docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into cap

This commit is contained in:
Tammy Fox 2018-07-26 00:43:41 -04:00 committed by GitHub
parent 7ac756a1a5 b279e95ff7
commit 50bdb51ce5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
28 changed files with 526 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_config.yml
View File

@ -23,7 +23,7 @@ latest_stable_docker_engine_api_version: "1.37"
docker_ce_stable_version: "18.03"
docker_ce_edge_version: "18.05"
docker_ee_version: "17.06"
compose_version: "1.21.2"
compose_version: "1.22.0"
machine_version: "0.14.0"
distribution_version: "2.6"
dtr_version: "2.5"

8
_data/ddc_offline_files_2.yaml
View File

@ -8,15 +8,17 @@
tar-files:
- description: "3.0.2 Linux"
url: https://packages.docker.com/caas/ucp_images_3.0.2.tar.gz
- description: "3.0.2 Windows"
- description: "3.0.2 Windows Server 2016 LTSC"
url: https://packages.docker.com/caas/ucp_images_win_2016_3.0.2.tar.gz
- description: "3.0.2 Windows Server 1709"
url: https://packages.docker.com/caas/ucp_images_win_1709_3.0.2.tar.gz
- description: "3.0.1 Linux"
url: https://packages.docker.com/caas/ucp_images_3.0.1.tar.gz
- description: "3.0.1 Windows"
- description: "3.0.1 Windows Server 2016 LTSC"
url: https://packages.docker.com/caas/ucp_images_win_3.0.1.tar.gz
- description: "3.0.0 Linux"
url: https://packages.docker.com/caas/ucp_images_3.0.0.tar.gz
- description: "3.0.0 Windows"
- description: "3.0.0 Windows Server 2016 LTSC"
url: https://packages.docker.com/caas/ucp_images_win_3.0.0.tar.gz
- product: "ucp"
version: "2.2"

6
_includes/content/compose-extfields-sub.md
View File

@ -2,6 +2,12 @@ It is possible to re-use configuration fragments using extension fields. Those
special fields can be of any format as long as they are located at the root of
your Compose file and their name start with the `x-` character sequence.
> **Note**
>
> Starting with the 3.7 format (for the 3.x series) and 2.4 format
> (for the 2.x series), extension fields are also allowed at the root
> of service, volume, network, config and secret definitions.
```none
version: '2.1'
x-custom:

1
_includes/content/compose-matrix.md
View File

@ -2,6 +2,7 @@ This table shows which Compose file versions support specific Docker releases.
| **Compose file format** | **Docker Engine release** |
| ------------------- | ------------------ |
| 3.7 | 18.06.0+ |
| 3.6 | 18.02.0+ |
| 3.5 | 17.12.0+ |
| 3.4 | 17.09.0+ |

9
_includes/ee-linux-install-reuse.md
View File

@ -283,8 +283,15 @@ To manually install Docker EE, download the `.{{ package-format | downcase }}` f
```bash
$ sudo rm -rf /var/lib/docker
```
3. Delete other docker related resources:
```bash
$ sudo rm -rf /run/docker
$ sudo rm -rf /var/run/docker
$ sudo rm -rf /etc/docker
```
3. If desired, remove the `devicemapper` thin pool and reformat the block
4. If desired, remove the `devicemapper` thin pool and reformat the block
devices that were part of it.
You must delete any edited configuration files manually.

14
compose/compose-file/compose-versioning.md
View File

@ -243,6 +243,8 @@ supported by **Compose 1.21.0+**.
Introduces the following additional parameters:
- [`platform`](compose-file-v2.md#platform) for service definitions
- Support for extension fields at the root of service, network, and volume
definitions
### Version 3
@ -301,6 +303,18 @@ Introduces the following additional parameters:
- [`tmpfs` size](index.md#long-syntax-3) for `tmpfs`-type mounts
### Version 3.7
An upgrade of [version 3](#version-3) that introduces new parameters. It is
only available with Docker Engine version **18.06.0** and higher.
Introduces the following additional parameters:
- [`init`](index.md#init) in service definitions
- [`rollback_config`](index.md#rollback_config) in deploy configurations
- Support for extension fields at the root of service, network, volume, secret
and config definitions
## Upgrading
### Version 2.x to 3.x

37
compose/compose-file/index.md
View File

@ -759,6 +759,20 @@ services:
window: 120s
```
#### rollback_config
> [Version 3.7 file format](compose-versioning.md#version-37) and up
Configures how the service should be rollbacked in case of a failing
update.
- `parallelism`: The number of containers to rollback at a time. If set to 0, all containers rollback simultaneously.
- `delay`: The time to wait between each container group's rollback (default 0s).
- `failure_action`: What to do if a rollback fails. One of `continue` or `pause` (default `pause`)
- `monitor`: Duration after each task update to monitor for failure `(ns|us|ms|s|m|h)` (default 0s).
- `max_failure_ratio`: Failure rate to tolerate during a rollback (default 0).
- `order`: Order of operations during rollbacks. One of `stop-first` (old task is stopped before starting new one), or `start-first` (new task is started first, and the running tasks briefly overlap) (default `stop-first`).
#### update_config
Configures how the service should be updated. Useful for configuring rolling
@ -1118,6 +1132,27 @@ If the image does not exist, Compose attempts to pull it, unless you have also
specified [build](#build), in which case it builds it using the specified
options and tags it with the specified tag.
### init
> [Added in version 3.7 file format](compose-versioning.md#version-37).
Run an init inside the container that forwards signals and reaps processes.
Either set a boolean value to use the default `init`, or specify a path to
a custom one.
version: '2.2'
services:
web:
image: alpine:latest
init: true
version: '2.2'
services:
web:
image: alpine:latest
init: /usr/libexec/docker-init
### isolation
Specify a containers isolation technology. On Linux, the only supported value
@ -1986,7 +2021,7 @@ conflicting with those used by other software.
> [Added in version 3.4 file format](compose-versioning.md#version-34)
Set a custom name for this volume. The name field can be used to reference
networks that contain special characters. The name is used as is
volumes that contain special characters. The name is used as is
and will **not** be scoped with the stack name.
version: '3.4'

2
compose/reference/build.md
View File

@ -22,7 +22,7 @@ Services are built once and then tagged, by default as `project_service`. For
example, `composetest_db`. If the Compose file specifies an
[image](/compose/compose-file/index.md#image) name, the image is
tagged with that name, substituting any variables beforehand. See [variable
substitution](#variable-substitution).
substitution](/compose/compose-file/#variable-substitution).
If you change a service's Dockerfile or the contents of its
build directory, run `docker-compose build` to rebuild it.

6
develop/develop-images/dockerfile_best-practices.md
View File

@ -428,12 +428,12 @@ recommendations.
s3cmd=1.1.* \
&& rm -rf /var/lib/apt/lists/*
The `s3cmd` instructions specifies a version `1.1.*`. If the image previously
The `s3cmd` argument specifies a version `1.1.*`. If the image previously
used an older version, specifying the new one causes a cache bust of `apt-get
update` and ensure the installation of the new version. Listing packages on
update` and ensures the installation of the new version. Listing packages on
each line can also prevent mistakes in package duplication.
In addition, when you clean up the apt cache by removing `/var/lib/apt/lists`
In addition, when you clean up the apt cache by removing `/var/lib/apt/lists` it
reduces the image size, since the apt cache is not stored in a layer. Since the
`RUN` statement starts with `apt-get update`, the package cache is always
refreshed prior to `apt-get install`.

31
docker-for-mac/edge-release-notes.md
View File

@ -18,6 +18,37 @@ for Mac](install.md#download-docker-for-mac).
## Edge Releases of 2018
### Docker Community Edition 18.06.0-ce-mac69 2018-07-25
[Download](https://download.docker.com/mac/edge/26398/Docker.dmg)
* Upgrades
- [Docker 18.06.0-ce](https://github.com/docker/docker-ce/releases/tag/v18.06.0-ce)
* Bug fixes and minor changes
- Fix bug in experimental SOCKS server. See [docker/for-mac#2670](https://github.com/docker/for-mac/issues/2670)
- Fix bug in docker login when "Securely store Docker logins in macOS keychain" is unchecked. Fixed [docker/for-mac#3104](https://github.com/docker/for-mac/issues/3104)
### Docker Community Edition 18.06.0-ce-rc3-mac68 2018-07-19
[Download](https://download.docker.com/mac/edge/26342/Docker.dmg)
* Upgrades
- [Docker 18.06.0-ce-rc3](https://github.com/docker/docker-ce/releases/tag/v18.06.0-ce-rc3)
- [Docker Machine 0.15.0](https://github.com/docker/machine/releases/tag/v0.15.0)
- [Docker compose 1.22.0](https://github.com/docker/compose/releases/tag/1.22.0)
* New
- Add an experimental SOCKS server to allow access to container networks, see [docker/for-mac#2670](https://github.com/docker/for-mac/issues/2670#issuecomment-372365274). Also see [docker/for-mac#2721](https://github.com/docker/for-mac/issues/2721)
* Bug fixes and minor changes
- AUFS storage driver is deprecated in Docker Desktop and AUFS support will be removed in the next major release. You can continue with AUFS in Docker Desktop 18.06.x, but you will need to reset disk image (in Preferences > Reset menu) before updating to the next major update. You can check documentation to [save images](https://docs.docker.com/engine/reference/commandline/save/#examples) and [backup volumes](https://docs.docker.com/storage/volumes/#backup-restore-or-migrate-data-volumes)
- Fix startup issue with aufs [docker/for-mac#2804](https://github.com/docker/for-mac/issues/2804)
- Fix status bug which could prevent the kubernetes cluster from starting. Fixes [docker/for-mac#2990](https://github.com/docker/for-mac/issues/2990)
- Fix bug which would cause VM logs to be written to RAM rather than disk in some cases, and the VM to hang. See [docker/for-mac#2984](https://github.com/docker/for-mac/issues/2984)
- Fix network connection leak triggered by haproxy TCP health-checks [docker/for-mac#1132](https://github.com/docker/for-mac/issues/1132)
- Better message to reset vmnetd when it's disabled. See [docker/for-mac#3035](https://github.com/docker/for-mac/issues/3035)
### Docker Community Edition 18.05.0-ce-mac67 2018-06-07
[Download](https://download.docker.com/mac/edge/25042/Docker.dmg)

31
docker-for-mac/release-notes.md
View File

@ -20,6 +20,37 @@ for Mac](install.md#download-docker-for-mac).
## Stable Releases of 2018
### Docker Community Edition 18.06.0-ce-mac70 2018-07-25
[Download](https://download.docker.com/mac/stable/26399/Docker.dmg)
* Upgrades
- [Docker 18.06.0-ce](https://github.com/docker/docker-ce/releases/tag/v18.06.0-ce)
- [Docker Machine 0.15.0](https://github.com/docker/machine/releases/tag/v0.15.0)
- [Docker compose 1.22.0](https://github.com/docker/compose/releases/tag/1.22.0)
- [LinuxKit v0.5](https://github.com/linuxkit/linuxkit/releases/tag/v0.5)
- Linux Kernel 4.9.93 with CEPH, DRBD, RBD, MPLS_ROUTING and MPLS_IPTUNNEL enabled
* New
- Kubernetes Support. You can now run a single-node Kubernetes cluster from the "Kubernetes" Pane in Docker For Mac Preferences and use kubectl commands as well as docker commands. See https://docs.docker.com/docker-for-mac/kubernetes/
- Add an experimental SOCKS server to allow access to container networks, see [docker/for-mac#2670](https://github.com/docker/for-mac/issues/2670#issuecomment-372365274). Also see [docker/for-mac#2721](https://github.com/docker/for-mac/issues/2721)
- Re-enable raw as the the default disk format for users running macOS 10.13.4 and higher. Note this change only takes effect after a "reset to factory defaults" or "remove all data" (from the Whale menu -> Preferences -> Reset). Related to [docker/for-mac#2625](https://github.com/docker/for-mac/issues/2625)
* Bug fixes and minor changes
- AUFS storage driver is deprecated in Docker Desktop and AUFS support will be removed in the next major release. You can continue with AUFS in Docker Desktop 18.06.x, but you will need to reset disk image (in Preferences > Reset menu) before updating to the next major update. You can check documentation to [save images](https://docs.docker.com/engine/reference/commandline/save/#examples) and [backup volumes](https://docs.docker.com/storage/volumes/#backup-restore-or-migrate-data-volumes)
- OS X El Captain 10.11 is deprecated in Docker Desktop. You will not be able to install updates after Docker Desktop 18.06.x. We recommend upgrading to the latest version of macOS.
- Fix bug which would cause VM logs to be written to RAM rather than disk in some cases, and the VM to hang. See [docker/for-mac#2984](https://github.com/docker/for-mac/issues/2984)
- Fix network connection leak triggered by haproxy TCP health-checks [docker/for-mac#1132](https://github.com/docker/for-mac/issues/1132)
- Better message to reset vmnetd when it's disabled. See [docker/for-mac#3035](https://github.com/docker/for-mac/issues/3035)
- Fix VPNKit memory leak. Fixes [moby/vpnkit#371](https://github.com/moby/vpnkit/issues/371)
- Virtual Machine default disk path is stored relative to $HOME. Fixes [docker/for-mac#2928](https://github.com/docker/for-mac/issues/2928), [docker/for-mac#1209](https://github.com/docker/for-mac/issues/1209)
- Use Simple NTP to minimise clock drift between the VM and the host. Fixes [docker/for-mac#2076](https://github.com/docker/for-mac/issues/2076)
- Fix a race between calling stat on a file and calling close of a file descriptor referencing the file that could result in the stat failing with EBADF (often presented as "File not found"). Fixes [docker/for-mac#2870](https://github.com/docker/for-mac/issues/2870)
- Do not allow install of Docker for Mac on macOS Yosemite 10.10, this version is not supported since Docker for Mac 17.09.0.
- Fix button order in reset dialog windows. Fixes [docker/for-mac#2827](https://github.com/docker/for-mac/issues/2827)
- Fix upgrade straight from pre-17.12 versions where Docker for Mac cannot restart once the upgrade has been performed. Fixes [docker/for-mac#2739](https://github.com/docker/for-mac/issues/2739)
- Added log rotation for docker-ce logs inside the virtual machine.
### Docker Community Edition 18.03.1-ce-mac65 2018-04-30
[Download](https://download.docker.com/mac/stable/24312/Docker.dmg)

26
docker-for-windows/edge-release-notes.md
View File

@ -18,6 +18,32 @@ for Windows](install.md#download-docker-for-windows).
## Edge Releases of 2018
### Docker Community Edition 18.06.0-ce-win69 2018-07-25
[Download](https://download.docker.com/win/edge/19070/Docker%20for%20Windows%20Installer.exe)
* Upgrades
- [Docker 18.06.0-ce](https://github.com/docker/docker-ce/releases/tag/v18.06.0-ce)
### Docker Community Edition 18.06.0-ce-rc3-win68 2018-07-19
[Download](https://download.docker.com/win/edge/18994/Docker%20for%20Windows%20Installer.exe)
* Upgrades
- [Docker 18.06.0-ce-rc3](https://github.com/docker/docker-ce/releases/tag/v18.06.0-ce-rc3)
- [Docker Machine 0.15.0](https://github.com/docker/machine/releases/tag/v0.15.0)
- [Docker compose 1.22.0](https://github.com/docker/compose/releases/tag/1.22.0)
* New
- New Kubernetes menu item allowing to switch Kubernetes context & connect to clusters other than the local one.
* Bug fixes and minor changes
- AUFS storage driver is deprecated in Docker Desktop and AUFS support will be removed in the next major release. You can continue with AUFS in Docker Desktop 18.06.x, but you will need to reset disk image (in Settings > Reset menu) before updating to the next major update. You can check documentation to [save images](https://docs.docker.com/engine/reference/commandline/save/#examples) and [backup volumes](https://docs.docker.com/storage/volumes/#backup-restore-or-migrate-data-volumes)
- Fix startup issue with aufs
- Fix status bug which could prevent the kubernetes cluster from starting.
- Fix bug which would cause VM logs to be written to RAM rather than disk in some cases, and the VM to hang.
- Fix security issue with named pipe connection to docker service.
### Docker Community Edition 18.05.0-ce-win67 2018-06-07
[Download](https://download.docker.com/win/edge/18263/Docker%20for%20Windows%20Installer.exe)

25
docker-for-windows/release-notes.md
View File

@ -20,6 +20,31 @@ for Windows](install.md#download-docker-for-windows).
## Stable Releases of 2018
### Docker Community Edition 18.06.0-ce-win70 2018-07-25
[Download](https://download.docker.com/win/stable/19075/Docker%20for%20Windows%20Installer.exe)
* Upgrades
- [Docker 18.06.0-ce](https://github.com/docker/docker-ce/releases/tag/v18.06.0-ce)
- [Docker Machine 0.15.0](https://github.com/docker/machine/releases/tag/v0.15.0)
- [Docker compose 1.22.0](https://github.com/docker/compose/releases/tag/1.22.0)
- [LinuxKit v0.4](https://github.com/linuxkit/linuxkit/releases/tag/v0.4)
- Linux Kernel 4.9.93 with CEPH, DRBD, RBD, MPLS_ROUTING and MPLS_IPTUNNEL enabled
* New
- Kubernetes Support. You can now run a single-node Kubernetes cluster from the "Kubernetes" Pane in Docker for Windows settings and use kubectl commands as well as docker commands. See https://docs.docker.com/docker-for-windows/kubernetes/
* Bug fixes and minor changes
- AUFS storage driver is deprecated in Docker Desktop and AUFS support will be removed in the next major release. You can continue with AUFS in Docker Desktop 18.06.x, but you will need to reset disk image (in Settings > Reset menu) before updating to the next major update. You can check documentation to [save images](https://docs.docker.com/engine/reference/commandline/save/#examples) and [backup volumes](https://docs.docker.com/storage/volumes/#backup-restore-or-migrate-data-volumes)
- Fix bug which would cause VM logs to be written to RAM rather than disk in some cases, and the VM to hang.
- Fix security issue with named pipe connection to docker service.
- Fix VPNKit memory leak. Fixes [docker/for-win#2087](https://github.com/docker/for-win/issues/2087), [moby/vpnkit#371](https://github.com/moby/vpnkit/issues/371)
- Fix restart issue when using Windows fast startup on latest 1709 Windows updates. Fixes [docker/for-win#1741](https://github.com/docker/for-win/issues/1741), [docker/for-win#1741](https://github.com/docker/for-win/issues/1741)
- DNS name `host.docker.internal` can be used for host resolution from Windows Containers. Fixes [docker/for-win#1976](https://github.com/docker/for-win/issues/1976)
- Fix broken link in diagnostics window.
- Added log rotation for docker-ce logs inside the virtual machine.
- Changed smb permission to avoid issue when trying to manipulate files with different users in containers. Fixes [docker/for-win#2170](https://github.com/docker/for-win/issues/2170)
### Docker Community Edition 18.03.1-ce-win65 2018-04-30
[Download](https://download.docker.com/win/stable/17513/Docker%20for%20Windows%20Installer.exe)

8
docker-store/certify-images.md
View File

@ -40,7 +40,13 @@ The `inspectDockerImage` tool does the following:
- Attempts to stop the container to ensure that it can be stopped gracefully.
> The `inspectDockerImage` tool will detect issues and output them as **warnings** or **errors**. **Errors** must be fixed in order to certify. Resolving **warnings** is not required to certify, but you try to resolve them.
The `inspectDockerImage` tool will detect issues and output them as **warnings** or **errors**. **Errors** must be fixed in order to certify. Resolving **warnings** is not required to certify, but you should try to resolve them.
If you are publishing and certifying multiple versions for a Docker image, you will need to run the `inspectDockerImage` tool on each Docker image and send each result to Docker Store.
If you are publishing and certifying multi-architecture Docker image (e.g. Linux, Power, s390x, windows, etc.) you will need to run the `inspectDockerImage` tool on the Docker EE server running on each architecture and send the results to Docker Store.
Details on how to run the `inspectDockerImage` tool and send the results to Docker Store are in the sections that follow.
### Prerequisites

13
docker-store/certify-plugins-logging.md
View File

@ -30,9 +30,11 @@ The `inspectDockerLoggingPlugin` command verifies that your Docker logging plugi
- Displays the container logs and compares it to `quotes.txt`. If they match, the test is successful.
> The `inspectDockerLoggingPlugin` tool will detect issues and output them as **warnings** or **errors**. **Errors** must be fixed in order to certify. Resolving **warnings** is not required to certify, but you try to resolve them.
The `inspectDockerLoggingPlugin` tool will detect issues and output them as **warnings** or **errors**. **Errors** must be fixed in order to certify. Resolving **warnings** is not required to certify, but you should try to resolve them.
The syntax for running a specific logging plugin is: `docker container run --log-driver`.
If you are publishing and certifying multiple versions of a Docker logging plugin, you will need to run the `inspectDockerLoggingPlugin` tool on each Docker logging plugin and send each result to Docker Store.
The syntax for running a specific logging plugin is `docker container run --log-driver`.
No parameters are passed to the logging plugin. If parameters are required for the Docker logging plugin to work correctly, then a custom test script must be written and used. The default `docker container run` command is:
@ -359,13 +361,13 @@ gforghetti:~/$
gforghetti:~:$ ./inspectDockerLoggingPlugin --json gforghetti/docker-log-driver-test:latest | jq
```
Note: The output was piped to the **jq** command to display it "nicely".
> Note: The output was piped to the **jq** command to display it "nicely".
#### Output:
```
```
{
{
"Date": "Mon May 21 14:38:28 2018",
"SystemOperatingSystem": "Operating System: Ubuntu 16.04.4 LTS",
"SystemArchitecture": "amd64",
@ -419,7 +421,6 @@ Note: The output was piped to the **jq** command to display it "nicely".
}
]
}
🐳 gforghetti:~/$
```
<a name="inspect-logging-plugin-html">

6
edge/index.md
View File

@ -4,7 +4,9 @@ description: Information about current Docker Edge releases
keywords: engine, edge, installation
---
The current Docker CE Edge release is **[{{ site.docker_ce_edge_version }}](https://docs.docker.com/release-notes/docker-ce/#edge-releases)**.
> **The Docker CE Edge channel is deprecated in favor of nightly channel. See [About Docker CE](/install/index.md) for details on how to access the nightly channel.**
The latest Docker CE Edge release is **[{{ site.docker_ce_edge_version }}](https://docs.docker.com/release-notes/docker-ce/#edge-releases)**.
The Docker CE Edge channel provides monthly releases which allow you to try new
features of Docker and verify bug fixes quickly. Each edge release is only
@ -14,7 +16,7 @@ available.
Stable releases are not published to the Edge channel, so Linux repository users
should subscribe to both Edge and Stable channels.
> Commercial support is not available for Docker CE. For information about all Docker release channels and expectations about support, see [Dockerchannels](/install/index.md#docker-channels).
> Commercial support is not available for Docker CE. For information about all Docker release channels and expectations about support, see [About Docker CE](/install/index.md).
Documentation for API and CLI references is updated with each Edge release as
appropriate. However, full documentation for features may not be available until

8
ee/end-to-end-install.md
View File

@ -20,13 +20,7 @@ Values of n in the -ee-<n> suffix must be 8 or higher
* 4.00 GB of RAM
* 3.00 GB of available disk space
Also, make sure the hosts are running one of these operating systems:
* A maintained version of CentOS 7. Archived versions aren't supported or tested.
* Red Hat Enterprise Linux 7.0, 7.1, 7.2, or 7.3
* Ubuntu 14.04 LTS or 16.04 LTS
* SUSE Linux Enterprise 12
* Oracle Linux 7.3
Also, make sure the hosts are running one of the supported operating systems from the [Compatibility Matrix](https://success.docker.com/article/compatibility-matrix).
[Learn more about Docker EE system requirements](ucp/admin/install/system-requirements.md).

18
ee/engine/release-notes.md
View File

@ -19,6 +19,18 @@ it references. However, Docker EE also includes back-ported fixes
defect fixes that you can use in environments where new features cannot be
adopted as quickly for consistency and compatibility reasons.
## 18.03.1-ee-2 (2018-07-10)
> Important notes about this release
>
> If you're deploying UCP or DTR, use Docker EE Engine 17.06.
{: .important}
### Runtime
+ Add /proc/acpi to masked paths [(CVE-2018-10892)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10892). [moby/moby#37404](https://github.com/moby/moby/pull/37404)
## 18.03.1-ee-1 (2018-06-27)
> Important notes about this release
@ -42,6 +54,12 @@ adopted as quickly for consistency and compatibility reasons.
+ Support for `--chown` with `COPY` and `ADD` in `Dockerfile`.
+ Add support for multiple logging drivers for `docker logs`.
## 17.06.2-ee-15 (2018-07-10)
### Runtime
- Add /proc/acpi to masked paths [(CVE-2018-10892)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10892). [moby/moby#37404](https://github.com/moby/moby/pull/37404)
## 17.06.2-ee-14 (2018-06-21)
### Client

2
ee/ucp/admin/configure/ucp-configuration-file.md
View File

@ -151,7 +151,7 @@ Settings for syncing system admininistrator users.
| `search_filter` | no | The LDAP search filter used to select users if `select_group_members` is `false`, for example, `(memberOf=cn=ddc-admins,ou=groups,dc=example,dc=com)`. May be left blank. |
### registries array (required)
### registries array (optional)
An array of tables that specifies the DTR instances that the current UCP instance manages.

5
ee/ucp/authorization/migrate-kubernetes-roles.md
View File

@ -113,8 +113,9 @@ Kubernetes workloads:
* Docker EE has its own RBAC system, so it's not possible to create
`ClusterRole` objects, `ClusterRoleBinding` objects, or any other object that is
created by using the `/apis/rbac.authorization.k8s.io` endpoints.
* To make sure your cluster is secure, only users with the "Full Control" role of the given Kubernetes namespace can deploy pods with
privileged options. These are options like `PodSpec.hostIPC`, `PodSpec.hostNetwork`,
* To make sure your cluster is secure, only users and service accounts that have been
granted "Full Control" of all Kubernetes namespaces can deploy pods with privileged
options. This includes: `PodSpec.hostIPC`, `PodSpec.hostNetwork`,
`PodSpec.hostPID`, `SecurityContext.allowPrivilegeEscalation`,
`SecurityContext.capabilities`, `SecurityContext.privileged`, and
`Volume.hostPath`.

4
ee/ucp/release-notes.md
View File

@ -12,7 +12,7 @@ redirect_from:
Here you can learn about new features, bug fixes, breaking changes, and
known issues for the latest UCP version.
You can then use [the upgrade instructions](admin/install/upgrade.md), to
You can then use [the upgrade instructions](admin/install/upgrade.md) to
upgrade your installation to the latest release.
* [Version 3.0](#version-30)
@ -42,6 +42,8 @@ Azure Disk when installing UCP with the `--cloud-provider` option.
built-in Kubernetes RBAC authorizer. If you had a custom role with
(for instance) Pod Get permissions, you may need to create a new custom
role with permissions for each new subresource.
* To deploy Pods with Privileged options, users now require a grant with the
role `Full Control` for all namespaces.
* The `/api/ucp/config` endpoint now includes default node orchestrator.
* Added `cni_mtu` and `cni_ipinip_mtu` settings to UCP config for controlling
MTU sizes in Calico.

11
engine/examples/dotnetcore.md
View File

@ -41,7 +41,7 @@ Windows](/docker-for-windows/). Read more on [switching containers](/docker-for-
the `Dockerfile` to use the DLL file of your project.
```dockerfile
FROM microsoft/aspnetcore-build:2.0 AS build-env
FROM microsoft/dotnet:sdk AS build-env
WORKDIR /app
# Copy csproj and restore as distinct layers
@ -53,7 +53,7 @@ COPY . ./
RUN dotnet publish -c Release -o out
# Build runtime image
FROM microsoft/aspnetcore:2.0
FROM microsoft/dotnet:aspnetcore-runtime
WORKDIR /app
COPY --from=build-env /app/out .
ENTRYPOINT ["dotnet", "aspnetapp.dll"]
@ -96,7 +96,6 @@ $ docker run -d -p 8080:80 --name myapp aspnetapp
## Further reading
- [ASP.NET Core](https://docs.microsoft.com/en-us/aspnet/core/)
- [Microsoft ASP.NET Core on Docker
Hub](https://hub.docker.com/r/microsoft/aspnetcore/)
- [ASP.NET Core with Docker Tools for Visual
Studio](https://blogs.msdn.microsoft.com/webdev/2016/11/16/new-docker-tools-for-visual-studio/)
- [Microsoft ASP.NET Core on Docker Hub](https://hub.docker.com/r/microsoft/dotnet/)
- [Building Docker Images for .NET Core Applications](https://docs.microsoft.com/dotnet/core/docker/building-net-docker-images)
- [Docker Tools for Visual Studio](https://docs.microsoft.com/dotnet/articles/core/docker/visual-studio-tools-for-docker)

169
install/index.md
View File

@ -18,20 +18,130 @@ redirect_from:
Docker Community Edition (CE) is ideal for developers and small
teams looking to get started with Docker and experimenting with container-based
apps. Docker CE has two update channels, **stable** and **edge**:
apps. Docker CE has three types of update channels, **stable**, **test**, and **nightly**:
* **Stable** gives you reliable updates every quarter.
* **Edge** gives you new features every month.
* **Stable** gives you latest releases for general availability.
* **Test** gives pre-releases that are ready for testing before general availability.
* **Nightly** gives you latest builds of work in progress for the next major release.
For more information about Docker CE, see
[Docker Community Edition](https://www.docker.com/community-edition/){: target="_blank" class="_" }.
## Supported platforms
## Releases
Docker CE is available on multiple platforms, on cloud and on-premises.
Use the following tables to choose the best installation path for you.
For the Docker CE engine, the open
repositories [Docker Engine](https://github.com/docker/engine) and
[Docker Client](https://github.com/docker/cli) apply.
### Desktop
Releases of Docker Engine and Docker Client for general availability
are versioned using dotted triples. The components of this triple
are `YY.mm.<patch>` where the `YY.mm` component is referred to as the
year-month release. The version numbering format is chosen to illustrate
cadence and does not guarantee SemVer, but the desired date for general
availability. The version number may have additional information, such as
beta and release candidate qualifications. Such releases are considered
"pre-releases".
The cadence of the year-month releases is every 6 months starting with
the `18.09` release. The patch releases for a year-month release take
place as needed to address bug fixes during its support cycle.
Docker CE binaries for a release are available on [download.docker.com](https://download.docker.com/)
as packages for the supported operating systems. Docker EE binaries are
available on the [Docker Store](https://store.docker.com/) for the supported operating systems. The
release channels are available for each of the year-month releases and
allow users to "pin" on a year-month release of choice. The release
channel also receives patch releases when they become available.
### Nightly builds
Nightly builds are created once per day from the master branch. The version
number for nightly builds take the format `0.YYYYmmdd.HHMMSS`,
for example `0.20181231.093045`. These builds allow for testing from the
latest code on the master branch. No qualifications or guarantees are made
for the nightly builds.
The release channel for these builds is called `nightly`.
### Pre-releases
In preparation for a new year-month release, a branch is created from
the master branch with format `YY.mm` when the milestones desired by
Docker for the release have achieved feature-complete. Pre-releases
such as betas and release candidates are conducted from their respective release
branches. Patch releases and the corresponding pre-releases are performed
from within the corresponding release branch.
While pre-releases are done to assist in the stabilization process, no
guarantees are provided.
Binaries built for pre-releases are available in the test channel for
the targeted year-month release using the naming format `test-YY.mm`,
for example `test-18.09`.
### General availability
Year-month releases are made from a release branch diverged from the master
branch. The branch is created with format `<year>.<month>`, for example
`18.09`. The year-month name indicates the earliest possible calendar
month to expect the release to be generally available. All further patch
releases are performed from that branch. For example, once `v18.09.0` is
released, all subsequent patch releases are built from the `18.09` branch.
Binaries built from this releases are available in the stable channel
`stable-YY.mm`, for example `stable-18.09`, as well as the corresponding
test channel.
### Relationship between CE and EE code
For a given year-month release, Docker releases both CE and EE
variants concurrently. EE is a superset of the code delivered in
CE. Docker maintains publicly visible repositories for the CE code
as well as private repositories for the EE code. Automation (a bot)
is used to keep the branches between CE and EE in sync so as features
and fixes are merged on the various branches in the CE repositories
(upstream), the corresponding EE repositories and branches are kept
in sync (downstream). While Docker and its partners make every effort
to minimize merge conflicts between CE and EE, occasionally they will
happen, and Docker will work hard to resolve them in a timely fashion.
## Next release
The activity for upcoming year-month releases is tracked in the milestones
of the repository.
## Support
Docker CE releases of a year-month branch are supported with patches
as needed for 7 months after the first year-month general availability
release. Docker EE releases are supported for 24 months after the first
year-month general availability release.
This means bug reports and backports to release branches are assessed
until the end-of-life date.
After the year-month branch has reached end-of-life, the branch may be
deleted from the repository.
### Reporting security issues
The Docker maintainers take security seriously. If you discover a security
issue, please bring it to their attention right away!
Please DO NOT file a public issue; instead send your report privately
to security@docker.com.
Security reports are greatly appreciated, and Docker will publicly thank you
for it. Docker also likes to send gifts — if you're into swag, make sure to
let us know. Docker currently does not offer a paid security bounty program
but are not ruling it out in the future.
### Supported platforms
Docker CE is available on multiple platforms. Use the following tables
to choose the best installation path for you.
#### Desktop
{% assign green-check = '![yes](/install/images/green-check.svg){: style="height: 14px; margin: 0 auto"}' %}
@ -40,19 +150,7 @@ Use the following tables to choose the best installation path for you.
| [Docker for Mac (macOS)](/docker-for-mac/install.md) | {{ green-check }} |
| [Docker for Windows (Microsoft Windows 10)](/docker-for-windows/install.md) | {{ green-check }} |
### Cloud
{% assign green-check = '![yes](/install/images/green-check.svg){: style="height: 14px; margin: 0 auto"}' %}
| Platform | Docker Community Edition |
|:----------------------------------------|:------------------------:|
| [Amazon Web Services](/docker-for-aws/) | {{ green-check }} |
| [Microsoft Azure](/docker-for-azure/) | {{ green-check }} |
### Server
#### Server
{% assign green-check = '![yes](/install/images/green-check.svg){: style="height: 14px; margin: 0 auto"}' %}
{% assign install-prefix-ce = '/install/linux/docker-ce' %}
@ -64,23 +162,32 @@ Use the following tables to choose the best installation path for you.
| [Fedora]({{ install-prefix-ce }}/fedora.md) | [{{ green-check }}]({{ install-prefix-ce }}/fedora.md) | | | | |
| [Ubuntu]({{ install-prefix-ce }}/ubuntu.md) | [{{ green-check }}]({{ install-prefix-ce }}/ubuntu.md) | [{{ green-check }}]({{ install-prefix-ce }}/ubuntu.md) | [{{ green-check }}]({{ install-prefix-ce }}/ubuntu.md) | [{{ green-check }}]({{ install-prefix-ce }}/ubuntu.md) | [{{ green-check }}]({{ install-prefix-ce }}/ubuntu.md) |
### Backporting
## Time-based release schedule
Backports to the Docker products are prioritized by the Docker company. A
Docker employee or repository maintainer will endeavour to ensure sensible
bugfixes make it into _active_ releases.
Starting with Docker 17.03, Docker uses a time-based release schedule.
If there are important fixes that ought to be considered for backport to
active release branches, be sure to highlight this in the PR description
or by adding a comment to the PR.
- Docker CE Edge releases generally happen monthly.
- Docker CE Stable releases generally happen quarterly, with patch releases as
needed.
### Upgrade path
### Updates, and patches
Patch releases are always backward compatible with its year-month version.
- A given Docker CE Stable release receives patches and updates for **one
month after the next Docker CE Stable release**.
- A given Docker CE Edge release does not receive any patches or updates after
a subsequent Docker CE Edge or Stable release.
## Not covered
As a general rule, anything not mentioned in this document may change in any release.
## Exceptions
Exceptions are made in the interest of __security patches__. If a break
in release procedure or product functionality is required, it will
be communicated clearly, and the solution will be considered against
total impact.
## Get started
After setting up Docker, you can learn the basics over at
After setting up Docker, you can learn the basics with
[Getting started with Docker](/get-started/).

56
install/windows/docker-ee.md
View File

@ -7,6 +7,8 @@ redirect_from:
- /engine/installation/windows/docker-ee/
---
{% capture filename %}{{ page.win_latest_build }}.zip{% endcapture %} {% capture download_url %}https://download.docker.com/components/engine/windows-server/{{ site.docker_ee_version }}/{{ filename }}{% endcapture %}
Docker Enterprise Edition for Windows Server (*Docker EE*) enables native
Docker containers on Windows Server. Windows Server 2016 and later versions are supported. The Docker EE installation package
includes everything you need to run Docker on Windows Server.
@ -71,6 +73,60 @@ sconfig
Select option `6) Download and Install Updates`.
## Use a script to install Docker EE
Use the following steps when you want to install manually, script automated
installs, or install on air-gapped systems.
1. In a PowerShell command prompt, download the installer archive on a machine
that has a connection.
```PowerShell
# On an online machine, download the zip file.
invoke-webrequest -UseBasicparsing -Outfile {{ filename }} {{ download_url }}
```
2. Copy the zip file to the machine where you want to install Docker. In a
PowerShell command prompt, use the following commands to extract the archive,
register, and start the Docker service.
```PowerShell
#Stop Docker service
Stop-Service docker
# Extract the archive.
Expand-Archive {{ filename }} -DestinationPath $Env:ProgramFiles -Force
# Clean up the zip file.
Remove-Item -Force {{ filename }}
# Install Docker. This requires rebooting.
$null = Install-WindowsFeature containers
# Add Docker to the path for the current session.
$env:path += ";$env:ProgramFiles\docker"
# Optionally, modify PATH to persist across sessions.
$newPath = "$env:ProgramFiles\docker;" +
[Environment]::GetEnvironmentVariable("PATH",
[EnvironmentVariableTarget]::Machine)
[Environment]::SetEnvironmentVariable("PATH", $newPath,
[EnvironmentVariableTarget]::Machine)
# Register the Docker daemon as a service.
dockerd --register-service
# Start the Docker service.
Start-Service docker
```
3. Test your Docker EE installation by running the `hello-world` container.
```PowerShell
docker container run hello-world:nanoserver
```
## Install a specific version
To install a specific Docker version, you can use the

2
reference/ucp/3.0/cli/install.md
View File

@ -61,7 +61,7 @@ command.
| `--swarm-port` | Port for the Docker Swarm manager. Used for backwards compatibility |
| `--swarm-grpc-port` | Port for communication between nodes |
| `--cni-installer-url` | A URL pointing to a Kubernetes YAML file to be used as an installer for the CNI plugin of the cluster. If specified, the default CNI plugin is not installed. If the URL uses the HTTPS scheme, no certificate verification is performed. |
| `--pod-cidr` | Kubernetes cluster IP pool for the pods to allocated IP from (Default: 192.168.0.0/16) |
| `--pod-cidr` | Kubernetes cluster IP pool for the pods to allocated IPs from (Default: 192.168.0.0/16) |
| `--cloud-provider` | The cloud provider for the cluster |
| `--dns` | Set custom DNS servers for the UCP containers |
| `--dns-opt` | Set DNS options for the UCP containers |

85
release-notes/docker-compose.md
View File

@ -5,6 +5,91 @@ keywords: release notes, compose
toc_max: 2
---
## 1.22.0 (2018-07-17)
### New features
#### Compose format version 3.7
- Introduced version 3.7 of the `docker-compose.yml` specification.
This version requires Docker Engine 18.06.0 or above.
- Added support for `rollback_config` in the deploy configuration
- Added support for the `init` parameter in service configurations
- Added support for extension fields in service, network, volume, secret,
and config configurations
#### Compose format version 2.4
- Added support for extension fields in service, network,
and volume configurations
### Bugfixes
- Fixed a bug that prevented deployment with some Compose files when
`DOCKER_DEFAULT_PLATFORM` was set
- Compose will no longer try to create containers or volumes with
invalid starting characters
- Fixed several bugs that prevented Compose commands from working properly
with containers created with an older version of Compose
- Fixed an issue with the output of `docker-compose config` with the
`--compatibility-mode` flag enabled when the source file contains
attachable networks
- Fixed a bug that prevented the `gcloud` credential store from working
properly when used with the Compose binary on UNIX
- Fixed a bug that caused connection errors when trying to operate
over a non-HTTPS TCP connection on Windows
- Fixed a bug that caused builds to fail on Windows if the Dockerfile
was located in a subdirectory of the build context
- Fixed an issue that prevented proper parsing of UTF-8 BOM encoded
Compose files on Windows
- Fixed an issue with handling of the double-wildcard (`**`) pattern in `.dockerignore` files when using `docker-compose build`
- Fixed a bug that caused auth values in legacy `.dockercfg` files to be ignored
- `docker-compose build` will no longer attempt to create image names starting with an invalid character
## 1.21.2 (2018-05-03)
### Bugfixes
- Fixed a bug where the ip_range attirbute in IPAM configs was prevented
from passing validation
## 1.21.1 (2018-04-27)
### Bugfixes
- In 1.21.0, we introduced a change to how project names are sanitized for
internal use in resource names. This caused issues when manipulating an
existing, deployed application whose name had changed as a result.
This release properly detects resources using "legacy" naming conventions.
- Fixed an issue where specifying an in-context Dockerfile using an absolute
path would fail despite being valid.
- Fixed a bug where IPAM option changes were incorrectly detected, preventing
redeployments.
- Validation of v2 files now properly checks the structure of IPAM configs.
- Improved support for credentials stores on Windows to include binaries using
extensions other than `.exe`. The list of valid extensions is determined by
the contents of the `PATHEXT` environment variable.
- Fixed a bug where Compose would generate invalid binds containing duplicate
elements with some v3.2 files, triggering errors at the Engine level during
deployment.
## 1.21.0 (2018-04-11)
### New features

18
storage/storagedriver/device-mapper-driver.md
View File

@ -10,12 +10,11 @@ Device Mapper is a kernel-based framework that underpins many advanced
volume management technologies on Linux. Docker's `devicemapper` storage driver
leverages the thin provisioning and snapshotting capabilities of this framework
for image and container management. This article refers to the Device Mapper
storage driver as `devicemapper`, and the kernel framework as `Device Mapper`.
storage driver as `devicemapper`, and the kernel framework as _Device Mapper_.
For the systems where it is supported, `devicemapper` support is included in
the Linux kernel. However, specific configuration is required to use it with
Docker. For instance, on a stock installation of RHEL or CentOS, Docker
defaults to `overlay`, which is not a supported configuration.
Docker.
The `devicemapper` driver uses block devices dedicated to Docker and operates at
the block level, rather than the file level. These devices can be extended by
@ -24,10 +23,9 @@ a filesystem at the level of the operating system.
## Prerequisites
- `devicemapper` storage driver is the only supported storage driver for Docker
EE and Commercially Supported Docker Engine (CS-Engine) on RHEL, CentOS, and
Oracle Linux. See the
[Product compatibility matrix](https://success.docker.com/Policies/Compatibility_Matrix).
- `devicemapper` storage driver is a supported storage driver for Docker
EE on many OS distribution. See the
[Product compatibility matrix](https://success.docker.com/article/compatibility-matrix) for details.
- `devicemapper` is also supported on Docker CE running on CentOS, Fedora,
Ubuntu, or Debian.
@ -45,9 +43,9 @@ Before following these procedures, you must first meet all the
### Configure `loop-lvm` mode for testing
This configuration is only appropriate for testing. Loopback devices are slow
and resource-intensive, and require you to create file on disk at specific sizes.
They can also introduce race conditions. They are supposed for testing because
the set-up is easier.
and resource-intensive, and they require you to create file on disk at specific sizes.
They can also introduce race conditions. They are available for testing because
the setup is easier.
For production systems, see
[Configure direct-lvm mode for production](#configure-direct-lvm-mode-for-production).

2
storage/storagedriver/overlayfs-driver.md
View File

@ -432,7 +432,7 @@ Consider some scenarios where files in a container are modified.
writes the changes to the new copy of the file in the container layer.
However, OverlayFS works at the file level rather than the block level. This
means that all OverlayFS copy_up operations copy the entire file, even if the\
means that all OverlayFS copy_up operations copy the entire file, even if the
file is very large and only a small part of it is being modified. This can
have a noticeable impact on container write performance. However, two things
are worth noting: