`.
+ For instance, if container name is `my.ctr` and the network is named
+ `testnet`, `DNSNames` will contain `my.ctr` and the FQDN will be
+ `my.ctr.testnet`.
+ type: array
+ items:
+ type: string
+ example: ["foobar", "server_x", "server_y", "my.ctr"]
+
+ EndpointIPAMConfig:
+ description: |
+ EndpointIPAMConfig represents an endpoint's IPAM configuration.
+ type: "object"
+ x-nullable: true
+ properties:
+ IPv4Address:
+ type: "string"
+ example: "172.20.30.33"
+ IPv6Address:
+ type: "string"
+ example: "2001:db8:abcd::3033"
+ LinkLocalIPs:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "169.254.34.68"
+ - "fe80::3468"
+
+ PluginMount:
+ type: "object"
+ x-nullable: false
+ required: [Name, Description, Settable, Source, Destination, Type, Options]
+ properties:
+ Name:
+ type: "string"
+ x-nullable: false
+ example: "some-mount"
+ Description:
+ type: "string"
+ x-nullable: false
+ example: "This is a mount that's used by the plugin."
+ Settable:
+ type: "array"
+ items:
+ type: "string"
+ Source:
+ type: "string"
+ example: "/var/lib/docker/plugins/"
+ Destination:
+ type: "string"
+ x-nullable: false
+ example: "/mnt/state"
+ Type:
+ type: "string"
+ x-nullable: false
+ example: "bind"
+ Options:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "rbind"
+ - "rw"
+
+ PluginDevice:
+ type: "object"
+ required: [Name, Description, Settable, Path]
+ x-nullable: false
+ properties:
+ Name:
+ type: "string"
+ x-nullable: false
+ Description:
+ type: "string"
+ x-nullable: false
+ Settable:
+ type: "array"
+ items:
+ type: "string"
+ Path:
+ type: "string"
+ example: "/dev/fuse"
+
+ PluginEnv:
+ type: "object"
+ x-nullable: false
+ required: [Name, Description, Settable, Value]
+ properties:
+ Name:
+ x-nullable: false
+ type: "string"
+ Description:
+ x-nullable: false
+ type: "string"
+ Settable:
+ type: "array"
+ items:
+ type: "string"
+ Value:
+ type: "string"
+
+ PluginInterfaceType:
+ type: "object"
+ x-nullable: false
+ required: [Prefix, Capability, Version]
+ properties:
+ Prefix:
+ type: "string"
+ x-nullable: false
+ Capability:
+ type: "string"
+ x-nullable: false
+ Version:
+ type: "string"
+ x-nullable: false
+
+ PluginPrivilege:
+ description: |
+ Describes a permission the user has to accept upon installing
+ the plugin.
+ type: "object"
+ x-go-name: "PluginPrivilege"
+ properties:
+ Name:
+ type: "string"
+ example: "network"
+ Description:
+ type: "string"
+ Value:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "host"
+
+ Plugin:
+ description: "A plugin for the Engine API"
+ type: "object"
+ required: [Settings, Enabled, Config, Name]
+ properties:
+ Id:
+ type: "string"
+ example: "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078"
+ Name:
+ type: "string"
+ x-nullable: false
+ example: "tiborvass/sample-volume-plugin"
+ Enabled:
+ description:
+ True if the plugin is running. False if the plugin is not running,
+ only installed.
+ type: "boolean"
+ x-nullable: false
+ example: true
+ Settings:
+ description: "Settings that can be modified by users."
+ type: "object"
+ x-nullable: false
+ required: [Args, Devices, Env, Mounts]
+ properties:
+ Mounts:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginMount"
+ Env:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "DEBUG=0"
+ Args:
+ type: "array"
+ items:
+ type: "string"
+ Devices:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginDevice"
+ PluginReference:
+ description: "plugin remote reference used to push/pull the plugin"
+ type: "string"
+ x-nullable: false
+ example: "localhost:5000/tiborvass/sample-volume-plugin:latest"
+ Config:
+ description: "The config of a plugin."
+ type: "object"
+ x-nullable: false
+ required:
+ - Description
+ - Documentation
+ - Interface
+ - Entrypoint
+ - WorkDir
+ - Network
+ - Linux
+ - PidHost
+ - PropagatedMount
+ - IpcHost
+ - Mounts
+ - Env
+ - Args
+ properties:
+ DockerVersion:
+ description: "Docker Version used to create the plugin"
+ type: "string"
+ x-nullable: false
+ example: "17.06.0-ce"
+ Description:
+ type: "string"
+ x-nullable: false
+ example: "A sample volume plugin for Docker"
+ Documentation:
+ type: "string"
+ x-nullable: false
+ example: "https://docs.docker.com/engine/extend/plugins/"
+ Interface:
+ description: "The interface between Docker and the plugin"
+ x-nullable: false
+ type: "object"
+ required: [Types, Socket]
+ properties:
+ Types:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginInterfaceType"
+ example:
+ - "docker.volumedriver/1.0"
+ Socket:
+ type: "string"
+ x-nullable: false
+ example: "plugins.sock"
+ ProtocolScheme:
+ type: "string"
+ example: "some.protocol/v1.0"
+ description: "Protocol to use for clients connecting to the plugin."
+ enum:
+ - ""
+ - "moby.plugins.http/v1"
+ Entrypoint:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "/usr/bin/sample-volume-plugin"
+ - "/data"
+ WorkDir:
+ type: "string"
+ x-nullable: false
+ example: "/bin/"
+ User:
+ type: "object"
+ x-nullable: false
+ properties:
+ UID:
+ type: "integer"
+ format: "uint32"
+ example: 1000
+ GID:
+ type: "integer"
+ format: "uint32"
+ example: 1000
+ Network:
+ type: "object"
+ x-nullable: false
+ required: [Type]
+ properties:
+ Type:
+ x-nullable: false
+ type: "string"
+ example: "host"
+ Linux:
+ type: "object"
+ x-nullable: false
+ required: [Capabilities, AllowAllDevices, Devices]
+ properties:
+ Capabilities:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "CAP_SYS_ADMIN"
+ - "CAP_SYSLOG"
+ AllowAllDevices:
+ type: "boolean"
+ x-nullable: false
+ example: false
+ Devices:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginDevice"
+ PropagatedMount:
+ type: "string"
+ x-nullable: false
+ example: "/mnt/volumes"
+ IpcHost:
+ type: "boolean"
+ x-nullable: false
+ example: false
+ PidHost:
+ type: "boolean"
+ x-nullable: false
+ example: false
+ Mounts:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginMount"
+ Env:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginEnv"
+ example:
+ - Name: "DEBUG"
+ Description: "If set, prints debug messages"
+ Settable: null
+ Value: "0"
+ Args:
+ type: "object"
+ x-nullable: false
+ required: [Name, Description, Settable, Value]
+ properties:
+ Name:
+ x-nullable: false
+ type: "string"
+ example: "args"
+ Description:
+ x-nullable: false
+ type: "string"
+ example: "command line arguments"
+ Settable:
+ type: "array"
+ items:
+ type: "string"
+ Value:
+ type: "array"
+ items:
+ type: "string"
+ rootfs:
+ type: "object"
+ properties:
+ type:
+ type: "string"
+ example: "layers"
+ diff_ids:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887"
+ - "sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8"
+
+ ObjectVersion:
+ description: |
+ The version number of the object such as node, service, etc. This is needed
+ to avoid conflicting writes. The client must send the version number along
+ with the modified specification when updating these objects.
+
+ This approach ensures safe concurrency and determinism in that the change
+ on the object may not be applied if the version number has changed from the
+ last read. In other words, if two update requests specify the same base
+ version, only one of the requests can succeed. As a result, two separate
+ update requests that happen at the same time will not unintentionally
+ overwrite each other.
+ type: "object"
+ properties:
+ Index:
+ type: "integer"
+ format: "uint64"
+ example: 373531
+
+ NodeSpec:
+ type: "object"
+ properties:
+ Name:
+ description: "Name for the node."
+ type: "string"
+ example: "my-node"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ Role:
+ description: "Role of the node."
+ type: "string"
+ enum:
+ - "worker"
+ - "manager"
+ example: "manager"
+ Availability:
+ description: "Availability of the node."
+ type: "string"
+ enum:
+ - "active"
+ - "pause"
+ - "drain"
+ example: "active"
+ example:
+ Availability: "active"
+ Name: "node-name"
+ Role: "manager"
+ Labels:
+ foo: "bar"
+
+ Node:
+ type: "object"
+ properties:
+ ID:
+ type: "string"
+ example: "24ifsmvkjbyhk"
+ Version:
+ $ref: "#/definitions/ObjectVersion"
+ CreatedAt:
+ description: |
+ Date and time at which the node was added to the swarm in
+ [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+ type: "string"
+ format: "dateTime"
+ example: "2016-08-18T10:44:24.496525531Z"
+ UpdatedAt:
+ description: |
+ Date and time at which the node was last updated in
+ [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+ type: "string"
+ format: "dateTime"
+ example: "2017-08-09T07:09:37.632105588Z"
+ Spec:
+ $ref: "#/definitions/NodeSpec"
+ Description:
+ $ref: "#/definitions/NodeDescription"
+ Status:
+ $ref: "#/definitions/NodeStatus"
+ ManagerStatus:
+ $ref: "#/definitions/ManagerStatus"
+
+ NodeDescription:
+ description: |
+ NodeDescription encapsulates the properties of the Node as reported by the
+ agent.
+ type: "object"
+ properties:
+ Hostname:
+ type: "string"
+ example: "bf3067039e47"
+ Platform:
+ $ref: "#/definitions/Platform"
+ Resources:
+ $ref: "#/definitions/ResourceObject"
+ Engine:
+ $ref: "#/definitions/EngineDescription"
+ TLSInfo:
+ $ref: "#/definitions/TLSInfo"
+
+ Platform:
+ description: |
+ Platform represents the platform (Arch/OS).
+ type: "object"
+ properties:
+ Architecture:
+ description: |
+ Architecture represents the hardware architecture (for example,
+ `x86_64`).
+ type: "string"
+ example: "x86_64"
+ OS:
+ description: |
+ OS represents the Operating System (for example, `linux` or `windows`).
+ type: "string"
+ example: "linux"
+
+ EngineDescription:
+ description: "EngineDescription provides information about an engine."
+ type: "object"
+ properties:
+ EngineVersion:
+ type: "string"
+ example: "17.06.0"
+ Labels:
+ type: "object"
+ additionalProperties:
+ type: "string"
+ example:
+ foo: "bar"
+ Plugins:
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ Type:
+ type: "string"
+ Name:
+ type: "string"
+ example:
+ - Type: "Log"
+ Name: "awslogs"
+ - Type: "Log"
+ Name: "fluentd"
+ - Type: "Log"
+ Name: "gcplogs"
+ - Type: "Log"
+ Name: "gelf"
+ - Type: "Log"
+ Name: "journald"
+ - Type: "Log"
+ Name: "json-file"
+ - Type: "Log"
+ Name: "splunk"
+ - Type: "Log"
+ Name: "syslog"
+ - Type: "Network"
+ Name: "bridge"
+ - Type: "Network"
+ Name: "host"
+ - Type: "Network"
+ Name: "ipvlan"
+ - Type: "Network"
+ Name: "macvlan"
+ - Type: "Network"
+ Name: "null"
+ - Type: "Network"
+ Name: "overlay"
+ - Type: "Volume"
+ Name: "local"
+ - Type: "Volume"
+ Name: "localhost:5000/vieux/sshfs:latest"
+ - Type: "Volume"
+ Name: "vieux/sshfs:latest"
+
+ TLSInfo:
+ description: |
+ Information about the issuer of leaf TLS certificates and the trusted root
+ CA certificate.
+ type: "object"
+ properties:
+ TrustRoot:
+ description: |
+ The root CA certificate(s) that are used to validate leaf TLS
+ certificates.
+ type: "string"
+ CertIssuerSubject:
+ description:
+ The base64-url-safe-encoded raw subject bytes of the issuer.
+ type: "string"
+ CertIssuerPublicKey:
+ description: |
+ The base64-url-safe-encoded raw public key bytes of the issuer.
+ type: "string"
+ example:
+ TrustRoot: |
+ -----BEGIN CERTIFICATE-----
+ MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
+ EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
+ MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+ A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
+ 3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+ Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
+ PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
+ pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
+ -----END CERTIFICATE-----
+ CertIssuerSubject: "MBMxETAPBgNVBAMTCHN3YXJtLWNh"
+ CertIssuerPublicKey: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A=="
+
+ NodeStatus:
+ description: |
+ NodeStatus represents the status of a node.
+
+ It provides the current status of the node, as seen by the manager.
+ type: "object"
+ properties:
+ State:
+ $ref: "#/definitions/NodeState"
+ Message:
+ type: "string"
+ example: ""
+ Addr:
+ description: "IP address of the node."
+ type: "string"
+ example: "172.17.0.2"
+
+ NodeState:
+ description: "NodeState represents the state of a node."
+ type: "string"
+ enum:
+ - "unknown"
+ - "down"
+ - "ready"
+ - "disconnected"
+ example: "ready"
+
+ ManagerStatus:
+ description: |
+ ManagerStatus represents the status of a manager.
+
+ It provides the current status of a node's manager component, if the node
+ is a manager.
+ x-nullable: true
+ type: "object"
+ properties:
+ Leader:
+ type: "boolean"
+ default: false
+ example: true
+ Reachability:
+ $ref: "#/definitions/Reachability"
+ Addr:
+ description: |
+ The IP address and port at which the manager is reachable.
+ type: "string"
+ example: "10.0.0.46:2377"
+
+ Reachability:
+ description: "Reachability represents the reachability of a node."
+ type: "string"
+ enum:
+ - "unknown"
+ - "unreachable"
+ - "reachable"
+ example: "reachable"
+
+ SwarmSpec:
+ description: "User modifiable swarm configuration."
+ type: "object"
+ properties:
+ Name:
+ description: "Name of the swarm."
+ type: "string"
+ example: "default"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ example:
+ com.example.corp.type: "production"
+ com.example.corp.department: "engineering"
+ Orchestration:
+ description: "Orchestration configuration."
+ type: "object"
+ x-nullable: true
+ properties:
+ TaskHistoryRetentionLimit:
+ description: |
+ The number of historic tasks to keep per instance or node. If
+ negative, never remove completed or failed tasks.
+ type: "integer"
+ format: "int64"
+ example: 10
+ Raft:
+ description: "Raft configuration."
+ type: "object"
+ properties:
+ SnapshotInterval:
+ description: "The number of log entries between snapshots."
+ type: "integer"
+ format: "uint64"
+ example: 10000
+ KeepOldSnapshots:
+ description: |
+ The number of snapshots to keep beyond the current snapshot.
+ type: "integer"
+ format: "uint64"
+ LogEntriesForSlowFollowers:
+ description: |
+ The number of log entries to keep around to sync up slow followers
+ after a snapshot is created.
+ type: "integer"
+ format: "uint64"
+ example: 500
+ ElectionTick:
+ description: |
+ The number of ticks that a follower will wait for a message from
+ the leader before becoming a candidate and starting an election.
+ `ElectionTick` must be greater than `HeartbeatTick`.
+
+ A tick currently defaults to one second, so these translate
+ directly to seconds currently, but this is NOT guaranteed.
+ type: "integer"
+ example: 3
+ HeartbeatTick:
+ description: |
+ The number of ticks between heartbeats. Every HeartbeatTick ticks,
+ the leader will send a heartbeat to the followers.
+
+ A tick currently defaults to one second, so these translate
+ directly to seconds currently, but this is NOT guaranteed.
+ type: "integer"
+ example: 1
+ Dispatcher:
+ description: "Dispatcher configuration."
+ type: "object"
+ x-nullable: true
+ properties:
+ HeartbeatPeriod:
+ description: |
+ The delay for an agent to send a heartbeat to the dispatcher.
+ type: "integer"
+ format: "int64"
+ example: 5000000000
+ CAConfig:
+ description: "CA configuration."
+ type: "object"
+ x-nullable: true
+ properties:
+ NodeCertExpiry:
+ description: "The duration node certificates are issued for."
+ type: "integer"
+ format: "int64"
+ example: 7776000000000000
+ ExternalCAs:
+ description: |
+ Configuration for forwarding signing requests to an external
+ certificate authority.
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ Protocol:
+ description: |
+ Protocol for communication with the external CA (currently
+ only `cfssl` is supported).
+ type: "string"
+ enum:
+ - "cfssl"
+ default: "cfssl"
+ URL:
+ description: |
+ URL where certificate signing requests should be sent.
+ type: "string"
+ Options:
+ description: |
+ An object with key/value pairs that are interpreted as
+ protocol-specific options for the external CA driver.
+ type: "object"
+ additionalProperties:
+ type: "string"
+ CACert:
+ description: |
+ The root CA certificate (in PEM format) this external CA uses
+ to issue TLS certificates (assumed to be to the current swarm
+ root CA certificate if not provided).
+ type: "string"
+ SigningCACert:
+ description: |
+ The desired signing CA certificate for all swarm node TLS leaf
+ certificates, in PEM format.
+ type: "string"
+ SigningCAKey:
+ description: |
+ The desired signing CA key for all swarm node TLS leaf certificates,
+ in PEM format.
+ type: "string"
+ ForceRotate:
+ description: |
+ An integer whose purpose is to force swarm to generate a new
+ signing CA certificate and key, if none have been specified in
+ `SigningCACert` and `SigningCAKey`
+ format: "uint64"
+ type: "integer"
+ EncryptionConfig:
+ description: "Parameters related to encryption-at-rest."
+ type: "object"
+ properties:
+ AutoLockManagers:
+ description: |
+ If set, generate a key and use it to lock data stored on the
+ managers.
+ type: "boolean"
+ example: false
+ TaskDefaults:
+ description: "Defaults for creating tasks in this cluster."
+ type: "object"
+ properties:
+ LogDriver:
+ description: |
+ The log driver to use for tasks created in the orchestrator if
+ unspecified by a service.
+
+ Updating this value only affects new tasks. Existing tasks continue
+ to use their previously configured log driver until recreated.
+ type: "object"
+ properties:
+ Name:
+ description: |
+ The log driver to use as a default for new tasks.
+ type: "string"
+ example: "json-file"
+ Options:
+ description: |
+ Driver-specific options for the selected log driver, specified
+ as key/value pairs.
+ type: "object"
+ additionalProperties:
+ type: "string"
+ example:
+ "max-file": "10"
+ "max-size": "100m"
+
+ # The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
+ # without `JoinTokens`.
+ ClusterInfo:
+ description: |
+ ClusterInfo represents information about the swarm as is returned by the
+ "/info" endpoint. Join-tokens are not included.
+ x-nullable: true
+ type: "object"
+ properties:
+ ID:
+ description: "The ID of the swarm."
+ type: "string"
+ example: "abajmipo7b4xz5ip2nrla6b11"
+ Version:
+ $ref: "#/definitions/ObjectVersion"
+ CreatedAt:
+ description: |
+ Date and time at which the swarm was initialised in
+ [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+ type: "string"
+ format: "dateTime"
+ example: "2016-08-18T10:44:24.496525531Z"
+ UpdatedAt:
+ description: |
+ Date and time at which the swarm was last updated in
+ [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+ type: "string"
+ format: "dateTime"
+ example: "2017-08-09T07:09:37.632105588Z"
+ Spec:
+ $ref: "#/definitions/SwarmSpec"
+ TLSInfo:
+ $ref: "#/definitions/TLSInfo"
+ RootRotationInProgress:
+ description: |
+ Whether there is currently a root CA rotation in progress for the swarm
+ type: "boolean"
+ example: false
+ DataPathPort:
+ description: |
+ DataPathPort specifies the data path port number for data traffic.
+ Acceptable port range is 1024 to 49151.
+ If no port is set or is set to 0, the default port (4789) is used.
+ type: "integer"
+ format: "uint32"
+ default: 4789
+ example: 4789
+ DefaultAddrPool:
+ description: |
+ Default Address Pool specifies default subnet pools for global scope
+ networks.
+ type: "array"
+ items:
+ type: "string"
+ format: "CIDR"
+ example: ["10.10.0.0/16", "20.20.0.0/16"]
+ SubnetSize:
+ description: |
+ SubnetSize specifies the subnet size of the networks created from the
+ default subnet pool.
+ type: "integer"
+ format: "uint32"
+ maximum: 29
+ default: 24
+ example: 24
+
+ JoinTokens:
+ description: |
+ JoinTokens contains the tokens workers and managers need to join the swarm.
+ type: "object"
+ properties:
+ Worker:
+ description: |
+ The token workers can use to join the swarm.
+ type: "string"
+ example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx"
+ Manager:
+ description: |
+ The token managers can use to join the swarm.
+ type: "string"
+ example: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+
+ Swarm:
+ type: "object"
+ allOf:
+ - $ref: "#/definitions/ClusterInfo"
+ - type: "object"
+ properties:
+ JoinTokens:
+ $ref: "#/definitions/JoinTokens"
+
+ TaskSpec:
+ description: "User modifiable task configuration."
+ type: "object"
+ properties:
+ PluginSpec:
+ type: "object"
+ description: |
+ Plugin spec for the service. *(Experimental release only.)*
+
+
+
+ > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+ > mutually exclusive. PluginSpec is only used when the Runtime field
+ > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+ > field is set to `attachment`.
+ properties:
+ Name:
+ description: "The name or 'alias' to use for the plugin."
+ type: "string"
+ Remote:
+ description: "The plugin image reference to use."
+ type: "string"
+ Disabled:
+ description: "Disable the plugin once scheduled."
+ type: "boolean"
+ PluginPrivilege:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginPrivilege"
+ ContainerSpec:
+ type: "object"
+ description: |
+ Container spec for the service.
+
+
+
+ > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+ > mutually exclusive. PluginSpec is only used when the Runtime field
+ > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+ > field is set to `attachment`.
+ properties:
+ Image:
+ description: "The image name to use for the container"
+ type: "string"
+ Labels:
+ description: "User-defined key/value data."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ Command:
+ description: "The command to be run in the image."
+ type: "array"
+ items:
+ type: "string"
+ Args:
+ description: "Arguments to the command."
+ type: "array"
+ items:
+ type: "string"
+ Hostname:
+ description: |
+ The hostname to use for the container, as a valid
+ [RFC 1123](https://tools.ietf.org/html/rfc1123) hostname.
+ type: "string"
+ Env:
+ description: |
+ A list of environment variables in the form `VAR=value`.
+ type: "array"
+ items:
+ type: "string"
+ Dir:
+ description: "The working directory for commands to run in."
+ type: "string"
+ User:
+ description: "The user inside the container."
+ type: "string"
+ Groups:
+ type: "array"
+ description: |
+ A list of additional groups that the container process will run as.
+ items:
+ type: "string"
+ Privileges:
+ type: "object"
+ description: "Security options for the container"
+ properties:
+ CredentialSpec:
+ type: "object"
+ description: "CredentialSpec for managed service account (Windows only)"
+ properties:
+ Config:
+ type: "string"
+ example: "0bt9dmxjvjiqermk6xrop3ekq"
+ description: |
+ Load credential spec from a Swarm Config with the given ID.
+ The specified config must also be present in the Configs
+ field with the Runtime property set.
+
+
+
+
+ > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
+ > and `CredentialSpec.Config` are mutually exclusive.
+ File:
+ type: "string"
+ example: "spec.json"
+ description: |
+ Load credential spec from this file. The file is read by
+ the daemon, and must be present in the `CredentialSpecs`
+ subdirectory in the docker data directory, which defaults
+ to `C:\ProgramData\Docker\` on Windows.
+
+ For example, specifying `spec.json` loads
+ `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
+
+
+
+ > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
+ > and `CredentialSpec.Config` are mutually exclusive.
+ Registry:
+ type: "string"
+ description: |
+ Load credential spec from this value in the Windows
+ registry. The specified registry value must be located in:
+
+ `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
+
+
+
+
+ > **Note**: `CredentialSpec.File`, `CredentialSpec.Registry`,
+ > and `CredentialSpec.Config` are mutually exclusive.
+ SELinuxContext:
+ type: "object"
+ description: "SELinux labels of the container"
+ properties:
+ Disable:
+ type: "boolean"
+ description: "Disable SELinux"
+ User:
+ type: "string"
+ description: "SELinux user label"
+ Role:
+ type: "string"
+ description: "SELinux role label"
+ Type:
+ type: "string"
+ description: "SELinux type label"
+ Level:
+ type: "string"
+ description: "SELinux level label"
+ Seccomp:
+ type: "object"
+ description: "Options for configuring seccomp on the container"
+ properties:
+ Mode:
+ type: "string"
+ enum:
+ - "default"
+ - "unconfined"
+ - "custom"
+ Profile:
+ description: "The custom seccomp profile as a json object"
+ type: "string"
+ AppArmor:
+ type: "object"
+ description: "Options for configuring AppArmor on the container"
+ properties:
+ Mode:
+ type: "string"
+ enum:
+ - "default"
+ - "disabled"
+ NoNewPrivileges:
+ type: "boolean"
+ description: "Configuration of the no_new_privs bit in the container"
+
+ TTY:
+ description: "Whether a pseudo-TTY should be allocated."
+ type: "boolean"
+ OpenStdin:
+ description: "Open `stdin`"
+ type: "boolean"
+ ReadOnly:
+ description: "Mount the container's root filesystem as read only."
+ type: "boolean"
+ Mounts:
+ description: |
+ Specification for mounts to be added to containers created as part
+ of the service.
+ type: "array"
+ items:
+ $ref: "#/definitions/Mount"
+ StopSignal:
+ description: "Signal to stop the container."
+ type: "string"
+ StopGracePeriod:
+ description: |
+ Amount of time to wait for the container to terminate before
+ forcefully killing it.
+ type: "integer"
+ format: "int64"
+ HealthCheck:
+ $ref: "#/definitions/HealthConfig"
+ Hosts:
+ type: "array"
+ description: |
+ A list of hostname/IP mappings to add to the container's `hosts`
+ file. The format of extra hosts is specified in the
+ [hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
+ man page:
+
+ IP_address canonical_hostname [aliases...]
+ items:
+ type: "string"
+ DNSConfig:
+ description: |
+ Specification for DNS related configurations in resolver configuration
+ file (`resolv.conf`).
+ type: "object"
+ properties:
+ Nameservers:
+ description: "The IP addresses of the name servers."
+ type: "array"
+ items:
+ type: "string"
+ Search:
+ description: "A search list for host-name lookup."
+ type: "array"
+ items:
+ type: "string"
+ Options:
+ description: |
+ A list of internal resolver variables to be modified (e.g.,
+ `debug`, `ndots:3`, etc.).
+ type: "array"
+ items:
+ type: "string"
+ Secrets:
+ description: |
+ Secrets contains references to zero or more secrets that will be
+ exposed to the service.
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ File:
+ description: |
+ File represents a specific target that is backed by a file.
+ type: "object"
+ properties:
+ Name:
+ description: |
+ Name represents the final filename in the filesystem.
+ type: "string"
+ UID:
+ description: "UID represents the file UID."
+ type: "string"
+ GID:
+ description: "GID represents the file GID."
+ type: "string"
+ Mode:
+ description: "Mode represents the FileMode of the file."
+ type: "integer"
+ format: "uint32"
+ SecretID:
+ description: |
+ SecretID represents the ID of the specific secret that we're
+ referencing.
+ type: "string"
+ SecretName:
+ description: |
+ SecretName is the name of the secret that this references,
+ but this is just provided for lookup/display purposes. The
+ secret in the reference will be identified by its ID.
+ type: "string"
+ OomScoreAdj:
+ type: "integer"
+ format: "int64"
+ description: |
+ An integer value containing the score given to the container in
+ order to tune OOM killer preferences.
+ example: 0
+ Configs:
+ description: |
+ Configs contains references to zero or more configs that will be
+ exposed to the service.
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ File:
+ description: |
+ File represents a specific target that is backed by a file.
+
+
+
+ > **Note**: `Configs.File` and `Configs.Runtime` are mutually exclusive
+ type: "object"
+ properties:
+ Name:
+ description: |
+ Name represents the final filename in the filesystem.
+ type: "string"
+ UID:
+ description: "UID represents the file UID."
+ type: "string"
+ GID:
+ description: "GID represents the file GID."
+ type: "string"
+ Mode:
+ description: "Mode represents the FileMode of the file."
+ type: "integer"
+ format: "uint32"
+ Runtime:
+ description: |
+ Runtime represents a target that is not mounted into the
+ container but is used by the task
+
+
+
+ > **Note**: `Configs.File` and `Configs.Runtime` are mutually
+ > exclusive
+ type: "object"
+ ConfigID:
+ description: |
+ ConfigID represents the ID of the specific config that we're
+ referencing.
+ type: "string"
+ ConfigName:
+ description: |
+ ConfigName is the name of the config that this references,
+ but this is just provided for lookup/display purposes. The
+ config in the reference will be identified by its ID.
+ type: "string"
+ Isolation:
+ type: "string"
+ description: |
+ Isolation technology of the containers running the service.
+ (Windows only)
+ enum:
+ - "default"
+ - "process"
+ - "hyperv"
+ - ""
+ Init:
+ description: |
+ Run an init inside the container that forwards signals and reaps
+ processes. This field is omitted if empty, and the default (as
+ configured on the daemon) is used.
+ type: "boolean"
+ x-nullable: true
+ Sysctls:
+ description: |
+ Set kernel namedspaced parameters (sysctls) in the container.
+ The Sysctls option on services accepts the same sysctls as the
+ are supported on containers. Note that while the same sysctls are
+ supported, no guarantees or checks are made about their
+ suitability for a clustered environment, and it's up to the user
+ to determine whether a given sysctl will work properly in a
+ Service.
+ type: "object"
+ additionalProperties:
+ type: "string"
+ # This option is not used by Windows containers
+ CapabilityAdd:
+ type: "array"
+ description: |
+ A list of kernel capabilities to add to the default set
+ for the container.
+ items:
+ type: "string"
+ example:
+ - "CAP_NET_RAW"
+ - "CAP_SYS_ADMIN"
+ - "CAP_SYS_CHROOT"
+ - "CAP_SYSLOG"
+ CapabilityDrop:
+ type: "array"
+ description: |
+ A list of kernel capabilities to drop from the default set
+ for the container.
+ items:
+ type: "string"
+ example:
+ - "CAP_NET_RAW"
+ Ulimits:
+ description: |
+ A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ Name:
+ description: "Name of ulimit"
+ type: "string"
+ Soft:
+ description: "Soft limit"
+ type: "integer"
+ Hard:
+ description: "Hard limit"
+ type: "integer"
+ NetworkAttachmentSpec:
+ description: |
+ Read-only spec type for non-swarm containers attached to swarm overlay
+ networks.
+
+
+
+ > **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
+ > mutually exclusive. PluginSpec is only used when the Runtime field
+ > is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
+ > field is set to `attachment`.
+ type: "object"
+ properties:
+ ContainerID:
+ description: "ID of the container represented by this task"
+ type: "string"
+ Resources:
+ description: |
+ Resource requirements which apply to each individual container created
+ as part of the service.
+ type: "object"
+ properties:
+ Limits:
+ description: "Define resources limits."
+ $ref: "#/definitions/Limit"
+ Reservations:
+ description: "Define resources reservation."
+ $ref: "#/definitions/ResourceObject"
+ RestartPolicy:
+ description: |
+ Specification for the restart policy which applies to containers
+ created as part of this service.
+ type: "object"
+ properties:
+ Condition:
+ description: "Condition for restart."
+ type: "string"
+ enum:
+ - "none"
+ - "on-failure"
+ - "any"
+ Delay:
+ description: "Delay between restart attempts."
+ type: "integer"
+ format: "int64"
+ MaxAttempts:
+ description: |
+ Maximum attempts to restart a given container before giving up
+ (default value is 0, which is ignored).
+ type: "integer"
+ format: "int64"
+ default: 0
+ Window:
+ description: |
+ Windows is the time window used to evaluate the restart policy
+ (default value is 0, which is unbounded).
+ type: "integer"
+ format: "int64"
+ default: 0
+ Placement:
+ type: "object"
+ properties:
+ Constraints:
+ description: |
+ An array of constraint expressions to limit the set of nodes where
+ a task can be scheduled. Constraint expressions can either use a
+ _match_ (`==`) or _exclude_ (`!=`) rule. Multiple constraints find
+ nodes that satisfy every expression (AND match). Constraints can
+ match node or Docker Engine labels as follows:
+
+ node attribute | matches | example
+ ---------------------|--------------------------------|-----------------------------------------------
+ `node.id` | Node ID | `node.id==2ivku8v2gvtg4`
+ `node.hostname` | Node hostname | `node.hostname!=node-2`
+ `node.role` | Node role (`manager`/`worker`) | `node.role==manager`
+ `node.platform.os` | Node operating system | `node.platform.os==windows`
+ `node.platform.arch` | Node architecture | `node.platform.arch==x86_64`
+ `node.labels` | User-defined node labels | `node.labels.security==high`
+ `engine.labels` | Docker Engine's labels | `engine.labels.operatingsystem==ubuntu-24.04`
+
+ `engine.labels` apply to Docker Engine labels like operating system,
+ drivers, etc. Swarm administrators add `node.labels` for operational
+ purposes by using the [`node update endpoint`](#operation/NodeUpdate).
+
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "node.hostname!=node3.corp.example.com"
+ - "node.role!=manager"
+ - "node.labels.type==production"
+ - "node.platform.os==linux"
+ - "node.platform.arch==x86_64"
+ Preferences:
+ description: |
+ Preferences provide a way to make the scheduler aware of factors
+ such as topology. They are provided in order from highest to
+ lowest precedence.
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ Spread:
+ type: "object"
+ properties:
+ SpreadDescriptor:
+ description: |
+ label descriptor, such as `engine.labels.az`.
+ type: "string"
+ example:
+ - Spread:
+ SpreadDescriptor: "node.labels.datacenter"
+ - Spread:
+ SpreadDescriptor: "node.labels.rack"
+ MaxReplicas:
+ description: |
+ Maximum number of replicas for per node (default value is 0, which
+ is unlimited)
+ type: "integer"
+ format: "int64"
+ default: 0
+ Platforms:
+ description: |
+ Platforms stores all the platforms that the service's image can
+ run on. This field is used in the platform filter for scheduling.
+ If empty, then the platform filter is off, meaning there are no
+ scheduling restrictions.
+ type: "array"
+ items:
+ $ref: "#/definitions/Platform"
+ ForceUpdate:
+ description: |
+ A counter that triggers an update even if no relevant parameters have
+ been changed.
+ type: "integer"
+ Runtime:
+ description: |
+ Runtime is the type of runtime specified for the task executor.
+ type: "string"
+ Networks:
+ description: "Specifies which networks the service should attach to."
+ type: "array"
+ items:
+ $ref: "#/definitions/NetworkAttachmentConfig"
+ LogDriver:
+ description: |
+ Specifies the log driver to use for tasks created from this spec. If
+ not present, the default one for the swarm will be used, finally
+ falling back to the engine default if not specified.
+ type: "object"
+ properties:
+ Name:
+ type: "string"
+ Options:
+ type: "object"
+ additionalProperties:
+ type: "string"
+
+ TaskState:
+ type: "string"
+ enum:
+ - "new"
+ - "allocated"
+ - "pending"
+ - "assigned"
+ - "accepted"
+ - "preparing"
+ - "ready"
+ - "starting"
+ - "running"
+ - "complete"
+ - "shutdown"
+ - "failed"
+ - "rejected"
+ - "remove"
+ - "orphaned"
+
+ ContainerStatus:
+ type: "object"
+ description: "represents the status of a container."
+ properties:
+ ContainerID:
+ type: "string"
+ PID:
+ type: "integer"
+ ExitCode:
+ type: "integer"
+
+ PortStatus:
+ type: "object"
+ description: "represents the port status of a task's host ports whose service has published host ports"
+ properties:
+ Ports:
+ type: "array"
+ items:
+ $ref: "#/definitions/EndpointPortConfig"
+
+ TaskStatus:
+ type: "object"
+ description: "represents the status of a task."
+ properties:
+ Timestamp:
+ type: "string"
+ format: "dateTime"
+ State:
+ $ref: "#/definitions/TaskState"
+ Message:
+ type: "string"
+ Err:
+ type: "string"
+ ContainerStatus:
+ $ref: "#/definitions/ContainerStatus"
+ PortStatus:
+ $ref: "#/definitions/PortStatus"
+
+ Task:
+ type: "object"
+ properties:
+ ID:
+ description: "The ID of the task."
+ type: "string"
+ Version:
+ $ref: "#/definitions/ObjectVersion"
+ CreatedAt:
+ type: "string"
+ format: "dateTime"
+ UpdatedAt:
+ type: "string"
+ format: "dateTime"
+ Name:
+ description: "Name of the task."
+ type: "string"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ Spec:
+ $ref: "#/definitions/TaskSpec"
+ ServiceID:
+ description: "The ID of the service this task is part of."
+ type: "string"
+ Slot:
+ type: "integer"
+ NodeID:
+ description: "The ID of the node that this task is on."
+ type: "string"
+ AssignedGenericResources:
+ $ref: "#/definitions/GenericResources"
+ Status:
+ $ref: "#/definitions/TaskStatus"
+ DesiredState:
+ $ref: "#/definitions/TaskState"
+ JobIteration:
+ description: |
+ If the Service this Task belongs to is a job-mode service, contains
+ the JobIteration of the Service this Task was created for. Absent if
+ the Task was created for a Replicated or Global Service.
+ $ref: "#/definitions/ObjectVersion"
+ example:
+ ID: "0kzzo1i0y4jz6027t0k7aezc7"
+ Version:
+ Index: 71
+ CreatedAt: "2016-06-07T21:07:31.171892745Z"
+ UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+ Spec:
+ ContainerSpec:
+ Image: "redis"
+ Resources:
+ Limits: {}
+ Reservations: {}
+ RestartPolicy:
+ Condition: "any"
+ MaxAttempts: 0
+ Placement: {}
+ ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+ Slot: 1
+ NodeID: "60gvrl6tm78dmak4yl7srz94v"
+ Status:
+ Timestamp: "2016-06-07T21:07:31.290032978Z"
+ State: "running"
+ Message: "started"
+ ContainerStatus:
+ ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+ PID: 677
+ DesiredState: "running"
+ NetworksAttachments:
+ - Network:
+ ID: "4qvuz4ko70xaltuqbt8956gd1"
+ Version:
+ Index: 18
+ CreatedAt: "2016-06-07T20:31:11.912919752Z"
+ UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+ Spec:
+ Name: "ingress"
+ Labels:
+ com.docker.swarm.internal: "true"
+ DriverConfiguration: {}
+ IPAMOptions:
+ Driver: {}
+ Configs:
+ - Subnet: "10.255.0.0/16"
+ Gateway: "10.255.0.1"
+ DriverState:
+ Name: "overlay"
+ Options:
+ com.docker.network.driver.overlay.vxlanid_list: "256"
+ IPAMOptions:
+ Driver:
+ Name: "default"
+ Configs:
+ - Subnet: "10.255.0.0/16"
+ Gateway: "10.255.0.1"
+ Addresses:
+ - "10.255.0.10/16"
+ AssignedGenericResources:
+ - DiscreteResourceSpec:
+ Kind: "SSD"
+ Value: 3
+ - NamedResourceSpec:
+ Kind: "GPU"
+ Value: "UUID1"
+ - NamedResourceSpec:
+ Kind: "GPU"
+ Value: "UUID2"
+
+ ServiceSpec:
+ description: "User modifiable configuration for a service."
+ type: object
+ properties:
+ Name:
+ description: "Name of the service."
+ type: "string"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ TaskTemplate:
+ $ref: "#/definitions/TaskSpec"
+ Mode:
+ description: "Scheduling mode for the service."
+ type: "object"
+ properties:
+ Replicated:
+ type: "object"
+ properties:
+ Replicas:
+ type: "integer"
+ format: "int64"
+ Global:
+ type: "object"
+ ReplicatedJob:
+ description: |
+ The mode used for services with a finite number of tasks that run
+ to a completed state.
+ type: "object"
+ properties:
+ MaxConcurrent:
+ description: |
+ The maximum number of replicas to run simultaneously.
+ type: "integer"
+ format: "int64"
+ default: 1
+ TotalCompletions:
+ description: |
+ The total number of replicas desired to reach the Completed
+ state. If unset, will default to the value of `MaxConcurrent`
+ type: "integer"
+ format: "int64"
+ GlobalJob:
+ description: |
+ The mode used for services which run a task to the completed state
+ on each valid node.
+ type: "object"
+ UpdateConfig:
+ description: "Specification for the update strategy of the service."
+ type: "object"
+ properties:
+ Parallelism:
+ description: |
+ Maximum number of tasks to be updated in one iteration (0 means
+ unlimited parallelism).
+ type: "integer"
+ format: "int64"
+ Delay:
+ description: "Amount of time between updates, in nanoseconds."
+ type: "integer"
+ format: "int64"
+ FailureAction:
+ description: |
+ Action to take if an updated task fails to run, or stops running
+ during the update.
+ type: "string"
+ enum:
+ - "continue"
+ - "pause"
+ - "rollback"
+ Monitor:
+ description: |
+ Amount of time to monitor each updated task for failures, in
+ nanoseconds.
+ type: "integer"
+ format: "int64"
+ MaxFailureRatio:
+ description: |
+ The fraction of tasks that may fail during an update before the
+ failure action is invoked, specified as a floating point number
+ between 0 and 1.
+ type: "number"
+ default: 0
+ Order:
+ description: |
+ The order of operations when rolling out an updated task. Either
+ the old task is shut down before the new task is started, or the
+ new task is started before the old task is shut down.
+ type: "string"
+ enum:
+ - "stop-first"
+ - "start-first"
+ RollbackConfig:
+ description: "Specification for the rollback strategy of the service."
+ type: "object"
+ properties:
+ Parallelism:
+ description: |
+ Maximum number of tasks to be rolled back in one iteration (0 means
+ unlimited parallelism).
+ type: "integer"
+ format: "int64"
+ Delay:
+ description: |
+ Amount of time between rollback iterations, in nanoseconds.
+ type: "integer"
+ format: "int64"
+ FailureAction:
+ description: |
+ Action to take if an rolled back task fails to run, or stops
+ running during the rollback.
+ type: "string"
+ enum:
+ - "continue"
+ - "pause"
+ Monitor:
+ description: |
+ Amount of time to monitor each rolled back task for failures, in
+ nanoseconds.
+ type: "integer"
+ format: "int64"
+ MaxFailureRatio:
+ description: |
+ The fraction of tasks that may fail during a rollback before the
+ failure action is invoked, specified as a floating point number
+ between 0 and 1.
+ type: "number"
+ default: 0
+ Order:
+ description: |
+ The order of operations when rolling back a task. Either the old
+ task is shut down before the new task is started, or the new task
+ is started before the old task is shut down.
+ type: "string"
+ enum:
+ - "stop-first"
+ - "start-first"
+ Networks:
+ description: |
+ Specifies which networks the service should attach to.
+
+ Deprecated: This field is deprecated since v1.44. The Networks field in TaskSpec should be used instead.
+ type: "array"
+ items:
+ $ref: "#/definitions/NetworkAttachmentConfig"
+
+ EndpointSpec:
+ $ref: "#/definitions/EndpointSpec"
+
+ EndpointPortConfig:
+ type: "object"
+ properties:
+ Name:
+ type: "string"
+ Protocol:
+ type: "string"
+ enum:
+ - "tcp"
+ - "udp"
+ - "sctp"
+ TargetPort:
+ description: "The port inside the container."
+ type: "integer"
+ PublishedPort:
+ description: "The port on the swarm hosts."
+ type: "integer"
+ PublishMode:
+ description: |
+ The mode in which port is published.
+
+
+
+ - "ingress" makes the target port accessible on every node,
+ regardless of whether there is a task for the service running on
+ that node or not.
+ - "host" bypasses the routing mesh and publish the port directly on
+ the swarm node where that service is running.
+
+ type: "string"
+ enum:
+ - "ingress"
+ - "host"
+ default: "ingress"
+ example: "ingress"
+
+ EndpointSpec:
+ description: "Properties that can be configured to access and load balance a service."
+ type: "object"
+ properties:
+ Mode:
+ description: |
+ The mode of resolution to use for internal load balancing between tasks.
+ type: "string"
+ enum:
+ - "vip"
+ - "dnsrr"
+ default: "vip"
+ Ports:
+ description: |
+ List of exposed ports that this service is accessible on from the
+ outside. Ports can only be provided if `vip` resolution mode is used.
+ type: "array"
+ items:
+ $ref: "#/definitions/EndpointPortConfig"
+
+ Service:
+ type: "object"
+ properties:
+ ID:
+ type: "string"
+ Version:
+ $ref: "#/definitions/ObjectVersion"
+ CreatedAt:
+ type: "string"
+ format: "dateTime"
+ UpdatedAt:
+ type: "string"
+ format: "dateTime"
+ Spec:
+ $ref: "#/definitions/ServiceSpec"
+ Endpoint:
+ type: "object"
+ properties:
+ Spec:
+ $ref: "#/definitions/EndpointSpec"
+ Ports:
+ type: "array"
+ items:
+ $ref: "#/definitions/EndpointPortConfig"
+ VirtualIPs:
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ NetworkID:
+ type: "string"
+ Addr:
+ type: "string"
+ UpdateStatus:
+ description: "The status of a service update."
+ type: "object"
+ properties:
+ State:
+ type: "string"
+ enum:
+ - "updating"
+ - "paused"
+ - "completed"
+ StartedAt:
+ type: "string"
+ format: "dateTime"
+ CompletedAt:
+ type: "string"
+ format: "dateTime"
+ Message:
+ type: "string"
+ ServiceStatus:
+ description: |
+ The status of the service's tasks. Provided only when requested as
+ part of a ServiceList operation.
+ type: "object"
+ properties:
+ RunningTasks:
+ description: |
+ The number of tasks for the service currently in the Running state.
+ type: "integer"
+ format: "uint64"
+ example: 7
+ DesiredTasks:
+ description: |
+ The number of tasks for the service desired to be running.
+ For replicated services, this is the replica count from the
+ service spec. For global services, this is computed by taking
+ count of all tasks for the service with a Desired State other
+ than Shutdown.
+ type: "integer"
+ format: "uint64"
+ example: 10
+ CompletedTasks:
+ description: |
+ The number of tasks for a job that are in the Completed state.
+ This field must be cross-referenced with the service type, as the
+ value of 0 may mean the service is not in a job mode, or it may
+ mean the job-mode service has no tasks yet Completed.
+ type: "integer"
+ format: "uint64"
+ JobStatus:
+ description: |
+ The status of the service when it is in one of ReplicatedJob or
+ GlobalJob modes. Absent on Replicated and Global mode services. The
+ JobIteration is an ObjectVersion, but unlike the Service's version,
+ does not need to be sent with an update request.
+ type: "object"
+ properties:
+ JobIteration:
+ description: |
+ JobIteration is a value increased each time a Job is executed,
+ successfully or otherwise. "Executed", in this case, means the
+ job as a whole has been started, not that an individual Task has
+ been launched. A job is "Executed" when its ServiceSpec is
+ updated. JobIteration can be used to disambiguate Tasks belonging
+ to different executions of a job. Though JobIteration will
+ increase with each subsequent execution, it may not necessarily
+ increase by 1, and so JobIteration should not be used to
+ $ref: "#/definitions/ObjectVersion"
+ LastExecution:
+ description: |
+ The last time, as observed by the server, that this job was
+ started.
+ type: "string"
+ format: "dateTime"
+ example:
+ ID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+ Version:
+ Index: 19
+ CreatedAt: "2016-06-07T21:05:51.880065305Z"
+ UpdatedAt: "2016-06-07T21:07:29.962229872Z"
+ Spec:
+ Name: "hopeful_cori"
+ TaskTemplate:
+ ContainerSpec:
+ Image: "redis"
+ Resources:
+ Limits: {}
+ Reservations: {}
+ RestartPolicy:
+ Condition: "any"
+ MaxAttempts: 0
+ Placement: {}
+ ForceUpdate: 0
+ Mode:
+ Replicated:
+ Replicas: 1
+ UpdateConfig:
+ Parallelism: 1
+ Delay: 1000000000
+ FailureAction: "pause"
+ Monitor: 15000000000
+ MaxFailureRatio: 0.15
+ RollbackConfig:
+ Parallelism: 1
+ Delay: 1000000000
+ FailureAction: "pause"
+ Monitor: 15000000000
+ MaxFailureRatio: 0.15
+ EndpointSpec:
+ Mode: "vip"
+ Ports:
+ -
+ Protocol: "tcp"
+ TargetPort: 6379
+ PublishedPort: 30001
+ Endpoint:
+ Spec:
+ Mode: "vip"
+ Ports:
+ -
+ Protocol: "tcp"
+ TargetPort: 6379
+ PublishedPort: 30001
+ Ports:
+ -
+ Protocol: "tcp"
+ TargetPort: 6379
+ PublishedPort: 30001
+ VirtualIPs:
+ -
+ NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+ Addr: "10.255.0.2/16"
+ -
+ NetworkID: "4qvuz4ko70xaltuqbt8956gd1"
+ Addr: "10.255.0.3/16"
+
+ ImageDeleteResponseItem:
+ type: "object"
+ x-go-name: "DeleteResponse"
+ properties:
+ Untagged:
+ description: "The image ID of an image that was untagged"
+ type: "string"
+ Deleted:
+ description: "The image ID of an image that was deleted"
+ type: "string"
+
+ ServiceCreateResponse:
+ type: "object"
+ description: |
+ contains the information returned to a client on the
+ creation of a new service.
+ properties:
+ ID:
+ description: "The ID of the created service."
+ type: "string"
+ x-nullable: false
+ example: "ak7w3gjqoa3kuz8xcpnyy0pvl"
+ Warnings:
+ description: |
+ Optional warning message.
+
+ FIXME(thaJeztah): this should have "omitempty" in the generated type.
+ type: "array"
+ x-nullable: true
+ items:
+ type: "string"
+ example:
+ - "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+
+ ServiceUpdateResponse:
+ type: "object"
+ properties:
+ Warnings:
+ description: "Optional warning messages"
+ type: "array"
+ items:
+ type: "string"
+ example:
+ Warnings:
+ - "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
+
+ ContainerInspectResponse:
+ type: "object"
+ title: "ContainerInspectResponse"
+ x-go-name: "InspectResponse"
+ properties:
+ Id:
+ description: |-
+ The ID of this container as a 128-bit (64-character) hexadecimal string (32 bytes).
+ type: "string"
+ x-go-name: "ID"
+ minLength: 64
+ maxLength: 64
+ pattern: "^[0-9a-fA-F]{64}$"
+ example: "aa86eacfb3b3ed4cd362c1e88fc89a53908ad05fb3a4103bca3f9b28292d14bf"
+ Created:
+ description: |-
+ Date and time at which the container was created, formatted in
+ [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+ type: "string"
+ format: "dateTime"
+ x-nullable: true
+ example: "2025-02-17T17:43:39.64001363Z"
+ Path:
+ description: |-
+ The path to the command being run
+ type: "string"
+ example: "/bin/sh"
+ Args:
+ description: "The arguments to the command being run"
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "-c"
+ - "exit 9"
+ State:
+ $ref: "#/definitions/ContainerState"
+ Image:
+ description: |-
+ The ID (digest) of the image that this container was created from.
+ type: "string"
+ example: "sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782"
+ ResolvConfPath:
+ description: |-
+ Location of the `/etc/resolv.conf` generated for the container on the
+ host.
+
+ This file is managed through the docker daemon, and should not be
+ accessed or modified by other tools.
+ type: "string"
+ example: "/var/lib/docker/containers/aa86eacfb3b3ed4cd362c1e88fc89a53908ad05fb3a4103bca3f9b28292d14bf/resolv.conf"
+ HostnamePath:
+ description: |-
+ Location of the `/etc/hostname` generated for the container on the
+ host.
+
+ This file is managed through the docker daemon, and should not be
+ accessed or modified by other tools.
+ type: "string"
+ example: "/var/lib/docker/containers/aa86eacfb3b3ed4cd362c1e88fc89a53908ad05fb3a4103bca3f9b28292d14bf/hostname"
+ HostsPath:
+ description: |-
+ Location of the `/etc/hosts` generated for the container on the
+ host.
+
+ This file is managed through the docker daemon, and should not be
+ accessed or modified by other tools.
+ type: "string"
+ example: "/var/lib/docker/containers/aa86eacfb3b3ed4cd362c1e88fc89a53908ad05fb3a4103bca3f9b28292d14bf/hosts"
+ LogPath:
+ description: |-
+ Location of the file used to buffer the container's logs. Depending on
+ the logging-driver used for the container, this field may be omitted.
+
+ This file is managed through the docker daemon, and should not be
+ accessed or modified by other tools.
+ type: "string"
+ x-nullable: true
+ example: "/var/lib/docker/containers/5b7c7e2b992aa426584ce6c47452756066be0e503a08b4516a433a54d2f69e59/5b7c7e2b992aa426584ce6c47452756066be0e503a08b4516a433a54d2f69e59-json.log"
+ Name:
+ description: |-
+ The name associated with this container.
+
+ For historic reasons, the name may be prefixed with a forward-slash (`/`).
+ type: "string"
+ example: "/funny_chatelet"
+ RestartCount:
+ description: |-
+ Number of times the container was restarted since it was created,
+ or since daemon was started.
+ type: "integer"
+ example: 0
+ Driver:
+ description: |-
+ The storage-driver used for the container's filesystem (graph-driver
+ or snapshotter).
+ type: "string"
+ example: "overlayfs"
+ Platform:
+ description: |-
+ The platform (operating system) for which the container was created.
+
+ This field was introduced for the experimental "LCOW" (Linux Containers
+ On Windows) features, which has been removed. In most cases, this field
+ is equal to the host's operating system (`linux` or `windows`).
+ type: "string"
+ example: "linux"
+ ImageManifestDescriptor:
+ $ref: "#/definitions/OCIDescriptor"
+ description: |-
+ OCI descriptor of the platform-specific manifest of the image
+ the container was created from.
+
+ Note: Only available if the daemon provides a multi-platform
+ image store.
+ MountLabel:
+ description: |-
+ SELinux mount label set for the container.
+ type: "string"
+ example: ""
+ ProcessLabel:
+ description: |-
+ SELinux process label set for the container.
+ type: "string"
+ example: ""
+ AppArmorProfile:
+ description: |-
+ The AppArmor profile set for the container.
+ type: "string"
+ example: ""
+ ExecIDs:
+ description: |-
+ IDs of exec instances that are running in the container.
+ type: "array"
+ items:
+ type: "string"
+ x-nullable: true
+ example:
+ - "b35395de42bc8abd327f9dd65d913b9ba28c74d2f0734eeeae84fa1c616a0fca"
+ - "3fc1232e5cd20c8de182ed81178503dc6437f4e7ef12b52cc5e8de020652f1c4"
+ HostConfig:
+ $ref: "#/definitions/HostConfig"
+ GraphDriver:
+ $ref: "#/definitions/DriverData"
+ SizeRw:
+ description: |-
+ The size of files that have been created or changed by this container.
+
+ This field is omitted by default, and only set when size is requested
+ in the API request.
+ type: "integer"
+ format: "int64"
+ x-nullable: true
+ example: "122880"
+ SizeRootFs:
+ description: |-
+ The total size of all files in the read-only layers from the image
+ that the container uses. These layers can be shared between containers.
+
+ This field is omitted by default, and only set when size is requested
+ in the API request.
+ type: "integer"
+ format: "int64"
+ x-nullable: true
+ example: "1653948416"
+ Mounts:
+ description: |-
+ List of mounts used by the container.
+ type: "array"
+ items:
+ $ref: "#/definitions/MountPoint"
+ Config:
+ $ref: "#/definitions/ContainerConfig"
+ NetworkSettings:
+ $ref: "#/definitions/NetworkSettings"
+
+ ContainerSummary:
+ type: "object"
+ properties:
+ Id:
+ description: |-
+ The ID of this container as a 128-bit (64-character) hexadecimal string (32 bytes).
+ type: "string"
+ x-go-name: "ID"
+ minLength: 64
+ maxLength: 64
+ pattern: "^[0-9a-fA-F]{64}$"
+ example: "aa86eacfb3b3ed4cd362c1e88fc89a53908ad05fb3a4103bca3f9b28292d14bf"
+ Names:
+ description: |-
+ The names associated with this container. Most containers have a single
+ name, but when using legacy "links", the container can have multiple
+ names.
+
+ For historic reasons, names are prefixed with a forward-slash (`/`).
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "/funny_chatelet"
+ Image:
+ description: |-
+ The name or ID of the image used to create the container.
+
+ This field shows the image reference as was specified when creating the container,
+ which can be in its canonical form (e.g., `docker.io/library/ubuntu:latest`
+ or `docker.io/library/ubuntu@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782`),
+ short form (e.g., `ubuntu:latest`)), or the ID(-prefix) of the image (e.g., `72297848456d`).
+
+ The content of this field can be updated at runtime if the image used to
+ create the container is untagged, in which case the field is updated to
+ contain the the image ID (digest) it was resolved to in its canonical,
+ non-truncated form (e.g., `sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782`).
+ type: "string"
+ example: "docker.io/library/ubuntu:latest"
+ ImageID:
+ description: |-
+ The ID (digest) of the image that this container was created from.
+ type: "string"
+ example: "sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782"
+ ImageManifestDescriptor:
+ $ref: "#/definitions/OCIDescriptor"
+ x-nullable: true
+ description: |
+ OCI descriptor of the platform-specific manifest of the image
+ the container was created from.
+
+ Note: Only available if the daemon provides a multi-platform
+ image store.
+
+ This field is not populated in the `GET /system/df` endpoint.
+ Command:
+ description: "Command to run when starting the container"
+ type: "string"
+ example: "/bin/bash"
+ Created:
+ description: |-
+ Date and time at which the container was created as a Unix timestamp
+ (number of seconds since EPOCH).
+ type: "integer"
+ format: "int64"
+ example: "1739811096"
+ Ports:
+ description: |-
+ Port-mappings for the container.
+ type: "array"
+ items:
+ $ref: "#/definitions/Port"
+ SizeRw:
+ description: |-
+ The size of files that have been created or changed by this container.
+
+ This field is omitted by default, and only set when size is requested
+ in the API request.
+ type: "integer"
+ format: "int64"
+ x-nullable: true
+ example: "122880"
+ SizeRootFs:
+ description: |-
+ The total size of all files in the read-only layers from the image
+ that the container uses. These layers can be shared between containers.
+
+ This field is omitted by default, and only set when size is requested
+ in the API request.
+ type: "integer"
+ format: "int64"
+ x-nullable: true
+ example: "1653948416"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ example:
+ com.example.vendor: "Acme"
+ com.example.license: "GPL"
+ com.example.version: "1.0"
+ State:
+ description: |
+ The state of this container.
+ type: "string"
+ enum:
+ - "created"
+ - "running"
+ - "paused"
+ - "restarting"
+ - "exited"
+ - "removing"
+ - "dead"
+ example: "running"
+ Status:
+ description: |-
+ Additional human-readable status of this container (e.g. `Exit 0`)
+ type: "string"
+ example: "Up 4 days"
+ HostConfig:
+ type: "object"
+ description: |-
+ Summary of host-specific runtime information of the container. This
+ is a reduced set of information in the container's "HostConfig" as
+ available in the container "inspect" response.
+ properties:
+ NetworkMode:
+ description: |-
+ Networking mode (`host`, `none`, `container:`) or name of the
+ primary network the container is using.
+
+ This field is primarily for backward compatibility. The container
+ can be connected to multiple networks for which information can be
+ found in the `NetworkSettings.Networks` field, which enumerates
+ settings per network.
+ type: "string"
+ example: "mynetwork"
+ Annotations:
+ description: |-
+ Arbitrary key-value metadata attached to the container.
+ type: "object"
+ x-nullable: true
+ additionalProperties:
+ type: "string"
+ example:
+ io.kubernetes.docker.type: "container"
+ io.kubernetes.sandbox.id: "3befe639bed0fd6afdd65fd1fa84506756f59360ec4adc270b0fdac9be22b4d3"
+ NetworkSettings:
+ description: |-
+ Summary of the container's network settings
+ type: "object"
+ properties:
+ Networks:
+ type: "object"
+ description: |-
+ Summary of network-settings for each network the container is
+ attached to.
+ additionalProperties:
+ $ref: "#/definitions/EndpointSettings"
+ Mounts:
+ type: "array"
+ description: |-
+ List of mounts used by the container.
+ items:
+ $ref: "#/definitions/MountPoint"
+
+ Driver:
+ description: "Driver represents a driver (network, logging, secrets)."
+ type: "object"
+ required: [Name]
+ properties:
+ Name:
+ description: "Name of the driver."
+ type: "string"
+ x-nullable: false
+ example: "some-driver"
+ Options:
+ description: "Key/value map of driver-specific options."
+ type: "object"
+ x-nullable: false
+ additionalProperties:
+ type: "string"
+ example:
+ OptionA: "value for driver-specific option A"
+ OptionB: "value for driver-specific option B"
+
+ SecretSpec:
+ type: "object"
+ properties:
+ Name:
+ description: "User-defined name of the secret."
+ type: "string"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ example:
+ com.example.some-label: "some-value"
+ com.example.some-other-label: "some-other-value"
+ Data:
+ description: |
+ Data is the data to store as a secret, formatted as a Base64-url-safe-encoded
+ ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5)) string.
+ It must be empty if the Driver field is set, in which case the data is
+ loaded from an external secret store. The maximum allowed size is 500KB,
+ as defined in [MaxSecretSize](https://pkg.go.dev/github.com/moby/swarmkit/v2@v2.0.0-20250103191802-8c1959736554/api/validation#MaxSecretSize).
+
+ This field is only used to _create_ a secret, and is not returned by
+ other endpoints.
+ type: "string"
+ example: ""
+ Driver:
+ description: |
+ Name of the secrets driver used to fetch the secret's value from an
+ external secret store.
+ $ref: "#/definitions/Driver"
+ Templating:
+ description: |
+ Templating driver, if applicable
+
+ Templating controls whether and how to evaluate the config payload as
+ a template. If no driver is set, no templating is used.
+ $ref: "#/definitions/Driver"
+
+ Secret:
+ type: "object"
+ properties:
+ ID:
+ type: "string"
+ example: "blt1owaxmitz71s9v5zh81zun"
+ Version:
+ $ref: "#/definitions/ObjectVersion"
+ CreatedAt:
+ type: "string"
+ format: "dateTime"
+ example: "2017-07-20T13:55:28.678958722Z"
+ UpdatedAt:
+ type: "string"
+ format: "dateTime"
+ example: "2017-07-20T13:55:28.678958722Z"
+ Spec:
+ $ref: "#/definitions/SecretSpec"
+
+ ConfigSpec:
+ type: "object"
+ properties:
+ Name:
+ description: "User-defined name of the config."
+ type: "string"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ Data:
+ description: |
+ Data is the data to store as a config, formatted as a Base64-url-safe-encoded
+ ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5)) string.
+ The maximum allowed size is 1000KB, as defined in [MaxConfigSize](https://pkg.go.dev/github.com/moby/swarmkit/v2@v2.0.0-20250103191802-8c1959736554/manager/controlapi#MaxConfigSize).
+ type: "string"
+ Templating:
+ description: |
+ Templating driver, if applicable
+
+ Templating controls whether and how to evaluate the config payload as
+ a template. If no driver is set, no templating is used.
+ $ref: "#/definitions/Driver"
+
+ Config:
+ type: "object"
+ properties:
+ ID:
+ type: "string"
+ Version:
+ $ref: "#/definitions/ObjectVersion"
+ CreatedAt:
+ type: "string"
+ format: "dateTime"
+ UpdatedAt:
+ type: "string"
+ format: "dateTime"
+ Spec:
+ $ref: "#/definitions/ConfigSpec"
+
+ ContainerState:
+ description: |
+ ContainerState stores container's running state. It's part of ContainerJSONBase
+ and will be returned by the "inspect" command.
+ type: "object"
+ x-nullable: true
+ properties:
+ Status:
+ description: |
+ String representation of the container state. Can be one of "created",
+ "running", "paused", "restarting", "removing", "exited", or "dead".
+ type: "string"
+ enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+ example: "running"
+ Running:
+ description: |
+ Whether this container is running.
+
+ Note that a running container can be _paused_. The `Running` and `Paused`
+ booleans are not mutually exclusive:
+
+ When pausing a container (on Linux), the freezer cgroup is used to suspend
+ all processes in the container. Freezing the process requires the process to
+ be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+ Use the `Status` field instead to determine if a container's state is "running".
+ type: "boolean"
+ example: true
+ Paused:
+ description: "Whether this container is paused."
+ type: "boolean"
+ example: false
+ Restarting:
+ description: "Whether this container is restarting."
+ type: "boolean"
+ example: false
+ OOMKilled:
+ description: |
+ Whether a process within this container has been killed because it ran
+ out of memory since the container was last started.
+ type: "boolean"
+ example: false
+ Dead:
+ type: "boolean"
+ example: false
+ Pid:
+ description: "The process ID of this container"
+ type: "integer"
+ example: 1234
+ ExitCode:
+ description: "The last exit code of this container"
+ type: "integer"
+ example: 0
+ Error:
+ type: "string"
+ StartedAt:
+ description: "The time when this container was last started."
+ type: "string"
+ example: "2020-01-06T09:06:59.461876391Z"
+ FinishedAt:
+ description: "The time when this container last exited."
+ type: "string"
+ example: "2020-01-06T09:07:59.461876391Z"
+ Health:
+ $ref: "#/definitions/Health"
+
+ ContainerCreateResponse:
+ description: "OK response to ContainerCreate operation"
+ type: "object"
+ title: "ContainerCreateResponse"
+ x-go-name: "CreateResponse"
+ required: [Id, Warnings]
+ properties:
+ Id:
+ description: "The ID of the created container"
+ type: "string"
+ x-nullable: false
+ example: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+ Warnings:
+ description: "Warnings encountered when creating the container"
+ type: "array"
+ x-nullable: false
+ items:
+ type: "string"
+ example: []
+
+ ContainerUpdateResponse:
+ type: "object"
+ title: "ContainerUpdateResponse"
+ x-go-name: "UpdateResponse"
+ description: |-
+ Response for a successful container-update.
+ properties:
+ Warnings:
+ type: "array"
+ description: |-
+ Warnings encountered when updating the container.
+ items:
+ type: "string"
+ example: ["Published ports are discarded when using host network mode"]
+
+ ContainerStatsResponse:
+ description: |
+ Statistics sample for a container.
+ type: "object"
+ x-go-name: "StatsResponse"
+ title: "ContainerStatsResponse"
+ properties:
+ name:
+ description: "Name of the container"
+ type: "string"
+ x-nullable: true
+ example: "boring_wozniak"
+ id:
+ description: "ID of the container"
+ type: "string"
+ x-nullable: true
+ example: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+ read:
+ description: |
+ Date and time at which this sample was collected.
+ The value is formatted as [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
+ with nano-seconds.
+ type: "string"
+ format: "date-time"
+ example: "2025-01-16T13:55:22.165243637Z"
+ preread:
+ description: |
+ Date and time at which this first sample was collected. This field
+ is not propagated if the "one-shot" option is set. If the "one-shot"
+ option is set, this field may be omitted, empty, or set to a default
+ date (`0001-01-01T00:00:00Z`).
+
+ The value is formatted as [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
+ with nano-seconds.
+ type: "string"
+ format: "date-time"
+ example: "2025-01-16T13:55:21.160452595Z"
+ pids_stats:
+ $ref: "#/definitions/ContainerPidsStats"
+ blkio_stats:
+ $ref: "#/definitions/ContainerBlkioStats"
+ num_procs:
+ description: |
+ The number of processors on the system.
+
+ This field is Windows-specific and always zero for Linux containers.
+ type: "integer"
+ format: "uint32"
+ example: 16
+ storage_stats:
+ $ref: "#/definitions/ContainerStorageStats"
+ cpu_stats:
+ $ref: "#/definitions/ContainerCPUStats"
+ precpu_stats:
+ $ref: "#/definitions/ContainerCPUStats"
+ memory_stats:
+ $ref: "#/definitions/ContainerMemoryStats"
+ networks:
+ description: |
+ Network statistics for the container per interface.
+
+ This field is omitted if the container has no networking enabled.
+ x-nullable: true
+ additionalProperties:
+ $ref: "#/definitions/ContainerNetworkStats"
+ example:
+ eth0:
+ rx_bytes: 5338
+ rx_dropped: 0
+ rx_errors: 0
+ rx_packets: 36
+ tx_bytes: 648
+ tx_dropped: 0
+ tx_errors: 0
+ tx_packets: 8
+ eth5:
+ rx_bytes: 4641
+ rx_dropped: 0
+ rx_errors: 0
+ rx_packets: 26
+ tx_bytes: 690
+ tx_dropped: 0
+ tx_errors: 0
+ tx_packets: 9
+
+ ContainerBlkioStats:
+ description: |
+ BlkioStats stores all IO service stats for data read and write.
+
+ This type is Linux-specific and holds many fields that are specific to cgroups v1.
+ On a cgroup v2 host, all fields other than `io_service_bytes_recursive`
+ are omitted or `null`.
+
+ This type is only populated on Linux and omitted for Windows containers.
+ type: "object"
+ x-go-name: "BlkioStats"
+ x-nullable: true
+ properties:
+ io_service_bytes_recursive:
+ type: "array"
+ items:
+ $ref: "#/definitions/ContainerBlkioStatEntry"
+ io_serviced_recursive:
+ description: |
+ This field is only available when using Linux containers with
+ cgroups v1. It is omitted or `null` when using cgroups v2.
+ x-nullable: true
+ type: "array"
+ items:
+ $ref: "#/definitions/ContainerBlkioStatEntry"
+ io_queue_recursive:
+ description: |
+ This field is only available when using Linux containers with
+ cgroups v1. It is omitted or `null` when using cgroups v2.
+ x-nullable: true
+ type: "array"
+ items:
+ $ref: "#/definitions/ContainerBlkioStatEntry"
+ io_service_time_recursive:
+ description: |
+ This field is only available when using Linux containers with
+ cgroups v1. It is omitted or `null` when using cgroups v2.
+ x-nullable: true
+ type: "array"
+ items:
+ $ref: "#/definitions/ContainerBlkioStatEntry"
+ io_wait_time_recursive:
+ description: |
+ This field is only available when using Linux containers with
+ cgroups v1. It is omitted or `null` when using cgroups v2.
+ x-nullable: true
+ type: "array"
+ items:
+ $ref: "#/definitions/ContainerBlkioStatEntry"
+ io_merged_recursive:
+ description: |
+ This field is only available when using Linux containers with
+ cgroups v1. It is omitted or `null` when using cgroups v2.
+ x-nullable: true
+ type: "array"
+ items:
+ $ref: "#/definitions/ContainerBlkioStatEntry"
+ io_time_recursive:
+ description: |
+ This field is only available when using Linux containers with
+ cgroups v1. It is omitted or `null` when using cgroups v2.
+ x-nullable: true
+ type: "array"
+ items:
+ $ref: "#/definitions/ContainerBlkioStatEntry"
+ sectors_recursive:
+ description: |
+ This field is only available when using Linux containers with
+ cgroups v1. It is omitted or `null` when using cgroups v2.
+ x-nullable: true
+ type: "array"
+ items:
+ $ref: "#/definitions/ContainerBlkioStatEntry"
+ example:
+ io_service_bytes_recursive: [
+ {"major": 254, "minor": 0, "op": "read", "value": 7593984},
+ {"major": 254, "minor": 0, "op": "write", "value": 100}
+ ]
+ io_serviced_recursive: null
+ io_queue_recursive: null
+ io_service_time_recursive: null
+ io_wait_time_recursive: null
+ io_merged_recursive: null
+ io_time_recursive: null
+ sectors_recursive: null
+
+ ContainerBlkioStatEntry:
+ description: |
+ Blkio stats entry.
+
+ This type is Linux-specific and omitted for Windows containers.
+ type: "object"
+ x-go-name: "BlkioStatEntry"
+ x-nullable: true
+ properties:
+ major:
+ type: "integer"
+ format: "uint64"
+ example: 254
+ minor:
+ type: "integer"
+ format: "uint64"
+ example: 0
+ op:
+ type: "string"
+ example: "read"
+ value:
+ type: "integer"
+ format: "uint64"
+ example: 7593984
+
+ ContainerCPUStats:
+ description: |
+ CPU related info of the container
+ type: "object"
+ x-go-name: "CPUStats"
+ x-nullable: true
+ properties:
+ cpu_usage:
+ $ref: "#/definitions/ContainerCPUUsage"
+ system_cpu_usage:
+ description: |
+ System Usage.
+
+ This field is Linux-specific and omitted for Windows containers.
+ type: "integer"
+ format: "uint64"
+ x-nullable: true
+ example: 5
+ online_cpus:
+ description: |
+ Number of online CPUs.
+
+ This field is Linux-specific and omitted for Windows containers.
+ type: "integer"
+ format: "uint32"
+ x-nullable: true
+ example: 5
+ throttling_data:
+ $ref: "#/definitions/ContainerThrottlingData"
+
+ ContainerCPUUsage:
+ description: |
+ All CPU stats aggregated since container inception.
+ type: "object"
+ x-go-name: "CPUUsage"
+ x-nullable: true
+ properties:
+ total_usage:
+ description: |
+ Total CPU time consumed in nanoseconds (Linux) or 100's of nanoseconds (Windows).
+ type: "integer"
+ format: "uint64"
+ example: 29912000
+ percpu_usage:
+ description: |
+ Total CPU time (in nanoseconds) consumed per core (Linux).
+
+ This field is Linux-specific when using cgroups v1. It is omitted
+ when using cgroups v2 and Windows containers.
+ type: "array"
+ x-nullable: true
+ items:
+ type: "integer"
+ format: "uint64"
+ example: 29912000
+
+ usage_in_kernelmode:
+ description: |
+ Time (in nanoseconds) spent by tasks of the cgroup in kernel mode (Linux),
+ or time spent (in 100's of nanoseconds) by all container processes in
+ kernel mode (Windows).
+
+ Not populated for Windows containers using Hyper-V isolation.
+ type: "integer"
+ format: "uint64"
+ example: 21994000
+ usage_in_usermode:
+ description: |
+ Time (in nanoseconds) spent by tasks of the cgroup in user mode (Linux),
+ or time spent (in 100's of nanoseconds) by all container processes in
+ kernel mode (Windows).
+
+ Not populated for Windows containers using Hyper-V isolation.
+ type: "integer"
+ format: "uint64"
+ example: 7918000
+
+ ContainerPidsStats:
+ description: |
+ PidsStats contains Linux-specific stats of a container's process-IDs (PIDs).
+
+ This type is Linux-specific and omitted for Windows containers.
+ type: "object"
+ x-go-name: "PidsStats"
+ x-nullable: true
+ properties:
+ current:
+ description: |
+ Current is the number of PIDs in the cgroup.
+ type: "integer"
+ format: "uint64"
+ x-nullable: true
+ example: 5
+ limit:
+ description: |
+ Limit is the hard limit on the number of pids in the cgroup.
+ A "Limit" of 0 means that there is no limit.
+ type: "integer"
+ format: "uint64"
+ x-nullable: true
+ example: "18446744073709551615"
+
+ ContainerThrottlingData:
+ description: |
+ CPU throttling stats of the container.
+
+ This type is Linux-specific and omitted for Windows containers.
+ type: "object"
+ x-go-name: "ThrottlingData"
+ x-nullable: true
+ properties:
+ periods:
+ description: |
+ Number of periods with throttling active.
+ type: "integer"
+ format: "uint64"
+ example: 0
+ throttled_periods:
+ description: |
+ Number of periods when the container hit its throttling limit.
+ type: "integer"
+ format: "uint64"
+ example: 0
+ throttled_time:
+ description: |
+ Aggregated time (in nanoseconds) the container was throttled for.
+ type: "integer"
+ format: "uint64"
+ example: 0
+
+ ContainerMemoryStats:
+ description: |
+ Aggregates all memory stats since container inception on Linux.
+ Windows returns stats for commit and private working set only.
+ type: "object"
+ x-go-name: "MemoryStats"
+ properties:
+ usage:
+ description: |
+ Current `res_counter` usage for memory.
+
+ This field is Linux-specific and omitted for Windows containers.
+ type: "integer"
+ format: "uint64"
+ x-nullable: true
+ example: 0
+ max_usage:
+ description: |
+ Maximum usage ever recorded.
+
+ This field is Linux-specific and only supported on cgroups v1.
+ It is omitted when using cgroups v2 and for Windows containers.
+ type: "integer"
+ format: "uint64"
+ x-nullable: true
+ example: 0
+ stats:
+ description: |
+ All the stats exported via memory.stat. when using cgroups v2.
+
+ This field is Linux-specific and omitted for Windows containers.
+ type: "object"
+ additionalProperties:
+ type: "integer"
+ format: "uint64"
+ x-nullable: true
+ example:
+ {
+ "active_anon": 1572864,
+ "active_file": 5115904,
+ "anon": 1572864,
+ "anon_thp": 0,
+ "file": 7626752,
+ "file_dirty": 0,
+ "file_mapped": 2723840,
+ "file_writeback": 0,
+ "inactive_anon": 0,
+ "inactive_file": 2510848,
+ "kernel_stack": 16384,
+ "pgactivate": 0,
+ "pgdeactivate": 0,
+ "pgfault": 2042,
+ "pglazyfree": 0,
+ "pglazyfreed": 0,
+ "pgmajfault": 45,
+ "pgrefill": 0,
+ "pgscan": 0,
+ "pgsteal": 0,
+ "shmem": 0,
+ "slab": 1180928,
+ "slab_reclaimable": 725576,
+ "slab_unreclaimable": 455352,
+ "sock": 0,
+ "thp_collapse_alloc": 0,
+ "thp_fault_alloc": 1,
+ "unevictable": 0,
+ "workingset_activate": 0,
+ "workingset_nodereclaim": 0,
+ "workingset_refault": 0
+ }
+ failcnt:
+ description: |
+ Number of times memory usage hits limits.
+
+ This field is Linux-specific and only supported on cgroups v1.
+ It is omitted when using cgroups v2 and for Windows containers.
+ type: "integer"
+ format: "uint64"
+ x-nullable: true
+ example: 0
+ limit:
+ description: |
+ This field is Linux-specific and omitted for Windows containers.
+ type: "integer"
+ format: "uint64"
+ x-nullable: true
+ example: 8217579520
+ commitbytes:
+ description: |
+ Committed bytes.
+
+ This field is Windows-specific and omitted for Linux containers.
+ type: "integer"
+ format: "uint64"
+ x-nullable: true
+ example: 0
+ commitpeakbytes:
+ description: |
+ Peak committed bytes.
+
+ This field is Windows-specific and omitted for Linux containers.
+ type: "integer"
+ format: "uint64"
+ x-nullable: true
+ example: 0
+ privateworkingset:
+ description: |
+ Private working set.
+
+ This field is Windows-specific and omitted for Linux containers.
+ type: "integer"
+ format: "uint64"
+ x-nullable: true
+ example: 0
+
+ ContainerNetworkStats:
+ description: |
+ Aggregates the network stats of one container
+ type: "object"
+ x-go-name: "NetworkStats"
+ x-nullable: true
+ properties:
+ rx_bytes:
+ description: |
+ Bytes received. Windows and Linux.
+ type: "integer"
+ format: "uint64"
+ example: 5338
+ rx_packets:
+ description: |
+ Packets received. Windows and Linux.
+ type: "integer"
+ format: "uint64"
+ example: 36
+ rx_errors:
+ description: |
+ Received errors. Not used on Windows.
+
+ This field is Linux-specific and always zero for Windows containers.
+ type: "integer"
+ format: "uint64"
+ example: 0
+ rx_dropped:
+ description: |
+ Incoming packets dropped. Windows and Linux.
+ type: "integer"
+ format: "uint64"
+ example: 0
+ tx_bytes:
+ description: |
+ Bytes sent. Windows and Linux.
+ type: "integer"
+ format: "uint64"
+ example: 1200
+ tx_packets:
+ description: |
+ Packets sent. Windows and Linux.
+ type: "integer"
+ format: "uint64"
+ example: 12
+ tx_errors:
+ description: |
+ Sent errors. Not used on Windows.
+
+ This field is Linux-specific and always zero for Windows containers.
+ type: "integer"
+ format: "uint64"
+ example: 0
+ tx_dropped:
+ description: |
+ Outgoing packets dropped. Windows and Linux.
+ type: "integer"
+ format: "uint64"
+ example: 0
+ endpoint_id:
+ description: |
+ Endpoint ID. Not used on Linux.
+
+ This field is Windows-specific and omitted for Linux containers.
+ type: "string"
+ x-nullable: true
+ instance_id:
+ description: |
+ Instance ID. Not used on Linux.
+
+ This field is Windows-specific and omitted for Linux containers.
+ type: "string"
+ x-nullable: true
+
+ ContainerStorageStats:
+ description: |
+ StorageStats is the disk I/O stats for read/write on Windows.
+
+ This type is Windows-specific and omitted for Linux containers.
+ type: "object"
+ x-go-name: "StorageStats"
+ x-nullable: true
+ properties:
+ read_count_normalized:
+ type: "integer"
+ format: "uint64"
+ x-nullable: true
+ example: 7593984
+ read_size_bytes:
+ type: "integer"
+ format: "uint64"
+ x-nullable: true
+ example: 7593984
+ write_count_normalized:
+ type: "integer"
+ format: "uint64"
+ x-nullable: true
+ example: 7593984
+ write_size_bytes:
+ type: "integer"
+ format: "uint64"
+ x-nullable: true
+ example: 7593984
+
+ ContainerTopResponse:
+ type: "object"
+ x-go-name: "TopResponse"
+ title: "ContainerTopResponse"
+ description: |-
+ Container "top" response.
+ properties:
+ Titles:
+ description: "The ps column titles"
+ type: "array"
+ items:
+ type: "string"
+ example:
+ Titles:
+ - "UID"
+ - "PID"
+ - "PPID"
+ - "C"
+ - "STIME"
+ - "TTY"
+ - "TIME"
+ - "CMD"
+ Processes:
+ description: |-
+ Each process running in the container, where each process
+ is an array of values corresponding to the titles.
+ type: "array"
+ items:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ Processes:
+ -
+ - "root"
+ - "13642"
+ - "882"
+ - "0"
+ - "17:03"
+ - "pts/0"
+ - "00:00:00"
+ - "/bin/bash"
+ -
+ - "root"
+ - "13735"
+ - "13642"
+ - "0"
+ - "17:06"
+ - "pts/0"
+ - "00:00:00"
+ - "sleep 10"
+
+ ContainerWaitResponse:
+ description: "OK response to ContainerWait operation"
+ type: "object"
+ x-go-name: "WaitResponse"
+ title: "ContainerWaitResponse"
+ required: [StatusCode]
+ properties:
+ StatusCode:
+ description: "Exit code of the container"
+ type: "integer"
+ format: "int64"
+ x-nullable: false
+ Error:
+ $ref: "#/definitions/ContainerWaitExitError"
+
+ ContainerWaitExitError:
+ description: "container waiting error, if any"
+ type: "object"
+ x-go-name: "WaitExitError"
+ properties:
+ Message:
+ description: "Details of an error"
+ type: "string"
+
+ SystemVersion:
+ type: "object"
+ description: |
+ Response of Engine API: GET "/version"
+ properties:
+ Platform:
+ type: "object"
+ required: [Name]
+ properties:
+ Name:
+ type: "string"
+ Components:
+ type: "array"
+ description: |
+ Information about system components
+ items:
+ type: "object"
+ x-go-name: ComponentVersion
+ required: [Name, Version]
+ properties:
+ Name:
+ description: |
+ Name of the component
+ type: "string"
+ example: "Engine"
+ Version:
+ description: |
+ Version of the component
+ type: "string"
+ x-nullable: false
+ example: "27.0.1"
+ Details:
+ description: |
+ Key/value pairs of strings with additional information about the
+ component. These values are intended for informational purposes
+ only, and their content is not defined, and not part of the API
+ specification.
+
+ These messages can be printed by the client as information to the user.
+ type: "object"
+ x-nullable: true
+ Version:
+ description: "The version of the daemon"
+ type: "string"
+ example: "27.0.1"
+ ApiVersion:
+ description: |
+ The default (and highest) API version that is supported by the daemon
+ type: "string"
+ example: "1.47"
+ MinAPIVersion:
+ description: |
+ The minimum API version that is supported by the daemon
+ type: "string"
+ example: "1.24"
+ GitCommit:
+ description: |
+ The Git commit of the source code that was used to build the daemon
+ type: "string"
+ example: "48a66213fe"
+ GoVersion:
+ description: |
+ The version Go used to compile the daemon, and the version of the Go
+ runtime in use.
+ type: "string"
+ example: "go1.22.7"
+ Os:
+ description: |
+ The operating system that the daemon is running on ("linux" or "windows")
+ type: "string"
+ example: "linux"
+ Arch:
+ description: |
+ The architecture that the daemon is running on
+ type: "string"
+ example: "amd64"
+ KernelVersion:
+ description: |
+ The kernel version (`uname -r`) that the daemon is running on.
+
+ This field is omitted when empty.
+ type: "string"
+ example: "6.8.0-31-generic"
+ Experimental:
+ description: |
+ Indicates if the daemon is started with experimental features enabled.
+
+ This field is omitted when empty / false.
+ type: "boolean"
+ example: true
+ BuildTime:
+ description: |
+ The date and time that the daemon was compiled.
+ type: "string"
+ example: "2020-06-22T15:49:27.000000000+00:00"
+
+ SystemInfo:
+ type: "object"
+ properties:
+ ID:
+ description: |
+ Unique identifier of the daemon.
+
+
+
+ > **Note**: The format of the ID itself is not part of the API, and
+ > should not be considered stable.
+ type: "string"
+ example: "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS"
+ Containers:
+ description: "Total number of containers on the host."
+ type: "integer"
+ example: 14
+ ContainersRunning:
+ description: |
+ Number of containers with status `"running"`.
+ type: "integer"
+ example: 3
+ ContainersPaused:
+ description: |
+ Number of containers with status `"paused"`.
+ type: "integer"
+ example: 1
+ ContainersStopped:
+ description: |
+ Number of containers with status `"stopped"`.
+ type: "integer"
+ example: 10
+ Images:
+ description: |
+ Total number of images on the host.
+
+ Both _tagged_ and _untagged_ (dangling) images are counted.
+ type: "integer"
+ example: 508
+ Driver:
+ description: "Name of the storage driver in use."
+ type: "string"
+ example: "overlay2"
+ DriverStatus:
+ description: |
+ Information specific to the storage driver, provided as
+ "label" / "value" pairs.
+
+ This information is provided by the storage driver, and formatted
+ in a way consistent with the output of `docker info` on the command
+ line.
+
+
+
+ > **Note**: The information returned in this field, including the
+ > formatting of values and labels, should not be considered stable,
+ > and may change without notice.
+ type: "array"
+ items:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - ["Backing Filesystem", "extfs"]
+ - ["Supports d_type", "true"]
+ - ["Native Overlay Diff", "true"]
+ DockerRootDir:
+ description: |
+ Root directory of persistent Docker state.
+
+ Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
+ on Windows.
+ type: "string"
+ example: "/var/lib/docker"
+ Plugins:
+ $ref: "#/definitions/PluginsInfo"
+ MemoryLimit:
+ description: "Indicates if the host has memory limit support enabled."
+ type: "boolean"
+ example: true
+ SwapLimit:
+ description: "Indicates if the host has memory swap limit support enabled."
+ type: "boolean"
+ example: true
+ KernelMemoryTCP:
+ description: |
+ Indicates if the host has kernel memory TCP limit support enabled. This
+ field is omitted if not supported.
+
+ Kernel memory TCP limits are not supported when using cgroups v2, which
+ does not support the corresponding `memory.kmem.tcp.limit_in_bytes` cgroup.
+ type: "boolean"
+ example: true
+ CpuCfsPeriod:
+ description: |
+ Indicates if CPU CFS(Completely Fair Scheduler) period is supported by
+ the host.
+ type: "boolean"
+ example: true
+ CpuCfsQuota:
+ description: |
+ Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by
+ the host.
+ type: "boolean"
+ example: true
+ CPUShares:
+ description: |
+ Indicates if CPU Shares limiting is supported by the host.
+ type: "boolean"
+ example: true
+ CPUSet:
+ description: |
+ Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
+
+ See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
+ type: "boolean"
+ example: true
+ PidsLimit:
+ description: "Indicates if the host kernel has PID limit support enabled."
+ type: "boolean"
+ example: true
+ OomKillDisable:
+ description: "Indicates if OOM killer disable is supported on the host."
+ type: "boolean"
+ IPv4Forwarding:
+ description: "Indicates IPv4 forwarding is enabled."
+ type: "boolean"
+ example: true
+ BridgeNfIptables:
+ description: |
+ Indicates if `bridge-nf-call-iptables` is available on the host when
+ the daemon was started.
+
+
+
+ > **Deprecated**: netfilter module is now loaded on-demand and no longer
+ > during daemon startup, making this field obsolete. This field is always
+ > `false` and will be removed in a API v1.49.
+ type: "boolean"
+ example: false
+ BridgeNfIp6tables:
+ description: |
+ Indicates if `bridge-nf-call-ip6tables` is available on the host.
+
+
+
+ > **Deprecated**: netfilter module is now loaded on-demand, and no longer
+ > during daemon startup, making this field obsolete. This field is always
+ > `false` and will be removed in a API v1.49.
+ type: "boolean"
+ example: false
+ Debug:
+ description: |
+ Indicates if the daemon is running in debug-mode / with debug-level
+ logging enabled.
+ type: "boolean"
+ example: true
+ NFd:
+ description: |
+ The total number of file Descriptors in use by the daemon process.
+
+ This information is only returned if debug-mode is enabled.
+ type: "integer"
+ example: 64
+ NGoroutines:
+ description: |
+ The number of goroutines that currently exist.
+
+ This information is only returned if debug-mode is enabled.
+ type: "integer"
+ example: 174
+ SystemTime:
+ description: |
+ Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
+ format with nano-seconds.
+ type: "string"
+ example: "2017-08-08T20:28:29.06202363Z"
+ LoggingDriver:
+ description: |
+ The logging driver to use as a default for new containers.
+ type: "string"
+ CgroupDriver:
+ description: |
+ The driver to use for managing cgroups.
+ type: "string"
+ enum: ["cgroupfs", "systemd", "none"]
+ default: "cgroupfs"
+ example: "cgroupfs"
+ CgroupVersion:
+ description: |
+ The version of the cgroup.
+ type: "string"
+ enum: ["1", "2"]
+ default: "1"
+ example: "1"
+ NEventsListener:
+ description: "Number of event listeners subscribed."
+ type: "integer"
+ example: 30
+ KernelVersion:
+ description: |
+ Kernel version of the host.
+
+ On Linux, this information obtained from `uname`. On Windows this
+ information is queried from the HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\
+ registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
+ type: "string"
+ example: "6.8.0-31-generic"
+ OperatingSystem:
+ description: |
+ Name of the host's operating system, for example: "Ubuntu 24.04 LTS"
+ or "Windows Server 2016 Datacenter"
+ type: "string"
+ example: "Ubuntu 24.04 LTS"
+ OSVersion:
+ description: |
+ Version of the host's operating system
+
+
+
+ > **Note**: The information returned in this field, including its
+ > very existence, and the formatting of values, should not be considered
+ > stable, and may change without notice.
+ type: "string"
+ example: "24.04"
+ OSType:
+ description: |
+ Generic type of the operating system of the host, as returned by the
+ Go runtime (`GOOS`).
+
+ Currently returned values are "linux" and "windows". A full list of
+ possible values can be found in the [Go documentation](https://go.dev/doc/install/source#environment).
+ type: "string"
+ example: "linux"
+ Architecture:
+ description: |
+ Hardware architecture of the host, as returned by the Go runtime
+ (`GOARCH`).
+
+ A full list of possible values can be found in the [Go documentation](https://go.dev/doc/install/source#environment).
+ type: "string"
+ example: "x86_64"
+ NCPU:
+ description: |
+ The number of logical CPUs usable by the daemon.
+
+ The number of available CPUs is checked by querying the operating
+ system when the daemon starts. Changes to operating system CPU
+ allocation after the daemon is started are not reflected.
+ type: "integer"
+ example: 4
+ MemTotal:
+ description: |
+ Total amount of physical memory available on the host, in bytes.
+ type: "integer"
+ format: "int64"
+ example: 2095882240
+
+ IndexServerAddress:
+ description: |
+ Address / URL of the index server that is used for image search,
+ and as a default for user authentication for Docker Hub and Docker Cloud.
+ default: "https://index.docker.io/v1/"
+ type: "string"
+ example: "https://index.docker.io/v1/"
+ RegistryConfig:
+ $ref: "#/definitions/RegistryServiceConfig"
+ GenericResources:
+ $ref: "#/definitions/GenericResources"
+ HttpProxy:
+ description: |
+ HTTP-proxy configured for the daemon. This value is obtained from the
+ [`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+ Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
+ are masked in the API response.
+
+ Containers do not automatically inherit this configuration.
+ type: "string"
+ example: "http://xxxxx:xxxxx@proxy.corp.example.com:8080"
+ HttpsProxy:
+ description: |
+ HTTPS-proxy configured for the daemon. This value is obtained from the
+ [`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
+ Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
+ are masked in the API response.
+
+ Containers do not automatically inherit this configuration.
+ type: "string"
+ example: "https://xxxxx:xxxxx@proxy.corp.example.com:4443"
+ NoProxy:
+ description: |
+ Comma-separated list of domain extensions for which no proxy should be
+ used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
+ environment variable.
+
+ Containers do not automatically inherit this configuration.
+ type: "string"
+ example: "*.local, 169.254/16"
+ Name:
+ description: "Hostname of the host."
+ type: "string"
+ example: "node5.corp.example.com"
+ Labels:
+ description: |
+ User-defined labels (key/value metadata) as set on the daemon.
+
+
+
+ > **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
+ > set through the daemon configuration, and _node_ labels, set from a
+ > manager node in the Swarm. Node labels are not included in this
+ > field. Node labels can be retrieved using the `/nodes/(id)` endpoint
+ > on a manager node in the Swarm.
+ type: "array"
+ items:
+ type: "string"
+ example: ["storage=ssd", "production"]
+ ExperimentalBuild:
+ description: |
+ Indicates if experimental features are enabled on the daemon.
+ type: "boolean"
+ example: true
+ ServerVersion:
+ description: |
+ Version string of the daemon.
+ type: "string"
+ example: "27.0.1"
+ Runtimes:
+ description: |
+ List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
+ runtimes configured on the daemon. Keys hold the "name" used to
+ reference the runtime.
+
+ The Docker daemon relies on an OCI compliant runtime (invoked via the
+ `containerd` daemon) as its interface to the Linux kernel namespaces,
+ cgroups, and SELinux.
+
+ The default runtime is `runc`, and automatically configured. Additional
+ runtimes can be configured by the user and will be listed here.
+ type: "object"
+ additionalProperties:
+ $ref: "#/definitions/Runtime"
+ default:
+ runc:
+ path: "runc"
+ example:
+ runc:
+ path: "runc"
+ runc-master:
+ path: "/go/bin/runc"
+ custom:
+ path: "/usr/local/bin/my-oci-runtime"
+ runtimeArgs: ["--debug", "--systemd-cgroup=false"]
+ DefaultRuntime:
+ description: |
+ Name of the default OCI runtime that is used when starting containers.
+
+ The default can be overridden per-container at create time.
+ type: "string"
+ default: "runc"
+ example: "runc"
+ Swarm:
+ $ref: "#/definitions/SwarmInfo"
+ LiveRestoreEnabled:
+ description: |
+ Indicates if live restore is enabled.
+
+ If enabled, containers are kept running when the daemon is shutdown
+ or upon daemon start if running containers are detected.
+ type: "boolean"
+ default: false
+ example: false
+ Isolation:
+ description: |
+ Represents the isolation technology to use as a default for containers.
+ The supported values are platform-specific.
+
+ If no isolation value is specified on daemon start, on Windows client,
+ the default is `hyperv`, and on Windows server, the default is `process`.
+
+ This option is currently not used on other platforms.
+ default: "default"
+ type: "string"
+ enum:
+ - "default"
+ - "hyperv"
+ - "process"
+ - ""
+ InitBinary:
+ description: |
+ Name and, optional, path of the `docker-init` binary.
+
+ If the path is omitted, the daemon searches the host's `$PATH` for the
+ binary and uses the first result.
+ type: "string"
+ example: "docker-init"
+ ContainerdCommit:
+ $ref: "#/definitions/Commit"
+ RuncCommit:
+ $ref: "#/definitions/Commit"
+ InitCommit:
+ $ref: "#/definitions/Commit"
+ SecurityOptions:
+ description: |
+ List of security features that are enabled on the daemon, such as
+ apparmor, seccomp, SELinux, user-namespaces (userns), rootless and
+ no-new-privileges.
+
+ Additional configuration options for each security feature may
+ be present, and are included as a comma-separated list of key/value
+ pairs.
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "name=apparmor"
+ - "name=seccomp,profile=default"
+ - "name=selinux"
+ - "name=userns"
+ - "name=rootless"
+ ProductLicense:
+ description: |
+ Reports a summary of the product license on the daemon.
+
+ If a commercial license has been applied to the daemon, information
+ such as number of nodes, and expiration are included.
+ type: "string"
+ example: "Community Engine"
+ DefaultAddressPools:
+ description: |
+ List of custom default address pools for local networks, which can be
+ specified in the daemon.json file or dockerd option.
+
+ Example: a Base "10.10.0.0/16" with Size 24 will define the set of 256
+ 10.10.[0-255].0/24 address pools.
+ type: "array"
+ items:
+ type: "object"
+ properties:
+ Base:
+ description: "The network address in CIDR format"
+ type: "string"
+ example: "10.10.0.0/16"
+ Size:
+ description: "The network pool size"
+ type: "integer"
+ example: "24"
+ FirewallBackend:
+ $ref: "#/definitions/FirewallInfo"
+ DiscoveredDevices:
+ description: |
+ List of devices discovered by device drivers.
+
+ Each device includes information about its source driver, kind, name,
+ and additional driver-specific attributes.
+ type: "array"
+ items:
+ $ref: "#/definitions/DeviceInfo"
+ Warnings:
+ description: |
+ List of warnings / informational messages about missing features, or
+ issues related to the daemon configuration.
+
+ These messages can be printed by the client as information to the user.
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "WARNING: No memory limit support"
+ CDISpecDirs:
+ description: |
+ List of directories where (Container Device Interface) CDI
+ specifications are located.
+
+ These specifications define vendor-specific modifications to an OCI
+ runtime specification for a container being created.
+
+ An empty list indicates that CDI device injection is disabled.
+
+ Note that since using CDI device injection requires the daemon to have
+ experimental enabled. For non-experimental daemons an empty list will
+ always be returned.
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "/etc/cdi"
+ - "/var/run/cdi"
+ Containerd:
+ $ref: "#/definitions/ContainerdInfo"
+
+ ContainerdInfo:
+ description: |
+ Information for connecting to the containerd instance that is used by the daemon.
+ This is included for debugging purposes only.
+ type: "object"
+ x-nullable: true
+ properties:
+ Address:
+ description: "The address of the containerd socket."
+ type: "string"
+ example: "/run/containerd/containerd.sock"
+ Namespaces:
+ description: |
+ The namespaces that the daemon uses for running containers and
+ plugins in containerd. These namespaces can be configured in the
+ daemon configuration, and are considered to be used exclusively
+ by the daemon, Tampering with the containerd instance may cause
+ unexpected behavior.
+
+ As these namespaces are considered to be exclusively accessed
+ by the daemon, it is not recommended to change these values,
+ or to change them to a value that is used by other systems,
+ such as cri-containerd.
+ type: "object"
+ properties:
+ Containers:
+ description: |
+ The default containerd namespace used for containers managed
+ by the daemon.
+
+ The default namespace for containers is "moby", but will be
+ suffixed with the `.` of the remapped `root` if
+ user-namespaces are enabled and the containerd image-store
+ is used.
+ type: "string"
+ default: "moby"
+ example: "moby"
+ Plugins:
+ description: |
+ The default containerd namespace used for plugins managed by
+ the daemon.
+
+ The default namespace for plugins is "plugins.moby", but will be
+ suffixed with the `.` of the remapped `root` if
+ user-namespaces are enabled and the containerd image-store
+ is used.
+ type: "string"
+ default: "plugins.moby"
+ example: "plugins.moby"
+
+ FirewallInfo:
+ description: |
+ Information about the daemon's firewalling configuration.
+
+ This field is currently only used on Linux, and omitted on other platforms.
+ type: "object"
+ x-nullable: true
+ properties:
+ Driver:
+ description: |
+ The name of the firewall backend driver.
+ type: "string"
+ example: "nftables"
+ Info:
+ description: |
+ Information about the firewall backend, provided as
+ "label" / "value" pairs.
+
+
+
+ > **Note**: The information returned in this field, including the
+ > formatting of values and labels, should not be considered stable,
+ > and may change without notice.
+ type: "array"
+ items:
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - ["ReloadedAt", "2025-01-01T00:00:00Z"]
+
+ # PluginsInfo is a temp struct holding Plugins name
+ # registered with docker daemon. It is used by Info struct
+ PluginsInfo:
+ description: |
+ Available plugins per type.
+
+
+
+ > **Note**: Only unmanaged (V1) plugins are included in this list.
+ > V1 plugins are "lazily" loaded, and are not returned in this list
+ > if there is no resource using the plugin.
+ type: "object"
+ properties:
+ Volume:
+ description: "Names of available volume-drivers, and network-driver plugins."
+ type: "array"
+ items:
+ type: "string"
+ example: ["local"]
+ Network:
+ description: "Names of available network-drivers, and network-driver plugins."
+ type: "array"
+ items:
+ type: "string"
+ example: ["bridge", "host", "ipvlan", "macvlan", "null", "overlay"]
+ Authorization:
+ description: "Names of available authorization plugins."
+ type: "array"
+ items:
+ type: "string"
+ example: ["img-authz-plugin", "hbm"]
+ Log:
+ description: "Names of available logging-drivers, and logging-driver plugins."
+ type: "array"
+ items:
+ type: "string"
+ example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "splunk", "syslog"]
+
+
+ RegistryServiceConfig:
+ description: |
+ RegistryServiceConfig stores daemon registry services configuration.
+ type: "object"
+ x-nullable: true
+ properties:
+ InsecureRegistryCIDRs:
+ description: |
+ List of IP ranges of insecure registries, using the CIDR syntax
+ ([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
+ accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
+ from unknown CAs) communication.
+
+ By default, local registries (`::1/128` and `127.0.0.0/8`) are configured as
+ insecure. All other registries are secure. Communicating with an
+ insecure registry is not possible if the daemon assumes that registry
+ is secure.
+
+ This configuration override this behavior, insecure communication with
+ registries whose resolved IP address is within the subnet described by
+ the CIDR syntax.
+
+ Registries can also be marked insecure by hostname. Those registries
+ are listed under `IndexConfigs` and have their `Secure` field set to
+ `false`.
+
+ > **Warning**: Using this option can be useful when running a local
+ > registry, but introduces security vulnerabilities. This option
+ > should therefore ONLY be used for testing purposes. For increased
+ > security, users should add their CA to their system's list of trusted
+ > CAs instead of enabling this option.
+ type: "array"
+ items:
+ type: "string"
+ example: ["::1/128", "127.0.0.0/8"]
+ IndexConfigs:
+ type: "object"
+ additionalProperties:
+ $ref: "#/definitions/IndexInfo"
+ example:
+ "127.0.0.1:5000":
+ "Name": "127.0.0.1:5000"
+ "Mirrors": []
+ "Secure": false
+ "Official": false
+ "[2001:db8:a0b:12f0::1]:80":
+ "Name": "[2001:db8:a0b:12f0::1]:80"
+ "Mirrors": []
+ "Secure": false
+ "Official": false
+ "docker.io":
+ Name: "docker.io"
+ Mirrors: ["https://hub-mirror.corp.example.com:5000/"]
+ Secure: true
+ Official: true
+ "registry.internal.corp.example.com:3000":
+ Name: "registry.internal.corp.example.com:3000"
+ Mirrors: []
+ Secure: false
+ Official: false
+ Mirrors:
+ description: |
+ List of registry URLs that act as a mirror for the official
+ (`docker.io`) registry.
+
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "https://hub-mirror.corp.example.com:5000/"
+ - "https://[2001:db8:a0b:12f0::1]/"
+
+ IndexInfo:
+ description:
+ IndexInfo contains information about a registry.
+ type: "object"
+ x-nullable: true
+ properties:
+ Name:
+ description: |
+ Name of the registry, such as "docker.io".
+ type: "string"
+ example: "docker.io"
+ Mirrors:
+ description: |
+ List of mirrors, expressed as URIs.
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "https://hub-mirror.corp.example.com:5000/"
+ - "https://registry-2.docker.io/"
+ - "https://registry-3.docker.io/"
+ Secure:
+ description: |
+ Indicates if the registry is part of the list of insecure
+ registries.
+
+ If `false`, the registry is insecure. Insecure registries accept
+ un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
+ unknown CAs) communication.
+
+ > **Warning**: Insecure registries can be useful when running a local
+ > registry. However, because its use creates security vulnerabilities
+ > it should ONLY be enabled for testing purposes. For increased
+ > security, users should add their CA to their system's list of
+ > trusted CAs instead of enabling this option.
+ type: "boolean"
+ example: true
+ Official:
+ description: |
+ Indicates whether this is an official registry (i.e., Docker Hub / docker.io)
+ type: "boolean"
+ example: true
+
+ Runtime:
+ description: |
+ Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
+ runtime.
+
+ The runtime is invoked by the daemon via the `containerd` daemon. OCI
+ runtimes act as an interface to the Linux kernel namespaces, cgroups,
+ and SELinux.
+ type: "object"
+ properties:
+ path:
+ description: |
+ Name and, optional, path, of the OCI executable binary.
+
+ If the path is omitted, the daemon searches the host's `$PATH` for the
+ binary and uses the first result.
+ type: "string"
+ example: "/usr/local/bin/my-oci-runtime"
+ runtimeArgs:
+ description: |
+ List of command-line arguments to pass to the runtime when invoked.
+ type: "array"
+ x-nullable: true
+ items:
+ type: "string"
+ example: ["--debug", "--systemd-cgroup=false"]
+ status:
+ description: |
+ Information specific to the runtime.
+
+ While this API specification does not define data provided by runtimes,
+ the following well-known properties may be provided by runtimes:
+
+ `org.opencontainers.runtime-spec.features`: features structure as defined
+ in the [OCI Runtime Specification](https://github.com/opencontainers/runtime-spec/blob/main/features.md),
+ in a JSON string representation.
+
+
+
+ > **Note**: The information returned in this field, including the
+ > formatting of values and labels, should not be considered stable,
+ > and may change without notice.
+ type: "object"
+ x-nullable: true
+ additionalProperties:
+ type: "string"
+ example:
+ "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",\"ociVersionMax\":\"1.1.0\",\"...\":\"...\"}"
+
+ Commit:
+ description: |
+ Commit holds the Git-commit (SHA1) that a binary was built from, as
+ reported in the version-string of external tools, such as `containerd`,
+ or `runC`.
+ type: "object"
+ properties:
+ ID:
+ description: "Actual commit ID of external tool."
+ type: "string"
+ example: "cfb82a876ecc11b5ca0977d1733adbe58599088a"
+
+ SwarmInfo:
+ description: |
+ Represents generic information about swarm.
+ type: "object"
+ properties:
+ NodeID:
+ description: "Unique identifier of for this node in the swarm."
+ type: "string"
+ default: ""
+ example: "k67qz4598weg5unwwffg6z1m1"
+ NodeAddr:
+ description: |
+ IP address at which this node can be reached by other nodes in the
+ swarm.
+ type: "string"
+ default: ""
+ example: "10.0.0.46"
+ LocalNodeState:
+ $ref: "#/definitions/LocalNodeState"
+ ControlAvailable:
+ type: "boolean"
+ default: false
+ example: true
+ Error:
+ type: "string"
+ default: ""
+ RemoteManagers:
+ description: |
+ List of ID's and addresses of other managers in the swarm.
+ type: "array"
+ default: null
+ x-nullable: true
+ items:
+ $ref: "#/definitions/PeerNode"
+ example:
+ - NodeID: "71izy0goik036k48jg985xnds"
+ Addr: "10.0.0.158:2377"
+ - NodeID: "79y6h1o4gv8n120drcprv5nmc"
+ Addr: "10.0.0.159:2377"
+ - NodeID: "k67qz4598weg5unwwffg6z1m1"
+ Addr: "10.0.0.46:2377"
+ Nodes:
+ description: "Total number of nodes in the swarm."
+ type: "integer"
+ x-nullable: true
+ example: 4
+ Managers:
+ description: "Total number of managers in the swarm."
+ type: "integer"
+ x-nullable: true
+ example: 3
+ Cluster:
+ $ref: "#/definitions/ClusterInfo"
+
+ LocalNodeState:
+ description: "Current local status of this node."
+ type: "string"
+ default: ""
+ enum:
+ - ""
+ - "inactive"
+ - "pending"
+ - "active"
+ - "error"
+ - "locked"
+ example: "active"
+
+ PeerNode:
+ description: "Represents a peer-node in the swarm"
+ type: "object"
+ properties:
+ NodeID:
+ description: "Unique identifier of for this node in the swarm."
+ type: "string"
+ Addr:
+ description: |
+ IP address and ports at which this node can be reached.
+ type: "string"
+
+ NetworkAttachmentConfig:
+ description: |
+ Specifies how a service should be attached to a particular network.
+ type: "object"
+ properties:
+ Target:
+ description: |
+ The target network for attachment. Must be a network name or ID.
+ type: "string"
+ Aliases:
+ description: |
+ Discoverable alternate names for the service on this network.
+ type: "array"
+ items:
+ type: "string"
+ DriverOpts:
+ description: |
+ Driver attachment options for the network target.
+ type: "object"
+ additionalProperties:
+ type: "string"
+
+ EventActor:
+ description: |
+ Actor describes something that generates events, like a container, network,
+ or a volume.
+ type: "object"
+ properties:
+ ID:
+ description: "The ID of the object emitting the event"
+ type: "string"
+ example: "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743"
+ Attributes:
+ description: |
+ Various key/value attributes of the object, depending on its type.
+ type: "object"
+ additionalProperties:
+ type: "string"
+ example:
+ com.example.some-label: "some-label-value"
+ image: "alpine:latest"
+ name: "my-container"
+
+ EventMessage:
+ description: |
+ EventMessage represents the information an event contains.
+ type: "object"
+ title: "SystemEventsResponse"
+ properties:
+ Type:
+ description: "The type of object emitting the event"
+ type: "string"
+ enum: ["builder", "config", "container", "daemon", "image", "network", "node", "plugin", "secret", "service", "volume"]
+ example: "container"
+ Action:
+ description: "The type of event"
+ type: "string"
+ example: "create"
+ Actor:
+ $ref: "#/definitions/EventActor"
+ scope:
+ description: |
+ Scope of the event. Engine events are `local` scope. Cluster (Swarm)
+ events are `swarm` scope.
+ type: "string"
+ enum: ["local", "swarm"]
+ time:
+ description: "Timestamp of event"
+ type: "integer"
+ format: "int64"
+ example: 1629574695
+ timeNano:
+ description: "Timestamp of event, with nanosecond accuracy"
+ type: "integer"
+ format: "int64"
+ example: 1629574695515050031
+
+ OCIDescriptor:
+ type: "object"
+ x-go-name: Descriptor
+ description: |
+ A descriptor struct containing digest, media type, and size, as defined in
+ the [OCI Content Descriptors Specification](https://github.com/opencontainers/image-spec/blob/v1.0.1/descriptor.md).
+ properties:
+ mediaType:
+ description: |
+ The media type of the object this schema refers to.
+ type: "string"
+ example: "application/vnd.oci.image.manifest.v1+json"
+ digest:
+ description: |
+ The digest of the targeted content.
+ type: "string"
+ example: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96"
+ size:
+ description: |
+ The size in bytes of the blob.
+ type: "integer"
+ format: "int64"
+ example: 424
+ urls:
+ description: |-
+ List of URLs from which this object MAY be downloaded.
+ type: "array"
+ items:
+ type: "string"
+ format: "uri"
+ x-nullable: true
+ annotations:
+ description: |-
+ Arbitrary metadata relating to the targeted content.
+ type: "object"
+ x-nullable: true
+ additionalProperties:
+ type: "string"
+ example:
+ "com.docker.official-images.bashbrew.arch": "amd64"
+ "org.opencontainers.image.base.digest": "sha256:0d0ef5c914d3ea700147da1bd050c59edb8bb12ca312f3800b29d7c8087eabd8"
+ "org.opencontainers.image.base.name": "scratch"
+ "org.opencontainers.image.created": "2025-01-27T00:00:00Z"
+ "org.opencontainers.image.revision": "9fabb4bad5138435b01857e2fe9363e2dc5f6a79"
+ "org.opencontainers.image.source": "https://git.launchpad.net/cloud-images/+oci/ubuntu-base"
+ "org.opencontainers.image.url": "https://hub.docker.com/_/ubuntu"
+ "org.opencontainers.image.version": "24.04"
+ data:
+ type: string
+ x-nullable: true
+ description: |-
+ Data is an embedding of the targeted content. This is encoded as a base64
+ string when marshalled to JSON (automatically, by encoding/json). If
+ present, Data can be used directly to avoid fetching the targeted content.
+ example: null
+ platform:
+ $ref: "#/definitions/OCIPlatform"
+ artifactType:
+ description: |-
+ ArtifactType is the IANA media type of this artifact.
+ type: "string"
+ x-nullable: true
+ example: null
+
+ OCIPlatform:
+ type: "object"
+ x-go-name: Platform
+ x-nullable: true
+ description: |
+ Describes the platform which the image in the manifest runs on, as defined
+ in the [OCI Image Index Specification](https://github.com/opencontainers/image-spec/blob/v1.0.1/image-index.md).
+ properties:
+ architecture:
+ description: |
+ The CPU architecture, for example `amd64` or `ppc64`.
+ type: "string"
+ example: "arm"
+ os:
+ description: |
+ The operating system, for example `linux` or `windows`.
+ type: "string"
+ example: "windows"
+ os.version:
+ description: |
+ Optional field specifying the operating system version, for example on
+ Windows `10.0.19041.1165`.
+ type: "string"
+ example: "10.0.19041.1165"
+ os.features:
+ description: |
+ Optional field specifying an array of strings, each listing a required
+ OS feature (for example on Windows `win32k`).
+ type: "array"
+ items:
+ type: "string"
+ example:
+ - "win32k"
+ variant:
+ description: |
+ Optional field specifying a variant of the CPU, for example `v7` to
+ specify ARMv7 when architecture is `arm`.
+ type: "string"
+ example: "v7"
+
+ DistributionInspect:
+ type: "object"
+ x-go-name: DistributionInspect
+ title: "DistributionInspectResponse"
+ required: [Descriptor, Platforms]
+ description: |
+ Describes the result obtained from contacting the registry to retrieve
+ image metadata.
+ properties:
+ Descriptor:
+ $ref: "#/definitions/OCIDescriptor"
+ Platforms:
+ type: "array"
+ description: |
+ An array containing all platforms supported by the image.
+ items:
+ $ref: "#/definitions/OCIPlatform"
+
+ ClusterVolume:
+ type: "object"
+ description: |
+ Options and information specific to, and only present on, Swarm CSI
+ cluster volumes.
+ properties:
+ ID:
+ type: "string"
+ description: |
+ The Swarm ID of this volume. Because cluster volumes are Swarm
+ objects, they have an ID, unlike non-cluster volumes. This ID can
+ be used to refer to the Volume instead of the name.
+ Version:
+ $ref: "#/definitions/ObjectVersion"
+ CreatedAt:
+ type: "string"
+ format: "dateTime"
+ UpdatedAt:
+ type: "string"
+ format: "dateTime"
+ Spec:
+ $ref: "#/definitions/ClusterVolumeSpec"
+ Info:
+ type: "object"
+ description: |
+ Information about the global status of the volume.
+ properties:
+ CapacityBytes:
+ type: "integer"
+ format: "int64"
+ description: |
+ The capacity of the volume in bytes. A value of 0 indicates that
+ the capacity is unknown.
+ VolumeContext:
+ type: "object"
+ description: |
+ A map of strings to strings returned from the storage plugin when
+ the volume is created.
+ additionalProperties:
+ type: "string"
+ VolumeID:
+ type: "string"
+ description: |
+ The ID of the volume as returned by the CSI storage plugin. This
+ is distinct from the volume's ID as provided by Docker. This ID
+ is never used by the user when communicating with Docker to refer
+ to this volume. If the ID is blank, then the Volume has not been
+ successfully created in the plugin yet.
+ AccessibleTopology:
+ type: "array"
+ description: |
+ The topology this volume is actually accessible from.
+ items:
+ $ref: "#/definitions/Topology"
+ PublishStatus:
+ type: "array"
+ description: |
+ The status of the volume as it pertains to its publishing and use on
+ specific nodes
+ items:
+ type: "object"
+ properties:
+ NodeID:
+ type: "string"
+ description: |
+ The ID of the Swarm node the volume is published on.
+ State:
+ type: "string"
+ description: |
+ The published state of the volume.
+ * `pending-publish` The volume should be published to this node, but the call to the controller plugin to do so has not yet been successfully completed.
+ * `published` The volume is published successfully to the node.
+ * `pending-node-unpublish` The volume should be unpublished from the node, and the manager is awaiting confirmation from the worker that it has done so.
+ * `pending-controller-unpublish` The volume is successfully unpublished from the node, but has not yet been successfully unpublished on the controller.
+ enum:
+ - "pending-publish"
+ - "published"
+ - "pending-node-unpublish"
+ - "pending-controller-unpublish"
+ PublishContext:
+ type: "object"
+ description: |
+ A map of strings to strings returned by the CSI controller
+ plugin when a volume is published.
+ additionalProperties:
+ type: "string"
+
+ ClusterVolumeSpec:
+ type: "object"
+ description: |
+ Cluster-specific options used to create the volume.
+ properties:
+ Group:
+ type: "string"
+ description: |
+ Group defines the volume group of this volume. Volumes belonging to
+ the same group can be referred to by group name when creating
+ Services. Referring to a volume by group instructs Swarm to treat
+ volumes in that group interchangeably for the purpose of scheduling.
+ Volumes with an empty string for a group technically all belong to
+ the same, emptystring group.
+ AccessMode:
+ type: "object"
+ description: |
+ Defines how the volume is used by tasks.
+ properties:
+ Scope:
+ type: "string"
+ description: |
+ The set of nodes this volume can be used on at one time.
+ - `single` The volume may only be scheduled to one node at a time.
+ - `multi` the volume may be scheduled to any supported number of nodes at a time.
+ default: "single"
+ enum: ["single", "multi"]
+ x-nullable: false
+ Sharing:
+ type: "string"
+ description: |
+ The number and way that different tasks can use this volume
+ at one time.
+ - `none` The volume may only be used by one task at a time.
+ - `readonly` The volume may be used by any number of tasks, but they all must mount the volume as readonly
+ - `onewriter` The volume may be used by any number of tasks, but only one may mount it as read/write.
+ - `all` The volume may have any number of readers and writers.
+ default: "none"
+ enum: ["none", "readonly", "onewriter", "all"]
+ x-nullable: false
+ MountVolume:
+ type: "object"
+ description: |
+ Options for using this volume as a Mount-type volume.
+
+ Either MountVolume or BlockVolume, but not both, must be
+ present.
+ properties:
+ FsType:
+ type: "string"
+ description: |
+ Specifies the filesystem type for the mount volume.
+ Optional.
+ MountFlags:
+ type: "array"
+ description: |
+ Flags to pass when mounting the volume. Optional.
+ items:
+ type: "string"
+ BlockVolume:
+ type: "object"
+ description: |
+ Options for using this volume as a Block-type volume.
+ Intentionally empty.
+ Secrets:
+ type: "array"
+ description: |
+ Swarm Secrets that are passed to the CSI storage plugin when
+ operating on this volume.
+ items:
+ type: "object"
+ description: |
+ One cluster volume secret entry. Defines a key-value pair that
+ is passed to the plugin.
+ properties:
+ Key:
+ type: "string"
+ description: |
+ Key is the name of the key of the key-value pair passed to
+ the plugin.
+ Secret:
+ type: "string"
+ description: |
+ Secret is the swarm Secret object from which to read data.
+ This can be a Secret name or ID. The Secret data is
+ retrieved by swarm and used as the value of the key-value
+ pair passed to the plugin.
+ AccessibilityRequirements:
+ type: "object"
+ description: |
+ Requirements for the accessible topology of the volume. These
+ fields are optional. For an in-depth description of what these
+ fields mean, see the CSI specification.
+ properties:
+ Requisite:
+ type: "array"
+ description: |
+ A list of required topologies, at least one of which the
+ volume must be accessible from.
+ items:
+ $ref: "#/definitions/Topology"
+ Preferred:
+ type: "array"
+ description: |
+ A list of topologies that the volume should attempt to be
+ provisioned in.
+ items:
+ $ref: "#/definitions/Topology"
+ CapacityRange:
+ type: "object"
+ description: |
+ The desired capacity that the volume should be created with. If
+ empty, the plugin will decide the capacity.
+ properties:
+ RequiredBytes:
+ type: "integer"
+ format: "int64"
+ description: |
+ The volume must be at least this big. The value of 0
+ indicates an unspecified minimum
+ LimitBytes:
+ type: "integer"
+ format: "int64"
+ description: |
+ The volume must not be bigger than this. The value of 0
+ indicates an unspecified maximum.
+ Availability:
+ type: "string"
+ description: |
+ The availability of the volume for use in tasks.
+ - `active` The volume is fully available for scheduling on the cluster
+ - `pause` No new workloads should use the volume, but existing workloads are not stopped.
+ - `drain` All workloads using this volume should be stopped and rescheduled, and no new ones should be started.
+ default: "active"
+ x-nullable: false
+ enum:
+ - "active"
+ - "pause"
+ - "drain"
+
+ Topology:
+ description: |
+ A map of topological domains to topological segments. For in depth
+ details, see documentation for the Topology object in the CSI
+ specification.
+ type: "object"
+ additionalProperties:
+ type: "string"
+
+ ImageManifestSummary:
+ x-go-name: "ManifestSummary"
+ description: |
+ ImageManifestSummary represents a summary of an image manifest.
+ type: "object"
+ required: ["ID", "Descriptor", "Available", "Size", "Kind"]
+ properties:
+ ID:
+ description: |
+ ID is the content-addressable ID of an image and is the same as the
+ digest of the image manifest.
+ type: "string"
+ example: "sha256:95869fbcf224d947ace8d61d0e931d49e31bb7fc67fffbbe9c3198c33aa8e93f"
+ Descriptor:
+ $ref: "#/definitions/OCIDescriptor"
+ Available:
+ description: Indicates whether all the child content (image config, layers) is fully available locally.
+ type: "boolean"
+ example: true
+ Size:
+ type: "object"
+ x-nullable: false
+ required: ["Content", "Total"]
+ properties:
+ Total:
+ type: "integer"
+ format: "int64"
+ example: 8213251
+ description: |
+ Total is the total size (in bytes) of all the locally present
+ data (both distributable and non-distributable) that's related to
+ this manifest and its children.
+ This equal to the sum of [Content] size AND all the sizes in the
+ [Size] struct present in the Kind-specific data struct.
+ For example, for an image kind (Kind == "image")
+ this would include the size of the image content and unpacked
+ image snapshots ([Size.Content] + [ImageData.Size.Unpacked]).
+ Content:
+ description: |
+ Content is the size (in bytes) of all the locally present
+ content in the content store (e.g. image config, layers)
+ referenced by this manifest and its children.
+ This only includes blobs in the content store.
+ type: "integer"
+ format: "int64"
+ example: 3987495
+ Kind:
+ type: "string"
+ example: "image"
+ enum:
+ - "image"
+ - "attestation"
+ - "unknown"
+ description: |
+ The kind of the manifest.
+
+ kind | description
+ -------------|-----------------------------------------------------------
+ image | Image manifest that can be used to start a container.
+ attestation | Attestation manifest produced by the Buildkit builder for a specific image manifest.
+ ImageData:
+ description: |
+ The image data for the image manifest.
+ This field is only populated when Kind is "image".
+ type: "object"
+ x-nullable: true
+ x-omitempty: true
+ required: ["Platform", "Containers", "Size", "UnpackedSize"]
+ properties:
+ Platform:
+ $ref: "#/definitions/OCIPlatform"
+ description: |
+ OCI platform of the image. This will be the platform specified in the
+ manifest descriptor from the index/manifest list.
+ If it's not available, it will be obtained from the image config.
+ Containers:
+ description: |
+ The IDs of the containers that are using this image.
+ type: "array"
+ items:
+ type: "string"
+ example: ["ede54ee1fda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c7430", "abadbce344c096744d8d6071a90d474d28af8f1034b5ea9fb03c3f4bfc6d005e"]
+ Size:
+ type: "object"
+ x-nullable: false
+ required: ["Unpacked"]
+ properties:
+ Unpacked:
+ type: "integer"
+ format: "int64"
+ example: 3987495
+ description: |
+ Unpacked is the size (in bytes) of the locally unpacked
+ (uncompressed) image content that's directly usable by the containers
+ running this image.
+ It's independent of the distributable content - e.g.
+ the image might still have an unpacked data that's still used by
+ some container even when the distributable/compressed content is
+ already gone.
+ AttestationData:
+ description: |
+ The image data for the attestation manifest.
+ This field is only populated when Kind is "attestation".
+ type: "object"
+ x-nullable: true
+ x-omitempty: true
+ required: ["For"]
+ properties:
+ For:
+ description: |
+ The digest of the image manifest that this attestation is for.
+ type: "string"
+ example: "sha256:95869fbcf224d947ace8d61d0e931d49e31bb7fc67fffbbe9c3198c33aa8e93f"
+
+paths:
+ /containers/json:
+ get:
+ summary: "List containers"
+ description: |
+ Returns a list of containers. For details on the format, see the
+ [inspect endpoint](#operation/ContainerInspect).
+
+ Note that it uses a different, smaller representation of a container
+ than inspecting a single container. For example, the list of linked
+ containers is not propagated .
+ operationId: "ContainerList"
+ produces:
+ - "application/json"
+ parameters:
+ - name: "all"
+ in: "query"
+ description: |
+ Return all containers. By default, only running containers are shown.
+ type: "boolean"
+ default: false
+ - name: "limit"
+ in: "query"
+ description: |
+ Return this number of most recently created containers, including
+ non-running ones.
+ type: "integer"
+ - name: "size"
+ in: "query"
+ description: |
+ Return the size of container as fields `SizeRw` and `SizeRootFs`.
+ type: "boolean"
+ default: false
+ - name: "filters"
+ in: "query"
+ description: |
+ Filters to process on the container list, encoded as JSON (a
+ `map[string][]string`). For example, `{"status": ["paused"]}` will
+ only return paused containers.
+
+ Available filters:
+
+ - `ancestor`=(`[:]`, ``, or ``)
+ - `before`=(`` or ``)
+ - `expose`=(`[/]`|`/[]`)
+ - `exited=` containers with exit code of ``
+ - `health`=(`starting`|`healthy`|`unhealthy`|`none`)
+ - `id=` a container's ID
+ - `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
+ - `is-task=`(`true`|`false`)
+ - `label=key` or `label="key=value"` of a container label
+ - `name=` a container's name
+ - `network`=(`` or ``)
+ - `publish`=(`[/]`|`/[]`)
+ - `since`=(`` or ``)
+ - `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
+ - `volume`=(`` or ``)
+ type: "string"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/ContainerSummary"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Container"]
+ /containers/create:
+ post:
+ summary: "Create a container"
+ operationId: "ContainerCreate"
+ consumes:
+ - "application/json"
+ - "application/octet-stream"
+ produces:
+ - "application/json"
+ parameters:
+ - name: "name"
+ in: "query"
+ description: |
+ Assign the specified name to the container. Must match
+ `/?[a-zA-Z0-9][a-zA-Z0-9_.-]+`.
+ type: "string"
+ pattern: "^/?[a-zA-Z0-9][a-zA-Z0-9_.-]+$"
+ - name: "platform"
+ in: "query"
+ description: |
+ Platform in the format `os[/arch[/variant]]` used for image lookup.
+
+ When specified, the daemon checks if the requested image is present
+ in the local image cache with the given OS and Architecture, and
+ otherwise returns a `404` status.
+
+ If the option is not set, the host's native OS and Architecture are
+ used to look up the image in the image cache. However, if no platform
+ is passed and the given image does exist in the local image cache,
+ but its OS or architecture does not match, the container is created
+ with the available image, and a warning is added to the `Warnings`
+ field in the response, for example;
+
+ WARNING: The requested image's platform (linux/arm64/v8) does not
+ match the detected host platform (linux/amd64) and no
+ specific platform was requested
+
+ type: "string"
+ default: ""
+ - name: "body"
+ in: "body"
+ description: "Container to create"
+ schema:
+ allOf:
+ - $ref: "#/definitions/ContainerConfig"
+ - type: "object"
+ properties:
+ HostConfig:
+ $ref: "#/definitions/HostConfig"
+ NetworkingConfig:
+ $ref: "#/definitions/NetworkingConfig"
+ example:
+ Hostname: ""
+ Domainname: ""
+ User: ""
+ AttachStdin: false
+ AttachStdout: true
+ AttachStderr: true
+ Tty: false
+ OpenStdin: false
+ StdinOnce: false
+ Env:
+ - "FOO=bar"
+ - "BAZ=quux"
+ Cmd:
+ - "date"
+ Entrypoint: ""
+ Image: "ubuntu"
+ Labels:
+ com.example.vendor: "Acme"
+ com.example.license: "GPL"
+ com.example.version: "1.0"
+ Volumes:
+ /volumes/data: {}
+ WorkingDir: ""
+ NetworkDisabled: false
+ MacAddress: "12:34:56:78:9a:bc"
+ ExposedPorts:
+ 22/tcp: {}
+ StopSignal: "SIGTERM"
+ StopTimeout: 10
+ HostConfig:
+ Binds:
+ - "/tmp:/tmp"
+ Links:
+ - "redis3:redis"
+ Memory: 0
+ MemorySwap: 0
+ MemoryReservation: 0
+ NanoCpus: 500000
+ CpuPercent: 80
+ CpuShares: 512
+ CpuPeriod: 100000
+ CpuRealtimePeriod: 1000000
+ CpuRealtimeRuntime: 10000
+ CpuQuota: 50000
+ CpusetCpus: "0,1"
+ CpusetMems: "0,1"
+ MaximumIOps: 0
+ MaximumIOBps: 0
+ BlkioWeight: 300
+ BlkioWeightDevice:
+ - {}
+ BlkioDeviceReadBps:
+ - {}
+ BlkioDeviceReadIOps:
+ - {}
+ BlkioDeviceWriteBps:
+ - {}
+ BlkioDeviceWriteIOps:
+ - {}
+ DeviceRequests:
+ - Driver: "nvidia"
+ Count: -1
+ DeviceIDs": ["0", "1", "GPU-fef8089b-4820-abfc-e83e-94318197576e"]
+ Capabilities: [["gpu", "nvidia", "compute"]]
+ Options:
+ property1: "string"
+ property2: "string"
+ MemorySwappiness: 60
+ OomKillDisable: false
+ OomScoreAdj: 500
+ PidMode: ""
+ PidsLimit: 0
+ PortBindings:
+ 22/tcp:
+ - HostPort: "11022"
+ PublishAllPorts: false
+ Privileged: false
+ ReadonlyRootfs: false
+ Dns:
+ - "8.8.8.8"
+ DnsOptions:
+ - ""
+ DnsSearch:
+ - ""
+ VolumesFrom:
+ - "parent"
+ - "other:ro"
+ CapAdd:
+ - "NET_ADMIN"
+ CapDrop:
+ - "MKNOD"
+ GroupAdd:
+ - "newgroup"
+ RestartPolicy:
+ Name: ""
+ MaximumRetryCount: 0
+ AutoRemove: true
+ NetworkMode: "bridge"
+ Devices: []
+ Ulimits:
+ - {}
+ LogConfig:
+ Type: "json-file"
+ Config: {}
+ SecurityOpt: []
+ StorageOpt: {}
+ CgroupParent: ""
+ VolumeDriver: ""
+ ShmSize: 67108864
+ NetworkingConfig:
+ EndpointsConfig:
+ isolated_nw:
+ IPAMConfig:
+ IPv4Address: "172.20.30.33"
+ IPv6Address: "2001:db8:abcd::3033"
+ LinkLocalIPs:
+ - "169.254.34.68"
+ - "fe80::3468"
+ Links:
+ - "container_1"
+ - "container_2"
+ Aliases:
+ - "server_x"
+ - "server_y"
+ database_nw: {}
+
+ required: true
+ responses:
+ 201:
+ description: "Container created successfully"
+ schema:
+ $ref: "#/definitions/ContainerCreateResponse"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such image"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such image: c2ada9df5af8"
+ 409:
+ description: "conflict"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Container"]
+ /containers/{id}/json:
+ get:
+ summary: "Inspect a container"
+ description: "Return low-level information about a container."
+ operationId: "ContainerInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/ContainerInspectResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "size"
+ in: "query"
+ type: "boolean"
+ default: false
+ description: "Return the size of container as fields `SizeRw` and `SizeRootFs`"
+ tags: ["Container"]
+ /containers/{id}/top:
+ get:
+ summary: "List processes running inside a container"
+ description: |
+ On Unix systems, this is done by running the `ps` command. This endpoint
+ is not supported on Windows.
+ operationId: "ContainerTop"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/ContainerTopResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "ps_args"
+ in: "query"
+ description: "The arguments to pass to `ps`. For example, `aux`"
+ type: "string"
+ default: "-ef"
+ tags: ["Container"]
+ /containers/{id}/logs:
+ get:
+ summary: "Get container logs"
+ description: |
+ Get `stdout` and `stderr` logs from a container.
+
+ Note: This endpoint works only for containers with the `json-file` or
+ `journald` logging driver.
+ produces:
+ - "application/vnd.docker.raw-stream"
+ - "application/vnd.docker.multiplexed-stream"
+ operationId: "ContainerLogs"
+ responses:
+ 200:
+ description: |
+ logs returned as a stream in response body.
+ For the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
+ Note that unlike the attach endpoint, the logs endpoint does not
+ upgrade the connection and does not set Content-Type.
+ schema:
+ type: "string"
+ format: "binary"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "follow"
+ in: "query"
+ description: "Keep connection after returning logs."
+ type: "boolean"
+ default: false
+ - name: "stdout"
+ in: "query"
+ description: "Return logs from `stdout`"
+ type: "boolean"
+ default: false
+ - name: "stderr"
+ in: "query"
+ description: "Return logs from `stderr`"
+ type: "boolean"
+ default: false
+ - name: "since"
+ in: "query"
+ description: "Only return logs since this time, as a UNIX timestamp"
+ type: "integer"
+ default: 0
+ - name: "until"
+ in: "query"
+ description: "Only return logs before this time, as a UNIX timestamp"
+ type: "integer"
+ default: 0
+ - name: "timestamps"
+ in: "query"
+ description: "Add timestamps to every log line"
+ type: "boolean"
+ default: false
+ - name: "tail"
+ in: "query"
+ description: |
+ Only return this number of log lines from the end of the logs.
+ Specify as an integer or `all` to output all log lines.
+ type: "string"
+ default: "all"
+ tags: ["Container"]
+ /containers/{id}/changes:
+ get:
+ summary: "Get changes on a container’s filesystem"
+ description: |
+ Returns which files in a container's filesystem have been added, deleted,
+ or modified. The `Kind` of modification can be one of:
+
+ - `0`: Modified ("C")
+ - `1`: Added ("A")
+ - `2`: Deleted ("D")
+ operationId: "ContainerChanges"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "The list of changes"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/FilesystemChange"
+ examples:
+ application/json:
+ - Path: "/dev"
+ Kind: 0
+ - Path: "/dev/kmsg"
+ Kind: 1
+ - Path: "/test"
+ Kind: 1
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ tags: ["Container"]
+ /containers/{id}/export:
+ get:
+ summary: "Export a container"
+ description: "Export the contents of a container as a tarball."
+ operationId: "ContainerExport"
+ produces:
+ - "application/octet-stream"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ tags: ["Container"]
+ /containers/{id}/stats:
+ get:
+ summary: "Get container stats based on resource usage"
+ description: |
+ This endpoint returns a live stream of a container’s resource usage
+ statistics.
+
+ The `precpu_stats` is the CPU statistic of the *previous* read, and is
+ used to calculate the CPU usage percentage. It is not an exact copy
+ of the `cpu_stats` field.
+
+ If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
+ nil then for compatibility with older daemons the length of the
+ corresponding `cpu_usage.percpu_usage` array should be used.
+
+ On a cgroup v2 host, the following fields are not set
+ * `blkio_stats`: all fields other than `io_service_bytes_recursive`
+ * `cpu_stats`: `cpu_usage.percpu_usage`
+ * `memory_stats`: `max_usage` and `failcnt`
+ Also, `memory_stats.stats` fields are incompatible with cgroup v1.
+
+ To calculate the values shown by the `stats` command of the docker cli tool
+ the following formulas can be used:
+ * used_memory = `memory_stats.usage - memory_stats.stats.cache`
+ * available_memory = `memory_stats.limit`
+ * Memory usage % = `(used_memory / available_memory) * 100.0`
+ * cpu_delta = `cpu_stats.cpu_usage.total_usage - precpu_stats.cpu_usage.total_usage`
+ * system_cpu_delta = `cpu_stats.system_cpu_usage - precpu_stats.system_cpu_usage`
+ * number_cpus = `length(cpu_stats.cpu_usage.percpu_usage)` or `cpu_stats.online_cpus`
+ * CPU usage % = `(cpu_delta / system_cpu_delta) * number_cpus * 100.0`
+ operationId: "ContainerStats"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/ContainerStatsResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "stream"
+ in: "query"
+ description: |
+ Stream the output. If false, the stats will be output once and then
+ it will disconnect.
+ type: "boolean"
+ default: true
+ - name: "one-shot"
+ in: "query"
+ description: |
+ Only get a single stat instead of waiting for 2 cycles. Must be used
+ with `stream=false`.
+ type: "boolean"
+ default: false
+ tags: ["Container"]
+ /containers/{id}/resize:
+ post:
+ summary: "Resize a container TTY"
+ description: "Resize the TTY for a container."
+ operationId: "ContainerResize"
+ consumes:
+ - "application/octet-stream"
+ produces:
+ - "text/plain"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "cannot resize container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "h"
+ in: "query"
+ required: true
+ description: "Height of the TTY session in characters"
+ type: "integer"
+ - name: "w"
+ in: "query"
+ required: true
+ description: "Width of the TTY session in characters"
+ type: "integer"
+ tags: ["Container"]
+ /containers/{id}/start:
+ post:
+ summary: "Start a container"
+ operationId: "ContainerStart"
+ responses:
+ 204:
+ description: "no error"
+ 304:
+ description: "container already started"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "detachKeys"
+ in: "query"
+ description: |
+ Override the key sequence for detaching a container. Format is a
+ single character `[a-Z]` or `ctrl-` where `` is one
+ of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+ type: "string"
+ tags: ["Container"]
+ /containers/{id}/stop:
+ post:
+ summary: "Stop a container"
+ operationId: "ContainerStop"
+ responses:
+ 204:
+ description: "no error"
+ 304:
+ description: "container already stopped"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "signal"
+ in: "query"
+ description: |
+ Signal to send to the container as an integer or string (e.g. `SIGINT`).
+ type: "string"
+ - name: "t"
+ in: "query"
+ description: "Number of seconds to wait before killing the container"
+ type: "integer"
+ tags: ["Container"]
+ /containers/{id}/restart:
+ post:
+ summary: "Restart a container"
+ operationId: "ContainerRestart"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "signal"
+ in: "query"
+ description: |
+ Signal to send to the container as an integer or string (e.g. `SIGINT`).
+ type: "string"
+ - name: "t"
+ in: "query"
+ description: "Number of seconds to wait before killing the container"
+ type: "integer"
+ tags: ["Container"]
+ /containers/{id}/kill:
+ post:
+ summary: "Kill a container"
+ description: |
+ Send a POSIX signal to a container, defaulting to killing to the
+ container.
+ operationId: "ContainerKill"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 409:
+ description: "container is not running"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "Container d37cde0fe4ad63c3a7252023b2f9800282894247d145cb5933ddf6e52cc03a28 is not running"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "signal"
+ in: "query"
+ description: |
+ Signal to send to the container as an integer or string (e.g. `SIGINT`).
+ type: "string"
+ default: "SIGKILL"
+ tags: ["Container"]
+ /containers/{id}/update:
+ post:
+ summary: "Update a container"
+ description: |
+ Change various configuration options of a container without having to
+ recreate it.
+ operationId: "ContainerUpdate"
+ consumes: ["application/json"]
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "The container has been updated."
+ schema:
+ $ref: "#/definitions/ContainerUpdateResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "update"
+ in: "body"
+ required: true
+ schema:
+ allOf:
+ - $ref: "#/definitions/Resources"
+ - type: "object"
+ properties:
+ RestartPolicy:
+ $ref: "#/definitions/RestartPolicy"
+ example:
+ BlkioWeight: 300
+ CpuShares: 512
+ CpuPeriod: 100000
+ CpuQuota: 50000
+ CpuRealtimePeriod: 1000000
+ CpuRealtimeRuntime: 10000
+ CpusetCpus: "0,1"
+ CpusetMems: "0"
+ Memory: 314572800
+ MemorySwap: 514288000
+ MemoryReservation: 209715200
+ RestartPolicy:
+ MaximumRetryCount: 4
+ Name: "on-failure"
+ tags: ["Container"]
+ /containers/{id}/rename:
+ post:
+ summary: "Rename a container"
+ operationId: "ContainerRename"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 409:
+ description: "name already in use"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "name"
+ in: "query"
+ required: true
+ description: "New name for the container"
+ type: "string"
+ tags: ["Container"]
+ /containers/{id}/pause:
+ post:
+ summary: "Pause a container"
+ description: |
+ Use the freezer cgroup to suspend all processes in a container.
+
+ Traditionally, when suspending a process the `SIGSTOP` signal is used,
+ which is observable by the process being suspended. With the freezer
+ cgroup the process is unaware, and unable to capture, that it is being
+ suspended, and subsequently resumed.
+ operationId: "ContainerPause"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ tags: ["Container"]
+ /containers/{id}/unpause:
+ post:
+ summary: "Unpause a container"
+ description: "Resume a container which has been paused."
+ operationId: "ContainerUnpause"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ tags: ["Container"]
+ /containers/{id}/attach:
+ post:
+ summary: "Attach to a container"
+ description: |
+ Attach to a container to read its output or send it input. You can attach
+ to the same container multiple times and you can reattach to containers
+ that have been detached.
+
+ Either the `stream` or `logs` parameter must be `true` for this endpoint
+ to do anything.
+
+ See the [documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/)
+ for more details.
+
+ ### Hijacking
+
+ This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`,
+ and `stderr` on the same socket.
+
+ This is the response from the daemon for an attach request:
+
+ ```
+ HTTP/1.1 200 OK
+ Content-Type: application/vnd.docker.raw-stream
+
+ [STREAM]
+ ```
+
+ After the headers and two new lines, the TCP connection can now be used
+ for raw, bidirectional communication between the client and server.
+
+ To hint potential proxies about connection hijacking, the Docker client
+ can also optionally send connection upgrade headers.
+
+ For example, the client sends this request to upgrade the connection:
+
+ ```
+ POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
+ Upgrade: tcp
+ Connection: Upgrade
+ ```
+
+ The Docker daemon will respond with a `101 UPGRADED` response, and will
+ similarly follow with the raw stream:
+
+ ```
+ HTTP/1.1 101 UPGRADED
+ Content-Type: application/vnd.docker.raw-stream
+ Connection: Upgrade
+ Upgrade: tcp
+
+ [STREAM]
+ ```
+
+ ### Stream format
+
+ When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate),
+ the HTTP Content-Type header is set to application/vnd.docker.multiplexed-stream
+ and the stream over the hijacked connected is multiplexed to separate out
+ `stdout` and `stderr`. The stream consists of a series of frames, each
+ containing a header and a payload.
+
+ The header contains the information which the stream writes (`stdout` or
+ `stderr`). It also contains the size of the associated frame encoded in
+ the last four bytes (`uint32`).
+
+ It is encoded on the first eight bytes like this:
+
+ ```go
+ header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+ ```
+
+ `STREAM_TYPE` can be:
+
+ - 0: `stdin` (is written on `stdout`)
+ - 1: `stdout`
+ - 2: `stderr`
+
+ `SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size
+ encoded as big endian.
+
+ Following the header is the payload, which is the specified number of
+ bytes of `STREAM_TYPE`.
+
+ The simplest way to implement this protocol is the following:
+
+ 1. Read 8 bytes.
+ 2. Choose `stdout` or `stderr` depending on the first byte.
+ 3. Extract the frame size from the last four bytes.
+ 4. Read the extracted size and output it on the correct output.
+ 5. Goto 1.
+
+ ### Stream format when using a TTY
+
+ When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate),
+ the stream is not multiplexed. The data exchanged over the hijacked
+ connection is simply the raw data from the process PTY and client's
+ `stdin`.
+
+ operationId: "ContainerAttach"
+ produces:
+ - "application/vnd.docker.raw-stream"
+ - "application/vnd.docker.multiplexed-stream"
+ responses:
+ 101:
+ description: "no error, hints proxy about hijacking"
+ 200:
+ description: "no error, no upgrade header found"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "detachKeys"
+ in: "query"
+ description: |
+ Override the key sequence for detaching a container.Format is a single
+ character `[a-Z]` or `ctrl-` where `` is one of: `a-z`,
+ `@`, `^`, `[`, `,` or `_`.
+ type: "string"
+ - name: "logs"
+ in: "query"
+ description: |
+ Replay previous logs from the container.
+
+ This is useful for attaching to a container that has started and you
+ want to output everything since the container started.
+
+ If `stream` is also enabled, once all the previous output has been
+ returned, it will seamlessly transition into streaming current
+ output.
+ type: "boolean"
+ default: false
+ - name: "stream"
+ in: "query"
+ description: |
+ Stream attached streams from the time the request was made onwards.
+ type: "boolean"
+ default: false
+ - name: "stdin"
+ in: "query"
+ description: "Attach to `stdin`"
+ type: "boolean"
+ default: false
+ - name: "stdout"
+ in: "query"
+ description: "Attach to `stdout`"
+ type: "boolean"
+ default: false
+ - name: "stderr"
+ in: "query"
+ description: "Attach to `stderr`"
+ type: "boolean"
+ default: false
+ tags: ["Container"]
+ /containers/{id}/attach/ws:
+ get:
+ summary: "Attach to a container via a websocket"
+ operationId: "ContainerAttachWebsocket"
+ responses:
+ 101:
+ description: "no error, hints proxy about hijacking"
+ 200:
+ description: "no error, no upgrade header found"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "detachKeys"
+ in: "query"
+ description: |
+ Override the key sequence for detaching a container.Format is a single
+ character `[a-Z]` or `ctrl-` where `` is one of: `a-z`,
+ `@`, `^`, `[`, `,`, or `_`.
+ type: "string"
+ - name: "logs"
+ in: "query"
+ description: "Return logs"
+ type: "boolean"
+ default: false
+ - name: "stream"
+ in: "query"
+ description: "Return stream"
+ type: "boolean"
+ default: false
+ - name: "stdin"
+ in: "query"
+ description: "Attach to `stdin`"
+ type: "boolean"
+ default: false
+ - name: "stdout"
+ in: "query"
+ description: "Attach to `stdout`"
+ type: "boolean"
+ default: false
+ - name: "stderr"
+ in: "query"
+ description: "Attach to `stderr`"
+ type: "boolean"
+ default: false
+ tags: ["Container"]
+ /containers/{id}/wait:
+ post:
+ summary: "Wait for a container"
+ description: "Block until a container stops, then returns the exit code."
+ operationId: "ContainerWait"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "The container has exit."
+ schema:
+ $ref: "#/definitions/ContainerWaitResponse"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "condition"
+ in: "query"
+ description: |
+ Wait until a container state reaches the given condition.
+
+ Defaults to `not-running` if omitted or empty.
+ type: "string"
+ enum:
+ - "not-running"
+ - "next-exit"
+ - "removed"
+ default: "not-running"
+ tags: ["Container"]
+ /containers/{id}:
+ delete:
+ summary: "Remove a container"
+ operationId: "ContainerDelete"
+ responses:
+ 204:
+ description: "no error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 409:
+ description: "conflict"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: |
+ You cannot remove a running container: c2ada9df5af8. Stop the
+ container before attempting removal or force remove
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "v"
+ in: "query"
+ description: "Remove anonymous volumes associated with the container."
+ type: "boolean"
+ default: false
+ - name: "force"
+ in: "query"
+ description: "If the container is running, kill it before removing it."
+ type: "boolean"
+ default: false
+ - name: "link"
+ in: "query"
+ description: "Remove the specified link associated with the container."
+ type: "boolean"
+ default: false
+ tags: ["Container"]
+ /containers/{id}/archive:
+ head:
+ summary: "Get information about files in a container"
+ description: |
+ A response header `X-Docker-Container-Path-Stat` is returned, containing
+ a base64 - encoded JSON object with some filesystem header information
+ about the path.
+ operationId: "ContainerArchiveInfo"
+ responses:
+ 200:
+ description: "no error"
+ headers:
+ X-Docker-Container-Path-Stat:
+ type: "string"
+ description: |
+ A base64 - encoded JSON object with some filesystem header
+ information about the path
+ 400:
+ description: "Bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "Container or path does not exist"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "path"
+ in: "query"
+ required: true
+ description: "Resource in the container’s filesystem to archive."
+ type: "string"
+ tags: ["Container"]
+ get:
+ summary: "Get an archive of a filesystem resource in a container"
+ description: "Get a tar archive of a resource in the filesystem of container id."
+ operationId: "ContainerArchive"
+ produces: ["application/x-tar"]
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "Bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "Container or path does not exist"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "path"
+ in: "query"
+ required: true
+ description: "Resource in the container’s filesystem to archive."
+ type: "string"
+ tags: ["Container"]
+ put:
+ summary: "Extract an archive of files or folders to a directory in a container"
+ description: |
+ Upload a tar archive to be extracted to a path in the filesystem of container id.
+ `path` parameter is asserted to be a directory. If it exists as a file, 400 error
+ will be returned with message "not a directory".
+ operationId: "PutContainerArchive"
+ consumes: ["application/x-tar", "application/octet-stream"]
+ responses:
+ 200:
+ description: "The content was extracted successfully"
+ 400:
+ description: "Bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "not a directory"
+ 403:
+ description: "Permission denied, the volume or container rootfs is marked as read-only."
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "No such container or path does not exist inside the container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the container"
+ type: "string"
+ - name: "path"
+ in: "query"
+ required: true
+ description: "Path to a directory in the container to extract the archive’s contents into. "
+ type: "string"
+ - name: "noOverwriteDirNonDir"
+ in: "query"
+ description: |
+ If `1`, `true`, or `True` then it will be an error if unpacking the
+ given content would cause an existing directory to be replaced with
+ a non-directory and vice versa.
+ type: "string"
+ - name: "copyUIDGID"
+ in: "query"
+ description: |
+ If `1`, `true`, then it will copy UID/GID maps to the dest file or
+ dir
+ type: "string"
+ - name: "inputStream"
+ in: "body"
+ required: true
+ description: |
+ The input stream must be a tar archive compressed with one of the
+ following algorithms: `identity` (no compression), `gzip`, `bzip2`,
+ or `xz`.
+ schema:
+ type: "string"
+ format: "binary"
+ tags: ["Container"]
+ /containers/prune:
+ post:
+ summary: "Delete stopped containers"
+ produces:
+ - "application/json"
+ operationId: "ContainerPrune"
+ parameters:
+ - name: "filters"
+ in: "query"
+ description: |
+ Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+ Available filters:
+ - `until=` Prune containers created before this timestamp. The `` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+ - `label` (`label=`, `label==`, `label!=`, or `label!==`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
+ type: "string"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "object"
+ title: "ContainerPruneResponse"
+ properties:
+ ContainersDeleted:
+ description: "Container IDs that were deleted"
+ type: "array"
+ items:
+ type: "string"
+ SpaceReclaimed:
+ description: "Disk space reclaimed in bytes"
+ type: "integer"
+ format: "int64"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Container"]
+ /images/json:
+ get:
+ summary: "List Images"
+ description: "Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
+ operationId: "ImageList"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "Summary image data for the images matching the query"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/ImageSummary"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "all"
+ in: "query"
+ description: "Show all images. Only images from a final layer (no children) are shown by default."
+ type: "boolean"
+ default: false
+ - name: "filters"
+ in: "query"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to
+ process on the images list.
+
+ Available filters:
+
+ - `before`=(`[:]`, `` or ``)
+ - `dangling=true`
+ - `label=key` or `label="key=value"` of an image label
+ - `reference`=(`[:]`)
+ - `since`=(`[:]`, `` or ``)
+ - `until=`
+ type: "string"
+ - name: "shared-size"
+ in: "query"
+ description: "Compute and show shared size as a `SharedSize` field on each image."
+ type: "boolean"
+ default: false
+ - name: "digests"
+ in: "query"
+ description: "Show digest information as a `RepoDigests` field on each image."
+ type: "boolean"
+ default: false
+ - name: "manifests"
+ in: "query"
+ description: "Include `Manifests` in the image summary."
+ type: "boolean"
+ default: false
+ tags: ["Image"]
+ /build:
+ post:
+ summary: "Build an image"
+ description: |
+ Build an image from a tar archive with a `Dockerfile` in it.
+
+ The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
+
+ The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
+
+ The build is canceled if the client drops the connection by quitting or being killed.
+ operationId: "ImageBuild"
+ consumes:
+ - "application/octet-stream"
+ produces:
+ - "application/json"
+ parameters:
+ - name: "inputStream"
+ in: "body"
+ description: "A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
+ schema:
+ type: "string"
+ format: "binary"
+ - name: "dockerfile"
+ in: "query"
+ description: "Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an external `Dockerfile`."
+ type: "string"
+ default: "Dockerfile"
+ - name: "t"
+ in: "query"
+ description: "A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
+ type: "string"
+ - name: "extrahosts"
+ in: "query"
+ description: "Extra hosts to add to /etc/hosts"
+ type: "string"
+ - name: "remote"
+ in: "query"
+ description: "A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
+ type: "string"
+ - name: "q"
+ in: "query"
+ description: "Suppress verbose build output."
+ type: "boolean"
+ default: false
+ - name: "nocache"
+ in: "query"
+ description: "Do not use the cache when building the image."
+ type: "boolean"
+ default: false
+ - name: "cachefrom"
+ in: "query"
+ description: "JSON array of images used for build cache resolution."
+ type: "string"
+ - name: "pull"
+ in: "query"
+ description: "Attempt to pull the image even if an older image exists locally."
+ type: "string"
+ - name: "rm"
+ in: "query"
+ description: "Remove intermediate containers after a successful build."
+ type: "boolean"
+ default: true
+ - name: "forcerm"
+ in: "query"
+ description: "Always remove intermediate containers, even upon failure."
+ type: "boolean"
+ default: false
+ - name: "memory"
+ in: "query"
+ description: "Set memory limit for build."
+ type: "integer"
+ - name: "memswap"
+ in: "query"
+ description: "Total memory (memory + swap). Set as `-1` to disable swap."
+ type: "integer"
+ - name: "cpushares"
+ in: "query"
+ description: "CPU shares (relative weight)."
+ type: "integer"
+ - name: "cpusetcpus"
+ in: "query"
+ description: "CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
+ type: "string"
+ - name: "cpuperiod"
+ in: "query"
+ description: "The length of a CPU period in microseconds."
+ type: "integer"
+ - name: "cpuquota"
+ in: "query"
+ description: "Microseconds of CPU time that the container can get in a CPU period."
+ type: "integer"
+ - name: "buildargs"
+ in: "query"
+ description: >
+ JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker
+ uses the buildargs as the environment context for commands run via the `Dockerfile` RUN
+ instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for
+ passing secret values.
+
+
+ For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
+ query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
+
+
+ [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)
+ type: "string"
+ - name: "shmsize"
+ in: "query"
+ description: "Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
+ type: "integer"
+ - name: "squash"
+ in: "query"
+ description: "Squash the resulting images layers into a single layer. *(Experimental release only.)*"
+ type: "boolean"
+ - name: "labels"
+ in: "query"
+ description: "Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
+ type: "string"
+ - name: "networkmode"
+ in: "query"
+ description: |
+ Sets the networking mode for the run commands during build. Supported
+ standard values are: `bridge`, `host`, `none`, and `container:`.
+ Any other value is taken as a custom network's name or ID to which this
+ container should connect to.
+ type: "string"
+ - name: "Content-type"
+ in: "header"
+ type: "string"
+ enum:
+ - "application/x-tar"
+ default: "application/x-tar"
+ - name: "X-Registry-Config"
+ in: "header"
+ description: |
+ This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
+
+ The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
+
+ ```
+ {
+ "docker.example.com": {
+ "username": "janedoe",
+ "password": "hunter2"
+ },
+ "https://index.docker.io/v1/": {
+ "username": "mobydock",
+ "password": "conta1n3rize14"
+ }
+ }
+ ```
+
+ Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
+ type: "string"
+ - name: "platform"
+ in: "query"
+ description: "Platform in the format os[/arch[/variant]]"
+ type: "string"
+ default: ""
+ - name: "target"
+ in: "query"
+ description: "Target build stage"
+ type: "string"
+ default: ""
+ - name: "outputs"
+ in: "query"
+ description: "BuildKit output configuration"
+ type: "string"
+ default: ""
+ - name: "version"
+ in: "query"
+ type: "string"
+ default: "1"
+ enum: ["1", "2"]
+ description: |
+ Version of the builder backend to use.
+
+ - `1` is the first generation classic (deprecated) builder in the Docker daemon (default)
+ - `2` is [BuildKit](https://github.com/moby/buildkit)
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "Bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Image"]
+ /build/prune:
+ post:
+ summary: "Delete builder cache"
+ produces:
+ - "application/json"
+ operationId: "BuildPrune"
+ parameters:
+ - name: "keep-storage"
+ in: "query"
+ description: |
+ Amount of disk space in bytes to keep for cache
+
+ > **Deprecated**: This parameter is deprecated and has been renamed to "reserved-space".
+ > It is kept for backward compatibility and will be removed in API v1.49.
+ type: "integer"
+ format: "int64"
+ - name: "reserved-space"
+ in: "query"
+ description: "Amount of disk space in bytes to keep for cache"
+ type: "integer"
+ format: "int64"
+ - name: "max-used-space"
+ in: "query"
+ description: "Maximum amount of disk space allowed to keep for cache"
+ type: "integer"
+ format: "int64"
+ - name: "min-free-space"
+ in: "query"
+ description: "Target amount of free disk space after pruning"
+ type: "integer"
+ format: "int64"
+ - name: "all"
+ in: "query"
+ type: "boolean"
+ description: "Remove all types of build cache"
+ - name: "filters"
+ in: "query"
+ type: "string"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to
+ process on the list of build cache objects.
+
+ Available filters:
+
+ - `until=` remove cache older than ``. The `` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon's local time.
+ - `id=`
+ - `parent=`
+ - `type=`
+ - `description=`
+ - `inuse`
+ - `shared`
+ - `private`
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "object"
+ title: "BuildPruneResponse"
+ properties:
+ CachesDeleted:
+ type: "array"
+ items:
+ description: "ID of build cache object"
+ type: "string"
+ SpaceReclaimed:
+ description: "Disk space reclaimed in bytes"
+ type: "integer"
+ format: "int64"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Image"]
+ /images/create:
+ post:
+ summary: "Create an image"
+ description: "Pull or import an image."
+ operationId: "ImageCreate"
+ consumes:
+ - "text/plain"
+ - "application/octet-stream"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "repository does not exist or no read access"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "fromImage"
+ in: "query"
+ description: |
+ Name of the image to pull. If the name includes a tag or digest, specific behavior applies:
+
+ - If only `fromImage` includes a tag, that tag is used.
+ - If both `fromImage` and `tag` are provided, `tag` takes precedence.
+ - If `fromImage` includes a digest, the image is pulled by digest, and `tag` is ignored.
+ - If neither a tag nor digest is specified, all tags are pulled.
+ type: "string"
+ - name: "fromSrc"
+ in: "query"
+ description: "Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
+ type: "string"
+ - name: "repo"
+ in: "query"
+ description: "Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
+ type: "string"
+ - name: "tag"
+ in: "query"
+ description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
+ type: "string"
+ - name: "message"
+ in: "query"
+ description: "Set commit message for imported image."
+ type: "string"
+ - name: "inputImage"
+ in: "body"
+ description: "Image content if the value `-` has been specified in fromSrc query parameter"
+ schema:
+ type: "string"
+ required: false
+ - name: "X-Registry-Auth"
+ in: "header"
+ description: |
+ A base64url-encoded auth configuration.
+
+ Refer to the [authentication section](#section/Authentication) for
+ details.
+ type: "string"
+ - name: "changes"
+ in: "query"
+ description: |
+ Apply `Dockerfile` instructions to the image that is created,
+ for example: `changes=ENV DEBUG=true`.
+ Note that `ENV DEBUG=true` should be URI component encoded.
+
+ Supported `Dockerfile` instructions:
+ `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
+ type: "array"
+ items:
+ type: "string"
+ - name: "platform"
+ in: "query"
+ description: |
+ Platform in the format os[/arch[/variant]].
+
+ When used in combination with the `fromImage` option, the daemon checks
+ if the given image is present in the local image cache with the given
+ OS and Architecture, and otherwise attempts to pull the image. If the
+ option is not set, the host's native OS and Architecture are used.
+ If the given image does not exist in the local image cache, the daemon
+ attempts to pull the image with the host's native OS and Architecture.
+ If the given image does exists in the local image cache, but its OS or
+ architecture does not match, a warning is produced.
+
+ When used with the `fromSrc` option to import an image from an archive,
+ this option sets the platform information for the imported image. If
+ the option is not set, the host's native OS and Architecture are used
+ for the imported image.
+ type: "string"
+ default: ""
+ tags: ["Image"]
+ /images/{name}/json:
+ get:
+ summary: "Inspect an image"
+ description: "Return low-level information about an image."
+ operationId: "ImageInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ $ref: "#/definitions/ImageInspect"
+ 404:
+ description: "No such image"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such image: someimage (tag: latest)"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: "Image name or id"
+ type: "string"
+ required: true
+ - name: "manifests"
+ in: "query"
+ description: "Include Manifests in the image summary."
+ type: "boolean"
+ default: false
+ required: false
+ tags: ["Image"]
+ /images/{name}/history:
+ get:
+ summary: "Get the history of an image"
+ description: "Return parent layers of an image."
+ operationId: "ImageHistory"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "List of image layers"
+ schema:
+ type: "array"
+ items:
+ type: "object"
+ x-go-name: HistoryResponseItem
+ title: "HistoryResponseItem"
+ description: "individual image layer information in response to ImageHistory operation"
+ required: [Id, Created, CreatedBy, Tags, Size, Comment]
+ properties:
+ Id:
+ type: "string"
+ x-nullable: false
+ Created:
+ type: "integer"
+ format: "int64"
+ x-nullable: false
+ CreatedBy:
+ type: "string"
+ x-nullable: false
+ Tags:
+ type: "array"
+ items:
+ type: "string"
+ Size:
+ type: "integer"
+ format: "int64"
+ x-nullable: false
+ Comment:
+ type: "string"
+ x-nullable: false
+ examples:
+ application/json:
+ - Id: "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710"
+ Created: 1398108230
+ CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /"
+ Tags:
+ - "ubuntu:lucid"
+ - "ubuntu:10.04"
+ Size: 182964289
+ Comment: ""
+ - Id: "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8"
+ Created: 1398108222
+ CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
+ Tags: []
+ Size: 0
+ Comment: ""
+ - Id: "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+ Created: 1371157430
+ CreatedBy: ""
+ Tags:
+ - "scratch12:latest"
+ - "scratch:latest"
+ Size: 0
+ Comment: "Imported from -"
+ 404:
+ description: "No such image"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: "Image name or ID"
+ type: "string"
+ required: true
+ - name: "platform"
+ type: "string"
+ in: "query"
+ description: |
+ JSON-encoded OCI platform to select the platform-variant.
+ If omitted, it defaults to any locally available platform,
+ prioritizing the daemon's host platform.
+
+ If the daemon provides a multi-platform image store, this selects
+ the platform-variant to show the history for. If the image is
+ a single-platform image, or if the multi-platform image does not
+ provide a variant matching the given platform, an error is returned.
+
+ Example: `{"os": "linux", "architecture": "arm", "variant": "v5"}`
+ tags: ["Image"]
+ /images/{name}/push:
+ post:
+ summary: "Push an image"
+ description: |
+ Push an image to a registry.
+
+ If you wish to push an image on to a private registry, that image must
+ already have a tag which references the registry. For example,
+ `registry.example.com/myimage:latest`.
+
+ The push is cancelled if the HTTP connection is closed.
+ operationId: "ImagePush"
+ consumes:
+ - "application/octet-stream"
+ responses:
+ 200:
+ description: "No error"
+ 404:
+ description: "No such image"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ Name of the image to push. For example, `registry.example.com/myimage`.
+ The image must be present in the local image store with the same name.
+
+ The name should be provided without tag; if a tag is provided, it
+ is ignored. For example, `registry.example.com/myimage:latest` is
+ considered equivalent to `registry.example.com/myimage`.
+
+ Use the `tag` parameter to specify the tag to push.
+ type: "string"
+ required: true
+ - name: "tag"
+ in: "query"
+ description: |
+ Tag of the image to push. For example, `latest`. If no tag is provided,
+ all tags of the given image that are present in the local image store
+ are pushed.
+ type: "string"
+ - name: "platform"
+ type: "string"
+ in: "query"
+ description: |
+ JSON-encoded OCI platform to select the platform-variant to push.
+ If not provided, all available variants will attempt to be pushed.
+
+ If the daemon provides a multi-platform image store, this selects
+ the platform-variant to push to the registry. If the image is
+ a single-platform image, or if the multi-platform image does not
+ provide a variant matching the given platform, an error is returned.
+
+ Example: `{"os": "linux", "architecture": "arm", "variant": "v5"}`
+ - name: "X-Registry-Auth"
+ in: "header"
+ description: |
+ A base64url-encoded auth configuration.
+
+ Refer to the [authentication section](#section/Authentication) for
+ details.
+ type: "string"
+ required: true
+ tags: ["Image"]
+ /images/{name}/tag:
+ post:
+ summary: "Tag an image"
+ description: "Tag an image so that it becomes part of a repository."
+ operationId: "ImageTag"
+ responses:
+ 201:
+ description: "No error"
+ 400:
+ description: "Bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "No such image"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 409:
+ description: "Conflict"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: "Image name or ID to tag."
+ type: "string"
+ required: true
+ - name: "repo"
+ in: "query"
+ description: "The repository to tag in. For example, `someuser/someimage`."
+ type: "string"
+ - name: "tag"
+ in: "query"
+ description: "The name of the new tag."
+ type: "string"
+ tags: ["Image"]
+ /images/{name}:
+ delete:
+ summary: "Remove an image"
+ description: |
+ Remove an image, along with any untagged parent images that were
+ referenced by that image.
+
+ Images can't be removed if they have descendant images, are being
+ used by a running container or are being used by a build.
+ operationId: "ImageDelete"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "The image was deleted successfully"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/ImageDeleteResponseItem"
+ examples:
+ application/json:
+ - Untagged: "3e2f21a89f"
+ - Deleted: "3e2f21a89f"
+ - Deleted: "53b4f83ac9"
+ 404:
+ description: "No such image"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 409:
+ description: "Conflict"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: "Image name or ID"
+ type: "string"
+ required: true
+ - name: "force"
+ in: "query"
+ description: "Remove the image even if it is being used by stopped containers or has other tags"
+ type: "boolean"
+ default: false
+ - name: "noprune"
+ in: "query"
+ description: "Do not delete untagged parent images"
+ type: "boolean"
+ default: false
+ - name: "platforms"
+ in: "query"
+ description: |
+ Select platform-specific content to delete.
+ Multiple values are accepted.
+ Each platform is a OCI platform encoded as a JSON string.
+ type: "array"
+ items:
+ # This should be OCIPlatform
+ # but $ref is not supported for array in query in Swagger 2.0
+ # $ref: "#/definitions/OCIPlatform"
+ type: "string"
+ tags: ["Image"]
+ /images/search:
+ get:
+ summary: "Search images"
+ description: "Search for an image on Docker Hub."
+ operationId: "ImageSearch"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "array"
+ items:
+ type: "object"
+ title: "ImageSearchResponseItem"
+ properties:
+ description:
+ type: "string"
+ is_official:
+ type: "boolean"
+ is_automated:
+ description: |
+ Whether this repository has automated builds enabled.
+
+
+
+ > **Deprecated**: This field is deprecated and will always be "false".
+ type: "boolean"
+ example: false
+ name:
+ type: "string"
+ star_count:
+ type: "integer"
+ examples:
+ application/json:
+ - description: "A minimal Docker image based on Alpine Linux with a complete package index and only 5 MB in size!"
+ is_official: true
+ is_automated: false
+ name: "alpine"
+ star_count: 10093
+ - description: "Busybox base image."
+ is_official: true
+ is_automated: false
+ name: "Busybox base image."
+ star_count: 3037
+ - description: "The PostgreSQL object-relational database system provides reliability and data integrity."
+ is_official: true
+ is_automated: false
+ name: "postgres"
+ star_count: 12408
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "term"
+ in: "query"
+ description: "Term to search"
+ type: "string"
+ required: true
+ - name: "limit"
+ in: "query"
+ description: "Maximum number of results to return"
+ type: "integer"
+ - name: "filters"
+ in: "query"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
+
+ - `is-official=(true|false)`
+ - `stars=` Matches images that has at least 'number' stars.
+ type: "string"
+ tags: ["Image"]
+ /images/prune:
+ post:
+ summary: "Delete unused images"
+ produces:
+ - "application/json"
+ operationId: "ImagePrune"
+ parameters:
+ - name: "filters"
+ in: "query"
+ description: |
+ Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
+
+ - `dangling=` When set to `true` (or `1`), prune only
+ unused *and* untagged images. When set to `false`
+ (or `0`), all unused images are pruned.
+ - `until=` Prune images created before this timestamp. The `` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+ - `label` (`label=`, `label==`, `label!=`, or `label!==`) Prune images with (or without, in case `label!=...` is used) the specified labels.
+ type: "string"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "object"
+ title: "ImagePruneResponse"
+ properties:
+ ImagesDeleted:
+ description: "Images that were deleted"
+ type: "array"
+ items:
+ $ref: "#/definitions/ImageDeleteResponseItem"
+ SpaceReclaimed:
+ description: "Disk space reclaimed in bytes"
+ type: "integer"
+ format: "int64"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Image"]
+ /auth:
+ post:
+ summary: "Check auth configuration"
+ description: |
+ Validate credentials for a registry and, if available, get an identity
+ token for accessing the registry without password.
+ operationId: "SystemAuth"
+ consumes: ["application/json"]
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "An identity token was generated successfully."
+ schema:
+ type: "object"
+ title: "SystemAuthResponse"
+ required: [Status]
+ properties:
+ Status:
+ description: "The status of the authentication"
+ type: "string"
+ x-nullable: false
+ IdentityToken:
+ description: "An opaque token used to authenticate a user after a successful login"
+ type: "string"
+ x-nullable: false
+ examples:
+ application/json:
+ Status: "Login Succeeded"
+ IdentityToken: "9cbaf023786cd7..."
+ 204:
+ description: "No error"
+ 401:
+ description: "Auth error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "authConfig"
+ in: "body"
+ description: "Authentication to check"
+ schema:
+ $ref: "#/definitions/AuthConfig"
+ tags: ["System"]
+ /info:
+ get:
+ summary: "Get system information"
+ operationId: "SystemInfo"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ $ref: "#/definitions/SystemInfo"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["System"]
+ /version:
+ get:
+ summary: "Get version"
+ description: "Returns the version of Docker that is running and various information about the system that Docker is running on."
+ operationId: "SystemVersion"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/SystemVersion"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["System"]
+ /_ping:
+ get:
+ summary: "Ping"
+ description: "This is a dummy endpoint you can use to test if the server is accessible."
+ operationId: "SystemPing"
+ produces: ["text/plain"]
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "string"
+ example: "OK"
+ headers:
+ Api-Version:
+ type: "string"
+ description: "Max API Version the server supports"
+ Builder-Version:
+ type: "string"
+ description: |
+ Default version of docker image builder
+
+ The default on Linux is version "2" (BuildKit), but the daemon
+ can be configured to recommend version "1" (classic Builder).
+ Windows does not yet support BuildKit for native Windows images,
+ and uses "1" (classic builder) as a default.
+
+ This value is a recommendation as advertised by the daemon, and
+ it is up to the client to choose which builder to use.
+ default: "2"
+ Docker-Experimental:
+ type: "boolean"
+ description: "If the server is running with experimental mode enabled"
+ Swarm:
+ type: "string"
+ enum: ["inactive", "pending", "error", "locked", "active/worker", "active/manager"]
+ description: |
+ Contains information about Swarm status of the daemon,
+ and if the daemon is acting as a manager or worker node.
+ default: "inactive"
+ Cache-Control:
+ type: "string"
+ default: "no-cache, no-store, must-revalidate"
+ Pragma:
+ type: "string"
+ default: "no-cache"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ headers:
+ Cache-Control:
+ type: "string"
+ default: "no-cache, no-store, must-revalidate"
+ Pragma:
+ type: "string"
+ default: "no-cache"
+ tags: ["System"]
+ head:
+ summary: "Ping"
+ description: "This is a dummy endpoint you can use to test if the server is accessible."
+ operationId: "SystemPingHead"
+ produces: ["text/plain"]
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "string"
+ example: "(empty)"
+ headers:
+ Api-Version:
+ type: "string"
+ description: "Max API Version the server supports"
+ Builder-Version:
+ type: "string"
+ description: "Default version of docker image builder"
+ Docker-Experimental:
+ type: "boolean"
+ description: "If the server is running with experimental mode enabled"
+ Swarm:
+ type: "string"
+ enum: ["inactive", "pending", "error", "locked", "active/worker", "active/manager"]
+ description: |
+ Contains information about Swarm status of the daemon,
+ and if the daemon is acting as a manager or worker node.
+ default: "inactive"
+ Cache-Control:
+ type: "string"
+ default: "no-cache, no-store, must-revalidate"
+ Pragma:
+ type: "string"
+ default: "no-cache"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["System"]
+ /commit:
+ post:
+ summary: "Create a new image from a container"
+ operationId: "ImageCommit"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/json"
+ responses:
+ 201:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/IDResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "containerConfig"
+ in: "body"
+ description: "The container configuration"
+ schema:
+ $ref: "#/definitions/ContainerConfig"
+ - name: "container"
+ in: "query"
+ description: "The ID or name of the container to commit"
+ type: "string"
+ - name: "repo"
+ in: "query"
+ description: "Repository name for the created image"
+ type: "string"
+ - name: "tag"
+ in: "query"
+ description: "Tag name for the create image"
+ type: "string"
+ - name: "comment"
+ in: "query"
+ description: "Commit message"
+ type: "string"
+ - name: "author"
+ in: "query"
+ description: "Author of the image (e.g., `John Hannibal Smith `)"
+ type: "string"
+ - name: "pause"
+ in: "query"
+ description: "Whether to pause the container before committing"
+ type: "boolean"
+ default: true
+ - name: "changes"
+ in: "query"
+ description: "`Dockerfile` instructions to apply while committing"
+ type: "string"
+ tags: ["Image"]
+ /events:
+ get:
+ summary: "Monitor events"
+ description: |
+ Stream real-time events from the server.
+
+ Various objects within Docker report events when something happens to them.
+
+ Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, `update`, and `prune`
+
+ Images report these events: `create`, `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, `untag`, and `prune`
+
+ Volumes report these events: `create`, `mount`, `unmount`, `destroy`, and `prune`
+
+ Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, `remove`, and `prune`
+
+ The Docker daemon reports these events: `reload`
+
+ Services report these events: `create`, `update`, and `remove`
+
+ Nodes report these events: `create`, `update`, and `remove`
+
+ Secrets report these events: `create`, `update`, and `remove`
+
+ Configs report these events: `create`, `update`, and `remove`
+
+ The Builder reports `prune` events
+
+ operationId: "SystemEvents"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/EventMessage"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "since"
+ in: "query"
+ description: "Show events created since this timestamp then stream new events."
+ type: "string"
+ - name: "until"
+ in: "query"
+ description: "Show events created until this timestamp then stop streaming."
+ type: "string"
+ - name: "filters"
+ in: "query"
+ description: |
+ A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
+
+ - `config=` config name or ID
+ - `container=` container name or ID
+ - `daemon=` daemon name or ID
+ - `event=` event type
+ - `image=` image name or ID
+ - `label=` image or container label
+ - `network=` network name or ID
+ - `node=` node ID
+ - `plugin`= plugin name or ID
+ - `scope`= local or swarm
+ - `secret=` secret name or ID
+ - `service=` service name or ID
+ - `type=` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service`, `secret` or `config`
+ - `volume=` volume name
+ type: "string"
+ tags: ["System"]
+ /system/df:
+ get:
+ summary: "Get data usage information"
+ operationId: "SystemDataUsage"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "object"
+ title: "SystemDataUsageResponse"
+ properties:
+ LayersSize:
+ type: "integer"
+ format: "int64"
+ Images:
+ type: "array"
+ items:
+ $ref: "#/definitions/ImageSummary"
+ Containers:
+ type: "array"
+ items:
+ $ref: "#/definitions/ContainerSummary"
+ Volumes:
+ type: "array"
+ items:
+ $ref: "#/definitions/Volume"
+ BuildCache:
+ type: "array"
+ items:
+ $ref: "#/definitions/BuildCache"
+ example:
+ LayersSize: 1092588
+ Images:
+ -
+ Id: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+ ParentId: ""
+ RepoTags:
+ - "busybox:latest"
+ RepoDigests:
+ - "busybox@sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6"
+ Created: 1466724217
+ Size: 1092588
+ SharedSize: 0
+ Labels: {}
+ Containers: 1
+ Containers:
+ -
+ Id: "e575172ed11dc01bfce087fb27bee502db149e1a0fad7c296ad300bbff178148"
+ Names:
+ - "/top"
+ Image: "busybox"
+ ImageID: "sha256:2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749"
+ Command: "top"
+ Created: 1472592424
+ Ports: []
+ SizeRootFs: 1092588
+ Labels: {}
+ State: "exited"
+ Status: "Exited (0) 56 minutes ago"
+ HostConfig:
+ NetworkMode: "default"
+ NetworkSettings:
+ Networks:
+ bridge:
+ IPAMConfig: null
+ Links: null
+ Aliases: null
+ NetworkID: "d687bc59335f0e5c9ee8193e5612e8aee000c8c62ea170cfb99c098f95899d92"
+ EndpointID: "8ed5115aeaad9abb174f68dcf135b49f11daf597678315231a32ca28441dec6a"
+ Gateway: "172.18.0.1"
+ IPAddress: "172.18.0.2"
+ IPPrefixLen: 16
+ IPv6Gateway: ""
+ GlobalIPv6Address: ""
+ GlobalIPv6PrefixLen: 0
+ MacAddress: "02:42:ac:12:00:02"
+ Mounts: []
+ Volumes:
+ -
+ Name: "my-volume"
+ Driver: "local"
+ Mountpoint: "/var/lib/docker/volumes/my-volume/_data"
+ Labels: null
+ Scope: "local"
+ Options: null
+ UsageData:
+ Size: 10920104
+ RefCount: 2
+ BuildCache:
+ -
+ ID: "hw53o5aio51xtltp5xjp8v7fx"
+ Parents: []
+ Type: "regular"
+ Description: "pulled from docker.io/library/debian@sha256:234cb88d3020898631af0ccbbcca9a66ae7306ecd30c9720690858c1b007d2a0"
+ InUse: false
+ Shared: true
+ Size: 0
+ CreatedAt: "2021-06-28T13:31:01.474619385Z"
+ LastUsedAt: "2021-07-07T22:02:32.738075951Z"
+ UsageCount: 26
+ -
+ ID: "ndlpt0hhvkqcdfkputsk4cq9c"
+ Parents: ["ndlpt0hhvkqcdfkputsk4cq9c"]
+ Type: "regular"
+ Description: "mount / from exec /bin/sh -c echo 'Binary::apt::APT::Keep-Downloaded-Packages \"true\";' > /etc/apt/apt.conf.d/keep-cache"
+ InUse: false
+ Shared: true
+ Size: 51
+ CreatedAt: "2021-06-28T13:31:03.002625487Z"
+ LastUsedAt: "2021-07-07T22:02:32.773909517Z"
+ UsageCount: 26
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "type"
+ in: "query"
+ description: |
+ Object types, for which to compute and return data.
+ type: "array"
+ collectionFormat: multi
+ items:
+ type: "string"
+ enum: ["container", "image", "volume", "build-cache"]
+ tags: ["System"]
+ /images/{name}/get:
+ get:
+ summary: "Export an image"
+ description: |
+ Get a tarball containing all images and metadata for a repository.
+
+ If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
+
+ ### Image tarball format
+
+ An image tarball contains [Content as defined in the OCI Image Layout Specification](https://github.com/opencontainers/image-spec/blob/v1.1.1/image-layout.md#content).
+
+ Additionally, includes the manifest.json file associated with a backwards compatible docker save format.
+
+ If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
+
+ ```json
+ {
+ "hello-world": {
+ "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
+ }
+ }
+ ```
+ operationId: "ImageGet"
+ produces:
+ - "application/x-tar"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "string"
+ format: "binary"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: "Image name or ID"
+ type: "string"
+ required: true
+ - name: "platform"
+ type: "string"
+ in: "query"
+ description: |
+ JSON encoded OCI platform describing a platform which will be used
+ to select a platform-specific image to be saved if the image is
+ multi-platform.
+ If not provided, the full multi-platform image will be saved.
+
+ Example: `{"os": "linux", "architecture": "arm", "variant": "v5"}`
+ tags: ["Image"]
+ /images/get:
+ get:
+ summary: "Export several images"
+ description: |
+ Get a tarball containing all images and metadata for several image
+ repositories.
+
+ For each value of the `names` parameter: if it is a specific name and
+ tag (e.g. `ubuntu:latest`), then only that image (and its parents) are
+ returned; if it is an image ID, similarly only that image (and its parents)
+ are returned and there would be no names referenced in the 'repositories'
+ file for this image ID.
+
+ For details on the format, see the [export image endpoint](#operation/ImageGet).
+ operationId: "ImageGetAll"
+ produces:
+ - "application/x-tar"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "string"
+ format: "binary"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "names"
+ in: "query"
+ description: "Image names to filter by"
+ type: "array"
+ items:
+ type: "string"
+ - name: "platform"
+ type: "string"
+ in: "query"
+ description: |
+ JSON encoded OCI platform describing a platform which will be used
+ to select a platform-specific image to be saved if the image is
+ multi-platform.
+ If not provided, the full multi-platform image will be saved.
+
+ Example: `{"os": "linux", "architecture": "arm", "variant": "v5"}`
+ tags: ["Image"]
+ /images/load:
+ post:
+ summary: "Import images"
+ description: |
+ Load a set of images and tags into a repository.
+
+ For details on the format, see the [export image endpoint](#operation/ImageGet).
+ operationId: "ImageLoad"
+ consumes:
+ - "application/x-tar"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "imagesTarball"
+ in: "body"
+ description: "Tar archive containing images"
+ schema:
+ type: "string"
+ format: "binary"
+ - name: "quiet"
+ in: "query"
+ description: "Suppress progress details during load."
+ type: "boolean"
+ default: false
+ - name: "platform"
+ type: "string"
+ in: "query"
+ description: |
+ JSON encoded OCI platform describing a platform which will be used
+ to select a platform-specific image to be load if the image is
+ multi-platform.
+ If not provided, the full multi-platform image will be loaded.
+
+ Example: `{"os": "linux", "architecture": "arm", "variant": "v5"}`
+ tags: ["Image"]
+ /containers/{id}/exec:
+ post:
+ summary: "Create an exec instance"
+ description: "Run a command inside a running container."
+ operationId: "ContainerExec"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/json"
+ responses:
+ 201:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/IDResponse"
+ 404:
+ description: "no such container"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such container: c2ada9df5af8"
+ 409:
+ description: "container is paused"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "execConfig"
+ in: "body"
+ description: "Exec configuration"
+ schema:
+ type: "object"
+ title: "ExecConfig"
+ properties:
+ AttachStdin:
+ type: "boolean"
+ description: "Attach to `stdin` of the exec command."
+ AttachStdout:
+ type: "boolean"
+ description: "Attach to `stdout` of the exec command."
+ AttachStderr:
+ type: "boolean"
+ description: "Attach to `stderr` of the exec command."
+ ConsoleSize:
+ type: "array"
+ description: "Initial console size, as an `[height, width]` array."
+ x-nullable: true
+ minItems: 2
+ maxItems: 2
+ items:
+ type: "integer"
+ minimum: 0
+ example: [80, 64]
+ DetachKeys:
+ type: "string"
+ description: |
+ Override the key sequence for detaching a container. Format is
+ a single character `[a-Z]` or `ctrl-` where ``
+ is one of: `a-z`, `@`, `^`, `[`, `,` or `_`.
+ Tty:
+ type: "boolean"
+ description: "Allocate a pseudo-TTY."
+ Env:
+ description: |
+ A list of environment variables in the form `["VAR=value", ...]`.
+ type: "array"
+ items:
+ type: "string"
+ Cmd:
+ type: "array"
+ description: "Command to run, as a string or array of strings."
+ items:
+ type: "string"
+ Privileged:
+ type: "boolean"
+ description: "Runs the exec process with extended privileges."
+ default: false
+ User:
+ type: "string"
+ description: |
+ The user, and optionally, group to run the exec process inside
+ the container. Format is one of: `user`, `user:group`, `uid`,
+ or `uid:gid`.
+ WorkingDir:
+ type: "string"
+ description: |
+ The working directory for the exec process inside the container.
+ example:
+ AttachStdin: false
+ AttachStdout: true
+ AttachStderr: true
+ DetachKeys: "ctrl-p,ctrl-q"
+ Tty: false
+ Cmd:
+ - "date"
+ Env:
+ - "FOO=bar"
+ - "BAZ=quux"
+ required: true
+ - name: "id"
+ in: "path"
+ description: "ID or name of container"
+ type: "string"
+ required: true
+ tags: ["Exec"]
+ /exec/{id}/start:
+ post:
+ summary: "Start an exec instance"
+ description: |
+ Starts a previously set up exec instance. If detach is true, this endpoint
+ returns immediately after starting the command. Otherwise, it sets up an
+ interactive session with the command.
+ operationId: "ExecStart"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/vnd.docker.raw-stream"
+ - "application/vnd.docker.multiplexed-stream"
+ responses:
+ 200:
+ description: "No error"
+ 404:
+ description: "No such exec instance"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 409:
+ description: "Container is stopped or paused"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "execStartConfig"
+ in: "body"
+ schema:
+ type: "object"
+ title: "ExecStartConfig"
+ properties:
+ Detach:
+ type: "boolean"
+ description: "Detach from the command."
+ example: false
+ Tty:
+ type: "boolean"
+ description: "Allocate a pseudo-TTY."
+ example: true
+ ConsoleSize:
+ type: "array"
+ description: "Initial console size, as an `[height, width]` array."
+ x-nullable: true
+ minItems: 2
+ maxItems: 2
+ items:
+ type: "integer"
+ minimum: 0
+ example: [80, 64]
+ - name: "id"
+ in: "path"
+ description: "Exec instance ID"
+ required: true
+ type: "string"
+ tags: ["Exec"]
+ /exec/{id}/resize:
+ post:
+ summary: "Resize an exec instance"
+ description: |
+ Resize the TTY session used by an exec instance. This endpoint only works
+ if `tty` was specified as part of creating and starting the exec instance.
+ operationId: "ExecResize"
+ responses:
+ 200:
+ description: "No error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "No such exec instance"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "Exec instance ID"
+ required: true
+ type: "string"
+ - name: "h"
+ in: "query"
+ required: true
+ description: "Height of the TTY session in characters"
+ type: "integer"
+ - name: "w"
+ in: "query"
+ required: true
+ description: "Width of the TTY session in characters"
+ type: "integer"
+ tags: ["Exec"]
+ /exec/{id}/json:
+ get:
+ summary: "Inspect an exec instance"
+ description: "Return low-level information about an exec instance."
+ operationId: "ExecInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "object"
+ title: "ExecInspectResponse"
+ properties:
+ CanRemove:
+ type: "boolean"
+ DetachKeys:
+ type: "string"
+ ID:
+ type: "string"
+ Running:
+ type: "boolean"
+ ExitCode:
+ type: "integer"
+ ProcessConfig:
+ $ref: "#/definitions/ProcessConfig"
+ OpenStdin:
+ type: "boolean"
+ OpenStderr:
+ type: "boolean"
+ OpenStdout:
+ type: "boolean"
+ ContainerID:
+ type: "string"
+ Pid:
+ type: "integer"
+ description: "The system process ID for the exec process."
+ examples:
+ application/json:
+ CanRemove: false
+ ContainerID: "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126"
+ DetachKeys: ""
+ ExitCode: 2
+ ID: "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b"
+ OpenStderr: true
+ OpenStdin: true
+ OpenStdout: true
+ ProcessConfig:
+ arguments:
+ - "-c"
+ - "exit 2"
+ entrypoint: "sh"
+ privileged: false
+ tty: true
+ user: "1000"
+ Running: false
+ Pid: 42000
+ 404:
+ description: "No such exec instance"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "Exec instance ID"
+ required: true
+ type: "string"
+ tags: ["Exec"]
+
+ /volumes:
+ get:
+ summary: "List volumes"
+ operationId: "VolumeList"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "Summary volume data that matches the query"
+ schema:
+ $ref: "#/definitions/VolumeListResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ description: |
+ JSON encoded value of the filters (a `map[string][]string`) to
+ process on the volumes list. Available filters:
+
+ - `dangling=` When set to `true` (or `1`), returns all
+ volumes that are not in use by a container. When set to `false`
+ (or `0`), only volumes that are in use by one or more
+ containers are returned.
+ - `driver=` Matches volumes based on their driver.
+ - `label=` or `label=:` Matches volumes based on
+ the presence of a `label` alone or a `label` and a value.
+ - `name=` Matches all or part of a volume name.
+ type: "string"
+ format: "json"
+ tags: ["Volume"]
+
+ /volumes/create:
+ post:
+ summary: "Create a volume"
+ operationId: "VolumeCreate"
+ consumes: ["application/json"]
+ produces: ["application/json"]
+ responses:
+ 201:
+ description: "The volume was created successfully"
+ schema:
+ $ref: "#/definitions/Volume"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "volumeConfig"
+ in: "body"
+ required: true
+ description: "Volume configuration"
+ schema:
+ $ref: "#/definitions/VolumeCreateOptions"
+ tags: ["Volume"]
+
+ /volumes/{name}:
+ get:
+ summary: "Inspect a volume"
+ operationId: "VolumeInspect"
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ $ref: "#/definitions/Volume"
+ 404:
+ description: "No such volume"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ required: true
+ description: "Volume name or ID"
+ type: "string"
+ tags: ["Volume"]
+
+ put:
+ summary: |
+ "Update a volume. Valid only for Swarm cluster volumes"
+ operationId: "VolumeUpdate"
+ consumes: ["application/json"]
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such volume"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: "The name or ID of the volume"
+ type: "string"
+ required: true
+ - name: "body"
+ in: "body"
+ schema:
+ # though the schema for is an object that contains only a
+ # ClusterVolumeSpec, wrapping the ClusterVolumeSpec in this object
+ # means that if, later on, we support things like changing the
+ # labels, we can do so without duplicating that information to the
+ # ClusterVolumeSpec.
+ type: "object"
+ description: "Volume configuration"
+ properties:
+ Spec:
+ $ref: "#/definitions/ClusterVolumeSpec"
+ description: |
+ The spec of the volume to update. Currently, only Availability may
+ change. All other fields must remain unchanged.
+ - name: "version"
+ in: "query"
+ description: |
+ The version number of the volume being updated. This is required to
+ avoid conflicting writes. Found in the volume's `ClusterVolume`
+ field.
+ type: "integer"
+ format: "int64"
+ required: true
+ tags: ["Volume"]
+
+ delete:
+ summary: "Remove a volume"
+ description: "Instruct the driver to remove the volume."
+ operationId: "VolumeDelete"
+ responses:
+ 204:
+ description: "The volume was removed"
+ 404:
+ description: "No such volume or volume driver"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 409:
+ description: "Volume is in use and cannot be removed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ required: true
+ description: "Volume name or ID"
+ type: "string"
+ - name: "force"
+ in: "query"
+ description: "Force the removal of the volume"
+ type: "boolean"
+ default: false
+ tags: ["Volume"]
+
+ /volumes/prune:
+ post:
+ summary: "Delete unused volumes"
+ produces:
+ - "application/json"
+ operationId: "VolumePrune"
+ parameters:
+ - name: "filters"
+ in: "query"
+ description: |
+ Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+ Available filters:
+ - `label` (`label=`, `label==`, `label!=`, or `label!==`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
+ - `all` (`all=true`) - Consider all (local) volumes for pruning and not just anonymous volumes.
+ type: "string"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "object"
+ title: "VolumePruneResponse"
+ properties:
+ VolumesDeleted:
+ description: "Volumes that were deleted"
+ type: "array"
+ items:
+ type: "string"
+ SpaceReclaimed:
+ description: "Disk space reclaimed in bytes"
+ type: "integer"
+ format: "int64"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Volume"]
+ /networks:
+ get:
+ summary: "List networks"
+ description: |
+ Returns a list of networks. For details on the format, see the
+ [network inspect endpoint](#operation/NetworkInspect).
+
+ Note that it uses a different, smaller representation of a network than
+ inspecting a single network. For example, the list of containers attached
+ to the network is not propagated in API versions 1.28 and up.
+ operationId: "NetworkList"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/Network"
+ examples:
+ application/json:
+ - Name: "bridge"
+ Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566"
+ Created: "2016-10-19T06:21:00.416543526Z"
+ Scope: "local"
+ Driver: "bridge"
+ EnableIPv4: true
+ EnableIPv6: false
+ Internal: false
+ Attachable: false
+ Ingress: false
+ IPAM:
+ Driver: "default"
+ Config:
+ -
+ Subnet: "172.17.0.0/16"
+ Options:
+ com.docker.network.bridge.default_bridge: "true"
+ com.docker.network.bridge.enable_icc: "true"
+ com.docker.network.bridge.enable_ip_masquerade: "true"
+ com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+ com.docker.network.bridge.name: "docker0"
+ com.docker.network.driver.mtu: "1500"
+ - Name: "none"
+ Id: "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794"
+ Created: "0001-01-01T00:00:00Z"
+ Scope: "local"
+ Driver: "null"
+ EnableIPv4: false
+ EnableIPv6: false
+ Internal: false
+ Attachable: false
+ Ingress: false
+ IPAM:
+ Driver: "default"
+ Config: []
+ Containers: {}
+ Options: {}
+ - Name: "host"
+ Id: "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e"
+ Created: "0001-01-01T00:00:00Z"
+ Scope: "local"
+ Driver: "host"
+ EnableIPv4: false
+ EnableIPv6: false
+ Internal: false
+ Attachable: false
+ Ingress: false
+ IPAM:
+ Driver: "default"
+ Config: []
+ Containers: {}
+ Options: {}
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ description: |
+ JSON encoded value of the filters (a `map[string][]string`) to process
+ on the networks list.
+
+ Available filters:
+
+ - `dangling=` When set to `true` (or `1`), returns all
+ networks that are not in use by a container. When set to `false`
+ (or `0`), only networks that are in use by one or more
+ containers are returned.
+ - `driver=` Matches a network's driver.
+ - `id=` Matches all or part of a network ID.
+ - `label=` or `label==` of a network label.
+ - `name=` Matches all or part of a network name.
+ - `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
+ - `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
+ type: "string"
+ tags: ["Network"]
+
+ /networks/{id}:
+ get:
+ summary: "Inspect a network"
+ operationId: "NetworkInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ $ref: "#/definitions/Network"
+ 404:
+ description: "Network not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "Network ID or name"
+ required: true
+ type: "string"
+ - name: "verbose"
+ in: "query"
+ description: "Detailed inspect output for troubleshooting"
+ type: "boolean"
+ default: false
+ - name: "scope"
+ in: "query"
+ description: "Filter the network by scope (swarm, global, or local)"
+ type: "string"
+ tags: ["Network"]
+
+ delete:
+ summary: "Remove a network"
+ operationId: "NetworkDelete"
+ responses:
+ 204:
+ description: "No error"
+ 403:
+ description: "operation not supported for pre-defined networks"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such network"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "Network ID or name"
+ required: true
+ type: "string"
+ tags: ["Network"]
+
+ /networks/create:
+ post:
+ summary: "Create a network"
+ operationId: "NetworkCreate"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/json"
+ responses:
+ 201:
+ description: "Network created successfully"
+ schema:
+ $ref: "#/definitions/NetworkCreateResponse"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 403:
+ description: |
+ Forbidden operation. This happens when trying to create a network named after a pre-defined network,
+ or when trying to create an overlay network on a daemon which is not part of a Swarm cluster.
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "plugin not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "networkConfig"
+ in: "body"
+ description: "Network configuration"
+ required: true
+ schema:
+ type: "object"
+ title: "NetworkCreateRequest"
+ required: ["Name"]
+ properties:
+ Name:
+ description: "The network's name."
+ type: "string"
+ example: "my_network"
+ Driver:
+ description: "Name of the network driver plugin to use."
+ type: "string"
+ default: "bridge"
+ example: "bridge"
+ Scope:
+ description: |
+ The level at which the network exists (e.g. `swarm` for cluster-wide
+ or `local` for machine level).
+ type: "string"
+ Internal:
+ description: "Restrict external access to the network."
+ type: "boolean"
+ Attachable:
+ description: |
+ Globally scoped network is manually attachable by regular
+ containers from workers in swarm mode.
+ type: "boolean"
+ example: true
+ Ingress:
+ description: |
+ Ingress network is the network which provides the routing-mesh
+ in swarm mode.
+ type: "boolean"
+ example: false
+ ConfigOnly:
+ description: |
+ Creates a config-only network. Config-only networks are placeholder
+ networks for network configurations to be used by other networks.
+ Config-only networks cannot be used directly to run containers
+ or services.
+ type: "boolean"
+ default: false
+ example: false
+ ConfigFrom:
+ description: |
+ Specifies the source which will provide the configuration for
+ this network. The specified network must be an existing
+ config-only network; see ConfigOnly.
+ $ref: "#/definitions/ConfigReference"
+ IPAM:
+ description: "Optional custom IP scheme for the network."
+ $ref: "#/definitions/IPAM"
+ EnableIPv4:
+ description: "Enable IPv4 on the network."
+ type: "boolean"
+ example: true
+ EnableIPv6:
+ description: "Enable IPv6 on the network."
+ type: "boolean"
+ example: true
+ Options:
+ description: "Network specific options to be used by the drivers."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ example:
+ com.docker.network.bridge.default_bridge: "true"
+ com.docker.network.bridge.enable_icc: "true"
+ com.docker.network.bridge.enable_ip_masquerade: "true"
+ com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
+ com.docker.network.bridge.name: "docker0"
+ com.docker.network.driver.mtu: "1500"
+ Labels:
+ description: "User-defined key/value metadata."
+ type: "object"
+ additionalProperties:
+ type: "string"
+ example:
+ com.example.some-label: "some-value"
+ com.example.some-other-label: "some-other-value"
+ tags: ["Network"]
+
+ /networks/{id}/connect:
+ post:
+ summary: "Connect a container to a network"
+ description: "The network must be either a local-scoped network or a swarm-scoped network with the `attachable` option set. A network cannot be re-attached to a running container"
+ operationId: "NetworkConnect"
+ consumes:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 403:
+ description: "Operation forbidden"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "Network or container not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "Network ID or name"
+ required: true
+ type: "string"
+ - name: "container"
+ in: "body"
+ required: true
+ schema:
+ type: "object"
+ title: "NetworkConnectRequest"
+ properties:
+ Container:
+ type: "string"
+ description: "The ID or name of the container to connect to the network."
+ EndpointConfig:
+ $ref: "#/definitions/EndpointSettings"
+ example:
+ Container: "3613f73ba0e4"
+ EndpointConfig:
+ IPAMConfig:
+ IPv4Address: "172.24.56.89"
+ IPv6Address: "2001:db8::5689"
+ MacAddress: "02:42:ac:12:05:02"
+ Priority: 100
+ tags: ["Network"]
+
+ /networks/{id}/disconnect:
+ post:
+ summary: "Disconnect a container from a network"
+ operationId: "NetworkDisconnect"
+ consumes:
+ - "application/json"
+ responses:
+ 200:
+ description: "No error"
+ 403:
+ description: "Operation not supported for swarm scoped networks"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "Network or container not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "Network ID or name"
+ required: true
+ type: "string"
+ - name: "container"
+ in: "body"
+ required: true
+ schema:
+ type: "object"
+ title: "NetworkDisconnectRequest"
+ properties:
+ Container:
+ type: "string"
+ description: |
+ The ID or name of the container to disconnect from the network.
+ Force:
+ type: "boolean"
+ description: |
+ Force the container to disconnect from the network.
+ tags: ["Network"]
+ /networks/prune:
+ post:
+ summary: "Delete unused networks"
+ produces:
+ - "application/json"
+ operationId: "NetworkPrune"
+ parameters:
+ - name: "filters"
+ in: "query"
+ description: |
+ Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
+
+ Available filters:
+ - `until=` Prune networks created before this timestamp. The `` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
+ - `label` (`label=`, `label==`, `label!=`, or `label!==`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
+ type: "string"
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "object"
+ title: "NetworkPruneResponse"
+ properties:
+ NetworksDeleted:
+ description: "Networks that were deleted"
+ type: "array"
+ items:
+ type: "string"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Network"]
+ /plugins:
+ get:
+ summary: "List plugins"
+ operationId: "PluginList"
+ description: "Returns information about installed plugins."
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "No error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/Plugin"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ type: "string"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to
+ process on the plugin list.
+
+ Available filters:
+
+ - `capability=`
+ - `enable=|`
+ tags: ["Plugin"]
+
+ /plugins/privileges:
+ get:
+ summary: "Get plugin privileges"
+ operationId: "GetPluginPrivileges"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginPrivilege"
+ example:
+ - Name: "network"
+ Description: ""
+ Value:
+ - "host"
+ - Name: "mount"
+ Description: ""
+ Value:
+ - "/data"
+ - Name: "device"
+ Description: ""
+ Value:
+ - "/dev/cpu_dma_latency"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "remote"
+ in: "query"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ tags:
+ - "Plugin"
+
+ /plugins/pull:
+ post:
+ summary: "Install a plugin"
+ operationId: "PluginPull"
+ description: |
+ Pulls and installs a plugin. After the plugin is installed, it can be
+ enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
+ produces:
+ - "application/json"
+ responses:
+ 204:
+ description: "no error"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "remote"
+ in: "query"
+ description: |
+ Remote reference for plugin to install.
+
+ The `:latest` tag is optional, and is used as the default if omitted.
+ required: true
+ type: "string"
+ - name: "name"
+ in: "query"
+ description: |
+ Local name for the pulled plugin.
+
+ The `:latest` tag is optional, and is used as the default if omitted.
+ required: false
+ type: "string"
+ - name: "X-Registry-Auth"
+ in: "header"
+ description: |
+ A base64url-encoded auth configuration to use when pulling a plugin
+ from a registry.
+
+ Refer to the [authentication section](#section/Authentication) for
+ details.
+ type: "string"
+ - name: "body"
+ in: "body"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginPrivilege"
+ example:
+ - Name: "network"
+ Description: ""
+ Value:
+ - "host"
+ - Name: "mount"
+ Description: ""
+ Value:
+ - "/data"
+ - Name: "device"
+ Description: ""
+ Value:
+ - "/dev/cpu_dma_latency"
+ tags: ["Plugin"]
+ /plugins/{name}/json:
+ get:
+ summary: "Inspect a plugin"
+ operationId: "PluginInspect"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Plugin"
+ 404:
+ description: "plugin is not installed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ tags: ["Plugin"]
+ /plugins/{name}:
+ delete:
+ summary: "Remove a plugin"
+ operationId: "PluginDelete"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Plugin"
+ 404:
+ description: "plugin is not installed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ - name: "force"
+ in: "query"
+ description: |
+ Disable the plugin before removing. This may result in issues if the
+ plugin is in use by a container.
+ type: "boolean"
+ default: false
+ tags: ["Plugin"]
+ /plugins/{name}/enable:
+ post:
+ summary: "Enable a plugin"
+ operationId: "PluginEnable"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "plugin is not installed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ - name: "timeout"
+ in: "query"
+ description: "Set the HTTP client timeout (in seconds)"
+ type: "integer"
+ default: 0
+ tags: ["Plugin"]
+ /plugins/{name}/disable:
+ post:
+ summary: "Disable a plugin"
+ operationId: "PluginDisable"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "plugin is not installed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ - name: "force"
+ in: "query"
+ description: |
+ Force disable a plugin even if still in use.
+ required: false
+ type: "boolean"
+ tags: ["Plugin"]
+ /plugins/{name}/upgrade:
+ post:
+ summary: "Upgrade a plugin"
+ operationId: "PluginUpgrade"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "plugin not installed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ - name: "remote"
+ in: "query"
+ description: |
+ Remote reference to upgrade to.
+
+ The `:latest` tag is optional, and is used as the default if omitted.
+ required: true
+ type: "string"
+ - name: "X-Registry-Auth"
+ in: "header"
+ description: |
+ A base64url-encoded auth configuration to use when pulling a plugin
+ from a registry.
+
+ Refer to the [authentication section](#section/Authentication) for
+ details.
+ type: "string"
+ - name: "body"
+ in: "body"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/PluginPrivilege"
+ example:
+ - Name: "network"
+ Description: ""
+ Value:
+ - "host"
+ - Name: "mount"
+ Description: ""
+ Value:
+ - "/data"
+ - Name: "device"
+ Description: ""
+ Value:
+ - "/dev/cpu_dma_latency"
+ tags: ["Plugin"]
+ /plugins/create:
+ post:
+ summary: "Create a plugin"
+ operationId: "PluginCreate"
+ consumes:
+ - "application/x-tar"
+ responses:
+ 204:
+ description: "no error"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "query"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ - name: "tarContext"
+ in: "body"
+ description: "Path to tar containing plugin rootfs and manifest"
+ schema:
+ type: "string"
+ format: "binary"
+ tags: ["Plugin"]
+ /plugins/{name}/push:
+ post:
+ summary: "Push a plugin"
+ operationId: "PluginPush"
+ description: |
+ Push a plugin to the registry.
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "plugin not installed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Plugin"]
+ /plugins/{name}/set:
+ post:
+ summary: "Configure a plugin"
+ operationId: "PluginSet"
+ consumes:
+ - "application/json"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: |
+ The name of the plugin. The `:latest` tag is optional, and is the
+ default if omitted.
+ required: true
+ type: "string"
+ - name: "body"
+ in: "body"
+ schema:
+ type: "array"
+ items:
+ type: "string"
+ example: ["DEBUG=1"]
+ responses:
+ 204:
+ description: "No error"
+ 404:
+ description: "Plugin not installed"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Plugin"]
+ /nodes:
+ get:
+ summary: "List nodes"
+ operationId: "NodeList"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/Node"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ description: |
+ Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
+
+ Available filters:
+ - `id=`
+ - `label=`
+ - `membership=`(`accepted`|`pending`)`
+ - `name=`
+ - `node.label=`
+ - `role=`(`manager`|`worker`)`
+ type: "string"
+ tags: ["Node"]
+ /nodes/{id}:
+ get:
+ summary: "Inspect a node"
+ operationId: "NodeInspect"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Node"
+ 404:
+ description: "no such node"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "The ID or name of the node"
+ type: "string"
+ required: true
+ tags: ["Node"]
+ delete:
+ summary: "Delete a node"
+ operationId: "NodeDelete"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "no such node"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "The ID or name of the node"
+ type: "string"
+ required: true
+ - name: "force"
+ in: "query"
+ description: "Force remove a node from the swarm"
+ default: false
+ type: "boolean"
+ tags: ["Node"]
+ /nodes/{id}/update:
+ post:
+ summary: "Update a node"
+ operationId: "NodeUpdate"
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such node"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "The ID of the node"
+ type: "string"
+ required: true
+ - name: "body"
+ in: "body"
+ schema:
+ $ref: "#/definitions/NodeSpec"
+ - name: "version"
+ in: "query"
+ description: |
+ The version number of the node object being updated. This is required
+ to avoid conflicting writes.
+ type: "integer"
+ format: "int64"
+ required: true
+ tags: ["Node"]
+ /swarm:
+ get:
+ summary: "Inspect swarm"
+ operationId: "SwarmInspect"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Swarm"
+ 404:
+ description: "no such swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Swarm"]
+ /swarm/init:
+ post:
+ summary: "Initialize a new swarm"
+ operationId: "SwarmInit"
+ produces:
+ - "application/json"
+ - "text/plain"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ description: "The node ID"
+ type: "string"
+ example: "7v2t30z9blmxuhnyo6s4cpenp"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is already part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "body"
+ in: "body"
+ required: true
+ schema:
+ type: "object"
+ title: "SwarmInitRequest"
+ properties:
+ ListenAddr:
+ description: |
+ Listen address used for inter-manager communication, as well
+ as determining the networking interface used for the VXLAN
+ Tunnel Endpoint (VTEP). This can either be an address/port
+ combination in the form `192.168.1.1:4567`, or an interface
+ followed by a port number, like `eth0:4567`. If the port number
+ is omitted, the default swarm listening port is used.
+ type: "string"
+ AdvertiseAddr:
+ description: |
+ Externally reachable address advertised to other nodes. This
+ can either be an address/port combination in the form
+ `192.168.1.1:4567`, or an interface followed by a port number,
+ like `eth0:4567`. If the port number is omitted, the port
+ number from the listen address is used. If `AdvertiseAddr` is
+ not specified, it will be automatically detected when possible.
+ type: "string"
+ DataPathAddr:
+ description: |
+ Address or interface to use for data path traffic (format:
+ ``), for example, `192.168.1.1`, or an interface,
+ like `eth0`. If `DataPathAddr` is unspecified, the same address
+ as `AdvertiseAddr` is used.
+
+ The `DataPathAddr` specifies the address that global scope
+ network drivers will publish towards other nodes in order to
+ reach the containers running on this node. Using this parameter
+ it is possible to separate the container data traffic from the
+ management traffic of the cluster.
+ type: "string"
+ DataPathPort:
+ description: |
+ DataPathPort specifies the data path port number for data traffic.
+ Acceptable port range is 1024 to 49151.
+ if no port is set or is set to 0, default port 4789 will be used.
+ type: "integer"
+ format: "uint32"
+ DefaultAddrPool:
+ description: |
+ Default Address Pool specifies default subnet pools for global
+ scope networks.
+ type: "array"
+ items:
+ type: "string"
+ example: ["10.10.0.0/16", "20.20.0.0/16"]
+ ForceNewCluster:
+ description: "Force creation of a new swarm."
+ type: "boolean"
+ SubnetSize:
+ description: |
+ SubnetSize specifies the subnet size of the networks created
+ from the default subnet pool.
+ type: "integer"
+ format: "uint32"
+ Spec:
+ $ref: "#/definitions/SwarmSpec"
+ example:
+ ListenAddr: "0.0.0.0:2377"
+ AdvertiseAddr: "192.168.1.1:2377"
+ DataPathPort: 4789
+ DefaultAddrPool: ["10.10.0.0/8", "20.20.0.0/8"]
+ SubnetSize: 24
+ ForceNewCluster: false
+ Spec:
+ Orchestration: {}
+ Raft: {}
+ Dispatcher: {}
+ CAConfig: {}
+ EncryptionConfig:
+ AutoLockManagers: false
+ tags: ["Swarm"]
+ /swarm/join:
+ post:
+ summary: "Join an existing swarm"
+ operationId: "SwarmJoin"
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is already part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "body"
+ in: "body"
+ required: true
+ schema:
+ type: "object"
+ title: "SwarmJoinRequest"
+ properties:
+ ListenAddr:
+ description: |
+ Listen address used for inter-manager communication if the node
+ gets promoted to manager, as well as determining the networking
+ interface used for the VXLAN Tunnel Endpoint (VTEP).
+ type: "string"
+ AdvertiseAddr:
+ description: |
+ Externally reachable address advertised to other nodes. This
+ can either be an address/port combination in the form
+ `192.168.1.1:4567`, or an interface followed by a port number,
+ like `eth0:4567`. If the port number is omitted, the port
+ number from the listen address is used. If `AdvertiseAddr` is
+ not specified, it will be automatically detected when possible.
+ type: "string"
+ DataPathAddr:
+ description: |
+ Address or interface to use for data path traffic (format:
+ ``), for example, `192.168.1.1`, or an interface,
+ like `eth0`. If `DataPathAddr` is unspecified, the same address
+ as `AdvertiseAddr` is used.
+
+ The `DataPathAddr` specifies the address that global scope
+ network drivers will publish towards other nodes in order to
+ reach the containers running on this node. Using this parameter
+ it is possible to separate the container data traffic from the
+ management traffic of the cluster.
+
+ type: "string"
+ RemoteAddrs:
+ description: |
+ Addresses of manager nodes already participating in the swarm.
+ type: "array"
+ items:
+ type: "string"
+ JoinToken:
+ description: "Secret token for joining this swarm."
+ type: "string"
+ example:
+ ListenAddr: "0.0.0.0:2377"
+ AdvertiseAddr: "192.168.1.1:2377"
+ DataPathAddr: "192.168.1.1"
+ RemoteAddrs:
+ - "node1:2377"
+ JoinToken: "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
+ tags: ["Swarm"]
+ /swarm/leave:
+ post:
+ summary: "Leave a swarm"
+ operationId: "SwarmLeave"
+ responses:
+ 200:
+ description: "no error"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "force"
+ description: |
+ Force leave swarm, even if this is the last manager or that it will
+ break the cluster.
+ in: "query"
+ type: "boolean"
+ default: false
+ tags: ["Swarm"]
+ /swarm/update:
+ post:
+ summary: "Update a swarm"
+ operationId: "SwarmUpdate"
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "body"
+ in: "body"
+ required: true
+ schema:
+ $ref: "#/definitions/SwarmSpec"
+ - name: "version"
+ in: "query"
+ description: |
+ The version number of the swarm object being updated. This is
+ required to avoid conflicting writes.
+ type: "integer"
+ format: "int64"
+ required: true
+ - name: "rotateWorkerToken"
+ in: "query"
+ description: "Rotate the worker join token."
+ type: "boolean"
+ default: false
+ - name: "rotateManagerToken"
+ in: "query"
+ description: "Rotate the manager join token."
+ type: "boolean"
+ default: false
+ - name: "rotateManagerUnlockKey"
+ in: "query"
+ description: "Rotate the manager unlock key."
+ type: "boolean"
+ default: false
+ tags: ["Swarm"]
+ /swarm/unlockkey:
+ get:
+ summary: "Get the unlock key"
+ operationId: "SwarmUnlockkey"
+ consumes:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "object"
+ title: "UnlockKeyResponse"
+ properties:
+ UnlockKey:
+ description: "The swarm's unlock key."
+ type: "string"
+ example:
+ UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Swarm"]
+ /swarm/unlock:
+ post:
+ summary: "Unlock a locked manager"
+ operationId: "SwarmUnlock"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/json"
+ parameters:
+ - name: "body"
+ in: "body"
+ required: true
+ schema:
+ type: "object"
+ title: "SwarmUnlockRequest"
+ properties:
+ UnlockKey:
+ description: "The swarm's unlock key."
+ type: "string"
+ example:
+ UnlockKey: "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
+ responses:
+ 200:
+ description: "no error"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Swarm"]
+ /services:
+ get:
+ summary: "List services"
+ operationId: "ServiceList"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/Service"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ type: "string"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to
+ process on the services list.
+
+ Available filters:
+
+ - `id=`
+ - `label=`
+ - `mode=["replicated"|"global"]`
+ - `name=`
+ - name: "status"
+ in: "query"
+ type: "boolean"
+ description: |
+ Include service status, with count of running and desired tasks.
+ tags: ["Service"]
+ /services/create:
+ post:
+ summary: "Create a service"
+ operationId: "ServiceCreate"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/json"
+ responses:
+ 201:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/ServiceCreateResponse"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 403:
+ description: "network is not eligible for services"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 409:
+ description: "name conflicts with an existing service"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "body"
+ in: "body"
+ required: true
+ schema:
+ allOf:
+ - $ref: "#/definitions/ServiceSpec"
+ - type: "object"
+ example:
+ Name: "web"
+ TaskTemplate:
+ ContainerSpec:
+ Image: "nginx:alpine"
+ Mounts:
+ -
+ ReadOnly: true
+ Source: "web-data"
+ Target: "/usr/share/nginx/html"
+ Type: "volume"
+ VolumeOptions:
+ DriverConfig: {}
+ Labels:
+ com.example.something: "something-value"
+ Hosts: ["10.10.10.10 host1", "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2"]
+ User: "33"
+ DNSConfig:
+ Nameservers: ["8.8.8.8"]
+ Search: ["example.org"]
+ Options: ["timeout:3"]
+ Secrets:
+ -
+ File:
+ Name: "www.example.org.key"
+ UID: "33"
+ GID: "33"
+ Mode: 384
+ SecretID: "fpjqlhnwb19zds35k8wn80lq9"
+ SecretName: "example_org_domain_key"
+ OomScoreAdj: 0
+ LogDriver:
+ Name: "json-file"
+ Options:
+ max-file: "3"
+ max-size: "10M"
+ Placement: {}
+ Resources:
+ Limits:
+ MemoryBytes: 104857600
+ Reservations: {}
+ RestartPolicy:
+ Condition: "on-failure"
+ Delay: 10000000000
+ MaxAttempts: 10
+ Mode:
+ Replicated:
+ Replicas: 4
+ UpdateConfig:
+ Parallelism: 2
+ Delay: 1000000000
+ FailureAction: "pause"
+ Monitor: 15000000000
+ MaxFailureRatio: 0.15
+ RollbackConfig:
+ Parallelism: 1
+ Delay: 1000000000
+ FailureAction: "pause"
+ Monitor: 15000000000
+ MaxFailureRatio: 0.15
+ EndpointSpec:
+ Ports:
+ -
+ Protocol: "tcp"
+ PublishedPort: 8080
+ TargetPort: 80
+ Labels:
+ foo: "bar"
+ - name: "X-Registry-Auth"
+ in: "header"
+ description: |
+ A base64url-encoded auth configuration for pulling from private
+ registries.
+
+ Refer to the [authentication section](#section/Authentication) for
+ details.
+ type: "string"
+ tags: ["Service"]
+ /services/{id}:
+ get:
+ summary: "Inspect a service"
+ operationId: "ServiceInspect"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Service"
+ 404:
+ description: "no such service"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "ID or name of service."
+ required: true
+ type: "string"
+ - name: "insertDefaults"
+ in: "query"
+ description: "Fill empty fields with default values."
+ type: "boolean"
+ default: false
+ tags: ["Service"]
+ delete:
+ summary: "Delete a service"
+ operationId: "ServiceDelete"
+ responses:
+ 200:
+ description: "no error"
+ 404:
+ description: "no such service"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "ID or name of service."
+ required: true
+ type: "string"
+ tags: ["Service"]
+ /services/{id}/update:
+ post:
+ summary: "Update a service"
+ operationId: "ServiceUpdate"
+ consumes: ["application/json"]
+ produces: ["application/json"]
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/ServiceUpdateResponse"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such service"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "ID or name of service."
+ required: true
+ type: "string"
+ - name: "body"
+ in: "body"
+ required: true
+ schema:
+ allOf:
+ - $ref: "#/definitions/ServiceSpec"
+ - type: "object"
+ example:
+ Name: "top"
+ TaskTemplate:
+ ContainerSpec:
+ Image: "busybox"
+ Args:
+ - "top"
+ OomScoreAdj: 0
+ Resources:
+ Limits: {}
+ Reservations: {}
+ RestartPolicy:
+ Condition: "any"
+ MaxAttempts: 0
+ Placement: {}
+ ForceUpdate: 0
+ Mode:
+ Replicated:
+ Replicas: 1
+ UpdateConfig:
+ Parallelism: 2
+ Delay: 1000000000
+ FailureAction: "pause"
+ Monitor: 15000000000
+ MaxFailureRatio: 0.15
+ RollbackConfig:
+ Parallelism: 1
+ Delay: 1000000000
+ FailureAction: "pause"
+ Monitor: 15000000000
+ MaxFailureRatio: 0.15
+ EndpointSpec:
+ Mode: "vip"
+
+ - name: "version"
+ in: "query"
+ description: |
+ The version number of the service object being updated. This is
+ required to avoid conflicting writes.
+ This version number should be the value as currently set on the
+ service *before* the update. You can find the current version by
+ calling `GET /services/{id}`
+ required: true
+ type: "integer"
+ - name: "registryAuthFrom"
+ in: "query"
+ description: |
+ If the `X-Registry-Auth` header is not specified, this parameter
+ indicates where to find registry authorization credentials.
+ type: "string"
+ enum: ["spec", "previous-spec"]
+ default: "spec"
+ - name: "rollback"
+ in: "query"
+ description: |
+ Set to this parameter to `previous` to cause a server-side rollback
+ to the previous service spec. The supplied spec will be ignored in
+ this case.
+ type: "string"
+ - name: "X-Registry-Auth"
+ in: "header"
+ description: |
+ A base64url-encoded auth configuration for pulling from private
+ registries.
+
+ Refer to the [authentication section](#section/Authentication) for
+ details.
+ type: "string"
+
+ tags: ["Service"]
+ /services/{id}/logs:
+ get:
+ summary: "Get service logs"
+ description: |
+ Get `stdout` and `stderr` logs from a service. See also
+ [`/containers/{id}/logs`](#operation/ContainerLogs).
+
+ **Note**: This endpoint works only for services with the `local`,
+ `json-file` or `journald` logging drivers.
+ produces:
+ - "application/vnd.docker.raw-stream"
+ - "application/vnd.docker.multiplexed-stream"
+ operationId: "ServiceLogs"
+ responses:
+ 200:
+ description: "logs returned as a stream in response body"
+ schema:
+ type: "string"
+ format: "binary"
+ 404:
+ description: "no such service"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such service: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID or name of the service"
+ type: "string"
+ - name: "details"
+ in: "query"
+ description: "Show service context and extra details provided to logs."
+ type: "boolean"
+ default: false
+ - name: "follow"
+ in: "query"
+ description: "Keep connection after returning logs."
+ type: "boolean"
+ default: false
+ - name: "stdout"
+ in: "query"
+ description: "Return logs from `stdout`"
+ type: "boolean"
+ default: false
+ - name: "stderr"
+ in: "query"
+ description: "Return logs from `stderr`"
+ type: "boolean"
+ default: false
+ - name: "since"
+ in: "query"
+ description: "Only return logs since this time, as a UNIX timestamp"
+ type: "integer"
+ default: 0
+ - name: "timestamps"
+ in: "query"
+ description: "Add timestamps to every log line"
+ type: "boolean"
+ default: false
+ - name: "tail"
+ in: "query"
+ description: |
+ Only return this number of log lines from the end of the logs.
+ Specify as an integer or `all` to output all log lines.
+ type: "string"
+ default: "all"
+ tags: ["Service"]
+ /tasks:
+ get:
+ summary: "List tasks"
+ operationId: "TaskList"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/Task"
+ example:
+ - ID: "0kzzo1i0y4jz6027t0k7aezc7"
+ Version:
+ Index: 71
+ CreatedAt: "2016-06-07T21:07:31.171892745Z"
+ UpdatedAt: "2016-06-07T21:07:31.376370513Z"
+ Spec:
+ ContainerSpec:
+ Image: "redis"
+ Resources:
+ Limits: {}
+ Reservations: {}
+ RestartPolicy:
+ Condition: "any"
+ MaxAttempts: 0
+ Placement: {}
+ ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+ Slot: 1
+ NodeID: "60gvrl6tm78dmak4yl7srz94v"
+ Status:
+ Timestamp: "2016-06-07T21:07:31.290032978Z"
+ State: "running"
+ Message: "started"
+ ContainerStatus:
+ ContainerID: "e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035"
+ PID: 677
+ DesiredState: "running"
+ NetworksAttachments:
+ - Network:
+ ID: "4qvuz4ko70xaltuqbt8956gd1"
+ Version:
+ Index: 18
+ CreatedAt: "2016-06-07T20:31:11.912919752Z"
+ UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+ Spec:
+ Name: "ingress"
+ Labels:
+ com.docker.swarm.internal: "true"
+ DriverConfiguration: {}
+ IPAMOptions:
+ Driver: {}
+ Configs:
+ - Subnet: "10.255.0.0/16"
+ Gateway: "10.255.0.1"
+ DriverState:
+ Name: "overlay"
+ Options:
+ com.docker.network.driver.overlay.vxlanid_list: "256"
+ IPAMOptions:
+ Driver:
+ Name: "default"
+ Configs:
+ - Subnet: "10.255.0.0/16"
+ Gateway: "10.255.0.1"
+ Addresses:
+ - "10.255.0.10/16"
+ - ID: "1yljwbmlr8er2waf8orvqpwms"
+ Version:
+ Index: 30
+ CreatedAt: "2016-06-07T21:07:30.019104782Z"
+ UpdatedAt: "2016-06-07T21:07:30.231958098Z"
+ Name: "hopeful_cori"
+ Spec:
+ ContainerSpec:
+ Image: "redis"
+ Resources:
+ Limits: {}
+ Reservations: {}
+ RestartPolicy:
+ Condition: "any"
+ MaxAttempts: 0
+ Placement: {}
+ ServiceID: "9mnpnzenvg8p8tdbtq4wvbkcz"
+ Slot: 1
+ NodeID: "60gvrl6tm78dmak4yl7srz94v"
+ Status:
+ Timestamp: "2016-06-07T21:07:30.202183143Z"
+ State: "shutdown"
+ Message: "shutdown"
+ ContainerStatus:
+ ContainerID: "1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213"
+ DesiredState: "shutdown"
+ NetworksAttachments:
+ - Network:
+ ID: "4qvuz4ko70xaltuqbt8956gd1"
+ Version:
+ Index: 18
+ CreatedAt: "2016-06-07T20:31:11.912919752Z"
+ UpdatedAt: "2016-06-07T21:07:29.955277358Z"
+ Spec:
+ Name: "ingress"
+ Labels:
+ com.docker.swarm.internal: "true"
+ DriverConfiguration: {}
+ IPAMOptions:
+ Driver: {}
+ Configs:
+ - Subnet: "10.255.0.0/16"
+ Gateway: "10.255.0.1"
+ DriverState:
+ Name: "overlay"
+ Options:
+ com.docker.network.driver.overlay.vxlanid_list: "256"
+ IPAMOptions:
+ Driver:
+ Name: "default"
+ Configs:
+ - Subnet: "10.255.0.0/16"
+ Gateway: "10.255.0.1"
+ Addresses:
+ - "10.255.0.5/16"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ type: "string"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to
+ process on the tasks list.
+
+ Available filters:
+
+ - `desired-state=(running | shutdown | accepted)`
+ - `id=`
+ - `label=key` or `label="key=value"`
+ - `name=`
+ - `node=`
+ - `service=`
+ tags: ["Task"]
+ /tasks/{id}:
+ get:
+ summary: "Inspect a task"
+ operationId: "TaskInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Task"
+ 404:
+ description: "no such task"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "ID of the task"
+ required: true
+ type: "string"
+ tags: ["Task"]
+ /tasks/{id}/logs:
+ get:
+ summary: "Get task logs"
+ description: |
+ Get `stdout` and `stderr` logs from a task.
+ See also [`/containers/{id}/logs`](#operation/ContainerLogs).
+
+ **Note**: This endpoint works only for services with the `local`,
+ `json-file` or `journald` logging drivers.
+ operationId: "TaskLogs"
+ produces:
+ - "application/vnd.docker.raw-stream"
+ - "application/vnd.docker.multiplexed-stream"
+ responses:
+ 200:
+ description: "logs returned as a stream in response body"
+ schema:
+ type: "string"
+ format: "binary"
+ 404:
+ description: "no such task"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such task: c2ada9df5af8"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ description: "ID of the task"
+ type: "string"
+ - name: "details"
+ in: "query"
+ description: "Show task context and extra details provided to logs."
+ type: "boolean"
+ default: false
+ - name: "follow"
+ in: "query"
+ description: "Keep connection after returning logs."
+ type: "boolean"
+ default: false
+ - name: "stdout"
+ in: "query"
+ description: "Return logs from `stdout`"
+ type: "boolean"
+ default: false
+ - name: "stderr"
+ in: "query"
+ description: "Return logs from `stderr`"
+ type: "boolean"
+ default: false
+ - name: "since"
+ in: "query"
+ description: "Only return logs since this time, as a UNIX timestamp"
+ type: "integer"
+ default: 0
+ - name: "timestamps"
+ in: "query"
+ description: "Add timestamps to every log line"
+ type: "boolean"
+ default: false
+ - name: "tail"
+ in: "query"
+ description: |
+ Only return this number of log lines from the end of the logs.
+ Specify as an integer or `all` to output all log lines.
+ type: "string"
+ default: "all"
+ tags: ["Task"]
+ /secrets:
+ get:
+ summary: "List secrets"
+ operationId: "SecretList"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/Secret"
+ example:
+ - ID: "blt1owaxmitz71s9v5zh81zun"
+ Version:
+ Index: 85
+ CreatedAt: "2017-07-20T13:55:28.678958722Z"
+ UpdatedAt: "2017-07-20T13:55:28.678958722Z"
+ Spec:
+ Name: "mysql-passwd"
+ Labels:
+ some.label: "some.value"
+ Driver:
+ Name: "secret-bucket"
+ Options:
+ OptionA: "value for driver option A"
+ OptionB: "value for driver option B"
+ - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+ Version:
+ Index: 11
+ CreatedAt: "2016-11-05T01:20:17.327670065Z"
+ UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+ Spec:
+ Name: "app-dev.crt"
+ Labels:
+ foo: "bar"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ type: "string"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to
+ process on the secrets list.
+
+ Available filters:
+
+ - `id=`
+ - `label= or label==value`
+ - `name=`
+ - `names=`
+ tags: ["Secret"]
+ /secrets/create:
+ post:
+ summary: "Create a secret"
+ operationId: "SecretCreate"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/json"
+ responses:
+ 201:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/IDResponse"
+ 409:
+ description: "name conflicts with an existing object"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "body"
+ in: "body"
+ schema:
+ allOf:
+ - $ref: "#/definitions/SecretSpec"
+ - type: "object"
+ example:
+ Name: "app-key.crt"
+ Labels:
+ foo: "bar"
+ Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+ Driver:
+ Name: "secret-bucket"
+ Options:
+ OptionA: "value for driver option A"
+ OptionB: "value for driver option B"
+ tags: ["Secret"]
+ /secrets/{id}:
+ get:
+ summary: "Inspect a secret"
+ operationId: "SecretInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Secret"
+ examples:
+ application/json:
+ ID: "ktnbjxoalbkvbvedmg1urrz8h"
+ Version:
+ Index: 11
+ CreatedAt: "2016-11-05T01:20:17.327670065Z"
+ UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+ Spec:
+ Name: "app-dev.crt"
+ Labels:
+ foo: "bar"
+ Driver:
+ Name: "secret-bucket"
+ Options:
+ OptionA: "value for driver option A"
+ OptionB: "value for driver option B"
+
+ 404:
+ description: "secret not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ type: "string"
+ description: "ID of the secret"
+ tags: ["Secret"]
+ delete:
+ summary: "Delete a secret"
+ operationId: "SecretDelete"
+ produces:
+ - "application/json"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "secret not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ type: "string"
+ description: "ID of the secret"
+ tags: ["Secret"]
+ /secrets/{id}/update:
+ post:
+ summary: "Update a Secret"
+ operationId: "SecretUpdate"
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such secret"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "The ID or name of the secret"
+ type: "string"
+ required: true
+ - name: "body"
+ in: "body"
+ schema:
+ $ref: "#/definitions/SecretSpec"
+ description: |
+ The spec of the secret to update. Currently, only the Labels field
+ can be updated. All other fields must remain unchanged from the
+ [SecretInspect endpoint](#operation/SecretInspect) response values.
+ - name: "version"
+ in: "query"
+ description: |
+ The version number of the secret object being updated. This is
+ required to avoid conflicting writes.
+ type: "integer"
+ format: "int64"
+ required: true
+ tags: ["Secret"]
+ /configs:
+ get:
+ summary: "List configs"
+ operationId: "ConfigList"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ type: "array"
+ items:
+ $ref: "#/definitions/Config"
+ example:
+ - ID: "ktnbjxoalbkvbvedmg1urrz8h"
+ Version:
+ Index: 11
+ CreatedAt: "2016-11-05T01:20:17.327670065Z"
+ UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+ Spec:
+ Name: "server.conf"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "filters"
+ in: "query"
+ type: "string"
+ description: |
+ A JSON encoded value of the filters (a `map[string][]string`) to
+ process on the configs list.
+
+ Available filters:
+
+ - `id=`
+ - `label= or label==value`
+ - `name=`
+ - `names=`
+ tags: ["Config"]
+ /configs/create:
+ post:
+ summary: "Create a config"
+ operationId: "ConfigCreate"
+ consumes:
+ - "application/json"
+ produces:
+ - "application/json"
+ responses:
+ 201:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/IDResponse"
+ 409:
+ description: "name conflicts with an existing object"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "body"
+ in: "body"
+ schema:
+ allOf:
+ - $ref: "#/definitions/ConfigSpec"
+ - type: "object"
+ example:
+ Name: "server.conf"
+ Labels:
+ foo: "bar"
+ Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
+ tags: ["Config"]
+ /configs/{id}:
+ get:
+ summary: "Inspect a config"
+ operationId: "ConfigInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "no error"
+ schema:
+ $ref: "#/definitions/Config"
+ examples:
+ application/json:
+ ID: "ktnbjxoalbkvbvedmg1urrz8h"
+ Version:
+ Index: 11
+ CreatedAt: "2016-11-05T01:20:17.327670065Z"
+ UpdatedAt: "2016-11-05T01:20:17.327670065Z"
+ Spec:
+ Name: "app-dev.crt"
+ 404:
+ description: "config not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ type: "string"
+ description: "ID of the config"
+ tags: ["Config"]
+ delete:
+ summary: "Delete a config"
+ operationId: "ConfigDelete"
+ produces:
+ - "application/json"
+ responses:
+ 204:
+ description: "no error"
+ 404:
+ description: "config not found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ required: true
+ type: "string"
+ description: "ID of the config"
+ tags: ["Config"]
+ /configs/{id}/update:
+ post:
+ summary: "Update a Config"
+ operationId: "ConfigUpdate"
+ responses:
+ 200:
+ description: "no error"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 404:
+ description: "no such config"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 503:
+ description: "node is not part of a swarm"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "id"
+ in: "path"
+ description: "The ID or name of the config"
+ type: "string"
+ required: true
+ - name: "body"
+ in: "body"
+ schema:
+ $ref: "#/definitions/ConfigSpec"
+ description: |
+ The spec of the config to update. Currently, only the Labels field
+ can be updated. All other fields must remain unchanged from the
+ [ConfigInspect endpoint](#operation/ConfigInspect) response values.
+ - name: "version"
+ in: "query"
+ description: |
+ The version number of the config object being updated. This is
+ required to avoid conflicting writes.
+ type: "integer"
+ format: "int64"
+ required: true
+ tags: ["Config"]
+ /distribution/{name}/json:
+ get:
+ summary: "Get image information from the registry"
+ description: |
+ Return image digest and platform information by contacting the registry.
+ operationId: "DistributionInspect"
+ produces:
+ - "application/json"
+ responses:
+ 200:
+ description: "descriptor and platform information"
+ schema:
+ $ref: "#/definitions/DistributionInspect"
+ 401:
+ description: "Failed authentication or no image found"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ examples:
+ application/json:
+ message: "No such image: someimage (tag: latest)"
+ 500:
+ description: "Server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ parameters:
+ - name: "name"
+ in: "path"
+ description: "Image name or id"
+ type: "string"
+ required: true
+ tags: ["Distribution"]
+ /session:
+ post:
+ summary: "Initialize interactive session"
+ description: |
+ Start a new interactive session with a server. Session allows server to
+ call back to the client for advanced capabilities.
+
+ ### Hijacking
+
+ This endpoint hijacks the HTTP connection to HTTP2 transport that allows
+ the client to expose gPRC services on that connection.
+
+ For example, the client sends this request to upgrade the connection:
+
+ ```
+ POST /session HTTP/1.1
+ Upgrade: h2c
+ Connection: Upgrade
+ ```
+
+ The Docker daemon responds with a `101 UPGRADED` response follow with
+ the raw stream:
+
+ ```
+ HTTP/1.1 101 UPGRADED
+ Connection: Upgrade
+ Upgrade: h2c
+ ```
+ operationId: "Session"
+ produces:
+ - "application/vnd.docker.raw-stream"
+ responses:
+ 101:
+ description: "no error, hijacking successful"
+ 400:
+ description: "bad parameter"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ 500:
+ description: "server error"
+ schema:
+ $ref: "#/definitions/ErrorResponse"
+ tags: ["Session"]
diff --git a/_vendor/github.com/moby/moby/docs/api/version-history.md b/_vendor/github.com/moby/moby/docs/api/version-history.md
index 2caf12e737c..4e295e45268 100644
--- a/_vendor/github.com/moby/moby/docs/api/version-history.md
+++ b/_vendor/github.com/moby/moby/docs/api/version-history.md
@@ -13,6 +13,14 @@ keywords: "API, Docker, rcli, REST, documentation"
will be rejected.
-->
+## v1.51 API changes
+
+[Docker Engine API v1.51](https://docs.docker.com/reference/api/engine/version/v1.51/) documentation
+
+* `GET /images/json` now sets the value of `Containers` field for all images
+ to the count of containers using the image.
+ This field was previously always -1.
+
## v1.50 API changes
[Docker Engine API v1.50](https://docs.docker.com/reference/api/engine/version/v1.50/) documentation
diff --git a/_vendor/modules.txt b/_vendor/modules.txt
index 8af292064cd..707bee928b7 100644
--- a/_vendor/modules.txt
+++ b/_vendor/modules.txt
@@ -1,7 +1,7 @@
-# github.com/moby/moby v28.2.1+incompatible
-# github.com/moby/buildkit v0.22.0
-# github.com/docker/buildx v0.24.0
-# github.com/docker/cli v28.2.2+incompatible
-# github.com/docker/compose/v2 v2.37.2
+# github.com/moby/moby v28.3.0+incompatible
+# github.com/moby/buildkit v0.23.1
+# github.com/docker/buildx v0.25.0
+# github.com/docker/cli v28.3.0+incompatible
+# github.com/docker/compose/v2 v2.37.3
# github.com/docker/model-cli v0.1.26-0.20250527144806-15d0078a3c01
# github.com/docker/scout-cli v1.15.0
diff --git a/content/contribute/ui.md b/content/contribute/ui.md
index d2b72144ed7..c83efd458ac 100644
--- a/content/contribute/ui.md
+++ b/content/contribute/ui.md
@@ -1,45 +1,73 @@
---
title: UI elements in content
-description: How to refer and interact with UI content
-keywords: ui, contribute, style guide
+description: How to refer to and write about UI elements in technical documentation.
+keywords: ui, contribute, style guide, docker docs
weight: 40
---
-This page contains information on how to write technical content that involves a user interface (UI).
+Use this guide when writing documentation that refers to buttons, fields, menus, dialogs, or other user interface (UI) elements. It explains how to format UI terms, write task-focused instructions, and refer to common UI patterns consistently and clearly.
-## Format names of UI elements
+## Format UI element names
-Always bold UI elements when referring to them by name.
+Use bold formatting for the visible names of UI elements:
-This includes names for buttons, menus, dialogs, windows, list items, or any other feature on the page that has a visible name.
+- Buttons
+- Dialogs
+- Windows
+- Tabs
+- Menu items
+- List items
+- Form labels
+- Section headings
-Don't make an official feature name or product name bold, except when it directly refers to an element on the page that uses the name, such as a window title or button name.
+For example:
-In most cases, follow the capitalization as it appears on the page. However, if labels are inconsistent or they're all uppercase, use sentence case.
+*Select **Create**, then fill out the **Name** field.*
-## Focus on the task
+Do not bold product names or features unless they appear exactly as a label in the UI.
-When practical, state instructions in terms of what the user should accomplish, rather than focusing on the widgets and gestures. By avoiding reference to UI elements, you help the user understand the purpose of an instruction, and it can help future-proof procedures.
+### Capitalization
-|Correct |Incorrect |
-|:-----------|:------------|
-|Expand the **Advanced options** section | Select the zippy to expand the **Advanced options** section|
+- Follow the capitalization as it appears in the UI.
+- If UI labels are all uppercase or inconsistent, use sentence case in your docs for readability.
+## Write task-focused instructions
-## Refer to UI elements
+When possible, guide users based on what they’re trying to do, not just what they should select. This makes docs more goal-oriented and adaptable to UI changes.
-Don't use UI elements as if they were English verbs or nouns.
+| Do this | Avoid this |
+|----------------------------------|-------------------------------------------|
+| Expand the **Advanced options** section. | Select the zippy to expand the **Advanced options** section. |
+| Choose a base image for your container. | Select a dropdown and pick something. |
-|Correct |Incorrect |
-|:-----------|:------------|
-|In the **Name** field, enter an account name. | **Name** the account.|
-|To save the settings, select **Save**.| **Save** the settings.|
-## Prepositions
+## Use correct prepositions with UI elements
-When documenting the UI, use the following prepositions.
+Choose the right preposition based on the type of UI element you're referencing.
-|Preposition |UI element | Example |
-|:-----------|:------------|:-----------|
-|in | dialogs
fields
lists
menus
panes
windows
| In the **Alert** dialog, select **OK**.
In the **Name** field, enter `wsfc-1`.
In the **Item** list, select **Desktop**.
In the **File** menu, click **Tools**.
In the **Metrics** pane, select **New**.
In the **Task** window, select **Start**. |
-| on |pages
tabs
toolbars | On the **Create an instance** page, select **Add**.
On the **Edit** tab, select **Save**.
On the **Dashboard toolbar**, select **Edit**.
|
+| Preposition | Use with... | Example |
+|-------------|--------------------------------|---------|
+| **in** | dialogs, fields, lists, menus, panes, windows | In the **Name** field, enter your project name. |
+| **on** | pages, tabs, toolbars | On the **Settings** tab, select **General**. |
+
+
+## Use consistent UI element terms
+
+Use these standard terms when referring to elements in Docker products:
+
+| Preferred Term | Use When Referring To... |
+|---------------------|----------------------------------------------|
+| **button** | A clickable action element (e.g., **Start**) |
+| **field** | A place to enter text or select a value |
+| **menu** / **menu item** | A drop-down or navigation option |
+| **drop-down** | A drop-down menu item |
+| **context switcher** | Specific to toggling on cloud mode |
+| **tab** | A selectable view within a window or page |
+| **dialog** | A popup window for confirmations or options |
+| **section** | A logical grouping of content on a page |
+| **list** / **list item** | A scrollable list of selectable entries |
+| **toggle** | A binary control (on/off) |
+| **checkbox** | A multi-select control |
+| **tooltip** | Text that appears on hover |
+
+Finally, instead of saying “click the control,” say “select the **Create** button.”
diff --git a/content/guides/python/_index.md b/content/guides/python/_index.md
index 221c540f1ed..6489a6d67d1 100644
--- a/content/guides/python/_index.md
+++ b/content/guides/python/_index.md
@@ -15,10 +15,17 @@ params:
time: 20 minutes
---
+> **Acknowledgment**
+>
+> This guide is a community contribution. Docker would like to thank
+> [Esteban Maya](https://www.linkedin.com/in/esteban-x64/) and [Igor Aleksandrov](https://www.linkedin.com/in/igor-aleksandrov/) for their contribution
+> to this guide.
+
The Python language-specific guide teaches you how to containerize a Python application using Docker. In this guide, you’ll learn how to:
- Containerize and run a Python application
- Set up a local environment to develop a Python application using containers
+- Lint, format, typing and best practices
- Configure a CI/CD pipeline for a containerized Python application using GitHub Actions
- Deploy your containerized Python application locally to Kubernetes to test and debug your deployment
diff --git a/content/guides/python/configure-github-actions.md b/content/guides/python/configure-github-actions.md
index a513e930674..45f969cd57a 100644
--- a/content/guides/python/configure-github-actions.md
+++ b/content/guides/python/configure-github-actions.md
@@ -1,7 +1,7 @@
---
title: Automate your builds with GitHub Actions
linkTitle: Automate your builds with GitHub Actions
-weight: 20
+weight: 40
keywords: ci/cd, github actions, python, flask
description: Learn how to configure CI/CD using GitHub Actions for your Python application.
aliases:
@@ -60,6 +60,27 @@ on:
- main
jobs:
+ lint-test:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Set up Python
+ uses: actions/setup-python@v5
+ with:
+ python-version: '3.12'
+
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install -r requirements.txt
+
+ - name: Run pre-commit hooks
+ run: pre-commit run --all-files
+
+ - name: Run pyright
+ run: pyright
+
build_and_push:
runs-on: ubuntu-latest
steps:
@@ -97,7 +118,11 @@ When the workflow is complete, go to your [repositories on Docker Hub](https://h
## Summary
-In this section, you learned how to set up a GitHub Actions workflow for your Python application.
+In this section, you learned how to set up a GitHub Actions workflow for your Python application that includes:
+
+- Running pre-commit hooks for linting and formatting
+- Static type checking with Pyright
+- Building and pushing Docker images
Related information:
@@ -107,5 +132,5 @@ Related information:
## Next steps
-In the next section, you'll learn how you can develop your application using containers.
+In the next section, you'll learn how you can develop locally using kubernetes.
diff --git a/content/guides/python/containerize.md b/content/guides/python/containerize.md
index daff59ba69e..f53be97a2db 100644
--- a/content/guides/python/containerize.md
+++ b/content/guides/python/containerize.md
@@ -58,7 +58,7 @@ This utility will walk you through creating the following files with sensible de
Let's get started!
? What application platform does your project use? Python
-? What version of Python do you want to use? 3.11.4
+? What version of Python do you want to use? 3.12
? What port do you want your app to listen on? 8000
? What is the command to run your app? python3 -m uvicorn app:app --host=0.0.0.0 --port=8000
```
@@ -139,8 +139,8 @@ Create a file named `Dockerfile` with the following contents.
# Want to help us make this template better? Share your feedback here: https://forms.gle/ybq9Krt8jtBL3iCk7
-ARG PYTHON_VERSION=3.11.4
-FROM python:${PYTHON_VERSION}-slim AS base
+ARG PYTHON_VERSION=3.12
+FROM python:${PYTHON_VERSION}-slim
# Prevents Python from writing pyc files.
ENV PYTHONDONTWRITEBYTECODE=1
@@ -181,7 +181,7 @@ COPY . .
EXPOSE 8000
# Run the application.
-CMD python3 -m uvicorn app:app --host=0.0.0.0 --port=8000
+CMD ["python3", "-m", "uvicorn", "app:app", "--host=0.0.0.0", "--port=8000"]
```
Create a file named `compose.yaml` with the following contents.
@@ -375,6 +375,4 @@ Related information:
## Next steps
-In the next section, you'll take a look at how to set up a CI pipeline using GitHub Actions.
-
-
+In the next section, you'll take a look at how to set up a local development environment using Docker containers.
diff --git a/content/guides/python/develop.md b/content/guides/python/develop.md
index 24c73832b79..7a8b5b2bd84 100644
--- a/content/guides/python/develop.md
+++ b/content/guides/python/develop.md
@@ -1,7 +1,7 @@
---
title: Use containers for Python development
linkTitle: Develop your app
-weight: 40
+weight: 15
keywords: python, local, development
description: Learn how to develop your Python application locally.
aliases:
@@ -51,7 +51,7 @@ You'll need to clone a new repository to get a sample application that includes
Let's get started!
? What application platform does your project use? Python
- ? What version of Python do you want to use? 3.11.4
+ ? What version of Python do you want to use? 3.12
? What port do you want your app to listen on? 8001
? What is the command to run your app? python3 -m uvicorn app:app --host=0.0.0.0 --port=8001
```
@@ -132,8 +132,8 @@ You'll need to clone a new repository to get a sample application that includes
# Want to help us make this template better? Share your feedback here: https:// forms.gle/ybq9Krt8jtBL3iCk7
- ARG PYTHON_VERSION=3.11.4
- FROM python:${PYTHON_VERSION}-slim as base
+ ARG PYTHON_VERSION=3.12
+ FROM python:${PYTHON_VERSION}-slim
# Prevents Python from writing pyc files.
ENV PYTHONDONTWRITEBYTECODE=1
@@ -174,7 +174,7 @@ You'll need to clone a new repository to get a sample application that includes
EXPOSE 8001
# Run the application.
- CMD python3 -m uvicorn app:app --host=0.0.0.0 --port=8001
+ CMD ["python3", "-m", "uvicorn", "app:app", "--host=0.0.0.0", "--port=8001"]
```
Create a file named `compose.yaml` with the following contents.
@@ -569,4 +569,4 @@ Related information:
## Next steps
-In the next section, you'll learn how you can locally test and debug your workloads on Kubernetes before deploying.
+In the next section, you'll learn how you can set up linting, formatting and type checking to follow the best practices in python apps.
diff --git a/content/guides/python/lint-format-typing.md b/content/guides/python/lint-format-typing.md
new file mode 100644
index 00000000000..a96aead3530
--- /dev/null
+++ b/content/guides/python/lint-format-typing.md
@@ -0,0 +1,122 @@
+---
+title: Linting, formatting, and type checking for Python
+linkTitle: Linting and typing
+weight: 25
+keywords: Python, linting, formatting, type checking, ruff, pyright
+description: Learn how to set up linting, formatting and type checking for your Python application.
+aliases:
+ - /language/python/lint-format-typing/
+---
+
+## Prerequisites
+
+Complete [Develop your app](develop.md).
+
+## Overview
+
+In this section, you'll learn how to set up code quality tools for your Python application. This includes:
+
+- Linting and formatting with Ruff
+- Static type checking with Pyright
+- Automating checks with pre-commit hooks
+
+## Linting and formatting with Ruff
+
+Ruff is an extremely fast Python linter and formatter written in Rust. It replaces multiple tools like flake8, isort, and black with a single unified tool.
+
+Create a `pyproject.toml` file:
+
+```toml
+[tool.ruff]
+target-version = "py312"
+
+[tool.ruff.lint]
+select = [
+ "E", # pycodestyle errors
+ "W", # pycodestyle warnings
+ "F", # pyflakes
+ "I", # isort
+ "B", # flake8-bugbear
+ "C4", # flake8-comprehensions
+ "UP", # pyupgrade
+ "ARG001", # unused arguments in functions
+]
+ignore = [
+ "E501", # line too long, handled by black
+ "B008", # do not perform function calls in argument defaults
+ "W191", # indentation contains tabs
+ "B904", # Allow raising exceptions without from e, for HTTPException
+]
+```
+
+### Using Ruff
+
+Run these commands to check and format your code:
+
+```bash
+# Check for errors
+ruff check .
+
+# Automatically fix fixable errors
+ruff check --fix .
+
+# Format code
+ruff format .
+```
+
+## Type checking with Pyright
+
+Pyright is a fast static type checker for Python that works well with modern Python features.
+
+Add `Pyright` configuration in `pyproject.toml`:
+
+```toml
+[tool.pyright]
+typeCheckingMode = "strict"
+pythonVersion = "3.12"
+exclude = [".venv"]
+```
+
+### Running Pyright
+
+To check your code for type errors:
+
+```bash
+pyright
+```
+
+## Setting up pre-commit hooks
+
+Pre-commit hooks automatically run checks before each commit. The following `.pre-commit-config.yaml` snippet sets up Ruff:
+
+```yaml
+ https: https://github.com/charliermarsh/ruff-pre-commit
+ rev: v0.2.2
+ hooks:
+ - id: ruff
+ args: [--fix]
+ - id: ruff-format
+```
+
+To install and use:
+
+```bash
+pre-commit install
+git commit -m "Test commit" # Automatically runs checks
+```
+
+## Summary
+
+In this section, you learned how to:
+
+- Configure and use Ruff for linting and formatting
+- Set up Pyright for static type checking
+- Automate checks with pre-commit hooks
+
+These tools help maintain code quality and catch errors early in development.
+
+## Next steps
+
+- [Configure GitHub Actions](configure-github-actions.md) to run these checks automatically
+- Customize linting rules to match your team's style preferences
+- Explore advanced type checking features
\ No newline at end of file
diff --git a/content/manuals/accounts/deactivate-user-account.md b/content/manuals/accounts/deactivate-user-account.md
index 21788c607b3..5a455108e6f 100644
--- a/content/manuals/accounts/deactivate-user-account.md
+++ b/content/manuals/accounts/deactivate-user-account.md
@@ -17,10 +17,11 @@ Before deactivating your Docker account, ensure you meet the following requireme
- For owners, you must leave your organization or company before deactivating your Docker account.
To do this:
- 1. Sign in to the [Docker Admin Console](https://app.docker.com/admin).
- 2. Select the organization you need to leave from the **Choose profile** page.
- 3. Find your username in the **Members** tab.
- 4. Select the **More options** menu and then select **Leave organization**.
+ 1. Sign in to [Docker Home](https://app.docker.com/admin) and choose
+ your organization.
+ 1. Select **Admin Console**.
+ 1. Select **Members** and find your username.
+ 1. Select the **Actions** menu and then select **Leave organization**.
- If you are the sole owner of an organization, you must assign the owner role to another member of the organization and then remove yourself from the organization, or deactivate the organization. Similarly, if you are the sole owner of a company, either add someone else as a company owner and then remove yourself, or deactivate the company.
@@ -39,8 +40,8 @@ Once you have completed all the previous steps, you can deactivate your account.
> This cannot be undone. Be sure you've gathered all the data you need from your account before deactivating it.
1. Sign in to [Docker Home](https://app.docker.com/login).
-2. Select your avatar to open the drop-down menu.
-3. Select **Account settings**.
-4. Select **Deactivate**.
-5. Select **Deactivate account**.
-6. To confirm, select **Deactivate account**.
+1. Select your avatar to open the drop-down menu.
+1. Select **Account settings**.
+1. Select **Deactivate**.
+1. Select **Deactivate account**.
+1. To confirm, select **Deactivate account**.
diff --git a/content/manuals/accounts/manage-account.md b/content/manuals/accounts/manage-account.md
index 02684e50f77..c8d55d011cf 100644
--- a/content/manuals/accounts/manage-account.md
+++ b/content/manuals/accounts/manage-account.md
@@ -18,9 +18,7 @@ account security.
## Update general settings
1. Sign in to your [Docker account](https://app.docker.com/login).
-2. In Docker Home, select your avatar in the top-right corner to open the
-drop-down.
-3. Select **Account settings**.
+2. Select your avatar in the top-right corner and select **Account settings**.
From the Account settings page, you can take any of the following actions.
diff --git a/content/manuals/admin/_index.md b/content/manuals/admin/_index.md
index cf5274bfd91..2e1c733521a 100644
--- a/content/manuals/admin/_index.md
+++ b/content/manuals/admin/_index.md
@@ -37,7 +37,7 @@ aliases:
Administrators can manage companies and organizations using the Docker Admin Console.
-The [Docker Admin Console](https://admin.docker.com) provides administrators with centralized observability, access management, and controls for their company and organizations. To provide these features, Docker uses the following hierarchy and roles.
+The [Docker Admin Console](https://app.docker.com/admin) provides administrators with centralized observability, access management, and controls for their company and organizations. To provide these features, Docker uses the following hierarchy and roles.
diff --git a/content/manuals/admin/company/_index.md b/content/manuals/admin/company/_index.md
index 72d5b33439b..6a21abaf011 100644
--- a/content/manuals/admin/company/_index.md
+++ b/content/manuals/admin/company/_index.md
@@ -33,7 +33,7 @@ grid:
- title: Domain management
description: Add and verify your domains.
icon: domain_verification
- link: /admin/company/settings/domains/
+ link: /security/for-admins/domain-management/
- title: FAQs
description: Explore common company FAQs.
link: /faq/admin/company-faqs/
diff --git a/content/manuals/admin/company/new-company.md b/content/manuals/admin/company/new-company.md
index af6cb560a38..7ef1e3eb433 100644
--- a/content/manuals/admin/company/new-company.md
+++ b/content/manuals/admin/company/new-company.md
@@ -16,17 +16,17 @@ You can create a new company in the Docker Admin Console. Before you begin, you
To create a new company:
-1. Sign in to the [Admin Console](https://app.docker.com/admin).
-2. Select your organization you want to add to your company from the **Choose profile** page.
-3. Under **Organization settings**, select **Company management**.
-4. Select **Create a company**.
-5. Enter a unique name for your company, then select **Continue**.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Admin Console**, then **Company management**.
+1. Select **Create a company**.
+1. Enter a unique name for your company, then select **Continue**.
> [!TIP]
>
> The name for your company can't be the same as an existing user, organization, or company namespace.
-6. Review the company migration details and then select **Create company**.
+1. Review the company migration details and then select **Create company**.
For more information on how you can add organizations to your company, see [Add organizations to a company](./organizations.md#add-organizations-to-a-company).
diff --git a/content/manuals/admin/company/organizations.md b/content/manuals/admin/company/organizations.md
index aa1907682bd..74fc0964911 100644
--- a/content/manuals/admin/company/organizations.md
+++ b/content/manuals/admin/company/organizations.md
@@ -10,11 +10,11 @@ You can manage the organizations in a company in the Docker Admin Console.
## View all organizations
-1. Sign in to the [Admin Console](https://admin.docker.com).
-2. Select your company on the **Choose profile** page.
-3. Under **Organizations**, select **Overview**.
+1. Sign in to the [Docker Home](https://app.docker.com) and choose
+your company.
+1. Select **Admin Console**, then **Organizations**.
-The organization overview page displays all organizations under your company.
+The **Organizations** view displays all organizations under your company.
## Add seats to an organization
@@ -30,18 +30,17 @@ You must be a company owner to add an organization to a company. You must also b
>
> Once you add an organization to a company, you can't remove it from the company.
-1. Sign in to the [Admin Console](https://admin.docker.com).
-2. Select your company on the **Choose profile** page.
-3. Select **Organizations**, then **Overview**.
-4. Select **Add organization**.
-5. Choose the organization you want to add from the drop-down menu.
-6. Select **Add organization** to confirm.
+1. Sign in to [Docker Home](https://app.docker.com) and select your company.
+1. Select **Admin Console**, then **Organizations**.
+1. Select **Add organization**.
+1. Choose the organization you want to add from the drop-down menu.
+1. Select **Add organization** to confirm.
## Manage an organization
-1. Sign in to the [Admin Console](https://admin.docker.com).
-2. Select your company on the **Choose profile** page.
-3. Select the organization that you want to manage.
+1. Sign in to [Docker Home](https://app.docker.com) and select your company.
+1. Select **Admin Console**, then **Organizations**.
+1. Select the organization you want to manage.
For more details about managing an organization, see [Organization administration](../organization/_index.md).
diff --git a/content/manuals/admin/company/owners.md b/content/manuals/admin/company/owners.md
index 6ce17576fb1..f383acf971c 100644
--- a/content/manuals/admin/company/owners.md
+++ b/content/manuals/admin/company/owners.md
@@ -23,17 +23,15 @@ owners don't need to be member of an organization.
## Add a company owner
-1. Sign in to the [Admin Console](https://admin.docker.com).
-2. Select your company on the **Choose profile** page.
-3. Select **Company owners**.
-4. Select **Add owner**.
-5. Specify the user's Docker ID to search for the user.
-6. After you find the user, select **Add company owner**.
+1. Sign in to [Docker Home](https://app.docker.com) and select your company.
+1. Select **Admin Console**, then **Company owners**.
+1. Select **Add owner**.
+1. Specify the user's Docker ID to search for the user.
+1. After you find the user, select **Add company owner**.
## Remove a company owner
-1. Sign in to the [Admin Console](https://admin.docker.com).
-2. Select your company on the **Choose profile** page.
-3. Select **Company owners**.
-4. Select the **Action** icon in the row of the company owner that your want to remove.
-5. Select **Remove as company owner**.
+1. Sign in to [Docker Home](https://app.docker.com) and select your company.
+1. Select **Admin Console**, then **Company owners**.
+1. Locate the company owner you want to remove and select the **Actions** menu.
+1. Select **Remove as company owner**.
diff --git a/content/manuals/admin/faqs/company-faqs.md b/content/manuals/admin/faqs/company-faqs.md
index 33e0fb425e2..674b9934fd8 100644
--- a/content/manuals/admin/faqs/company-faqs.md
+++ b/content/manuals/admin/faqs/company-faqs.md
@@ -62,7 +62,7 @@ You can manage domain verification, SSO, and SCIM at the company level. The foll
- User management
- Billing
-To view and manage users across all the organizations under your company, you can [manage users at the company level](../../admin/company/users.md) when you use the [Admin Console](https://admin.docker.com).
+To view and manage users across all the organizations under your company, you can [manage users at the company level](../../admin/company/users.md) when you use the [Admin Console](https://app.docker.com/admin).
Domain audit isn't supported for companies or organizations within a company.
diff --git a/content/manuals/admin/faqs/general-faqs.md b/content/manuals/admin/faqs/general-faqs.md
index d225027c44b..f7ab1affb7c 100644
--- a/content/manuals/admin/faqs/general-faqs.md
+++ b/content/manuals/admin/faqs/general-faqs.md
@@ -85,7 +85,9 @@ If the user is a member of your organization, you can remove the user from your
### How do I manage settings for a user account?
-You can manage your account settings anytime when you sign in to your [Docker account](https://app.docker.com/login). In Docker Home, select your avatar in the top-right navigation, then select **My Account**. You can also access this menu from any Docker web applications when you're signed in to your account. See [Manage your Docker account](/accounts/manage-account). If your account is associated with an organization that uses SSO, you may have limited access to the settings that you can control.
+You can manage your account settings anytime when you sign in to your [Docker account](https://app.docker.com/login). Select your avatar in the top-right navigation, then select **My Account**.
+
+You can also access this menu from any Docker web applications when you're signed in to your account. See [Manage your Docker account](/accounts/manage-account). If your account is associated with an organization that uses SSO, you may have limited access to the settings that you can control.
### How do I add an avatar to my Docker account?
diff --git a/content/manuals/admin/organization/_index.md b/content/manuals/admin/organization/_index.md
index 0cbef4d6d0b..c1a05fe7e55 100644
--- a/content/manuals/admin/organization/_index.md
+++ b/content/manuals/admin/organization/_index.md
@@ -37,7 +37,7 @@ grid:
icon: key
- title: Domain management
description: Add, verify, and audit your domains.
- link: /admin/organization/security-settings/domains/
+ link: /security/for-admins/domain-management/
icon: domain_verification
- title: FAQs
description: Explore common organization FAQs.
diff --git a/content/manuals/admin/organization/convert-account.md b/content/manuals/admin/organization/convert-account.md
index ef77881f934..337ff846617 100644
--- a/content/manuals/admin/organization/convert-account.md
+++ b/content/manuals/admin/organization/convert-account.md
@@ -25,8 +25,8 @@ Before you convert a user account to an organization, ensure that you meet the f
To do this:
1. Navigate to **My Hub** and then select the organization you need to leave.
- 2. Find your username in the **Members** tab.
- 3. Select the **More options** menu and then select **Leave organization**.
+ 1. Find your username in the **Members** tab.
+ 1. Select the **More options** menu and then select **Leave organization**.
If the user account is the sole owner of any organization or company, assign another user the owner role and then remove yourself from the organization or company.
@@ -58,18 +58,16 @@ associated with an organization, not a single user account.
## Convert an account into an organization
-1. Ensure you have removed your user account from any company or teams or organizations. Also make sure that you have a new Docker ID before you convert an account. See the [Prerequisites](#prerequisites) section for details.
+Before you convert an account into an organization ensure you have:
-2. Sign in to [Docker Home](https://app.docker.com/login).
+- Removed your user account from any company or teams or organizations
+- Created a new Docker ID before you convert an account
-3. In Docker Home, select your avatar in the top-right corner to open the drop-down.
+See the [Prerequisites](#prerequisites) section for details.
-4. Select **Account settings**.
-
-5. Select **Convert**.
-
-6. Review the warning displayed about converting a user account. This action cannot be undone and has considerable implications for your assets and the account.
-
-7. Enter a **Username of new owner** to set an organization owner. This is the user account that will manage the organization, and the only way to access the organization settings after conversion. You cannot use the same Docker ID as the account you are trying to convert.
-
-8. Select **Confirm**. The new owner receives a notification email. Use that owner account to sign in and manage the new organization.
+1. Sign in to [Docker Home](https://app.docker.com/login).
+1. Select your avatar in the top-right corner and select **Account settings**.
+1. In the **Settings** section, select **Convert**.
+1. Review the warning displayed about converting a user account. This action cannot be undone and has considerable implications for your assets and the account.
+1. Enter a **Username of new owner** to set an organization owner. This is the user account that will manage the organization, and the only way to access the organization settings after conversion. You cannot use the same Docker ID as the account you are trying to convert.
+1. Select **Confirm**. The new owner receives a notification email. Use that owner account to sign in and manage the new organization.
diff --git a/content/manuals/admin/organization/deactivate-account.md b/content/manuals/admin/organization/deactivate-account.md
index b0ad4ab3525..aee1e720bc8 100644
--- a/content/manuals/admin/organization/deactivate-account.md
+++ b/content/manuals/admin/organization/deactivate-account.md
@@ -21,13 +21,9 @@ Before deactivating an organization, complete the following:
- Download any images and tags you want to keep:
`docker pull -a :`.
-
- If you have an active Docker subscription, [downgrade it to a free subscription](../../subscription/change.md).
-
- Remove all other members within the organization.
-
- Unlink your [Github and Bitbucket accounts](../../docker-hub/repos/manage/builds/link-source.md#unlink-a-github-user-account).
-
- For Business organizations, [remove your SSO connection](../../security/for-admins/single-sign-on/manage/#remove-an-organization).
## Deactivate
@@ -41,19 +37,22 @@ Once you have completed all the previous steps, you can deactivate your organiza
{{< tabs >}}
{{< tab name="Admin Console" >}}
-1. In Admin Console, choose the organization you want to deactivate.
-2. Under **Organization settings**, select **Deactivate**.
-3. Enter the organization name to confirm deactivation.
-4. Select **Deactivate organization**.
+1. Sign in to [Docker Home](https://app.docker.com) and select the organization
+you want to deactivate.
+1. Select **Admin Console**, then **Deactivate**. If this button is greyed out,
+you must complete the [Prerequisites](#prerequisites).
+1. Enter the organization name to confirm deactivation.
+1. Select **Deactivate organization**.
{{< /tab >}}
{{< tab name="Docker Hub" >}}
{{% include "hub-org-management.md" %}}
-1. On Docker Hub, select **My Hub**.
-2. Choose the organization you want to deactivate.
-3. In **Settings**, select the **Deactivate org** and then **Deactivate organization**.
+1. Sign in to [Docker Hub](https://hub.docker.com).
+1. Choose the organization you want to deactivate.
+1. In **Settings**, select **Deactivate org**.
+1. Select **Deactivate organization**.
{{< /tab >}}
{{< /tabs >}}
diff --git a/content/manuals/admin/organization/general-settings.md b/content/manuals/admin/organization/general-settings.md
index 65d4188dbcc..c0f5f07ffb6 100644
--- a/content/manuals/admin/organization/general-settings.md
+++ b/content/manuals/admin/organization/general-settings.md
@@ -21,11 +21,10 @@ This information includes:
To edit this information:
-1. Sign in to the [Admin Console](https://admin.docker.com).
-2. Select your company on the **Choose profile** page.
-3. Under **Organization settings**, select **Organization information**.
-4. Specify the organization information and select **Save**.
+1. Sign in to the [Admin Console](https://app.docker.com/admin).
+1. Select your company on the **Choose profile** page.
+1. Specify the organization information and select **Save**.
## Next steps
-In the **Organization settings** menu, you can also [configure SSO](../../security/for-admins/single-sign-on/configure/) and [set up SCIM](../../security/for-admins/provisioning/scim.md). If your organization isn't part of a company, from here you can also [audit your domains](../../security/for-admins/domain-audit.md) or [create a company](new-company.md).
+In the **Organization settings** menu, you can also [configure SSO](../../security/for-admins/single-sign-on/configure/) and [set up SCIM](../../security/for-admins/provisioning/scim.md). If your organization isn't part of a company, from here you can also [manage your domains](/manuals/security/for-admins/domain-management.md) or [create a company](new-company.md).
diff --git a/content/manuals/admin/organization/insights.md b/content/manuals/admin/organization/insights.md
index 187f0c57e40..4496564694b 100644
--- a/content/manuals/admin/organization/insights.md
+++ b/content/manuals/admin/organization/insights.md
@@ -34,11 +34,10 @@ To access Insights, you must contact your Customer Success Manager to have the
feature enabled. Once the feature is enabled, access Insights using the following
steps:
-1. Go to the [Admin Console](https://app.docker.com/admin/) and sign in to an
- account that is an organization owner.
-2. Select your company on the **Choose profile** page.
-3. Select **Insights**.
-4. On the **Insights** page, select the period of time for the data.
+1. Sign in to [Docker Home](https://app.docker.com/) and choose
+your organization.
+1. Select **Admin Console**, then **Insights**.
+1. On the **Insights** page, select the period of time for the data.
> [!NOTE]
>
diff --git a/content/manuals/admin/organization/manage-a-team.md b/content/manuals/admin/organization/manage-a-team.md
index 1491f77edea..bf61c360e15 100644
--- a/content/manuals/admin/organization/manage-a-team.md
+++ b/content/manuals/admin/organization/manage-a-team.md
@@ -37,11 +37,12 @@ The organization owner can also add additional organization owners to help them
{{< tabs >}}
{{< tab name="Admin Console" >}}
-1. In Admin Console, select your organization.
-2. In the **User management** section, select **Teams**.
-3. Select **Create team**.
-4. Fill out your team's information and select **Create**.
-5. [Add members to your team](members.md#add-a-member-to-a-team).
+1. Sign in to [Docker Home](https://app.docker.com) and select your
+organization.
+1. Select **Admin Console**, then **Teams**.
+1. Select **Create team**.
+1. Fill out your team's information and select **Create**.
+1. [Add members to your team](members.md#add-a-member-to-a-team).
{{< /tab >}}
{{< tab name="Docker Hub" >}}
@@ -49,10 +50,10 @@ The organization owner can also add additional organization owners to help them
{{% include "hub-org-management.md" %}}
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select **My Hub** and choose your organization.
-3. Select the **Teams** and then select **Create Team**.
-4. Fill out your team's information and select **Create**.
-5. [Add members to your team](members.md#add-a-member-to-a-team).
+1. Select **My Hub** and choose your organization.
+1. Select the **Teams** and then select **Create Team**.
+1. Fill out your team's information and select **Create**.
+1. [Add members to your team](members.md#add-a-member-to-a-team).
{{< /tab >}}
{{< /tabs >}}
@@ -67,11 +68,11 @@ access. Note that organization owners have full administrative access to all rep
To give a team access to a repository:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select **My Hub** and choose your organization.
-3. Select the **Teams** and select the team that you'd like to configure repository access to.
-4. Select the **Permissions** tab and select a repository from the
+1. Select **My Hub** and choose your organization.
+1. Select the **Teams** and select the team that you'd like to configure repository access to.
+1. Select the **Permissions** tab and select a repository from the
**Repository** drop-down.
-5. Choose a permission from the **Permissions** drop-down list and select
+1. Choose a permission from the **Permissions** drop-down list and select
**Add**.
Organization owners can also assign members the editor role to grant partial administrative access. See [Roles and permissions](../../security/for-admins/roles-and-permissions.md) for more about the editor role.
@@ -111,9 +112,9 @@ you automatically have "Read-only" permissions:
To view a team's permissions across all repositories:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select **My Hub** and choose your organization.
-3. Select **Teams** and choose your team name.
-4. Select the **Permissions** tab, where you can view the repositories this team can access.
+1. Select **My Hub** and choose your organization.
+1. Select **Teams** and choose your team name.
+1. Select the **Permissions** tab, where you can view the repositories this team can access.
## Delete a team
@@ -122,11 +123,12 @@ Organization owners can delete a team in Docker Hub or Admin Console. When you r
{{< tabs >}}
{{< tab name="Admin Console" >}}
-1. In the [Admin Console](https://app.docker.com/admin), select your organization.
-2. In the **User management** section, select **Teams**.
-3. Select the **Actions** icon next to the name of the team you want to delete.
-4. Select **Delete team**.
-5. Review the confirmation message, then select **Delete**.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Admin Console**, then **Teams**.
+1. Select the **Actions** icon next to the name of the team you want to delete.
+1. Select **Delete team**.
+1. Review the confirmation message, then select **Delete**.
{{< /tab >}}
{{< tab name="Docker Hub" >}}
@@ -134,12 +136,12 @@ Organization owners can delete a team in Docker Hub or Admin Console. When you r
{{% include "hub-org-management.md" %}}
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select **My Hub** and choose your organization.
-3. Select **Teams**.
-4. Select the name of the team that you want to delete.
-5. Select **Settings**.
-6. Select **Delete Team**.
-7. Review the confirmation message, then select **Delete**.
+1. Select **My Hub** and choose your organization.
+1. Select **Teams**.
+1. Select the name of the team that you want to delete.
+1. Select **Settings**.
+1. Select **Delete Team**.
+1. Review the confirmation message, then select **Delete**.
{{< /tab >}}
{{< /tabs >}}
diff --git a/content/manuals/admin/organization/members.md b/content/manuals/admin/organization/members.md
index 0cfee31d0e7..2aca0e030b4 100644
--- a/content/manuals/admin/organization/members.md
+++ b/content/manuals/admin/organization/members.md
@@ -34,7 +34,7 @@ To accept an invitation:
1. Navigate to your email inbox and open the Docker email with an invitation to
join the Docker organization.
-2. To open the link to Docker Hub, select the **click here** link.
+1. To open the link to Docker Hub, select the **click here** link.
> [!WARNING]
>
@@ -43,14 +43,14 @@ join the Docker organization.
> address the link was sent to and accept the invitation from the
> **Notifications** panel.
-3. The Docker create an account page will open. If you already have an account, select **Already have an account? Sign in**.
+1. The Docker create an account page will open. If you already have an account, select **Already have an account? Sign in**.
If you do not have an account yet, create an account using the same email
address you received the invitation through.
-4. Optional. If you do not have an account and created one, you must navigate
+1. Optional. If you do not have an account and created one, you must navigate
back to your email inbox and verify your email address using the Docker verification
email.
-5. Once you are signed in to Docker Hub, select **My Hub** from the top-level navigation menu.
-6. Select **Accept** on your invitation.
+1. Once you are signed in to Docker Hub, select **My Hub** from the top-level navigation menu.
+1. Select **Accept** on your invitation.
After accepting an invitation, you are now a member of the organization.
@@ -67,18 +67,20 @@ You can send individual invitations, or bulk invitations from the Admin Console.
To resend an individual invitation:
-1. In the [Admin Console](https://app.docker.com/admin), select your organization.
-2. Select **Members**.
-3. Select the **action menu** next to the invitee and select **Resend**.
-4. Select **Invite** to confirm.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Admin Console**, then **Members**.
+1. Select the **action menu** next to the invitee and select **Resend**.
+1. Select **Invite** to confirm.
To bulk resend invitations:
-1. In the [Admin Console](https://app.docker.com/admin), select your organization.
-2. Select **Members**.
-3. Use the **checkboxes** next to **Usernames** to bulk select users.
-4. Select **Resend invites**.
-5. Select **Resend** to confirm.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Admin Console**, then **Members**.
+1. Use the **checkboxes** next to **Usernames** to bulk select users.
+1. Select **Resend invites**.
+1. Select **Resend** to confirm.
{{< /tab >}}
{{< tab name="Docker Hub" >}}
@@ -88,10 +90,10 @@ To bulk resend invitations:
To resend an invitation from Docker Hub:
1. Sign in to [Docker Hub](https://hub.docker.com/).
-2. Select **My Hub**, your organization, and then **Members**.
-3. In the table, locate the invitee, select the **Actions** icon, and then select
+1. Select **My Hub**, your organization, and then **Members**.
+1. In the table, locate the invitee, select the **Actions** icon, and then select
**Resend invitation**.
-4. Select **Invite** to confirm.
+1. Select **Invite** to confirm.
You can also resend an invitation using the Docker Hub API. For more information,
see the [Resend an invite](https://docs.docker.com/reference/api/hub/latest/#tag/invites/paths/~1v2~1invites~1%7Bid%7D~1resend/patch) API endpoint.
@@ -106,10 +108,11 @@ see the [Resend an invite](https://docs.docker.com/reference/api/hub/latest/#tag
To remove an invitation from the Admin Console:
-1. In the [Admin Console](https://app.docker.com/admin), select your organization.
-2. Select **Members**.
-3. Select the **action menu** next to the invitee and select **Remove invitee**.
-4. Select **Remove** to confirm.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Admin Console**, then **Members**.
+1. Select the **action menu** next to the invitee and select **Remove invitee**.
+1. Select **Remove** to confirm.
{{< /tab >}}
{{< tab name="Docker Hub" >}}
@@ -119,9 +122,9 @@ To remove an invitation from the Admin Console:
To remove a member's invitation from Docker Hub:
1. Sign in to [Docker Hub](https://hub.docker.com/).
-2. Select **My Hub**, your organization, and then **Members**.
-3. In the table, select the **Action** icon, and then select **Remove member** or **Remove invitee**.
-4. Follow the on-screen instructions to remove the member or invitee.
+1. Select **My Hub**, your organization, and then **Members**.
+1. In the table, select the **Action** icon, and then select **Remove member** or **Remove invitee**.
+1. Follow the on-screen instructions to remove the member or invitee.
You can also remove an invitation using the Docker Hub API. For more information,
see the [Cancel an invite](https://docs.docker.com/reference/api/hub/latest/#tag/invites/paths/~1v2~1invites~1%7Bid%7D/delete) API endpoint.
@@ -140,9 +143,11 @@ Use Docker Hub or the Admin Console to add or remove team members. Organization
To add a member to a team with the Admin Console:
-1. In the [Admin Console](https://app.docker.com/admin), select your organization.
-2. Select the team name.
-3. Select **Add member**. You can add the member by searching for their email address or username.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Admin Console**, then **Teams**.
+1. Select the team name.
+1. Select **Add member**. You can add the member by searching for their email address or username.
> [!NOTE]
>
@@ -156,13 +161,13 @@ To add a member to a team with the Admin Console:
To add a member to a team with Docker Hub:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select **My Hub**, your organization, and then **Members**.
-3. Select the **Action** icon, and then select **Add to team**.
+1. Select **My Hub**, your organization, and then **Members**.
+1. Select the **Action** icon, and then select **Add to team**.
> [!NOTE]
>
> You can also navigate to **My Hub** > **Your Organization** > **Teams** > **Your Team Name** and select **Add Member**. Select a member from the drop-down list to add them to the team or search by Docker ID or email.
-4. Select the team and then select **Add**.
+1. Select the team and then select **Add**.
> [!NOTE]
>
@@ -184,10 +189,12 @@ Organization owners can remove a member from a team in Docker Hub or Admin Conso
To remove a member from a specific team with the Admin Console:
-1. In the [Admin Console](https://app.docker.com/admin), select your organization.
-2. Select the team name.
-3. Select the **X** next to the user's name to remove them from the team.
-4. When prompted, select **Remove** to confirm.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Admin Console**, then **Teams**.
+1. Select the team name.
+1. Select the **X** next to the user's name to remove them from the team.
+1. When prompted, select **Remove** to confirm.
{{< /tab >}}
{{< tab name="Docker Hub" >}}
@@ -197,9 +204,9 @@ To remove a member from a specific team with the Admin Console:
To remove a member from a specific team with Docker Hub:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select **My Hub**, your organization, **Teams**, and then the team.
-3. Select the **X** next to the user’s name to remove them from the team.
-4. When prompted, select **Remove** to confirm.
+1. Select **My Hub**, your organization, **Teams**, and then the team.
+1. Select the **X** next to the user’s name to remove them from the team.
+1. When prompted, select **Remove** to confirm.
{{< /tab >}}
{{< /tabs >}}
@@ -215,10 +222,11 @@ the company owner can also manage that organization's roles. If you have SSO ena
To update a member role in the Admin Console:
-1. In the [Admin Console](https://app.docker.com/admin), select your organization.
-2. Select the **Members** tab.
-3. Find the username of the member whose role you want to edit. Select the
-**Actions menu**, then **Edit role**.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Admin Console**, then **Members**.
+1. Find the username of the member whose role you want to edit. Select the
+**Actions** menu, then **Edit role**.
> [!NOTE]
>
@@ -233,10 +241,10 @@ To update a member role in the Admin Console:
To update a member role in Docker Hub:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select **My Hub**, your organization, and then **Members**.
-3. Find the username of the member whose role you want to edit. In the table, select the **Actions** icon.
-4. Select **Edit role**.
-5. Select their organization, select the role you want to assign, and then select **Save**.
+1. Select **My Hub**, your organization, and then **Members**.
+1. Find the username of the member whose role you want to edit. In the table, select the **Actions** icon.
+1. Select **Edit role**.
+1. Select their organization, select the role you want to assign, and then select **Save**.
> [!NOTE]
>
@@ -251,6 +259,7 @@ To update a member role in Docker Hub:
{{< summary-bar feature_name="Admin orgs" >}}
Owners can export a CSV file containing all members. The CSV file for a company contains the following fields:
+
- Name: The user's name
- Username: The user's Docker ID
- Email: The user's email address
@@ -263,9 +272,10 @@ Owners can export a CSV file containing all members. The CSV file for a company
To export a CSV file of your members:
-1. In the [Admin Console](https://app.docker.com/admin), select your organization.
-2. Select **Members**.
-3. Select the **download** icon to export a CSV file of all members.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Admin Console**, then **Members**.
+1. Select the **download** icon to export a CSV file of all members.
{{< /tab >}}
{{< tab name="Docker Hub" >}}
@@ -275,8 +285,8 @@ To export a CSV file of your members:
To export a CSV file of your members:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select **My Hub**, your organization, and then **Members**.
-3. Select the **Action** icon and then select **Export users as CSV**.
+1. Select **My Hub**, your organization, and then **Members**.
+1. Select the **Action** icon and then select **Export users as CSV**.
{{< /tab >}}
{{< /tabs >}}
\ No newline at end of file
diff --git a/content/manuals/admin/organization/onboard.md b/content/manuals/admin/organization/onboard.md
index 6fa0cf1936d..480252e5f81 100644
--- a/content/manuals/admin/organization/onboard.md
+++ b/content/manuals/admin/organization/onboard.md
@@ -127,6 +127,6 @@ security posture:
- [Manage Docker products](./manage-products.md) to configure access and view usage.
- Configure [Hardened Docker Desktop](/desktop/hardened-desktop/) to improve your organization’s security posture for containerized development.
-- [Audit your domains](/docker-hub/domain-audit/) to ensure that all Docker users in your domain are part of your organization.
+- [Manage your domains](/manuals/security/for-admins/domain-management.md) to ensure that all Docker users in your domain are part of your organization.
Your Docker subscription provides many more additional features. To learn more, see [Docker subscriptions and features](/subscription/details/).
\ No newline at end of file
diff --git a/content/manuals/admin/organization/orgs.md b/content/manuals/admin/organization/orgs.md
index 712b8b76fb8..9115918628f 100644
--- a/content/manuals/admin/organization/orgs.md
+++ b/content/manuals/admin/organization/orgs.md
@@ -30,12 +30,13 @@ detailed instructions on converting an existing user account to an organization,
To create an organization:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Go to Admin Console**.
-3. Select the **Organization** drop-down in the left-hand navigation and then **Create Organization**.
-4. Choose a subscription for your organization, a billing cycle, and specify how many seats you need. See [Docker Pricing](https://www.docker.com/pricing/) for details on the features offered in the Team and Business subscription.
-5. Select **Continue to profile**.
-6. Enter an **Organization namespace**. This is the official, unique name for
+1. Sign in to [Docker Home](https://app.docker.com/) and navigate to the bottom
+of the organization list.
+1. Select **Create new organization**.
+1. Choose a subscription for your organization, a billing cycle, and specify how many seats you need. See [Docker Pricing](https://www.docker.com/pricing/) for details on the features offered in the Team and Business subscription.
+1. Select **Continue to profile**.
+1. Select **Create an organization** to create a new one.
+1. Enter an **Organization namespace**. This is the official, unique name for
your organization in Docker Hub. It's not possible to change the name of the
organization after you've created it.
@@ -43,13 +44,13 @@ organization after you've created it.
>
> You can't use the same name for the organization and your Docker ID. If you want to use your Docker ID as the organization name, then you must first [convert your account into an organization](/manuals/admin/organization/convert-account.md).
-7. Enter your **Company name**. This is the full name of your company. Docker
+1. Enter your **Company name**. This is the full name of your company. Docker
displays the company name on your organization page and in the details of any
public images you publish. You can update the company name anytime by navigating
to your organization's **Settings** page.
-8. Select **Continue to billing** to continue.
-9. Enter your organization's billing information and select **Continue to payment** to continue to the billing portal.
-10. Provide your card details and select **Purchase**.
+1. Select **Continue to billing** to continue.
+1. Enter your organization's billing information and select **Continue to payment** to continue to the billing portal.
+1. Provide your payment details and select **Purchase**.
You've now created an organization.
@@ -59,10 +60,10 @@ You've now created an organization.
{{% include "hub-org-management.md" %}}
1. Sign in to [Docker Hub](https://hub.docker.com/) using your Docker ID, your email address, or your social provider.
-2. Select **My Hub**, select the account drop-down, and then **Create Organization** to create a new organization.
-3. Choose a subscription for your organization, a billing cycle, and specify how many seats you need. See [Docker Pricing](https://www.docker.com/pricing/) for details on the features offered in the Team and Business subscription.
-4. Select **Continue to profile**.
-5. Enter an **Organization namespace**. This is the official, unique name for
+1. Select **My Hub**, select the account drop-down, and then **Create Organization** to create a new organization.
+1. Choose a subscription for your organization, a billing cycle, and specify how many seats you need. See [Docker Pricing](https://www.docker.com/pricing/) for details on the features offered in the Team and Business subscription.
+1. Select **Continue to profile**.
+1. Enter an **Organization namespace**. This is the official, unique name for
your organization in Docker Hub. It's not possible to change the name of the
organization after you've created it.
@@ -70,13 +71,13 @@ organization after you've created it.
>
> You can't use the same name for the organization and your Docker ID. If you want to use your Docker ID as the organization name, then you must first [convert your account into an organization](/manuals/admin/organization/convert-account.md).
-6. Enter your **Company name**. This is the full name of your company. Docker
+1. Enter your **Company name**. This is the full name of your company. Docker
displays the company name on your organization page and in the details of any
public images you publish. You can update the company name anytime by navigating
to your organization's **Settings** page.
-7. Select **Continue to billing** to continue.
-8. Enter your organization's billing information and select **Continue to payment** to continue to the billing portal.
-9. Provide your card details and select **Purchase**.
+1. Select **Continue to billing** to continue.
+1. Enter your organization's billing information and select **Continue to payment** to continue to the billing portal.
+1. Provide your card details and select **Purchase**.
You've now created an organization.
@@ -90,28 +91,13 @@ You've now created an organization.
To view an organization in the Admin Console:
-1. Sign in to [Docker Home](https://app.docker.com).
-2. Under Settings and administration, select **Go to Admin Console**.
-3. Select your organization from the **Organization** drop-down in the left-hand navigation.
+1. Sign in to [Docker Home](https://app.docker.com) and select your
+organization.
+1. From the left-hand navigation menu, select **Admin Console**.
-The Admin Console displays various options that let you to
+The Admin Console contains many options that let you to
configure your organization.
-- **Members**: Displays a list of team members. You
- can invite new members using the **Invite members** button. See [Manage members](./members.md) for details.
-
-- **Teams**: Displays a list of existing teams and the number of
- members in each team. See [Create a team](./manage-a-team.md) for details.
-
-- **Activity** Displays the audit logs, a chronological list of activities that
- occur at organization and repository levels. It provides the org owners a
- report of all their team member activities. See [Audit logs](./activity-logs.md) for
- details.
-
-- **Security and access**: Manage security settings. For more information, see [Security](/manuals/security/_index.md).
-
-- **Organization settings**: Update organization information or [deactivate your organization](/manuals/admin/organization/deactivate-account.md).
-
{{< /tab >}}
{{< tab name="Docker Hub" >}}
@@ -133,7 +119,7 @@ To view an organization:
> then you are neither a member or an owner of it. An organization
> administrator needs to add you as a member of the organization.
-2. Select **My Hub** in the top navigation bar, then choose your
+1. Select **My Hub** in the top navigation bar, then choose your
organization from the list.
The organization landing page displays various options that let you to
@@ -141,25 +127,20 @@ configure your organization.
- **Members**: Displays a list of team members. You
can invite new members using the **Invite members** button. See [Manage members](./members.md) for details.
-
- **Teams**: Displays a list of existing teams and the number of
members in each team. See [Create a team](./manage-a-team.md) for details.
-
- **Repositories**: Displays a list of repositories associated with the
organization. See [Repositories](../../docker-hub/repos/_index.md) for detailed information about
working with repositories.
-
- **Activity** Displays the audit logs, a chronological list of activities that
occur at organization and repository levels. It provides the org owners a
report of all their team member activities. See [Audit logs](./activity-logs.md) for
details.
-
- **Settings**: Displays information about your
organization, and you to view and change your repository privacy
settings, configure org permissions such as
[Image Access Management](/manuals/security/for-admins/hardened-desktop/image-access-management.md), configure notification settings, and [deactivate](/manuals/admin/organization/deactivate-account.md#deactivate-an-organization) You can also update your organization name and company name that appear on your organization landing page. You must be an owner to access the
organization's **Settings** page.
-
- **Billing**: Displays information about your existing
[Docker subscription](../../subscription/_index.md), including the number of seats and next payment due date. For how to access the billing history and payment methods for your organization, see [View billing history](../../billing/history.md).
@@ -178,9 +159,9 @@ configure your organization.
If you have multiple organizations that you want to merge into one, complete the following:
1. Based on the number of seats from the secondary organization, [purchase additional seats](../../subscription/manage-seats.md) for the primary organization account that you want to keep.
-2. Manually add users to the primary organization and remove existing users from the secondary organization.
-3. Manually move over your data, including all repositories.
-4. Once you're done moving all of your users and data, [downgrade](../../subscription/change.md) the secondary account to a free subscription. Note that Docker does not offer refunds for downgrading organizations mid-billing cycle.
+1. Manually add users to the primary organization and remove existing users from the secondary organization.
+1. Manually move over your data, including all repositories.
+1. Once you're done moving all of your users and data, [downgrade](../../subscription/change.md) the secondary account to a free subscription. Note that Docker does not offer refunds for downgrading organizations mid-billing cycle.
> [!TIP]
>
diff --git a/content/manuals/ai/gordon/images/gordon.png b/content/manuals/ai/gordon/images/gordon.png
new file mode 100644
index 00000000000..f2b65c94ca0
Binary files /dev/null and b/content/manuals/ai/gordon/images/gordon.png differ
diff --git a/content/manuals/ai/gordon/images/gordon.webp b/content/manuals/ai/gordon/images/gordon.webp
deleted file mode 100644
index ebf97291489..00000000000
Binary files a/content/manuals/ai/gordon/images/gordon.webp and /dev/null differ
diff --git a/content/manuals/ai/gordon/images/toolbox.png b/content/manuals/ai/gordon/images/toolbox.png
new file mode 100644
index 00000000000..1ee8251f7d2
Binary files /dev/null and b/content/manuals/ai/gordon/images/toolbox.png differ
diff --git a/content/manuals/ai/gordon/images/toolbox.webp b/content/manuals/ai/gordon/images/toolbox.webp
deleted file mode 100644
index ae8fcf00680..00000000000
Binary files a/content/manuals/ai/gordon/images/toolbox.webp and /dev/null differ
diff --git a/content/manuals/ai/gordon/mcp/built-in-tools.md b/content/manuals/ai/gordon/mcp/built-in-tools.md
index 9fd76880ac1..9d253f0c445 100644
--- a/content/manuals/ai/gordon/mcp/built-in-tools.md
+++ b/content/manuals/ai/gordon/mcp/built-in-tools.md
@@ -21,13 +21,13 @@ To configure:
1. On the **Ask Gordon** view in Docker Desktop, select the `Toolbox` button in the bottom left of the input area.
- 
+ 
-2. Choose the tools you want to make available. Selecting a card lets you view extra information regarding each tool and what it does.
+2. To enable or disable a tool, select it in the left-menu and select the toggle.
- 
+ 
- For more information on the possible tools, see [Reference](#reference).
+ For more information on the available Docker tools, see [Reference](#reference).
## Usage examples
@@ -108,7 +108,7 @@ $ docker ai "Show me logs from the auth-service pod"
```console
-# Scan for CVEs
+# Scan for CVEs
$ docker ai "Scan my application for security vulnerabilities"
# Get security recommendations
@@ -136,13 +136,11 @@ Tools to interact with your Docker containers, images, and volumes.
#### Container management
-| Name | Description |
-|------|-------------|
-| `list_containers` | List all Docker containers |
-| `remove_containers` | Remove one or more Docker containers |
-| `stop_container` | Stop a running Docker container |
-| `fetch_container_logs` | Retrieve logs from a Docker container |
-| `run_container` | Run a new Docker container |
+| Name | Description |
+|---------------|----------------------------------------|
+| `docker` | Access to the Docker CLI |
+| `list_builds` | List the builds in the Docker daemon |
+| `build_logs` | Show the build logs. |
#### Volume management
@@ -224,15 +222,12 @@ General-purpose development utilities.
| Tool | Description |
|------|-------------|
-| `list_models` | List all available AI models |
-| `pull_model` | Download an AI model |
+| `list_models` | List all available Docker models |
+| `pull_model` | Download an Docker model |
| `run_model` | Query a model with a prompt |
-| `remove_model` | Remove an AI model |
+| `remove_model` | Remove an Docker model |
-### AI Tool Catalog
+### Docker MCP Catalog
-When the [AI Tool
-Catalog](https://open.docker.com/extensions/marketplace?extensionId=docker/labs-ai-tools-for-devs)
-Docker Desktop extension is installed, all the tools enabled in the catalog are
-available for Gordon to use. After installation, you can enable the usage of the
-AI Tool Catalog tools in the toolbox section of Gordon.
+If you have enabled the [MCP Toolkit feature](../../mcp-catalog-and-toolkit/_index.md),
+all the tools you have enabled and configured are available for Gordon to use.
diff --git a/content/manuals/ai/gordon/mcp/yaml.md b/content/manuals/ai/gordon/mcp/yaml.md
index 326c5d6071a..806e2aaa7f6 100644
--- a/content/manuals/ai/gordon/mcp/yaml.md
+++ b/content/manuals/ai/gordon/mcp/yaml.md
@@ -132,42 +132,3 @@ you can get started:
With MCP support, Gordon offers powerful extensibility and flexibility to meet
your specific use cases whether you’re adding temporal awareness, file
management, or internet access.
-
-### Compatible MCP servers
-
-These are MCP servers that have been tested with Gordon and are known to be
-working:
-
-- `mcp/time`
-- `mcp/fetch`
-- `mcp/filesystem`
-- `mcp/postgres`
-- `mcp/git`
-- `mcp/sqlite`
-- `mcp/github`
-
-### Untested (should work with appropriate API tokens)
-
-These are MCP servers that were not tested but should work if given the
-appropriate API tokens:
-
-- `mcp/brave-search`
-- `mcp/gdrive`
-- `mcp/slack`
-- `mcp/google-maps`
-- `mcp/gitlab`
-- `mcp/everything`
-- `mcp/aws-kb-retrieval-server`
-- `mcp/sentry`
-
-### Unsupported
-
-These are MCP servers that are currently known to be unsupported:
-
-- `mcp/sequentialthinking` - (The tool description is too long)
-- `mcp/puppeteer` - Puppeteer sends back images and Gordon doesn’t know how to
- handle them, it only handles text responses from tools
-- `mcp/everart` - Everart sends back images and Gordon doesn’t know how to
- handle them, it only handles text responses from tools
-- `mcp/memory` - There is no way to configure the server to use a custom path
- for its knowledge base
diff --git a/content/manuals/ai/mcp-catalog-and-toolkit/catalog.md b/content/manuals/ai/mcp-catalog-and-toolkit/catalog.md
index 96d3b6fb233..7ab44e7fd15 100644
--- a/content/manuals/ai/mcp-catalog-and-toolkit/catalog.md
+++ b/content/manuals/ai/mcp-catalog-and-toolkit/catalog.md
@@ -44,4 +44,11 @@ To use an MCP server from the catalog, see [MCP toolkit](toolkit.md).
## Contribute an MCP server to the catalog
-To add an MCP server to the Docker MCP catalog, fill out the Docker [MCP submission form](https://www.docker.com/products/mcp-catalog-and-toolkit/#get_updates).
+The MCP server registry is available at https://github.com/docker/mcp-registry. To submit an MCP server:
+follow the [contributing guidelines](https://github.com/docker/mcp-registry/blob/main/CONTRIBUTING.md).
+
+When your pull request is reviewed and approved, your MCP server is available in 24 hours on:
+
+- Docker Desktop's [MCP Toolkit feature](toolkit.md)
+- The [Docker MCP catalog](https://hub.docker.com/mcp)
+- The [Docker Hub](https://hub.docker.com/u/mcp) mcp namespace (for MCP servers built by Docker)
diff --git a/content/manuals/ai/model-runner/_index.md b/content/manuals/ai/model-runner/_index.md
index 549575dc923..bda21d4d198 100644
--- a/content/manuals/ai/model-runner/_index.md
+++ b/content/manuals/ai/model-runner/_index.md
@@ -16,6 +16,22 @@ aliases:
{{< summary-bar feature_name="Docker Model Runner" >}}
+Docker Model Runner makes it easy to manage, run, and
+deploy AI models using Docker. Designed for developers,
+Docker Model Runner streamlines the process of pulling, running, and serving
+large language models (LLMs) and other AI models directly from Docker Hub or any
+OCI-compliant registry.
+
+With seamless integration into Docker Desktop and Docker
+Engine, you can serve models via OpenAI-compatible APIs, package GGUF files as
+OCI Artifacts, and interact with models from both the command line and graphical
+interface.
+
+Whether you're building generative AI applications, experimenting with machine
+learning workflows, or integrating AI into your software development lifecycle,
+Docker Model Runner provides a consistent, secure, and efficient way to work
+with AI models locally.
+
## Key features
- [Pull and push models to and from Docker Hub](https://hub.docker.com/u/ai)
diff --git a/content/manuals/billing/cycle.md b/content/manuals/billing/cycle.md
index b72ef3ead8d..439a9c90d15 100644
--- a/content/manuals/billing/cycle.md
+++ b/content/manuals/billing/cycle.md
@@ -5,13 +5,15 @@ description: Learn to change your billing cycle for your Docker subscription
keywords: billing, cycle, payments, subscription
---
-You can pay for a subscription on a monthly or yearly billing cycle. You select your preferred billing cycle when you buy your subscription.
+You can pay for a subscription on a monthly or yearly billing cycle. You select
+your preferred billing cycle when you buy your subscription.
> [!NOTE]
>
> Business subscriptions are available only on yearly billing cycle.
-If you have a monthly billing cycle, you can choose to switch to an annual billing cycle.
+If you have a monthly billing cycle, you can choose to switch to an annual
+billing cycle.
> [!NOTE]
>
@@ -19,9 +21,17 @@ If you have a monthly billing cycle, you can choose to switch to an annual billi
When you change the billing cycle's duration:
-- The next billing date reflects the new cycle. To find your next billing date, see [View renewal date](history.md#view-renewal-date).
-- The subscription's start date resets. For example, if the start date of the monthly subscription is March 1st and the end date is April 1st, then after switching the billing duration to March 15th, 2024 the new start date is March 15th, 2024, and the new end date is March 15th, 2025.
-- Any unused monthly subscription is prorated and applied as credit towards the new annual period. For example, if you switch from a $10 monthly subscription to a $100 annual subscription, deducting the unused monthly value (in this case $5), the migration cost becomes $95 ($100 - $5). The renewal cost after March 15, 2025 is $100.
+- The next billing date reflects the new cycle. To find your next billing date,
+see [View renewal date](history.md#view-renewal-date).
+- The subscription's start date resets. For example, if the start date of the
+monthly subscription is March 1st and the end date is April 1st, then after
+switching the billing duration to March 15th, 2024 the new start date is March
+15th, 2024, and the new end date is March 15th, 2025.
+- Any unused monthly subscription is prorated and applied as credit towards the
+new annual period. For example, if you switch from a $10 monthly subscription to
+a $100 annual subscription, deducting the unused monthly value
+(in this case $5), the migration cost becomes $95 ($100 - $5). The renewal cost
+after March 15, 2025 is $100.
{{% include "tax-compliance.md" %}}
@@ -32,19 +42,22 @@ When you change the billing cycle's duration:
To change your billing cycle:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. On the plans and usage page, select **Switch to annual billing**.
-4. Verify your billing information.
-5. Select **Continue to payment**.
-6. Verify payment information and select **Upgrade subscription**.
+1. Sign in to [Docker Home](https://app.docker.com/) and select
+your organization.
+1. Select **Billing**.
+1. On the plans and usage page, select **Switch to annual billing**.
+1. Verify your billing information.
+1. Select **Continue to payment**.
+1. Verify payment information and select **Upgrade subscription**.
> [!NOTE]
>
> If you choose to pay using a US bank account, you must verify the account. For
-> more information, see [Verify a bank account](manuals/billing/payment-method.md#verify-a-bank-account).
+> more information, see
+[Verify a bank account](manuals/billing/payment-method.md#verify-a-bank-account).
-The billing plans and usage page will now reflect your new annual subscription details.
+The billing plans and usage page will now reflect your new annual subscription
+details.
{{< /tab >}}
{{< tab name="Legacy Docker subscription" >}}
@@ -52,10 +65,10 @@ The billing plans and usage page will now reflect your new annual subscription d
To change your billing cycle:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select your avatar in the top-right corner.
-3. From the drop-down menu select **Billing**.
-4. In the bottom-right of the **Plan** tab, select **Switch to annual billing**.
-5. Review the information displayed on the **Change to an Annual subscription** page and select **Accept Terms and Purchase** to confirm.
+1. Select your organization, then select **Billing**.
+1. In the bottom-right of the **Plan** tab, select **Switch to annual billing**.
+1. Review the information displayed on the **Change to an Annual subscription**
+page and select **Accept Terms and Purchase** to confirm.
{{< /tab >}}
{{< /tabs >}}
@@ -71,17 +84,19 @@ To change your billing cycle:
To change your organization's billing cycle:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. On the plans and usage page, select **Switch to annual billing**.
-4. Verify your billing information.
-5. Select **Continue to payment**.
-6. Verify payment information and select **Upgrade subscription**.
+1. Sign in to [Docker Home](https://app.docker.com/) and select
+your organization.
+1. Select **Billing**.
+1. On the plans and usage page, select **Switch to annual billing**.
+1. Verify your billing information.
+1. Select **Continue to payment**.
+1. Verify payment information and select **Upgrade subscription**.
> [!NOTE]
>
> If you choose to pay using a US bank account, you must verify the account. For
-> more information, see [Verify a bank account](manuals/billing/payment-method.md#verify-a-bank-account).
+> more information, see
+> [Verify a bank account](manuals/billing/payment-method.md#verify-a-bank-account).
{{< /tab >}}
{{< tab name="Legacy Docker subscription" >}}
@@ -89,10 +104,10 @@ To change your organization's billing cycle:
To change your organization's billing cycle:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select **My Hub** from the top-level navigation.
-3. Select the organization that you want to change the payment method for, and then select **Billing**.
-4. Select **Switch to annual billing**.
-5. Review the information displayed on the **Change to an Annual subscription** page and select **Accept Terms and Purchase** to confirm.
+1. Select your organization, then select **Billing**.
+1. Select **Switch to annual billing**.
+1. Review the information displayed on the **Change to an Annual subscription**
+page and select **Accept Terms and Purchase** to confirm.
{{< /tab >}}
{{< /tabs >}}
\ No newline at end of file
diff --git a/content/manuals/billing/details.md b/content/manuals/billing/details.md
index a26b1d42325..f88b1a8545c 100644
--- a/content/manuals/billing/details.md
+++ b/content/manuals/billing/details.md
@@ -20,19 +20,20 @@ The billing information provided appears on all your billing invoices. The email
To update your billing information:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. Select **Billing information** from the left-hand navigation.
-4. On your billing information card, select **Change**.
-5. Update your billing contact and billing address information.
-6. Optional. To add or update a VAT ID, select the **I'm purchasing as a business** checkbox and enter your Tax ID.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Billing**.
+1. Select **Billing information** from the left-hand navigation.
+1. On your billing information card, select **Change**.
+1. Update your billing contact and billing address information.
+1. Optional. To add or update a VAT ID, select the **I'm purchasing as a business** checkbox and enter your Tax ID.
> [!IMPORTANT]
>
> Your VAT number must include your country prefix. For example, if you are
entering a VAT number for Germany, you would enter `DE123456789`.
-7. Select **Update**.
+1. Select **Update**.
{{< /tab >}}
{{< tab name="Legacy Docker subscription" >}}
@@ -40,17 +41,16 @@ To update your billing information:
To update your billing information:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select your avatar in the top-right corner.
-3. From the drop-down menu, select **Billing**.
-4. Select **Billing Address** and enter your updated billing information.
-5. Optional. To add or update a VAT ID, enter your **Tax ID/VAT**.
+1. Select your organization, then select **Billing**.
+1. Select **Billing Address** and enter your updated billing information.
+1. Optional. To add or update a VAT ID, enter your **Tax ID/VAT**.
> [!IMPORTANT]
>
> Your VAT number must include your country prefix. For example, if you are
entering a VAT number for Germany, you would enter `DE123456789`.
-6. Select **Submit**.
+1. Select **Submit**.
{{< /tab >}}
{{< /tabs >}}
@@ -66,19 +66,20 @@ To update your billing information:
To update your billing information:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. Select **Billing information** from the left-hand navigation.
-4. On your billing information card, select **Change**.
-5. Update your billing contact and billing address information.
-6. Optional. To add or update a VAT ID, select the **I'm purchasing as a business** checkbox and enter your Tax ID.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Billing**.
+1. Select **Billing information** from the left-hand navigation.
+1. On your billing information card, select **Change**.
+1. Update your billing contact and billing address information.
+1. Optional. To add or update a VAT ID, select the **I'm purchasing as a business** checkbox and enter your Tax ID.
> [!IMPORTANT]
>
> Your VAT number must include your country prefix. For example, if you are
entering a VAT number for Germany, you would enter `DE123456789`.
-7. Select **Update**.
+1. Select **Update**.
{{< /tab >}}
{{< tab name="Legacy Docker subscription" >}}
@@ -86,18 +87,16 @@ To update your billing information:
To update your billing information:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select your avatar in the top-right corner.
-3. From the drop-down menu select **Billing**.
-4. Select the organization that you want to change the payment method for.
-5. Select **Billing Address**.
-6. Optional. To add or update a VAT ID, enter your **Tax ID/VAT**.
+1. Select your organization, then select **Billing**.
+1. Select **Billing Address**.
+1. Optional. To add or update a VAT ID, enter your **Tax ID/VAT**.
> [!IMPORTANT]
>
> Your VAT number must include your country prefix. For example, if you are
entering a VAT number for Germany, you would enter `DE123456789`.
-7. Select **Submit**.
+1. Select **Submit**.
{{< /tab >}}
{{< /tabs >}}
@@ -111,7 +110,8 @@ Docker sends the following billing-related emails:
- Notifications of credit or debit card payment failures.
- Notifications of credit or debit card expiration.
- Confirmation of a cancelled subscription
-- Reminders of subscription renewals for annual subscribers. This is sent 14 days before the renewal date.
+- Reminders of subscription renewals for annual subscribers. This is sent 14
+days before the renewal date.
You can update the email address that receives billing invoices at any time.
@@ -122,11 +122,12 @@ You can update the email address that receives billing invoices at any time.
To update your billing email address:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. Select **Billing information** from the left-hand navigation.
-4. On your billing information card, select **Change**.
-5. Update your billing contact information and select **Update**.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Billing**.
+1. Select **Billing information** from the left-hand navigation.
+1. On your billing information card, select **Change**.
+1. Update your billing contact information and select **Update**.
{{< /tab >}}
{{< tab name="Legacy Docker subscription" >}}
@@ -134,11 +135,10 @@ To update your billing email address:
To update your billing email address:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select your avatar in the top-right corner.
-3. From the drop-down menu select **Billing**.
-4. Select **Billing Address**.
-5. Update the email address in the **Billing contact** section.
-6. Select **Submit**.
+1. Select your organization, then select **Billing**.
+1. Select **Billing Address**.
+1. Update the email address in the **Billing contact** section.
+1. Select **Submit**.
{{< /tab >}}
{{< /tabs >}}
@@ -150,11 +150,12 @@ To update your billing email address:
To update your billing email address:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. Select **Billing information** from the left-hand navigation.
-4. On your billing information card, select **Change**.
-5. Update your billing contact information and select **Update**.
+1. Sign in to [Docker Home](https://app.docker.com/) and select
+your organization.
+1. Select **Billing**.
+1. Select **Billing information** from the left-hand navigation.
+1. On your billing information card, select **Change**.
+1. Update your billing contact information and select **Update**.
{{< /tab >}}
{{< tab name="Legacy Docker subscription" >}}
@@ -162,12 +163,11 @@ To update your billing email address:
To update your billing email address:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select your avatar in the top-right corner.
-3. From the drop-down menu select **Billing**.
-4. Select the name of the organization.
-5. Select **Billing Address**.
-6. Update the email address in the **Billing contact** section.
-7. Select **Submit**.
+1. Select your organization, then select **Billing**.
+1. Select the name of the organization.
+1. Select **Billing Address**.
+1. Update the email address in the **Billing contact** section.
+1. Select **Submit**.
{{< /tab >}}
{{< /tabs >}}
diff --git a/content/manuals/billing/history.md b/content/manuals/billing/history.md
index ecb3139c53d..0e64a9c75a6 100644
--- a/content/manuals/billing/history.md
+++ b/content/manuals/billing/history.md
@@ -37,7 +37,7 @@ You can’t make changes to a paid or unpaid billing invoice. When you update yo
{{< tabs >}}
{{< tab name="Docker subscription" >}}
-You receive your invoice when the subscription renews. To verify your renewal date, sign in to the [Docker Home Billing](https://app.docker.com/billing). Your renewal date and amount are displayed on your subscription card.
+You receive your invoice when the subscription renews. To verify your renewal date, sign in to [Docker Billing](https://app.docker.com/billing). Your renewal date and amount are displayed on your subscription card.
{{< /tab >}}
@@ -64,19 +64,20 @@ You receive your invoice when the subscription renews. To verify your renewal da
To add or update your VAT number:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. Select **Billing information** from the left-hand menu.
-4. Select **Change** on your billing information card.
-5. Ensure the **I'm purchasing as a business** checkbox is checked.
-6. Enter your VAT number in the Tax ID section.
+1. Sign in to [Docker Home](https://app.docker.com/) and choose your
+organization.
+1. Select **Billing**.
+1. Select **Billing information** from the left-hand menu.
+1. Select **Change** on your billing information card.
+1. Ensure the **I'm purchasing as a business** checkbox is checked.
+1. Enter your VAT number in the Tax ID section.
> [!IMPORTANT]
>
> Your VAT number must include your country prefix. For example, if you are
entering a VAT number for Germany, you would enter `DE123456789`.
-7. Select **Update**.
+1. Select **Update**.
Your VAT number will be included on your next invoice.
@@ -86,17 +87,17 @@ Your VAT number will be included on your next invoice.
To add or update your VAT number:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. For user accounts, Select your avatar in the top-right corner, then **Billing**. For organizations, select the name of the organization.
-3. Select the **Billing address** link.
-4. In the **Billing Information** section, select **Update information**.
-5. Enter your VAT number in the Tax ID section.
+1. Select your organization, then select **Billing**.
+1. Select the **Billing address** link.
+1. In the **Billing Information** section, select **Update information**.
+1. Enter your VAT number in the Tax ID section.
> [!IMPORTANT]
>
> Your VAT number must include your country prefix. For example, if you are
entering a VAT number for Germany, you would enter `DE123456789`.
-6. Select **Save**.
+1. Select **Save**.
Your VAT number will be included on your next invoice.
@@ -114,11 +115,12 @@ You can view the billing history and download past invoices for a personal accou
To view billing history:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. Select **Invoices** from the left-hand menu.
-4. Optional. Select the **Invoice number** to open invoice details.
-5. Optional. Select the **Download** button to download an invoice.
+1. Sign in to [Docker Home](https://app.docker.com/) and choose your
+organization.
+1. Select **Billing**.
+1. Select **Invoices** from the left-hand menu.
+1. Optional. Select the **Invoice number** to open invoice details.
+1. Optional. Select the **Download** button to download an invoice.
{{< /tab >}}
{{< tab name="Legacy Docker subscription" >}}
@@ -126,12 +128,11 @@ To view billing history:
To view billing history:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select your avatar in the top-right corner.
-3. From the drop-down menu select **Billing**.
-4. Select the **Payment methods and billing history** link.
- You can find your past invoices in the **Invoice History** section.
+1. Select your organization, then select **Billing**.
+1. Select the **Payment methods and billing history** link.
-From here you can download an invoice.
+You can find your past invoices in the **Invoice History** section, where
+you can download an invoice.
{{< /tab >}}
{{< /tabs >}}
@@ -147,11 +148,12 @@ From here you can download an invoice.
To view billing history:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. Select **Invoices** from the left-hand menu.
-4. Optional. Select the **invoice number** to open invoice details.
-5. Optional. Select the **download** button to download an invoice.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Billing**.
+1. Select **Invoices** from the left-hand menu.
+1. Optional. Select the **invoice number** to open invoice details.
+1. Optional. Select the **download** button to download an invoice.
{{< /tab >}}
{{< tab name="Legacy Docker subscription" >}}
@@ -159,12 +161,11 @@ To view billing history:
To view billing history:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select your avatar in the top-right corner.
-3. From the drop-down menu select **Billing**.
-4. Select the **Payment methods and billing history** link.
- You can find your past invoices in the **Invoice History** section.
+1. Select your organization, then select **Billing**.
+1. Select the **Payment methods and billing history** link.
-From here you can download an invoice.
+You can find your past invoices in the **Invoice History** section, where you
+can download an invoice.
{{< /tab >}}
{{< /tabs >}}
diff --git a/content/manuals/billing/payment-method.md b/content/manuals/billing/payment-method.md
index 72a663f28e5..9354051d16e 100644
--- a/content/manuals/billing/payment-method.md
+++ b/content/manuals/billing/payment-method.md
@@ -43,11 +43,12 @@ All currency, for example the amount listed on your billing invoice, is in Unite
To add a payment method:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. Select **Payment methods** from the left-hand menu.
-4. Select **Add payment method**.
-5. Enter your new payment information:
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Billing**.
+1. Select **Payment methods** from the left-hand menu.
+1. Select **Add payment method**.
+1. Enter your new payment information:
- If you are adding a card:
- Select **Card** and fill out the card information form.
- If you are adding a Link payment:
@@ -59,9 +60,9 @@ To add a payment method:
- If your bank is listed, select your bank's name.
- If your bank is not listed, select **Search for your bank**.
- To verify your bank account, see [Verify a bank account](manuals/billing/payment-method.md#verify-a-bank-account).
-6. Select **Add payment method**.
-7. Optional. You can set a new default payment method by selecting the **Set as default** action.
-8. Optional. You can remove non-default payment methods by selecting the **Delete** action.
+1. Select **Add payment method**.
+1. Optional. You can set a new default payment method by selecting the **Set as default** action.
+1. Optional. You can remove non-default payment methods by selecting the **Delete** action.
> [!NOTE]
>
@@ -74,19 +75,18 @@ To add a payment method:
To add a payment method:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select your avatar in the top-right corner.
-3. From the drop-down menu select **Billing**.
-4. Select the **Payment methods and billing history** link.
-5. In the **Payment method** section, select **Add payment method**.
-6. Enter your new payment information:
+1. Select **Billing**.
+1. Select the **Payment methods** link.
+1. Select **Add payment method**.
+1. Enter your new payment information:
- If you are adding a card:
- Select **Card** and fill out the card information form.
- If you are adding a Link payment:
- Select **Secure, 1-click checkout with Link** and enter your Link **email address** and **phone number**.
- If you are not an existing Link customer, you must fill out the card information form to store a card for Link payments.
-7. Select **Add**.
-8. Select the **Actions** icon, then select **Make default** to ensure that your new payment method applies to all purchases and subscriptions.
-9. Optional. You can remove non-default payment methods by selecting the **Actions** icon. Then, select **Delete**.
+1. Select **Add**.
+1. Select the **Actions** icon, then select **Make default** to ensure that your new payment method applies to all purchases and subscriptions.
+1. Optional. You can remove non-default payment methods by selecting the **Actions** icon. Then, select **Delete**.
{{< /tab >}}
{{< /tabs >}}
@@ -102,12 +102,12 @@ To add a payment method:
To add a payment method:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. Choose your organization from the top-left drop-down.
-4. Select **Payment methods** from the left-hand menu.
-5. Select **Add payment method**.
-6. Enter your new payment information:
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Billing**.
+1. Select **Payment methods** from the left-hand menu.
+1. Select **Add payment method**.
+1. Enter your new payment information:
- If you are adding a card:
- Select **Card** and fill out the card information form.
- If you are adding a Link payment:
@@ -119,10 +119,10 @@ To add a payment method:
- If your bank is listed, select your bank's name.
- If your bank is not listed, select **Search for your bank**.
- To verify your bank account, see [Verify a bank account](manuals/billing/payment-method.md#verify-a-bank-account).
-7. Select **Add payment method**.
-8. Select **Add payment method**.
-9. Optional. You can set a new default payment method by selecting the **Set as default** action.
-10. Optional. You can remove non-default payment methods by selecting the **Delete** action.
+1. Select **Add payment method**.
+1. Select **Add payment method**.
+1. Optional. You can set a new default payment method by selecting the **Set as default** action.
+1. Optional. You can remove non-default payment methods by selecting the **Delete** action.
> [!NOTE]
>
@@ -135,20 +135,18 @@ To add a payment method:
To add a payment method:
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select your avatar in the top-right corner.
-3. From the drop-down menu select **Billing**.
-4. Select the organization account you want to update.
-5. Select the **Payment methods and billing history** link.
-6. In the **Payment Method** section, select **Add payment method**.
-7. Enter your new payment information:
+1. Select your organization, then select **Billing**.
+1. Select the **Payment methods** link.
+1. Select **Add payment method**.
+1. Enter your new payment information:
- If you are adding a card:
- Select **Card** and fill out the card information form.
- If you are adding a Link payment:
- Select **Secure, 1-click checkout with Link** and enter your Link **email address** and **phone number**.
- If you are not an existing Link customer, you must fill out the card information form to store a card for Link payments.
-8. Select **Add payment method**.
-9. Select the **Actions** icon, then select **Make default** to ensure that your new payment method applies to all purchases and subscriptions.
-10. Optional. You can remove non-default payment methods by selecting the **Actions** icon. Then, select **Delete**.
+1. Select **Add payment method**.
+1. Select the **Actions** icon, then select **Make default** to ensure that your new payment method applies to all purchases and subscriptions.
+1. Optional. You can remove non-default payment methods by selecting the **Actions** icon. Then, select **Delete**.
{{< /tab >}}
{{< /tabs >}}
@@ -166,12 +164,12 @@ To verify your bank account instantly, you must sign in to your bank account
from the Docker billing flow:
1. Choose **US bank account** as your payment method.
-2. Verify your **Email** and **Full name**.
-3. If your bank is listed, select your bank's name or select **Search for your bank**.
-4. Sign in to your bank and review the terms and conditions. This agreement
+1. Verify your **Email** and **Full name**.
+1. If your bank is listed, select your bank's name or select **Search for your bank**.
+1. Sign in to your bank and review the terms and conditions. This agreement
allows Docker to debit payments from your connected bank account.
-5. Select **Agree and continue**.
-6. Select an account to link and verify, and select **Connect account**.
+1. Select **Agree and continue**.
+1. Select an account to link and verify, and select **Connect account**.
When the account is verified, you will see a success message in the pop-up modal.
@@ -180,11 +178,11 @@ When the account is verified, you will see a success message in the pop-up modal
To verify your bank account manually, you must enter the micro-deposit amount from your bank statement:
1. Choose **US bank account** as your payment method.
-2. Verify your **Email** and **First and last name**.
-3. Select **Enter bank details manually instead**.
-4. Enter your bank details: **Routing number** and **Account number**.
-5. Select **Submit**.
-6. You will receive an email with instructions on how to manually verify.
+1. Verify your **Email** and **First and last name**.
+1. Select **Enter bank details manually instead**.
+1. Enter your bank details: **Routing number** and **Account number**.
+1. Select **Submit**.
+1. You will receive an email with instructions on how to manually verify.
Manual verification uses micro-deposits. You should see a small deposit
(e.g. $-0.01) in your bank account in 1-2 business days. Open your manual verification email and enter the amount of this deposit to verify your account.
diff --git a/content/manuals/compose/releases/release-notes.md b/content/manuals/compose/releases/release-notes.md
index 1c362d40b68..b629c8d4098 100644
--- a/content/manuals/compose/releases/release-notes.md
+++ b/content/manuals/compose/releases/release-notes.md
@@ -13,6 +13,20 @@ aliases:
For more detailed information, see the [release notes in the Compose repo](https://github.com/docker/compose/releases/).
+## 2.37.3
+
+{{< release-date date="2025-06-24" >}}
+
+### Bug fixes and enhancements
+
+- Added support of `cache_to` for Bake
+- Fixed issue with Bake integration
+- Fixed multiple issues affecting `run` command
+
+### Update
+
+- Dependencies upgrade: bump buildkit to v0.23.1
+
## 2.37.2
{{< release-date date="2025-06-20" >}}
diff --git a/content/manuals/desktop/setup/install/enterprise-deployment/msi-install-and-configure.md b/content/manuals/desktop/setup/install/enterprise-deployment/msi-install-and-configure.md
index 1726ca95a04..bfdd2df5043 100644
--- a/content/manuals/desktop/setup/install/enterprise-deployment/msi-install-and-configure.md
+++ b/content/manuals/desktop/setup/install/enterprise-deployment/msi-install-and-configure.md
@@ -17,8 +17,8 @@ The MSI package supports various MDM (Mobile Device Management) solutions, makin
## Install interactively
-1. In the [Docker Admin Console](http://admin.docker.com/), navigate to your organization.
-2. Under **Docker Desktop**, select the **Deploy** page.
+1. In [Docker Home](http://app.docker.com), choose your organization.
+2. Select **Admin Console**, then **Enterprise deployment**.
3. From the **Windows OS** tab, select the **Download MSI installer** button.
4. Once downloaded, double-click `Docker Desktop Installer.msi` to run the installer.
5. After accepting the license agreement, choose the install location. By default, Docker Desktop is installed at `C:\Program Files\Docker\Docker`.
@@ -35,6 +35,7 @@ The MSI package supports various MDM (Mobile Device Management) solutions, makin
8. When the installation is successful, select **Finish** to complete the installation process.
If your administrator account is different from your user account, you must add the user to the **docker-users** group to access features that require higher privileges, such as creating and managing the Hyper-V VM, or using Windows containers:
+
1. Run **Computer Management** as an **administrator**.
2. Navigate to **Local Users and Groups** > **Groups** > **docker-users**.
3. Right-click to add the user to the group.
@@ -44,7 +45,7 @@ If your administrator account is different from your user account, you must add
>
> When installing Docker Desktop with the MSI, in-app updates are automatically disabled. This ensures organizations can maintain version consistency and prevent unapproved updates. For Docker Desktop installed with the .exe installer, in-app updates remain supported.
>
-> Docker Desktop notifies you when an update is available. To update Docker Desktop, download the latest installer from the Docker Admin Console. Navigate to the **Deploy** page > under **Docker Desktop**.
+> Docker Desktop notifies you when an update is available. To update Docker Desktop, download the latest installer from the Docker Admin Console. Navigate to the **Enterprise deployment** page.
>
> To keep up to date with new releases, check the [release notes](/manuals/desktop/release-notes.md) page.
@@ -99,13 +100,13 @@ msiexec /i "DockerDesktop.msi" /L*V ".\msi.log" /quiet /norestart
#### Install non-interactively with admin settings
```powershell
-msiexec /i "DockerDesktop.msi" /L*V ".\msi.log" /quiet /norestart ADMINSETTINGS="{"configurationFileVersion":2,"enhancedContainerIsolation":{"value":true,"locked":false}}" ALLOWEDORG="docker"
+msiexec /i "DockerDesktop.msi" /L*V ".\msi.log" /quiet /norestart ADMINSETTINGS="{"configurationFileVersion":2,"enhancedContainerIsolation":{"value":true,"locked":false}}" ALLOWEDORG="your-organization"
```
#### Install interactively and allow users to switch to Windows containers without admin rights
```powershell
-msiexec /i "DockerDesktop.msi" /L*V ".\msi.log" /quiet /norestart ALLOWEDORG="docker" ALWAYSRUNSERVICE=1
+msiexec /i "DockerDesktop.msi" /L*V ".\msi.log" /quiet /norestart ALLOWEDORG="your-organization" ALWAYSRUNSERVICE=1
```
#### Install with the passive display option
diff --git a/content/manuals/desktop/setup/install/enterprise-deployment/pkg-install-and-configure.md b/content/manuals/desktop/setup/install/enterprise-deployment/pkg-install-and-configure.md
index 94f0ec00e16..899ac525f77 100644
--- a/content/manuals/desktop/setup/install/enterprise-deployment/pkg-install-and-configure.md
+++ b/content/manuals/desktop/setup/install/enterprise-deployment/pkg-install-and-configure.md
@@ -12,8 +12,8 @@ The PKG package supports various MDM (Mobile Device Management) solutions, makin
## Install interactively
-1. In the [Docker Admin Console](http://admin.docker.com/), navigate to your organization.
-2. Under **Docker Desktop**, select the **Deploy** page.
+1. In [Docker Home](http://app.docker.com), choose your organization.
+2. Select **Admin Console**, then **Enterprise deployment**.
3. From the **macOS** tab, select the **Download PKG installer** button.
4. Once downloaded, double-click `Docker.pkg` to run the installer.
5. Follow the instructions on the installation wizard to authorize the installer and proceed with the installation.
@@ -28,14 +28,14 @@ The PKG package supports various MDM (Mobile Device Management) solutions, makin
>
> When installing Docker Desktop with the PKG, in-app updates are automatically disabled. This ensures organizations can maintain version consistency and prevent unapproved updates. For Docker Desktop installed with the `.dmg` installer, in-app updates remain supported.
>
-> Docker Desktop notifies you when an update is available. To update Docker Desktop, download the latest installer from the Docker Admin Console. Navigate to the **Deploy** page > under **Docker Desktop**.
+> Docker Desktop notifies you when an update is available. To update Docker Desktop, download the latest installer from the Docker Admin Console. Navigate to the **Enterprise deployment** page.
>
> To keep up to date with new releases, check the [release notes](/manuals/desktop/release-notes.md) page.
## Install from the command line
-1. In the [Docker Admin Console](http://admin.docker.com/), navigate to your organization.
-2. Under **Security and access**, select the **Deploy Docker Desktop** page.
+1. In [Docker Home](http://app.docker.com), choose your organization.
+2. Select **Admin Console**, then **Enterprise deployment**.
3. From the **macOS** tab, select the **Download PKG installer** button.
4. From your terminal, run the following command:
diff --git a/content/manuals/engine/daemon/logs.md b/content/manuals/engine/daemon/logs.md
index 0b09f3e8e3b..9a564b9fd3b 100644
--- a/content/manuals/engine/daemon/logs.md
+++ b/content/manuals/engine/daemon/logs.md
@@ -117,7 +117,7 @@ The Docker daemon log can be viewed by using one of the following methods:
Look in the Docker logs for a message like the following:
-```none
+```text
...goroutine stacks written to /var/run/docker/goroutine-stacks-2017-06-02T193336z.log
```
diff --git a/content/manuals/engine/release-notes/28.md b/content/manuals/engine/release-notes/28.md
index ee21b87027b..a8adba1edd6 100644
--- a/content/manuals/engine/release-notes/28.md
+++ b/content/manuals/engine/release-notes/28.md
@@ -23,6 +23,67 @@ For more information about:
- Deprecated and removed features, see [Deprecated Engine Features](../deprecated.md).
- Changes to the Engine API, see [Engine API version history](/reference/api/engine/version-history.md).
+## 28.3.0
+
+{{< release-date date="2025-06-24" >}}
+
+For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
+
+- [docker/cli, 28.3.0 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.3.0)
+- [moby/moby, 28.3.0 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.3.0)
+
+### New
+
+- Add support for AMD GPUs in `docker run --gpus`. [moby/moby#49952](https://github.com/moby/moby/pull/49952)
+- Use `DOCKER_AUTH_CONFIG` as a credential store. [docker/cli#6008](https://github.com/docker/cli/pull/6008)
+
+### Bug fixes and enhancements
+
+- Ensure that the state of the container in the daemon database (used by [/containers/json](https://docs.docker.com/reference/api/engine/version/v1.49/#tag/Container/operation/ContainerList) API) is up to date when the container is stopped using the [/containers/{id}/stop](https://docs.docker.com/reference/api/engine/version/v1.49/#tag/Container/operation/ContainerStop) API (before response of API). [moby/moby#50136](https://github.com/moby/moby/pull/50136)
+- Fix `docker image inspect inspect` omitting empty fields. [moby/moby#50135](https://github.com/moby/moby/pull/50135)
+- Fix `docker images --tree` not marking images as in-use when the containerd image store is disabled. [docker/cli#6140](https://github.com/docker/cli/pull/6140)
+- Fix `docker pull/push` hang in non-interactive when authentication is required caused by prompting for login credentials. [docker/cli#6141](https://github.com/docker/cli/pull/6141)
+- Fix a potential resource leak when a node leaves a Swarm. [moby/moby#50115](https://github.com/moby/moby/pull/50115)
+- Fix a regression where a login prompt on `docker pull` would show Docker Hub-specific hints when logging in on other registries. [docker/cli#6135](https://github.com/docker/cli/pull/6135)
+- Fix an issue where all new tasks in the Swarm could get stuck in the PENDING state forever after scaling up a service with placement preferences. [moby/moby#50211](https://github.com/moby/moby/pull/50211)
+- Remove an undocumented, hidden, top-level `docker remove` command that was accidentally introduced in Docker 23.0. [docker/cli#6144](https://github.com/docker/cli/pull/6144)
+- Validate registry-mirrors configuration as part of `dockerd --validate` and improve error messages for invalid mirrors. [moby/moby#50240](https://github.com/moby/moby/pull/50240)
+- `dockerd-rootless-setuptool.sh`: Fix the script from silently returning with no error message when subuid/subgid system requirements are not satisfied. [moby/moby#50059](https://github.com/moby/moby/pull/50059)
+- containerd image store: Fix `docker push` not creating a tag on the remote repository. [moby/moby#50199](https://github.com/moby/moby/pull/50199)
+- containerd image store: Improve handling of errors returned by the token server during `docker pull/push`. [moby/moby#50176](https://github.com/moby/moby/pull/50176)
+
+### Packaging updates
+
+- Allow customizing containerd service name for OpenRC. [moby/moby#50156](https://github.com/moby/moby/pull/50156)
+- Update BuildKit to [v0.23.1](https://github.com/moby/buildkit/releases/tag/v0.23.1). [moby/moby#50243](https://github.com/moby/moby/pull/50243)
+- Update Buildx to [v0.25.0](https://github.com/docker/buildx/releases/tag/v0.25.0). [docker/docker-ce-packaging#1217](https://github.com/docker/docker-ce-packaging/pull/1217)
+- Update Compose to [v2.37.2](https://github.com/docker/compose/releases/tag/v2.37.2). [docker/docker-ce-packaging#1219](https://github.com/docker/docker-ce-packaging/pull/1219)
+- Update Docker Model CLI plugin to [v0.1.30](https://github.com/docker/model-cli/releases/tag/v0.1.30). [docker/docker-ce-packaging#1218](https://github.com/docker/docker-ce-packaging/pull/1218)
+- Update Go runtime to [1.24.4](https://go.dev/doc/devel/release#go1.24.4). [docker/docker-ce-packaging#1213](https://github.com/docker/docker-ce-packaging/pull/1213), [moby/moby#50153](https://github.com/moby/moby/pull/50153), [docker/cli#6124](https://github.com/docker/cli/pull/6124)
+
+### Networking
+
+- Revert Swarm related changes added in 28.2.x builds, due to a regression reported in https://github.com/moby/moby/issues/50129. [moby/moby#50169](https://github.com/moby/moby/pull/50169)
+ * Revert: Fix an issue where `docker network inspect --verbose` could sometimes crash the daemon (https://github.com/moby/moby/pull/49937).
+ * Revert: Fix an issue where the load-balancer IP address for an overlay network would not be released in certain cases if the Swarm was lacking an ingress network (https://github.com/moby/moby/pull/49948).
+ * Revert: Improve the reliability of NetworkDB in busy clusters and lossy networks (https://github.com/moby/moby/pull/49932).
+ * Revert: Improvements to the reliability and convergence speed of NetworkDB (https://github.com/moby/moby/pull/49939).
+- Fix an issue that could cause container startup to fail, or lead to failed UDP port mappings, when some container ports are mapped to `0.0.0.0` and others are mapped to specific host addresses. [moby/moby#50054](https://github.com/moby/moby/pull/50054)
+- The `network inspect` response for an overlay network now reports that `EnableIPv4` is true. [moby/moby#50147](https://github.com/moby/moby/pull/50147)
+- Windows: Improve daemon startup time in cases where the host has networks of type `"Mirrored"`. [moby/moby#50155](https://github.com/moby/moby/pull/50155)
+- Windows: Make sure `docker system prune` and `docker network prune` only remove networks created by Docker. [moby/moby#50154](https://github.com/moby/moby/pull/50154)
+
+### API
+
+- Update API version to 1.51. [moby/moby#50145](https://github.com/moby/moby/pull/50145)
+- `GET /images/json` now sets the value of the `Containers` field for all images to the count of containers using the image. [moby/moby#50146](https://github.com/moby/moby/pull/50146)
+
+### Deprecations
+
+- Empty/nil image config fields in the `GET /images/{name}/json` response are now deprecated and will be removed in v29.0. [docker/cli#6129](https://github.com/docker/cli/pull/6129)
+- api/types/container: deprecate `ExecOptions.Detach`. This field is not used, and will be removed in a future release. [moby/moby#50219](https://github.com/moby/moby/pull/50219)
+- pkg/idtools: deprecate `IdentityMapping` and `Identity.Chown`. [moby/moby#50210](https://github.com/moby/moby/pull/50210)
+
## 28.2.2
{{< release-date date="2025-05-30" >}}
diff --git a/content/manuals/platform-release-notes.md b/content/manuals/platform-release-notes.md
index fa0dbb2e8d4..e595e8b6eb9 100644
--- a/content/manuals/platform-release-notes.md
+++ b/content/manuals/platform-release-notes.md
@@ -67,10 +67,10 @@ This page provides details on new features, enhancements, known issues, and bug
### New
-- Administrators can now view [organization insights](/manuals/admin/organization/insights.md) (Early Access).
+- Administrators can now view [organization Insights](/manuals/admin/organization/insights.md).
## 2024-07-17
### New
-- You can now centrally access and manage Docker products in [Docker Home](https://app.docker.com) (Early Access).
\ No newline at end of file
+- You can now centrally access and manage Docker products in [Docker Home](https://app.docker.com).
\ No newline at end of file
diff --git a/content/manuals/security/_index.md b/content/manuals/security/_index.md
index 755814c7e90..9bca77f06c7 100644
--- a/content/manuals/security/_index.md
+++ b/content/manuals/security/_index.md
@@ -31,9 +31,9 @@ grid_admins:
description: Configure sign-in for members of your teams and organizations.
link: /security/for-admins/enforce-sign-in/
icon: passkey
-- title: Domain audit
+- title: Domain management
description: Identify uncaptured users in your organization.
- link: /security/for-admins/domain-audit/
+ link: /security/for-admins/domain-management/
icon: person_search
- title: Docker Scout
description: Explore how Docker Scout can help you create a more secure software supply chain.
diff --git a/content/manuals/security/for-admins/access-tokens.md b/content/manuals/security/for-admins/access-tokens.md
index cddb9051c51..dbb807c54ac 100644
--- a/content/manuals/security/for-admins/access-tokens.md
+++ b/content/manuals/security/for-admins/access-tokens.md
@@ -10,9 +10,10 @@ linkTitle: Organization access tokens
> [!WARNING]
>
-> Organization access tokens (OATs) are incompatible with Docker Desktop.
+> Organization access tokens (OATs) are incompatible with Docker Desktop,
+> [Image Access Management (IAM)](/manuals/security/for-admins/hardened-desktop/image-access-management.md), and [Registry Access Management (RAM)](/manuals/security/for-admins/hardened-desktop/registry-access-management.md).
>
-> If you use Docker Desktop, you must use personal
+> If you use Docker Desktop, IAM, or RAM, you must use personal
> access tokens instead.
An organization access token (OAT) is like a [personal access token
@@ -64,28 +65,21 @@ Expired tokens count towards the total amount of tokens.
To create an OAT:
-1. Sign in to the [Admin Console](https://app.docker.com/admin).
-
-2. Select the organization you want to create an access token for.
-
-3. Under **Security and access**, select **Access tokens**.
-
-4. Select **Generate access token**.
-
-5. Add a label and optional description for your token. Use something that
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Admin Console**, then **Access tokens**.
+1. Select **Generate access token**.
+1. Add a label and optional description for your token. Use something that
indicates the use case or purpose of the token.
-
-6. Select the expiration date for the token.
-
-7. Expand the **Repository** drop-down to set access permission
+1. Select the expiration date for the token.
+1. Expand the **Repository** drop-down to set access permission
scopes for your token. To set Repository access scopes:
1. Optional. Select **Read public repositories**.
- 2. Select **Add repository** and choose a repository from the drop-down.
- 3. Set the scopes for your repository — **Image Push** or
+ 1. Select **Add repository** and choose a repository from the drop-down.
+ 1. Set the scopes for your repository — **Image Push** or
**Image Pull**.
- 4. Add more repositories as needed. You can add up to 50 repositories.
-
-8. Optional. Expand the **Organization** drop-down and select the
+ 1. Add more repositories as needed. You can add up to 50 repositories.
+1. Optional. Expand the **Organization** drop-down and select the
**Allow management access to this organization's resources** checkbox. This
setting enables organization management scopes for your token. The following
organization management scopes are available:
@@ -95,8 +89,7 @@ organization management scopes are available:
- **Invite Read**: Read invites to the organization
- **Group Edit**: Edit groups of the organization
- **Group Read**: Read groups of the organization
-
-9. Select **Generate token**. Copy the token that appears on the screen
+1. Select **Generate token**. Copy the token that appears on the screen
and save it. You won't be able to retrieve the token once you exit the
screen.
@@ -119,14 +112,8 @@ password.
You can rename, update the description, update the repository access,
deactivate, or delete a token as needed.
-1. Sign in to the [Admin Console](https://app.docker.com/admin).
-
-2. Select the organization you want to modify an access token for.
-
-3. Under **Security and access**, select **Access tokens**.
-
-4. Select the actions menu in the token row, then select
- **Deactivate**, **Edit**, or **Delete** to modify the token. For **Inactive**
- tokens, you can only select **Delete**.
-
-5. If editing a token, select **Save** after specifying your modifications.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Admin Console**, then **Access tokens**.
+1. Select the actions menu in the token row, then select **Deactivate**, **Edit**, or **Delete** to modify the token. For **Inactive** tokens, you can only select **Delete**.
+1. If editing a token, select **Save** after specifying your modifications.
diff --git a/content/manuals/security/for-admins/domain-audit.md b/content/manuals/security/for-admins/domain-audit.md
deleted file mode 100644
index ac9f13b920d..00000000000
--- a/content/manuals/security/for-admins/domain-audit.md
+++ /dev/null
@@ -1,61 +0,0 @@
----
-description: Learn how to audit your domains for uncaptured users.
-keywords: domain audit, security, identify users, manage users
-title: Domain audit
-aliases:
-- /docker-hub/domain-audit/
-- /admin/company/settings/domains/
-- /admin/organization/security-settings/domains/
-weight: 50
----
-
-{{< summary-bar feature_name="Domain audit" >}}
-
-Domain audit identifies uncaptured users in an organization. Uncaptured users are Docker users who have authenticated to Docker using an email address associated with one of your verified domains, but they're not a member of your organization in Docker. You can audit domains on organizations that are part of the Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](/subscription/upgrade/).
-
-Uncaptured users who access Docker Desktop in your environment may pose a security risk because your organization's security settings, like Image Access Management and Registry Access Management, aren't applied to a user's session. In addition, you won't have visibility into the activity of uncaptured users. You can add uncaptured users to your organization to gain visibility into their activity and apply your organization's security settings.
-
-Domain audit can't identify the following Docker users in your environment:
-
-- Users who access Docker Desktop without authenticating
-- Users who authenticate using an account that doesn't have an email address associated with one of your verified domains
-
-Although domain audit can't identify all Docker users in your environment, you can enforce sign-in to prevent unidentifiable users from accessing Docker Desktop in your environment. For more details about enforcing sign-in, see [Configure registry.json to enforce sign-in](../for-admins/enforce-sign-in/_index.md).
-
-> [!TIP]
->
-> You can use endpoint management (MDM) software to identify the number of Docker Desktop instances and their versions within your environment. This can provide accurate license reporting, help ensure your machines use the latest version of Docker Desktop, and enable you to [enforce sign-in](enforce-sign-in/_index.md).
-> - [Intune](https://learn.microsoft.com/en-us/mem/intune/apps/app-discovered-apps)
-> - [Jamf](https://docs.jamf.com/10.25.0/jamf-pro/administrator-guide/Application_Usage.html)
-> - [Kandji](https://support.kandji.io/support/solutions/articles/72000559793-view-a-device-application-list)
-> - [Kolide](https://www.kolide.com/features/device-inventory/properties/mac-apps)
-> - [Workspace One](https://blogs.vmware.com/euc/2022/11/how-to-use-workspace-one-intelligence-to-manage-app-licenses-and-reduce-costs.html)
-
-## Prerequisites
-
-Before you audit your domains, review the following required prerequisites:
-
-- Your organization must be part of a Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](../../subscription/change.md).
-- You must [add and verify your domains](./single-sign-on/configure/_index.md#step-one-add-and-verify-your-domain).
-
-> [!IMPORTANT]
->
-> Domain audit is not supported for companies or organizations within a company.
-
-## Audit your domains for uncaptured users
-
-{{< tabs >}}
-{{< tab name="Admin Console" >}}
-
-{{% admin-domain-audit product="admin" %}}
-
-{{< /tab >}}
-{{< tab name="Docker Hub" >}}
-
-{{% include "hub-org-management.md" %}}
-
-{{% admin-domain-audit product="hub" %}}
-
-{{< /tab >}}
-{{< /tabs >}}
-
diff --git a/content/manuals/security/for-admins/domain-management.md b/content/manuals/security/for-admins/domain-management.md
index 8a2e99a454f..81b8086012e 100644
--- a/content/manuals/security/for-admins/domain-management.md
+++ b/content/manuals/security/for-admins/domain-management.md
@@ -18,14 +18,13 @@ or control.
## Add a domain
-1. Sign in to the [Admin Console](https://admin.docker.com/).
-2. Select your organization or company from the **Choose profile** page.
-If your organization is part of a company, select the company
+1. Sign in to [Docker Home](https://app.docker.com) and select
+your organization. If your organization is part of a company, select the company
and configure the domain for the organization at the company level.
-3. Under **Security and access**, select **Domain management**.
-4. Select **Add a domain**.
-5. Enter your domain and select **Add domain**.
-6. In the pop-up modal, copy the **TXT Record Value** to verify your domain.
+1. Select **Admin Console**, then **Domain management**.
+1. Select **Add a domain**.
+1. Enter your domain and select **Add domain**.
+1. In the pop-up modal, copy the **TXT Record Value** to verify your domain.
## Verify a domain
@@ -56,7 +55,7 @@ domain name. These values may direct to the wrong place.
{{< tab name="AWS Route 53" >}}
1. To add your TXT record to AWS, see [Creating records by using the Amazon Route 53 console](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-creating.html).
-2. TXT record verification can take 72 hours. Once you have waited for
+1. TXT record verification can take 72 hours. Once you have waited for
TXT record verification, return to the **Domain management** page of the
[Admin Console](https://app.docker.com/admin) and select **Verify** next to
your domain name.
@@ -65,7 +64,7 @@ your domain name.
{{< tab name="Google Cloud DNS" >}}
1. To add your TXT record to Google Cloud DNS, see [Verifying your domain with a TXT record](https://cloud.google.com/identity/docs/verify-domain-txt).
-2. TXT record verification can take 72 hours. Once you have waited for TXT
+1. TXT record verification can take 72 hours. Once you have waited for TXT
record verification, return to the **Domain management** page of the
[Admin Console](https://app.docker.com/admin) and select **Verify** next to
your domain name.
@@ -74,7 +73,7 @@ your domain name.
{{< tab name="GoDaddy" >}}
1. To add your TXT record to GoDaddy, see [Add a TXT record](https://www.godaddy.com/help/add-a-txt-record-19232).
-2. TXT record verification can take 72 hours. Once you have waited for TXT
+1. TXT record verification can take 72 hours. Once you have waited for TXT
record verification, return to the **Domain management** page of the
[Admin Console](https://app.docker.com/admin) and select **Verify** next to your
domain name.
@@ -83,8 +82,8 @@ domain name.
{{< tab name="Other providers" >}}
1. Sign in to your domain host.
-2. Add a TXT record to your DNS settings and save the record.
-3. TXT record verification can take 72 hours. Once you have waited for TXT
+1. Add a TXT record to your DNS settings and save the record.
+1. TXT record verification can take 72 hours. Once you have waited for TXT
record verification, return to the **Domain management** page of the
[Admin Console](https://app.docker.com/admin) and select **Verify** next to
your domain name.
@@ -96,14 +95,13 @@ your domain name.
Deleting a domain removes the assigned TXT record value. To delete a domain:
-1. Sign in to the [Admin Console](https://admin.docker.com/).
-2. Select your organization or company from the **Choose profile** page.
-If your organization is part of a company, select the company
+1. Sign in to [Docker Home](https://app.docker.com) and select
+your organization. If your organization is part of a company, select the company
and configure the domain for the organization at the company level.
-3. Under **Security and access**, select **Domain management**.
-4. For the domain you want to delete, section the **Actions** menu, then
+1. Select **Admin Console**, then **Domain management**.
+1. For the domain you want to delete, section the **Actions** menu, then
**Delete domain**.
-5. To confirm, select **Delete domain** in the pop-up modal.
+1. To confirm, select **Delete domain** in the pop-up modal.
## Auto-provisioning
@@ -136,14 +134,16 @@ to accomodate new users, see [Manage seats](/manuals/subscription/manage-seats.m
Auto-provisioning is enabled per user. To enable
auto-provisioning:
-1. Open the [Admin Console](https://app.docker.com/admin).
-2. Select **Domain management** from the left-hand navigation.
-3. Select the **Actions menu** next to the user you want to enable
+1. Sign in to [Docker Home](https://app.docker.com) and select
+your organization. If your organization is part of a company, select the company
+and configure the domain for the organization at the company level.
+1. Select **Admin Console**, then **Domain management**.
+1. Select the **Actions menu** next to the user you want to enable
auto-provisioning for.
-4. Select **Enable auto-provisioning**.
-5. Optional. If enabling auto-provisioning at the company level, select an
+1. Select **Enable auto-provisioning**.
+1. Optional. If enabling auto-provisioning at the company level, select an
organization for the user.
-6. Select **Enable** to confirm.
+1. Select **Enable** to confirm.
The **Auto-provisioning** column will update to **Enabled**.
@@ -151,8 +151,10 @@ The **Auto-provisioning** column will update to **Enabled**.
To disable auto-provisioning for a user:
-1. Open the [Admin Console](https://app.docker.com/admin).
-2. Select **Domain management** from the left-hand navigation.
-3. Select the **Actions menu** next to your user.
-4. Select **Disable auto-provisioning**.
-5. Select **Disable**.
+1. Sign in to [Docker Home](https://app.docker.com) and select
+your organization. If your organization is part of a company, select the company
+and configure the domain for the organization at the company level.
+1. Select **Admin Console**, then **Domain management**.
+1. Select the **Actions menu** next to your user.
+1. Select **Disable auto-provisioning**.
+1. Select **Disable**.
diff --git a/content/manuals/security/for-admins/hardened-desktop/image-access-management.md b/content/manuals/security/for-admins/hardened-desktop/image-access-management.md
index 8dfaaddf22a..1fd7a4e0505 100644
--- a/content/manuals/security/for-admins/hardened-desktop/image-access-management.md
+++ b/content/manuals/security/for-admins/hardened-desktop/image-access-management.md
@@ -21,6 +21,10 @@ For example, a developer, who is part of an organization, building a new contain
You first need to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to ensure that all Docker Desktop developers authenticate with your organization. Since Image Access Management requires a Docker Business subscription, enforced sign-in guarantees that only authenticated users have access and that the feature consistently takes effect across all users, even though it may still work without enforced sign-in.
+> [!IMPORTANT]
+>
+> You must use [personal access tokens (PATs)](/manuals/security/for-developers/access-tokens.md) with Image Access Management. Organization access tokens (OATs) are not compatible.
+
## Configure
{{< tabs >}}
diff --git a/content/manuals/security/for-admins/hardened-desktop/registry-access-management.md b/content/manuals/security/for-admins/hardened-desktop/registry-access-management.md
index 75f19495490..b708fa8c777 100644
--- a/content/manuals/security/for-admins/hardened-desktop/registry-access-management.md
+++ b/content/manuals/security/for-admins/hardened-desktop/registry-access-management.md
@@ -43,6 +43,10 @@ always authenticate to your organization, even though they can authenticate
without it and the feature will take effect. Enforcing sign-in guarantees the
feature always takes effect.
+> [!IMPORTANT]
+>
+> You must use [personal access tokens (PATs)](/manuals/security/for-developers/access-tokens.md) with Registry Access Management. Organization access tokens (OATs) are not compatible.
+
## Configure Registry Access Management permissions
{{< tabs >}}
diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/compliance-reporting.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/compliance-reporting.md
index 603587407e7..e832f4f101f 100644
--- a/content/manuals/security/for-admins/hardened-desktop/settings-management/compliance-reporting.md
+++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/compliance-reporting.md
@@ -28,9 +28,9 @@ compliance status, and resolving non-compliant users.
> Desktop settings reporting is in Early Access and is being rolled out
> gradually. You may not see this setting in the Admin Console yet.
-1. Sign in to the [Admin Console](https://app.docker.com/admin).
-2. Select your organization or company from the **Choose profile** page.
-3. Under Docker Desktop, select **Reporting**.
+1. Sign in to [Docker Home](https://app.docker.com) and select
+your organization.
+1. Select **Admin Console**, then **Desktop settings reporting**.
This opens the Desktop settings reporting page. From here you can:
@@ -48,15 +48,14 @@ This opens the Desktop settings reporting page. From here you can:
> because older versions can't report compliance. To ensure accurate
> compliance status, users must update to Docker Desktop version 4.40 and later.
-1. Sign in to the [Admin Console](https://app.docker.com/admin).
-2. Select your organization or company from the **Choose profile** page.
-3. Under **Docker Desktop**, select **Reporting**. By default, non-compliant users
-are displayed.
-4. Optional. Select the **Hide compliant users** checkbox to show both compliant
+1. Sign in to [Docker Home](https://app.docker.com) and select
+your organization.
+1. Select **Admin Console**, then **Desktop settings reporting**.
+1. Optional. Select the **Hide compliant users** checkbox to show both compliant
and non-compliant users.
-5. Use the **Search** field to search by username or email address.
-6. Hover over a user’s compliance status indicator to quickly view their status.
-7. Select a username to view more details about their compliance status, and for
+1. Use the **Search** field to search by username or email address.
+1. Hover over a user’s compliance status indicator to quickly view their status.
+1. Select a username to view more details about their compliance status, and for
steps to resolve non-compliant users.
## Understand compliance status
@@ -139,7 +138,7 @@ next to their name on the Desktop settings reporting dashboard. Non-compliant
users must have their compliance status resolved:
1. Select a username from the Desktop settings reporting dashboard.
-2. On the compliance status details page, follow the resolution steps provided
+1. On the compliance status details page, follow the resolution steps provided
to resolve the compliance status.
-3. Refresh the page to ensure the resolution steps resolved the compliance
+1. Refresh the page to ensure the resolution steps resolved the compliance
status.
diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md
index fc9b4f1e009..83559eade56 100644
--- a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md
+++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md
@@ -14,7 +14,7 @@ and secure Docker Desktop environments across your organization.
## Prerequisites
-- [Install Docker Desktop 4.36.0 or later](/manuals/desktop/release-notes.md).
+- [Install Docker Desktop 4.37.0 or later](/manuals/desktop/release-notes.md).
- [Verify your domain](/manuals/security/for-admins/single-sign-on/configure.md#step-one-add-and-verify-your-domain).
- [Enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to
ensure users authenticate to your organization.
@@ -26,18 +26,18 @@ ensure users authenticate to your organization.
## Create a settings policy
-1. Go to the [Docker Admin Console](https://app.docker.com/admin) and select
+1. Sign in to [Docker Home](https://app.docker.com/) and select
your organization.
-2. Under **Docker Desktop**, select **Settings Management**.
-3. Select **Create a settings policy**.
-4. Provide a name and optional description.
+1. Select **Admin Console**, then **Desktop Settings Management**.
+1. Select **Create a settings policy**.
+1. Provide a name and optional description.
> [!TIP]
>
> You can upload an existing `admin-settings.json` file to pre-fill the form.
Admin Console policies override local `admin-settings.json` files.
-5. Choose who the policy applies to:
+1. Choose who the policy applies to:
- All users
- Specific users
@@ -46,7 +46,7 @@ your organization.
> User-specific policies override the global default. Test your policy with
a few users before rolling it out globally.
-6. Configure the state for each setting:
+1. Configure the state for each setting:
- **User-defined**: Users can change the setting.
- **Always enabled**: Setting is on and locked.
- **Enabled**: Setting is on but can be changed.
@@ -57,7 +57,7 @@ your organization.
>
> For a complete list of available settings, their supported platforms, and which configuration methods they work with, see the [Settings reference](settings-reference.md).
-7. Select **Create**.
+1. Select **Create**.
To apply the policy:
diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md
index 1b62e8b6af1..ca2cc9f25a0 100644
--- a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md
+++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md
@@ -301,8 +301,8 @@ quit and reopened.
|Parameter|OS|Description|Version|
|:-------------------------------|---|:-------------------------------|---|
-| `defaultNetworkingMode` | Windows and Mac only | Defines the default IP protocol for new Docker networks: `dual-stack` (IPv4 + IPv6, default), `ipv4only`, or `ipv6only`. | Docker Desktop version 4.42 and later. |
-| `dnsInhibition` | Windows and Mac only | Controls DNS record filtering returned to containers. Options: `auto` (recommended), `ipv4`, `ipv6`, `none`| Docker Desktop version 4.42 and later. |
+| `defaultNetworkingMode` | Windows and Mac only | Defines the default IP protocol for new Docker networks: `dual-stack` (IPv4 + IPv6, default), `ipv4only`, or `ipv6only`. | Docker Desktop version 4.43 and later. |
+| `dnsInhibition` | Windows and Mac only | Controls DNS record filtering returned to containers. Options: `auto` (recommended), `ipv4`, `ipv6`, `none`| Docker Desktop version 4.43 and later. |
For more information, see [Networking](/manuals/desktop/features/networking.md#networking-mode-and-dns-behaviour-for-mac-and-windows).
diff --git a/content/manuals/security/for-admins/provisioning/just-in-time.md b/content/manuals/security/for-admins/provisioning/just-in-time.md
index 597a636ae80..b4709951c94 100644
--- a/content/manuals/security/for-admins/provisioning/just-in-time.md
+++ b/content/manuals/security/for-admins/provisioning/just-in-time.md
@@ -65,7 +65,7 @@ You may want to disable JIT provisioning for reasons such as the following:
Users are provisioned with JIT by default. If you enable SCIM, you can disable JIT:
-1. In the [Admin Console](https://app.docker.com/admin), select your organization.
-2. Select **SSO and SCIM**.
-3. In the SSO connections table, select the **Action** icon and then **Disable JIT provisioning**.
-4. Select **Disable** to confirm.
+1. In [Docker Home](https://app.docker.com/), select your organization.
+1. Select **Admin Console**, then **SSO and SCIM**.
+1. In the SSO connections table, select the **Action** icon and then **Disable JIT provisioning**.
+1. Select **Disable** to confirm.
diff --git a/content/manuals/security/for-admins/single-sign-on/configure.md b/content/manuals/security/for-admins/single-sign-on/configure.md
index 920f321a6cc..eddbd94000b 100644
--- a/content/manuals/security/for-admins/single-sign-on/configure.md
+++ b/content/manuals/security/for-admins/single-sign-on/configure.md
@@ -25,12 +25,13 @@ Get started creating a single sign-on (SSO) connection for your organization or
{{< tabs >}}
{{< tab name="Admin Console" >}}
-1. Sign in to the [Admin Console](https://admin.docker.com/).
-2. Select your organization or company from the **Choose profile** page. Note that when an organization is part of a company, you must select the company and configure the domain for the organization at the company level.
-3. Under **Security and access**, select **Domain management**.
-4. Select **Add a domain**.
-5. Enter your domain in the text box and select **Add domain**.
-6. The pop-up modal will prompt you with steps to verify your domain. Copy the **TXT Record Value**.
+1. Sign in to [Docker Home](https://app.docker.com) and choose your
+organization. Note that when an organization is part of a company, you must
+select the company and configure the domain for the organization at the company level.
+1. Select **Admin Console**, then **Domain management**.
+1. Select **Add a domain**.
+1. Enter your domain in the text box and select **Add domain**.
+1. The pop-up modal will prompt you with steps to verify your domain. Copy the **TXT Record Value**.
{{< /tab >}}
{{< tab name="Docker Hub" >}}
@@ -38,11 +39,11 @@ Get started creating a single sign-on (SSO) connection for your organization or
{{% include "hub-org-management.md" %}}
1. Sign in to [Docker Hub](https://hub.docker.com/).
-2. Select **My Hub** and then your organization from the list.
-3. On your organization page, select **Settings** and then **Security**.
-4. Select **Add a domain**.
-5. Enter your domain in the text box and select **Add domain**.
-6. The pop-up modal will prompt you with steps to verify your domain. Copy the **TXT Record Value**.
+1. Select **My Hub** and then your organization from the list.
+1. On your organization page, select **Settings** and then **Security**.
+1. Select **Add a domain**.
+1. Enter your domain in the text box and select **Add domain**.
+1. The pop-up modal will prompt you with steps to verify your domain. Copy the **TXT Record Value**.
{{< /tab >}}
{{< /tabs >}}
@@ -66,26 +67,26 @@ Use the **TXT Record Value** provided by Docker and follow the steps based on yo
{{< tab name="AWS Route 53" >}}
1. To add your TXT record to AWS, see [Creating records by using the Amazon Route 53 console](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-creating.html).
-2. TXT record verification can take 72 hours. Once you have waited for TXT record verification, return to the **Domain management** page of the [Admin Console](https://app.docker.com/admin) and select **Verify** next to your domain name.
+1. TXT record verification can take 72 hours. Once you have waited for TXT record verification, return to the **Domain management** page of the [Admin Console](https://app.docker.com/admin) and select **Verify** next to your domain name.
{{< /tab >}}
{{< tab name="Google Cloud DNS" >}}
1. To add your TXT record to Google Cloud DNS, see [Verifying your domain with a TXT record](https://cloud.google.com/identity/docs/verify-domain-txt).
-2. TXT record verification can take 72 hours. Once you have waited for TXT record verification, return to the **Domain management** page of the [Admin Console](https://app.docker.com/admin) and select **Verify** next to your domain name.
+1. TXT record verification can take 72 hours. Once you have waited for TXT record verification, return to the **Domain management** page of the [Admin Console](https://app.docker.com/admin) and select **Verify** next to your domain name.
{{< /tab >}}
{{< tab name="GoDaddy" >}}
1. To add your TXT record to GoDaddy, see [Add a TXT record](https://www.godaddy.com/help/add-a-txt-record-19232).
-2. TXT record verification can take 72 hours. Once you have waited for TXT record verification, return to the **Domain management** page of the [Admin Console](https://app.docker.com/admin) and select **Verify** next to your domain name.
+1. TXT record verification can take 72 hours. Once you have waited for TXT record verification, return to the **Domain management** page of the [Admin Console](https://app.docker.com/admin) and select **Verify** next to your domain name.
{{< /tab >}}
{{< tab name="Other providers" >}}
1. Sign in to your domain host.
-2. Add a TXT record to your DNS settings and save the record.
-3. TXT record verification can take 72 hours. Once you have waited for TXT record verification, return to the **Domain management** page of the [Admin Console](https://app.docker.com/admin) and select **Verify** next to your domain name.
+1. Add a TXT record to your DNS settings and save the record.
+1. TXT record verification can take 72 hours. Once you have waited for TXT record verification, return to the **Domain management** page of the [Admin Console](https://app.docker.com/admin) and select **Verify** next to your domain name.
{{< /tab >}}
{{< /tabs >}}
diff --git a/content/manuals/security/for-admins/single-sign-on/connect.md b/content/manuals/security/for-admins/single-sign-on/connect.md
index 04041c66d0e..5c2ac8be318 100644
--- a/content/manuals/security/for-admins/single-sign-on/connect.md
+++ b/content/manuals/security/for-admins/single-sign-on/connect.md
@@ -30,15 +30,16 @@ Make sure you have completed the following before you begin:
{{< tabs >}}
{{< tab name="Admin Console" >}}
-1. Sign in to the [Admin Console](https://admin.docker.com/).
-2. Select your organization or company from the **Choose profile** page. Note that when an organization is part of a company, you must select the company and configure the domain for the organization at the company level.
-3. Under Security and access, select **SSO and SCIM**.
-4. Select **Create Connection** and provide a name for the connection.
-5. Select an authentication method, **SAML** or **Azure AD (OIDC)**.
-6. Copy the following fields to add to your IdP:
+1. Sign in to [Docker Home](https://app.docker.com) and choose your
+organization. Note that when an organization is part of a company, you must
+select the company and configure the domain for the organization at the company level.
+1. Select **Admin Console**, then **SSO and SCIM**.
+1. Select **Create Connection** and provide a name for the connection.
+1. Select an authentication method, **SAML** or **Azure AD (OIDC)**.
+1. Copy the following fields to add to your IdP:
- Okta SAML: **Entity ID**, **ACS URL**
- Azure OIDC: **Redirect URL**
-7. Keep this window open so you can paste the connection information from your IdP here at the end of this guide.
+1. Keep this window open so you can paste the connection information from your IdP here at the end of this guide.
{{< /tab >}}
{{< tab name="Docker Hub" >}}
@@ -46,14 +47,14 @@ Make sure you have completed the following before you begin:
{{% include "hub-org-management.md" %}}
1. Sign in to Docker Hub.
-2. Select **My Hub** and then your organization from the list.
-3. On your organization page, select **Settings** and then **Security**.
-4. In the SSO connection table, select **Create Connection** and provide a name for the connection.
-5. Select an authentication method, **SAML** or **Azure AD (OIDC)**.
-6. Copy the following fields to add to your IdP:
+1. Select **My Hub** and then your organization from the list.
+1. On your organization page, select **Settings** and then **Security**.
+1. In the SSO connection table, select **Create Connection** and provide a name for the connection.
+1. Select an authentication method, **SAML** or **Azure AD (OIDC)**.
+1. Copy the following fields to add to your IdP:
- Okta SAML: **Entity ID**, **ACS URL**
- Azure OIDC: **Redirect URL**
-7. Keep this window open so you can paste the connection information from your IdP here at the end of this guide.
+1. Keep this window open so you can paste the connection information from your IdP here at the end of this guide.
{{< /tab >}}
{{< /tabs >}}
@@ -66,40 +67,40 @@ The user interface for your IdP may differ slightly from the following steps. Re
{{< tab name="Okta SAML" >}}
1. Sign in to your Okta account.
-2. Select **Admin** to open the Okta Admin portal.
-3. From the left-hand navigation, select **Administration**.
-4. Select **Administration** and then **Create App Integration**.
-5. Select **SAML 2.0** and then **Next**.
-6. Enter "Docker Hub" as your **App Name**.
-7. Optional. Upload a logo.
-8. Select **Next**.
-9. Enter the following values from Docker into their corresponding Okta fields:
+1. Select **Admin** to open the Okta Admin portal.
+1. From the left-hand navigation, select **Administration**.
+1. Select **Administration** and then **Create App Integration**.
+1. Select **SAML 2.0** and then **Next**.
+1. Enter "Docker Hub" as your **App Name**.
+1. Optional. Upload a logo.
+1. Select **Next**.
+1. Enter the following values from Docker into their corresponding Okta fields:
- Docker ACS URL: **Single Sign On URL**
- Docker Entity ID: **Audience URI (SP Entity ID)**
-10. Configure the following settings in Okta:
+1. Configure the following settings in Okta:
- Name ID format: `EmailAddress`
- Application username: `Email`
- Update application on: `Create and update`
-11. Optional. Add SAML attributes. See [SSO attributes](/manuals/security/for-admins/provisioning/_index.md#sso-attributes) for a table of SSO attributes.
-12. Select **Next**.
-13. Select the **This is an internal app that we have created** checkbox.
-14. Select **Finish**.
+1. Optional. Add SAML attributes. See [SSO attributes](/manuals/security/for-admins/provisioning/_index.md#sso-attributes) for a table of SSO attributes.
+1. Select **Next**.
+1. Select the **This is an internal app that we have created** checkbox.
+1. Select **Finish**.
{{< /tab >}}
{{< tab name="Entra ID SAML 2.0" >}}
1. Sign in to your Azure AD admin portal.
-2. Select **Default Directory** and then **Add**.
-3. Choose **Enterprise Application** and select **Create your own application**.
-4. Enter "Docker" for application name and select the **non-gallery** option.
-5. After the application is created, go to **Single Sign-On** and select **SAML**.
-6. Select **Edit** on the **Basic SAML configuration** section.
-7. Enter the following values from Docker into their corresponding Azure fields:
+1. Select **Default Directory** and then **Add**.
+1. Choose **Enterprise Application** and select **Create your own application**.
+1. Enter "Docker" for application name and select the **non-gallery** option.
+1. After the application is created, go to **Single Sign-On** and select **SAML**.
+1. Select **Edit** on the **Basic SAML configuration** section.
+1. Enter the following values from Docker into their corresponding Azure fields:
- Docker Entity ID: **Identifier**
- Docker ACS URL: **Reply URL**
-8. Optional. Add SAML attributes. See [SSO attributes](/manuals/security/for-admins/provisioning/_index.md#sso-attributes) for a table of SSO attributes.
-9. Save configuration.
-10. From the **SAML Signing Certificate** section, download your **Certificate (Base64)**.
+1. Optional. Add SAML attributes. See [SSO attributes](/manuals/security/for-admins/provisioning/_index.md#sso-attributes) for a table of SSO attributes.
+1. Save configuration.
+1. From the **SAML Signing Certificate** section, download your **Certificate (Base64)**.
{{< /tab >}}
{{< tab name="Azure Connect (OIDC)" >}}
@@ -109,30 +110,30 @@ To create an Azure Connect (OIDC) connection, you must create an app registratio
### Create app registration
1. Sign in to your Azure AD admin portal.
-2. Select **App Registration** and then **New Registration**.
-3. Enter "Docker Hub SSO" or similar for application name.
-4. Under **Supported account types**, specify who can use this application or access the app.
-5. In the **Redirect URI** section, select **Web** from the drop-down menu and paste the **Redirect URI** value from the Docker console into this field.
-6. Select **Register** to register the app.
-7. Copy the **Client ID** from the app's overview page. You need this information to continue configuring SSO in Docker.
+1. Select **App Registration** and then **New Registration**.
+1. Enter "Docker Hub SSO" or similar for application name.
+1. Under **Supported account types**, specify who can use this application or access the app.
+1. In the **Redirect URI** section, select **Web** from the drop-down menu and paste the **Redirect URI** value from the Docker console into this field.
+1. Select **Register** to register the app.
+1. Copy the **Client ID** from the app's overview page. You need this information to continue configuring SSO in Docker.
### Create client secrets
1. Open your app in Azure AD and select **Certificates & secrets**.
-2. Select **+ New client secret**.
-3. Specify the description of the secret and set how long keys can be used.
-4. Select **Add** to continue.
-5. Copy the secret **Value** field. You need this to continue configuring SSO in Docker.
+1. Select **+ New client secret**.
+1. Specify the description of the secret and set how long keys can be used.
+1. Select **Add** to continue.
+1. Copy the secret **Value** field. You need this to continue configuring SSO in Docker.
### Configure API permissions
1. Open your app in Azure AD and navigate to your app settings.
-2. Select **API permission** and then **Grant admin consent for [your tenant name]**.
-3. Select **Yes** to confirm.
-4. After confirming, select **Add a permission** and then **Delegated permissions**.
-5. Search for `User.Read` and select this option.
-6. Select **Add permissions** to confirm.
-7. Verify admin consent was granted for each permission by checking the **Status** column.
+1. Select **API permission** and then **Grant admin consent for [your tenant name]**.
+1. Select **Yes** to confirm.
+1. After confirming, select **Add a permission** and then **Delegated permissions**.
+1. Search for `User.Read` and select this option.
+1. Select **Add permissions** to confirm.
+1. Verify admin consent was granted for each permission by checking the **Status** column.
{{< /tab >}}
{{< /tabs >}}
@@ -145,7 +146,7 @@ After creating your connection in Docker and your IdP, you can cross-connect the
{{< tab name="Okta SAML" >}}
1. Open your app you created in Okta and select **View SAML setup instructions**.
-2. Copy the following values from the Okta SAML setup instruction page:
+1. Copy the following values from the Okta SAML setup instruction page:
- **SAML Sign-in URL**
- **x509 Certificate**
@@ -154,19 +155,19 @@ After creating your connection in Docker and your IdP, you can cross-connect the
> You must copy the entire contents of your **x509 Certificate**,
including the `----BEGIN CERTIFICATE----` and `----END CERTIFICATE----` lines.
-3. Open Docker Hub or the Admin Console. Your SSO configuration page should still be open from Step one of this guide.
-4. Select **Next** to open the **Update single-sign on connection** page.
-5. Paste your Okta **SAML Sign-in URL** and **x509 Certificate** values in Docker.
-6. Select **Next**.
-7. Optional. Select a default team to provision users to and select **Next**.
-8. Verify your SSO connection details and select **Create Connection**.
+1. Open Docker Hub or the Admin Console. Your SSO configuration page should still be open from Step one of this guide.
+1. Select **Next** to open the **Update single-sign on connection** page.
+1. Paste your Okta **SAML Sign-in URL** and **x509 Certificate** values in Docker.
+1. Select **Next**.
+1. Optional. Select a default team to provision users to and select **Next**.
+1. Verify your SSO connection details and select **Create Connection**.
{{< /tab >}}
{{< tab name="Entra ID SAML 2.0" >}}
1. Open your app in Azure AD.
-2. Open your downloaded **Certificate (Base64)** in a text editor.
-3. Copy the following values:
+1. Open your downloaded **Certificate (Base64)** in a text editor.
+1. Copy the following values:
- From Azure AD: **Login URL**
- Copy the contents of your **Certificate (Base64)** file from your text editor
@@ -175,23 +176,23 @@ After creating your connection in Docker and your IdP, you can cross-connect the
> You must copy the entire contents of your **Certificate (base64)**,
including the `----BEGIN CERTIFICATE----` and `----END CERTIFICATE----` lines.
-4. Open Docker Hub or the Admin Console. Your SSO configuration page should still be open from Step one of this guide.
-5. Paste your **Login URL** and **Certificate (Base64)** values in Docker.
-6. Select **Next**.
-7. Optional. Select a default team to provision users to and select **Next**.
-8. Verify your SSO connection details and select **Create Connection**.
+1. Open Docker Hub or the Admin Console. Your SSO configuration page should still be open from Step one of this guide.
+1. Paste your **Login URL** and **Certificate (Base64)** values in Docker.
+1. Select **Next**.
+1. Optional. Select a default team to provision users to and select **Next**.
+1. Verify your SSO connection details and select **Create Connection**.
{{< /tab >}}
{{< tab name="Azure Connect (OIDC)" >}}
1. Open Docker Hub or the Admin Console. Your SSO configuration page should still be open from Step one of this guide.
-2. Paste the following values from Azure AD in to Docker:
+1. Paste the following values from Azure AD in to Docker:
- **Client ID**
- **Client Secret**
- **Azure AD Domain**
-3. Select **Next**.
-4. Optional. Select a default team to provision users to and select **Next**.
-5. Verify your SSO connection details and select **Create Connection**.
+1. Select **Next**.
+1. Optional. Select a default team to provision users to and select **Next**.
+1. Verify your SSO connection details and select **Create Connection**.
{{< /tab >}}
{{< /tabs >}}
@@ -201,9 +202,9 @@ After creating your connection in Docker and your IdP, you can cross-connect the
After you've completed the SSO connection process in Docker, we recommend testing it:
1. Open an incognito browser.
-2. Sign in to the Admin Console using your **domain email address**.
-3. The browser will redirect to your identity provider's sign in page to authenticate. If you have [multiple IdPs](#optional-configure-multiple-idps), choose the sign sign-in option **Continue with SSO**.
-4. Authenticate through your domain email instead of using your Docker ID.
+1. Sign in to the Admin Console using your **domain email address**.
+1. The browser will redirect to your identity provider's sign in page to authenticate. If you have [multiple IdPs](#optional-configure-multiple-idps), choose the sign sign-in option **Continue with SSO**.
+1. Authenticate through your domain email instead of using your Docker ID.
You can also test your SSO connection through the command-line interface (CLI). If you want to test through the CLI, your users must have a personal access token (PAT).
@@ -221,12 +222,12 @@ When a user signs in to a Docker organization that has multiple IdPs, on the sig
Enforcing SSO requires users to use SSO when signing into Docker. This centralizes authentication and enforces policies set by the IdP.
-1. Sign in to the [Admin Console](https://admin.docker.com/).
-2. Select your organization or company from the **Choose profile** page. Note that when an organization is part of a company, you must select the company and configure the domain for the organization at the company level.
-3. Under Security and access, select **SSO and SCIM**.
-4. In the SSO connections table, select the **Action** icon and then **Enable enforcement**. When SSO is enforced, your users are unable to modify their email address and password, convert a user account to an organization, or set up 2FA through Docker Hub. If you want to use 2FA, you must enable 2FA through your IdP.
-5. Continue with the on-screen instructions and verify you've completed all tasks.
-6. Select **Turn on enforcement** to complete.
+1. Sign in to [Docker Home](https://app.docker.com/) and select
+your organization. Note that when an organization is part of a company, you must select the company and configure the domain for the organization at the company level.
+1. Select **Admin Console**, then **SSO and SCIM**.
+1. In the SSO connections table, select the **Action** icon and then **Enable enforcement**. When SSO is enforced, your users are unable to modify their email address and password, convert a user account to an organization, or set up 2FA through Docker Hub. If you want to use 2FA, you must enable 2FA through your IdP.
+1. Continue with the on-screen instructions and verify you've completed all tasks.
+1. Select **Turn on enforcement** to complete.
Your users must now sign in to Docker with SSO.
diff --git a/content/manuals/security/for-admins/single-sign-on/manage.md b/content/manuals/security/for-admins/single-sign-on/manage.md
index 4c188a3e5ea..3b796faea43 100644
--- a/content/manuals/security/for-admins/single-sign-on/manage.md
+++ b/content/manuals/security/for-admins/single-sign-on/manage.md
@@ -70,19 +70,21 @@ aliases:
To add a guest that isn't verified through your IdP:
-1. Sign in to the [Admin Console](https://app.docker.com/admin).
-2. Select your organization or company from the **Choose profile** page, then select **Members**.
-3. Select **Invite**.
-4. Follow the on-screen instructions to invite the user.
+1. Sign in to [Docker Home](https://app.docker.com/) and select
+your organization.
+1. Select **Admin Console**, then **Members**.
+1. Select **Invite**.
+1. Follow the on-screen instructions to invite the user.
### Remove users from the SSO company
To remove a user:
-1. Sign in to [Admin Console](https://app.docker.com/admin).
-2. Select your organization or company from the **Choose profile** page, then select **Members**.
-3. Select the action icon next to a user’s name, and then select **Remove member**, if you're an organization, or **Remove user**, if you're a company.
-4. Follow the on-screen instructions to remove the user.
+1. Sign in to [Docker Home](https://app.docker.com/) and select
+your organization.
+1. Select **Admin Console**, then **Members**.
+1. Select the action icon next to a user’s name, and then select **Remove member**, if you're an organization, or **Remove user**, if you're a company.
+1. Follow the on-screen instructions to remove the user.
## Manage provisioning
diff --git a/content/manuals/security/for-developers/access-tokens.md b/content/manuals/security/for-developers/access-tokens.md
index 1c61509edfd..6ba1d0a23ab 100644
--- a/content/manuals/security/for-developers/access-tokens.md
+++ b/content/manuals/security/for-developers/access-tokens.md
@@ -25,25 +25,18 @@ any time.
Use the Docker Admin Console to create an access token.
-1. Sign in to your [Docker account](https://app.docker.com/login).
-
-2. Select your avatar in the top-right corner and from the drop-down menu select **Account settings**.
-
-3. Select **Personal access tokens**.
-
-4. Select **Generate new token**.
-
-5. Add a description for your token. Use something that indicates the use case or purpose of the token.
-
-6. Select the expiration date for the token.
-
-7. Set the access permissions.
+1. Sign in to [Docker Home](https://app.docker.com/).
+1. Select your avatar in the top-right corner and from the drop-down menu select **Account settings**.
+1. Select **Personal access tokens**.
+1. Select **Generate new token**.
+1. Add a description for your token. Use something that indicates the use case or purpose of the token.
+1. Select the expiration date for the token.
+1. Set the access permissions.
The access permissions are scopes that set restrictions in your
repositories. For example, for Read & Write permissions, an automation
pipeline can build an image and then push it to a repository. However, it
can't delete the repository.
-
-8. Select **Generate** and then copy the token that appears on the screen and save it. You won't be able to retrieve the token once you close this prompt.
+1. Select **Generate** and then copy the token that appears on the screen and save it. You won't be able to retrieve the token once you close this prompt.
## Use an access token
@@ -75,21 +68,17 @@ When utilizing PATs, users should be aware that excessive creation of PATs could
You can rename, activate, deactivate, or delete a token as needed. You can manage your tokens in your account settings.
-1. Sign in to your [Docker account](https://app.docker.com/login).
-
-2. Select your avatar in the top-right corner and from the drop-down menu select **Account settings**.
-
-3. Select **Personal access tokens**.
+1. Sign in to [Docker Home](https://app.docker.com/login).
+1. Select your avatar in the top-right corner and from the drop-down menu select **Account settings**.
+1. Select **Personal access tokens**.
This page shows an overview of all your
tokens, and lists if the token was generated manually or if it was
[auto-generated](#auto-generated-tokens). You can also view the scope of the
tokens, which tokens are activate and inactive, when they were created, when
they were last used, and their expiration date.
-
-4. Select the actions menu on the far right of a token row, then select **Deactivate** or **Activate**, **Edit**, or **Delete** to modify the token.
-
-5. After editing the token, select **Save token**.
+1. Select the actions menu on the far right of a token row, then select **Deactivate** or **Activate**, **Edit**, or **Delete** to modify the token.
+1. After editing the token, select **Save token**.
## Auto-generated tokens
diff --git a/content/manuals/security/troubleshoot/troubleshoot-provisioning.md b/content/manuals/security/troubleshoot/troubleshoot-provisioning.md
index b4f73262160..5ed009d084a 100644
--- a/content/manuals/security/troubleshoot/troubleshoot-provisioning.md
+++ b/content/manuals/security/troubleshoot/troubleshoot-provisioning.md
@@ -43,8 +43,8 @@ assignment does not reflect changes.
#### Disable JIT provisioning (recommended)
-1. Sign in to the Docker [Admin Console](https://app.docker.com/admin).
-1. Go to your organization's **Settings** > **Security** > **SSO and SCIM**.
+1. Sign in to [Docker Home](https://app.docker.com/).
+1. Select **Admin Console**, then **SSO and SCIM**.
1. Find the relevant SSO connection.
1. Select the **actions menu** and choose **Edit**.
1. Disable **Just-in-Time provisioning**.
diff --git a/content/manuals/security/troubleshoot/troubleshoot-sso.md b/content/manuals/security/troubleshoot/troubleshoot-sso.md
index ceae9fea46c..1804dd3df2b 100644
--- a/content/manuals/security/troubleshoot/troubleshoot-sso.md
+++ b/content/manuals/security/troubleshoot/troubleshoot-sso.md
@@ -19,11 +19,11 @@ If you experience issues with SSO, check both the Docker Admin Console and your
### Check Docker error logs
-1. Sign in to the [Admin Console](https://app.docker.com/admin/) and select your organization.
-2. Select **SSO and SCIM**.
-3. In the SSO connections table, select the **Action** menu and then **View error logs**.
-4. For more details on specific errors, select **View error details** next to an error message.
-5. Note any errors you see on this page for further troubleshooting.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your organization.
+1. Select **Admin Console**, then **SSO and SCIM**.
+1. In the SSO connections table, select the **Action** menu and then **View error logs**.
+1. For more details on specific errors, select **View error details** next to an error message.
+1. Note any errors you see on this page for further troubleshooting.
### Check for errors in your IdP
@@ -92,10 +92,10 @@ User '$username' is not assigned to this SSO organization. Contact your administ
JIT is enabled by default when you enable SSO. If you have JIT disabled and need
to re-enable it:
-1. Sign in to the [Admin Console](https://app.docker.com/admin) and select your organization.
-2. Select **SSO and SCIM**.
-3. In the SSO connections table, select the **Action** menu and then **Enable JIT provisioning**.
-4. Select **Enable** to confirm.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your organization.
+1. Select **Admin Console**, then **SSO and SCIM**.
+1. In the SSO connections table, select the **Action** menu and then **Enable JIT provisioning**.
+1. Select **Enable** to confirm.
**Manually invite users**
@@ -106,14 +106,14 @@ To manually invite users, see [Invite members](/manuals/admin/organization/membe
If you have SCIM enabled, troubleshoot your SCIM connection using the following steps:
-1. Sign in to the [Admin Console](https://app.docker.com/admin) and select your organization.
-2. Select **SSO and SCIM**.
-3. In the SSO connections table, select the **Action** menu and then **View error logs**. For more details on specific errors, select **View error details** next to an error message. Note any errors you see on this page.
-4. Navigate back to the **SSO and SCIM** page of the Admin Console and verify your SCIM configuration:
+1. Sign in to [Docker Home](https://app.docker.com/) and select your organization.
+1. Select **Admin Console**, then **SSO and SCIM**.
+1. In the SSO connections table, select the **Action** menu and then **View error logs**. For more details on specific errors, select **View error details** next to an error message. Note any errors you see on this page.
+1. Navigate back to the **SSO and SCIM** page of the Admin Console and verify your SCIM configuration:
- Ensure that the SCIM Base URL and API Token in your IdP match those provided in the Docker Admin Console.
- Verify that SCIM is enabled in both Docker and your IdP.
-5. Ensure that the attributes being synced from your IdP match Docker's [supported attributes](/manuals/security/for-admins/provisioning/scim.md#supported-attributes) for SCIM.
-6. Test user provisioning by trying to provision a test user through your IdP and verify if they appear in Docker.
+1. Ensure that the attributes being synced from your IdP match Docker's [supported attributes](/manuals/security/for-admins/provisioning/scim.md#supported-attributes) for SCIM.
+1. Test user provisioning by trying to provision a test user through your IdP and verify if they appear in Docker.
## IdP-initiated sign in is not enabled for connection
diff --git a/content/manuals/subscription/change.md b/content/manuals/subscription/change.md
index 5acad663862..6d9518a3659 100644
--- a/content/manuals/subscription/change.md
+++ b/content/manuals/subscription/change.md
@@ -40,12 +40,12 @@ When you upgrade a Docker subscription, you immediately have access to all the f
To upgrade your Docker subscription:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. Optional. If you're upgrading from a free Personal subscription to a Team subscription and want to keep your username, [convert your user account into an organization](../admin/organization/convert-account.md).
-4. Select the account you want to upgrade in the drop-down at the top-left of the page.
-5. Select **Upgrade**.
-6. Follow the on-screen instructions to complete your upgrade.
+1. Sign in to [Docker Home](https://app.docker.com/) and select the organization
+you want to upgrade.
+1. Select **Billing**.
+1. Optional. If you're upgrading from a free Personal subscription to a Team subscription and want to keep your username, [convert your user account into an organization](../admin/organization/convert-account.md).
+1. Select **Upgrade**.
+1. Follow the on-screen instructions to complete your upgrade.
> [!NOTE]
>
@@ -82,11 +82,11 @@ If you have a [sales-assisted Docker Business subscription](details.md#sales-ass
To downgrade your Docker subscription:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. Select the account you want to downgrade in the drop-down at the top-left of the page.
-4. Select the action icon and then **Cancel subscription**.
-5. Fill out the feedback survey to continue with cancellation.
+1. Sign in to [Docker Home](https://app.docker.com/) and select
+the organization you want to downgrade.
+1. Select **Billing**.
+1. Select the action icon and then **Cancel subscription**.
+1. Fill out the feedback survey to continue with cancellation.
{{< /tab >}}
{{< tab name="Legacy Docker subscription" >}}
@@ -97,20 +97,20 @@ If you have a [sales-assisted Docker Business subscription](details.md#sales-ass
To downgrade your legacy Docker subscription:
-1. Sign in to [Docker Hub Billing](https://hub.docker.com/billing).
-2. Select the account you want to downgrade in the drop-down at the top-left of the page.
-3. Select the link to **Manage this account on Docker Hub**.
-4. In the plan section, select **Change plan**.
-5. Follow the on-screen instructions to complete your downgrade.
+1. Sign in to [Docker Hub](https://hub.docker.com/billing).
+1. Select the organization you want to downgrade, then select **Billing**.
+1. To downgrade, you must navigate to the upgrade plan page. Select **Upgrade**.
+1. On the upgrade page, select **Downgrade** in the **Free Team** plan card.
+1. Follow the on-screen instructions to complete your downgrade.
### Downgrade Docker Build Cloud subscription
To downgrade your Docker Build Cloud subscription:
-1. Sign in to [Docker Home](https://app.docker.com) and open **Docker Build Cloud**.
-2. Select **Account settings**, then **Downgrade**.
-3. To confirm your downgrade, type **DOWNGRADE** in the text field and select **Yes, continue**.
-4. The account settings page will update with a notification bar notifying you of your downgrade date (start of next billing cycle).
+1. Sign in to [Docker Home](https://app.docker.com) and select **Build Cloud**.
+1. Select **Account settings**, then **Downgrade**.
+1. To confirm your downgrade, type **DOWNGRADE** in the text field and select **Yes, continue**.
+1. The account settings page will update with a notification bar notifying you of your downgrade date (start of next billing cycle).
{{< /tab >}}
{{< /tabs >}}
diff --git a/content/manuals/subscription/manage-seats.md b/content/manuals/subscription/manage-seats.md
index 66082bb2034..dfa6410478b 100644
--- a/content/manuals/subscription/manage-seats.md
+++ b/content/manuals/subscription/manage-seats.md
@@ -30,11 +30,11 @@ When you add seats to your subscription in the middle of your billing cycle, you
To add seats to your subscription:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. Select your account from the drop-down menu in the top-left.
-4. Select **Add seats**.
-5. Follow the on-screen instructions to complete adding seats.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Billing**.
+1. Select **Add seats** and follow the on-screen instructions to complete
+adding seats.
> [!NOTE]
>
@@ -53,15 +53,15 @@ You can now add more members to your organization. For more information, see [Ma
### Add seats to Legacy Docker subscription
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select your avatar in the top-left, and select **Billing** from the drop-down menu.
-3. On the Billing page, select **Add seats**.
-4. Select the number of seats you want to add, then select **Purchase**.
+1. Select your organization, then select **Billing**.
+1. On the Billing page, select **Add seats**.
+1. Select the number of seats you want to add, then select **Purchase**.
### Add seats to Docker Build Cloud
-1. Sign in to Docker Build Cloud.
-2. Select **Account settings**, then **Add seats**.
-3. Select the number of seats you want to add, then select **Add seats**.
+1. Sign in to [Docker Home](https://app.docker.com) and select **Build Cloud**.
+1. Select **Account settings**, then **Add seats**.
+1. Select the number of seats you want to add, then select **Add seats**.
{{< /tab >}}
{{< /tabs >}}
@@ -87,11 +87,11 @@ For example, if you receive your billing on the 8th of every month for 10 seats
To remove seats:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. Select your account from the drop-down menu in the top-left.
-4. Select the action icon and then select **Remove seats**.
-5. Follow the on-screen instructions to complete removing seats.
+1. Sign in to [Docker Home](https://app.docker.com/) and select your
+organization.
+1. Select **Billing**.
+1. In the **Seats** row, select the action icon, then **Remove seats**.
+1. Follow the on-screen instructions to complete removing seats.
You can cancel the removal of seats before your next billing cycle. To do so, select **Cancel change**.
@@ -105,15 +105,15 @@ You can cancel the removal of seats before your next billing cycle. To do so, se
### Remove seats from Legacy Docker subscription
1. Sign in to [Docker Hub](https://hub.docker.com).
-2. Select your avatar in the top-left, and select **Billing** from the drop-down menu.
-3. On the Billing page, select **Remove seats**.
-4. Follow the on-screen instructions to complete removing seats.
+1. Select your organization, then select **Billing**.
+1. On the Billing page, select **Remove seats**.
+1. Follow the on-screen instructions to complete removing seats.
### Remove seats from Docker Build Cloud
-1. Sign in to [Docker Build Cloud](https://app.docker.com/build).
-2. Select **Account settings**, then **Remove seats**.
-3. Follow the on-screen instructions to complete removing seats.
+1. Sign in to [Docker Home](https://app.docker.com) and select **Build Cloud**.
+1. Select **Account settings**, then **Remove seats**.
+1. Follow the on-screen instructions to complete removing seats.
{{< /tab >}}
{{< /tabs >}}
\ No newline at end of file
diff --git a/content/manuals/subscription/scale.md b/content/manuals/subscription/scale.md
index 1c2691f058c..5e73e79c97b 100644
--- a/content/manuals/subscription/scale.md
+++ b/content/manuals/subscription/scale.md
@@ -48,14 +48,13 @@ subscription period.
You can pre-purchase Docker Build Cloud build minutes in the Docker Build Cloud Dashboard:
-1. Sign in to [Docker Home](https://app.docker.com/).
-2. Under Settings and administration, select **Billing**.
-3. On the plan and usage page, select **View build minutes**.
- This will launch the Docker Build Cloud settings page.
-4. Select **Add minutes**.
-5. Select your additional minute amount, then **Continue to payment**.
-6. Enter your payment details and billing address.
-7. Review your order and select **Pay**.
+1. Sign in to [Docker Home](https://app.docker.com/) and choose
+your organization.
+1. Select **Build Cloud**, then **Build minutes**.
+1. Select **Add prepaid minutes**.
+1. Select your additional minute amount, then **Continue to payment**.
+1. Enter your payment details and billing address.
+1. Review your order and select **Pay**.
Your additional minutes will now display on the Build minutes page.
diff --git a/content/reference/api/engine/_index.md b/content/reference/api/engine/_index.md
index 2219a517ba4..57522ef802f 100644
--- a/content/reference/api/engine/_index.md
+++ b/content/reference/api/engine/_index.md
@@ -73,22 +73,22 @@ To see the highest version of the API your Docker daemon and client support, use
```console
$ docker version
Client: Docker Engine - Community
- Version: 28.2.2
- API version: 1.50
- Go version: go1.24.3
- Git commit: e6534b4
- Built: Fri May 30 12:07:29 2025
- OS/Arch: linux/arm64
+ Version: 28.3.0
+ API version: 1.51
+ Go version: go1.24.4
+ Git commit: 38b7060
+ Built: Tue Jun 24 15:44:12 2025
+ OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
- Version: 28.2.2
- API version: 1.50 (minimum version 1.24)
- Go version: go1.24.3
- Git commit: 45873be
- Built: Fri May 30 12:07:29 2025
- OS/Arch: linux/arm64
+ Version: 28.3.0
+ API version: 1.51 (minimum version 1.24)
+ Go version: go1.24.4
+ Git commit: 265f709
+ Built: Tue Jun 24 15:44:12 2025
+ OS/Arch: linux/amd64
...
```
diff --git a/content/reference/api/engine/version/v1.50.md b/content/reference/api/engine/version/v1.50.md
index 482e65f99ba..eb6246ccb9b 100644
--- a/content/reference/api/engine/version/v1.50.md
+++ b/content/reference/api/engine/version/v1.50.md
@@ -3,6 +3,4 @@ linkTitle: v1.50
title: Docker Engine API v1.50 reference
aliases:
- /engine/api/v1.50/
- - /engine/api/latest/
- - /reference/api/engine/latest/
---
diff --git a/content/reference/api/engine/version/v1.51.md b/content/reference/api/engine/version/v1.51.md
new file mode 100644
index 00000000000..0979800382c
--- /dev/null
+++ b/content/reference/api/engine/version/v1.51.md
@@ -0,0 +1,8 @@
+---
+linkTitle: v1.51
+title: Docker Engine API v1.51 reference
+aliases:
+ - /engine/api/v1.51/
+ - /engine/api/latest/
+ - /reference/api/engine/latest/
+---
diff --git a/content/reference/api/hub/latest.yaml b/content/reference/api/hub/latest.yaml
index ab325399f64..681870cc93d 100644
--- a/content/reference/api/hub/latest.yaml
+++ b/content/reference/api/hub/latest.yaml
@@ -40,9 +40,9 @@ tags:
- `X-RateLimit-Remaining` - The remaining amount of calls within the limit period.
- `X-RateLimit-Reset` - The unix timestamp of when the remaining resets.
- If you have hit the limit, you will receive a response status of `429` and the `X-Retry-After` header in the response.
+ If you have hit the limit, you will receive a response status of `429` and the `Retry-After` header in the response.
- The `X-Retry-After` header is a unix timestamp of when you can call the API again.
+ The [`Retry-After` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Retry-After) specifies the number of seconds to wait until you can call the API again.
**Note**: These rate limits are separate from anti-abuse and Docker Hub download, or pull rate limiting.
To learn more about Docker Hub pull rate limiting, see [Usage and limits](https://docs.docker.com/docker-hub/usage/).
diff --git a/content/reference/cli/docker/compose/alpha/publish.md b/content/reference/cli/docker/compose/publish.md
similarity index 64%
rename from content/reference/cli/docker/compose/alpha/publish.md
rename to content/reference/cli/docker/compose/publish.md
index 34d71356872..78673b8020b 100644
--- a/content/reference/cli/docker/compose/alpha/publish.md
+++ b/content/reference/cli/docker/compose/publish.md
@@ -1,10 +1,11 @@
---
datafolder: compose-cli
-datafile: docker_compose_alpha_publish
-title: docker compose alpha publish
+datafile: docker_compose_publish
+title: docker compose publish
layout: cli
aliases:
-- /engine/reference/commandline/compose_alpha_publish/
+ - /reference/cli/docker/compose/alpha/publish/
+ - /engine/reference/commandline/compose_alpha_publish/
---
+-->
\ No newline at end of file
diff --git a/data/summary.yaml b/data/summary.yaml
index c3fa29f2866..93439255393 100644
--- a/data/summary.yaml
+++ b/data/summary.yaml
@@ -173,9 +173,6 @@ Docker Scout health scores:
availability: Beta
Docker Scout Mount Permissions:
requires: Docker Desktop [4.34.0](/manuals/desktop/release-notes.md#4340) and later
-Domain audit:
- subscription: [Business]
- for: Administrators
Domain management:
subscription: [Business]
for: Administrators
diff --git a/go.mod b/go.mod
index debdb6db4b6..4f019469abd 100644
--- a/go.mod
+++ b/go.mod
@@ -3,21 +3,21 @@ module github.com/docker/docs
go 1.24.0
require (
- github.com/docker/buildx v0.24.0 // indirect
- github.com/docker/cli v28.2.2+incompatible // indirect
- github.com/docker/compose/v2 v2.37.2 // indirect
+ github.com/docker/buildx v0.25.0 // indirect
+ github.com/docker/cli v28.3.0+incompatible // indirect
+ github.com/docker/compose/v2 v2.37.3 // indirect
github.com/docker/model-cli v0.1.26-0.20250527144806-15d0078a3c01 // indirect
github.com/docker/scout-cli v1.15.0 // indirect
- github.com/moby/buildkit v0.22.0 // indirect
- github.com/moby/moby v28.2.1+incompatible // indirect
+ github.com/moby/buildkit v0.23.1 // indirect
+ github.com/moby/moby v28.3.0+incompatible // indirect
)
replace (
github.com/docker/buildx => github.com/docker/buildx v0.24.0
- github.com/docker/cli => github.com/docker/cli v28.2.1+incompatible
- github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.37.1
+ github.com/docker/cli => github.com/docker/cli v28.3.0+incompatible
+ github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.37.3
github.com/docker/model-cli => github.com/docker/model-cli v0.1.26-0.20250527144806-15d0078a3c01
github.com/docker/scout-cli => github.com/docker/scout-cli v1.15.0
github.com/moby/buildkit => github.com/moby/buildkit v0.22.0
- github.com/moby/moby => github.com/moby/moby v28.2.1+incompatible
+ github.com/moby/moby => github.com/moby/moby v28.3.0+incompatible
)
diff --git a/go.sum b/go.sum
index 55f92ffe3dc..703b34aed21 100644
--- a/go.sum
+++ b/go.sum
@@ -20,12 +20,16 @@ github.com/docker/buildx v0.24.0 h1:qiD+xktY+Fs3R79oz8M+7pbhip78qGLx6LBuVmyb+64=
github.com/docker/buildx v0.24.0/go.mod h1:vYkdBUBjFo/i5vUE0mkajGlk03gE0T/HaGXXhgIxo8E=
github.com/docker/cli v28.2.1+incompatible h1:AYyTcuwvhl9dXdyCiXlOGXiIqSNYzTmaDNpxIISPGsM=
github.com/docker/cli v28.2.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v28.3.0+incompatible h1:s+ttruVLhB5ayeuf2BciwDVxYdKi+RoUlxmwNHV3Vfo=
+github.com/docker/cli v28.3.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/compose/v2 v2.36.2 h1:rxk1PUUbhbAS6HkGsYo9xUmMBpKtVwFMNCQjE4+i5fk=
github.com/docker/compose/v2 v2.36.2/go.mod h1:mZygkne+MAMu/e1B28PBFmG0Z0WefbxZ/IpcjSFdrw8=
github.com/docker/compose/v2 v2.37.0 h1:R8Yik9ssiRz7T9BRfdOZy0xHDzOFPIJX40DrxzJ62dQ=
github.com/docker/compose/v2 v2.37.0/go.mod h1:twDoqUBFO2L5+vccJjkR6shQOH8C50V8AAQPxlkFr2Q=
github.com/docker/compose/v2 v2.37.1 h1:d/LO338bB7jxHvQwVHSBAjIgitDK2+Dl5IXJImL/bAA=
github.com/docker/compose/v2 v2.37.1/go.mod h1:yyprfHgPYV+ydOoL1gp8nIIlZ730ughSvz8D1VamayU=
+github.com/docker/compose/v2 v2.37.3 h1:RKaTVsWmqvJd6GP9EWPZ6fu4ezl8tfG1V7bRijToGJI=
+github.com/docker/compose/v2 v2.37.3/go.mod h1:U5PKGy7r7M7u2oVhz41NzlNglJFCdMrrThBOH5x00hk=
github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v28.2.2+incompatible h1:CjwRSksz8Yo4+RmQ339Dp/D2tGO5JxwYeqtMOEe0LDw=
@@ -90,6 +94,8 @@ github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3N
github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
github.com/moby/moby v28.2.1+incompatible h1:UYmHExYP8S0uGKDozhYw7RJ+LpANL51g4fa3qT0Q2GA=
github.com/moby/moby v28.2.1+incompatible/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc=
+github.com/moby/moby v28.3.0+incompatible h1:BnZpCciB9dCnfNC+MerxqsHV4I6/gLiZIzzbRFJIhUY=
+github.com/moby/moby v28.3.0+incompatible/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc=
github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
diff --git a/hugo.yaml b/hugo.yaml
index 7b9e59b1996..0835fd99931 100644
--- a/hugo.yaml
+++ b/hugo.yaml
@@ -133,16 +133,16 @@ params:
# Use `grep` to figure out how they might be used.
# Latest version of the Docker Engine API
- latest_engine_api_version: "1.50"
+ latest_engine_api_version: "1.51"
# Latest version of Docker Engine
- docker_ce_version: "28.2.2"
+ docker_ce_version: "28.3.0"
# Previous version of the Docker Engine
# (Used to show e.g., "latest" and "latest"-1 in engine install examples
- docker_ce_version_prev: "28.1.0"
+ docker_ce_version_prev: "28.2.2"
# Latest Docker Compose version
- compose_version: "v2.37.2"
+ compose_version: "v2.37.3"
# Latest BuildKit version
- buildkit_version: "0.22.0"
+ buildkit_version: "0.23.1"
# Example runtime/library/os versions
example_go_version: "1.24"
diff --git a/layouts/shortcodes/admin-domain-audit.md b/layouts/shortcodes/admin-domain-audit.md
deleted file mode 100644
index 01e8da1179d..00000000000
--- a/layouts/shortcodes/admin-domain-audit.md
+++ /dev/null
@@ -1,29 +0,0 @@
-{{ $product_link := "[Docker Hub](https://hub.docker.com)" }}
-{{ $domain_navigation := "Select **My Hub**, your organization, **Settings**, and then **Security**." }}
-{{ $sso_link := "[SSO](/security/for-admins/single-sign-on/)" }}
-{{ $scim_link := "[SCIM](/security/for-admins/provisioning/scim/)" }}
-
-{{ if eq (.Get "product") "admin" }}
- {{ $product_link = "the [Admin Console](https://admin.docker.com)" }}
- {{ $domain_navigation = "Select your organization on the **Choose profile** page, and then select **Domain management**." }}
- {{ $sso_link = "[SSO](/security/for-admins/single-sign-on/)" }}
- {{ $scim_link = "[SCIM](/security/for-admins/provisioning/scim/)" }}
-{{ end }}
-
-To audit your domains:
-
-1. Sign in to {{ $product_link }}.
-2. {{ $domain_navigation }}
-3. In **Domain Audit**, select **Export Users** to export a CSV file of uncaptured users with the following columns:
-
- - Name: The name of the user.
- - Username: The Docker ID of the user.
- - Email: The email address of the user.
-
-You can invite all the uncaptured users to your organization using the exported CSV file. For more details, see [Invite members](/admin/organization/members/). Optionally, enforce single sign-on or enable SCIM to add users to your organization automatically. For more details, see {{ $sso_link }} or {{ $scim_link }}.
-
-> [!NOTE]
->
-> Domain audit may identify accounts of users who are no longer a part of your organization. If you don't want to add a user to your organization and you don't want the user to appear in future domain audits, the user must deactivate their account or update their associated email address.
->
-> You can't deactivate an account or update an associated email address on behalf of a user. For more details, see [Deactivating an account](/manuals/accounts/deactivate-user-account.md).
\ No newline at end of file
diff --git a/layouts/shortcodes/admin-domains.html b/layouts/shortcodes/admin-domains.html
index f3374f4c32d..d9d51fac611 100644
--- a/layouts/shortcodes/admin-domains.html
+++ b/layouts/shortcodes/admin-domains.html
@@ -2,8 +2,8 @@
{{ $domain_navigation := `Navigate to the domain settings page for your organization. Select **My Hub**, your organization, **Settings**, and then **Security**.` }}
{{ if eq (.Get "product") "admin" }}
-{{ $product_link = "the [Admin Console](https://admin.docker.com)" }}
-{{ $domain_navigation = "Select your organization or company in the left navigation drop-down menu, and then select **Domain management**. Note that when an organization is part of a company, you must select the company and configure the domain for that organization at the company level. Each organization in a company can have its own domain, but it must be configured at the company level." }}
+{{ $product_link = "[Docker Home](https://app.docker.com) and select your organization or company. Note that when an organization is part of a company, you must select the company and configure the domain for that organization at the company level. Each organization in a company can have its own domain, but it must be configured at the company level." }}
+{{ $domain_navigation = "Select **Admin Console**, then **Domain management**." }}
{{ end }}
diff --git a/layouts/shortcodes/admin-image-access.html b/layouts/shortcodes/admin-image-access.html
index a6d03ad3f5a..11bd7d5ad54 100644
--- a/layouts/shortcodes/admin-image-access.html
+++ b/layouts/shortcodes/admin-image-access.html
@@ -2,8 +2,8 @@
{{ $iam_navigation := "Select **My Hub**, select your organization in the left navigation drop-down menu, and then select **Image access**." }}
{{ if eq (.Get "product") "admin" }}
- {{ $product_link = "the [Admin Console](https://admin.docker.com)" }}
- {{ $iam_navigation = "Select your organization in the left navigation drop-down menu, and then select **Image access**." }}
+ {{ $product_link = "[Docker Home](https://app.docker.com/) and select your organization." }}
+ {{ $iam_navigation = "Select **Admin Console**, then **Image access**." }}
{{ end }}
1. Sign in to {{ $product_link }}.
diff --git a/layouts/shortcodes/admin-org-audit-log.html b/layouts/shortcodes/admin-org-audit-log.html
index eaed5a99337..a3d0802c591 100644
--- a/layouts/shortcodes/admin-org-audit-log.html
+++ b/layouts/shortcodes/admin-org-audit-log.html
@@ -1,8 +1,9 @@
{{ $product_link := "[Docker Hub](https://hub.docker.com)" }}
{{ $audit_navigation := "Select **My Hub**, your organization, and then **Activity**." }}
+
{{ if eq (.Get "product") "admin" }}
- {{ $product_link = "the [Admin Console](https://admin.docker.com)" }}
- {{ $audit_navigation = "Select your organization in the left navigation drop-down menu, and then select **Activity logs**." }}
+ {{ $product_link = "[Docker Home](https://app.docker.com/) and select your organization." }}
+ {{ $audit_navigation = "Select **Admin Console**, then **Activity logs**." }}
{{ end }}
### View the activity logs
diff --git a/layouts/shortcodes/admin-registry-access.html b/layouts/shortcodes/admin-registry-access.html
index 7e15ad4d5ad..07364f8063b 100644
--- a/layouts/shortcodes/admin-registry-access.html
+++ b/layouts/shortcodes/admin-registry-access.html
@@ -1,8 +1,9 @@
{{ $product_link := "[Docker Hub](https://hub.docker.com)" }}
{{ $ram_navigation := "Select **My Hub**, your organization, **Settings**, and then select **Registry Access**." }}
+
{{ if eq (.Get "product") "admin" }}
- {{ $product_link = "the [Admin Console](https://admin.docker.com)" }}
- {{ $ram_navigation = "Select your organization in the left navigation drop-down menu, and then select **Registry access**." }}
+ {{ $product_link = "[Docker Home](https://app.docker.com/) and select your organization." }}
+ {{ $ram_navigation = "Select **Admin Console**, then **Registry access**." }}
{{ end }}
To configure Registry Access Management permissions, perform the following steps:
diff --git a/layouts/shortcodes/admin-scim-disable.html b/layouts/shortcodes/admin-scim-disable.html
index 087ba1bdc41..3b1499fd42d 100644
--- a/layouts/shortcodes/admin-scim-disable.html
+++ b/layouts/shortcodes/admin-scim-disable.html
@@ -3,8 +3,8 @@
- Organization: Select **My Hub**, your organization, **Settings**, and then **Security**.` }}
{{ if eq (.Get "product") "admin" }}
-{{ $product_link = "the [Admin Console](https://admin.docker.com)" }}
-{{ $sso_navigation = "Select your organization or company in the left navigation drop-down menu, and then select **SSO and SCIM.**" }}
+ {{ $product_link = "[Docker Home](https://app.docker.com/) and select your organization." }}
+ {{ $sso_navigation = "Select **Admin Console**, then **SSO and SCIM**." }}
{{ end }}
1. Sign in to {{ $product_link }}.
diff --git a/layouts/shortcodes/admin-scim.html b/layouts/shortcodes/admin-scim.html
index 46b8a6f8433..874ad92b551 100644
--- a/layouts/shortcodes/admin-scim.html
+++ b/layouts/shortcodes/admin-scim.html
@@ -3,8 +3,8 @@
- Organization: Select **My Hub**, your organization, **Settings**, and then **Security**.` }}
{{ if eq (.Get "product") "admin" }}
-{{ $product_link = "the [Admin Console](https://admin.docker.com)" }}
-{{ $sso_navigation = "Select your organization or company in the left navigation drop-down menu, and then select **SSO and SCIM.**" }}
+ {{ $product_link = "[Docker Home](https://app.docker.com/) and select your organization." }}
+ {{ $sso_navigation = "Select **Admin Console**, then **SSO and SCIM**." }}
{{ end }}
1. Sign in to {{ $product_link }}.
diff --git a/layouts/shortcodes/admin-sso-config.md b/layouts/shortcodes/admin-sso-config.md
index 7f205e74bff..4695913d894 100644
--- a/layouts/shortcodes/admin-sso-config.md
+++ b/layouts/shortcodes/admin-sso-config.md
@@ -2,8 +2,8 @@
{{ $sso_navigation := `Navigate to the SSO settings page for your organization. Select **My Hub**, your organization, **Settings**, and then **Security**.` }}
{{ if eq (.Get "product") "admin" }}
- {{ $product_link = "the [Admin Console](https://admin.docker.com)" }}
- {{ $sso_navigation = "Select your organization or company from the **Choose profile** page, and then select **SSO and SCIM**. Note that when an organization is part of a company, you must select the company and configure SSO for that organization at the company level. Each organization can have its own SSO configuration and domain, but it must be configured at the company level." }}
+ {{ $product_link = "[Docker Home](https://app.docker.com) and select your organization. Note that when an organization is part of a company, you must select the company and configure SSO for that organization at the company level. Each organization can have its own SSO configuration and domain, but it must be configured at the company level." }}
+ {{ $sso_navigation = "Select **Admin Console**, then **SSO and SCIM**." }}
{{ end }}
> [!IMPORTANT]
diff --git a/layouts/shortcodes/admin-sso-connect.md b/layouts/shortcodes/admin-sso-connect.md
index 89ab466a256..6d61bb7c83c 100644
--- a/layouts/shortcodes/admin-sso-connect.md
+++ b/layouts/shortcodes/admin-sso-connect.md
@@ -2,8 +2,8 @@
{{ $sso_navigation := `Navigate to the SSO settings page for your organization. Select **My Hub**, your organization, **Settings**, and then **Security**.` }}
{{ if eq (.Get "product") "admin" }}
- {{ $product_link = "the [Admin Console](https://admin.docker.com)" }}
- {{ $sso_navigation = "Select your organization or company from the **Choose profile** page, and then select **SSO and SCIM**. Note that when an organization is part of a company, you must select the company and configure SSO for that organization at the company level. Each organization can have its own SSO configuration and domain, but it must be configured at the company level." }}
+ {{ $product_link = "[Docker Home](https://app.docker.com) and select your organization. Note that when an organization is part of a company, you must select the company and configure SSO for that organization at the company level. Each organization can have its own SSO configuration and domain, but it must be configured at the company level." }}
+ {{ $sso_navigation = "Select **Admin Console**, then **SSO and SCIM**." }}
{{ end }}
1. In {{ $product_link }}, select the verified domains you want to apply the connection to.
diff --git a/layouts/shortcodes/admin-sso-management-connections.md b/layouts/shortcodes/admin-sso-management-connections.md
index a8759c36328..022ca6ccbce 100644
--- a/layouts/shortcodes/admin-sso-management-connections.md
+++ b/layouts/shortcodes/admin-sso-management-connections.md
@@ -2,8 +2,8 @@
{{ $sso_navigation := `Navigate to the SSO settings page for your organization. Select **My Hub**, your organization, **Settings**, and then **Security**.` }}
{{ if eq (.Get "product") "admin" }}
- {{ $product_link = "the [Admin Console](https://app.docker.com/admin)" }}
- {{ $sso_navigation = "Select your organization or company from the Choose profile page, and then select **SSO and SCIM**. Note that when an organization is part of a company, you must select the company and configure SSO for that organization at the company level. Each organization can have its own SSO configuration and domain, but it must be configured at the company level." }}
+ {{ $product_link = "[Docker Home](https://app.docker.com) and select your organization. Note that when an organization is part of a company, you must select the company and configure SSO for that organization at the company level. Each organization can have its own SSO configuration and domain, but it must be configured at the company level." }}
+ {{ $sso_navigation = "Select **Admin Console**, then **SSO and SCIM**." }}
{{ end }}
### Edit a connection
diff --git a/layouts/shortcodes/admin-sso-management-orgs.md b/layouts/shortcodes/admin-sso-management-orgs.md
index 12406a00f41..e22ee8b567f 100644
--- a/layouts/shortcodes/admin-sso-management-orgs.md
+++ b/layouts/shortcodes/admin-sso-management-orgs.md
@@ -1,8 +1,9 @@
{{ $product_link := "[Docker Hub](https://hub.docker.com)" }}
{{ $sso_navigation := "Select **My Hub**, your organization, and then **Settings**." }}
+
{{ if eq (.Get "product") "admin" }}
- {{ $product_link = "the [Admin Console](https://app.docker.com/admin)" }}
- {{ $sso_navigation = "Select your company from the **Choose profile** page, and then select **SSO and SCIM**." }}
+ {{ $product_link = "[Docker Home](https://app.docker.com) and select your organization. Note that when an organization is part of a company, you must select the company and configure SSO for that organization at the company level. Each organization can have its own SSO configuration and domain, but it must be configured at the company level." }}
+ {{ $sso_navigation = "Select **Admin Console**, then **SSO and SCIM**." }}
{{ end }}
### Connect an organization
diff --git a/layouts/shortcodes/admin-sso-management.md b/layouts/shortcodes/admin-sso-management.md
index 9d04bebfea8..5155191a410 100644
--- a/layouts/shortcodes/admin-sso-management.md
+++ b/layouts/shortcodes/admin-sso-management.md
@@ -2,8 +2,8 @@
{{ $sso_navigation := `Navigate to the SSO settings page for your organization. Select **My Hub**, your organization, **Settings**, and then **Security**.` }}
{{ if eq (.Get "product") "admin" }}
- {{ $product_link = "the [Admin Console](https://app.docker.com/admin)" }}
- {{ $sso_navigation = "Select your organization or company from the **Choose profile** page, and then select **SSO and SCIM**." }}
+ {{ $product_link = "[Docker Home](https://app.docker.com) and select your organization. Note that when an organization is part of a company, you must select the company and configure SSO for that organization at the company level. Each organization can have its own SSO configuration and domain, but it must be configured at the company level." }}
+ {{ $sso_navigation = "Select **Admin Console**, then **SSO and SCIM**." }}
{{ end }}
### Remove a domain from an SSO connection
diff --git a/layouts/shortcodes/admin-users.html b/layouts/shortcodes/admin-users.html
index 853c93f3221..023609daab4 100644
--- a/layouts/shortcodes/admin-users.html
+++ b/layouts/shortcodes/admin-users.html
@@ -17,9 +17,9 @@
{{ if eq (.Get "product") "admin" }}
{{ $invite_button = "**Invite**" }}
{{ $export_button = "the **Action** icon and then select **Export users as CSV**" }}
-{{ $member_navigation = "Select your organization from the **Choose profile** page, and then select **Members**." }}
+{{ $member_navigation = "Select **Admin Console**, then **Members**." }}
{{ $remove_button = "**Remove member**" }}
-{{ $product_link = "the [Admin Console](https://admin.docker.com)" }}
+{{ $product_link = "[Docker Home](https://app.docker.com) and select your organization." }}
{{ $role_mapping_link = "[SCIM for role mapping](/security/for-admins/provisioning/scim/)" }}
{{ if eq (.Get "layer") "company" }}
{{ $export_fields = `The CSV file for a company contains the following fields:
@@ -131,15 +131,15 @@
To resend an individual invitation:
-1. In the [Admin Console](https://app.docker.com/admin), select your company.
-2. Select **Users**.
+1. In [Docker Home](https://app.docker.com/), select your company.
+2. Select **Admin Console**, then **Users**.
3. Select the **action menu** next to the invitee and select **Resend**.
4. Select **Invite** to confirm.
To bulk resend invitations:
-1. In the [Admin Console](https://app.docker.com/admin), select your company.
-2. Select **Users**.
+1. In [Docker Home](https://app.docker.com/), select your company.
+2. Select **Admin Console**, then **Users**.
3. Use the **checkboxes** next to **Usernames** to bulk select users.
4. Select **Resend invites**.
5. Select **Resend** to confirm.