Config to specify isolation technology for container

Signed-off-by: Rahul Kulkarni <Rahul.Kulkarni@microfocus.com>

src/main/asciidoc/inc/_docker-start.adoc

@@ -53,3 +53,8 @@ include::start/_wait.adoc[]
 === Logging
 
 include::start/_logging.adoc[]
+
+[[start-isolation]]
+=== Isolation
+
+include::start/_isolation.adoc[]

src/main/asciidoc/inc/start/_configuration.adoc

@@ -80,6 +80,9 @@ The `<run>` configuration element knows the following sub elements:
 | <<start-logging, *log*>>
 | Log configuration for whether and how log messages from the running containers should be printed. This also can configure the https://docs.docker.com/engine/admin/logging/overview[log driver] to use. See <<start-logging,Logging>> for a detailed description.
 
+| <<start-isolation, *isolation*>>
+| This option sets container's isolation technology. See <<start-isolation,Isolation>> for a detailed description.
+
 | *memory*
 | Memory limit in bytes
 

src/main/asciidoc/inc/start/_isolation.adoc

@@ -0,0 +1,30 @@
+==== Specify isolation technology for container
+
+The following configuration option under <run> session is equivalent of `--isolation <value>` when running a docker container
+
+.Example
+[source,xml]
+<run>
+    <isolation>hyperv</isolation>
+</run>
+
+This option is useful in situations where you are running Docker containers on Windows. The --isolation <value> option sets a container's isolation technology. On Linux, the only supported is the default option which uses Linux namespaces.
+
+.On Windows, isolation can take one of these values:
+[cols="1,5"]
+|===
+|Value |Description
+
+|default
+|Use the value specified by the Docker daemon's --exec-opt or system default (see below).
+
+|process
+|Shared-kernel namespace isolation (not supported on Windows client operating systems older than Windows 10 1809).
+
+|hyperv
+|Hyper-V hypervisor partition-based isolation.
+|===
+
+The default isolation on Windows server operating systems is process. The default isolation on Windows client operating systems is hyperv. An attempt to start a container on a client operating system older than Windows 10 1809 with --isolation process will fail.
+
+See https://docs.docker.com/engine/reference/commandline/run/#specify-isolation-technology-for-container---isolation[isolation technology for container] for a detailed description.

src/main/java/io/fabric8/maven/docker/access/ContainerHostConfig.java

@@ -68,6 +68,8 @@ public ContainerHostConfig dnsSearch(List<String> dnsSearch) {
         return addAsArray("DnsSearch", dnsSearch);
     }
 
+    public ContainerHostConfig isolation(String isolation) { return  add("Isolation",isolation); }
+
     public ContainerHostConfig cpuShares(Long cpuShares) {
         return add("CpuShares", cpuShares);
     }

src/main/java/io/fabric8/maven/docker/config/RunImageConfiguration.java

@@ -107,6 +107,9 @@ public boolean isDefault() {
     @Parameter
     private List<String> extraHosts;
 
+    @Parameter
+    private String isolation;
+
     @Parameter
     private Long cpuShares;
 
@@ -256,6 +259,8 @@ public Long getMemorySwap() {
         return memorySwap;
     }
 
+    public String getIsolation() { return isolation; }
+
     public Long getCpuShares() {
         return cpuShares;
     }
@@ -591,6 +596,11 @@ public Builder log(LogConfiguration log) {
             return this;
         }
 
+        public Builder isolation (String isolation) {
+            config.isolation = isolation;
+            return this;
+        }
+
         public Builder cpuShares(Long cpuShares){
             config.cpuShares = cpuShares;
             return this;

src/main/java/io/fabric8/maven/docker/config/handler/compose/DockerComposeConfigHandler.java

@@ -193,6 +193,7 @@ private RunImageConfiguration createRunConfiguration(DockerComposeServiceWrapper
                 // stop_signal not supported
                 .ulimits(wrapper.getUlimits())
                 .volumes(wrapper.getVolumeConfig())
+                .isolation(wrapper.getIsolation())
                 .cpuShares(wrapper.getCpuShares())
                 .cpus(wrapper.getCpusCount())
                 .cpuSet(wrapper.getCpuSet())

src/main/java/io/fabric8/maven/docker/config/handler/compose/DockerComposeServiceWrapper.java

@@ -350,6 +350,8 @@ public String getCpuSet() {
         return asString("cpuset");
     }
 
+    public String getIsolation() {return  asString("isolation"); }
+
     public Long getCpuShares() {
         return asLong("cpu_shares");
     }

src/main/java/io/fabric8/maven/docker/config/handler/property/ConfigKey.java

@@ -43,6 +43,7 @@ public enum ConfigKey {
     CLEANUP,
     CPUS,
     CPUSET,
+    ISOLATION,
     CPUSHARES,
     CACHE_FROM,
     CMD,

src/main/java/io/fabric8/maven/docker/config/handler/property/PropertyConfigHandler.java

@@ -218,6 +218,7 @@ private RunImageConfiguration extractRunConfiguration(ImageConfiguration fromCon
                 .imagePullPolicy(valueProvider.getString(IMAGE_PULL_POLICY_RUN, config == null ? null : config.getImagePullPolicy()))
                 .ulimits(extractUlimits(config == null ? null : config.getUlimits(), valueProvider))
                 .tmpfs(valueProvider.getList(TMPFS, config == null ? null : config.getTmpfs()))
+                .isolation(valueProvider.getString(ISOLATION, config == null ? null : config.getIsolation()))
                 .cpuShares(valueProvider.getLong(CPUSHARES, config == null ? null : config.getCpuShares()))
                 .cpus(valueProvider.getLong(CPUS, config == null ? null : config.getCpus()))
                 .cpuSet(valueProvider.getString(CPUSET, config == null ? null : config.getCpuSet()))

src/main/java/io/fabric8/maven/docker/service/RunService.java

@@ -371,6 +371,7 @@ ContainerHostConfig createContainerHostConfig(RunImageConfiguration runConfig, P
                 .logConfig(runConfig.getLogConfiguration())
                 .tmpfs(runConfig.getTmpfs())
                 .ulimits(runConfig.getUlimits())
+                .isolation(runConfig.getIsolation())
                 .cpuShares(runConfig.getCpuShares())
                 .cpus(runConfig.getCpus())
                 .cpuSet(runConfig.getCpuSet())

src/test/java/io/fabric8/maven/docker/config/handler/AbstractConfigHandlerTest.java

@@ -36,6 +36,7 @@ protected void validateRunConfiguration(RunImageConfiguration runConfig) {
         assertEquals((Long) 1L, runConfig.getMemory());
         assertEquals((Long) 1L, runConfig.getMemorySwap());
         assertEquals((Long) 1000000000L, runConfig.getCpus());
+        assertEquals("default", runConfig.getIsolation());
         assertEquals((Long) 1L, runConfig.getCpuShares());
         assertEquals("0,1", runConfig.getCpuSet());
         assertEquals(getEnvPropertyFile(),runConfig.getEnvPropertyFile());

src/test/java/io/fabric8/maven/docker/config/handler/compose/DockerComposeConfigHandlerTest.java

@@ -164,6 +164,7 @@ void validateRunConfiguration(RunImageConfiguration runConfig) {
         assertEquals((Long) 1L, runConfig.getMemorySwap());
         assertEquals("0,1", runConfig.getCpuSet());
         assertEquals((Long)1000000000L, runConfig.getCpus());
+        assertEquals("default", runConfig.getIsolation());
         assertEquals((Long) 1L, runConfig.getCpuShares());
         assertEquals(null,runConfig.getEnvPropertyFile());
 

src/test/java/io/fabric8/maven/docker/config/handler/property/PropertyConfigHandlerTest.java

@@ -1000,6 +1000,7 @@ protected void validateRunConfiguration(RunImageConfiguration runConfig) {
         assertEquals((Long) 1L, runConfig.getMemory());
         assertEquals((Long) 1L, runConfig.getMemorySwap());
         assertEquals((Long) 1000000000L, runConfig.getCpus());
+        assertEquals("default",runConfig.getIsolation());
         assertEquals((Long) 1L, runConfig.getCpuShares());
         assertEquals("0,1", runConfig.getCpuSet());
         assertEquals("/tmp/envProps.txt",runConfig.getEnvPropertyFile());
@@ -1084,6 +1085,7 @@ private String[] getTestData() {
             k(ConfigKey.SECURITY_OPTS) + ".1", "seccomp=unconfined",
             k(ConfigKey.CPUS), "1000000000",
             k(ConfigKey.CPUSET), "0,1",
+            k(ConfigKey.ISOLATION),"default",
             k(ConfigKey.CPUSHARES), "1",
             k(ConfigKey.CMD), "command.sh",
             k(ConfigKey.DNS) + ".1", "8.8.8.8",

src/test/java/io/fabric8/maven/docker/service/RunServiceTest.java

@@ -367,6 +367,7 @@ private void givenARunConfiguration() {
                         .memorySwap(1L)
                         .cpus(1000000000L)
                         .cpuSet("0,1")
+                        .isolation("default")
                         .cpuShares(1L)
                         .env(env())
                         .cmd("date")

src/test/resources/compose/docker-compose.yml

@@ -16,6 +16,7 @@ services:
       - CAP
     command: command.sh
     cgroup_parent: cgroup_parent
+    isolation: default
     cpu_shares: 1
     cpuset: 0,1
     cpus: 1

src/test/resources/docker/containerCreateConfigAll.json

@@ -64,6 +64,7 @@
         "Soft":2048
       }
     ],
+    "Isolation": "default",
     "CpuShares":1,
     "NanoCpus": 1000000000,
     "CpusetCpus":"0,1",

src/test/resources/docker/containerHostConfigAll.json

@@ -44,6 +44,7 @@
       "Soft":2048
     }
   ],
+  "Isolation": "default",
   "CpuShares":1,
   "NanoCpus":1000000000,
   "CpusetCpus":"0,1",