If a container is using a docker_gwbridge endpoint as its gateway,
when it's connected to another network that provides a gateway, the
docker_gwbridge endpoint is removed when that endpoint is added (in
a recursive nightmare).
So, the "before" gateway for the container has been removed
before the new gateway is updateExternalConnectivity'd.
Don't pass the old gateway to updateExternalConnectivity in that
case, because the network driver's already forgotten about it.
Signed-off-by: Rob Murray <rob.murray@docker.com>
Export trace spans from the github.com/microsoft/hcsshim module, which
is instrumented with OpenCensus, to the daemon's OpenTelemetry exporter
to provide more visibility into Windows container lifecycle operations.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Commit a8b9eff90 removed a call to Network.updateSvcRecord from
Network.createEndpoint on the grounds that:
> all callers of Network.createEndpoint follow up with an Endpoint.Join,
> which also sets up the DNS entry.
However, the original call in Network.createEndpoint was gated by:
```
if !n.getController().isSwarmNode() || n.Scope() != scope.Swarm || !n.driverIsMultihost() {
n.updateSvcRecord(context.WithoutCancel(ctx), ep, true)
}
```
whereas the call in Endpoint.sbJoin() (invoked by Endpoint.Join()) is
gated by:
```
if !n.getController().isAgent() {
if !n.getController().isSwarmNode() || n.Scope() != scope.Swarm || !n.driverIsMultihost() {
n.updateSvcRecord(context.WithoutCancel(ctx), ep, true)
}
}
```
As a result, once a node has joined a Swarm cluster, no DNS entries are
created for non swarm-scoped networks.
Change the condition used by `sbJoin` to match the original condition
used in `createEndpoint`.
Signed-off-by: Albin Kerouanton <albin.kerouanton@docker.com>
The priority order for determining image store choice was incorrect when
a prior graphdriver existed.
The issue occurred because the prior graphdriver check happened after
processing explicit driver configuration, effectively ignoring user
intent when prior state existed.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Updates docker pull to pull related attestation manifest and
any signatures for that manifest in cosign referrer objects.
These objects are transferred with the image when running
docker save and docker load and can be used to identify
the image in future updates.
Push is not updated atm as the currect push semantics
in containerd mode do not have correct immutability
guaranteed and don't work with image indexes.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
The image exporter wrapper was unconditionally setting `unpack=true` for
all build exports, preventing users from controlling this behavior
through buildkit's output image exporter option.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Currently requires replace rule for swarmkit etcd.
BuildKit itself doesn't use etcd but version gets bumped
via unused dependency.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This workaround was added in df519e9e1a, pending
a fix in containerd;
> daemon: Fix giving up too early while connecting to containerd socket
>
> Explicitly set the gRPC connection params to take the timeout into
> account to workaround the containerd v2 client not passing down the
> stack.
>
> containerd v2 replaced usages of deprecated gRPC functions but didn't
> pass the timeout to the actual dial connection options.
A fix for this was merged in [containerd@ee574e7], which is part of containerd
v2.1.0-beta.0, and backported to containerd v2.0.4 through [containerd@6b5efba].
[containerd@ee574e7]: ee574e76e7
[containerd@6b5efba]: 6b5efba83b
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This type describes the options defined as consts below it, so make
those consts typed. While updating, I also removed the use of iota
to prevent accidentally changing their values (and if this API is
implemented elsewhere)
(but mostly because I'm not a fan of iota ':))
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Introduced DefaultIsolation method in the Daemon to return the daemon configured isolation mode for Windows.
Signed-off-by: Vigilans <vigilans@foxmail.com>
On daemon shutdown, the HTTP server tries to gracefully shutdown for 5
seconds. If there's an open API connection to the '/events' endpoint, it
fails to do so as nothing interrupts that connection, thus forcing the
daemon to wait until that timeout is reached.
Add a Close method to the EventsService, and call it during daemon
shutdown. It'll close any events channel, signaling to the '/events'
handler to return and close the connection.
It now takes ~1s (or less) to shutdown the daemon when there's an active
'/events' connection, instead of 5.
Signed-off-by: Albin Kerouanton <albin.kerouanton@docker.com>
Use a singleflight for collecting the build-cache usage; collecting this
information is potentially heavy-weight, and we already do this for the
other disk-usage methods.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit a69abdd90d introduced a "verbose"
option for the disk-usage endpoint, which allowed omitting the items
to be included in the results.
However, it did not take into account that a singleflight is used to
allow sharing the results between requests; this means that a request
made while another request is already in flight could share the wrong
results, and either get "verbose" or "non-verbose", depending on the
request already in flight.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These fields have been removed from the API specification, and the struct
was only needed to produce legacy responses (server), or to unmarshal
legacy responses in the client.
As the API module only provides API definitions for the current API version,
we should remove these legacy structs, and keep them internal to the daemon
and client.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Now that we separated the legacy response from non-legacy responses,
we can consume the data produced by the backend as-is; the backend
takes care of omitting "verbose" data (leaving the `Items` slices
empty), and with an early return for the legacy responses, we won't
end up with returning _both_ responses on API < v1.52, but (TBD) still
return both responses for API v1.52.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use early return for legacy response. When using API < v1.52, we'd
never return the new fields, so we can return early, and produce the
legacy-fields only.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Set values directly on the DiskUsage objects instead of using some
intermediate vars, some of which were named slightly confusing due
to them being used both for "totalSize" and "reclaimableSize".
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Move calculation of the data to the builder backend, to align with
the other type of objects. This also allows us to skip the verbose
data if it's not used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Make the "per-object" types aliases for the API type, and remove
the BuildCacheDiskUsage type, as it's not currently used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Rewrite the logic to have a better separation between producing legacy
fields, and verbose. We need to preserve / include all items in the
response _either_ if a API >= v1.52 client requested "verbose" _or_
if we're about to produce legacy fields.
Also switch to using the `httputils.BoolValue` utility; while we lose
the error for invalid values (which we probably should have as a utility
in `httputils`), it aligns with values accepted for other boolean values.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Make sure Cobra is configured with the streams we use, and use
Cobra's utilities to print the validation messsage.
While updating, also add a short comment outlining why we're using
STDERR, not STDOUT for this message.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This workaround was added in 3bb40af036 to
work around a limitation of Cobra, which didn't support completion if there
are no subcommands, because [Command.InitDefaultCompletionCmd] disabled
completion, as implicitly adding the hidden `completion` and `__complete`
subcommands would break binaries without subcommands that accepted positional
args.
This problem was fixed in Cobra v1.9.0 through [cobra@24ada7f], which now
dynamically adds the `completion` subcommand when invoked.
This patch removes the hidden `__dummy_command`, which was used to work around
the logic in Cobra < v1.9.0, and to make it enable completion regardless.
Completion should still work as usual:
dockerd completion --help
Usage: dockerd completion [flags]
...
source <(dockerd completion bash)
dockerd --default-<tab>
--default-address-pool (Default address pools for node specific local networks)
--default-cgroupns-mode (Default mode for containers cgroup namespace ("host" | "private"))
--default-gateway (Default gateway IPv4 address for the default bridge network)
--default-gateway-v6 (Default gateway IPv6 address for the default bridge network)
--default-ipc-mode (Default mode for containers ipc ("shareable" | "private"))
--default-network-opt (Default network options)
--default-runtime (Default OCI runtime for containers)
--default-shm-size (Default shm size for containers)
--default-ulimit (Default ulimits for containers)
[Command.InitDefaultCompletionCmd]: https://github.com/spf13/cobra/blob/v1.8.1/completions.go#L685-L698
[cobra@24ada7f]: 24ada7fe71
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
