| ✅ |
#27902 |
--add-host |
|
|
| ❓ |
#27552 (for exec) |
-a, --attach |
n/a |
does not apply to services, as there are multiple containers backing it There may be usecases for this, but design/implementation needs discussion |
|
|
--blkio-weight |
|
|
|
|
--blkio-weight-device |
|
|
| ✅ |
#25885 |
--cap-add |
|
docker/cli#2663 docker/cli#2687 docker/cli#2709 |
| ✅ |
#25885 |
--cap-drop |
|
docker/cli#2663 docker/cli#2687 docker/cli#2709 |
|
|
--cgroup-parent |
|
|
| ❌ |
|
--cidfile |
|
does not apply to services, as there are multiple containers backing it |
| ❓ |
|
--cpu-percent |
|
|
| ✅ |
|
--cpu-period |
--limit-cpu |
--limit-cpu sets a combination of "cpu period" and "cpu quota" see #27958 for the docker run implementation |
| ✅ |
|
--cpu-quota |
--limit-cpu |
--limit-cpu sets a combination of "cpu period" and "cpu quota" see #27958 for the docker run implementation |
| ❓ |
|
--cpu-rt-period |
|
|
| ❓ |
|
--cpu-rt-runtime |
|
|
| ❓ |
|
-c, --cpu-shares |
|
|
| ✅ |
|
--cpus |
--limit-cpu |
--limit-cpu sets a combination of "cpu period" and "cpu quota" see #27958 for the docker run implementation |
| ❓ |
#30477 |
--cpuset-cpus |
|
|
| ❓ |
|
--cpuset-mems |
|
|
| ✅ |
|
-d, --detach |
|
-d is the default |
| ❌ |
|
--detach-keys |
|
No interactive services, so not needed |
| ❓ |
#24865 / moby/swarmkit#1244 |
--device |
|
|
| ❓ |
|
--device-cgroup-rule |
|
devices are host specific, so may not make sense ❓ |
| ❓ |
#32602 |
--device-read-bps |
|
devices are host specific, so may not make sense ❓ |
| ❓ |
#32602 |
--device-read-iops |
|
devices are host specific, so may not make sense ❓ |
| ❓ |
#32602 |
--device-write-bps |
|
devices are host specific, so may not make sense ❓ |
| ❓ |
#32602 |
--device-write-iops |
|
devices are host specific, so may not make sense ❓ |
| ❌ |
|
--disable-content-trust |
|
DCT is deprecated |
| ✅ |
#24391 |
--dns |
|
PR #27567 |
| ✅ |
#24391 |
--dns-option |
--dns-option, --dns-option-add, --dns-option-rm |
PR #27567 |
| ✅ |
#24391 |
--dns-search |
--dns-search, --dns-search-add, --dns-search-rm |
PR #27567 |
| ❓ |
#29171 |
--entrypoint |
|
|
| ✅ |
|
-e, --env |
-e, --env |
|
| ✅ |
#24712 #31595 |
--env-file |
|
PR #24844 |
|
|
--expose |
|
|
|
|
--gpus |
|
|
| ✅ |
#25317 |
--group-add |
--group |
|
| ✅ |
#27369 |
--health-cmd |
|
|
| ✅ |
#27369 |
--health-interval duration |
|
|
| ✅ |
#27369 |
--health-retries |
|
|
| ❓ |
|
--health-start-period |
|
|
| ✅ |
#27369 |
--health-timeout duration |
|
|
| ✅ |
#24877 |
-h, --hostname |
|
|
| ✅ |
#34529, docker/cli#51 #34639 |
--init |
--init |
PR moby/swarmkit#2350, moby/swarmkit#2652, #36895, #37183, docker/cli#1116, docker/cli#479, docker/cli#1129 |
| ❓ |
#32300 |
-i, --interactive |
|
does not apply to services, as there are multiple containers backing it There may be usecases for this, but design/implementation needs discussion |
| ❓ |
#24170 / #29816 |
--ip |
|
does not apply to services, as there are multiple containers backing it. Update: possibly useful to set the VIP |
| ❓ |
#24170 / #29816 |
--ip6 |
|
does not apply to services, as there are multiple containers backing it. Update: possibly useful to set the VIP |
|
|
--ipc |
|
|
| ✅ |
#31616, docker/cli#414 |
--isolation |
|
PR #34424, docker/cli#426, moby/swarmkit#2342 |
| ❌ |
|
--kernel-memory |
|
Feature is deprecated in the kernel; see #41254, #41252 |
| ✅ |
|
-l, --label |
--container-label |
|
|
|
--label-file |
|
|
| ❌ |
|
--link |
|
will be resolved through --network-alias❓ |
| ❌ |
|
--link-local-ip |
|
does not apply to services, as there are multiple containers backing it |
| ✅ |
|
--log-driver |
--log-driver |
|
| ✅ |
|
--log-opt |
--log-opt |
|
| ❓ |
#31092 |
--mac-address |
|
does not apply to services, as there are multiple containers backing it |
| ✅ |
|
-m, --memory |
--limit-memory |
|
| ✅ |
|
--memory-reservation |
--reserve-memory |
|
| ✅ |
#34654 |
--memory-swap |
|
PR: #37872 #51114 |
| ✅ |
#34654 |
--memory-swappiness |
|
PR: #37872 #51114 |
| ✅ |
|
--mount |
--mount, --mount-add, --mount-rm |
|
| 🔳 |
|
--name |
|
NOTE: --name sets the service name, not the container's name |
| ✅ |
#28573 |
--network |
--network |
host networking (see #25873) added through #32981. |
| ✅ |
#28247 |
-- |
--network-add/--network-rm are added in docker 17.05 |
moby/swarmkit#1029 |
|
#24787 |
--network-alias |
|
|
| ✅ |
|
--no-healthcheck |
|
|
|
|
--oom-kill-disable |
|
|
| 🔳 |
#34703 |
--oom-score-adj |
|
swarmkit PR: moby/swarmkit#2371 |
|
moby/swarmkit#1605 |
--pid |
|
|
| ✅ |
#28618 |
--pids-limit |
|
PR: #39882 swarmkit PR: moby/swarmkit#2415 (vendored: #35326) |
| ❓ |
|
--platform |
|
|
|
#24862 / moby/swarmkit#1030 |
--privileged |
|
moby/swarmkit#1722 |
| ✅ |
|
-p, --publish |
-p, --publish |
NOTE: does not support <ip-address> (#26696, #32299) |
| ❌ |
|
-P, --publish-all |
|
when defining a service; explicitly define ports to publish |
| ✅ |
#30162 |
--read-only |
|
#29972 |
| ✅ |
|
--restart |
--restart-condition, --restart-delay, --restart-max-attempts, --restart-window |
|
| ❌ |
|
--rm |
|
SwarmKit keeps old tasks (containers) around, but removes them, based on --task-history-limit |
|
|
--runtime |
|
|
|
#25209 -> #41371 |
--security-opt |
--credential-spec (#32339) is equivalent for --security opt credentialspec=... |
SELinux can be set through API (#32339) |
| ❓ |
#26714 |
--shm-size |
Possible through --mount type=tmpfs,target=/dev/shm |
|
|
|
--sig-proxy |
|
|
| ✅ |
#25696 |
--stop-signal |
|
PR #30754 |
| ✅ |
|
--stop-timeout |
--stop-grace-period |
New in 1.13 (see #22566) |
|
#28619 |
--storage-opt |
|
|
| ✅ |
#25209, #31961, moby/libentitlement#35 |
--sysctl |
|
PR #37701, moby/swarmkit#2729, docker/cli#1754 |
| ✅ |
|
--tmpfs |
--mount type=tmpfs |
|
| ✅ |
#25644 |
-t, --tty |
|
Implemented in SwarmKit moby/swarmkit#1370. Docker PR is #28076 |
| ✅ |
#25209 |
--ulimit |
|
PRs: moby/swarmkit#2967, #41284, docker/cli#2660 docker/cli#2712 |
| ✅ |
#25304 |
-u, --user |
-u, --user |
Does not support group / gid (see #25304 (comment)) |
| ❓ |
#37560 |
--userns |
|
|
|
|
--uts |
|
|
| ✅ |
|
-v, --volume |
--mount |
UX improvement needed (add -v flag?) |
| ✅ |
|
--volume-driver |
--mount |
UX improvement needed (add -v flag?) |
| ❌ |
|
--volumes-from |
|
does not apply to services, as there are multiple containers backing it |
| ✅ |
|
-w, --workdir |
-w, --workdir |
|
The
service createandservice updatecommands do not support all options thatdocker run/docker createsupports. Some options are not implemented yet, whereas other options may either not be implemented (because they don't make sense in the context of a service, or are not portable / cross platform).We should add more options for services, however instead of blindly copying every option, we should make sure the options are implemented properly, which may require using different names for the options and/or different kind of values.
I tried to create an overview of all options on
docker run, and to match them with thedocker service createoptions we currently have; I may have missed some, or made the wrong "translation", so input is welcome heredocker rundocker service--add-hostexec)-a, --attachdoes not apply to services, as there are multiple containers backing itThere may be usecases for this, but design/implementation needs discussion--blkio-weight--blkio-weight-device--cap-adddocker/cli#2663docker/cli#2687 docker/cli#2709--cap-dropdocker/cli#2663docker/cli#2687 docker/cli#2709--cgroup-parent--cidfile--cpu-percent--cpu-period--limit-cpu--limit-cpusets a combination of "cpu period" and "cpu quota" see #27958 for thedocker runimplementation--cpu-quota--limit-cpu--limit-cpusets a combination of "cpu period" and "cpu quota" see #27958 for thedocker runimplementation--cpu-rt-period--cpu-rt-runtime-c, --cpu-shares--cpus--limit-cpu--limit-cpusets a combination of "cpu period" and "cpu quota" see #27958 for thedocker runimplementation--cpuset-cpus--cpuset-mems-d, --detach-dis the default--detach-keys--device--device-cgroup-rule--device-read-bps--device-read-iops--device-write-bps--device-write-iops--disable-content-trust--dns--dns-option--dns-option,--dns-option-add,--dns-option-rm--dns-search--dns-search,--dns-search-add,--dns-search-rm--entrypoint-e, --env-e, --env--env-file--expose--gpus--group-add--group--health-cmd--health-interval duration--health-retries--health-start-period--health-timeout duration-h, --hostname--init--init-i, --interactivedoes not apply to services, as there are multiple containers backing itThere may be usecases for this, but design/implementation needs discussion--ipdoes not apply to services, as there are multiple containers backing it.Update: possibly useful to set the VIP--ip6does not apply to services, as there are multiple containers backing it.Update: possibly useful to set the VIP--ipc--isolation--kernel-memory-l, --label--container-label--label-file--link--network-alias❓--link-local-ip--log-driver--log-driver--log-opt--log-opt--mac-address-m, --memory--limit-memory--memory-reservation--reserve-memory--memory-swap#37872#51114--memory-swappiness#37872#51114--mount--mount,--mount-add,--mount-rm--name--namesets the service name, not the container's name--network--networkhostnetworking (see #25873) added through #32981.--network-add/--network-rmare added in docker 17.05--network-alias--no-healthcheck--oom-kill-disable--oom-score-adj--pid--pids-limit--platform--privileged-p, --publish-p, --publish<ip-address>(#26696, #32299)-P, --publish-all--read-only--restart--restart-condition,--restart-delay,--restart-max-attempts,--restart-window--rm--task-history-limit--runtime#25209-> #41371--security-opt--credential-spec(#32339) is equivalent for--security opt credentialspec=...--shm-size--mount type=tmpfs,target=/dev/shm--sig-proxy--stop-signal--stop-timeout--stop-grace-period--storage-opt--sysctl--tmpfs--mount type=tmpfs-t, --tty--ulimitdocker/cli#2660docker/cli#2712#25304-u, --user-u, --userDoes not support group / gid(see #25304 (comment))--userns--uts-v, --volume--mount-vflag?)--volume-driver--mount-vflag?)--volumes-from-w, --workdir-w, --workdir