mirror of https://github.com/docker/docs.git
346 lines
14 KiB
YAML
346 lines
14 KiB
YAML
command: docker container create
|
|
short: Create a new container
|
|
long: "Creates a writeable container layer over the specified image and prepares it
|
|
for\nrunning the specified command. The container ID is then printed to STDOUT.
|
|
This\nis similar to **docker run -d** except the container is never started. You
|
|
can \nthen use the **docker start <container_id>** command to start the container
|
|
at\nany point.\n\nThe initial status of the container created with **docker create**
|
|
is 'created'.\n\n# OPTIONS \n\nThe `CONTAINER-DIR` must be an absolute path such
|
|
as `/src/docs`. The `HOST-DIR`\ncan be an absolute path or a `name` value. A `name`
|
|
value must start with an\nalphanumeric character, followed by `a-z0-9`, `_` (underscore),
|
|
`.` (period) or\n`-` (hyphen). An absolute path starts with a `/` (forward slash).\n\nIf
|
|
you supply a `HOST-DIR` that is an absolute path, Docker bind-mounts to the\npath
|
|
you specify. If you supply a `name`, Docker creates a named volume by that\n`name`.
|
|
For example, you can specify either `/foo` or `foo` for a `HOST-DIR`\nvalue. If
|
|
you supply the `/foo` value, Docker creates a bind-mount. If you\nsupply the `foo`
|
|
specification, Docker creates a named volume.\n\nYou can specify multiple **-v**
|
|
options to mount one or more mounts to a\ncontainer. To use these same mounts in
|
|
other containers, specify the\n**--volumes-from** option also.\n\nYou can add `:ro`
|
|
or `:rw` suffix to a volume to mount it read-only or\nread-write mode, respectively.
|
|
By default, the volumes are mounted read-write.\nSee examples.\n\nLabeling systems
|
|
like SELinux require that proper labels are placed on volume\ncontent mounted into
|
|
a container. Without a label, the security system might\nprevent the processes running
|
|
inside the container from using the content. By\ndefault, Docker does not change
|
|
the labels set by the OS.\n\nTo change a label in the container context, you can
|
|
add either of two suffixes\n`:z` or `:Z` to the volume mount. These suffixes tell
|
|
Docker to relabel file\nobjects on the shared volumes. The `z` option tells Docker
|
|
that two containers\nshare the volume content. As a result, Docker labels the content
|
|
with a shared\ncontent label. Shared volume labels allow all containers to read/write
|
|
content.\nThe `Z` option tells Docker to label the content with a private unshared
|
|
label.\nOnly the current container can use a private volume.\n\nBy default bind
|
|
mounted volumes are `private`. That means any mounts done\ninside container will
|
|
not be visible on host and vice-a-versa. One can change\nthis behavior by specifying
|
|
a volume mount propagation property. Making a\nvolume `shared` mounts done under
|
|
that volume inside container will be\nvisible on host and vice-a-versa. Making a
|
|
volume `slave` enables only one\nway mount propagation and that is mounts done on
|
|
host under that volume\nwill be visible inside container but not the other way around.\n\nTo
|
|
control mount propagation property of volume one can use `:[r]shared`,\n`:[r]slave`
|
|
or `:[r]private` propagation flag. Propagation property can\nbe specified only for
|
|
bind mounted volumes and not for internal volumes or\nnamed volumes. For mount propagation
|
|
to work source mount point (mount point\nwhere source dir is mounted on) has to
|
|
have right propagation properties. For\nshared volumes, source mount point has to
|
|
be shared. And for slave volumes,\nsource mount has to be either shared or slave.\n\nUse
|
|
`df <source-dir>` to figure out the source mount and then use\n`findmnt -o TARGET,PROPAGATION
|
|
<source-mount-dir>` to figure out propagation\nproperties of source mount. If `findmnt`
|
|
utility is not available, then one\ncan look at mount entry for source mount point
|
|
in `/proc/self/mountinfo`. Look\nat `optional fields` and see if any propagaion
|
|
properties are specified.\n`shared:X` means mount is `shared`, `master:X` means
|
|
mount is `slave` and if\nnothing is there that means mount is `private`.\n\nTo change
|
|
propagation properties of a mount point use `mount` command. For\nexample, if one
|
|
wants to bind mount source directory `/foo` one can do\n`mount --bind /foo /foo`
|
|
and `mount --make-private --make-shared /foo`. This\nwill convert /foo into a `shared`
|
|
mount point. Alternatively one can directly\nchange propagation properties of source
|
|
mount. Say `/` is source mount for\n`/foo`, then use `mount --make-shared /` to
|
|
convert `/` into a `shared` mount.\n\n> **Note**:\n> When using systemd to manage
|
|
the Docker daemon's start and stop, in the systemd\n> unit file there is an option
|
|
to control mount propagation for the Docker daemon\n> itself, called `MountFlags`.
|
|
The value of this setting may cause Docker to not\n> see mount propagation changes
|
|
made on the mount point. For example, if this value\n> is `slave`, you may not be
|
|
able to use the `shared` or `rshared` propagation on\n> a volume.\n\n\nTo disable
|
|
automatic copying of data from the container path to the volume, use\nthe `nocopy`
|
|
flag. The `nocopy` flag can be set on bind mounts and named volumes.\n\n# EXAMPLES\n\n##
|
|
Specify isolation technology for container (--isolation)\n\nThis option is useful
|
|
in situations where you are running Docker containers on\nWindows. The `--isolation=<value>`
|
|
option sets a container's isolation\ntechnology. On Linux, the only supported is
|
|
the `default` option which uses\nLinux namespaces. On Microsoft Windows, you can
|
|
specify these values:\n\n* `default`: Use the value specified by the Docker daemon's
|
|
`--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft
|
|
Windows uses `process` as its default value.\n* `process`: Namespace isolation only.\n*
|
|
`hyperv`: Hyper-V hypervisor partition-based isolation.\n\nSpecifying the `--isolation`
|
|
flag without a value is the same as setting `--isolation=\"default\"`.\n"
|
|
usage: docker container create [OPTIONS] IMAGE [COMMAND] [ARG...]
|
|
pname: docker container
|
|
plink: docker_container.yaml
|
|
options:
|
|
- option: add-host
|
|
default_value: '[]'
|
|
description: Add a custom host-to-IP mapping (host:ip)
|
|
- option: attach
|
|
shorthand: a
|
|
default_value: '[]'
|
|
description: Attach to STDIN, STDOUT or STDERR
|
|
- option: blkio-weight
|
|
default_value: "0"
|
|
description: |
|
|
Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)
|
|
- option: blkio-weight-device
|
|
default_value: '[]'
|
|
description: Block IO weight (relative device weight)
|
|
- option: cap-add
|
|
default_value: '[]'
|
|
description: Add Linux capabilities
|
|
- option: cap-drop
|
|
default_value: '[]'
|
|
description: Drop Linux capabilities
|
|
- option: cgroup-parent
|
|
description: Optional parent cgroup for the container
|
|
- option: cidfile
|
|
description: Write the container ID to the file
|
|
- option: cpu-count
|
|
default_value: "0"
|
|
description: CPU count (Windows only)
|
|
- option: cpu-percent
|
|
default_value: "0"
|
|
description: CPU percent (Windows only)
|
|
- option: cpu-period
|
|
default_value: "0"
|
|
description: Limit CPU CFS (Completely Fair Scheduler) period
|
|
- option: cpu-quota
|
|
default_value: "0"
|
|
description: Limit CPU CFS (Completely Fair Scheduler) quota
|
|
- option: cpu-rt-period
|
|
default_value: "0"
|
|
description: Limit CPU real-time period in microseconds
|
|
- option: cpu-rt-runtime
|
|
default_value: "0"
|
|
description: Limit CPU real-time runtime in microseconds
|
|
- option: cpu-shares
|
|
shorthand: c
|
|
default_value: "0"
|
|
description: CPU shares (relative weight)
|
|
- option: cpus
|
|
default_value: "0.000"
|
|
description: Number of CPUs
|
|
- option: cpuset-cpus
|
|
description: CPUs in which to allow execution (0-3, 0,1)
|
|
- option: cpuset-mems
|
|
description: MEMs in which to allow execution (0-3, 0,1)
|
|
- option: credentialspec
|
|
description: Credential spec for managed service account (Windows only)
|
|
- option: device
|
|
default_value: '[]'
|
|
description: Add a host device to the container
|
|
- option: device-read-bps
|
|
default_value: '[]'
|
|
description: Limit read rate (bytes per second) from a device
|
|
- option: device-read-iops
|
|
default_value: '[]'
|
|
description: Limit read rate (IO per second) from a device
|
|
- option: device-write-bps
|
|
default_value: '[]'
|
|
description: Limit write rate (bytes per second) to a device
|
|
- option: device-write-iops
|
|
default_value: '[]'
|
|
description: Limit write rate (IO per second) to a device
|
|
- option: disable-content-trust
|
|
default_value: "true"
|
|
description: Skip image verification
|
|
- option: dns
|
|
default_value: '[]'
|
|
description: Set custom DNS servers
|
|
- option: dns-opt
|
|
default_value: '[]'
|
|
description: Set DNS options
|
|
- option: dns-option
|
|
default_value: '[]'
|
|
description: Set DNS options
|
|
- option: dns-search
|
|
default_value: '[]'
|
|
description: Set custom DNS search domains
|
|
- option: entrypoint
|
|
description: Overwrite the default ENTRYPOINT of the image
|
|
- option: env
|
|
shorthand: e
|
|
default_value: '[]'
|
|
description: Set environment variables
|
|
- option: env-file
|
|
default_value: '[]'
|
|
description: Read in a file of environment variables
|
|
- option: expose
|
|
default_value: '[]'
|
|
description: Expose a port or a range of ports
|
|
- option: group-add
|
|
default_value: '[]'
|
|
description: Add additional groups to join
|
|
- option: health-cmd
|
|
description: Command to run to check health
|
|
- option: health-interval
|
|
default_value: "0"
|
|
description: Time between running the check (ns|us|ms|s|m|h) (default 0s)
|
|
- option: health-retries
|
|
default_value: "0"
|
|
description: Consecutive failures needed to report unhealthy
|
|
- option: health-timeout
|
|
default_value: "0"
|
|
description: |
|
|
Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s)
|
|
- option: help
|
|
default_value: "false"
|
|
description: Print usage
|
|
- option: hostname
|
|
shorthand: h
|
|
description: Container host name
|
|
- option: init
|
|
default_value: "false"
|
|
description: |
|
|
Run an init inside the container that forwards signals and reaps processes
|
|
- option: init-path
|
|
description: Path to the docker-init binary
|
|
- option: interactive
|
|
shorthand: i
|
|
default_value: "false"
|
|
description: Keep STDIN open even if not attached
|
|
- option: io-maxbandwidth
|
|
description: |
|
|
Maximum IO bandwidth limit for the system drive (Windows only)
|
|
- option: io-maxiops
|
|
default_value: "0"
|
|
description: Maximum IOps limit for the system drive (Windows only)
|
|
- option: ip
|
|
description: IPv4 address (e.g., 172.30.100.104)
|
|
- option: ip6
|
|
description: IPv6 address (e.g., 2001:db8::33)
|
|
- option: ipc
|
|
description: IPC namespace to use
|
|
- option: isolation
|
|
description: Container isolation technology
|
|
- option: kernel-memory
|
|
description: Kernel memory limit
|
|
- option: label
|
|
shorthand: l
|
|
default_value: '[]'
|
|
description: Set meta data on a container
|
|
- option: label-file
|
|
default_value: '[]'
|
|
description: Read in a line delimited file of labels
|
|
- option: link
|
|
default_value: '[]'
|
|
description: Add link to another container
|
|
- option: link-local-ip
|
|
default_value: '[]'
|
|
description: Container IPv4/IPv6 link-local addresses
|
|
- option: log-driver
|
|
description: Logging driver for the container
|
|
- option: log-opt
|
|
default_value: '[]'
|
|
description: Log driver options
|
|
- option: mac-address
|
|
description: Container MAC address (e.g., 92:d0:c6:0a:29:33)
|
|
- option: memory
|
|
shorthand: m
|
|
description: Memory limit
|
|
- option: memory-reservation
|
|
description: Memory soft limit
|
|
- option: memory-swap
|
|
description: |
|
|
Swap limit equal to memory plus swap: '-1' to enable unlimited swap
|
|
- option: memory-swappiness
|
|
default_value: "-1"
|
|
description: Tune container memory swappiness (0 to 100)
|
|
- option: name
|
|
description: Assign a name to the container
|
|
- option: net
|
|
default_value: default
|
|
description: Connect a container to a network
|
|
- option: net-alias
|
|
default_value: '[]'
|
|
description: Add network-scoped alias for the container
|
|
- option: network
|
|
default_value: default
|
|
description: Connect a container to a network
|
|
- option: network-alias
|
|
default_value: '[]'
|
|
description: Add network-scoped alias for the container
|
|
- option: no-healthcheck
|
|
default_value: "false"
|
|
description: Disable any container-specified HEALTHCHECK
|
|
- option: oom-kill-disable
|
|
default_value: "false"
|
|
description: Disable OOM Killer
|
|
- option: oom-score-adj
|
|
default_value: "0"
|
|
description: Tune host's OOM preferences (-1000 to 1000)
|
|
- option: pid
|
|
description: PID namespace to use
|
|
- option: pids-limit
|
|
default_value: "0"
|
|
description: Tune container pids limit (set -1 for unlimited)
|
|
- option: privileged
|
|
default_value: "false"
|
|
description: Give extended privileges to this container
|
|
- option: publish
|
|
shorthand: p
|
|
default_value: '[]'
|
|
description: Publish a container's port(s) to the host
|
|
- option: publish-all
|
|
shorthand: P
|
|
default_value: "false"
|
|
description: Publish all exposed ports to random ports
|
|
- option: read-only
|
|
default_value: "false"
|
|
description: Mount the container's root filesystem as read only
|
|
- option: restart
|
|
default_value: "no"
|
|
description: Restart policy to apply when a container exits
|
|
- option: rm
|
|
default_value: "false"
|
|
description: Automatically remove the container when it exits
|
|
- option: runtime
|
|
description: Runtime to use for this container
|
|
- option: security-opt
|
|
default_value: '[]'
|
|
description: Security Options
|
|
- option: shm-size
|
|
description: Size of /dev/shm, default value is 64MB
|
|
- option: stop-signal
|
|
default_value: SIGTERM
|
|
description: Signal to stop a container, SIGTERM by default
|
|
- option: stop-timeout
|
|
default_value: "0"
|
|
description: Timeout (in seconds) to stop a container
|
|
- option: storage-opt
|
|
default_value: '[]'
|
|
description: Storage driver options for the container
|
|
- option: sysctl
|
|
default_value: map[]
|
|
description: Sysctl options
|
|
- option: tmpfs
|
|
default_value: '[]'
|
|
description: Mount a tmpfs directory
|
|
- option: tty
|
|
shorthand: t
|
|
default_value: "false"
|
|
description: Allocate a pseudo-TTY
|
|
- option: ulimit
|
|
default_value: '[]'
|
|
description: Ulimit options
|
|
- option: user
|
|
shorthand: u
|
|
description: 'Username or UID (format: <name|uid>[:<group|gid>])'
|
|
- option: userns
|
|
description: User namespace to use
|
|
- option: uts
|
|
description: UTS namespace to use
|
|
- option: volume
|
|
shorthand: v
|
|
default_value: '[]'
|
|
description: Bind mount a volume
|
|
- option: volume-driver
|
|
description: Optional volume driver for the container
|
|
- option: volumes-from
|
|
default_value: '[]'
|
|
description: Mount volumes from the specified container(s)
|
|
- option: workdir
|
|
shorthand: w
|
|
description: Working directory inside the container
|