New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[epic] add more options to service create
/ service update
#25303
Comments
@thaJeztah I saw on #25276 and the above list that |
@thaJeztah For |
@yongtang I know that for some options there's additional discussion needed; e.g. |
Thanks @thaJeztah for the explanation. |
@thaJeztah |
Good call, I'll edit |
|
@stevvooe agreed on most; in doubt on |
Thinking about |
This just doesn't make sense. For the most part, ports are already exported on the container's IP. In swarm services, this would bind all ports across the cluster, which isn't useful. The other issue is that the manager has no idea what these ports actually are, without inspecting the image. Exported cluster ports should be considered individually and carefully.
This is provided by overlay networking and network aliasing. In general, |
Yes, implementing |
I've also seen the options |
@hvpareja hm, yes, |
+1 for being able to set |
In our environment we'd like to use |
@stevvooe internal services with external visibility. Our problem is that |
@tzz Thanks for the explanation! Would it be correct to say that you want this at the cluster, network or service-level? For example, will have different values for |
@stevvooe for stable environments (production) the lookup can be stable at the cluster or network level. That's our most important use case. For unstable (dev and QA) environments we may need to change the lookup at the service level more dynamically, but that's a less important use case for us. |
I'm pulling my hair that docker service won't allow -t. Certain apps can't live without a TTY. |
@drajen Could you file a bug on SwarmKit? Out of curiosity, what applications are you running as services that require a TTY? |
@stevvooe I was running Samba in foreground mode which apparently requires a tty. Check the samba-publicshare image on docker hub. You may easily write a wrapper around it but there might be more breakage out there. |
@drajen That is a bummer. I'm really sorry we missed that. I wish someone spoke up in the RC period. I've submitted moby/swarmkit#1370 and docker/engine-api#364 for service support. We'll have to follow that up with the analogous flags in |
@stevvooe thanks for giving this attention! |
@jefflill could you open a separate issue for that, then I'll link it from the table at the top |
@thaJeztah: Done. Thanks. |
What extra information is needed for the implementation of We need this to work efficiently with discrete resources like GPUs. |
When running a swarm service, the container itself can run on any node in the swarm cluster; the API won't be able to connect to a container that's on any other host than the manager that is connected to. |
I think adding --env-file options to docker service update should be fine. Right now it's only on docker service create |
@ahmadfarisfs better to discuss on #31595, which also lists some of the reasons it's more problematic for |
@thaJeztah - are there any updates on |
The
service create
andservice update
commands do not support all options thatdocker run
/docker create
supports. Some options are not implemented yet, whereas other options may either not be implemented (because they don't make sense in the context of a service, or are not portable / cross platform).We should add more options for services, however instead of blindly copying every option, we should make sure the options are implemented properly, which may require using different names for the options and/or different kind of values.
I tried to create an overview of all options on
docker run
, and to match them with thedocker service create
options we currently have; I may have missed some, or made the wrong "translation", so input is welcome heredocker run
docker service
--add-host
exec
)-a, --attach
does not apply to services, as there are multiple containers backing itThere may be usecases for this, but design/implementation needs discussion--blkio-weight
--blkio-weight-device
--cap-add
docker/cli#2663docker/cli#2687 docker/cli#2709--cap-drop
docker/cli#2663docker/cli#2687 docker/cli#2709--cgroup-parent
--cidfile
--cpu-percent
--cpu-period
--limit-cpu
--limit-cpu
sets a combination of "cpu period" and "cpu quota" see #27958 for thedocker run
implementation--cpu-quota
--limit-cpu
--limit-cpu
sets a combination of "cpu period" and "cpu quota" see #27958 for thedocker run
implementation--cpu-rt-period
--cpu-rt-runtime
-c, --cpu-shares
--cpus
--limit-cpu
--limit-cpu
sets a combination of "cpu period" and "cpu quota" see #27958 for thedocker run
implementation--cpuset-cpus
--cpuset-mems
-d, --detach
-d
is the default--detach-keys
--device
--device-cgroup-rule
--device-read-bps
--device-read-iops
--device-write-bps
--device-write-iops
--disable-content-trust
--dns
--dns-option
--dns-option
,--dns-option-add
,--dns-option-rm
--dns-search
--dns-search,
--dns-search-add,--dns-search-rm
--entrypoint
-e, --env
-e, --env
--env-file
--expose
--gpus
--group-add
--group
--health-cmd
--health-interval duration
--health-retries
--health-start-period
--health-timeout duration
-h, --hostname
--init
--init
-i, --interactive
does not apply to services, as there are multiple containers backing itThere may be usecases for this, but design/implementation needs discussion--ip
does not apply to services, as there are multiple containers backing it.Update: possibly useful to set the VIP--ip6
does not apply to services, as there are multiple containers backing it.Update: possibly useful to set the VIP--ipc
--isolation
--kernel-memory
-l, --label
--container-label
--label-file
--link
--network-alias
❓--link-local-ip
--log-driver
--log-driver
--log-opt
--log-opt
--mac-address
-m, --memory
--limit-memory
--memory-reservation
--reserve-memory
--memory-swap
--memory-swappiness
--mount
--mount
,--mount-add
,--mount-rm
--name
--name
sets the service name, not the container's name--network
--network
host
networking (see #25873) added through #32981.--network-add
/--network-rm
are added in docker 17.05--network-alias
--no-healthcheck
--oom-kill-disable
--oom-score-adj
--pid
--pids-limit
--platform
--privileged
-p, --publish
-p, --publish
<ip-address>
(#26696, #32299)-P, --publish-all
--read-only
--restart
--restart-condition
,--restart-delay
,--restart-max-attempts
,--restart-window
--rm
--task-history-limit
--runtime
#25209-> #41371--security-opt
--credential-spec
(#32339) is equivalent for--security opt credentialspec=...
--shm-size
--mount type=tmpfs,target=/dev/shm
--sig-proxy
--stop-signal
--stop-timeout
--stop-grace-period
--storage-opt
--sysctl
--tmpfs
--mount type=tmpfs
-t, --tty
--ulimit
docker/cli#2660docker/cli#2712#25304-u, --user
-u, --user
Does not support group / gid(see #25304 (comment))--userns
--uts
-v, --volume
--mount
-v
flag?)--volume-driver
--mount
-v
flag?)--volumes-from
-w, --workdir
-w, --workdir
The text was updated successfully, but these errors were encountered: