docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

engine: 28.0.0 (#22007) 

- follow up to: https://github.com/docker/docs/pull/21932
## Description

<!-- Tell us what you did and why -->

## Related issues or tickets

<!-- Related issues, pull requests, or Jira tickets -->

## Reviews

<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->

- [ ] Technical review
- [ ] Editorial review
- [ ] Product review

---------

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This commit is contained in:
Paweł Gronowski 2025-02-20 11:34:35 +00:00 committed by GitHub
parent dfa9e342db
commit df46163d36
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
44 changed files with 14191 additions and 707 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
_vendor/github.com/docker/cli/docs/deprecated.md generated
View File

@ -53,8 +53,10 @@ The following table provides an overview of the current status of deprecated fea
| Status | Feature | Deprecated | Remove |
|------------|------------------------------------------------------------------------------------------------------------------------------------|------------|--------|
| Deprecated | [Configuration for pushing non-distributable artifacts](#configuration-for-pushing-non-distributable-artifacts) | v28.0 | v29.0 |
| Deprecated | [`--time` option on `docker stop` and `docker restart`](#--time-option-on-docker-stop-and-docker-restart) | v28.0 | - |
| Deprecated | [Non-standard fields in image inspect](#non-standard-fields-in-image-inspect) | v27.0 | v28.0 |
| Deprecated | [API CORS headers](#api-cors-headers) | v27.0 | v28.0 |
| Removed | [API CORS headers](#api-cors-headers) | v27.0 | v28.0 |
| Deprecated | [Graphdriver plugins (experimental)](#graphdriver-plugins-experimental) | v27.0 | v28.0 |
| Deprecated | [Unauthenticated TCP connections](#unauthenticated-tcp-connections) | v26.0 | v28.0 |
| Deprecated | [`Container` and `ContainerConfig` fields in Image inspect](#container-and-containerconfig-fields-in-image-inspect) | v25.0 | v26.0 |
@ -78,7 +80,7 @@ The following table provides an overview of the current status of deprecated fea
| Deprecated | [CLI plugins support](#cli-plugins-support) | v20.10 | - |
| Deprecated | [Dockerfile legacy `ENV name value` syntax](#dockerfile-legacy-env-name-value-syntax) | v20.10 | - |
| Removed | [`docker build --stream` flag (experimental)](#docker-build---stream-flag-experimental) | v20.10 | v20.10 |
| Deprecated | [`fluentd-async-connect` log opt](#fluentd-async-connect-log-opt) | v20.10 | - |
| Deprecated | [`fluentd-async-connect` log opt](#fluentd-async-connect-log-opt) | v20.10 | v28.0 |
| Removed | [Configuration options for experimental CLI features](#configuration-options-for-experimental-cli-features) | v19.03 | v23.0 |
| Deprecated | [Pushing and pulling with image manifest v2 schema 1](#pushing-and-pulling-with-image-manifest-v2-schema-1) | v19.03 | v27.0 |
| Removed | [`docker engine` subcommands](#docker-engine-subcommands) | v19.03 | v20.10 |
@ -118,6 +120,55 @@ The following table provides an overview of the current status of deprecated fea
| Removed | [`--run` flag on `docker commit`](#--run-flag-on-docker-commit) | v0.10 | v1.13 |
| Removed | [Three arguments form in `docker import`](#three-arguments-form-in-docker-import) | v0.6.7 | v1.12 |
## Configuration for pushing non-distributable artifacts
**Deprecated in Release: v28.0**
**Target For Removal In Release: v29.0**
Non-distributable artifacts (also called foreign layers) were introduced in
docker v1.12 to accommodate Windows images for which the EULA did not allow
layers to be distributed through registries other than those hosted by Microsoft.
The concept of foreign / non-distributable layers was adopted by the OCI distribution
spec in [oci#233]. These restrictions were relaxed later to allow distributing
these images through non-public registries, for which a configuration was added
in Docker v17.0.6.0.
In 2022, Microsoft updated the EULA and [removed these restrictions][msft-3645201],
followed by the OCI distribution specification deprecating foreign layers in [oci#965].
In 2023, Microsoft [removed the use of foreign data layers][msft-3846833] for their images,
making this functionality obsolete.
Docker v28.0 deprecates the `--allow-nondistributable-artifacts` daemon flag and
corresponding `allow-nondistributable-artifacts` field in `daemon.json`. Setting
either option no longer takes an effect, but a deprecation warning log is added
to raise awareness about the deprecation. This warning is planned to become an
error in the Docker v29.0.
Users currently using these options are therefore recommended to remove this
option from their configuration to prevent the daemon from starting when
upgrading to Docker v29.0.
The `AllowNondistributableArtifactsCIDRs` and `AllowNondistributableArtifactsHostnames`
fields in the `RegistryConfig` of the `GET /info` API response are also deprecated.
For API version v1.48 and lower, the fields are still included in the response
but always `null`. In API version v1.49 and higher, the field will be omitted
entirely.
[oci#233]: https://github.com/opencontainers/image-spec/pull/233
[oci#965]: https://github.com/opencontainers/image-spec/pull/965
[msft-3645201]: https://techcommunity.microsoft.com/blog/containers/announcing-windows-container-base-image-redistribution-rights-change/3645201
[msft-3846833]: https://techcommunity.microsoft.com/blog/containers/announcing-removal-of-foreign-layers-from-windows-container-images/3846833
### `--time` option on `docker stop` and `docker restart`
**Deprecated in Release: v28.0**
The `--time` option for the `docker stop`, `docker container stop`, `docker restart`,
and `docker container restart` commands has been renamed to `--timeout` for
consistency with other uses of timeout options. The `--time` option is now
deprecated and hidden, but remains functional for backward compatibility.
Users are encouraged to migrate to using the `--timeout` option instead.
### Non-standard fields in image inspect
**Deprecated in Release: v27.0**
@ -177,18 +228,19 @@ and a custom [snapshotter](https://github.com/containerd/containerd/tree/v1.7.18
### API CORS headers
**Deprecated in Release: v27.0**
**Target For Removal In Release: v28.0**
**Disabled by default in Release: v27.0**
**Removed in release: v28.0**
The `api-cors-header` configuration option for the Docker daemon is insecure,
and is therefore deprecated and scheduled for removal.
Incorrectly setting this option could leave a window of opportunity
for unauthenticated cross-origin requests to be accepted by the daemon.
Starting in Docker Engine v27.0, this flag can still be set,
In Docker Engine v27.0, this flag can still be set,
but it has no effect unless the environment variable
`DOCKERD_DEPRECATED_CORS_HEADER` is also set to a non-empty value.
This flag will be removed altogether in v28.0.
This flag has been removed altogether in v28.0.
This is a breaking change for authorization plugins and other programs
that depend on this option for accessing the Docker API from a browser.
@ -666,6 +718,7 @@ files.
### `fluentd-async-connect` log opt
**Deprecated in Release: v20.10**
**Removed in Release: v28.0**
The `--log-opt fluentd-async-connect` option for the fluentd logging driver is
[deprecated in favor of `--log-opt fluentd-async`](https://github.com/moby/moby/pull/39086).

66
_vendor/github.com/docker/cli/docs/reference/dockerd.md generated
View File

@ -24,10 +24,9 @@ A self-sufficient runtime for containers.
Options:
--add-runtime runtime Register an additional OCI compatible runtime (default [])
--allow-nondistributable-artifacts list Allow push of nondistributable artifacts to registry
--api-cors-header string Set CORS headers in the Engine API
--authorization-plugin list Authorization plugins to load
--bip string Specify network bridge IP
--bip string Specify default-bridge IPv4 network
--bip6 string Specify default-bridge IPv6 network
-b, --bridge string Attach containers to a network bridge
--cdi-spec-dir list CDI specification directories to use
--cgroup-parent string Set parent cgroup for all containers
@ -63,8 +62,8 @@ Options:
-G, --group string Group for the unix socket (default "docker")
--help Print usage
-H, --host list Daemon socket(s) to connect to
--host-gateway-ip ip IP address that the special 'host-gateway' string in --add-host resolves to.
Defaults to the IP address of the default bridge
--host-gateway-ip list IP addresses that the special 'host-gateway' string in --add-host resolves to.
Defaults to the IP addresses of the default bridge
--http-proxy string HTTP proxy URL to use for outgoing traffic
--https-proxy string HTTPS proxy URL to use for outgoing traffic
--icc Enable inter-container communication (default true)
@ -72,7 +71,8 @@ Options:
--init-path string Path to the docker-init binary
--insecure-registry list Enable insecure registry communication
--ip ip Default IP when binding container ports (default 0.0.0.0)
--ip-forward Enable net.ipv4.ip_forward (default true)
--ip-forward Enable IP forwarding in system configuration (default true)
--ip-forward-no-drop Do not set the filter-FORWARD policy to DROP when enabling IP forwarding
--ip-masq Enable IP masquerading (default true)
--ip6tables Enable addition of ip6tables rules (experimental)
--iptables Enable addition of iptables rules (default true)
@ -687,34 +687,6 @@ To set the DNS search domain for all Docker containers, use:
$ sudo dockerd --dns-search example.com
```
### Allow push of non-distributable artifacts
Some images (e.g., Windows base images) contain artifacts whose distribution is
restricted by license. When these images are pushed to a registry, restricted
artifacts are not included.
To override this behavior for specific registries, use the
`--allow-nondistributable-artifacts` option in one of the following forms:
* `--allow-nondistributable-artifacts myregistry:5000` tells the Docker daemon
to push non-distributable artifacts to myregistry:5000.
* `--allow-nondistributable-artifacts 10.1.0.0/16` tells the Docker daemon to
push non-distributable artifacts to all registries whose resolved IP address
is within the subnet described by the CIDR syntax.
This option can be used multiple times.
This option is useful when pushing images containing non-distributable artifacts
to a registry on an air-gapped network so hosts on that network can pull the
images without connecting to another server.
> [!WARNING]
> Non-distributable artifacts typically have restrictions on how
> and where they can be distributed and shared. Only use this feature to push
> artifacts to private registries and ensure that you are in compliance with
> any terms that cover redistributing non-distributable artifacts.
{ .warning }
### Insecure registries
In this section, "registry" refers to a private registry, and `myregistry:5000`
@ -837,21 +809,34 @@ For details about how to use this feature, as well as limitations, see
The Docker daemon supports a special `host-gateway` value for the `--add-host`
flag for the `docker run` and `docker build` commands. This value resolves to
the host's gateway IP and lets containers connect to services running on the
addresses on the host, so that containers can connect to services running on the
host.
By default, `host-gateway` resolves to the IP address of the default bridge.
By default, `host-gateway` resolves to the IPv4 address of the default bridge,
and its IPv6 address if it has one.
You can configure this to resolve to a different IP using the `--host-gateway-ip`
flag for the dockerd command line interface, or the `host-gateway-ip` key in
the daemon configuration file.
To supply both IPv4 and IPv6 addresses on the command line, use two
`--host-gateway-ip` options.
To supply addresses in the daemon configuration file, use `"host-gateway-ips"`
with a JSON array, as shown below. For compatibility with older versions of the
daemon, a single IP address can also be specified as a JSON string in option
`"host-gateway-ip"`.
```console
$ cat > /etc/docker/daemon.json
{ "host-gateway-ip": "192.0.2.0" }
{ "host-gateway-ips": ["192.0.2.1", "2001:db8::1111"]}
$ sudo systemctl restart docker
$ docker run -it --add-host host.docker.internal:host-gateway \
busybox ping host.docker.internal
PING host.docker.internal (192.0.2.0): 56 data bytes
PING host.docker.internal (192.0.2.1): 56 data bytes
$ docker run -it --add-host host.docker.internal:host-gateway \
busybox ping -6 host.docker.internal
PING host.docker.internal (2001:db8::1111): 56 data bytes
```
### Enable CDI devices
@ -1072,10 +1057,9 @@ The following is a full example of the allowed configuration options on Linux:
```json
{
"allow-nondistributable-artifacts": [],
"api-cors-header": "",
"authorization-plugins": [],
"bip": "",
"bip6": "",
"bridge": "",
"builder": {
"gc": {
@ -1220,7 +1204,6 @@ The following is a full example of the allowed configuration options on Windows:
```json
{
"allow-nondistributable-artifacts": [],
"authorization-plugins": [],
"bridge": "",
"containerd": "\\\\.\\pipe\\containerd-containerd",
@ -1324,7 +1307,6 @@ The list of currently supported options that can be reconfigured is this:
| `default-runtime` | Configures the runtime to be used if not is specified at container creation. |
| `runtimes` | Configures the list of available OCI runtimes that can be used to run containers. |
| `authorization-plugin` | Specifies the authorization plugins to use. |
| `allow-nondistributable-artifacts` | Specifies a list of registries to which the daemon will push non-distributable artifacts. |
| `insecure-registries` | Specifies a list of registries that the daemon should consider insecure. |
| `registry-mirrors` | Specifies a list of registry mirrors. |
| `shutdown-timeout` | Configures the daemon's existing configuration timeout with a new timeout for shutting down all containers. |

44
_vendor/github.com/moby/moby/docs/api/v1.32.yaml generated
View File

@ -3877,55 +3877,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

44
_vendor/github.com/moby/moby/docs/api/v1.33.yaml generated
View File

@ -3881,55 +3881,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

44
_vendor/github.com/moby/moby/docs/api/v1.34.yaml generated
View File

@ -3909,55 +3909,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

44
_vendor/github.com/moby/moby/docs/api/v1.35.yaml generated
View File

@ -3913,55 +3913,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

44
_vendor/github.com/moby/moby/docs/api/v1.36.yaml generated
View File

@ -3926,55 +3926,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

44
_vendor/github.com/moby/moby/docs/api/v1.37.yaml generated
View File

@ -3946,55 +3946,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

44
_vendor/github.com/moby/moby/docs/api/v1.38.yaml generated
View File

@ -4000,55 +4000,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

44
_vendor/github.com/moby/moby/docs/api/v1.39.yaml generated
View File

@ -5278,55 +5278,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

44
_vendor/github.com/moby/moby/docs/api/v1.40.yaml generated
View File

@ -5415,55 +5415,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

44
_vendor/github.com/moby/moby/docs/api/v1.41.yaml generated
View File

@ -5669,55 +5669,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

44
_vendor/github.com/moby/moby/docs/api/v1.42.yaml generated
View File

@ -5669,55 +5669,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

44
_vendor/github.com/moby/moby/docs/api/v1.43.yaml generated
View File

@ -5702,55 +5702,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

44
_vendor/github.com/moby/moby/docs/api/v1.44.yaml generated
View File

@ -5835,55 +5835,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

44
_vendor/github.com/moby/moby/docs/api/v1.45.yaml generated
View File

@ -5821,55 +5821,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

44
_vendor/github.com/moby/moby/docs/api/v1.46.yaml generated
View File

@ -5932,55 +5932,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

50
_vendor/github.com/moby/moby/docs/api/v1.47.yaml generated
View File

@ -5514,7 +5514,11 @@ definitions:
type: "boolean"
example: true
BridgeNfIptables:
description: "Indicates if `bridge-nf-call-iptables` is available on the host."
description: |
Indicates if `bridge-nf-call-iptables` is available on the host when
the daemon was started.
The `br_netfilter`
type: "boolean"
example: true
BridgeNfIp6tables:
@ -5950,55 +5954,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
<p><br /></p>
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["::1/128", "127.0.0.0/8"]
example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
<p><br /></p>
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
> **Deprecated**: Pushing nondistributable artifacts is now always enabled
> and this field is always `null`.
type: "array"
items:
type: "string"
example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax

13524
_vendor/github.com/moby/moby/docs/api/v1.48.yaml generated Normal file
View File

File diff suppressed because it is too large Load Diff

81
_vendor/github.com/moby/moby/docs/api/version-history.md generated
View File

@ -13,6 +13,87 @@ keywords: "API, Docker, rcli, REST, documentation"
will be rejected.
-->
## v1.48 API changes
[Docker Engine API v1.48](https://docs.docker.com/reference/api/engine/version/v1.48/) documentation
* Deprecated: The "error" and "progress" fields in streaming responses for
endpoints that return a JSON progress response, such as `POST /images/create`,
`POST /images/{name}/push`, and `POST /build` are deprecated. These fields
were marked deprecated in API v1.4 (docker v0.6.0) and API v1.8 (docker v0.7.1)
respectively, but still returned. These fields will be left empty or will
be omitted in a future API version. Users should use the information in the
`errorDetail` and `progressDetail` fields instead.
* Deprecated: The "allow-nondistributable-artifacts" daemon configuration is
deprecated and enabled by default. The `AllowNondistributableArtifactsCIDRs`
and `AllowNondistributableArtifactsHostnames` fields in the `RegistryConfig`
struct in the `GET /info` response will now always be `null` and will be
omitted in API v1.49.
* Deprecated: The `BridgeNfIptables` and `BridgeNfIp6tables` fields in the
`GET /info` response are now always be `false` and will be omitted in API
v1.49. The netfilter module is now loaded on-demand, and no longer during
daemon startup, making these fields obsolete.
* `GET /images/{name}/history` now supports a `platform` parameter (JSON
encoded OCI Platform type) that allows to specify a platform to show the
history of.
* `POST /images/{name}/load` and `GET /images/{name}/get` now support a
`platform` parameter (JSON encoded OCI Platform type) that allows to specify
a platform to load/save. Not passing this parameter will result in
loading/saving the full multi-platform image.
* `POST /containers/create` now includes a warning in the response when setting
the container-wide `Config.VolumeDriver` option in combination with volumes
defined through `Mounts` because the `VolumeDriver` option has no effect on
those volumes. This warning was previously generated by the CLI, but now
moved to the daemon so that other clients can also get this warning.
* `POST /containers/create` now supports `Mount` of type `image` for mounting
an image inside a container.
* Deprecated: The `ContainerdCommit.Expected`, `RuncCommit.Expected`, and
`InitCommit.Expected` fields in the `GET /info` endpoint are deprecated
and will be omitted in API v1.49.
* `Sysctls` in `HostConfig` (top level `--sysctl` settings) for `eth0` are
no longer migrated to `DriverOpts`, as described in the changes for v1.46.
* `GET /images/json` and `GET /images/{name}/json` responses now include
`Descriptor` field, which contains an OCI descriptor of the image target.
The new field will only be populated if the daemon provides a multi-platform
image store.
WARNING: This is experimental and may change at any time without any backward
compatibility.
* `GET /images/{name}/json` response now will return the `Manifests` field
containing information about the sub-manifests contained in the image index.
This includes things like platform-specific manifests and build attestations.
The new field will only be populated if the request also sets the `manifests`
query parameter to `true`.
This acts the same as in the `GET /images/json` endpoint.
WARNING: This is experimental and may change at any time without any backward compatibility.
* `GET /containers/{name}/json` now returns an `ImageManifestDescriptor` field
containing the OCI descriptor of the platform-specific image manifest of the
image that was used to create the container.
This field is only populated if the daemon provides a multi-platform image
store.
* `POST /networks/create` now has an `EnableIPv4` field. Setting it to `false`
disables IPv4 IPAM for the network. It can only be set to `false` if the
daemon has experimental features enabled.
* `GET /networks/{id}` now returns an `EnableIPv4` field showing whether the
network has IPv4 IPAM enabled.
* `POST /networks/{id}/connect` and `POST /containers/create` now accept a
`GwPriority` field in `EndpointsConfig`. This value is used to determine which
network endpoint provides the default gateway for the container. The endpoint
with the highest priority is selected. If multiple endpoints have the same
priority, endpoints are sorted lexicographically by their network name, and
the one that sorts first is picked.
* `GET /containers/json` now returns a `GwPriority` field in `NetworkSettings`
for each network endpoint.
* API debug endpoints (`GET /debug/vars`, `GET /debug/pprof/`, `GET /debug/pprof/cmdline`,
`GET /debug/pprof/profile`, `GET /debug/pprof/symbol`, `GET /debug/pprof/trace`,
`GET /debug/pprof/{name}`) are now also accessible through the versioned-API
paths (`/v<API-version>/<endpoint>`).
* `POST /build/prune` renames `keep-bytes` to `reserved-space` and now supports
additional prune parameters `max-used-space` and `min-free-space`.
* `GET /containers/json` now returns an `ImageManifestDescriptor` field
matching the same field in `/containers/{name}/json`.
This field is only populated if the daemon provides a multi-platform image
store.
## v1.47 API changes
[Docker Engine API v1.47](https://docs.docker.com/reference/api/engine/version/v1.47/) documentation

4
_vendor/modules.txt
View File

@ -1,6 +1,6 @@
# github.com/moby/moby v27.5.1+incompatible
# github.com/moby/moby v28.0.0+incompatible
# github.com/moby/buildkit v0.20.0
# github.com/docker/buildx v0.21.0
# github.com/docker/cli v28.0.0-rc.2+incompatible
# github.com/docker/cli v28.0.0+incompatible
# github.com/docker/compose/v2 v2.33.0
# github.com/docker/scout-cli v1.15.0

2
content/reference/api/engine/version/v1.47.md
View File

@ -3,6 +3,4 @@ linkTitle: v1.47
title: Docker Engine API v1.47 reference
aliases:
- /engine/api/v1.47/
- /engine/api/latest/
- /reference/api/engine/latest/
---

8
content/reference/api/engine/version/v1.48.md Normal file
View File

@ -0,0 +1,8 @@
---
linkTitle: v1.48
title: Docker Engine API v1.48 reference
aliases:
- /engine/api/v1.48/
- /engine/api/latest/
- /reference/api/engine/latest/
---

19
data/engine-cli/docker_container_restart.yaml
View File

@ -18,11 +18,22 @@ options:
kubernetes: false
swarm: false
- option: time
value_type: int
default_value: "0"
description: |
Seconds to wait before killing the container (deprecated: use --timeout)
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: timeout
shorthand: t
value_type: int
default_value: "0"
description: Seconds to wait before killing the container
details_url: '#time'
details_url: '#timeout'
deprecated: false
hidden: false
experimental: false
@ -61,14 +72,14 @@ examples: |-
option when creating the container. If no signal is configured for the
container, `SIGTERM` is used as default.
### Stop container with timeout (-t, --timeout) {#time}
### Stop container with timeout (-t, --timeout) {#timeout}
The `--time` flag sets the number of seconds to wait for the container
The `--timeout` flag sets the number of seconds to wait for the container
to stop after sending the pre-defined (see [`--signal`]{#signal)) system call signal.
If the container does not exit after the timeout elapses, it's forcibly killed
with a `SIGKILL` signal.
If you set `--time` to `-1`, no timeout is applied, and the daemon
If you set `--timeout` to `-1`, no timeout is applied, and the daemon
waits indefinitely for the container to exit.
The default timeout can be specified using the [`--stop-timeout`](/reference/cli/docker/container/run/#stop-timeout)

19
data/engine-cli/docker_container_run.yaml
View File

@ -1718,15 +1718,16 @@ examples: |-
for the `--network` flag. Comma-separated options that can be specified in the extended
`--network` syntax are:
| Option | Top-level Equivalent | Description |
|-----------------|---------------------------------------|-------------------------------------------------|
| `name` | | The name of the network (mandatory) |
| `alias` | `--network-alias` | Add network-scoped alias for the container |
| `ip` | `--ip` | IPv4 address (e.g., 172.30.100.104) |
| `ip6` | `--ip6` | IPv6 address (e.g., 2001:db8::33) |
| `mac-address` | `--mac-address` | Container MAC address (e.g., 92:d0:c6:0a:29:33) |
| `link-local-ip` | `--link-local-ip` | Container IPv4/IPv6 link-local addresses |
| `driver-opt` | `docker network connect --driver-opt` | Network driver options |
| Option | Top-level Equivalent | Description |
|-----------------|---------------------------------------|-----------------------------------------------------------------------------------------|
| `name` | | The name of the network (mandatory) |
| `alias` | `--network-alias` | Add network-scoped alias for the container |
| `ip` | `--ip` | IPv4 address (e.g., 172.30.100.104) |
| `ip6` | `--ip6` | IPv6 address (e.g., 2001:db8::33) |
| `mac-address` | `--mac-address` | Container MAC address (e.g., 92:d0:c6:0a:29:33) |
| `link-local-ip` | `--link-local-ip` | Container IPv4/IPv6 link-local addresses |
| `driver-opt` | `docker network connect --driver-opt` | Network driver options |
| `gw-priority` | | Highest gw-priority provides the default gateway. Accepts positive and negative values. |
```console
$ docker network create --subnet 192.0.2.0/24 my-net1

19
data/engine-cli/docker_container_stop.yaml
View File

@ -22,11 +22,22 @@ options:
kubernetes: false
swarm: false
- option: time
value_type: int
default_value: "0"
description: |
Seconds to wait before killing the container (deprecated: use --timeout)
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: timeout
shorthand: t
value_type: int
default_value: "0"
description: Seconds to wait before killing the container
details_url: '#time'
details_url: '#timeout'
deprecated: false
hidden: false
experimental: false
@ -64,14 +75,14 @@ examples: |-
option when creating the container. If no signal is configured for the
container, `SIGTERM` is used as default.
### Stop container with timeout (-t, --timeout) {#time}
### Stop container with timeout (-t, --timeout) {#timeout}
The `--time` flag sets the number of seconds to wait for the container
The `--timeout` flag sets the number of seconds to wait for the container
to stop after sending the pre-defined (see [`--signal`]{#signal)) system call signal.
If the container does not exit after the timeout elapses, it's forcibly killed
with a `SIGKILL` signal.
If you set `--time` to `-1`, no timeout is applied, and the daemon
If you set `--timeout` to `-1`, no timeout is applied, and the daemon
waits indefinitely for the container to exit.
The default timeout can be specified using the [`--stop-timeout`](/reference/cli/docker/container/run/#stop-timeout)

11
data/engine-cli/docker_history.yaml
View File

@ -42,6 +42,17 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: |
Show history for the given platform. Formatted as `os[/arch[/variant]]` (e.g., `linux/amd64`)
deprecated: false
hidden: false
min_api_version: "1.48"
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: quiet
shorthand: q
value_type: bool

63
data/engine-cli/docker_image_history.yaml
View File

@ -43,6 +43,18 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: |
Show history for the given platform. Formatted as `os[/arch[/variant]]` (e.g., `linux/amd64`)
details_url: '#platform'
deprecated: false
hidden: false
min_api_version: "1.48"
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: quiet
shorthand: q
value_type: bool
@ -121,6 +133,57 @@ examples: |-
f6e427c148a7: 4 weeks ago
<missing>: 4 weeks ago
```
### Show history for a specific platform (--platform) {#platform}
The `--platform` option allows you to specify which platform variant to show
history for if multiple platforms are present. By default, `docker history`
shows the history for the daemon's native platform or if not present, the
first available platform.
If the local image store has multiple platform variants of an image, the
`--platform` option selects which variant to show the history for. An error
is produced if the given platform is not present in the local image cache.
The platform option takes the `os[/arch[/variant]]` format; for example,
`linux/amd64` or `linux/arm64/v8`. Architecture and variant are optional,
and if omitted falls back to the daemon's defaults.
The following example pulls the RISC-V variant of the `alpine:latest` image
and shows its history.
```console
$ docker image pull --quiet --platform=linux/riscv64 alpine
docker.io/library/alpine:latest
$ docker image history --platform=linux/s390x alpine
IMAGE CREATED CREATED BY SIZE COMMENT
beefdbd8a1da 3 weeks ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:ba2637314e600db5a… 8.46MB
```
The following example attempts to show the history for a platform variant of
`alpine:latest` that doesn't exist in the local image store, resulting in
an error.
```console
$ docker image ls --tree
IMAGE ID DISK USAGE CONTENT SIZE IN USE
alpine:latest beefdbd8a1da 10.6MB 3.37MB
├─ linux/riscv64 80cde017a105 10.6MB 3.37MB
├─ linux/amd64 33735bd63cf8 0B 0B
├─ linux/arm/v6 50f635c8b04d 0B 0B
├─ linux/arm/v7 f2f82d424957 0B 0B
├─ linux/arm64/v8 9cee2b382fe2 0B 0B
├─ linux/386 b3e87f642f5c 0B 0B
├─ linux/ppc64le c7a6800e3dc5 0B 0B
└─ linux/s390x 2b5b26e09ca2 0B 0B
$ docker image history --platform=linux/s390x alpine
Error response from daemon: image with reference alpine:latest was found but does not match the specified platform: wanted linux/s390x
```
deprecated: false
hidden: false
experimental: false

41
data/engine-cli/docker_image_load.yaml
View File

@ -19,6 +19,18 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: |
Load only the given platform variant. Formatted as `os[/arch[/variant]]` (e.g., `linux/amd64`)
details_url: '#platform'
deprecated: false
hidden: false
min_api_version: "1.48"
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: quiet
shorthand: q
value_type: bool
@ -76,6 +88,35 @@ examples: |-
fedora heisenbug 58394af37342 7 weeks ago 385.5 MB
fedora latest 58394af37342 7 weeks ago 385.5 MB
```
### Load a specific platform (--platform) {#platform}
The `--platform` option allows you to specify which platform variant of the
image to load. By default, `docker load` loads all platform variants that
are present in the archive. Use the `--platform` option to specify which
platform variant of the image to load. An error is produced if the given
platform is not present in the archive.
The platform option takes the `os[/arch[/variant]]` format; for example,
`linux/amd64` or `linux/arm64/v8`. Architecture and variant are optional,
and default to the daemon's native architecture if omitted.
The following example loads the `linux/amd64` variant of an `alpine` image
from an archive that contains multiple platform variants.
```console
$ docker image load -i image.tar --platform=linux/amd64
Loaded image: alpine:latest
```
The following example attempts to load a `linux/ppc64le` image from an
archive, but the given platform is not present in the archive;
```console
$ docker image load -i image.tar --platform=linux/ppc64le
requested platform (linux/ppc64le) not found: image might be filtered out
```
deprecated: false
hidden: false
experimental: false

61
data/engine-cli/docker_image_save.yaml
View File

@ -19,6 +19,18 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: |
Save only the given platform variant. Formatted as `os[/arch[/variant]]` (e.g., `linux/amd64`)
details_url: '#platform'
deprecated: false
hidden: false
min_api_version: "1.48"
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: help
value_type: bool
@ -66,6 +78,55 @@ examples: |-
```console
$ docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy
```
### Save a specific platform (--platform) {#platform}
The `--platform` option allows you to specify which platform variant of the
image to save. By default, `docker save` saves all platform variants that
are present in the daemon's image store. Use the `--platform` option
to specify which platform variant of the image to save. An error is produced
if the given platform is not present in the local image store.
The platform option takes the `os[/arch[/variant]]` format; for example,
`linux/amd64` or `linux/arm64/v8`. Architecture and variant are optional,
and default to the daemon's native architecture if omitted.
The following example pulls the RISC-V variant of the `alpine:latest` image
and saves it to a tar archive.
```console
$ docker pull --platform=linux/riscv64 alpine:latest
latest: Pulling from library/alpine
8c4a05189a5f: Download complete
Digest: sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest
$ docker image save --platform=linux/riscv64 -o alpine-riscv.tar alpine:latest
$ ls -lh image.tar
-rw------- 1 thajeztah staff 3.9M Oct 7 11:06 alpine-riscv.tar
```
The following example attempts to save a platform variant of `alpine:latest`
that doesn't exist in the local image store, resulting in an error.
```console
$ docker image ls --tree
IMAGE ID DISK USAGE CONTENT SIZE IN USE
alpine:latest beefdbd8a1da 10.6MB 3.37MB
├─ linux/riscv64 80cde017a105 10.6MB 3.37MB
├─ linux/amd64 33735bd63cf8 0B 0B
├─ linux/arm/v6 50f635c8b04d 0B 0B
├─ linux/arm/v7 f2f82d424957 0B 0B
├─ linux/arm64/v8 9cee2b382fe2 0B 0B
├─ linux/386 b3e87f642f5c 0B 0B
├─ linux/ppc64le c7a6800e3dc5 0B 0B
└─ linux/s390x 2b5b26e09ca2 0B 0B
$ docker image save --platform=linux/s390x -o alpine-s390x.tar alpine:latest
Error response from daemon: no suitable export target found for platform linux/s390x
```
deprecated: false
hidden: false
experimental: false

68
data/engine-cli/docker_image_tag.yaml
View File

@ -2,38 +2,50 @@ command: docker image tag
aliases: docker image tag, docker tag
short: Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
long: |-
A full image name has the following format and components:
A Docker image reference consists of several components that describe where the
image is stored and its identity. These components are:
`[HOST[:PORT_NUMBER]/]PATH`
```text
[HOST[:PORT]/]NAMESPACE/REPOSITORY[:TAG]
```
- `HOST`: The optional registry hostname specifies where the image is located.
The hostname must comply with standard DNS rules, but may not contain
underscores. If you don't specify a hostname, the command uses Docker's public
registry at `registry-1.docker.io` by default. Note that `docker.io` is the
canonical reference for Docker's public registry.
- `PORT_NUMBER`: If a hostname is present, it may optionally be followed by a
registry port number in the format `:8080`.
- `PATH`: The path consists of slash-separated components. Each
component may contain lowercase letters, digits and separators. A separator is
defined as a period, one or two underscores, or one or more hyphens. A component
may not start or end with a separator. While the
[OCI Distribution Specification](https://github.com/opencontainers/distribution-spec)
supports more than two slash-separated components, most registries only support
two slash-separated components. For Docker's public registry, the path format is
as follows:
- `[NAMESPACE/]REPOSITORY`: The first, optional component is typically a
user's or an organization's namespace. The second, mandatory component is the
repository name. When the namespace is not present, Docker uses `library`
as the default namespace.
`HOST`
: Specifies the registry location where the image resides. If omitted, Docker
defaults to Docker Hub (`docker.io`).
After the image name, the optional `TAG` is a custom, human-readable manifest
identifier that's typically a specific version or variant of an image. The tag
must be valid ASCII and can contain lowercase and uppercase letters, digits,
underscores, periods, and hyphens. It can't start with a period or hyphen and
must be no longer than 128 characters. If you don't specify a tag, the command uses `latest` by default.
`PORT`
: An optional port number for the registry, if necessary (for example, `:5000`).
You can group your images together using names and tags, and then
[push](/reference/cli/docker/image/push/) them to a registry.
`NAMESPACE/REPOSITORY`
: The namespace (optional) usually represents a user or organization. The
repository is required and identifies the specific image. If the namespace is
omitted, Docker defaults to `library`, the namespace reserved for Docker
Official Images.
`TAG`
: An optional identifier used to specify a particular version or variant of the
image. If no tag is provided, Docker defaults to `latest`.
### Example image references
`example.com:5000/team/my-app:2.0`
- Host: `example.com`
- Port: `5000`
- Namespace: `team`
- Repository: `my-app`
- Tag: `2.0`
`alpine`
- Host: `docker.io` (default)
- Namespace: `library` (default)
- Repository: `alpine`
- Tag: `latest` (default)
For more information on the structure and rules of image naming, refer to the
[Distribution reference](https://pkg.go.dev/github.com/distribution/reference#pkg-overview)
as the canonical definition of the format.
usage: docker image tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
pname: docker image
plink: docker_image.yaml

2
data/engine-cli/docker_inspect.yaml
View File

@ -14,7 +14,7 @@ long: |-
### Specify target type (--type) {#type}
`--type container|image|node|network|secret|service|volume|task|plugin`
`--type config|container|image|node|network|secret|service|volume|task|plugin`
The `docker inspect` command matches any type of object by either ID or name. In
some cases multiple type of objects (for example, a container and a volume)

11
data/engine-cli/docker_load.yaml
View File

@ -16,6 +16,17 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: |
Load only the given platform variant. Formatted as `os[/arch[/variant]]` (e.g., `linux/amd64`)
deprecated: false
hidden: false
min_api_version: "1.48"
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: quiet
shorthand: q
value_type: bool

4
data/engine-cli/docker_login.yaml
View File

@ -158,7 +158,7 @@ options:
- option: password
shorthand: p
value_type: string
description: Password
description: Password or Personal Access Token (PAT)
deprecated: false
hidden: false
experimental: false
@ -168,7 +168,7 @@ options:
- option: password-stdin
value_type: bool
default_value: "false"
description: Take the password from stdin
description: Take the Password or Personal Access Token (PAT) from stdin
details_url: '#password-stdin'
deprecated: false
hidden: false

11
data/engine-cli/docker_network_connect.yaml
View File

@ -29,6 +29,17 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: gw-priority
value_type: int
default_value: "0"
description: |
Highest gw-priority provides the default gateway. Accepts positive and negative values.
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ip
value_type: string
description: IPv4 address (e.g., `172.30.100.104`)

51
data/engine-cli/docker_network_create.yaml
View File

@ -170,10 +170,20 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: ipv4
value_type: bool
default_value: "true"
description: Enable or disable IPv4 address assignment
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: ipv6
value_type: bool
default_value: "false"
description: Enable or disable IPv6 networking
description: Enable or disable IPv6 address assignment
deprecated: false
hidden: false
experimental: false
@ -299,30 +309,31 @@ examples: |-
### Bridge driver options
When creating a custom network, the default network driver (i.e. `bridge`) has
additional options that can be passed. The following are those options and the
equivalent Docker daemon flags used for docker0 bridge:
When creating a custom `bridge` network, the following additional options can
be passed. Some of these have equivalent flags that can be used on the dockerd
command line or in `daemon.json` to configure the default bridge, `docker0`:
| Option | Equivalent | Description |
|--------------------------------------------------|-------------|-------------------------------------------------------|
| `com.docker.network.bridge.name` | - | Bridge name to be used when creating the Linux bridge |
| `com.docker.network.bridge.enable_ip_masquerade` | `--ip-masq` | Enable IP masquerading |
| `com.docker.network.bridge.enable_icc` | `--icc` | Enable or Disable Inter Container Connectivity |
| `com.docker.network.bridge.host_binding_ipv4` | `--ip` | Default IP when binding container ports |
| `com.docker.network.driver.mtu` | `--mtu` | Set the containers network MTU |
| `com.docker.network.container_iface_prefix` | - | Set a custom prefix for container interfaces |
| Network create option | Daemon option for `docker0` | Description |
|--------------------------------------------------|-----------------------------|-------------------------------------------------------|
| `com.docker.network.bridge.name` | - | Bridge name to be used when creating the Linux bridge |
| `com.docker.network.bridge.enable_ip_masquerade` | `--ip-masq` | Enable IP masquerading |
| `com.docker.network.bridge.enable_icc` | `--icc` | Enable or Disable Inter Container Connectivity |
| `com.docker.network.bridge.host_binding_ipv4` | `--ip` | Default IP when binding container ports |
| `com.docker.network.driver.mtu` | `--mtu` | Set the containers network MTU |
| `com.docker.network.container_iface_prefix` | - | Set a custom prefix for container interfaces |
The following arguments can be passed to `docker network create` for any
network driver, again with their approximate equivalents to Docker daemon
flags used for the docker0 bridge:
flags used for the `docker0` bridge:
| Argument | Equivalent | Description |
|--------------|----------------|--------------------------------------------|
| `--gateway` | - | IPv4 or IPv6 Gateway for the master subnet |
| `--ip-range` | `--fixed-cidr` | Allocate IPs from a range |
| `--internal` | - | Restrict external access to the network |
| `--ipv6` | `--ipv6` | Enable or disable IPv6 networking |
| `--subnet` | `--bip` | Subnet for network |
| Network create option | Daemon option for `docker0` | Description |
|-----------------------|-----------------------------------|--------------------------------------------|
| `--gateway` | - | IPv4 or IPv6 Gateway for the master subnet |
| `--ip-range` | `--fixed-cidr`, `--fixed-cidr-v6` | Allocate IP addresses from a range |
| `--internal` | - | Restrict external access to the network |
| `--ipv4` | - | Enable or disable IPv4 address assignment |
| `--ipv6` | `--ipv6` | Enable or disable IPv6 address assignment |
| `--subnet` | `--bip`, `--bip6` | Subnet for network |
For example, let's use `-o` or `--opt` options to specify an IP address binding
when publishing ports:

11
data/engine-cli/docker_restart.yaml
View File

@ -17,6 +17,17 @@ options:
kubernetes: false
swarm: false
- option: time
value_type: int
default_value: "0"
description: |
Seconds to wait before killing the container (deprecated: use --timeout)
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: timeout
shorthand: t
value_type: int
default_value: "0"

11
data/engine-cli/docker_save.yaml
View File

@ -16,6 +16,17 @@ options:
experimentalcli: false
kubernetes: false
swarm: false
- option: platform
value_type: string
description: |
Save only the given platform variant. Formatted as `os[/arch[/variant]]` (e.g., `linux/amd64`)
deprecated: false
hidden: false
min_api_version: "1.48"
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
inherited_options:
- option: help
value_type: bool

11
data/engine-cli/docker_stop.yaml
View File

@ -17,6 +17,17 @@ options:
kubernetes: false
swarm: false
- option: time
value_type: int
default_value: "0"
description: |
Seconds to wait before killing the container (deprecated: use --timeout)
deprecated: true
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: timeout
shorthand: t
value_type: int
default_value: "0"

3
data/engine-cli/docker_swarm_init.yaml
View File

@ -102,6 +102,7 @@ options:
value_type: duration
default_value: 5s
description: Dispatcher heartbeat period (ns|us|ms|s|m|h)
details_url: '#dispatcher-heartbeat'
deprecated: false
hidden: false
experimental: false
@ -217,7 +218,7 @@ examples: |-
After disabling it, the encryption key is no longer required to start the
manager, and it will start up on its own without user intervention.
### <a name=""></a> Configure node healthcheck frequency (--dispatcher-heartbeat)
### Configure node healthcheck frequency (--dispatcher-heartbeat) {#dispatcher-heartbeat}
The `--dispatcher-heartbeat` flag sets the frequency at which nodes are told to
report their health.

4
data/engine-cli/docker_system_events.yaml
View File

@ -7,7 +7,7 @@ long: |-
scoped events are only seen on the node they take place on, and Swarm scoped
events are seen on all managers.
Only the last 1000 log events are returned. You can use filters to further limit
Only the last 256 log events are returned. You can use filters to further limit
the number of events returned.
### Object types
@ -137,7 +137,7 @@ long: |-
seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a
fraction of a second no more than nine digits long.
Only the last 1000 log events are returned. You can use filters to further limit
Only the last 256 log events are returned. You can use filters to further limit
the number of events returned.
#### Filtering (--filter) {#filter}

8
go.mod
View File

@ -4,18 +4,18 @@ go 1.23.1
require (
github.com/docker/buildx v0.21.0 // indirect
github.com/docker/cli v28.0.0-rc.2+incompatible // indirect
github.com/docker/cli v28.0.0+incompatible // indirect
github.com/docker/compose/v2 v2.33.0 // indirect
github.com/docker/scout-cli v1.15.0 // indirect
github.com/moby/buildkit v0.20.0 // indirect
github.com/moby/moby v27.5.1+incompatible // indirect
github.com/moby/moby v28.0.0+incompatible // indirect
)
replace (
github.com/docker/buildx => github.com/docker/buildx v0.21.0
github.com/docker/cli => github.com/docker/cli v27.5.1+incompatible
github.com/docker/cli => github.com/docker/cli v28.0.0+incompatible
github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.32.4
github.com/docker/scout-cli => github.com/docker/scout-cli v1.15.0
github.com/moby/buildkit => github.com/moby/buildkit v0.20.0
github.com/moby/moby => github.com/moby/moby v27.5.1+incompatible
github.com/moby/moby => github.com/moby/moby v28.0.0+incompatible
)

4
go.sum
View File

@ -148,6 +148,8 @@ github.com/docker/cli v27.5.0+incompatible h1:aMphQkcGtpHixwwhAXJT1rrK/detk2JIvD
github.com/docker/cli v27.5.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/cli v27.5.1+incompatible h1:JB9cieUT9YNiMITtIsguaN55PLOHhBSz3LKVc6cqWaY=
github.com/docker/cli v27.5.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/cli v28.0.0+incompatible h1:ido37VmLUqEp+5NFb9icd6BuBB+SNDgCn+5kPCr2buA=
github.com/docker/cli v28.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/compose-cli v1.0.35 h1:uZyEHLalfqBS2PiTpA1LAULyJmuQ+YtZg7nG4Xl3/Cc=
github.com/docker/compose-cli v1.0.35/go.mod h1:mSXI4hFLpRU3EtI8NTo32bNwI0UXSr8jnq+/rYjGAUU=
github.com/docker/compose/v2 v2.22.0 h1:3rRz4L7tPU75wRsV8JZh2/aTgerQvPa1cpzZN+tHqUY=
@ -382,6 +384,8 @@ github.com/moby/moby v27.5.0+incompatible h1:RuYLppjLxMzWmPUQAy/hkJ6pGcXsuVdcmIV
github.com/moby/moby v27.5.0+incompatible/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc=
github.com/moby/moby v27.5.1+incompatible h1:/pN59F/t3U7Q4FPzV88nzqf7Fp0qqCSL2KzhZaiKcKw=
github.com/moby/moby v27.5.1+incompatible/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc=
github.com/moby/moby v28.0.0+incompatible h1:D+F1Z56b/DS8J5pUkTG/stemqrvHBQ006hUqJxjV9P0=
github.com/moby/moby v28.0.0+incompatible/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc=
github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=

8
hugo.yaml
View File

@ -111,16 +111,16 @@ params:
# Use `grep` to figure out how they might be used.
# Latest version of the Docker Engine API
latest_engine_api_version: "1.47"
latest_engine_api_version: "1.48"
# Latest version of Docker Engine
docker_ce_version: "27.5.1"
docker_ce_version: "28.0.0"
# Previous version of the Docker Engine
# (Used to show e.g., "latest" and "latest"-1 in engine install examples
docker_ce_version_prev: "27.5.0"
docker_ce_version_prev: "27.5.1"
# Latest Docker Compose version
compose_version: "v2.33.0"
# Latest BuildKit version
buildkit_version: "0.16.0"
buildkit_version: "0.20.0"
# Example runtime/library/os versions
example_go_version: "1.23"