Docker Options

Advanced Docker Options in the Replicated Native Scheduler

Docker Options

You may also limit the resources used by your containers with the memory, cpushares and network modes and further secure your containers with security options

Memory and Swap Limit

The amount of memory or swap in bytes for your container. By default there is no memory or swap limit and your container can use as much as needed. You can learn more at User Memory Constraints documentation.

  memory_limit: 500000000
  memory_swap_limit: 1000000000

CPU Shares

Using CPU shares you can change the access to the servers CPU at busy times. When non CPU-intensive processes are other containers may use extra CPU time. The default is 1024 and by increasing or decreasing the value on a container you change how the weighted CPU access is granted across all running containers. You can learn more at CPU Share Constraints documentation.

  cpu_shares: 2048

Network Mode

Network mode supports bridge, host, container or none. Learn more about Docker’s network modes at Network Settings.

  network_mode: host

Security Options

With security options you can use Docker security with existing well know systems such as AppArmor.

  security_options:
  - apparmor=unconfined

When specifying your security options you can use template functions and any blank security option is allowed and will be filtered out by Replicated.

  security_options:
    - '{{repl if ConfigOptionEquals "enable_unconfined_apparmor_profile" "1"}}apparmor=unconfined{{repl end}}'

Learn more about Docker’s security configuration.

Privileged Mode and Security Capability

Security capabilities and access to devices are limited for containers by default, however you can add security capabilities with the privileged and security_cap_add option.

    privileged: true
    security_cap_add:
    - SYS_MODULE

Learn more about Security Capabilities.

Allocate TTY

For interactive processes you can allocate a TTYL with allocate_tty. Learn more by reading about container process Foreground.

  allocate_tty: true

Hostname

Sets the hostname inside of the container. See the network host section under Network settings.

  hostname: anxiety-closet

Extra Hosts

Add extra hostname mappings with hostname, address and an optional when field. See extra_hosts.

  extra_hosts:
  - hostname: mysql
    address: 10.0.1.16
  - hostname: redis
    address: 10.0.1.32

Named Containers

The name argument sets the name of your running container. It is provided as a convenience method during development when you may want to connect to your containers and view logs. References to the container in template functions should continue to the use image name. Do not use on containers which run concurrently as the second container will fail to start due to a name conflict.

  name: redis

For more information see named containers.

Entrypoint

When working with third party containers you may want to override the default entry point using the entrypoint option. Learn more about overriding entrypoints and how the cmd and entrypoint options work together. Entrypoint takes an array of strings.

    entrypoint: ["redis", "-p", "6380"]

Ulimits

Since setting ulimit settings in a container requires extra privileges not available in the default container, you can set these using the ulimits property of the container. Learn more about ulimits here.

    ulimits:
    - name: nofile
      soft: 1024
      hard: 1024

Pid Mode

Pid mode lets you specify the process namespace for your container. By default each container has its own space and by declaring a pid_mode you can see the processes of another container or host. See PID settings to learn more.

    pid_mode: host

Shm-Size

v2.15.0 Shm-Size lets you specify the size of /dev/shm for your container in bytes. If omitted or 0, the system defaults to 64MB.

    shm_size: 67108864

Ephemeral

Ephemeral marks that a container is expected to exit, and allows the scheduler to listen for the container to stop. One common scenario where this is required is running database migrations at startup.

    ephemeral: true

Dynamic

Dynamic marks that a container’s image should always be pulled, whether it is initially used by the application or not. This can be used to prepare images for containers that your application might run dynamically or for containers where running depends on template functions that may change during startup.

    dynamic: true

Marking an image as dynamic will pull the image and start the container. To pull the image without starting the container, add the when: false field to the container’s options.

Labels

Labels can be applied to a container by Replicated. Labels are templateable, and will be split on the first = to form the label key and value. If no = is present, the entire string will become the key and the value will be the empty string.

For example, my.container.label would become a label with a key of my.container.label and an empty value while my.container.value=IMPORTANT=FALSE would have a key of my.container.value and a value of IMPORTANT=FALSE.

    labels:
      - my.container.label
      - my.container.value=IMPORTANT=FALSE
      - 'my.template.value={{repl ConfigOption "labelValue" }}'

Stop-Timeout

Stop Timeout is used to specify the number of seconds to wait after stopping an application container before killing it. By default this value is set to 10.

    stop_timeout: 10