The Docker API is an HTTP REST API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
Most of the client's commands map directly to API endpoints (e.g. `docker ps` is `GET /containers/json`). The notable exception is running containers, which consists of several API calls. [There is example of using `curl` to run a container in the SDK documentation.](#TODO)
# Errors
The Remote API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:
```
{
"message": "page not found"
}
```
# Versioning
The API is usually changed in each release of Docker. If you want to write a client that doesn't break when connecting to newer Docker releases, you can lock to a specific API version.
For Docker 1.13, the API version is 1.25. To lock to this version, you prefix the URL with `/v1.25`. For example, calling `/info` is the same as calling `/v1.25/info`.
The API uses an open schema model, which means server may add extra properties to responses. Likewise, the server will ignore any extra query parameters and request body properties. When you write clients, you need to ignore additional properties in responses to ensure they do not break when talking to newer Docker daemons.
# Authentication
Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure:
```
{
"username": "string",
"password": "string",
"email": "string",
"serveraddress": "string"
}
```
The `serveraddress` is a domain/IP without a protocol. Throughout this structure, double quotes are required.
If you have already got an identity token from the [`/auth` endpoint](#operation/checkAuthentication), you can just pass this instead of credentials:
description:"Mount source (e.g. a volume name, a host path)."
Type:
description:|
The mount type. Available types:
- `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
- `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
type:"string"
enum:
- "bind"
- "volume"
ReadOnly:
description:"Whether the mount should be read-only."
type:"boolean"
BindOptions:
description:"Optional configuration for the `bind` type."
type:"object"
properties:
Propagation:
description:"A propagation mode with the value `[r]private`, `[r]shared`, or `[r]slave`."
enum:
- "private"
- "rprivate"
- "shared"
- "rshared"
- "slave"
- "rslave"
VolumeOptions:
description:"Optional configuration for the `volume` type."
type:"object"
properties:
NoCopy:
description:"Populate volume with data from the target."
type:"boolean"
default:false
Labels:
description:"User-defined name and labels for the volume as key/value pairs."
type:"object"
additionalProperties:
type:"string"
DriverConfig:
description:"Map of driver specific options"
type:"object"
properties:
Name:
description:"Name of the driver to use to create the volume."
type:"string"
Options:
description:"key/value map of driver specific options."
description:"An integer value representing this container's relative CPU weight versus other containers."
type:"integer"
Memory:
description:"Memory limit in bytes."
type:"integer"
default:0
# Applicable to UNIX platforms
CgroupParent:
description:"Path to `cgroups` under which the container's `cgroup` is created. If the path is not absolute, the path is considered to be relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist."
type:"string"
BlkioWeight:
description:"Block IO weight (relative weight)."
type:"integer"
minimum:10
maximum:1000
BlkioWeightDevice:
description:|
Block IO weight (relative device weight) in the form `[{"Path": "device_path", "Weight": weight}]`.
type:"array"
items:
type:"object"
properties:
Path:
type:"string"
Weight:
type:"integer"
minimum:0
BlkioDeviceReadBps:
description:|
Limit read rate (bytes per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
type:"array"
items:
$ref:"#/definitions/ThrottleDevice"
BlkioDeviceWriteBps:
description:|
Limit write rate (bytes per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
type:"array"
items:
$ref:"#/definitions/ThrottleDevice"
BlkioDeviceReadIOps:
description:|
Limit read rate (IO per second) from a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
type:"array"
items:
$ref:"#/definitions/ThrottleDevice"
BlkioDeviceWriteIOps:
description:|
Limit write rate (IO per second) to a device, in the form `[{"Path": "device_path", "Rate": rate}]`.
type:"array"
items:
$ref:"#/definitions/ThrottleDevice"
CpuPeriod:
description:"The length of a CPU period in microseconds."
type:"integer"
CpuQuota:
description:"Microseconds of CPU time that the container can get in a CPU period."
type:"integer"
CpusetCpus:
description:"CPUs in which to allow execution (e.g., `0-3`, `0,1`)"
type:"string"
CpusetMems:
description:"Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems."
type:"string"
Devices:
description:"A list of devices to add to the container."
type:"array"
items:
$ref:"#/definitions/DeviceMapping"
DiskQuota:
description:"Disk limit (in bytes)."
type:"integer"
format:"int64"
KernelMemory:
description:"Kernel memory limit in bytes."
type:"integer"
format:"int64"
MemoryReservation:
description:"Memory soft limit in bytes."
type:"integer"
format:"int64"
MemorySwap:
description:"Total memory limit (memory + swap). Set as `-1` to enable unlimited swap."
type:"integer"
format:"int64"
MemorySwappiness:
description:"Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100."
type:"integer"
format:"int64"
minimum:0
maximum:100
OomKillDisable:
description:"Disable OOM Killer for the container."
type:"boolean"
PidsLimit:
description:"Tune a container's pids limit. Set -1 for unlimited."
type:"integer"
format:"int64"
Ulimits:
description:|
A list of resource limits to set in the container. For example:`{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
type:"array"
items:
type:"object"
properties:
Name:
description:"Name of ulimit"
type:"string"
Soft:
description:"Soft limit"
type:"integer"
Hard:
description:"Hard limit"
type:"integer"
# Applicable to Windows
CpuCount:
description:"CPU count (Windows only)"
type:"integer"
format:"int64"
CpuPercent:
description:"CPU percent (Windows only)"
type:"integer"
format:"int64"
IOMaximumIOps:
description:"Maximum IOps for the container system drive (Windows only)"
type:"integer"
format:"int64"
IOMaximumBandwidth:
description:"Maximum IO in bytes per second for the container system drive (Windows only)"
type:"integer"
format:"int64"
HostConfig:
description:"Container configuration that depends on the host we are running on"
allOf:
- $ref:"#/definitions/Resources"
- type:"object"
properties:
# Applicable to all platforms
Binds:
type:"array"
description:|
A list of volume bindings for this container. Each volume binding is a string in one of these forms:
- `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
- `host-src:container-dest:ro` to make the bind-mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
- `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
- `volume-name:container-dest:ro` to mount the volume read-only inside the container. `container-dest` must be an _absolute_ path.
items:
type:"string"
ContainerIDFile:
type:"string"
description:"Path to a file where the container ID is written"
LogConfig:
type:"object"
description:"The logging configuration for this container"
properties:
Type:
type:"string"
enum:
- "json-file"
- "syslog"
- "journald"
- "gelf"
- "fluentd"
- "awslogs"
- "splunk"
- "etwlogs"
- "none"
Config:
type:"object"
additionalProperties:
type:"string"
NetworkMode:
type:"string"
description:"Network mode to use for this container. Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other value is taken
as a custom network's name to which this container should connect to."
PortBindings:
type:"object"
description:"A map of exposed container ports and the host port they should map to."
additionalProperties:
type:"object"
properties:
HostIp:
type:"string"
description:"The host IP address"
HostPort:
type:"string"
description:"The host port number, as a string"
RestartPolicy:
$ref:"#/definitions/RestartPolicy"
AutoRemove:
type:"boolean"
description:"Automatically remove the container when the container's process exits. This has no effect if `RestartPolicy` is set."
VolumeDriver:
type:"string"
description:"Driver that this container uses to mount volumes."
VolumesFrom:
type:"array"
description:"A list of volumes to inherit from another container, specified in the form `<container name>[:<ro|rw>]`."
items:
type:"string"
Mounts:
description:"Specification for mounts to be added to the container."
type:"array"
items:
$ref:"#/definitions/Mount"
# Applicable to UNIX platforms
CapAdd:
type:"array"
description:"A list of kernel capabilities to add to the container."
items:
type:"string"
CapDrop:
type:"array"
description:"A list of kernel capabilities to drop from the container."
items:
type:"string"
Dns:
type:"array"
description:"A list of DNS servers for the container to use."
items:
type:"string"
DnsOptions:
type:"array"
description:"A list of DNS options."
items:
type:"string"
DnsSearch:
type:"array"
description:"A list of DNS search domains."
items:
type:"string"
ExtraHosts:
type:"array"
description:|
A list of hostnames/IP mappings to add to the container's `/etc/hosts` file. Specified in the form `["hostname:IP"]`.
items:
type:"string"
GroupAdd:
type:"array"
description:"A list of additional groups that the container process will run as."
items:
type:"string"
IpcMode:
type:"string"
description:"IPC namespace to use for the container."
Cgroup:
type:"string"
description:"Cgroup to use for the container."
Links:
type:"array"
description:"A list of links for the container in the form `container_name:alias`."
items:
type:"string"
OomScoreAdj:
type:"integer"
description:"An integer value containing the score given to the container in order to tune OOM killer preferences."
PidMode:
type:"string"
description:|
Set the PID (Process) Namespace mode for the container. It can be either:
- `"container:<name|id>"`: joins another container's PID namespace
- `"host"`: use the host's PID namespace inside the container
Privileged:
type:"boolean"
description:"Gives the container full access to the host."
PublishAllPorts:
type:"boolean"
description:"Allocates a random host port for all of a container's exposed ports."
ReadonlyRootfs:
type:"boolean"
description:"Mount the container's root filesystem as read only."
SecurityOpt:
type:"array"
description:"A list of string values to customize labels for MLS
systems, such as SELinux."
items:
type:"string"
StorageOpt:
type:"object"
description:|
Storage driver options for this container, in the form `{"size": "120G"}`.
additionalProperties:
type:"string"
Tmpfs:
type:"object"
description:"List of tmpfs mounts for this container."
additionalProperties:
type:"string"
UTSMode:
type:"string"
description:"UTS namespace to use for the container."
UsernsMode:
type:"string"
description:"Sets the usernamespace mode for the container when usernamespace remapping option is enabled."
ShmSize:
type:"integer"
description:"Size of `/dev/shm` in bytes. If omitted, the system uses 64MB."
minimum:0
Sysctls:
type:"object"
description:|
A list of kernel parameters (sysctls) to set in the container. For example:`{ "net.ipv4.ip_forward": "1" }`
additionalProperties:
type:"string"
Runtime:
type:"string"
description:"Runtime to use with this container."
# Applicable to Windows
ConsoleSize:
type:"array"
description:"Initial console size, as an `[height, width]` array. (Windows only)"
minItems:2
maxItems:2
items:
type:"integer"
minimum:0
Isolation:
type:"string"
description:"Isolation technology of the container. (Windows only)"
enum:
- "default"
- "process"
- "hyperv"
Config:
description:"Configuration for a container that is portable between hosts"
type:"object"
properties:
Hostname:
description:"The hostname to use for the container, as a valid RFC 1123 hostname."
type:"string"
Domainname:
description:"The domain name to use for the container."
type:"string"
User:
description:"The user that commands are run as inside the container."
type:"string"
AttachStdin:
description:"Whether to attach to stdin."
type:"boolean"
default:false
AttachStdout:
description:"Whether to attach to stdout."
type:"boolean"
default:true
AttachStderr:
description:"Whether to attach to stderr."
type:"boolean"
default:true
ExposedPorts:
description:|
An object mapping ports to an empty object in the form:
`{"<port>/<tcp|udp>": {}}`
type:"object"
additionalProperties:
type:"object"
enum:
- {}
default:{}
Tty:
description:"Attach standard streams to a TTY, including stdin if it is not closed."
type:"boolean"
default:false
OpenStdin:
description:"Open stdin"
type:"boolean"
default:false
StdinOnce:
description:"Close stdin after one attached client disconnects"
type:"boolean"
default:false
Env:
description:|
A list of environment variables to set inside the container in the form `["VAR=value"[,"VAR2=value2"]]`
type:"array"
items:
type:"string"
Cmd:
description:"Command to run specified as a string or an array of strings."
type:
- "array"
- "string"
items:
type:"string"
Healthcheck:
description:"A test to perform to check that the container is healthy."
type:"object"
properties:
Test:
description:|
The test to perform. Possible values are:
- `{}` inherit healthcheck from image or parent image
- `{"NONE"}` disable healthcheck
- `{"CMD", args...}` exec arguments directly
- `{"CMD-SHELL", command}` run command with system's default shell
type:"array"
items:
type:"string"
Interval:
description:"The time to wait between checks in nanoseconds. 0 means inherit."
type:"integer"
Timeout:
description:"The time to wait before considering the check to have hung. 0 means inherit."
type:"integer"
Retries:
description:"The number of consecutive failures needed to consider a container as unhealthy. 0 means inherit."
type:"integer"
ArgsEscaped:
description:"Command is already escaped (Windows only)"
type:"boolean"
Image:
description:"The name of the image to use when creating the container"
type:"string"
Volumes:
description:"An object mapping mount point paths inside the container to empty objects."
type:"object"
properties:
additionalProperties:
type:"object"
enum:
- {}
default:{}
WorkingDir:
description:"The working directory for commands to run in."
type:"string"
Entrypoint:
description:|
The entry point for the container as a string or an array of strings.
If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the Dockerfile).
type:
- "array"
- "string"
items:
type:"string"
NetworkDisabled:
description:"Disable networking for the container."
type:"boolean"
MacAddress:
description:"MAC address of the container."
type:"string"
OnBuild:
description:"`ONBUILD` metadata that were defined in the image's `Dockerfile`."
type:"array"
items:
type:"string"
Labels:
description:"User-defined key/value data attached to the container."
type:"object"
additionalProperties:
type:"string"
StopSignal:
description:"Signal to stop a container as a string or unsigned integer."
type:"string"
default:"SIGTERM"
Shell:
description:"Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell."
description:"The number of historic tasks to keep per instance or node. If negative, never remove completed or failed tasks."
type:"integer"
format:"int64"
Raft:
description:"Raft configuration."
type:"object"
properties:
SnapshotInterval:
description:"The number of log entries between snapshots."
type:"integer"
format:"int64"
KeepOldSnapshots:
description:"The number of snapshots to keep beyond the current snapshot."
type:"integer"
format:"int64"
LogEntriesForSlowFollowers:
description:"The number of log entries to keep around to sync up slow followers after a snapshot is created."
type:"integer"
format:"int64"
ElectionTick:
description:|
The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
type:"integer"
HeartbeatTick:
description:|
The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
type:"integer"
Dispatcher:
description:"Dispatcher configuration."
type:"object"
properties:
HeartbeatPeriod:
description:"The delay for an agent to send a heartbeat to the dispatcher."
type:"integer"
format:"int64"
CAConfig:
description:"CA configuration."
type:"object"
properties:
NodeCertExpiry:
description:"The duration node certificates are issued for."
type:"integer"
format:"int64"
ExternalCAs:
description:"Configuration for forwarding signing requests to an external certificate authority."
type:"array"
items:
type:"object"
properties:
Protocol:
description:"Protocol for communication with the external CA
(currently only `cfssl` is supported)."
type:"string"
enum:
- "cfssl"
default:"cfssl"
URL:
description:"URL where certificate signing requests should be sent."
type:"string"
Options:
description:"An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver."
type:"object"
additionalProperties:
type:"string"
TaskDefaults:
description:"Defaults for creating tasks in this cluster."
type:"object"
properties:
LogDriver:
description:|
The log driver to use for tasks created in the orchestrator if unspecified by a service.
Updating this value will only have an affect on new tasks. Old tasks will continue use their previously configured log driver until recreated.
# The Swarm information for `GET /info`. It is the same as `GET /swarm`, but
# without `JoinTokens`.
ClusterInfo:
type:"object"
properties:
ID:
description:"The ID of the swarm."
type:"string"
Version:
type:"object"
properties:
Index:
type:"integer"
format:"int64"
CreatedAt:
type:"string"
format:"dateTime"
UpdatedAt:
type:"string"
format:"dateTime"
Spec:
$ref:"#/definitions/SwarmSpec"
TaskSpec:
description:"User modifiable task configuration."
properties:
ContainerSpec:
type:"object"
properties:
Image:
description:"The image name to use for the container."
type:"string"
Command:
description:"The command to be run in the image."
type:"array"
items:
type:"string"
Args:
description:"Arguments to the command."
type:"array"
items:
type:"string"
Env:
description:"A list of environment variables in the form `VAR=value`."
type:"array"
items:
type:"string"
Dir:
description:"The working directory for commands to run in."
type:"string"
User:
description:"The user inside the container."
type:"string"
Labels:
description:"A map of labels to associate with the service."
type:"object"
additionalProperties:
type:"string"
Mounts:
description:"Specification for mounts to be added to containers created as part of the service."
type:"array"
items:
$ref:"#/definitions/Mount"
StopGracePeriod:
description:"Amount of time to wait for the container to terminate before forcefully killing it."
type:"integer"
format:"int64"
Resources:
description:"Resource requirements which apply to each individual container created as part of the service."
type:"object"
properties:
Limits:
description:"Define resources limits."
type:"object"
properties:
NanoCPUs:
description:"CPU limit in units of 10<sup>-9</sup> CPU shares."
type:"integer"
format:"int64"
MemoryBytes:
description:"Memory limit in Bytes."
type:"integer"
format:"int64"
Reservation:
description:"Define resources reservation."
properties:
NanoCPUs:
description:"CPU reservation in units of 10<sup>-9</sup> CPU shares."
type:"integer"
format:"int64"
MemoryBytes:
description:"Memory reservation in Bytes."
type:"integer"
format:"int64"
RestartPolicy:
description:"Specification for the restart policy which applies to containers created as part of this service."
type:"object"
properties:
Condition:
description:"Condition for restart."
type:"string"
enum:
- "none"
- "on-failure"
- "any"
Delay:
description:"Delay between restart attempts."
type:"integer"
format:"int64"
MaxAttempts:
description:"Maximum attempts to restart a given container before giving up (default value is 0, which is ignored)."
type:"integer"
format:"int64"
default:0
Window:
description:"Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded)."
type:"integer"
format:"int64"
default:0
Placement:
type:"object"
properties:
Constraints:
description:"An array of constraints."
type:"array"
items:
type:"string"
Networks:
type:"array"
items:
type:"object"
properties:
Target:
type:"string"
Aliases:
type:"array"
items:
type:"string"
LogDriver:
description:"Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
type:"object"
properties:
Name:
type:"string"
Options:
type:"object"
additionalProperties:
type:"string"
TaskState:
type:"string"
enum:
- "new"
- "allocated"
- "pending"
- "assigned"
- "accepted"
- "preparing"
- "ready"
- "starting"
- "running"
- "complete"
- "shutdown"
- "failed"
- "rejected"
Task:
type:"object"
properties:
ID:
description:"The ID of the task."
type:"string"
Version:
type:"object"
properties:
Index:
type:"integer"
format:"int64"
CreatedAt:
type:"string"
format:"dateTime"
UpdatedAt:
type:"string"
format:"dateTime"
Name:
description:"Name of the task."
type:"string"
Labels:
description:"User-defined key/value metadata."
type:"object"
additionalProperties:
type:"string"
Spec:
$ref:"#/definitions/TaskSpec"
ServiceID:
description:"The ID of the service this task is part of."
type:"string"
Slot:
type:"integer"
NodeID:
description:"The ID of the node that this task is on."
description:"User modifiable configuration for a service."
properties:
Name:
description:"Name of the service."
type:"string"
Labels:
description:"User-defined key/value metadata."
type:"object"
additionalProperties:
type:"string"
TaskTemplate:
$ref:"#/definitions/TaskSpec"
Mode:
description:"Scheduling mode for the service."
type:"object"
properties:
Replicated:
type:"object"
properties:
Replicas:
type:"integer"
format:"int64"
Global:
type:"object"
UpdateConfig:
description:"Specification for the update strategy of the service."
type:"object"
properties:
Parallelism:
description:"Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism)."
type:"integer"
format:"int64"
Delay:
description:"Amount of time between updates."
type:"integer"
format:"int64"
FailureAction:
description:"Action to take if an updated task fails to run, or stops running during the update."
type:"string"
enum:
- "continue"
- "pause"
Networks:
description:"Array of network names or IDs to attach the service to."
type:"array"
items:
type:"object"
properties:
Target:
type:"string"
Aliases:
type:"array"
items:
type:"string"
EndpointSpec:
$ref:"#/definitions/EndpointSpec"
EndpointPortConfig:
type:"object"
properties:
Name:
type:"string"
Protocol:
type:"string"
enum:
- "tcp"
- "udp"
TargetPort:
description:"The port inside the container."
type:"integer"
PublishedPort:
description:"The port on the swarm hosts."
type:"integer"
EndpointSpec:
description:"Properties that can be configured to access and load balance a service."
type:"object"
properties:
Mode:
description:"The mode of resolution to use for internal load balancing
between tasks."
type:"string"
enum:
- "vip"
- "dnsrr"
default:"vip"
Ports:
description:"List of exposed ports that this service is accessible on from the outside. Ports can only be provided if `vip` resolution mode is used."
type:"array"
items:
$ref:"#/definitions/EndpointPortConfig"
Service:
type:"object"
properties:
ID:
type:"string"
Version:
type:"object"
properties:
Index:
type:"integer"
format:"int64"
CreatedAt:
type:"string"
format:"dateTime"
UpdatedAt:
type:"string"
format:"dateTime"
Spec:
$ref:"#/definitions/ServiceSpec"
Endpoint:
type:"object"
properties:
Spec:
$ref:"#/definitions/EndpointSpec"
Ports:
type:"array"
items:
$ref:"#/definitions/EndpointPortConfig"
VirtualIPs:
type:"array"
items:
type:"object"
properties:
NetworkID:
type:"string"
Addr:
type:"string"
UpdateStatus:
description:"The status of a service update."
type:"object"
properties:
State:
type:"string"
enum:
- "updating"
- "paused"
- "completed"
StartedAt:
type:"string"
format:"dateTime"
CompletedAt:
type:"string"
format:"dateTime"
Message:
type:"string"
example:
ID:"9mnpnzenvg8p8tdbtq4wvbkcz"
Version:
Index:19
CreatedAt:"2016-06-07T21:05:51.880065305Z"
UpdatedAt:"2016-06-07T21:07:29.962229872Z"
Spec:
Name:"hopeful_cori"
TaskTemplate:
ContainerSpec:
Image:"redis"
Resources:
Limits:{}
Reservations:{}
RestartPolicy:
Condition:"any"
MaxAttempts:0
Placement:{}
Mode:
Replicated:
Replicas:1
UpdateConfig:
Parallelism:1
FailureAction:"pause"
EndpointSpec:
Mode:"vip"
Ports:
-
Protocol:"tcp"
TargetPort:6379
PublishedPort:30001
Endpoint:
Spec:
Mode:"vip"
Ports:
-
Protocol:"tcp"
TargetPort:6379
PublishedPort:30001
Ports:
-
Protocol:"tcp"
TargetPort:6379
PublishedPort:30001
VirtualIPs:
-
NetworkID:"4qvuz4ko70xaltuqbt8956gd1"
Addr:"10.255.0.2/16"
-
NetworkID:"4qvuz4ko70xaltuqbt8956gd1"
Addr:"10.255.0.3/16"
paths:
/containers/json:
get:
summary:"List containers"
operationId:"GetContainerList"
produces:
- "application/json"
parameters:
- name:"all"
in:"query"
description:"Return all containers. By default, only running containers are shown"
type:"boolean"
default:false
- name:"limit"
in:"query"
description:"Return this number of most recently created containers, including non-running ones."
type:"integer"
- name:"size"
in:"query"
description:"Return the size of container as fields `SizeRw` and `SizeRootFs`."
type:"boolean"
default:false
- name:"filters"
in:"query"
description:|
Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers.
Available filters:
- `exited=<int>` containers with exit code of `<int>`
This will return a `101` HTTP response with a `Connection:upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/PostContainerAttach).
type:"boolean"
default:false
- name:"stdout"
in:"query"
description:"Return logs from stdout"
type:"boolean"
default:false
- name:"stderr"
in:"query"
description:"Return logs from stderr"
type:"boolean"
default:false
- name:"since"
in:"query"
description:"Only return logs since this time, as a UNIX timestamp"
type:"integer"
default:0
- name:"timestamps"
in:"query"
description:"Add timestamps to every log line"
type:"boolean"
default:false
- name:"tail"
in:"query"
description:"Only return this number of log lines from the end of the logs. Specify as an integer or `all` to output all log lines."
type:"string"
default:"all"
tags:
- "Container"
/containers/{id}/changes:
get:
summary:"Get changes on a container’s filesystem"
description:|
Returns which files in a container's filesystem have been added, deleted, or modified. The `Kind` of modification can be one of:
summary:"Get container stats based on resource usage"
description:|
This endpoint returns a live stream of a container’s resource usage statistics.
The `precpu_stats` is the CPU statistic of last read, which is used for calculating the CPU usage percentage. It is not the same as the `cpu_stats` field.
description:"Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
Use the cgroups freezer to suspend all processes in a container.
Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
### Hijacking
This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
This is the response from the daemon for an attach request:
```
HTTP/1.1 200 OK
Content-Type:application/vnd.docker.raw-stream
[STREAM]
```
After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
For example, the client sends this request to upgrade the connection:
```
POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
Upgrade:tcp
Connection:Upgrade
```
The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
```
HTTP/1.1 101 UPGRADED
Content-Type:application/vnd.docker.raw-stream
Connection:Upgrade
Upgrade:tcp
[STREAM]
```
### Stream format
When the TTY setting is disabled in [`POST /containers/create`](#operation/PostContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
`SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
The simplest way to implement this protocol is the following:
1. Read 8 bytes.
2. Choose `stdout` or `stderr` depending on the first byte.
3. Extract the frame size from the last four bytes.
4. Read the extracted size and output it on the correct output.
5. Goto 1.
### Stream format when using a TTY
When the TTY setting is enabled in [`POST /containers/create`](#operation/PostContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
operationId:"PostContainerAttach"
produces:
- "application/vnd.docker.raw-stream"
responses:
101:
description:"no error, hints proxy about hijacking"
description:"Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
type:"string"
- name:"logs"
in:"query"
description:|
Replay previous logs from the container.
This is useful for attaching to a container that has started and you want to output everything since the container started.
If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
type:"boolean"
default:false
- name:"stream"
in:"query"
description:"Stream attached streams from the the time the request was made onwards"
type:"boolean"
default:false
- name:"stdin"
in:"query"
description:"Attach to stdin"
type:"boolean"
default:false
- name:"stdout"
in:"query"
description:"Attach to stdout"
type:"boolean"
default:false
- name:"stderr"
in:"query"
description:"Attach to stderr"
type:"boolean"
default:false
tags:
- "Container"
/containers/{id}/attach/ws:
get:
summary:"Attach to a container via a websocket"
operationId:"PostContainerAttachWebsocket"
responses:
101:
description:"no error, hints proxy about hijacking"
description:"Override the key sequence for detaching a container.Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,`, or `_`."
type:"string"
- name:"logs"
in:"query"
description:"Return logs"
type:"boolean"
default:false
- name:"stream"
in:"query"
description:"Return stream"
type:"boolean"
default:false
- name:"stdin"
in:"query"
description:"Attach to stdin"
type:"boolean"
default:false
- name:"stdout"
in:"query"
description:"Attach to stdout"
type:"boolean"
default:false
- name:"stderr"
in:"query"
description:"Attach to stderr"
type:"boolean"
default:false
tags:
- "Container"
/containers/{id}/wait:
post:
summary:"Wait for a container"
description:"Block until a container stops, then returns the exit code."
description:"Remove the volumes associated with the container."
type:"boolean"
default:false
- name:"force"
in:"query"
description:"If the container is running, kill it before removing it."
type:"boolean"
default:false
tags:
- "Container"
/containers/{id}/archive:
head:
summary:"Get information about files in a container"
description:"A response header `X-Docker-Container-Path-Stat` is return containing a base64 - encoded JSON object with some filesystem header information about the path."
operationId:"HeadContainerArchive"
responses:
200:
description:"no error"
headers:
X-Docker-Container-Path-Stat:
type:"string"
description:"TODO"
400:
description:"client error, bad parameter, details in JSON response body, one of: must specify path parameter (path cannot be empty) not a directory (path was asserted to be a directory but exists as a file)"
description:"client error, resource not found, one of: 1) no such container (container id does not exist) 2) no such file or directory (path resource does not exist)"
description:"Resource in the container’s filesystem to archive."
type:"string"
tags:
- "Container"
get:
summary:"Get an archive of a filesystem resource in a container"
description:"Get an tar archive of a resource in the filesystem of container id."
operationId:"GetContainerArchive"
produces:
- "application/x-tar"
responses:
200:
description:"no error"
400:
description:"client error, bad parameter, details in JSON response body, one of: must specify path parameter (path cannot be empty) not a directory (path was asserted to be a directory but exists as a file)"
description:"client error, resource not found, one of: 1) no such container (container id does not exist) 2) no such file or directory (path resource does not exist)"
description:"Path to a directory in the container to extract the archive’s contents into. "
type:"string"
- name:"noOverwriteDirNonDir"
in:"query"
description:"If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa."
type:"string"
- name:"inputStream"
in:"body"
required:true
description:"The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
schema:
type:"string"
tags:
- "Container"
/images/json:
get:
summary:"List Images"
description:"Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image."
The Dockerfile specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the Dockerfile reference for more information](https://docs.docker.com/engine/reference/builder/).
The build is canceled if the client drops the connection by quitting or being killed.
operationId:"PostImageBuild"
consumes:
- "application/octet-stream"
produces:
- "application/json"
parameters:
- name:"inputStream"
in:"body"
description:"A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz."
schema:
type:"string"
format:"binary"
- name:"dockerfile"
in:"query"
description:"Path within the build context to the `Dockerfile`. This is ignored if `remote` is specified and points to an individual filename."
type:"string"
default:"Dockerfile"
- name:"t"
in:"query"
description:"A name and optional tag to apply to the image in the `name:tag` format. If you omit the tag the default `latest` value is assumed. You can provide several `t` parameters."
type:"string"
- name:"remote"
in:"query"
description:"A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called `Dockerfile` and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the `dockerfile` parameter is also specified, there must be a file with the corresponding path inside the tarball."
type:"string"
- name:"q"
in:"query"
description:"Suppress verbose build output."
type:"boolean"
default:false
- name:"nocache"
in:"query"
description:"Do not use the cache when building the image."
type:"boolean"
default:false
- name:"pull"
in:"query"
description:"Attempt to pull the image even if an older image exists locally."
type:"string"
- name:"rm"
in:"query"
description:"Remove intermediate containers after a successful build."
type:"boolean"
default:true
- name:"forcerm"
in:"query"
description:"Always remove intermediate containers, even upon failure."
type:"boolean"
default:false
- name:"memory"
in:"query"
description:"Set memory limit for build."
type:"integer"
- name:"memswap"
in:"query"
description:"Total memory (memory + swap). Set as `-1` to disable swap."
type:"integer"
- name:"cpushares"
in:"query"
description:"CPU shares (relative weight)."
type:"integer"
- name:"cpusetcpus"
in:"query"
description:"CPUs in which to allow execution (e.g., `0-3`, `0,1`)."
type:"string"
- name:"cpuperiod"
in:"query"
description:"The length of a CPU period in microseconds."
type:"integer"
- name:"cpuquota"
in:"query"
description:"Microseconds of CPU time that the container can get in a CPU period."
type:"integer"
- name:"buildargs"
in:"query"
description:"JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the Dockerfile’s RUN instruction, or for variable expansion in other Dockerfile instructions. This is not meant for passing secret values. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)"
type:"integer"
- name:"shmsize"
in:"query"
description:"Size of `/dev/shm` in bytes. The size must be greater than 0. If omitted the system uses 64MB."
type:"integer"
- name:"labels"
in:"query"
description:"Arbitrary key/value labels to set on the image, as a JSON map of string pairs."
type:"string"
- name:"Content-type"
in:"header"
type:"string"
enum:
- "application/tar"
default:"application/tar"
- name:"X-Registry-Config"
in:"header"
description:|
This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
```
{
"docker.example.com": {
"username": "janedoe",
"password": "hunter2"
},
"https://index.docker.io/v1/": {
"username": "mobydock",
"password": "conta1n3rize14"
}
}
```
Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
description:"Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed."
type:"string"
- name:"fromSrc"
in:"query"
description:"Source to import. The value may be a URL from which the image can be retrieved or `-` to read the image from the request body. This parameter may only be used when importing an image."
type:"string"
- name:"repo"
in:"query"
description:"Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image."
type:"string"
- name:"tag"
in:"query"
description:"Tag or digest."
type:"string"
- name:"inputImage"
in:"body"
description:"Image content if the value `-` has been specified in fromSrc query parameter"
schema:
type:"string"
required:false
- name:"X-Registry-Auth"
in:"header"
description:"A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)"
type:"string"
tags:
- "Image"
/images/{name}/json:
get:
summary:"Inspect an image"
description:"Return low-level information about an image."
If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
The push is cancelled if the HTTP connection is closed.
description:"Show events created since this timestamp then stream new events"
type:"string"
- name:"until"
in:"query"
description:"Show events created until this timestamp then stop streaming"
type:"string"
- name:"filters"
in:"query"
description:|
A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
- `container=<string>` container name or ID
- `event=<string>` event type
- `image=<string>` image name or ID
- `label=<string>` image or container label
- `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, or `daemon`
- `volume=<string>` volume name or ID
- `network=<string>` network name or ID
- `daemon=<string>` daemon name or ID
type:"string"
tags:
- "Misc"
/images/{name}/get:
get:
summary:"Export an image"
description:|
Get a tarball containing all images and metadata for a repository.
If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
### Image tarball format
An image tarball contains one directory per image layer (named using its long ID), each containing these files:
- `VERSION`:currently `1.0` - the file format version
- `json`:detailed layer information, similar to `docker inspect layer_id`
- `layer.tar`:A tarfile containing the filesystem changes in this layer
The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
Get a tarball containing all images and metadata for several image repositories.
For each value of the `names` parameter:if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
For details on the format, see [the export image endpoint](#operation/GetImage).
description:"Attach to `stdin` of the exec command."
AttachStdout:
type:"boolean"
description:"Attach to `stdout` of the exec command."
AttachStderr:
type:"boolean"
description:"Attach to `stderr` of the exec command."
DetachKeys:
type:"string"
description:"Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`."
Tty:
type:"boolean"
description:"Allocate a pseudo-TTY."
Cmd:
type:"array"
description:"Command to run, as a string or array of strings."
items:
type:"string"
example:
AttachStdin:false
AttachStdout:true
AttachStderr:true
DetachKeys:"ctrl-p,ctrl-q"
Tty:false
Cmd:
- "date"
required:true
- name:"id"
in:"path"
description:"ID or name of container"
type:"string"
required:true
tags:
- "Exec"
/exec/{id}/start:
post:
summary:"Start an exec instance"
description:"Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command."
description:"Resize the TTY session used by an exec instance. This endpoint only works if `tty` was specified as part of creating and starting the exec instance."
Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginEnable).
produces:
- "application/json"
responses:
200:
description:"no error"
schema:
type:"array"
items:
description:"Describes a permission the user has to accept upon installing the plugin."
The `:latest` tag is optional, and is used as the default if omitted.
required:true
type:"string"
- name:"X-Registry-Auth"
in:"header"
description:"A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)"
description:"Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is used."
type:"string"
AdvertiseAddr:
description:"Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
description:"Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP)."
type:"string"
AdvertiseAddr:
description:"Externally reachable address advertised to other nodes. This can either be an address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port number, like `eth0:4567`. If the port number is omitted, the port number from the listen address is used. If `AdvertiseAddr` is not specified, it will be automatically detected when possible."
type:"string"
RemoteAddrs:
description:"Addresses of manager nodes already participating in the swarm."
type:"string"
JoinToken:
description:"Secret token for joining this swarm."
description:"A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
description:"The version number of the service object being updated. This is required to avoid conflicting writes."
required:true
type:"integer"
- name:"X-Registry-Auth"
in:"header"
description:"A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"