Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

Overview

The Moby Project

Moby Project logo

Moby is an open-source project created by Docker to enable and accelerate software containerization.

It provides a "Lego set" of toolkit components, the framework for assembling them into custom container-based systems, and a place for all container enthusiasts and professionals to experiment and exchange ideas. Components include container build tools, a container registry, orchestration tools, a runtime and more, and these can be used as building blocks in conjunction with other tools and projects.

Principles

Moby is an open project guided by strong principles, aiming to be modular, flexible and without too strong an opinion on user experience. It is open to the community to help set its direction.

  • Modular: the project includes lots of components that have well-defined functions and APIs that work together.
  • Batteries included but swappable: Moby includes enough components to build fully featured container system, but its modular architecture ensures that most of the components can be swapped by different implementations.
  • Usable security: Moby provides secure defaults without compromising usability.
  • Developer focused: The APIs are intended to be functional and useful to build powerful tools. They are not necessarily intended as end user tools but as components aimed at developers. Documentation and UX is aimed at developers not end users.

Audience

The Moby Project is intended for engineers, integrators and enthusiasts looking to modify, hack, fix, experiment, invent and build systems based on containers. It is not for people looking for a commercially supported system, but for people who want to work and learn with open source code.

Relationship with Docker

The components and tools in the Moby Project are initially the open source components that Docker and the community have built for the Docker Project. New projects can be added if they fit with the community goals. Docker is committed to using Moby as the upstream for the Docker Product. However, other projects are also encouraged to use Moby as an upstream, and to reuse the components in diverse ways, and all these uses will be treated in the same way. External maintainers and contributors are welcomed.

The Moby project is not intended as a location for support or feature requests for Docker products, but as a place for contributors to work on open source code, fix bugs, and make the code more useful. The releases are supported by the maintainers, community and users, on a best efforts basis only, and are not intended for customers who want enterprise or commercial support; Docker EE is the appropriate product for these use cases.


Legal

Brought to you courtesy of our legal counsel. For more context, please see the NOTICE document in this repo.

Use and transfer of Moby may be subject to certain restrictions by the United States and other governments.

It is your responsibility to ensure that your use and/or transfer does not violate applicable laws.

For more information, please see https://www.bis.doc.gov

Licensing

Moby is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Issues
  • Minor tooling (hack/) improvements

    Minor tooling (hack/) improvements

    - What I did

    This is a small grab-bag of tooling improvements:

    • document use of $TEST_FILTER: this modernizes some of the test docs to better reflect the state of the codebase
    • fix run when DOCKER_ROOTLESS=1: fix a quoting issue that prevents using DOCKER_ROOTLESS=1 hack/make.sh run
    • place integration test socket in $TMPDIR: allows for the daemon to start when the repo is not checked out onto a fully featured filesystem
    opened by neersighted 0
  • Cannot create/run a container of a loaded image referenced by digest if a host is offline

    Cannot create/run a container of a loaded image referenced by digest if a host is offline

    Description

    If a host, running the docker daemon, is offline, then it's not possible to create/run a container derived from an image that is loaded by docker load command, provided that an image is referenced by a digested reference (e.g. docker run --rm [email protected]:52f431d980baa76878329b68ddb69cb124c25efa6e206d8b0bd797a828f0528e pwd).

    Steps to reproduce the issue:

    1. Pull an image referenced by a digested reference.
    docker pull docker.io/library/[email protected]:52f431d980baa76878329b68ddb69cb124c25efa6e206d8b0bd797a828f0528e
    
    1. Save the pulled image into a tar file.
    docker save busybox -o busybox-52f431d.tar
    
    1. Remove all images from a local dockerd store.
    docker image rm -f $(docker images -aq)
    
    1. Load the saved image.
    docker load -i busybox-52f431d.tar
    
    1. Disconnect a host running a docker daemon from the Internet.
    2. Run the image container by referencing the image with a digested reference in offline mode.
    docker run --rm docker.io/library/[email protected]:52f431d980baa76878329b68ddb69cb124c25efa6e206d8b0bd797a828f0528e pwd
    Unable to find image '[email protected]:52f431d980baa76878329b68ddb69cb124c25efa6e206d8b0bd797a828f0528e' locally
    docker: Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io: Temporary failure in name resolution.
    See 'docker run --help'.
    
    

    Describe the results you received: Failure to create or run the loaded image container.

    Unable to find image '[email protected]:52f431d980baa76878329b68ddb69cb124c25efa6e206d8b0bd797a828f0528e' locally
    docker: Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io: Temporary failure in name resolution.
    See 'docker run --help'.
    

    Describe the results you expected: Expectation is that docker run | create command succeeds if a host, running the docker daemon, is offline under given circumstances.

    Since a container creation/run of an image pulled by using a digest reference succeeds in offline mode then it's expected that the command should succeed on another host if the given image is transferred to it by means of docker save and docker load.

    Unfortunately, it does not work. The key reason is that docker save/load command does not store/load all metadata about an image that are available in the docker store if an image is puled by a digested reference.

    Specifically, a digested reference stored in repositories.json is not transferred by docker save/load command what makes the docker daemon issue a request to Registry if a digested reference is specified in docker run command.

    Additional information you deem important:

    The goal is to run a docker compose service on a host that does not have connection to the internet. The docker compose description refers to images by digested reference in order to be used for both offline and online modes. In the case of offline mode images are pre-populated by docker load command.

    According to the spec and the implementation the docker load/save command transfer only tagged references of an image (RepoTags field), hence the digested references are lost during transit.

    Maybe it makes sense to allow digested reference transferring too. Both tags and digests identify an image in Registry. If a given image tag is present in repositories.json then the docker daemon never checks whether the image it points to in the local image store actually corresponds to the image it points to in Registry. Therefore, I am not sure that allowing saving/loading of digested references reduces security in the given context.

    Of course, ideally, it would be great to include the distribution manifest in the tar format because a digested reference includes the manifest hash so its integrity and authenticity can be verified. The problem is, that is has to be a full a Merkle tree, though, meaning that the tar content should be presented in a format that the distribution manifest points to...

    Output of docker version:

    Client:
     Version:           20.10.14
     API version:       1.41
     Go version:        go1.18
     Git commit:        a224086349
     Built:             Thu Mar 24 08:56:17 2022
     OS/Arch:           linux/amd64
     Context:           default
     Experimental:      true
    
    Server:
     Engine:
      Version:          20.10.14
      API version:      1.41 (minimum version 1.12)
      Go version:       go1.18
      Git commit:       87a90dc786
      Built:            Thu Mar 24 08:56:03 2022
      OS/Arch:          linux/amd64
      Experimental:     false
     containerd:
      Version:          v1.6.2
      GitCommit:        de8046a5501db9e0e478e1c10cbcfb21af4c6b2d.m
     runc:
      Version:          1.1.1
      GitCommit:        
     docker-init:
      Version:          0.19.0
      GitCommit:        de40ad0
    
    

    Output of docker info:

    Client:
     Context:    default
     Debug Mode: false
     Plugins:
      buildx: Docker Buildx (Docker Inc., v0.8.1-docker)
    
    Server:
     Containers: 0
      Running: 0
      Paused: 0
      Stopped: 0
     Images: 1
     Server Version: 20.10.14
     Storage Driver: overlay2
      Backing Filesystem: extfs
      Supports d_type: true
      Native Overlay Diff: false
      userxattr: false
     Logging Driver: json-file
     Cgroup Driver: systemd
     Cgroup Version: 2
     Plugins:
      Volume: local
      Network: bridge host ipvlan macvlan null overlay
      Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
     Swarm: inactive
     Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
     Default Runtime: runc
     Init Binary: docker-init
     containerd version: de8046a5501db9e0e478e1c10cbcfb21af4c6b2d.m
     runc version: 
     init version: de40ad0
     Security Options:
      seccomp
       Profile: default
      cgroupns
     Kernel Version: 5.17.4-arch1-1
     Operating System: Arch Linux
     OSType: linux
     Architecture: x86_64
     CPUs: 16
     Total Memory: 14.92GiB
     Name: t14s
     ID: YCTP:RTDS:HTWK:6VH7:WVGD:I6QA:XASU:XZW5:3Y5W:5O6H:Z2SX:2XP6
     Docker Root Dir: /var/lib/docker
     Debug Mode: false
     Registry: https://index.docker.io/v1/
     Labels:
     Experimental: false
     Insecure Registries:
      127.0.0.0/8
     Live Restore Enabled: false
    
    
    opened by mike-sul 0
  • Refactor libcontainerd to minimize containerd RPCs

    Refactor libcontainerd to minimize containerd RPCs

    - What I did

    - How I did it

    - How to verify it Open a draft PR and see what the CI integration tests think of it 😉

    - Description for the changelog

    - A picture of a cute animal (not mandatory but encouraged)

    area/runtime status/2-code-review 
    opened by corhere 0
  • daemon start up check active sandbox should skip none network

    daemon start up check active sandbox should skip none network

    Description When I change docker daemon config to apply a different bip param, like use "bip": "172.26.0.1/16", found that when daemon starts up, it checked active sandbox, but not skip those containers that use none nework, but it does skipped container network. So the new bip param will not take effect.

    So my question is: should we skip those none network containers?

    Steps to reproduce the issue:

    1. Clean containers that use host network and bridge network, just left some containers that use none network and container network.
    2. Edit /etc/docker/daemon.json to add bip config, like "bip": "172.26.0.1/16"
    3. Execute sudo systemctl restart docker to restart docker daemon.

    Describe the results you received:

    1. check docker bridge network config, find subnet is not updated.
    2. check docker daemon logs find one message: there are running containers, updated network configuration will not take affect

    Describe the results you expected: Exepect docker bip config will take effect.

    Additional information you deem important (e.g. issue happens only occasionally):

    Output of docker version:

    Client: Docker Engine - Community
     Version:           19.03.5
     API version:       1.40
     Go version:        go1.12.12
     Git commit:        633a0ea838
     Built:             Wed Nov 13 07:29:52 2019
     OS/Arch:           linux/amd64
     Experimental:      false
    
    Server: Docker Engine - Community
     Engine:
      Version:          19.03.5
      API version:      1.40 (minimum version 1.12)
      Go version:       go1.12.12
      Git commit:       633a0ea838
      Built:            Wed Nov 13 07:28:22 2019
      OS/Arch:          linux/amd64
      Experimental:     false
     containerd:
      Version:          1.2.6
      GitCommit:        894b81a4b802e4eb2a91d1ce216b8817763c29fb
     runc:
      Version:          1.0.0-rc8
      GitCommit:        425e105d5a03fabd737a126ad93d62a9eeede87f
     docker-init:
      Version:          0.18.0
      GitCommit:        fec3683
    

    Output of docker info:

    Client:
     Debug Mode: false
    
    Server:
     Containers: 66
      Running: 46
      Paused: 0
      Stopped: 20
     Images: 553
     Server Version: 19.03.5
     Storage Driver: overlay2
      Backing Filesystem: extfs
      Supports d_type: true
      Native Overlay Diff: true
     Logging Driver: json-file
     Cgroup Driver: cgroupfs
     Plugins:
      Volume: local
      Network: bridge host ipvlan macvlan null overlay
      Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
     Swarm: inactive
     Runtimes: runc
     Default Runtime: runc
     Init Binary: docker-init
     containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
     runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
     init version: fec3683
     Security Options:
      apparmor
      seccomp
       Profile: default
     Kernel Version: 4.15.0-156-generic
     Operating System: Ubuntu 18.04.5 LTS
     OSType: linux
     Architecture: x86_64
     CPUs: 8
     Total Memory: 31.41GiB
     Name: master-1
     ID: OF4A:FEOT:YGJS:XYT4:GLYH:5G2T:V2F5:64DO:54FT:LASN:N2UE:P5VN
     Docker Root Dir: /var/lib/docker
     Debug Mode: false
     Username: hahahahazzq
     Registry: https://index.docker.io/v1/
     Labels:
     Experimental: false
     Insecure Registries:
      ampregistry:5000
      10.0.0.0/8
      127.0.0.0/8
      192.0.0.0/8
     Live Restore Enabled: true
    

    Additional environment details (AWS, VirtualBox, physical, etc.):

    area/networking 
    opened by zhangzhiqiangcs 2
  • Feature request: trusted certificate injection

    Feature request: trusted certificate injection

    Some companies, in order to audit the data that flows through their networks, create a set of certificates that should be trusted by employee machines in order to communicate with the outside world, the outside world being google.com or hub.docker.com.

    Different tools use different trust stores so these certificates should be trusted in different stores -- cacerts for Java, system trust store by the browsers, etc. Some of these are already configured by the IT department when they provision a new machine. Some aren't. Some can't be.

    This is inconvenient but tolerable.

    However some containers, when they startup, use curl, python, node, Java, or something else to download an HTTPS resource from the Web. As the container does not trust the company's certificate, it fails to work and shuts down. Or an apt, yum, pip, gem, package install may fail if the connection is over HTTPS.

    This can be worked around by custom Dockerfiles and adding instructions for manually copying the certificate to the container and then trust it in its truststores.

    Feature request

    Add a feature that can be used by Docker Desktop and Docker CE, etc. where developers can present their custom certificates to Docker, and let Docker inject them into containers at runtime or at build time.

    opened by behrangsa 0
Releases(v20.10.15)
  • v20.10.15(May 5, 2022)

    This release of Docker Engine comes with updated versions of the compose, buildx, containerd, and runc components, as well as some minor bugfixes.

    Daemon

    • Use a RWMutex for stateCounter to prevent potential locking congestion moby/moby#43426.
    • Prevent an issue where the daemon was unable to find an available IP-range in some conditions moby/moby#43360

    Packaging

    • Update Docker Compose to v2.5.0.
    • Update Docker Buildx to v0.8.2.
    • Update Go runtime to 1.17.9.
    • Update containerd (containerd.io package) to v1.6.4.
    • Update runc version to v1.1.1.
    • Add packages for CentOS 9 stream and Fedora 36.
    Source code(tar.gz)
    Source code(zip)
  • v20.10.14(Mar 24, 2022)

    This release of Docker Engine updates the default inheritable capabilities for containers to address CVE-2022-24769, a new version of the containerd.io runtime is also included to address the same issue.

    Daemon

    • Update the default inheritable capabilities.

    Builder

    • Update the default inheritable capabilities for containers used during build.

    Packaging

    • Update containerd (containerd.io package) to v1.5.11.
    • Update docker buildx to v0.8.1.
    Source code(tar.gz)
    Source code(zip)
  • v20.10.13(Mar 10, 2022)

    This release of Docker Engine contains some bug-fixes and packaging changes, updates to the docker scan and docker buildx commands, an updated version of the Go runtime, and new versions of the containerd.io runtime. Together with this release, we now also provide .deb and .rpm packages of Docker Compose V2, which can be installed using the (optional) docker-compose-plugin package.

    Builder

    • Updated the bundled version of buildx to v0.8.0.

    Daemon

    • Fix a race condition when updating the container's state moby/moby#43166.
    • Update the etcd dependency to prevent the daemon from incorrectly holding file locks moby/moby#43259
    • Fix detection of user-namespaces when configuring the default net.ipv4.ping_group_range sysctl moby/moby#43084.

    Distribution

    • Retry downloading image-manifests if a connection failure happens during image pull moby/moby#43333.

    Documentation

    • Various fixes in command-line reference and API documentation.

    Logging

    • Prevent an OOM when using the "local" logging driver with containers that produce a large amount of log messages moby/moby#43165.
    • Updates the fluentd log driver to prevent a potential daemon crash, and prevent containers from hanging when using the fluentd-async-connect=true and the remote server is unreachable moby/moby#43147.

    Packaging

    • Provide .deb and .rpm packages for Docker Compose V2. Docker Compose v2.3.3 can now be installed on Linux using the docker-compose-plugin packages, which provides the docker compose subcommand on the Docker CLI. The Docker Compose plugin can also be installed and run standalone to be used as a drop-in replacement for docker-compose (Docker Compose V1) docker/docker-ce-packaging#638. The compose-cli-plugin package can also be used on older version of the Docker CLI with support for CLI plugins (Docker CLI 18.09 and up).
    • Provide packages for the upcoming Ubuntu 22.04 "Jammy Jellyfish" LTS release docker/docker-ce-packaging#645, docker/containerd-packaging#271.
    • Update docker buildx to v0.8.0.
    • Update docker scan (docker-scan-plugin) to v0.17.0.
    • Update containerd (containerd.io package) to v1.5.10.
    • Update the bundled runc version to v1.0.3.
    • Update Golang runtime to Go 1.16.15.
    Source code(tar.gz)
    Source code(zip)
  • v20.10.12(Jan 10, 2022)

  • v20.10.11(Nov 18, 2021)

    20.10.11

    IMPORTANT

    Due to net/http changes in Go 1.16, HTTP proxies configured through the $HTTP_PROXY environment variable are no longer used for TLS (https://) connections. Make sure you also set an $HTTPS_PROXY environment variable for handling requests to https:// URLs.

    Refer to the HTTP/HTTPS proxy section to learn how to configure the Docker Daemon to use a proxy server. {: .important }

    Distribution

    Windows

    Packaging

    Source code(tar.gz)
    Source code(zip)
  • v20.10.10(Oct 25, 2021)

    20.10.10

    IMPORTANT

    Due to net/http changes in Go 1.16, HTTP proxies configured through the $HTTP_PROXY environment variable are no longer used for TLS (https://) connections. Make sure you also set an $HTTPS_PROXY environment variable for handling requests to https:// URLs.

    Refer to the HTTP/HTTPS proxy section to learn how to configure the Docker Daemon to use a proxy server.

    Builder

    • Fix platform-matching logic to fix docker build using not finding images in the local image cache on Arm machines when using BuildKit moby/moby#42954

    Runtime

    • Add support for clone3 syscall in the default seccomp policy to support running containers based on recent versions of Fedora and Ubuntu. moby/moby/#42836.
    • Windows: update hcsshim library to fix a bug in sparse file handling in container layers, which was exposed by recent changes in Windows moby/moby#42944.
    • Fix some situations where docker stop could hang forever moby/moby#42956.

    Swarm

    • Fix an issue where updating a service did not roll back on failure moby/moby#42875.

    Packaging

    • Add packages for Ubuntu 21.10 "Impish Indri" and Fedora 35.
    • Update docker scan to v0.9.0
    • Update Golang runtime to Go 1.16.9.
    Source code(tar.gz)
    Source code(zip)
  • v20.10.9(Oct 4, 2021)

    This release is a security release with security fixes in the CLI, runtime, as well as updated versions of the containerd.io package and the Go runtime.

    Client

    • CVE-2021-41092 Ensure default auth config has address field set, to prevent credentials being sent to the default registry.

    Runtime

    • CVE-2021-41089 Create parent directories inside a chroot during docker cp to prevent a specially crafted container from changing permissions of existing files in the host’s filesystem.
    • CVE-2021-41091 Lock down file permissions to prevent unprivileged users from discovering and executing programs in /var/lib/docker.

    Packaging

    • Update Golang runtime to Go 1.16.8, which contains fixes for CVE-2021-36221 and CVE-2021-39293
    • Update static binaries and containerd.io rpm and deb packages to containerd v1.4.11 and runc v1.0.2 to address CVE-2021-41103.
    • Update the bundled buildx version to v0.6.3 for rpm and deb packages.
    Source code(tar.gz)
    Source code(zip)
  • v20.10.8(Aug 4, 2021)

    20.10.8

    IMPORTANT

    Due to net/http changes in Go 1.16, HTTP proxies configured through the $HTTP_PROXY environment variable are no longer used for TLS (https://) connections. Make sure you also set an $HTTPS_PROXY environment variable for handling requests to https:// URLs. Refer to the HTTP/HTTPS proxy section in the documentation to learn how to configure the Docker Daemon to use a proxy server.

    Deprecation

    • Deprecate support for encrypted TLS private keys. Legacy PEM encryption as specified in RFC 1423 is insecure by design. Because it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. Support for encrypted TLS private keys is now marked as deprecated, and will be removed in an upcoming release. docker/cli#3219
    • Deprecate Kubernetes stack support. Following the deprecation of Compose on Kubernetes, support for Kubernetes in the stack and context commands in the Docker CLI is now marked as deprecated, and will be removed in an upcoming release docker/cli#3174.

    Client

    • Fix Invalid standard handle identifier errors on Windows docker/cli#3132.

    Rootless

    • Avoid can't open lock file /run/xtables.lock: Permission denied error on SELinux hosts moby/moby#42462.
    • Disable overlay2 when running with SELinux to prevent permission denied errors moby/moby#42462.
    • Fix x509: certificate signed by unknown authority error on openSUSE Tumbleweed moby/moby#42462.

    Runtime

    • Print a warning when using the --platform option to pull a single-arch image that does not match the specified architecture moby/moby#42633.
    • Fix incorrect Your kernel does not support swap memory limit warning when running with cgroups v2 moby/moby#42479.
    • Windows: Fix a situation where containers were not stopped if HcsShutdownComputeSystem returned an ERROR_PROC_NOT_FOUND error moby/moby#42613

    Swarm

    • Fix a possibility where overlapping IP addresses could exist as a result of the node failing to clean up its old loadbalancer IPs moby/moby#42538
    • Fix a deadlock in log broker ("dispatcher is stopped") moby/moby#42537

    Packaging

    Known issue

    The ctr binary shipping with the static packages of this release is not statically linked, and will not run in Docker images using alpine as a base image. Users can install the libc6-compat package, or download a previous version of the ctr binary as a workaround. Refer to the containerd ticket related to this issue for more details: containerd/containerd#5824.

    Source code(tar.gz)
    Source code(zip)
  • v20.10.7(Jun 2, 2021)

    20.10.7

    Client

    • Suppress warnings for deprecated cgroups docker/cli#3099.
    • Prevent sending SIGURG signals to container on Linux and macOS. The Go runtime (starting with Go 1.14) uses SIGURG signals internally as an interrupt to support preemptable syscalls. In situations where the Docker CLI was attached to a container, these interrupts were forwarded to the container. This fix changes the Docker CLI to ignore SIGURG signals docker/cli#3107, moby/moby#42421.

    Builder

    • Update BuildKit to version v0.8.3-3-g244e8cde moby/moby#42448:
      • Transform relative mountpoints for exec mounts in the executor to work around a breaking change in runc v1.0.0-rc94 and up. moby/buildkit#2137.
      • Add retry on image push 5xx errors. moby/buildkit#2043.
      • Fix build-cache not being invalidated when renaming a file that is copied using a COPY command with a wildcard. Note that this change invalidates existing build caches for copy commands that use a wildcard. moby/buildkit#2018.
      • Fix build-cache not being invalidated when using mounts moby/buildkit#2076.
    • Fix build failures when FROM image is not cached when using legacy schema 1 images moby/moby#42382.

    Logging

    • Update the hcsshim SDK to make daemon logs on Windows less verbose moby/moby#42292.

    Rootless

    • Fix capabilities not being honored when an image was built on a daemon with user-namespaces enabled moby/moby#42352.

    Networking

    • Update libnetwork to fix publishing ports on environments with kernel boot parameter ipv6.disable=1, and to fix a deadlock causing internal DNS lookups to fail moby/moby#42413.

    Contrib

    • Update rootlesskit to v0.14.2 to fix a timeout when starting the userland proxy with the slirp4netns port driver moby/moby#42294.
    • Fix "Device or resource busy" errors when running docker-in-docker on a rootless daemon moby/moby#42342.

    Packaging

    Source code(tar.gz)
    Source code(zip)
  • v20.10.6(Apr 14, 2021)

  • v20.10.5(Mar 3, 2021)

  • v20.10.4(Feb 28, 2021)

    release notes: https://docs.docker.com/engine/release-notes/#20104

    20.10.4

    Builder

    • Fix incorrect cache match for inline cache import with empty layers moby/moby#42061
    • Update BuildKit to v0.8.2 moby/moby#42061
      • resolver: avoid error caching on token fetch
      • fileop: fix checksum to contain indexes of inputs preventing certain cache misses
      • Fix reference count issues on typed errors with mount references (fixing invalid mutable ref errors)
      • git: set token only for main remote access allowing cloning submodules with different credentials
    • Ensure blobs get deleted in /var/lib/docker/buildkit/content/blobs/sha256 after pull. To clean up old state run builder prune moby/moby#42065
    • Fix parallel pull synchronization regression moby/moby#42049
    • Ensure libnetwork state files do not leak moby/moby#41972

    Client

    • Fix a panic on docker login if no config file is present docker/cli#2959
    • Fix WARNING: Error loading config file: .dockercfg: $HOME is not defined docker/cli#2958

    Runtime

    Logger

    • Honor labels-regex config even if labels is not set moby/moby#42046
    • Handle long log messages correctly preventing awslogs in non-blocking mode to split events bigger than 16kB mobymoby#41975

    Rootless

    Security

    Swarm

    • Fix issue with heartbeat not persisting upon restart moby/moby#42060
    • Fix potential stalled tasks moby/moby#42060
    • Fix --update-order and --rollback-order flags when only --update-order or --rollback-order is provided docker/cli#2963
    • Fix docker service rollback returning a non-zero exit code in some situations docker/cli#2964
    • Fix inconsistent progress-bar direction on docker service rollback docker/cli#2964
    Source code(tar.gz)
    Source code(zip)
  • v20.10.3(Feb 2, 2021)

    Release notes: https://docs.docker.com/engine/release-notes/#20103

    20.10.3

    Security

    • CVE-2021-21285 Prevent an invalid image from crashing docker daemon
    • CVE-2021-21284 Lock down file permissions to prevent remapped root from accessing docker state
    • Ensure AppArmor and SELinux profiles are applied when building with BuildKit

    Client

    • Check contexts before importing them to reduce risk of extracted files escaping context store
    • Windows: prevent executing certain binaries from current directory docker/cli#2950
    Source code(tar.gz)
    Source code(zip)
  • v19.03.15(Feb 2, 2021)

    Release notes: https://docs.docker.com/engine/release-notes/19.03/#190315

    Security

    • CVE-2021-21285 Prevent an invalid image from crashing docker daemon
    • CVE-2021-21284 Lock down file permissions to prevent remapped root from accessing docker state
    • Ensure AppArmor and SELinux profiles are applied when building with BuildKit

    Client

    • Check contexts before importing them to reduce risk of extracted files escaping context store
    Source code(tar.gz)
    Source code(zip)
  • v20.10.2(Jan 5, 2021)

  • v20.10.1(Dec 15, 2020)

  • v20.10.0(Dec 9, 2020)

  • v19.03.14(Dec 2, 2020)

    For official release notes for Docker Engine CE and Docker Engine EE, visit the release notes page.

    Security

    • CVE-2020-15257: Update bundled static binaries of containerd to v1.3.9 moby/moby#41731. Package managers should update the containerd.io package.

    Builder

    • Beta versions of apparmor are now parsed correctly preventing build failures moby/moby#41542

    Networking

    Runtime

    Rootless

    • Lock state dir for preventing automatic clean-up by systemd-tmpfiles moby/moby#41635
    • dockerd-rootless.sh: support new containerd shim socket path convention moby/moby#41557

    Logging

    Source code(tar.gz)
    Source code(zip)
  • v19.03.13(Sep 17, 2020)

  • v19.03.12(Jun 30, 2020)

  • v19.03.11(Jun 4, 2020)

  • v19.03.10(May 29, 2020)

  • v19.03.9(May 28, 2020)

  • v19.03.8(Apr 9, 2020)

  • v17.03.2-ce(Jun 28, 2017)

    17.03.2-ce (2017-06-27)

    Networking

    • Fix a concurrency issue preventing network creation #33273

    Runtime

    • Relabel secrets path to avoid a Permission Denied on selinux enabled systems #33236 (ref #32529
    • Fix cases where local volume were not properly relabeled if needed #33236 (ref #29428)
    • Fix an issue while upgrading if a plugin rootfs was still mounted #33236 (ref #32525)
    • Fix an issue where volume wouldn't default to the rprivate propagation mode #33236 (ref #32851)
    • Fix a panic that could occur when a volume driver could not be retrieved #33236 (ref #32347)
    • Add a warning in docker info when the overlay or overlay2 graphdriver is used on a filesystem without d_type support #33236 (ref #31290)
    • Fix an issue with backporting mount spec to older volumes #33207
    • Fix issue where a failed unmount can lead to data loss on local volume remove #33120

    Swarm Mode

    • Fix a case where tasks could get killed unexpectedly #33118
    • Fix an issue preventing to deploy services if the registry cannot be reached despite the needed images being locally present #33117

    Downloads

    Docker CE 17.03.2 is available from the Docker Store

    Source code(tar.gz)
    Source code(zip)
  • v17.03.2-ce-rc1(May 30, 2017)

    17.03.2-ce (2017-05-29)

    Networking

    • Fix a concurrency issue preventing network creation #33273

    Runtime

    • Relabel secrets path to avoid a Permission Denied on selinux enabled systems #33236 (ref #32529
    • Fix cases where local volume were not properly relabeled if needed #33236 (ref #29428)
    • Fix an issue while upgrading if a plugin rootfs was still mounted #33236 (ref #32525)
    • Fix an issue where volume wouldn't default to the rprivate propagation mode #33236 (ref #32851)
    • Fix a panic that could occur when a volume driver could not be retrieved #33236 (ref #32347)
    • Add a warning in docker info when the overlay or overlay2 graphdriver is used on a filesystem without d_type support #33236 (ref #31290)
    • Fix an issue with backporting mount spec to older volumes #33207
    • Fix issue where a failed unmount can lead to data loss on local volume remove #33120

    Swarm Mode

    • Fix a case where tasks could get killed unexpectedly #33118
    • Fix an issue preventing to deploy services if the registry cannot be reached despite the needed images being locally present #33117

    Downloads

    Docker CE 17.03.2-rc1 is available from the Docker Store

    Source code(tar.gz)
    Source code(zip)
  • v17.05.0-ce(May 5, 2017)

    Changelog

    Items starting with DEPRECATE are important deprecation notices. For more information on the list of deprecated flags and APIs please have a look at https://docs.docker.com/engine/deprecated/ where target removal dates can also be found.

    17.05.0-ce (2017-05-04)

    Builder

    • Add multi-stage build support #31257 #32063
    • Allow using build-time args (ARG) in FROM #31352
    • Add an option for specifying build target #32496
    • Accept -f - to read Dockerfile from stdin, but use local context for building #31236
    • The values of default build time arguments (e.g HTTP_PROXY) are no longer displayed in docker image history unless a corresponding ARG instruction is written in the Dockerfile. #31584
    • Fix setting command if a custom shell is used in a parent image #32236
    • Fix docker build --label when the label includes single quotes and a space #31750

    Client

    • Add --mount flag to docker run and docker create #32251
    • Add --type=secret to docker inspect #32124
    • Add --format option to docker secret ls #31552
    • Add --filter option to docker secret ls #30810
    • Add --filter scope=<swarm|local> to docker network ls #31529
    • Add --cpus support to docker update #31148
    • Add label filter to docker system prune and other prune commands #30740
    • docker stack rm now accepts multiple stacks as input #32110
    • Improve docker version --format option when the client has downgraded the API version #31022
    • Prompt when using an encrypted client certificate to connect to a docker daemon #31364
    • Display created tags on successful docker build #32077
    • Cleanup compose convert error messages #32087

    Contrib

    • Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 #32435

    Daemon

    • Fix --api-cors-header being ignored if --api-enable-cors is not set #32174
    • Cleanup docker tmp dir on start #31741
    • Deprecate --graph flag in favor or --data-root #28696

    Logging

    • Add support for logging driver plugins #28403
    • Add support for showing logs of individual tasks to docker service logs, and add /task/{id}/logs REST endpoint #32015
    • Add --log-opt env-regex option to match environment variables using a regular expression #27565

    Networking

    • Allow user to replace, and customize the ingress network #31714
    • Fix UDP traffic in containers not working after the container is restarted #32505
    • Fix files being written to /var/lib/docker if a different data-root is set #32505

    Runtime

    • Ensure health probe is stopped when a container exits #32274

    Swarm Mode

    • Add update/rollback order for services (--update-order / --rollback-order) #30261
    • Add support for synchronous service create and service update #31144
    • Add support for "grace periods" on healthchecks through the HEALTHCHECK --start-period and --health-start-period flag to docker service create, docker service update, docker create, and docker run to support containers with an initial startup time #28938
    • docker service create now omits fields that are not specified by the user, when possible. This will allow defaults to be applied inside the manager #32284
    • docker service inspect now shows default values for fields that are not specified by the user #32284
    • Move docker service logs out of experimental #32462
    • Add support for Credential Spec and SELinux to services to the API #32339
    • Add --entrypoint flag to docker service create and docker service update #29228
    • Add --network-add and --network-rm to docker service update #32062
    • Add --credential-spec flag to docker service create and docker service update #32339
    • Add --filter mode=<global|replicated> to docker service ls #31538
    • Resolve network IDs on the client side, instead of in the daemon when creating services #32062
    • Add --format option to docker node ls #30424
    • Add --prune option to docker stack deploy to remove services that are no longer defined in the docker-compose file #31302
    • Add PORTS column for docker service ls when using ingress mode #30813
    • Fix unnescessary re-deploying of tasks when environment-variables are used #32364
    • Fix docker stack deploy not supporting endpoint_mode when deploying from a docker compose file #32333
    • Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup #31631

    Security

    • Allow setting SELinux type or MCS labels when using --ipc=container: or --ipc=host #30652

    Deprecation

    • Deprecate --api-enable-cors daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features #32352
    • Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates #32520

    Downloads

    deb/rpm install: curl -fsSL https://get.docker.com/ | sh Linux 64bits tgz: https://get.docker.com/builds/Linux/x86_64/docker-17.05.0-ce.tgz Darwin/OSX 64bits client tgz: https://get.docker.com/builds/Darwin/x86_64/docker-17.05.0-ce.tgz Linux 32bits arm tgz: https://get.docker.com/builds/Linux/armel/docker-17.05.0-ce.tgz Windows 64bits zip: https://get.docker.com/builds/Windows/x86_64/docker-17.05.0-ce.zip Windows 32bits client zip: https://get.docker.com/builds/Windows/i386/docker-17.05.0-ce.zip

    Note: those packages won't be updated for the next releases. Get Docker CE from Docker Store

    Source code(tar.gz)
    Source code(zip)
  • v17.05.0-ce-rc3(May 3, 2017)

    Changelog

    Items starting with DEPRECATE are important deprecation notices. For more information on the list of deprecated flags and APIs please have a look at https://docs.docker.com/engine/deprecated/ where target removal dates can also be found.

    17.05.0-ce (2017-05-03)

    Builder

    • Add multi-stage build support #31257 #32063
    • Allow using build-time args (ARG) in FROM #31352
    • Add an option for specifying build target #32496
    • Accept -f - to read Dockerfile from stdin, but use local context for building #31236
    • The values of default build time arguments (e.g HTTP_PROXY) are no longer displayed in docker image history unless a corresponding ARG instruction is written in the Dockerfile. #31584
    • Fix setting command if a custom shell is used in a parent image #32236
    • Fix docker build --label when the label includes single quotes and a space #31750

    Client

    • Add --mount flag to docker run and docker create #32251
    • Add --type=secret to docker inspect #32124
    • Add --format option to docker secret ls #31552
    • Add --filter option to docker secret ls #30810
    • Add --filter scope=<swarm|local> to docker network ls #31529
    • Add --cpus support to docker update #31148
    • Add label filter to docker system prune and other prune commands #30740
    • docker stack rm now accepts multiple stacks as input #32110
    • Improve docker version --format option when the client has downgraded the API version #31022
    • Prompt when using an encrypted client certificate to connect to a docker daemon #31364
    • Display created tags on successful docker build #32077
    • Cleanup compose convert error messages #32087

    Contrib

    • Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 #32435

    Daemon

    • Fix --api-cors-header being ignored if --api-enable-cors is not set #32174
    • Cleanup docker tmp dir on start #31741
    • Deprecate --graph flag in favor or --data-root #28696

    Logging

    • Add support for logging driver plugins #28403
    • Add support for showing logs of individual tasks to docker service logs, and add /task/{id}/logs REST endpoint #32015
    • Add --log-opt env-regex option to match environment variables using a regular expression #27565

    Networking

    • Allow user to replace, and customize the ingress network #31714
    • Fix UDP traffic in containers not working after the container is restarted #32505
    • Fix files being written to /var/lib/docker if a different data-root is set #32505

    Runtime

    • Ensure health probe is stopped when a container exits #32274

    Swarm Mode

    • Add update/rollback order for services (--update-order / --rollback-order) #30261
    • Add support for synchronous service create and service update #31144
    • Add support for "grace periods" on healthchecks through the HEALTHCHECK --start-period and --health-start-period flag to docker service create, docker service update, docker create, and docker run to support containers with an initial startup time #28938
    • docker service create now omits fields that are not specified by the user, when possible. This will allow defaults to be applied inside the manager #32284
    • docker service inspect now shows default values for fields that are not specified by the user #32284
    • Move docker service logs out of experimental #32462
    • Add support for Credential Spec and SELinux to services to the API #32339
    • Add --entrypoint flag to docker service create and docker service update #29228
    • Add --network-add and --network-rm to docker service update #32062
    • Add --credential-spec flag to docker service create and docker service update #32339
    • Add --filter mode=<global|replicated> to docker service ls #31538
    • Resolve network IDs on the client side, instead of in the daemon when creating services #32062
    • Add --format option to docker node ls #30424
    • Add --prune option to docker stack deploy to remove services that are no longer defined in the docker-compose file #31302
    • Add PORTS column for docker service ls when using ingress mode #30813
    • Fix unnescessary re-deploying of tasks when environment-variables are used #32364
    • Fix docker stack deploy not supporting endpoint_mode when deploying from a docker compose file #32333
    • Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup #31631

    Security

    • Allow setting SELinux type or MCS labels when using --ipc=container: or --ipc=host #30652

    Deprecation

    • Deprecate --api-enable-cors daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features #32352
    • Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates #32520

    Downloads

    deb/rpm install: curl -fsSL https://test.docker.com/ | sh Linux 64bits tgz: https://test.docker.com/builds/Linux/x86_64/docker-17.05.0-ce-rc3.tgz Darwin/OSX 64bits client tgz: https://test.docker.com/builds/Darwin/x86_64/docker-17.05.0-ce-rc3.tgz Linux 32bits arm tgz: https://test.docker.com/builds/Linux/armel/docker-17.05.0-ce-rc3.tgz Windows 64bits zip: https://test.docker.com/builds/Windows/x86_64/docker-17.05.0-ce-rc3.zip Windows 32bits client zip: https://test.docker.com/builds/Windows/i386/docker-17.05.0-ce-rc3.zip

    Source code(tar.gz)
    Source code(zip)
  • v17.05.0-ce-rc2(Apr 27, 2017)

    Changelog

    Items starting with DEPRECATE are important deprecation notices. For more information on the list of deprecated flags and APIs please have a look at https://docs.docker.com/engine/deprecated/ where target removal dates can also be found.

    17.05.0-ce (2017-05-03)

    Builder

    • Add multi-stage build support #31257 #32063
    • Allow using build-time args (ARG) in FROM #31352
    • Add an option for specifying build target #32496
    • Accept -f - to read Dockerfile from stdin, but use local context for building #31236
    • The values of default build time arguments (e.g HTTP_PROXY) are no longer displayed in docker image history unless a corresponding ARG instruction is written in the Dockerfile. #31584
    • Fix setting command if a custom shell is used in a parent image #32236
    • Fix docker build --label when the label includes single quotes and a space #31750

    Client

    • Add --mount flag to docker run and docker create #32251
    • Add --type=secret to docker inspect #32124
    • Add --format option to docker secret ls #31552
    • Add --filter option to docker secret ls #30810
    • Add --filter scope=<swarm|local> to docker network ls #31529
    • Add --cpus support to docker update #31148
    • Add label filter to docker system prune and other prune commands #30740
    • docker stack rm now accepts multiple stacks as input #32110
    • Improve docker version --format option when the client has downgraded the API version #31022
    • Prompt when using an encrypted client certificate to connect to a docker daemon #31364
    • Display created tags on successful docker build #32077
    • Cleanup compose convert error messages #32087

    Contrib

    • Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 #32435

    Daemon

    • Fix --api-cors-header being ignored if --api-enable-cors is not set #32174
    • Cleanup docker tmp dir on start #31741
    • Deprecate --graph flag in favor or --data-root #28696

    Logging

    • Add support for logging driver plugins #28403
    • Add support for showing logs of individual tasks to docker service logs, and add /task/{id}/logs REST endpoint #32015
    • Add --log-opt env-regex option to match environment variables using a regular expression #27565

    Networking

    • Allow user to replace, and customize the ingress network #31714
    • Fix UDP traffic in containers not working after the container is restarted #32505
    • Fix files being written to /var/lib/docker if a different data-root is set #32505

    Runtime

    • Ensure health probe is stopped when a container exits #32274

    Swarm Mode

    • Add update/rollback order for services (--update-order / --rollback-order) #30261
    • Add support for synchronous service create and service update #31144
    • Add support for "grace periods" on healthchecks through the HEALTHCHECK --start-period and --health-start-period flag to docker service create, docker service update, docker create, and docker run to support containers with an initial startup time #28938
    • docker service create now omits fields that are not specified by the user, when possible. This will allow defaults to be applied inside the manager #32284
    • docker service inspect now shows default values for fields that are not specified by the user #32284
    • Move docker service logs out of experimental #32462
    • Add support for Credential Spec and SELinux to services to the API #32339
    • Add --entrypoint flag to docker service create and docker service update #29228
    • Add --network-add and --network-rm to docker service update #32062
    • Add --credential-spec flag to docker service create and docker service update #32339
    • Add --filter mode=<global|replicated> to docker service ls #31538
    • Resolve network IDs on the client side, instead of in the daemon when creating services #32062
    • Add --format option to docker node ls #30424
    • Add --prune option to docker stack deploy to remove services that are no longer defined in the docker-compose file #31302
    • Add PORTS column for docker service ls when using ingress mode #30813
    • Fix unnescessary re-deploying of tasks when environment-variables are used #32364
    • Fix docker stack deploy not supporting endpoint_mode when deploying from a docker compose file #32333
    • Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup #31631

    Security

    • Allow setting SELinux type or MCS labels when using --ipc=container: or --ipc=host #30652

    Deprecation

    • Deprecate --api-enable-cors daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features #32352
    • Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates #32520

    Downloads

    deb/rpm install: curl -fsSL https://test.docker.com/ | sh Linux 64bits tgz: https://test.docker.com/builds/Linux/x86_64/docker-17.05.0-ce-rc2.tgz Darwin/OSX 64bits client tgz: https://test.docker.com/builds/Darwin/x86_64/docker-17.05.0-ce-rc2.tgz Linux 32bits arm tgz: https://test.docker.com/builds/Linux/armel/docker-17.05.0-ce-rc2.tgz Windows 64bits zip: https://test.docker.com/builds/Windows/x86_64/docker-17.05.0-ce-rc2.zip Windows 32bits client zip: https://test.docker.com/builds/Windows/i386/docker-17.05.0-ce-rc2.zip

    Source code(tar.gz)
    Source code(zip)
  • v17.05.0-ce-rc1(Apr 12, 2017)

    Changelog

    Items starting with DEPRECATE are important deprecation notices. For more information on the list of deprecated flags and APIs please have a look at https://docs.docker.com/engine/deprecated/ where target removal dates can also be found.

    17.05.0-ce (2017-05-03)

    Builder

    • Add multi-stage build support #31257 #32063
    • Allow using build-time args (ARG) in FROM #31352
    • Add an option for specifying build target #32496
    • Accept -f - to read Dockerfile from stdin, but use local context for building #31236
    • The values of default build time arguments (e.g HTTP_PROXY) are no longer displayed in docker image history unless a corresponding ARG instruction is written in the Dockerfile. #31584
    • Fix setting command if a custom shell is used in a parent image #32236
    • Fix docker build --label when the label includes single quotes and a space #31750

    Client

    • Add --mount flag to docker run and docker create #32251
    • Add --type=secret to docker inspect #32124
    • Add --format option to docker secret ls #31552
    • Add --filter option to docker secret ls #30810
    • Add --filter scope=<swarm|local> to docker network ls #31529
    • Add --cpus support to docker update #31148
    • Add label filter to docker system prune and other prune commands #30740
    • docker stack rm now accepts multiple stacks as input #32110
    • Improve docker version --format option when the client has downgraded the API version #31022
    • Prompt when using an encrypted client certificate to connect to a docker daemon #31364
    • Display created tags on successful docker build #32077

    Contrib

    • Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 #32435

    Daemon

    • Fix --api-cors-header being ignored if --api-enable-cors is not set #32174
    • Cleanup docker tmp dir on start #31741
    • Deprecate --graph flag in favor or --data-root #28696

    Logging

    • Add support for logging driver plugins #28403
    • Add support for showing logs of individual tasks to docker service logs, and add /task/{id}/logs REST endpoint #32015
    • Add --log-opt env-regex option to match environment variables using a regular expression #27565

    Networking

    • Allow user to replace, and customize the ingress network #31714
    • Fix UDP traffic in containers not working after the container is restarted #32505
    • Fix files being written to /var/lib/docker if a different data-root is set #32505

    Runtime

    • Ensure health probe is stopped when a container exits #32274

    Swarm Mode

    • Add update/rollback order for services (--update-order / --rollback-order) #30261
    • Add support for synchronous service create and service update #31144
    • Add support for "grace periods" on healthchecks through the HEALTHCHECK --start-period and --health-start-period flag to docker service create, docker service update, docker create, and docker run to support containers with an initial startup time #28938
    • docker service create now omits fields that are not specified by the user, when possible. This will allow defaults to be applied inside the manager #32284
    • docker service inspect now shows default values for fields that are not specified by the user #32284
    • Move docker service logs out of experimental #32462
    • Add support for Credential Spec and SELinux to services to the API #32339
    • Add --entrypoint flag to docker service create and docker service update #29228
    • Add --network-add and --network-rm to docker service update #32062
    • Add --credential-spec flag to docker service create and docker service update #32339
    • Add --filter mode=<global|replicated> to docker service ls #31538
    • Resolve network IDs on the client side, instead of in the daemon when creating services #32062
    • Add --format option to docker node ls #30424
    • Add --prune option to docker stack deploy to remove services that are no longer defined in the docker-compose file #31302
    • Add PORTS column for docker service ls when using ingress mode #30813
    • Fix unnescessary re-deploying of tasks when environment-variables are used #32364
    • Fix docker stack deploy not supporting endpoint_mode when deploying from a docker compose file #32333
    • Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup #31631

    Security

    • Allow setting SELinux type or MCS labels when using --ipc=container: or --ipc=host #30652

    Deprecation

    • Deprecate --api-enable-cors daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features #32352
    • Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates #32520

    Downloads

    deb/rpm install: curl -fsSL https://test.docker.com/ | sh Linux 64bits tgz: https://test.docker.com/builds/Linux/x86_64/docker-17.05.0-ce-rc1.tgz Darwin/OSX 64bits client tgz: https://test.docker.com/builds/Darwin/x86_64/docker-17.05.0-ce-rc1.tgz Linux 32bits arm tgz: https://test.docker.com/builds/Linux/armel/docker-17.05.0-ce-rc1.tgz Windows 64bits zip: https://test.docker.com/builds/Windows/x86_64/docker-17.05.0-ce-rc1.zip Windows 32bits client zip: https://test.docker.com/builds/Windows/i386/docker-17.05.0-ce-rc1.zip

    Source code(tar.gz)
    Source code(zip)
Owner
Moby
An open framework to assemble specialized container systems without reinventing the wheel.
Moby
Plugin for Helm to integrate the sigstore ecosystem

helm-sigstore Plugin for Helm to integrate the sigstore ecosystem. Search, upload and verify signed Helm Charts in the Rekor Transparency Log. Info he

sigstore 31 May 8, 2022
Boxygen is a container as code framework that allows you to build container images from code

Boxygen is a container as code framework that allows you to build container images from code, allowing integration of container image builds into other tooling such as servers or CLI tooling.

nitric 5 Dec 13, 2021
Amazon ECS Container Agent: a component of Amazon Elastic Container Service

Amazon ECS Container Agent The Amazon ECS Container Agent is a component of Amazon Elastic Container Service (Amazon ECS) and is responsible for manag

null 0 Dec 28, 2021
The Container Storage Interface (CSI) Driver for Fortress Block Storage This driver allows you to use Fortress Block Storage with your container orchestrator

fortress-csi The Container Storage Interface (CSI) Driver for Fortress Block Storage This driver allows you to use Fortress Block Storage with your co

Fortress 0 Jan 23, 2022
Resilient, scalable Brainf*ck, in the spirit of modern systems design

Brainf*ck-as-a-Service A little BF interpreter, inspired by modern systems design trends. How to run it? docker-compose up -d bash hello.sh # Should p

Serge Zaitsev 138 Apr 22, 2022
go-ima is a tool that checks if a file has been tampered with. It is useful in ensuring integrity in CI systems

go-ima Tool that checks the ima-log to see if a file has been tampered with. How to use Set the IMA policy to tcb by configuring GRUB GRUB_CMDLINE_LIN

TestifySec 9 Apr 26, 2022
An Alert notification service is an application which can receive alerts from certain alerting systems like System_X and System_Y and send these alerts to developers in the form of SMS and emails.

Alert-System An Alert notification service is an application which can receive alerts from certain alerting systems like System_X and System_Y and sen

null 0 Dec 10, 2021
My solutions to labs of MIT 6.824: Distributed Systems.

MIT 6.824 Distributed Systems Labs

null 0 Dec 30, 2021
KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes

Kubernetes-based Event Driven Autoscaling KEDA allows for fine-grained autoscaling (including to/from zero) for event driven Kubernetes workloads. KED

KEDA 4.9k May 11, 2022
Go project to manage an ubuntu docker container

Go-docker-manager This project consist of a Go app that connects to a Docker backend, spans a Ubuntu container and shows live CPU/Memory information f

Miguel Sama 1 Oct 27, 2021
Edge Orchestration project is to implement distributed computing between Docker Container enabled devices.

Edge Orchestration Introduction The main purpose of Edge Orchestration project is to implement distributed computing between Docker Container enabled

null 1 Dec 17, 2021
crud is a cobra based CLI utility which helps in scaffolding a simple go based micro-service along with build scripts, api documentation, micro-service documentation and k8s deployment manifests

crud crud is a CLI utility which helps in scaffolding a simple go based micro-service along with build scripts, api documentation, micro-service docum

Piyush Jajoo 0 Nov 29, 2021
Production-Grade Container Scheduling and Management

Kubernetes (K8s) Kubernetes, also known as K8s, is an open source system for managing containerized applications across multiple hosts. It provides ba

Kubernetes 88.2k May 11, 2022
Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.

Vilicus Table of Contents Overview How does it work? Architecture Development Run deployment manually Usage Example of analysis Overview Vilicus is an

Ederson Brilhante 76 Mar 22, 2022
A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI

A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Table of Contents Abstract Features Installation

Aqua Security 11.8k May 15, 2022
Enterprise-grade container platform tailored for multicloud and multi-cluster management

KubeSphere Container Platform What is KubeSphere English | 中文 KubeSphere is a distributed operating system providing cloud native stack with Kubernete

KubeSphere 9.8k May 13, 2022
⎈ Multi pod and container log tailing for Kubernetes

stern Stern allows you to tail multiple pods on Kubernetes and multiple containers within the pod. Each result is color coded for quicker debugging. T

wercker 5.9k May 11, 2022
Testcontainers is a Golang library that providing a friendly API to run Docker container. It is designed to create runtime environment to use during your automatic tests.

When I was working on a Zipkin PR I discovered a nice Java library called Testcontainers. It provides an easy and clean API over the go docker sdk to

null 1.4k May 12, 2022