Docker 1.2.0 发布

jopen 10年前

Docker的1.2.0版本今天发布,整个Docker平台都进行改进,包括 Docker Engine、, Docker Hub和文档都进行更新。
Docker 1.2.0 发布

包括以下新的特点:

重启策略

We added a --restart flag to docker run to specify a restart policy for your container. Currently, there are three policies available:

  • no – Do not restart the container if it dies. (default)
  • on-failure – Restart the container if it exits with a non-zero exit code.
    • Can also accept an optional maximum restart count (e.g. on-failure:5).
  • always – Always restart the container no matter what exit code is returned.

This deprecates the --restart flag on the Docker daemon.

A few examples:
  • Redis will endlessly try to restart if the container exits
docker run --restart=always redis
  • If redis exits with a non-zero exit code, it will try to restart 5 times before giving up:
docker run --restart=on-failure:5 redis

–cap-add –cap-drop

Currently, Docker containers can either be given complete capabilities or they can all follow a whitelist of allowed capabilities while dropping all others. Further, previously, using --privileged would grant all capabilities inside a container, rather than applying a whitelist. This was not recommended for production use because it’s really unsafe; it’s as if you were directly in the host.

This release introduces two new flags for docker run --cap-add and --cap-drop that give you fine grain control over the capabilities you want grant to a particular container.

A few examples:
  • To change the status of the container’s interfaces:
docker run --cap-add=NET_ADMIN ubuntu sh -c "ip link eth0 down"
  • To prevent any `chown` in the container:
docker run --cap-drop=CHOWN ...
  • To allow all capabilities except `mknod`:
docker run --cap-add=ALL --cap-drop=MKNOD ...

–device

Previously, you could use devices inside your containers by bind mounting them ( with `-v`) in a --privileged container. In this release, we introduce the --device flag to `docker run` which lets you use a device without requiring a --privileged container.

Example:
  • To use the sound card inside your container:
docker run --device=/dev/snd:/dev/snd ...

Writable `/etc/hosts`, `/etc/hostname` and `/etc/resolv.conf`

You can now edit /etc/hosts/etc/hostname and /etc/resolve.conf in a running container. This is useful if you need to install bind or other services that might override one of those files.

Note, however, that changes to these files are not saved during a docker build and so will not be preserved in the resulting image. The changes will only “stick” in a running container.

Docker proxy in a separate process

The Docker userland proxy that routes outbound traffic to your containers now has its own separate process (one process per connection). This greatly reduces the load on the daemon, which considerably increases stability and efficiency.

Other Improvements & Changes

  • When using docker rm -f, Docker now kills the container (instead of stopping it) before removing it . If you intend to stop the container cleanly the container, you can use docker stop.
  • Add support for IPv6 addresses in --dns
  • Search on private registries

We hope you enjoy this release and find it useful. As always, please don’t hesitate to contact us with questions, comments or kudos.

Learn More