Adds a flag to the create and run command, `--use-api-socket`, that can
be used to start a container with the correctly configured parameters to
ensure that accessing the docker socket will work with out managing bind
mounts and authentication injection.
The implementation in this PR resolves the tokens for the current
credential set in the client and then copies it into a container at the
well know location of /run/secrets/docker/config.json, setting
DOCKER_CONFIG to ensure it is resolved by existing tooling. We use a
compose-compatible secret location with the hope that the CLI and
compose can work together seamlessly.
The bind mount for the socket is resolved from the current context,
erroring out if the flag is set and the provided socket is not a unix
socket.
There are a few drawbacks to this approach but it resolves a long
standing pain point. We'll continue to develop this as we understand
more use cases but it is marked as experimental for now.
Signed-off-by: Stephen Day <stephen.day@docker.com>
The [`docker buildx bake`][1] command has reached GA; this patch adds
a top-level `docker bake` command as alias for `docker buildx bake` to
improve discoverability and make it more convenient to use.
With this patch:
docker --help
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Common Commands:
run Create and run a new container from an image
exec Execute a command in a running container
ps List containers
build Build an image from a Dockerfile
bake Build from a file
pull Download an image from a registry
push Upload an image to a registry
images List images
...
The command is hidden if buildx is not installed;
docker --help
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Common Commands:
run Create and run a new container from an image
exec Execute a command in a running container
ps List containers
build Build an image from a Dockerfile
pull Download an image from a registry
push Upload an image to a registry
images List images
...
We can do some tweaking after this; currently it show an error
in situations where buildx is missing. We don't account for
"DOCKER_BUILDKIT=0", because this is a new feature that requires
buildx, and cannot be "disabled";
buildx missing;
docker bake
ERROR: bake requires the buildx component but it is missing or broken.
Install the buildx component to use bake:
https://docs.docker.com/go/buildx/
BuildKit disabled:
DOCKER_BUILDKIT=0 docker bake
ERROR: bake requires the buildx component but it is missing or broken.
Install the buildx component to use bake:
https://docs.docker.com/go/buildx/
[1]: https://www.docker.com/blog/ga-launch-docker-bake/
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Users have trouble understanding the different login paths on the CLI.
The default login is performed through an OAuth flow with the option to
fallback to a username and PAT login using the docker login -u <username>
option.
This patch improves the text around docker login, indicating:
- The username is shown when already authenticated
- Steps the user can take to switch user accounts are printed when
authenticated in an info.
- When not authenticated, the OAuth login flow explains the fallback
clearly to the user in an info.
- The password prompt now explicitly states that it accepts a PAT in an
info.
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
This was the only command for which we set the "example" field; while
we could consider doing this for other commands, we need to look what's
best w.r.t. duplicating the information maintained in markdown.
Also remove the intermediate variable used for the long description,
as this was also the only location where we used one.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This snippet was added in [docker@38ec5d8][1]. The intent was to indicate
that an empty value is equivalent to passing "default" as value. However,
passing the `--isolation` flag _without a value_ (i.e., no `=` specified)
will fail in many cases, as any string after it will be parsed as value
(e.g. `docker run --isolation busybox` would consider `busybox` as value).
This patch removes these lines as they add more confusion than addressing.
[1]: 38ec5d86a3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The docker inspect command did not inspect configs. This patch adds support for
it, and while at it, also sorts the list of objects in runInspect.
Before this patch:
docker config create myconfig ./codecov.yml
danpeyh8qzb30vgdj9fr665l1
docker inspect --format='{{.ID}}' myconfig
[]
Error: No such object: myconfig
docker inspect --format='{{.ID}}' --type=config myconfig
"config" is not a valid value for --type
With this patch:
docker inspect --format='{{.ID}}' myconfig
danpeyh8qzb30vgdj9fr665l1
docker inspect --format='{{.ID}}' --type=config myconfig
danpeyh8qzb30vgdj9fr665l1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This renames the `--time` flag as used on `docker stop` and `docker restart`
to `--timeout`, bringing it in line with other uses for this property,
such as `--stop-timeout` on `docker run`.
The `--time` option is deprecated and hidden, but will be kept for
backward compatibility, as these options existed for a long time.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
use current LTS versions of ubuntu where suitable, remove uses of
ubuntu:23.10 (which reache EOL), and and update some other examples
to use more current versions.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This environment variable allows for setting additional headers
to be sent by the client. Headers set through this environment
variable are added to headers set through the config-file (through
the HttpHeaders field).
This environment variable can be used in situations where headers
must be set for a specific invocation of the CLI, but should not
be set by default, and therefore cannot be set in the config-file.
WARNING: If both config and environment-variable are set, the environment
variable currently overrides all headers set in the configuration file.
This behavior may change in a future update, as we are considering the
environment variable to be appending to existing headers (and to only
override headers with the same name).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
