Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

Related tags

go docker containers
Overview

The Moby Project

Moby Project logo

Moby is an open-source project created by Docker to enable and accelerate software containerization.

It provides a "Lego set" of toolkit components, the framework for assembling them into custom container-based systems, and a place for all container enthusiasts and professionals to experiment and exchange ideas. Components include container build tools, a container registry, orchestration tools, a runtime and more, and these can be used as building blocks in conjunction with other tools and projects.

Principles

Moby is an open project guided by strong principles, aiming to be modular, flexible and without too strong an opinion on user experience. It is open to the community to help set its direction.

  • Modular: the project includes lots of components that have well-defined functions and APIs that work together.
  • Batteries included but swappable: Moby includes enough components to build fully featured container system, but its modular architecture ensures that most of the components can be swapped by different implementations.
  • Usable security: Moby provides secure defaults without compromising usability.
  • Developer focused: The APIs are intended to be functional and useful to build powerful tools. They are not necessarily intended as end user tools but as components aimed at developers. Documentation and UX is aimed at developers not end users.

Audience

The Moby Project is intended for engineers, integrators and enthusiasts looking to modify, hack, fix, experiment, invent and build systems based on containers. It is not for people looking for a commercially supported system, but for people who want to work and learn with open source code.

Relationship with Docker

The components and tools in the Moby Project are initially the open source components that Docker and the community have built for the Docker Project. New projects can be added if they fit with the community goals. Docker is committed to using Moby as the upstream for the Docker Product. However, other projects are also encouraged to use Moby as an upstream, and to reuse the components in diverse ways, and all these uses will be treated in the same way. External maintainers and contributors are welcomed.

The Moby project is not intended as a location for support or feature requests for Docker products, but as a place for contributors to work on open source code, fix bugs, and make the code more useful. The releases are supported by the maintainers, community and users, on a best efforts basis only, and are not intended for customers who want enterprise or commercial support; Docker EE is the appropriate product for these use cases.


Legal

Brought to you courtesy of our legal counsel. For more context, please see the NOTICE document in this repo.

Use and transfer of Moby may be subject to certain restrictions by the United States and other governments.

It is your responsibility to ensure that your use and/or transfer does not violate applicable laws.

For more information, please see https://www.bis.doc.gov

Licensing

Moby is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Issues
  • [20.10 backport] seccomp: add support for

    [20.10 backport] seccomp: add support for "clone3" syscall in default policy

    This is a backport of 9f6b562dd12ef7b1f9e2f8e6f2ab6477790a6594 (#42681, see also #42680), adapted to avoid the refactoring that happened in d92739713c633c155c0f3d8065c8278b1d8a44e7 (#42005).

    status/2-code-review area/security/seccomp 
    opened by tianon 3
  • Add http(s) proxy properties to daemon configuration (carry 42647)

    Add http(s) proxy properties to daemon configuration (carry 42647)

    carry of https://github.com/moby/moby/pull/42647 fixes https://github.com/moby/moby/issues/24758 closes https://github.com/moby/moby/pull/42647

    This allows configuring the daemon's proxy server through the daemon.json con- figuration file or command-line flags configuration file, in addition to the existing option (through environment variables).

    Configuring environment variables on Windows to configure a service is more complicated than on Linux, and adding alternatives for this to the daemon con- figuration makes the configuration more transparent and easier to use.

    The configuration as set through command-line flags or through the daemon.json configuration file takes precedence over env-vars in the daemon's environment, which allows the daemon to use a different proxy. If both command-line flags and a daemon.json configuration option is set, an error is produced when starting the daemon.

    Note that this configuration is not "live reloadable" due to Golang's use of sync.Once() for proxy configuration, which means that changing the proxy configuration requires a restart of the daemon (reload / SIGHUP will not update the configuration.

    With this patch:

    cat /etc/docker/daemon.json
    {
        "http-proxy": "http://proxytest.example.com:80",
        "https-proxy": "https://proxytest.example.com:443"
    }
    
    docker pull busybox
    Using default tag: latest
    Error response from daemon: Get "https://registry-1.docker.io/v2/": proxyconnect tcp: dial tcp: lookup proxytest.example.com on 127.0.0.11:53: no such host
    
    docker build .
    Sending build context to Docker daemon  89.28MB
    Step 1/3 : FROM golang:1.16-alpine AS base
    Get "https://registry-1.docker.io/v2/": proxyconnect tcp: dial tcp: lookup proxytest.example.com on 127.0.0.11:53: no such host
    

    Integration tests were added to test the behavior:

    • verify that the configuration through all means are used (env-var, command-line flags, damon.json), and used in the expected order of preference.
    • verify that conflicting options produce an error.
    • verify that logs and error messages sanitise proxy URLs (as they may contain username / password)

    - Description for the changelog

    - Add options to the `daemon.json` configuration file and `dockerd` command-line
      to configure the daemon's proxy. With these options it is possible to configure
      http(s) proxies for the daemon through the configuration file as an alternative
      to the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables, or to
      override the system-wide proxy configuration set in those environment variables.
    

    - A picture of a cute animal (not mandatory but encouraged)

    status/2-code-review impact/changelog docs/revisit area/daemon 
    opened by thaJeztah 1
  • DNS not updated after a service restart

    DNS not updated after a service restart

    Description

    I noticed that the DNS of an overlay network in Swarm mode is not updated when a service is restarted. When a service is stopped, docker creates a new instance and sets a new IP address. Unfortunately, the DNS entry for this new service is not updated on the overlay network.

    Steps to reproduce the issue:

    1. Create a Swarm architecture with multiple hosts
    2. Create a overlay network
    3. Deploy few services
    4. Stop one of this service
    5. Wait that the service is recreated
    6. Ask the DNS entry on a node which is not executing the new service

    Describe the results you received: If IP of this new service has changed, the DNS entry will not be updated automatically for others services. If you try to ping this new service dns name from others services, you will notice that the resolved IP is actually the IP of the previous removed service.

    Describe the results you expected: DNS entries should be updated for every services on the overlay network.

    Additional information you deem important (e.g. issue happens only occasionally):

    Output of docker version: Client: Docker Engine - Community Version: 20.10.8 API version: 1.41 Go version: go1.16.6 Git commit: 3967b7d Built: Fri Jul 30 19:54:08 2021 OS/Arch: linux/amd64 Context: default Experimental: true

    Server: Docker Engine - Community Engine: Version: 20.10.8 API version: 1.41 (minimum version 1.12) Go version: go1.16.6 Git commit: 75249d8 Built: Fri Jul 30 19:52:16 2021 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.4.9 GitCommit: e25210fe30a0a703442421b0f60afac609f950a3 runc: Version: 1.0.1 GitCommit: v1.0.1-0-g4144b63 docker-init: Version: 0.19.0 GitCommit: de40ad0

    Output of docker info: Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Build with BuildKit (Docker Inc., v0.6.1-docker) scan: Docker Scan (Docker Inc., v0.8.0)

    Server: Containers: 7 Running: 7 Paused: 0 Stopped: 0 Images: 58 Server Version: 20.10.8 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: active NodeID: k4gv2bdz9cbm34fgtvfvgf3pk Is Manager: true ClusterID: jh761z04j09l1nq41ne2ri9vm Managers: 1 Nodes: 3 Default Address Pool: 10.0.0.0/8
    SubnetSize: 24 Data Path Port: 4789 Orchestration: Task History Retention Limit: 5 Raft: Snapshot Interval: 10000 Number of Old Snapshots to Retain: 0 Heartbeat Tick: 1 Election Tick: 10 Dispatcher: Heartbeat Period: 5 seconds CA Configuration: Expiry Duration: 3 months Force Rotate: 0 Autolock Managers: false Root Rotation In Progress: false Node Address: 160.98.47.160 Manager Addresses: 160.98.47.160:2377 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: e25210fe30a0a703442421b0f60afac609f950a3 runc version: v1.0.1-0-g4144b63 init version: de40ad0 Security Options: apparmor seccomp Profile: default Kernel Version: 4.15.0-154-generic Operating System: Ubuntu 18.04.5 LTS OSType: linux Architecture: x86_64 CPUs: 1 Total Memory: 1.947GiB Name: docker-master ID: AF42:645I:67ZO:QAYL:BULI:IVEV:VC6F:QEVS:J7HS:5OA3:JUP4:LD2D Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

    WARNING: No swap limit support

    Additional environment details (AWS, VirtualBox, physical, etc.): vmware virtual machine

    area/networking area/swarm version/20.10 
    opened by nicschroeter 0
  • Failed to get projid for {overlay2}/merged: inappropriate ioctl for device

    Failed to get projid for {overlay2}/merged: inappropriate ioctl for device

    Description I have two containers running on the machine, one with quota set for the container's filesystem and the other without. When I restart the docker daemon and create a new container with quota set, I get the following error:

    docker: Error response from daemon: --storage-opt is supported only for overlay over xfs with 'pquota' mount option.
    See 'docker run --help'. 
    

    Steps to reproduce the issue:

    1. Start docker with daemon.json
    {
        "log-driver": "json-file",
        "log-level": "debug",
        "log-opts": {
            "max-size": "200m",
            "max-file": "5"
        },
        "live-restore": true,
        "storage-driver": "overlay2",
        "graph": "/var/lib/docker"
    }
    
    1. Create container test-A without --storage-opt docker run -d --name=test-A nginx:latest
    2. Create container test-B with --storage-opt size=1G docker run -d --name=test-B --storage-opt size=1G nginx:latest
    3. Restart docker systemctl restart docker
    4. Create container test-C with --storage-opt size=1G docker run -d --name=test-C --storage-opt size=1G nginx:latest

    Describe the results you received: Create container test-C failed with this error message:

    docker: Error response from daemon: --storage-opt is supported only for overlay over xfs with 'pquota' mount option.
    See 'docker run --help'. 
    

    Describe the results you expected: Create container test-C without error

    Additional information you deem important (e.g. issue happens only occasionally): When I add storage-opts in daemon.json and then restart docker, docker daemon failed with the following error:

        "storage-opts": [
            "overlay2.size=1G"
        ],
    
    failed to start daemon: error initializing graphdriver: Storage option overlay2.size not supported. Filesystem does not support Project Quota: failed to get projid for /var/lib/docker/overlay2/012c3202b46644aba9540ebb17d67eb2c664edbc90f0ea58930797e559a4c114/merged: inappropriate ioctl for device
    

    (012c3202b46644aba9540ebb17d67eb2c664edbc90f0ea58930797e559a4c114/merged belongs to test-A)

    Output of docker version:

    Client: Docker Engine - Community
     Version:           20.10.8
     API version:       1.41
     Go version:        go1.16.6
     Git commit:        3967b7d
     Built:             Fri Jul 30 19:55:49 2021
     OS/Arch:           linux/amd64
     Context:           default
     Experimental:      true
    
    Server: Docker Engine - Community
     Engine:
      Version:          20.10.8
      API version:      1.41 (minimum version 1.12)
      Go version:       go1.16.6
      Git commit:       75249d8
      Built:            Fri Jul 30 19:54:13 2021
      OS/Arch:          linux/amd64
      Experimental:     false
     containerd:
      Version:          1.4.9
      GitCommit:        e25210fe30a0a703442421b0f60afac609f950a3
     runc:
      Version:          1.0.1
      GitCommit:        v1.0.1-0-g4144b63
     docker-init:
      Version:          0.19.0
      GitCommit:        de40ad0
    

    Output of docker info:

    Client:
     Context:    default
     Debug Mode: false
     Plugins:
      app: Docker App (Docker Inc., v0.9.1-beta3)
      buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
      scan: Docker Scan (Docker Inc., v0.8.0)
    
    Server:
     Containers: 2
      Running: 2
      Paused: 0
      Stopped: 0
     Images: 5
     Server Version: 20.10.8
     Storage Driver: overlay2
      Backing Filesystem: xfs
      Supports d_type: true
      Native Overlay Diff: true
      userxattr: false
     Logging Driver: json-file
     Cgroup Driver: cgroupfs
     Cgroup Version: 1
     Plugins:
      Volume: local
      Network: bridge host ipvlan macvlan null overlay
      Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
     Swarm: inactive
     Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
     Default Runtime: runc
     Init Binary: docker-init
     containerd version: e25210fe30a0a703442421b0f60afac609f950a3
     runc version: v1.0.1-0-g4144b63
     init version: de40ad0
     Security Options:
      seccomp
       Profile: default
     Kernel Version: 4.19.95-17
     Operating System: CentOS Linux 7 (Core)
     OSType: linux
     Architecture: x86_64
     CPUs: 8
     Total Memory: 31.16GiB
     Name: aheng
     ID: 4JKL:V6RX:YBXU:YXOU:7CIT:7WPW:JB7A:PALC:XXDP:EZML:YR5W:D5LW
     Docker Root Dir: /var/lib/docker
     Debug Mode: false
     Registry: https://index.docker.io/v1/
     Labels:
     Experimental: false
     Insecure Registries:
      127.0.0.0/8
     Live Restore Enabled: true
    

    Additional environment details (AWS, VirtualBox, physical, etc.):

    kind/question area/storage/overlay 
    opened by aheng-ch 2
  • Feature: alias policy for networks to prevent accidental cross talk.

    Feature: alias policy for networks to prevent accidental cross talk.

    Description

    I have a swarm that uses traefik for ingress routing. Dev teams deploy stacks to this swarm in the expectation that things just-work. They may choose to have multiple api services with similar names in different stacks, both linked together over networks in the stack, and to public networks such as traefik. Because of the way docker resolves dns, this means that services from one stack can accidentally become linked to services in some other stack.

    Steps to Reproduce

    These steps are somewhat theoretical but the idea is this:

    1. Have some stack traefik that exposes a network traefik_public.
    2. Have a second stack stack1 with two services: api and api2. Both services expose swagger endpoints, and so are attached to traefik_public. api2 calls api using http://api and so it attached to stack1_default.
    3. Have a third stack stack2 with some services including a service api. This service is attached to traefik_public.

    Now, when api2 resolves "api", because it is attached to traefik_public which vip does it get? In theory it should be communicating both with its own stack1_api and, unexpectedly, with stack2_api.

    Suggestions

    • I can't find an official document anywhere describing how networks and dns interplay in docker to even know theoretically what is expected in this situation. Improved documentation on dockers dns would be nice.
    • An immediate fix is to go through and set an explicit alias on each instance of of the traefik network in all my stack files to something that is never used in a connection string. This is horrid as it means I need to reach out to dev teams and fix their stuff and audit stack files I normally don't need to see. But it does indicate a more general fix: simply being able to set an alias policy at the network level would help - If, when creating public networks like traefik we could exclude them from alias creation automatically that would, somewhat elegantly solve issues like this.

    Discussion

    This obviously applies to more than just traefik, and swarm. Similar situations can happen on compose, and anywhere public networks are used, to gather logging or metrics across multiple stacks / compose stacks, this kind of crosstalk has the potential to occur.

    opened by chrisbecke 0
  • Test: wait for network changes in TestNetworkDBNodeJoinLeaveIteration

    Test: wait for network changes in TestNetworkDBNodeJoinLeaveIteration

    Signed-off-by: David Wang [email protected]

    fix #42698 In network node change test, the expected behavior is focused on how many nodes left in networkDB, besides timing issues, things would also go tricky for a leave-then-join sequence, if the check (counting the nodes) happened before the first "leave" event, then the testcase actually miss its target and report PASS without verifying its final result; if the check happened after the 'leave' event, but before the 'join' event, the test would report FAIL unnecessary;

    This code change would check both the db changes and the node count, it would report PASS only when networkdb has indeed changed and the node count is expected

    status/2-code-review area/networking area/testing kind/bugfix 
    opened by zq-david-wang 0
  • Display the statistics after docker pull is finished.

    Display the statistics after docker pull is finished.

    Fix: https://github.com/moby/moby/issues/42759

    Signed-off-by: Da McGrady [email protected]

    Related to issue #42759

    Display the layer size as well as the downloading and extraction costs. This would assist users understand what is causing the pipeline to slow down, whether it is the CPU or the network.

    e.g.

    ➜ docker pull docker.io/library/golang:1.15
    
    0ae6761270d6: Pull complete  167.5MB Download   2.215s, Extract   3.652s
    8b7d058009f0: Pull complete     455B Download     99ms, Extract    396ms
    98f97b2cc68a: Pull complete  117.1MB Download    1.96s, Extract   2.209s
    

    - What I did

    - How I did it

    - How to verify it

    - Description for the changelog

    - A picture of a cute animal (not mandatory but encouraged)

    kind/enhancement 
    opened by dkkb 1
  • host.docker.internal cannot be resolved when adding dns entries to daemon.json

    host.docker.internal cannot be resolved when adding dns entries to daemon.json

    When some DNS servers are defined in the daemon.json (internal dns of the company to resolve internal domains) the host.docker.internal is not accessible any in any container. If the dns section in the daemon.json is not set at all, the host.docker.internal can be resolved. I use Docker for Mac without any special config except for the dns. I tried to add the docker network host 192.168.65.1 as well as my local ip from the network adapter as a dns entry, but this did not help to solve the issue. Can I add another IP so that the host.docker.internal will get solved again using some dns entries in the daemon.json?

    Output of docker version: Client: Cloud integration: 1.0.17 Version: 20.10.8 API version: 1.41 Go version: go1.16.6 Git commit: 3967b7d Built: Fri Jul 30 19:55:20 2021 OS/Arch: darwin/amd64 Context: default Experimental: true

    Server: Docker Engine - Community Engine: Version: 20.10.8 API version: 1.41 (minimum version 1.12) Go version: go1.16.6 Git commit: 75249d8 Built: Fri Jul 30 19:52:10 2021 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.4.9 GitCommit: e25210fe30a0a703442421b0f60afac609f950a3 runc: Version: 1.0.1 GitCommit: v1.0.1-0-g4144b63 docker-init: Version: 0.19.0 GitCommit: de40ad0

    Output of docker info:

    Client: Context: default Debug Mode: false Plugins: buildx: Build with BuildKit (Docker Inc., v0.6.1-docker) compose: Docker Compose (Docker Inc., v2.0.0-rc.2) scan: Docker Scan (Docker Inc., v0.8.0)

    Server: Containers: 74 Running: 0 Paused: 0 Stopped: 74 Images: 21 Server Version: 20.10.8 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: e25210fe30a0a703442421b0f60afac609f950a3 runc version: v1.0.1-0-g4144b63 init version: de40ad0 Security Options: seccomp Profile: default Kernel Version: 5.10.47-linuxkit Operating System: Docker Desktop OSType: linux Architecture: x86_64 CPUs: 6 Total Memory: 7.773GiB Name: docker-desktop ID: PPHS:YHG4:TDBW:K6YZ:MNV6:2YEA:3HWQ:ZZHW:JRXW:B2RC:PLM6:ITSB Docker Root Dir: /var/lib/docker Debug Mode: false HTTP Proxy: http.docker.internal:3128 HTTPS Proxy: http.docker.internal:3128 Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

    status/more-info-needed platform/mac version/20.10 
    opened by op-euga 7
  • Docker stack deploy is very slow and is taking around 15 seconds per service

    Docker stack deploy is very slow and is taking around 15 seconds per service

    Description

    The docker stack deploy is very slow and is taking around 15 seconds to complete creating a single service.

    Steps to reproduce the issue:

    1. docker stack deploy -c test.yml test

    Describe the results you received:

    Its taking around 15s to create a service and then another 15s for the next service and so on.

    Describe the results you expected:

    Services to be created quickly one after another sequentially.

    Additional information you deem important (e.g. issue happens only occasionally):

    Output of docker version:

    Client: Docker Engine - Community
     Version:           20.10.5
     API version:       1.41
     Go version:        go1.13.15
     Git commit:        55c4c88
     Built:             Tue Mar  2 20:33:55 2021
     OS/Arch:           linux/amd64
     Context:           default
     Experimental:      true
    
    Server: Docker Engine - Community
     Engine:
      Version:          20.10.5
      API version:      1.41 (minimum version 1.12)
      Go version:       go1.13.15
      Git commit:       363e9a8
      Built:            Tue Mar  2 20:32:17 2021
      OS/Arch:          linux/amd64
      Experimental:     false
     containerd:
      Version:          1.4.6
      GitCommit:        d71fcd7d8303cbf684402823e425e9dd2e99285d
     runc:
      Version:          1.0.0-rc95
      GitCommit:        b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
     docker-init:
      Version:          0.19.0
      GitCommit:        de40ad0
    
    

    Output of docker info:

    Client:
     Context:    default
     Debug Mode: false
     Plugins:
      app: Docker App (Docker Inc., v0.9.1-beta3)
      buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
    
    Server:
     Containers: 2
      Running: 2
      Paused: 0
      Stopped: 0
     Images: 3
     Server Version: 20.10.5
     Storage Driver: overlay2
      Backing Filesystem: xfs
      Supports d_type: true
      Native Overlay Diff: true
     Logging Driver: json-file
     Cgroup Driver: cgroupfs
     Cgroup Version: 1
     Plugins:
      Volume: local
      Network: bridge host ipvlan macvlan null overlay
      Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
     Swarm: active
      NodeID: vn1ny836b3brmt6yia67lvdpx
      Is Manager: true
      ClusterID: zyhtrkh04upffvq9pr6dblpij
      Managers: 1
      Nodes: 1
      Default Address Pool: 10.0.0.0/8
      SubnetSize: 24
      Data Path Port: 4789
      Orchestration:
       Task History Retention Limit: 5
      Raft:
       Snapshot Interval: 10000
       Number of Old Snapshots to Retain: 0
       Heartbeat Tick: 1
       Election Tick: 10
      Dispatcher:
       Heartbeat Period: 5 seconds
      CA Configuration:
       Expiry Duration: 3 months
       Force Rotate: 0
      Autolock Managers: false
      Root Rotation In Progress: false
      Node Address: 10.200.0.194
      Manager Addresses:
       10.200.0.194:2377
     Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
     Default Runtime: runc
     Init Binary: docker-init
     containerd version: d71fcd7d8303cbf684402823e425e9dd2e99285d
     runc version: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
     init version: de40ad0
     Security Options:
      seccomp
       Profile: default
     Kernel Version: 3.10.0-1160.25.1.el7.x86_64
     Operating System: CentOS Linux 7 (Core)
     OSType: linux
     Architecture: x86_64
     CPUs: 8
     Total Memory: 31.26GiB
     Name: swarm_manager2.xyz.com
     ID: NYY4:JV4Y:O4ZT:T7BO:K4D5:56TI:CL5R:2LUO:MJPW:CIMV:6QEY:AYZW
     Docker Root Dir: /var/lib/docker
     Debug Mode: false
     Registry: https://index.docker.io/v1/
     Labels:
     Experimental: false
     Insecure Registries:
      127.0.0.0/8
    Registry Mirrors:
      https://docker-hub-virtual.registry.docker.xyz.com/
     Live Restore Enabled: false
     Default Address Pools:
       Base: 192.168.0.0/17, Size: 24
       Base: 192.168.128.0/17, Size: 24
    
    WARNING: bridge-nf-call-ip6tables is disabled
    
    

    Output of strace:

     grep ETIMEDOUT /tmp/strace_out.txt
    [pid 10368] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out) <0.000190>
    [pid 10368] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out) <0.000206>
    [pid 10368] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out) <0.000276>
    [pid 10368] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out) <0.000256>
    [pid 10368] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out) <0.000219>
    [pid 10368] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out) <0.000216>
    [pid 10368] futex(0x55dc010b17f8, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000}) = -1 ETIMEDOUT (Connection timed out) <0.000232>
    [pid 10367] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out) <0.000300>
    [pid 10367] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out) <0.000250>
    [pid 10367] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out) <0.000276>
    [pid 10367] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out) <0.000267>
    [pid 10361] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out) <0.011231>
    [pid 10361] futex(0x55dc010b17d8, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=891732952}) = -1 ETIMEDOUT (Connection timed out) <4.892012>
    [pid 10361] futex(0x55dc010b17d8, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=994896779}) = -1 ETIMEDOUT (Connection timed out) <4.995128>
    [pid 10361] futex(0x55dc010b17d8, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=993498040}) = -1 ETIMEDOUT (Connection timed out) <4.993836>
    [pid 10361] futex(0x55dc010b17d8, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=853355629}) = -1 ETIMEDOUT (Connection timed out) <4.853562>
    [pid 10361] futex(0x55dc010b17d8, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=994530198}) = -1 ETIMEDOUT (Connection timed out) <4.994797>
    [pid 10361] futex(0x55dc010b17d8, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=994426207}) = -1 ETIMEDOUT (Connection timed out) <4.994692>
    

    The docker compose file had only 2 services and the timed out futex calls took around 5 seconds to timeout. It triggered 3 timeouts till a service is completely created and therefore it takes around 15s in total for a service.

    Additional environment details (AWS, VirtualBox, physical, etc.): The nodes are VMs and I have another swarm stack in another ESXi node with the same base packer template that is baked with the docker installation and all. I am not getting such behavior in the other stack though.

    area/storage/overlay area/performance area/stack version/20.10 
    opened by Melvin-Antony 0
  • When copying a directory into some nested path, `COPY --chown` does not apply user and group ownership to newly created parents

    When copying a directory into some nested path, `COPY --chown` does not apply user and group ownership to newly created parents

    Description

    The COPY instruction contains an option, --chown=<user>:<group>, which ensures that the new files and directories that are created have the specified user and group ownership applied. This works, however, there is a bug: when copying some directory bar into a nested path, any non-existent parents that get created do not have the specified user and group ownership applied.

    Steps to reproduce the issue:

    Dockerfile

    1. Create a new directory somewhere, say, /tmp/example. cd into it.
    2. Create a new directory, bar. Create any file in it.
    3. Create a Dockerfile with the following contents:
      ➜ cat Dockerfile
      FROM busybox:latest
      RUN adduser -D example-user
      COPY --chown=example-user:example-user bar /home/example-user/foo/bar
      RUN find /home -exec printf '{} | ' \; -exec stat -c 'u:%U g:%G' {} \;
      
    4. Build the image using docker build . (optionally specify --force-rm if rebuilding).
    5. View the output from the last RUN instruction in order to see the issue.

    Describe the results you received:

    Single parent creation (/home/example-user/foo):

    ➜ docker build --force-rm .
    Sending build context to Docker daemon  3.584kB
    Step 1/4 : FROM busybox:latest
     ---> 42b97d3c2ae9
    Step 2/4 : RUN adduser -D example-user
     ---> Using cache
     ---> 5b53d5285fc1
    Step 3/4 : COPY --chown=example-user:example-user bar /home/example-user/foo/bar
     ---> 7d707703388b
    Step 4/4 : RUN find /home -exec printf '{} | ' \; -exec stat -c 'u:%U g:%G' {} \;
     ---> Running in c044b0ad97fb
    /home | u:nobody g:nobody
    /home/example-user | u:example-user g:example-user
    /home/example-user/foo | u:root g:root
    /home/example-user/foo/bar | u:example-user g:example-user
    /home/example-user/foo/bar/README | u:example-user g:example-user
    Removing intermediate container c044b0ad97fb
     ---> 6bb7ea11db88
    Successfully built 6bb7ea11db88
    docker build --force-rm .  6.98s user 0.35s system 78% cpu 9.369 total
    

    Multi-parent creation (/home/example-user/foo{1,2})

    ➜ docker build --force-rm .
    Sending build context to Docker daemon  3.584kB
    Step 1/4 : FROM busybox:latest
     ---> 42b97d3c2ae9
    Step 2/4 : RUN adduser -D example-user
     ---> Using cache
     ---> 5b53d5285fc1
    Step 3/4 : COPY --chown=example-user:example-user bar /home/example-user/foo1/foo2/bar
     ---> 10ee0acc7d1c
    Step 4/4 : RUN find /home -exec printf '{} | ' \; -exec stat -c 'u:%U g:%G' {} \;
     ---> Running in 2e707e3eec5f
    /home | u:nobody g:nobody
    /home/example-user | u:example-user g:example-user
    /home/example-user/foo1 | u:root g:root
    /home/example-user/foo1/foo2 | u:root g:root
    /home/example-user/foo1/foo2/bar | u:example-user g:example-user
    /home/example-user/foo1/foo2/bar/README | u:example-user g:example-user
    Removing intermediate container 2e707e3eec5f
     ---> 7a521a8976ce
    Successfully built 7a521a8976ce
    

    Describe the results you expected:

    I would example /home/example-user/foo to be owned by the example-user user and group.

    Additional information you deem important (e.g. issue happens only occasionally):

    Output of docker version:

    ➜ docker version
    Client:
     Version:           20.10.8
     API version:       1.41
     Go version:        go1.16.6
     Git commit:        3967b7d28e
     Built:             Wed Aug  4 10:59:01 2021
     OS/Arch:           linux/amd64
     Context:           default
     Experimental:      true
    
    Server:
     Engine:
      Version:          20.10.8
      API version:      1.41 (minimum version 1.12)
      Go version:       go1.16.6
      Git commit:       75249d88bc
      Built:            Wed Aug  4 10:58:48 2021
      OS/Arch:          linux/amd64
      Experimental:     false
     containerd:
      Version:          v1.5.5
      GitCommit:        72cec4be58a9eb6b2910f5d10f1c01ca47d231c0.m
     runc:
      Version:          1.0.2
      GitCommit:        v1.0.2-0-g52b36a2d
     docker-init:
      Version:          0.19.0
      GitCommit:        de40ad0
    

    Output of docker info:

    ➜ docker info
    Client:
     Context:    default
     Debug Mode: false
     Plugins:
      buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
    
    Server:
     Containers: 0
      Running: 0
      Paused: 0
      Stopped: 0
     Images: 19
     Server Version: 20.10.8
     Storage Driver: btrfs
      Build Version: Btrfs v5.13
      Library Version: 102
     Logging Driver: json-file
     Cgroup Driver: systemd
     Cgroup Version: 2
     Plugins:
      Volume: local
      Network: bridge host ipvlan macvlan null overlay
      Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
     Swarm: inactive
     Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
     Default Runtime: runc
     Init Binary: docker-init
     containerd version: 72cec4be58a9eb6b2910f5d10f1c01ca47d231c0.m
     runc version: v1.0.2-0-g52b36a2d
     init version: de40ad0
     Security Options:
      seccomp
       Profile: default
      cgroupns
     Kernel Version: 5.13.13-arch1-1
     Operating System: Arch Linux
     OSType: linux
     Architecture: x86_64
     CPUs: 8
     Total Memory: 29.3GiB
     Name: archer
     ID: F26J:LHUB:2MFM:Q227:EQTA:WPXL:LSYR:MEZE:5PM7:DIUI:KKAT:6G2A
     Docker Root Dir: /var/lib/docker
     Debug Mode: false
     Username: sudoforge
     Registry: https://index.docker.io/v1/
     Labels:
     Experimental: false
     Insecure Registries:
      127.0.0.0/8
     Live Restore Enabled: false
    

    Additional environment details (AWS, VirtualBox, physical, etc.):

    ➜ uname -a
    Linux archer 5.13.13-arch1-1 #1 SMP PREEMPT Thu, 26 Aug 2021 19:14:36 +0000 x86_64 GNU/Linux
    
    area/builder kind/enhancement 
    opened by sudoforge 3
Releases(v20.10.8)
  • v20.10.8(Aug 3, 2021)

    20.10.8

    IMPORTANT

    Due to net/http changes in Go 1.16, HTTP proxies configured through the $HTTP_PROXY environment variable are no longer used for TLS (https://) connections. Make sure you also set an $HTTPS_PROXY environment variable for handling requests to https:// URLs. Refer to the HTTP/HTTPS proxy section in the documentation to learn how to configure the Docker Daemon to use a proxy server.

    Deprecation

    • Deprecate support for encrypted TLS private keys. Legacy PEM encryption as specified in RFC 1423 is insecure by design. Because it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. Support for encrypted TLS private keys is now marked as deprecated, and will be removed in an upcoming release. docker/cli#3219
    • Deprecate Kubernetes stack support. Following the deprecation of Compose on Kubernetes, support for Kubernetes in the stack and context commands in the Docker CLI is now marked as deprecated, and will be removed in an upcoming release docker/cli#3174.

    Client

    • Fix Invalid standard handle identifier errors on Windows docker/cli#3132.

    Rootless

    • Avoid can't open lock file /run/xtables.lock: Permission denied error on SELinux hosts moby/moby#42462.
    • Disable overlay2 when running with SELinux to prevent permission denied errors moby/moby#42462.
    • Fix x509: certificate signed by unknown authority error on openSUSE Tumbleweed moby/moby#42462.

    Runtime

    • Print a warning when using the --platform option to pull a single-arch image that does not match the specified architecture moby/moby#42633.
    • Fix incorrect Your kernel does not support swap memory limit warning when running with cgroups v2 moby/moby#42479.
    • Windows: Fix a situation where containers were not stopped if HcsShutdownComputeSystem returned an ERROR_PROC_NOT_FOUND error moby/moby#42613

    Swarm

    • Fix a possibility where overlapping IP addresses could exist as a result of the node failing to clean up its old loadbalancer IPs moby/moby#42538
    • Fix a deadlock in log broker ("dispatcher is stopped") moby/moby#42537

    Packaging

    Known issue

    The ctr binary shipping with the static packages of this release is not statically linked, and will not run in Docker images using alpine as a base image. Users can install the libc6-compat package, or download a previous version of the ctr binary as a workaround. Refer to the containerd ticket related to this issue for more details: containerd/containerd#5824.

    Source code(tar.gz)
    Source code(zip)
  • v20.10.7(Jun 2, 2021)

    20.10.7

    Client

    • Suppress warnings for deprecated cgroups docker/cli#3099.
    • Prevent sending SIGURG signals to container on Linux and macOS. The Go runtime (starting with Go 1.14) uses SIGURG signals internally as an interrupt to support preemptable syscalls. In situations where the Docker CLI was attached to a container, these interrupts were forwarded to the container. This fix changes the Docker CLI to ignore SIGURG signals docker/cli#3107, moby/moby#42421.

    Builder

    • Update BuildKit to version v0.8.3-3-g244e8cde moby/moby#42448:
      • Transform relative mountpoints for exec mounts in the executor to work around a breaking change in runc v1.0.0-rc94 and up. moby/buildkit#2137.
      • Add retry on image push 5xx errors. moby/buildkit#2043.
      • Fix build-cache not being invalidated when renaming a file that is copied using a COPY command with a wildcard. Note that this change invalidates existing build caches for copy commands that use a wildcard. moby/buildkit#2018.
      • Fix build-cache not being invalidated when using mounts moby/buildkit#2076.
    • Fix build failures when FROM image is not cached when using legacy schema 1 images moby/moby#42382.

    Logging

    • Update the hcsshim SDK to make daemon logs on Windows less verbose moby/moby#42292.

    Rootless

    • Fix capabilities not being honored when an image was built on a daemon with user-namespaces enabled moby/moby#42352.

    Networking

    • Update libnetwork to fix publishing ports on environments with kernel boot parameter ipv6.disable=1, and to fix a deadlock causing internal DNS lookups to fail moby/moby#42413.

    Contrib

    • Update rootlesskit to v0.14.2 to fix a timeout when starting the userland proxy with the slirp4netns port driver moby/moby#42294.
    • Fix "Device or resource busy" errors when running docker-in-docker on a rootless daemon moby/moby#42342.

    Packaging

    Source code(tar.gz)
    Source code(zip)
  • v20.10.6(Apr 14, 2021)

  • v20.10.5(Mar 3, 2021)

  • v20.10.4(Feb 28, 2021)

    release notes: https://docs.docker.com/engine/release-notes/#20104

    20.10.4

    Builder

    • Fix incorrect cache match for inline cache import with empty layers moby/moby#42061
    • Update BuildKit to v0.8.2 moby/moby#42061
      • resolver: avoid error caching on token fetch
      • fileop: fix checksum to contain indexes of inputs preventing certain cache misses
      • Fix reference count issues on typed errors with mount references (fixing invalid mutable ref errors)
      • git: set token only for main remote access allowing cloning submodules with different credentials
    • Ensure blobs get deleted in /var/lib/docker/buildkit/content/blobs/sha256 after pull. To clean up old state run builder prune moby/moby#42065
    • Fix parallel pull synchronization regression moby/moby#42049
    • Ensure libnetwork state files do not leak moby/moby#41972

    Client

    • Fix a panic on docker login if no config file is present docker/cli#2959
    • Fix WARNING: Error loading config file: .dockercfg: $HOME is not defined docker/cli#2958

    Runtime

    Logger

    • Honor labels-regex config even if labels is not set moby/moby#42046
    • Handle long log messages correctly preventing awslogs in non-blocking mode to split events bigger than 16kB mobymoby#41975

    Rootless

    Security

    Swarm

    • Fix issue with heartbeat not persisting upon restart moby/moby#42060
    • Fix potential stalled tasks moby/moby#42060
    • Fix --update-order and --rollback-order flags when only --update-order or --rollback-order is provided docker/cli#2963
    • Fix docker service rollback returning a non-zero exit code in some situations docker/cli#2964
    • Fix inconsistent progress-bar direction on docker service rollback docker/cli#2964
    Source code(tar.gz)
    Source code(zip)
  • v20.10.3(Feb 2, 2021)

    Release notes: https://docs.docker.com/engine/release-notes/#20103

    20.10.3

    Security

    • CVE-2021-21285 Prevent an invalid image from crashing docker daemon
    • CVE-2021-21284 Lock down file permissions to prevent remapped root from accessing docker state
    • Ensure AppArmor and SELinux profiles are applied when building with BuildKit

    Client

    • Check contexts before importing them to reduce risk of extracted files escaping context store
    • Windows: prevent executing certain binaries from current directory docker/cli#2950
    Source code(tar.gz)
    Source code(zip)
  • v19.03.15(Feb 2, 2021)

    Release notes: https://docs.docker.com/engine/release-notes/19.03/#190315

    Security

    • CVE-2021-21285 Prevent an invalid image from crashing docker daemon
    • CVE-2021-21284 Lock down file permissions to prevent remapped root from accessing docker state
    • Ensure AppArmor and SELinux profiles are applied when building with BuildKit

    Client

    • Check contexts before importing them to reduce risk of extracted files escaping context store
    Source code(tar.gz)
    Source code(zip)
  • v20.10.2(Jan 5, 2021)

  • v20.10.1(Dec 15, 2020)

  • v20.10.0(Dec 9, 2020)

  • v19.03.14(Dec 2, 2020)

    For official release notes for Docker Engine CE and Docker Engine EE, visit the release notes page.

    Security

    • CVE-2020-15257: Update bundled static binaries of containerd to v1.3.9 moby/moby#41731. Package managers should update the containerd.io package.

    Builder

    • Beta versions of apparmor are now parsed correctly preventing build failures moby/moby#41542

    Networking

    Runtime

    Rootless

    • Lock state dir for preventing automatic clean-up by systemd-tmpfiles moby/moby#41635
    • dockerd-rootless.sh: support new containerd shim socket path convention moby/moby#41557

    Logging

    Source code(tar.gz)
    Source code(zip)
  • v19.03.13(Sep 17, 2020)

  • v19.03.12(Jun 30, 2020)

  • v19.03.11(Jun 4, 2020)

  • v19.03.10(May 29, 2020)

  • v19.03.9(May 28, 2020)

  • v19.03.8(Apr 9, 2020)

  • v17.03.2-ce(Jun 27, 2017)

    17.03.2-ce (2017-06-27)

    Networking

    • Fix a concurrency issue preventing network creation #33273

    Runtime

    • Relabel secrets path to avoid a Permission Denied on selinux enabled systems #33236 (ref #32529
    • Fix cases where local volume were not properly relabeled if needed #33236 (ref #29428)
    • Fix an issue while upgrading if a plugin rootfs was still mounted #33236 (ref #32525)
    • Fix an issue where volume wouldn't default to the rprivate propagation mode #33236 (ref #32851)
    • Fix a panic that could occur when a volume driver could not be retrieved #33236 (ref #32347)
    • Add a warning in docker info when the overlay or overlay2 graphdriver is used on a filesystem without d_type support #33236 (ref #31290)
    • Fix an issue with backporting mount spec to older volumes #33207
    • Fix issue where a failed unmount can lead to data loss on local volume remove #33120

    Swarm Mode

    • Fix a case where tasks could get killed unexpectedly #33118
    • Fix an issue preventing to deploy services if the registry cannot be reached despite the needed images being locally present #33117

    Downloads

    Docker CE 17.03.2 is available from the Docker Store

    Source code(tar.gz)
    Source code(zip)
  • v17.03.2-ce-rc1(May 30, 2017)

    17.03.2-ce (2017-05-29)

    Networking

    • Fix a concurrency issue preventing network creation #33273

    Runtime

    • Relabel secrets path to avoid a Permission Denied on selinux enabled systems #33236 (ref #32529
    • Fix cases where local volume were not properly relabeled if needed #33236 (ref #29428)
    • Fix an issue while upgrading if a plugin rootfs was still mounted #33236 (ref #32525)
    • Fix an issue where volume wouldn't default to the rprivate propagation mode #33236 (ref #32851)
    • Fix a panic that could occur when a volume driver could not be retrieved #33236 (ref #32347)
    • Add a warning in docker info when the overlay or overlay2 graphdriver is used on a filesystem without d_type support #33236 (ref #31290)
    • Fix an issue with backporting mount spec to older volumes #33207
    • Fix issue where a failed unmount can lead to data loss on local volume remove #33120

    Swarm Mode

    • Fix a case where tasks could get killed unexpectedly #33118
    • Fix an issue preventing to deploy services if the registry cannot be reached despite the needed images being locally present #33117

    Downloads

    Docker CE 17.03.2-rc1 is available from the Docker Store

    Source code(tar.gz)
    Source code(zip)
  • v17.05.0-ce(May 5, 2017)

    Changelog

    Items starting with DEPRECATE are important deprecation notices. For more information on the list of deprecated flags and APIs please have a look at https://docs.docker.com/engine/deprecated/ where target removal dates can also be found.

    17.05.0-ce (2017-05-04)

    Builder

    • Add multi-stage build support #31257 #32063
    • Allow using build-time args (ARG) in FROM #31352
    • Add an option for specifying build target #32496
    • Accept -f - to read Dockerfile from stdin, but use local context for building #31236
    • The values of default build time arguments (e.g HTTP_PROXY) are no longer displayed in docker image history unless a corresponding ARG instruction is written in the Dockerfile. #31584
    • Fix setting command if a custom shell is used in a parent image #32236
    • Fix docker build --label when the label includes single quotes and a space #31750

    Client

    • Add --mount flag to docker run and docker create #32251
    • Add --type=secret to docker inspect #32124
    • Add --format option to docker secret ls #31552
    • Add --filter option to docker secret ls #30810
    • Add --filter scope=<swarm|local> to docker network ls #31529
    • Add --cpus support to docker update #31148
    • Add label filter to docker system prune and other prune commands #30740
    • docker stack rm now accepts multiple stacks as input #32110
    • Improve docker version --format option when the client has downgraded the API version #31022
    • Prompt when using an encrypted client certificate to connect to a docker daemon #31364
    • Display created tags on successful docker build #32077
    • Cleanup compose convert error messages #32087

    Contrib

    • Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 #32435

    Daemon

    • Fix --api-cors-header being ignored if --api-enable-cors is not set #32174
    • Cleanup docker tmp dir on start #31741
    • Deprecate --graph flag in favor or --data-root #28696

    Logging

    • Add support for logging driver plugins #28403
    • Add support for showing logs of individual tasks to docker service logs, and add /task/{id}/logs REST endpoint #32015
    • Add --log-opt env-regex option to match environment variables using a regular expression #27565

    Networking

    • Allow user to replace, and customize the ingress network #31714
    • Fix UDP traffic in containers not working after the container is restarted #32505
    • Fix files being written to /var/lib/docker if a different data-root is set #32505

    Runtime

    • Ensure health probe is stopped when a container exits #32274

    Swarm Mode

    • Add update/rollback order for services (--update-order / --rollback-order) #30261
    • Add support for synchronous service create and service update #31144
    • Add support for "grace periods" on healthchecks through the HEALTHCHECK --start-period and --health-start-period flag to docker service create, docker service update, docker create, and docker run to support containers with an initial startup time #28938
    • docker service create now omits fields that are not specified by the user, when possible. This will allow defaults to be applied inside the manager #32284
    • docker service inspect now shows default values for fields that are not specified by the user #32284
    • Move docker service logs out of experimental #32462
    • Add support for Credential Spec and SELinux to services to the API #32339
    • Add --entrypoint flag to docker service create and docker service update #29228
    • Add --network-add and --network-rm to docker service update #32062
    • Add --credential-spec flag to docker service create and docker service update #32339
    • Add --filter mode=<global|replicated> to docker service ls #31538
    • Resolve network IDs on the client side, instead of in the daemon when creating services #32062
    • Add --format option to docker node ls #30424
    • Add --prune option to docker stack deploy to remove services that are no longer defined in the docker-compose file #31302
    • Add PORTS column for docker service ls when using ingress mode #30813
    • Fix unnescessary re-deploying of tasks when environment-variables are used #32364
    • Fix docker stack deploy not supporting endpoint_mode when deploying from a docker compose file #32333
    • Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup #31631

    Security

    • Allow setting SELinux type or MCS labels when using --ipc=container: or --ipc=host #30652

    Deprecation

    • Deprecate --api-enable-cors daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features #32352
    • Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates #32520

    Downloads

    deb/rpm install: curl -fsSL https://get.docker.com/ | sh Linux 64bits tgz: https://get.docker.com/builds/Linux/x86_64/docker-17.05.0-ce.tgz Darwin/OSX 64bits client tgz: https://get.docker.com/builds/Darwin/x86_64/docker-17.05.0-ce.tgz Linux 32bits arm tgz: https://get.docker.com/builds/Linux/armel/docker-17.05.0-ce.tgz Windows 64bits zip: https://get.docker.com/builds/Windows/x86_64/docker-17.05.0-ce.zip Windows 32bits client zip: https://get.docker.com/builds/Windows/i386/docker-17.05.0-ce.zip

    Note: those packages won't be updated for the next releases. Get Docker CE from Docker Store

    Source code(tar.gz)
    Source code(zip)
  • v17.05.0-ce-rc3(May 2, 2017)

    Changelog

    Items starting with DEPRECATE are important deprecation notices. For more information on the list of deprecated flags and APIs please have a look at https://docs.docker.com/engine/deprecated/ where target removal dates can also be found.

    17.05.0-ce (2017-05-03)

    Builder

    • Add multi-stage build support #31257 #32063
    • Allow using build-time args (ARG) in FROM #31352
    • Add an option for specifying build target #32496
    • Accept -f - to read Dockerfile from stdin, but use local context for building #31236
    • The values of default build time arguments (e.g HTTP_PROXY) are no longer displayed in docker image history unless a corresponding ARG instruction is written in the Dockerfile. #31584
    • Fix setting command if a custom shell is used in a parent image #32236
    • Fix docker build --label when the label includes single quotes and a space #31750

    Client

    • Add --mount flag to docker run and docker create #32251
    • Add --type=secret to docker inspect #32124
    • Add --format option to docker secret ls #31552
    • Add --filter option to docker secret ls #30810
    • Add --filter scope=<swarm|local> to docker network ls #31529
    • Add --cpus support to docker update #31148
    • Add label filter to docker system prune and other prune commands #30740
    • docker stack rm now accepts multiple stacks as input #32110
    • Improve docker version --format option when the client has downgraded the API version #31022
    • Prompt when using an encrypted client certificate to connect to a docker daemon #31364
    • Display created tags on successful docker build #32077
    • Cleanup compose convert error messages #32087

    Contrib

    • Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 #32435

    Daemon

    • Fix --api-cors-header being ignored if --api-enable-cors is not set #32174
    • Cleanup docker tmp dir on start #31741
    • Deprecate --graph flag in favor or --data-root #28696

    Logging

    • Add support for logging driver plugins #28403
    • Add support for showing logs of individual tasks to docker service logs, and add /task/{id}/logs REST endpoint #32015
    • Add --log-opt env-regex option to match environment variables using a regular expression #27565

    Networking

    • Allow user to replace, and customize the ingress network #31714
    • Fix UDP traffic in containers not working after the container is restarted #32505
    • Fix files being written to /var/lib/docker if a different data-root is set #32505

    Runtime

    • Ensure health probe is stopped when a container exits #32274

    Swarm Mode

    • Add update/rollback order for services (--update-order / --rollback-order) #30261
    • Add support for synchronous service create and service update #31144
    • Add support for "grace periods" on healthchecks through the HEALTHCHECK --start-period and --health-start-period flag to docker service create, docker service update, docker create, and docker run to support containers with an initial startup time #28938
    • docker service create now omits fields that are not specified by the user, when possible. This will allow defaults to be applied inside the manager #32284
    • docker service inspect now shows default values for fields that are not specified by the user #32284
    • Move docker service logs out of experimental #32462
    • Add support for Credential Spec and SELinux to services to the API #32339
    • Add --entrypoint flag to docker service create and docker service update #29228
    • Add --network-add and --network-rm to docker service update #32062
    • Add --credential-spec flag to docker service create and docker service update #32339
    • Add --filter mode=<global|replicated> to docker service ls #31538
    • Resolve network IDs on the client side, instead of in the daemon when creating services #32062
    • Add --format option to docker node ls #30424
    • Add --prune option to docker stack deploy to remove services that are no longer defined in the docker-compose file #31302
    • Add PORTS column for docker service ls when using ingress mode #30813
    • Fix unnescessary re-deploying of tasks when environment-variables are used #32364
    • Fix docker stack deploy not supporting endpoint_mode when deploying from a docker compose file #32333
    • Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup #31631

    Security

    • Allow setting SELinux type or MCS labels when using --ipc=container: or --ipc=host #30652

    Deprecation

    • Deprecate --api-enable-cors daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features #32352
    • Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates #32520

    Downloads

    deb/rpm install: curl -fsSL https://test.docker.com/ | sh Linux 64bits tgz: https://test.docker.com/builds/Linux/x86_64/docker-17.05.0-ce-rc3.tgz Darwin/OSX 64bits client tgz: https://test.docker.com/builds/Darwin/x86_64/docker-17.05.0-ce-rc3.tgz Linux 32bits arm tgz: https://test.docker.com/builds/Linux/armel/docker-17.05.0-ce-rc3.tgz Windows 64bits zip: https://test.docker.com/builds/Windows/x86_64/docker-17.05.0-ce-rc3.zip Windows 32bits client zip: https://test.docker.com/builds/Windows/i386/docker-17.05.0-ce-rc3.zip

    Source code(tar.gz)
    Source code(zip)
  • v17.05.0-ce-rc2(Apr 27, 2017)

    Changelog

    Items starting with DEPRECATE are important deprecation notices. For more information on the list of deprecated flags and APIs please have a look at https://docs.docker.com/engine/deprecated/ where target removal dates can also be found.

    17.05.0-ce (2017-05-03)

    Builder

    • Add multi-stage build support #31257 #32063
    • Allow using build-time args (ARG) in FROM #31352
    • Add an option for specifying build target #32496
    • Accept -f - to read Dockerfile from stdin, but use local context for building #31236
    • The values of default build time arguments (e.g HTTP_PROXY) are no longer displayed in docker image history unless a corresponding ARG instruction is written in the Dockerfile. #31584
    • Fix setting command if a custom shell is used in a parent image #32236
    • Fix docker build --label when the label includes single quotes and a space #31750

    Client

    • Add --mount flag to docker run and docker create #32251
    • Add --type=secret to docker inspect #32124
    • Add --format option to docker secret ls #31552
    • Add --filter option to docker secret ls #30810
    • Add --filter scope=<swarm|local> to docker network ls #31529
    • Add --cpus support to docker update #31148
    • Add label filter to docker system prune and other prune commands #30740
    • docker stack rm now accepts multiple stacks as input #32110
    • Improve docker version --format option when the client has downgraded the API version #31022
    • Prompt when using an encrypted client certificate to connect to a docker daemon #31364
    • Display created tags on successful docker build #32077
    • Cleanup compose convert error messages #32087

    Contrib

    • Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 #32435

    Daemon

    • Fix --api-cors-header being ignored if --api-enable-cors is not set #32174
    • Cleanup docker tmp dir on start #31741
    • Deprecate --graph flag in favor or --data-root #28696

    Logging

    • Add support for logging driver plugins #28403
    • Add support for showing logs of individual tasks to docker service logs, and add /task/{id}/logs REST endpoint #32015
    • Add --log-opt env-regex option to match environment variables using a regular expression #27565

    Networking

    • Allow user to replace, and customize the ingress network #31714
    • Fix UDP traffic in containers not working after the container is restarted #32505
    • Fix files being written to /var/lib/docker if a different data-root is set #32505

    Runtime

    • Ensure health probe is stopped when a container exits #32274

    Swarm Mode

    • Add update/rollback order for services (--update-order / --rollback-order) #30261
    • Add support for synchronous service create and service update #31144
    • Add support for "grace periods" on healthchecks through the HEALTHCHECK --start-period and --health-start-period flag to docker service create, docker service update, docker create, and docker run to support containers with an initial startup time #28938
    • docker service create now omits fields that are not specified by the user, when possible. This will allow defaults to be applied inside the manager #32284
    • docker service inspect now shows default values for fields that are not specified by the user #32284
    • Move docker service logs out of experimental #32462
    • Add support for Credential Spec and SELinux to services to the API #32339
    • Add --entrypoint flag to docker service create and docker service update #29228
    • Add --network-add and --network-rm to docker service update #32062
    • Add --credential-spec flag to docker service create and docker service update #32339
    • Add --filter mode=<global|replicated> to docker service ls #31538
    • Resolve network IDs on the client side, instead of in the daemon when creating services #32062
    • Add --format option to docker node ls #30424
    • Add --prune option to docker stack deploy to remove services that are no longer defined in the docker-compose file #31302
    • Add PORTS column for docker service ls when using ingress mode #30813
    • Fix unnescessary re-deploying of tasks when environment-variables are used #32364
    • Fix docker stack deploy not supporting endpoint_mode when deploying from a docker compose file #32333
    • Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup #31631

    Security

    • Allow setting SELinux type or MCS labels when using --ipc=container: or --ipc=host #30652

    Deprecation

    • Deprecate --api-enable-cors daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features #32352
    • Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates #32520

    Downloads

    deb/rpm install: curl -fsSL https://test.docker.com/ | sh Linux 64bits tgz: https://test.docker.com/builds/Linux/x86_64/docker-17.05.0-ce-rc2.tgz Darwin/OSX 64bits client tgz: https://test.docker.com/builds/Darwin/x86_64/docker-17.05.0-ce-rc2.tgz Linux 32bits arm tgz: https://test.docker.com/builds/Linux/armel/docker-17.05.0-ce-rc2.tgz Windows 64bits zip: https://test.docker.com/builds/Windows/x86_64/docker-17.05.0-ce-rc2.zip Windows 32bits client zip: https://test.docker.com/builds/Windows/i386/docker-17.05.0-ce-rc2.zip

    Source code(tar.gz)
    Source code(zip)
  • v17.05.0-ce-rc1(Apr 12, 2017)

    Changelog

    Items starting with DEPRECATE are important deprecation notices. For more information on the list of deprecated flags and APIs please have a look at https://docs.docker.com/engine/deprecated/ where target removal dates can also be found.

    17.05.0-ce (2017-05-03)

    Builder

    • Add multi-stage build support #31257 #32063
    • Allow using build-time args (ARG) in FROM #31352
    • Add an option for specifying build target #32496
    • Accept -f - to read Dockerfile from stdin, but use local context for building #31236
    • The values of default build time arguments (e.g HTTP_PROXY) are no longer displayed in docker image history unless a corresponding ARG instruction is written in the Dockerfile. #31584
    • Fix setting command if a custom shell is used in a parent image #32236
    • Fix docker build --label when the label includes single quotes and a space #31750

    Client

    • Add --mount flag to docker run and docker create #32251
    • Add --type=secret to docker inspect #32124
    • Add --format option to docker secret ls #31552
    • Add --filter option to docker secret ls #30810
    • Add --filter scope=<swarm|local> to docker network ls #31529
    • Add --cpus support to docker update #31148
    • Add label filter to docker system prune and other prune commands #30740
    • docker stack rm now accepts multiple stacks as input #32110
    • Improve docker version --format option when the client has downgraded the API version #31022
    • Prompt when using an encrypted client certificate to connect to a docker daemon #31364
    • Display created tags on successful docker build #32077

    Contrib

    • Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 #32435

    Daemon

    • Fix --api-cors-header being ignored if --api-enable-cors is not set #32174
    • Cleanup docker tmp dir on start #31741
    • Deprecate --graph flag in favor or --data-root #28696

    Logging

    • Add support for logging driver plugins #28403
    • Add support for showing logs of individual tasks to docker service logs, and add /task/{id}/logs REST endpoint #32015
    • Add --log-opt env-regex option to match environment variables using a regular expression #27565

    Networking

    • Allow user to replace, and customize the ingress network #31714
    • Fix UDP traffic in containers not working after the container is restarted #32505
    • Fix files being written to /var/lib/docker if a different data-root is set #32505

    Runtime

    • Ensure health probe is stopped when a container exits #32274

    Swarm Mode

    • Add update/rollback order for services (--update-order / --rollback-order) #30261
    • Add support for synchronous service create and service update #31144
    • Add support for "grace periods" on healthchecks through the HEALTHCHECK --start-period and --health-start-period flag to docker service create, docker service update, docker create, and docker run to support containers with an initial startup time #28938
    • docker service create now omits fields that are not specified by the user, when possible. This will allow defaults to be applied inside the manager #32284
    • docker service inspect now shows default values for fields that are not specified by the user #32284
    • Move docker service logs out of experimental #32462
    • Add support for Credential Spec and SELinux to services to the API #32339
    • Add --entrypoint flag to docker service create and docker service update #29228
    • Add --network-add and --network-rm to docker service update #32062
    • Add --credential-spec flag to docker service create and docker service update #32339
    • Add --filter mode=<global|replicated> to docker service ls #31538
    • Resolve network IDs on the client side, instead of in the daemon when creating services #32062
    • Add --format option to docker node ls #30424
    • Add --prune option to docker stack deploy to remove services that are no longer defined in the docker-compose file #31302
    • Add PORTS column for docker service ls when using ingress mode #30813
    • Fix unnescessary re-deploying of tasks when environment-variables are used #32364
    • Fix docker stack deploy not supporting endpoint_mode when deploying from a docker compose file #32333
    • Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup #31631

    Security

    • Allow setting SELinux type or MCS labels when using --ipc=container: or --ipc=host #30652

    Deprecation

    • Deprecate --api-enable-cors daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features #32352
    • Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates #32520

    Downloads

    deb/rpm install: curl -fsSL https://test.docker.com/ | sh Linux 64bits tgz: https://test.docker.com/builds/Linux/x86_64/docker-17.05.0-ce-rc1.tgz Darwin/OSX 64bits client tgz: https://test.docker.com/builds/Darwin/x86_64/docker-17.05.0-ce-rc1.tgz Linux 32bits arm tgz: https://test.docker.com/builds/Linux/armel/docker-17.05.0-ce-rc1.tgz Windows 64bits zip: https://test.docker.com/builds/Windows/x86_64/docker-17.05.0-ce-rc1.zip Windows 32bits client zip: https://test.docker.com/builds/Windows/i386/docker-17.05.0-ce-rc1.zip

    Source code(tar.gz)
    Source code(zip)
  • v17.04.0-ce(Apr 5, 2017)

    Changelog

    Items starting with DEPRECATE are important deprecation notices. For more information on the list of deprecated flags and APIs please have a look at https://docs.docker.com/engine/deprecated/ where target removal dates can also be found.

    17.04.0-ce (2017-04-05)

    Builder

    • Disable container logging for build containers #29552
    • Fix use of **/ in .dockerignore #29043

    Client

    • Sort docker stack ls by name #31085
    • Flags for specifying bind mount consistency #31047
    • Output of docker CLI --help is now wrapped to the terminal width #28751
    • Suppress image digest in docker ps #30848
    • Hide command options that are related to Windows #30788
    • Fix docker plugin install prompt to accept "enter" for the "N" default #30769
    • Add truncate function for Go templates #30484
    • Support expanded syntax of ports in stack deploy #30476
    • Support expanded syntax of mounts in stack deploy #30597 #31795
    • Add --add-host for docker build #30383
    • Add .CreatedAt placeholder for docker network ls --format #29900
    • Update order of --secret-rm and --secret-add #29802
    • Add --filter enabled=true for docker plugin ls #28627
    • Add --format to docker service ls #28199
    • Add publish and expose filter for docker ps --filter #27557
    • Support multiple service IDs on docker service ps #25234
    • Allow swarm join with --availability=drain #24993
    • Docker inspect now shows "docker-default" when AppArmor is enabled and no other profile was defined #27083

    Logging

    • Implement optional ring buffer for container logs #28762
    • Add --log-opt awslogs-create-group=<true|false> for awslogs (CloudWatch) to support creation of log groups as needed #29504
    • Fix segfault when using the gcplogs logging driver with a "static" binary #29478

    Networking

    • Check parameter --ip, --ip6 and --link-local-ip in docker network connect #30807
    • Added support for dns-search #30117
    • Added --verbose option for docker network inspect to show task details from all swarm nodes #31710
    • Add anonymous container alias to service record on attachable network docker/libnetwork#1651
    • Support for com.docker.network.container_interface_prefix driver label docker/libnetwork#1667
    • Improve network list performance by omitting network details that are not used #30673

    Runtime

    • Handle paused container when restoring without live-restore set #31704
    • Do not allow sub second in healthcheck options in Dockerfile #31177
    • Support name and id prefix in secret update #30856
    • Use binary frame for websocket attach endpoint #30460
    • Fix linux mount calls not applying propagation type changes #30416
    • Fix ExecIds leak on failed exec -i #30340
    • Prune named but untagged images if danglingOnly=true #30330
    • Add daemon flag to set no_new_priv as default for unprivileged containers #29984
    • Add daemon option --default-shm-size #29692
    • Support registry mirror config reload #29650
    • Ignore the daemon log config when building images #29552
    • Move secret name or ID prefix resolving from client to daemon #29218
    • Allow adding rules to cgroup devices.allow on container create/run #22563
    • Fix cpu.cfs_quota_us being reset when running systemd daemon-reload #31736

    Swarm Mode

    • Add Service logs formatting #31672
    • Fix service logs API to be able to specify stream #31313
    • Add --stop-signal for service create and service update #30754
    • Add --read-only for service create and service update #30162
    • Renew the context after communicating with the registry #31586
    • (experimental) Add --tail and --since options to docker service logs #31500
    • (experimental) Add --no-task-ids and --no-trunc options to docker service logs #31672

    Windows

    • Block pulling Windows images on non-Windows daemons #29001

    Downloads

    deb/rpm install: curl -fsSL https://get.docker.com/ | sh Linux 64bits tgz: https://get.docker.com/builds/Linux/x86_64/docker-17.04.0-ce.tgz Darwin/OSX 64bits client tgz: https://get.docker.com/builds/Darwin/x86_64/docker-17.04.0-ce.tgz Linux 32bits arm tgz: https://get.docker.com/builds/Linux/armel/docker-17.04.0-ce.tgz Windows 64bits zip: https://get.docker.com/builds/Windows/x86_64/docker-17.04.0-ce.zip Windows 32bits client zip: https://get.docker.com/builds/Windows/i386/docker-17.04.0-ce.zip

    Source code(tar.gz)
    Source code(zip)
  • v17.04.0-ce-rc2(Mar 30, 2017)

    17.04.0-ce (2017-04-05)

    Builder

    • Disable container logging for build containers #29552
    • Fix use of **/ in .dockerignore #29043

    Client

    • Sort docker stack ls by name #31085
    • Flags for specifying bind mount consistency #31047
    • Output of docker CLI --help is now wrapped to the terminal width #28751
    • Suppress image digest in docker ps #30848
    • Hide command options that are related to Windows #30788
    • Fix docker plugin install prompt to accept "enter" for the "N" default #30769
    • Add truncate function for Go templates #30484
    • Support expanded syntax of ports in stack deploy #30476
    • Support expanded syntax of mounts in stack deploy #30597 #31795
    • Add --add-host for docker build #30383
    • Add .CreatedAt placeholder for docker network ls --format #29900
    • Update order of --secret-rm and --secret-add #29802
    • Add --filter enabled=true for docker plugin ls #28627
    • Add --format to docker service ls #28199
    • Add publish and expose filter for docker ps --filter #27557
    • Support multiple service IDs on docker service ps #25234
    • Allow swarm join with --availability=drain #24993
    • Docker inspect now shows "docker-default" when AppArmor is enabled and no other profile was defined #27083

    Logging

    • Implement optional ring buffer for container logs #28762
    • Add --log-opt awslogs-create-group=<true|false> for awslogs (CloudWatch) to support creation of log groups as needed #29504
    • Fix segfault when using the gcplogs logging driver with a "static" binary #29478

    Networking

    • Check parameter --ip, --ip6 and --link-local-ip in docker network connect #30807
    • Added support for dns-search #30117
    • Added --verbose option for docker network inspect to show task details from all swarm nodes #31710
    • Add anonymous container alias to service record on attachable network docker/libnetwork#1651
    • Support for com.docker.network.container_interface_prefix driver label docker/libnetwork#1667
    • Improve network list performance by omitting network details that are not used #30673

    Runtime

    • Handle paused container when restoring without live-restore set #31704
    • Do not allow sub second in healthcheck options in Dockerfile #31177
    • Support name and id prefix in secret update #30856
    • Use binary frame for websocket attach endpoint #30460
    • Fix linux mount calls not applying propagation type changes #30416
    • Fix ExecIds leak on failed exec -i #30340
    • Prune named but untagged images if danglingOnly=true #30330
    • Add daemon flag to set no_new_priv as default for unprivileged containers #29984
    • Add daemon option --default-shm-size #29692
    • Support registry mirror config reload #29650
    • Ignore the daemon log config when building images #29552
    • Move secret name or ID prefix resolving from client to daemon #29218
    • Allow adding rules to cgroup devices.allow on container create/run #22563
    • Fix cpu.cfs_quota_us being reset when running systemd daemon-reload #31736

    Swarm Mode

    • Add Service logs formatting #31672
    • Fix service logs API to be able to specify stream #31313
    • Add --stop-signal for service create and service update #30754
    • Add --read-only for service create and service update #30162
    • Renew the context after communicating with the registry #31586
    • (experimental) Add --tail and --since options to docker service logs #31500
    • (experimental) Add --no-task-ids and --no-trunc options to docker service logs #31672

    Windows

    • Block pulling Windows images on non-Windows daemons #29001

    Downloads

    deb/rpm install: curl -fsSL https://test.docker.com/ | sh Linux 64bits tgz: https://test.docker.com/builds/Linux/x86_64/docker-17.04.0-ce-rc2.tgz Darwin/OSX 64bits client tgz: https://test.docker.com/builds/Darwin/x86_64/docker-17.04.0-ce-rc2.tgz Linux 32bits arm tgz: https://test.docker.com/builds/Linux/armel/docker-17.04.0-ce-rc2.tgz Windows 64bits zip: https://test.docker.com/builds/Windows/x86_64/docker-17.04.0-ce-rc2.zip Windows 32bits client zip: https://test.docker.com/builds/Windows/i386/docker-17.04.0-ce-rc2.zip

    Source code(tar.gz)
    Source code(zip)
  • v17.03.1-ce(Mar 28, 2017)

    Changelog

    Items starting with DEPRECATE are important deprecation notices. For more information on the list of deprecated flags and APIs please have a look at https://docs.docker.com/engine/deprecated/ where target removal dates can also be found.

    17.03.1-ce (2017-03-27)

    Remote API (v1.27) & Client

    • Fix autoremove on older api #31692
    • Fix default network customization for a stack #31258
    • Correct CPU usage calculation in presence of offline CPUs and newer Linux #31802
    • Fix issue where service healthcheck is {} in remote API #30197

    Runtime

    • Update runc to 54296cf40ad8143b62dbcaa1d90e520a2136ddfe #31666
    • Ignore cgroup2 mountpoints opencontainers/runc#1266
    • Update containerd to 4ab9917febca54791c5f071a9d1f404867857fcc #31662 #31852
    • Register healtcheck service before calling restore() docker/containerd#609
    • Fix docker exec not working after unattended upgrades that reload apparmor profiles #31773
    • Fix unmounting layer without merge dir with Overlay2 #31069
    • Do not ignore "volume in use" errors when force-delete #31450

    Swarm Mode

    Windows

    • Cleanup HCS on restore #31503

    Downloads

    deb/rpm install: curl -fsSL https://get.docker.com/ | sh Linux 64bits tgz: https://get.docker.com/builds/Linux/x86_64/docker-17.03.1-ce.tgz Darwin/OSX 64bits client tgz: https://get.docker.com/builds/Darwin/x86_64/docker-17.03.1-ce.tgz Linux 32bits arm tgz: https://get.docker.com/builds/Linux/armel/docker-17.03.1-ce.tgz Windows 64bits zip: https://get.docker.com/builds/Windows/x86_64/docker-17.03.1-ce.zip Windows 32bits client zip: https://get.docker.com/builds/Windows/i386/docker-17.03.1-ce.zip

    Source code(tar.gz)
    Source code(zip)
  • v17.04.0-ce-rc1(Mar 21, 2017)

    17.04.0-ce (2017-04-05)

    Client

    • Sort docker stack ls by name #31085
    • Flags for specifying bind mount consistency #31047
    • Suppressing image digest in docker ps #30848
    • Hide command options that are related to Windows #30788
    • Fix docker plugin install prompt to accept "enter" for the "N" default #30769
    • Add truncate function for Go templates #30484
    • Support expanded syntax of ports in stack deploy #30476
    • Support expanded syntax of mounts in stack deploy #30597 #31795
    • Add --add-host for docker build #30383
    • Add .CreatedAt placeholder for docker network ls --format #29900
    • Update order of --secret-rm and --secret-add #29802
    • Fix use of **/ in .dockerignore #29043
    • Add --filter enabled=true for docker plugin ls #28627
    • Add --format to docker service ls #28199
    • Add publish and expose filter for docker ps --filter #27557
    • Support multiple service IDs on docker service ps #25234
    • Allow swarm join with --availability=drain #24993

    Networking

    • Check parameter --ip, --ip6 and --link-local-ip in docker network connect #30807
    • Added support for dns-search #30117
    • Added --verbose option for docker network inspect to show task details from all swarm nodes #31710

    Runtime

    • Handle paused container when restoring without live-restore set #31704
    • Do not allow sub second in healthcheck options in Dockerfile #31177
    • Support name and id prefix in secret update #30856
    • Use binary frame for websocket attach endpoint #30460
    • Fix linux mount calls not applying propagation type changes #30416
    • Fix ExecIds leak on failed exec -i #30340
    • Prune named but untagged images if danglingOnly=true #30330
    • Add daemon flag to set no_new_priv as default for unprivileged containers #29984
    • Add daemon option --default-shm-size #29692
    • Support registry mirror config reload #29650
    • Ignore the daemon log config when building images #29552
    • Move secret name or ID prefix resolving from client to daemon #29218
    • Implement optional ring buffer for container logs #28762
    • Allow adding rules to cgroup devices.allow on container create/run #22563

    Swarm Mode

    • Add Service logs formatting #31672
    • Fix service logs API to be able to specify stream #31313
    • Add --stop-signal for service create and service update #30754
    • Add --read-only for service create and service update #30162
    • Renew the context after communicating with the registry #31586

    Windows

    • Wait for OOBE to prevent crashing during host update #31054
    • Block pulling Windows images on non-Windows daemons #29001

    Downloads

    deb/rpm install: curl -fsSL https://test.docker.com/ | sh Linux 64bits tgz: https://test.docker.com/builds/Linux/x86_64/docker-17.04.0-ce-rc1.tgz Darwin/OSX 64bits client tgz: https://test.docker.com/builds/Darwin/x86_64/docker-17.04.0-ce-rc1.tgz Linux 32bits arm tgz: https://test.docker.com/builds/Linux/armel/docker-17.04.0-ce-rc1.tgz Windows 64bits zip: https://test.docker.com/builds/Windows/x86_64/docker-17.04.0-ce-rc1.zip Windows 32bits client zip: https://test.docker.com/builds/Windows/i386/docker-17.04.0-ce-rc1.zip

    Source code(tar.gz)
    Source code(zip)
  • v17.03.1-ce-rc1(Mar 17, 2017)

    17.03.1-ce (2017-03-20)

    Remote API (v1.27) & Client

    • Fix autoremove on older api #31692
    • Fix default network customization for a stack #31258
    • Correct CPU usage calculation in presence of offline CPUs and newer Linux #31802
    • Fix issue where service healthcheck is {} in remote API #30197

    Runtime

    • Update runc to 54296cf40ad8143b62dbcaa1d90e520a2136ddfe #31666
    • Ignore cgroup2 mountpoints opencontainers/runc#1266
    • Update containerd to 4ab9917febca54791c5f071a9d1f404867857fcc #31662 #31852
    • Register healtcheck service before calling restore() docker/containerd#609
    • Fix docker exec not working after unattended upgrades that reload apparmor profiles #31773
    • Fix unmounting layer without merge dir with Overlay2 #31069
    • Do not ignore "volume in use" errors when force-delete #31450

    Swarm Mode

    Windows

    • Cleanup HCS on restore #31503

    Downloads

    deb/rpm install: curl -fsSL https://test.docker.com/ | sh Linux 64bits tgz: https://test.docker.com/builds/Linux/x86_64/docker-17.03.1-ce-rc1.tgz Darwin/OSX 64bits client tgz: https://test.docker.com/builds/Darwin/x86_64/docker-17.03.1-ce-rc1.tgz Linux 32bits arm tgz: https://test.docker.com/builds/Linux/armel/docker-17.03.1-ce-rc1.tgz Windows 64bits zip: https://test.docker.com/builds/Windows/x86_64/docker-17.03.1-ce-rc1.zip Windows 32bits client zip: https://test.docker.com/builds/Windows/i386/docker-17.03.1-ce-rc1.zip

    Source code(tar.gz)
    Source code(zip)
  • v17.03.0-ce(Mar 2, 2017)

    17.03.0-ce (2017-03-01)

    IMPORTANT: Starting with this release, Docker is on a monthly release cycle and uses a new YY.MM versioning scheme to reflect this. Two channels are available: monthly and quarterly. Any given monthly release will only receive security and bugfixes until the next monthly release is available. Quarterly releases receive security and bugfixes for 4 months after initial release. This release includes bugfixes for 1.13.1 but there are no major feature additions and the API version stays the same. Upgrading from Docker 1.13.1 to 17.03.0 is expected to be simple and low-risk.

    Client

    • Fix panic in docker stats --format #30776

    Contrib

    • Update various bash and zsh completion scripts #30823, #30945 and more...
    • Block obsolete socket families in default seccomp profile - mitigates unpatched kernels' CVE-2017-6074 #29076

    Networking

    • Fix bug on overlay encryption keys rotation in cross-datacenter swarm #30727
    • Fix side effect panic in overlay encryption and network control plane communication failure ("No installed keys could decrypt the message") on frequent swarm leader re-election #25608
    • Several fixes around system responsiveness and datapath programming when using overlay network with external kv-store docker/libnetwork#1639, docker/libnetwork#1632 and more...
    • Discard incoming plain vxlan packets for encrypted overlay network #31170
    • Release the network attachment on allocation failure #31073
    • Fix port allocation when multiple published ports map to the same target port docker/swarmkit#1835

    Runtime

    • Fix a deadlock in docker logs #30223
    • Fix cpu spin waiting for log write events #31070
    • Fix a possible crash when using journald #31231 #31263
    • Fix a panic on close of nil channel #31274
    • Fix duplicate mount point for --volumes-from in docker run #29563
    • Fix --cache-from does not cache last step #31189

    Swarm Mode

    • Shutdown leaks an error when the container was never started #31279

    Swarm Mode

    • Fix possibility of tasks getting stuck in the "NEW" state during a leader failover docker/swarmkit#1938
    • Fix extraneous task creations for global services that led to confusing replica counts in docker service ls docker/swarmkit#1957
    • Fix problem that made rolling updates slow when task-history-limit was set to 1 docker/swarmkit#1948
    • Restart tasks elsewhere, if appropriate, when they are shut down as a result of nodes no longer satisfying constraints docker/swarmkit#1958

    Downloads

    deb/rpm install: curl -fsSL https://get.docker.com/ | sh Linux 64bits tgz: https://get.docker.com/builds/Linux/x86_64/docker-17.03.0-ce.tgz Darwin/OSX 64bits client tgz: https://get.docker.com/builds/Darwin/x86_64/docker-17.03.0-ce.tgz Linux 32bits arm tgz: https://get.docker.com/builds/Linux/armel/docker-17.03.0-ce.tgz Windows 64bits zip: https://get.docker.com/builds/Windows/x86_64/docker-17.03.0-ce.zip Windows 32bits client zip: https://get.docker.com/builds/Windows/i386/docker-17.03.0-ce.zip

    Source code(tar.gz)
    Source code(zip)
  • v17.03.0-ce-rc1(Feb 20, 2017)

    17.03.0-ce (2017-03-01)

    IMPORTANT: Starting with this release, Docker is on a monthly release cycle and uses a new YY.MM versioning scheme to reflect this. Two channels are available: monthly and quarterly. Any given monthly release will only receive security and bugfixes until the next monthly release is available. Quarterly releases receive security and bugfixes for 4 months after initial release. This release includes bugfixes for 1.13.1 but there are no major feature additions and the API version stays the same. Upgrading from Docker 1.13.1 to 17.03.0 is expected to be simple and low-risk.

    Client

    • Fix panic in docker stats --format #30776

    Contrib

    • Update various bash and zsh completion scripts #30823, #30945 and more...

    Networking

    • Discard incoming plain vxlan packets for encrypted overlay network #31170
    • Release the network attachment on allocation failure #31073

    Runtime

    • Fix a deadlock in docker logs #30223
    • Fix cpu spin waiting for log write events #31070

    Downloads

    deb/rpm install: curl -fsSL https://test.docker.com/ | sh Linux 64bits tgz: https://test.docker.com/builds/Linux/x86_64/docker-17.03.0-ce-rc1.tgz Darwin/OSX 64bits client tgz: https://test.docker.com/builds/Darwin/x86_64/docker-17.03.0-ce-rc1.tgz Linux 32bits arm tgz: https://test.docker.com/builds/Linux/armel/docker-17.03.0-ce-rc1.tgz Windows 64bits zip: https://test.docker.com/builds/Windows/x86_64/docker-17.03.0-ce-rc1.zip Windows 32bits client zip: https://test.docker.com/builds/Windows/i386/docker-17.03.0-ce-rc1.zip

    Source code(tar.gz)
    Source code(zip)
Owner
Moby
An open framework to assemble specialized container systems without reinventing the wheel.
Moby
Fast docker image distribution plugin for containerd, based on CRFS/stargz

[ ⬇️ Download] [ ?? Browse images] [ ☸ Quick Start (Kubernetes)] [ ?? Quick Start (nerdctl)] Stargz Snapshotter Read also introductory blog: Startup C

containerd 394 Sep 13, 2021
A curated list of awesome Kubernetes tools and resources.

Awesome Kubernetes Resources A curated list of awesome Kubernetes tools and resources. Inspired by awesome list and donnemartin/awesome-aws. The Fiery

Tom Huang 873 Sep 11, 2021
Learning about containers and how they work by creating them the hard way

Containers the hard way: Gocker: A mini Docker written in Go It is a set of Linux's operating system primitives that provide the illusion of a contain

Shuveb Hussain 1.2k Sep 4, 2021
In ur kubernetes, buildin ur imagez

kim - The Kubernetes Image Manager STATUS: EXPERIMENT - Let us know what you think This project is a continuation of the experiment started with k3c,

Rancher 186 Sep 9, 2021
Binary program to restart unhealthy Docker containers

DeUnhealth Restart your unhealthy containers safely Features Restart unhealthy containers marked with deunhealth.restart.on.unhealthy=true label Recei

Quentin McGaw 5 Sep 9, 2021
GitHub中文排行榜,帮助你发现高分优秀中文项目、更高效地吸收国人的优秀经验成果;榜单每周更新一次,敬请关注!

榜单设立目的 ???? GitHub中文排行榜,帮助你发现高分优秀中文项目; 各位开发者伙伴可以更高效地吸收国人的优秀经验、成果; 中文项目只能满足阶段性的需求,想要有进一步提升,还请多花时间学习高分神级英文项目; 榜单设立范围 设立1个总榜(所有语言项目汇总排名)、18个分榜(单个语言项目排名);

kon9chunkit 38.5k Sep 13, 2021
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers

k8s-vault-webhook is a Kubernetes admission webhook which listen for the events related to Kubernetes resources for injecting secret directly from sec

Opstree Container Kit 79 Sep 5, 2021
A tool to dump and restore Prometheus data blocks.

promdump promdump dumps the head and persistent blocks of Prometheus. It supports filtering the persistent blocks by time range. Why This Tool When de

Ivan Sim 72 Aug 24, 2021
A toolbox for debugging docker container and kubernetes with web UI.

A toolbox for debugging Docker container and Kubernetes with visual web UI. You can start the debugging journey on any docker container host! You can

CloudNativer 7 May 18, 2021
👀 A Kubernetes cluster resource sanitizer

Popeye - A Kubernetes Cluster Sanitizer Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources an

Fernand Galiana 3.1k Sep 15, 2021
This plugin helps you to use the AWS Command Line Interface (AWS CLI) to start and end sessions to your managed instances

Session Manager Plugin This plugin helps you to use the AWS Command Line Interface (AWS CLI) to start and end sessions to your managed instances. Sess

Amazon Web Services 105 Sep 12, 2021
Kubedock is a minimal implementation of the docker api that will orchestrate containers on a Kubernetes cluster, rather than running containers locally.

Kubedock Kubedock is an minimal implementation of the docker api that will orchestrate containers on a kubernetes cluster, rather than running contain

Vincent van Dam 16 Aug 16, 2021
Enterprise-grade container platform tailored for multicloud and multi-cluster management

KubeSphere Container Platform What is KubeSphere English | 中文 KubeSphere is a distributed operating system providing cloud native stack with Kubernete

KubeSphere 6.7k Sep 9, 2021
Easily run your Compose application to the cloud with compose-cli

This CLI tool makes it easy to run Docker containers and Docker Compose applications in the cloud using either Amazon Elastic Container Service (ECS) or Microsoft Azure Container Instances (ACI) using the Docker commands you already know.

Docker 681 Sep 12, 2021
An operator for managing ephemeral clusters in GKE

Test Cluster Operator for GKE This operator provides an API-driven cluster provisioning for integration and performance testing of software that integ

Isovalent 28 Mar 19, 2021
A tool to restart a Docker container with a newer version of the image

repull A tool to restart a Docker container with a newer version of an image used by the container Often you may need to pull a newer version of an im

Eugene 19 Aug 30, 2021
Sign Container Images with cosign and Verify signature by using Open Policy Agent (OPA)

Sign Container Images with cosign and Verify signature by using Open Policy Agent (OPA) In the beginning, I believe it is worth saying that this proje

Batuhan Apaydın 46 Aug 24, 2021
Ignite a Firecracker microVM

Weave Ignite Weave Ignite is an open source Virtual Machine (VM) manager with a container UX and built-in GitOps management. Combines Firecracker Micr

Weaveworks 1.8k Sep 7, 2021
Infrastructure testing helper for AWS Resources that uses AWS SSM to remotely execute commands on EC2 machines.

Infrastructure testing helper for AWS Resources that uses AWS SSM to remotely execute commands on EC2 machines, to enable infrastructure engineering teams to write tests that validate behaviour.

Ankit Wal 18 Aug 30, 2021