policy
(default value is 0, which is unbounded).
type: "integer"
format: "int64"
default: 0
Placement:
type: "object"
properties:
Constraints:
description: |
An array of constraint expressions to limit the set of nodes where
a task can be scheduled. Constraint expressions can either use a
_match_ (`==`) or _exclude_ (`!=`) rule. Multiple constraints find
nodes that satisfy every expression (AND match). Constraints can
match node or Docker Engine labels as follows:
node attribute | matches | example
---------------------|--------------------------------|-----------------------------------------------
`node.id` | Node ID | `node.id==2ivku8v2gvtg4`
`node.hostname` | Node hostname | `node.hostname!=node-2`
`node.role` | Node role (`manager`/`worker`) | `node.role==manager`
`node.platform.os` | Node operating system | `node.platform.os==windows`
`node.platform.arch` | Node architecture | `node.platform.arch==x86_64`
`node.labels` | User-defined node labels | `node.labels.security==high`
`engine.labels` | Docker Engine's labels | `engine.labels.operatingsystem==ubuntu-14.04`
`engine.labels` apply to Docker Engine labels like operating system,
drivers, etc. Swarm administrators add `node.labels` for operational
purposes by using the [`node update endpoint`](#operation/NodeUpdate).
type: "array"
items:
type: "string"
example:
- "node.hostname!=node3.corp.example.com"
- "node.role!=manager"
- "node.labels.type==production"
- "node.platform.os==linux"
- "node.platform.arch==x86_64"
Preferences:
description: |
Preferences provide a way to make the scheduler aware of factors
such as topology. They are provided in order from highest to
lowest precedence.
type: "array"
items:
type: "object"
properties:
Spread:
type: "object"
properties:
SpreadDescriptor:
description: |
label descriptor, such as `engine.labels.az`.
type: "string"
example:
- Spread:
SpreadDescriptor: "node.labels.datacenter"
- Spread:
SpreadDescriptor: "node.labels.rack"
MaxReplicas:
description: |
Maximum number of replicas for per node (default value is 0, which
is unlimited)
type: "integer"
format: "int64"
default: 0
Platforms:
description: |
Platforms stores all the platforms that the service's image can
run on. This field is used in the platform filter for scheduling.
If empty, then the platform filter is off, meaning there are no
scheduling restrictions.
type: "array"
items:
$ref: "#/definitions/Platform"
ForceUpdate:
description: |
A counter that triggers an update even if no relevant parameters have
been changed.
type: "integer"
Runtime:
description: |
Runtime is the type of runtime specified for the task executor.
type: "string"
Networks:
description: "Specifies which networks the service should attach to."
type: "array"
items:
$ref: "#/definitions/NetworkAttachmentConfig"
LogDriver:
description: |
Specifies the log driver to use for tasks created from this spec. If
not present, the default one for the swarm will be used, finally
falling back to the engine default if not specified.
type: "object"
properties:
Name:
type: "string"
Options:
type: "object"
additionalProperties:
type: "string"
TaskState:
type: "string"
enum:
- "new"
- "allocated"
- "pending"
- "assigned"
- "accepted"
- "preparing"
- "ready"
- "starting"
- "running"
- "complete"
- "shutdown"
- "failed"
- "rejected"
- "remove"
- "orphaned"
Task:
type: "object"
properties:
ID:
description: "The ID of the task."
type: "string"
Version:
$ref: "#/definitions/ObjectVersion"
CreatedAt:
type: "string"
format: "dateTime"
UpdatedAt:
type: "string"
format: "dateTime"
Name:
description: "Name of the task."
type: "string"
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
Spec:
$ref: "#/definitions/TaskSpec"
ServiceID:
description: "The ID of the service this task is part of."
type: "string"
Slot:
type: "integer"
NodeID:
description: "The ID of the node that this task is on."
type: "string"
AssignedGenericResources:
$ref: "#/definitions/GenericResources"
Status:
type: "object"
properties:
Timestamp:
type: "string"
format: "dateTime"
State:
$ref: "#/definitions/TaskState"
Message:
type: "string"
Err:
type: "string"
ContainerStatus:
type: "object"
properties:
ContainerID:
type: "string"
PID:
type: "integer"
ExitCode:
type: "integer"
DesiredState:
$ref: "#/definitions/TaskState"
example:
ID: "0kzzo1i0y4jz6027t0k7aezc7"
Version:
Index: 71
CreatedAt: "2016-06-07T21:07:31.171892745Z"
UpdatedAt: "2016-06-07T21:07:31.376370513Z"
Spec:
ContainerSpec:
Image: "redis"
Resources:
Limits: {}
Reservations: {}
RestartPolicy:
Condition: "any"
MaxAttempts: 0
Placement: {}
ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
Slot: 1
NodeID: "60gvrl6tm78dmak4yl7srz94v"
Status:
Timestamp: "2016-06-07T21:07:31.290032978Z"
State: "running"
Message: "started"
ContainerStatus:
ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
PID: 677
DesiredState: "running"
NetworksAttachments:
- Network:
ID: "4qvuz4ko70xaltuqbt8956gd1"
Version:
Index: 18
CreatedAt: "2016-06-07T20:31:11.912919752Z"
UpdatedAt: "2016-06-07T21:07:29.955277358Z"
Spec:
Name: "ingress"
Labels:
com.docker.swarm.internal: "true"
DriverConfiguration: {}
IPAMOptions:
Driver: {}
Configs:
- Subnet: "10.255.0.0/16"
Gateway: "10.255.0.1"
DriverState:
Name: "overlay"
Options:
com.docker.network.driver.overlay.vxlanid_list: "256"
IPAMOptions:
Driver:
Name: "default"
Configs:
- Subnet: "10.255.0.0/16"
Gateway: "10.255.0.1"
Addresses:
- "10.255.0.10/16"
AssignedGenericResources:
- DiscreteResourceSpec:
Kind: "SSD"
Value: 3
- NamedResourceSpec:
Kind: "GPU"
Value: "UUID1"
- NamedResourceSpec:
Kind: "GPU"
Value: "UUID2"
ServiceSpec:
description: "User modifiable configuration for a service."
properties:
Name:
description: "Name of the service."
type: "string"
Labels:
description: "User-defined key/value metadata."
type: "object"
additionalProperties:
type: "string"
TaskTemplate:
$ref: "#/definitions/TaskSpec"
Mode:
description: "Scheduling mode for the service."
type: "object"
properties:
Replicated:
type: "object"
properties:
Replicas:
type: "integer"
format: "int64"
Global:
type: "object"
UpdateConfig:
description: "Specification for the update strategy of the service."
type: "object"
properties:
Parallelism:
description: |
Maximum number of tasks to be updated in one iteration (0 means
unlimited parallelism).
type: "integer"
format: "int64"
Delay:
description: "Amount of time between updates, in nanoseconds."
type: "integer"
format: "int64"
FailureAction:
description: |
Action to take if an updated task fails to run, or stops running
during the update.
type: "string"
enum:
- "continue"
- "pause"
- "rollback"
Monitor:
description: |
Amount of time to monitor each updated task for failures, in
nanoseconds.
type: "integer"
format: "int64"
MaxFailureRatio:
description: |
The fraction of tasks that may fail during an update before the
failure action is invoked, specified as a floating point number
between 0 and 1.
type: "number"
default: 0
Order:
description: |
The order of operations when rolling out an updated task. Either
the old task is shut down before the new task is started, or the
new task is started before the old task is shut down.
type: "string"
enum:
- "stop-first"
- "start-first"
RollbackConfig:
description: "Specification for the rollback strategy of the service."
type: "object"
properties:
Parallelism:
description: |
Maximum number of tasks to be rolled back in one iteration (0 means
unlimited parallelism).
type: "integer"
format: "int64"
Delay:
description: |
Amount of time between rollback iterations, in nanoseconds.
type: "integer"
format: "int64"
FailureAction:
description: |
Action to take if an rolled back task fails to run, or stops
running during the rollback.
type: "string"
enum:
- "continue"
- "pause"
Monitor: