This is the multi-page printable view of this section. Click here to print.
Container management configuration
Customize the deployment and management of containers.
1 - Manager configuration
Customize the container manager components.
Properties
To control all aspects of the container manager behavior.
| Property | Type | Default | Description |
|---|---|---|---|
| home_dir | string | /var/lib/container-management | Home directory for the container manager data |
| exec_root_dir | string | /var/run/container-management | Root directory for the container manager’s executable artifacts |
| container_client_sid | string | container-management.service.local.v1.service-containerd-client | Unique identifier that is used for an interaction with the runtime |
| network_manager_sid | string | container-management.service.local.v1.service-libnetwork-manager | Unique identifier that is used for networking |
| default_ctrs_stop_timeout | string | 30s | Timeout for a container to stop gracefully in duration string format (e.g. 1h2m3s5ms), otherwise its root process will be forcefully stopped |
| Runtime | |||
| default_ns | string | kanto-cm | Namespace that is used by the runtime for isolation |
| address_path | string | /run/containerd/containerd.sock | Path to the runtime’s communication endpoint |
| home_dir | string | /var/lib/container-management | Home directory for the runtime data |
| exec_root_dir | string | /var/run/container-management | Root directory for the runtime’s executable artifacts |
| image_dec_keys | string[] | Private keys (GPG private key ring, JWE or PKCS7) used for decrypting container images, the format is: filepath_private_key[:password] | |
| image_dec_recipients | string[] | Recipients (only for PKCS7 and must be an x509) used for decrypting container images, the format is: pkcs7:filepath_x509_certificate | |
| runc_runtime | string | io.containerd.runc.v2 | Runc communication mode, the possible values are: io.containerd.runtime.v1.linux, io.containerd.runc.v1 and io.containerd.runc.v2 |
| image_expiry | string | 744h | Time period for the cached images and content to be kept in the form of e.g. 72h3m0.5s |
| image_expiry_disable | bool | false | Disable expiry management of cached images and content, must be used with caution as it may lead to large memory volumes being persistently allocated |
| lease_id | string | kanto-cm.lease | Lease identifier to be used for container resources persistence |
| image_verifier_type | string | none | The image verifier type - possible values are none and notation, when set to none image signatures wil not be verified |
| image_verifier_config | map[string]string | The configuration of the image verifier, as a string map - possible keys for notation verifier are configDir and libexecDir, for more info check notation documentation | |
| Registry access - secure | |||
| user_id | string | User unique identifier to authenticate to the image registry | |
| password | string | Password to authenticate to the image registry | |
| root_ca | string | PEM encoded CA certificates file | |
| client_cert | string | PEM encoded certificate file to authenticate to the image registry | |
| client_key | string | PEM encoded unencrypted private key file to authenticate to the image registry | |
| Registry access - insecure | |||
| insecure_registries | string[] | localhost | Image registries that do not use valid certificates or do not require a HTTPS connection, the format is: host[:port] |
| Networking | |||
| home_dir | string | /var/lib/container-management | Home directory for the network manager data |
| exec_root_dir | string | /var/run/container-management | Root directory for the network manager’s executable artifacts |
| Networking - bridge | |||
| name | string | kanto-cm0 | Bridge name |
| ip4 | string | Bridge IPv4 address | |
| fcidr4 | string | IPv4 address range for the bridge, using the standard CIDR notation | |
| gwip4 | string | Bridge gateway IPv4 address | |
| enable_ip6 | bool | false | Permit the bridge IPv6 support |
| mtu | int | 1500 | Bridge maximum transmission unit in bytes |
| icc | bool | true | Permit the inter-container communication |
| ip_tables | bool | true | Permit the IP tables rules |
| ip_forward | bool | true | Permit the IP forwarding |
| ip_masq | bool | true | Permit the IP masquerading |
| userland_proxy | bool | false | Forbid the userland proxy for the loopback traffic |
| Local communication | |||
| protocol | string | unix | Communication protocol used for accessing the gRPC server, the possible values are: tcp, tcp4, tcp6, unix or unixpacket |
| address_path | string | /run/container-management/container-management.sock | Path to the gRPC server’s communication endpoint |
| Digital twin | |||
| enable | bool | true | Permit the container manager digital twin representation |
| home_dir | string | /var/lib/container-management | Home directory for the digital twin data |
| features | string[] | ContainerFactory, SoftwareUpdatable, Metrics | Features that will be registered for the container manager digital twin, the possible values are: ContainerFactory, SoftwareUpdatable and Metrics |
| Update Agent | |||
| enable | bool | true | Permit the containers update agent service |
| domain | string | containers | The domain of the update agent, used as a prefix in MQTT topic handled by the update agent implementation |
| containers | string[] | List of system (core) containers that shall not be updated/destroyed by the containers update agent | |
| verbose_inventory_report | bool | false | Includes extensive, verbose key-value properties in containers software nodes for the current state report. If not set, only valuable and non-default key-value parameters are reported |
| Local connectivity | |||
| broker_url | string | tcp://localhost:1883 | Address of the MQTT server/broker that the container manager will connect for the local communication, the format is: scheme://host:port |
| keep_alive | string | 20s | Keep alive duration for the MQTT requests, duration string format, e.g. 1h2m3s5ms |
| disconnect_timeout | string | 250ms | Disconnect timeout for the MQTT server/broker, duration string format, e.g. 1h2m3s5ms |
| client_username | string | Username that is a part of the credentials | |
| client_password | string | Password that is a part of the credentials | |
| connect_timeout | string | 30s | Connect timeout for the MQTT server/broker, duration string format, e.g. 1h2m3s5ms |
| acknowledge_timeout | string | 15s | Acknowledge timeout for the MQTT requests, duration string format, e.g. 1h2m3s5ms |
| subscribe_timeout | string | 15s | Subscribe timeout for the MQTT requests, duration string format, e.g. 1h2m3s5ms |
| unsubscribe_timeout | string | 5s | Unsubscribe timeout for the MQTT requests, duration string format, e.g. 1h2m3s5ms |
| Local connectivity - TLS | |||
| root_ca | string | PEM encoded CA certificates file | |
| client_cert | string | PEM encoded certificate file to authenticate to the MQTT server/broker | |
| client_key | string | PEM encoded unencrypted private key file to authenticate to the MQTT server/broker | |
| Logging | |||
| log_file | string | log/container-management.log | Path to the file where the container manager’s log messages are written |
| log_level | string | INFO | All log messages at this or a higher level will be logged, the log levels in descending order are: ERROR, WARN, INFO, DEBUG and TRACE |
| log_file_count | int | 5 | Log file maximum rotations count |
| log_file_max_age | int | 28 | Log file rotations maximum age in days, use 0 to not remove old log files |
| log_file_size | int | 2 | Log file size in MB before it gets rotated |
| syslog | bool | false | Route logs to the local syslog |
| Deployment | |||
| enable | bool | true | Permit the deployment manager service providing installation/update of containers via the container descriptor files |
| mode | string | update | Deployment manager mode, the possible values are: init (container descriptors are processed only on first start, new containers are deployed and started), update (container descriptors are processed on each restart, new containers can be deployed and started, existing containers may be updated, no container removals) |
| home_dir | string | /var/lib/container-management | Home directory for the deployment manager data |
| ctr_dir | string | /etc/container-management/containers | Directory containing descriptors of containers that will be automatically deployed on first start or updated on restart |
Example
The minimal required configuration that sets a timeout period of 5 seconds for the managed containers to stop gracefully.
{
"manager": {
"default_ctrs_stop_timeout": 5
},
"log": {
"log_file": "/var/log/container-management/container-management.log"
}
}
Template
The configuration can be further adjusted according to the use case. The following template illustrates all possible properties with their default values.
Be aware that in the registry configuration the host (used as a key) has to be set instead of the default empty string, the format is: host[:port]
{
"manager": {
"home_dir": "/var/lib/container-management",
"exec_root_dir": "/var/run/container-management",
"container_client_sid": "container-management.service.local.v1.service-containerd-client",
"network_manager_sid": "container-management.service.local.v1.service-libnetwork-manager",
"default_ctrs_stop_timeout": 30
},
"containers": {
"default_ns": "kanto-cm",
"address_path": "/run/containerd/containerd.sock",
"exec_root_dir": "/var/run/container-management",
"home_dir": "/var/lib/container-management",
"image_dec_keys": [],
"image_dec_recipients": [],
"runc_runtime": "io.containerd.runc.v2",
"image_expiry": "744h",
"image_expiry_disable": false,
"image_verifier_type": "notation",
"image_verifier_config": {
"configDir": "/home/user/.config/notation"
},
"lease_id": "kanto-cm.lease",
"registry_configurations": {
"": {
"credentials": {
"user_id": "",
"password": ""
},
"transport": {
"root_ca": "",
"client_cert": "",
"client_key": ""
}
}
},
"insecure_registries": [
"localhost"
]
},
"network": {
"home_dir": "/var/lib/container-management",
"exec_root_dir": "/var/run/container-management",
"default_bridge": {
"name": "kanto-cm0",
"ip4": "",
"fcidr4": "",
"enable_ip6": false,
"mtu": 1500,
"icc": true,
"ip_tables": true,
"ip_forward": true,
"ip_masq": true,
"userland_proxy": false
}
},
"grpc_server": {
"protocol": "unix",
"address_path": "/run/container-management/container-management.sock"
},
"things": {
"enable": true,
"home_dir": "/var/lib/container-management",
"features": [
"ContainerFactory",
"SoftwareUpdatable",
"Metrics"
],
"update_agent": {
"enable": true,
"domain": "containers",
"system_containers": [
"my-core-container-that-is-auto-deployed-and-updatable-only-through-firmware-update"
],
"verbose_inventory_report": false,
},
"connection": {
"broker_url": "tcp://localhost:1883",
"keep_alive": "20s",
"disconnect_timeout": "250ms",
"client_username": "",
"client_password": "",
"connect_timeout": "30s",
"acknowledge_timeout": "15s",
"subscribe_timeout": "15s",
"unsubscribe_timeout": "5s",
"transport": {
"root_ca": "",
"client_cert": "",
"client_key": ""
}
},
"log": {
"log_file": "log/container-management.log",
"log_level": "INFO",
"log_file_count": 5,
"log_file_size": 2,
"log_file_max_age": 28,
"syslog": false
},
"deployment": {
"enable": true,
"mode": "update",
"home_dir": "/var/lib/container-management",
"ctr_dir": "/etc/container-management/containers"
}
}
2 - Container configuration
Customize the deployment of a container instance.
Properties
To control all aspects of the container instance behavior.
| Property | Type | Default | Description |
|---|---|---|---|
| container_name | string | <container_id> | User-defined name for the container, if omitted the internally auto-generated container ID will be set |
| Image | |||
| name | string | Fully qualified image reference, that follows the OCI Image Specification, the format is: host[:port]/[namespace/]name:tag | |
| Image - decryption | |||
| keys | string[] | Private keys (GPG private key ring, JWE or PKCS7) used for decrypting the container’s image, the format is: filepath_private_key[:password] | |
| recipients | string[] | Recipients (only for PKCS7 and must be an x509) used for decrypting the container’s image, the format is: pkcs7:filepath_x509_certificate | |
| Networking | |||
| domain_name | string | <container_name>-domain | Domain name inside the container, if omitted the container_name with suffix -domain will be set |
| host_name | string | <container_name>-host | Host name for the container, if omitted the container_name with suffix -host will be set |
| network_mode | string | bridge | The container’s networking capabilities type based on the desired communication mode, the possible options are: bridge or host |
| extra_hosts | string[] | Extra host name to IP address mappings added to the container network configuration, the format is: hostname:ip. If the IP of the host machine is to be added to the container’s hosts file the reserved host_ip[_<network-interface>] must be provided. If only host_ip (the network-interface part is skipped) is used, by default it will be resolved to the host’s IP on the default bridge network interface for containerm (the default configuration is kanto-cm0) and add it to the container’s hosts file. If the IP of a container in the same bridge network is to be added to the hosts file the reserved container_<container-host_name> must be provided. | |
| Networking - port mappings | |||
| proto | string | tcp | Protocol used for the port mapping from the container to the host, the possible options are: tcp and udp |
| container_port | int | Port number on the container that is mapped to the host port | |
| host_ip | string | 0.0.0.0 | Host IP address |
| host_port | int | Beginning of the host ports range | |
| host_port_end | int | <host_port> | Ending of the host ports range |
| Host resources - devices | |||
| path_on_host | string | Path to the device on the host | |
| path_in_container | string | Path to the device in the container | |
| cgroup_permissions | string | rwm | Cgroup permissions for the device access, possible options are: r(read), w(write), m(mknod) and all combinations are possible |
| privileged | bool | false | Grant root capabilities to all devices on the host system |
| extra_capabilities | string[] | Add additional Linux capabilities to the container | |
| Host resources - mount points | |||
| source | string | Path to the file or directory on the host that is referred from within the container | |
| destination | string | Path to the file or directory that is mounted inside the container | |
| propagation_mode | string | rprivate | Bind propagation for the mount, supported are: rprivate, private, rshared, shared, rslave or slave |
| Process | |||
| env | string[] | Environment variables that are set into the container | |
| cmd | string[] | Command with arguments that is executed upon the container’s start | |
| I/O | |||
| open_stdin | bool | Open the terminal’s standard input for an interaction with the current container | |
| tty | bool | Attach standard streams to a TTY | |
| Resource management | |||
| memory | string | Hard memory limitation of the container as a number with a unit suffix of B, K, M and G, the minimum allowed value is 3M | |
| memory_reservation | string | Soft memory limitation of the container as a number with a unit suffix of B, K, M and G, if memory is specified, the memory_reservation must be smaller than it | |
| memory_swap | string | Total amount of memory and swap that the container can use as a number with a unit suffix of B, K, M and G, use -1 to allow the container to use unlimited swap | |
| Lifecycle | |||
| type | string | unless-stopped | The container’s restart policy, the supported types are: always, no, on-failure and unless-stopped |
| maximum_retry_count | int | Maximum number of retries that are made to restart the container on exit with fail, if the type is on-failure | |
| retry_timeout | int | Timeout period in seconds for each retry that is made to restart the container on exit with fail, if the type is on-failure | |
| Logging | |||
| type | string | json-file | Type in which the logs are produced, the possible options are: json-file or none |
| max_files | int | 2 | Maximum log files before getting rotated |
| max_size | string | 100M | Maximum log file size before getting rotated as a number with a unit suffix of B, K, M and G |
| root_dir | string | <meta_path>/containers/<container_id> | Root directory where the container’s log messages are stored |
| mode | string | blocking | Messaging delivery mode from the container to the log driver, the supported modes are: blocking and non-blocking |
| max_buffer_size | string | 1M | Maximum size of the buffered container’s log messages in a non-blocking mode as a number with a unit suffix of B, K, M and G |
Example
The minimal required configuration to spin up an InfluxDB container instance.
{
"image": {
"name": "docker.io/library/influxdb:1.8.4"
}
}
Template
The configuration can be further adjusted according to the use case. The following template illustrates all possible properties with their default values.
Be aware that some combinations may require property removal
{
"container_name": "",
"image": {
"name": "",
"decrypt_config": {
"keys": [],
"recipients": []
}
},
"domain_name": "",
"host_name": "",
"mount_points": [
{
"destination": "",
"source": "",
"propagation_mode": "rprivate"
}
],
"config": {
"env": [],
"cmd": []
},
"io_config": {
"open_stdin": false,
"tty": false
},
"host_config": {
"devices": [
{
"path_on_host": "",
"path_in_container": "",
"cgroup_permissions": "rwm"
}
],
"network_mode": "bridge",
"privileged": false,
"extra_hosts": [],
"extra_capabilities": [],
"port_mappings": [
{
"proto": "tcp",
"container_port": 0,
"host_ip": "0.0.0.0",
"host_port": 0,
"host_port_end": 0
}
],
"resources": {
"memory": "",
"memory_reservation": "",
"memory_swap": ""
},
"restart_policy": {
"type": "unless-stopped",
"maximum_retry_count": 0,
"retry_timeout": 0
},
"log_config": {
"driver_config": {
"type": "json-file",
"max_files": 2,
"max_size": "100M",
"root_dir": ""
},
"mode_config": {
"mode": "blocking",
"max_buffer_size": "1M"
}
}
}
}
3 - API Reference
API Reference for the Container Management Things service.
3.1 - Container Factory API
The container factory service provides the ability to create new containers form a container image, or from a container configuration.
Create
Create a container from a single container image reference with an option to start it.
Request
Hono Command: command//<name>:<namespace>:edge:containers/req//create
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/createInformation about the affected Thing and the type of operation path /features/ContainerFactory/inbox/messages/createA path to the ContainerFactoryFeature, it’s message channel, and commandHeaders Additional headers response-required true/false If response is required content-type application/jsonThe content type correlation-id container UUID The container UUID Value imageRef URL Fully qualified image reference, that follows the OCI Image Specification, the format is: host[:port]/[namespace/]name:tagstart true/false Start or only create the container
Example : Create and automatically start a new Hello World container.
Topic: command//edge:device:edge:containers/req//create
{
"topic":"edge/device:edge:containers/things/live/messages/create",
"headers":{
"response-required":true,
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/ContainerFactory/inbox/messages/create",
"value":{
"imageRef":"docker.io/library/hello-world:latest",
"start":true
}
}
Response
Hono Command : command//<name>:<namespace>:edge:containers/res//create
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/createInformation about the affected Thing and the type of operation path /features/ContainerFactory/outbox/messages/createA path to the Feature, it’s message channel, and command Headers Additional headers content-type application/json The content type correlation-id <UUID> The same correlation id as the request message Value UUID of the created container
Example : Response of a create operation.
Topic: `command//edge:device:edge:containers/res//create``
{
"topic":"edge/device:edge:containers/things/live/messages/create",
"headers":{
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/ContainerFactory/outbox/messages/create",
"value":"<Container UUID>"
}
Create with config
Create a container with a specified container configuration.
Request
Hono Command: command//<name>:<namespace>:edge:containers/req//createWithConfig
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/createWithConfigInformation about the affected Thing and the type of operation path /features/ContainerFactory/inbox/messages/createWithConfigA path to the ContainerFactoryFeature, it’s message channel, and commandHeaders Additional headers response-required true/false If response is required content-type application/jsonThe content type correlation-id container UUID The container UUID Value imageRef URL Fully qualified image reference, that follows the OCI Image Specification, the format is: host[:port]/[namespace/]name:tagstart true/false Force to start created container config json presentation of the configuration domainName Domain name inside the container, if omitted the container’s domain name will be set to a system-defined value hostName Host name for the container, if omitted the container’s hostname will be set to a system-defined value env An array of environment variables that are set into the container cmd An array of command with arguments that is executed upon the container’s start privileged false Grant root capabilities to all devices on the host system extraHosts An array of additional extra host names to IP address mappings added to the container network configuration, the format is: hostname:ip. If the IP of the host machine is to be added to the container’s hosts file the reserved host_ip[ ] must be provided. If only host_ip (the network-interface part is skipped) is used, by default it will be resolved to the host’s IP on the default bridge network interface for containerm (the default configuration is kanto-cm0) and add it to the container’s hosts file. If the IP of a container in the same bridge network is to be added to the hosts file the reserved container <container-host_name> must be provided.extraCapabilities An array of additional capabilities for a container networkMode The container’s networking capabilities type based on the desired communication mode. The possible options are: bridge or host openStdin true/false Open the terminal’s standard input for an interaction with the current container tty true/false Attach standard streams to a TTY mountPoints An array of the mount points source Path to the file or directory on the host that is referred from within the container destination Path to the file or directory that is mounted inside the container propagationMode Bind propagation for the mount, supported are: rprivate, private, rshared, shared, rslave or slave decryption keys A string array of private keys (GPG private key ring, JWE or PKCS7) used for decrypting the container’s image, the format is: filepath_private_key[:password]recipients A string array of recipients (only for PKCS7 and must be an x509) used for decrypting the container’s image, the format is: pkcs7:filepath_x509_certificatedevices An array of accessible devices from the host pathOnHost Path to the device on the host pathInContainer Path to the device in the container cgroupPermissions rwm Cgroup permissions for the device access, possible options are: r(read), w(write), m(mknod) and all combinations are possible restartPolicy The container restart policy type unless-stopped The container’s restart policy, the supported types are: always, no, on-failure and unless-stopped maxRetryCount Maximum number of retries that are made to restart the container on exit with fail, if the typeis on-failureretryTimeout Timeout period in seconds for each retry that is made to restart the container on exit with fail, if the typeis on-failureportMappings An array of port mappings from the host to a container proto tcp Protocol used for the port mapping from the container to the host, the possible options are: tcp and udp containerPort Port number on the container that is mapped to the host port hostIP 0.0.0.0 Host IP address hostPort Beginning of the host ports range hostPortEnd <host_port> Ending of the host ports range log type json-file Type in which the logs are produced, the possible options are: json-file or none maxFiles 2 Maximum log files before getting rotated maxSize 100M Maximum log file size before getting rotated as a number with a unit suffix of B, K, M and G rootDir <meta_path>/containers/<container_id> Root directory where the container’s log messages are stored mode blocking Messaging delivery mode from the container to the log driver, the supported modes are: blocking and non-blocking maxBufferSize 1M Maximum size of the buffered container’s log messages in a non-blocking mode as a number with a unit suffix of B, K, M and G resources memory Hard memory limitation of the container as a number with a unit suffix of B, K, M and G, the minimum allowed value is 3M memoryReservation Soft memory limitation of the container as a number with a unit suffix of B, K, M and G, if memoryis specified, thememoryReservationmust be smaller than itmemorySwap Total amount of memory and swap that the container can use as a number with a unit suffix of B, K, M and G, use -1 to allow the container to use unlimited swap
Example : Create and automatically start a new Hello World container.
Topic: command//edge:device:edge:containers/req//createWithConfig
{
"topic":"edge/device:edge:containers/things/live/messages/createWithConfig",
"headers":{
"response-required":true,
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/ContainerFactory/inbox/messages/createWithConfig",
"value":{
"imageRef":"docker.io/library/influxdb:1.8.4",
"start":true,
"config":{
"domainName": "",
"hostName": "",
"env": [],
"cmd": [],
"privileged": false,
"extraHosts": ["ctrhost:host_ip"],
"extraCapabilities": [],
"networkMode": "bridge",
"openStdin": false,
"tty": false,
"mountPoints": [
{
"source": "",
"destination": "",
"propagationMode": "rprivate"
}
],
"decryption": {
"keys": [],
"recipients": []
},
"devices": [
{
"pathOnHost": "",
"pathInContainer": "",
"cgroupPermissions": "rwm"
}
],
"restartPolicy": {
"type": "unless-stopped",
"maxRetryCount": 0,
"retryTimeout": 0
},
"portMappings":[
{
"proto": "tcp",
"containerPort": 80,
"hostIP": "0.0.0.0",
"hostPort": 5000,
"hostPortEnd": 5005,
}
],
"log": {
"type": "json-file",
"maxFiles": 2,
"maxSize": "100M",
"rootDir": "",
"mode": "blocking",
"maxBufferSize": "1M"
},
"resources": {
"memory": "",
"memoryReservation": "",
"memorySwap": ""
},
}
}
}
Response
Hono Command : command//<name>:<namespace>:edge:containers/res//createWithConfig
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/createWithConfigInformation about the affected Thing and the type of operation path /features/ContainerFactory/outbox/messages/createWithConfigA path to the ContainerFactoryFeature, it’s message channel, and commandHeaders Additional headers content-type application/jsonThe content type correlation-id <UUID> Value UUID of the created container
Example : Response of a createWithConfig operation.
Topic: command//edge:device:edge:containers/res//createWithConfig
{
"topic":"edge/device:edge:containers/things/live/messages/createWithConfig",
"headers":{
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/ContainerFactory/outbox/messages/createWithConfig",
"value":"<Container UUID>"
}
3.2 - Container API
The container service offers a comprehensive range of operations for managing existing containers. Users can effortlessly start, pause, resume or stop, containers with specific configurations. Additionally, they have the flexibility to rename, update, or remove containers as needed.
Start
Start an existing container.
Request
Hono Command: command//<name>:<namespace>:edge:containers/req//start
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/startInformation about the affected Thing and the type of operation path /features/Container:<UUID>/inbox/messages/startA path to the ContainerFeature, it’s message channel, andstartcommandHeaders Additional headers response-required true/false If response is required content-type application/jsonThe content type correlation-id container UUID The container UUID Value
Example : Start an existing container.
Topic: command//edge:device:edge:containers/req//start
{
"topic":"edge/device:edge:containers/things/live/messages/start",
"headers":{
"response-required":true,
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/Container:<UUID>/inbox/messages/start",
"value":{}
}
Response
Hono Command : command//<name>:<namespace>:edge:containers/res//start
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/startInformation about the affected Thing and the type of operation path /features/Container:<UUID>/outbox/messages/startA path to the ContainerFeature, it’s message channel, andstartcommandHeaders Additional headers content-type application/jsonThe content type correlation-id <UUID> The same correlation id as the request message Status Status of the operation start over the container
Example : Response of a successful start operation.
Topic: `command//edge:device:edge:containers/res//start``
{
"topic":"edge/device:edge:containers/things/live/messages/start",
"headers":{
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/Container:<UUID>/outbox/messages/start",
"status": 204
}
Stop
Stop an existing and running container.
Request
Hono Command: command//<name>:<namespace>:edge:containers/req//stop
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/stopInformation about the affected Thing and the type of operation path /features/Container:<UUID>/inbox/messages/stopA path to the ContainerFeature, it’s message channel, andstopcommandHeaders Additional headers response-required true/false If response is required content-type application/jsonThe content type correlation-id container UUID The container UUID Value
Example : Stop an existing and running container.
Topic: command//edge:device:edge:containers/req//stop
{
"topic":"edge/device:edge:containers/things/live/messages/stop",
"headers":{
"response-required":true,
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/Container:<UUID>/inbox/messages/stop",
"value":{}
}
Response
Hono Command : command//<name>:<namespace>:edge:containers/res//stop
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/stopInformation about the affected Thing and the type of operation path /features/Container:<UUID>/outbox/messages/stopA path to the ContainerFeature, it’s message channel, andstopcommandHeaders Additional headers content-type application/jsonThe content type correlation-id <UUID> The same correlation id as the request message Status Status of the operation stop over the container
Example : Response of a successful stop operation.
Topic: `command//edge:device:edge:containers/res//stop``
{
"topic":"edge/device:edge:containers/things/live/messages/stop",
"headers":{
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/Container:<UUID>/outbox/messages/stop",
"status":204
}
Stop with options
Stop an existing and running container with given options.
Request
Hono Command: command//<name>:<namespace>:edge:containers/req//stopWithOptions
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/stopWithOptionsInformation about the affected Thing and the type of operation path /features/Container:<UUID>/inbox/messages/stopWithOptionsA path to the ContainerFeature, it’s message channel, andstopWithOptionscommandHeaders Additional headers response-required true/false If response is required content-type application/jsonThe content type correlation-id container UUID The container UUID Value signal SIGTERMStop a container using a specific signal. Signals could be specified by using their names or numbers, e.g. SIGINTor 2timeout -1 « 63 // -9223372036854775808 Sets the timeout period in seconds to gracefully stop the container. When timeout expires the container process would be forcibly killed force true/false Whether to send a SIGKILL signal to the container’s process if it does not finish within the timeout specified
Example : Stop an existing and running container with specified options.
Topic: command//edge:device:edge:containers/req//stopWithOptions
{
"topic":"edge/device:edge:containers/things/live/messages/stopWithOptions",
"headers":{
"response-required":true,
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/Container:<UUID>/inbox/messages/stopWithOptions",
"value":{
"signal":"SIGINT",
"timeout": 30,
"force": true
}
}
Response
Hono Command : command//<name>:<namespace>:edge:containers/res//stopWithOptions
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/stopWithOptionsInformation about the affected Thing and the type of operation path /features/Container:<UUID>/outbox/messages/stopWithOptionsA path to the ContainerFeature, it’s message channel, andstopWithOptionscommandHeaders Additional headers content-type application/jsonThe content type correlation-id <UUID> The same correlation id as the request message Status Status of the operation stop with options over the container
Example : Response of a successful the stopWithOptions operation.
Topic: `command//edge:device:edge:containers/res//stopWithOptions``
{
"topic":"edge/device:edge:containers/things/live/messages/stopWithOptions",
"headers":{
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/Container:<UUID>/outbox/messages/stopWithOptions",
"status":204
}
Rename
Change the name of an existing container to the specified new name.
Request
Hono Command: command//<name>:<namespace>:edge:containers/req//rename
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/renameInformation about the affected Thing and the type of operation path /features/Container:<UUID>/inbox/messages/renameA path to the ContainerFeature, it’s message channel, andrenamecommandHeaders Additional headers response-required true/false If response is required content-type application/jsonThe content type correlation-id container UUID The container UUID Value The new name of the container
Example : Change the name of an existing container to the specified new name.
Topic: command//edge:device:edge:containers/req//rename
{
"topic":"edge/device:edge:containers/things/live/messages/rename",
"headers":{
"response-required":true,
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/Container:<UUID>/inbox/messages/rename",
"value":"new_container_name"
}
Response
Hono Command : command//<name>:<namespace>:edge:containers/res//rename
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/renameInformation about the affected Thing and the type of operation path /features/Container:<UUID>/outbox/messages/renameA path to the ContainerFeature, it’s message channel, andrenamecommandHeaders Additional headers content-type application/jsonThe content type correlation-id <UUID> The same correlation id as the request message Status Status of the operation rename container
Example : The response of the rename operation.
Topic: `command//edge:device:edge:containers/res//rename``
{
"topic":"edge/device:edge:containers/things/live/messages/rename",
"headers":{
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/Container:<UUID>/outbox/messages/rename",
"status":204
}
Update
Update an existing container without recreating it. The provided configurations will be merged with the current one.
Request
Hono Command: command//<name>:<namespace>:edge:containers/req//update
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/updateInformation about the affected Thing and the type of operation path /features/Container:<UUID>/inbox/messages/updateA path to the ContainerFeature, it’s message channel, andupdatecommandHeaders Additional headers response-required true/false If response is required content-type application/jsonThe content type correlation-id container UUID The container UUID Value restartPolicy Updates the restart policy for the container. The policy will be applied when the container exits type no/always/unless-stopped/on-failure The container’s restart policy, the supported types are: always, no, on-failure and unless-stopped maxRetryCount -1 « 31 // -2147483648 Maximum number of retries that are made to restart the container on exit with fail, if the typeis on-failuretimeout -1 « 63 // -9223372036854775808 Timeout period in seconds for each retry that is made to restart the container on exit with fail, if the typeis on-failureresources memory Hard memory limitation of the container as a number with a unit suffix of B, K, M and G, the minimum allowed value is 3M memoryReservation Soft memory limitation of the container as a number with a unit suffix of B, K, M and G, if memoryis specified, thememoryReservationmust be smaller than itmemorySwap Total amount of memory and swap that the container can use as a number with a unit suffix of B, K, M and G, use -1 to allow the container to use unlimited swap
Example : Update an existing container resources and restart policy.
Topic: command//edge:device:edge:containers/req//update
{
"topic":"edge/device:edge:containers/things/live/messages/update",
"headers":{
"response-required":true,
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/Container:<UUID>/inbox/messages/update",
"value":{
"restartPolicy":{
"type":"on-failure",
"maxRetryCount":3,
"timeout":10
},
"resources":{
"memory":"500M",
"memoryReservation":"300M",
"memorySwap":"1G",
}
}
}
Response
Hono Command : command//<name>:<namespace>:edge:containers/res//update
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/updateInformation about the affected Thing and the type of operation path /features/Container:<UUID>/outbox/messages/updateA path to the ContainerFeature, it’s message channel, andupdatecommandHeaders Additional headers content-type application/jsonThe content type correlation-id <UUID> The same correlation id as the request message Status Status of the updateoperation over the container
Example : Successful response of an update operation.
Topic: `command//edge:device:edge:containers/res//update``
{
"topic":"edge/device:edge:containers/things/live/messages/update",
"headers":{
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/Container:<UUID>/outbox/messages/update",
"status":204
}
Remove
Remove an existing container.
Request
Hono Command: command//<name>:<namespace>:edge:containers/req//remove
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/removeInformation about the affected Thing and the type of operation path /features/Container:<UUID>/inbox/messages/removeA path to the ContainerFeature, it’s message channel, andremovecommandHeaders Additional headers response-required true/false If response is required content-type application/jsonThe content type correlation-id container UUID The container UUID Value true/false Force stopping before removing a container
Example : Remove an existing container.
Topic: command//edge:device:edge:containers/req//remove
{
"topic":"edge/device:edge:containers/things/live/messages/remove",
"headers":{
"response-required":true,
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/Container:<UUID>/inbox/messages/remove",
"value":true
}
Response
Hono Command : command//<name>:<namespace>:edge:containers/res//remove
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/removeInformation about the affected Thing and the type of operation path /features/Container:<UUID>/outbox/messages/removeA path to the ContainerFeature, it’s message channel, andremovecommandHeaders Additional headers content-type application/jsonThe content type correlation-id <UUID> The same correlation id as the request message Status Status of the operation remove container
Example : Successful response of an remove operation.
Topic: `command//edge:device:edge:containers/res//remove``
{
"topic":"edge/device:edge:containers/things/live/messages/remove",
"headers":{
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/Container:<UUID>/outbox/messages/remove",
"status":204
}
3.3 - Metrics API
With the metrics service, you can request and receive metrics data for specific containers.
Request
Request to receive data from the container.
Request
Hono Command: command//<name>:<namespace>:edge:containers/req//request
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/requestInformation about the affected Thing and the type of operation path /features/Metrics/inbox/messages/requestA path to the MetricsFeature, it’s message channel, andrequestcommandHeaders Additional headers response-required true/false If response is required content-type application/jsonThe content type correlation-id container UUID The container UUID Value frequency Time interval of how often the metrics data will be published as duration string (e.g. 5s) filter Filter defines the type of metric data to be reported id An array of identifiers whose metric data to be reported, supported are: cpu.utilization,memory.utilization,memory.total,memory.used,io.readBytes,io.writeBytes,net.readBytes,net.writeBytes,pidsoriginator Metrics data originator
Example : Request metrics data with a specified filter and frequency.
Topic: command//edge:device:edge:containers/req//request
{
"topic":"edge/device:edge:containers/things/live/messages/request",
"headers":{
"response-required":true,
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/Metrics/inbox/messages/request",
"value":{
"filter":[
{
"id":null,
"originator":"SYSTEM"
}
],
"frequency":"2s"
}
}
Response
Hono Command : command//<name>:<namespace>:edge:containers/res//request
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/requestInformation about the affected Thing and the type of operation path /features/Metrics/outbox/messages/requestA path to the MetricsFeature, it’s message channel, andrequestcommandHeaders Additional headers content-type application/jsonThe content type correlation-id <UUID> The same correlation id as the sent request message Status Status of the requestmetrics operation
Example : The response of the request metrics data operation.
Topic: `command//edge:device:edge:containers/res//request``
{
"topic":"edge/device:edge:containers/things/live/messages/request",
"headers":{
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/Metrics/outbox/messages/request",
"status": 204
}
Data
Metrics data from a container based on the frequency specified in the request.
Response
Hono Command : command//<name>:<namespace>:edge:containers/res//data
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/dataInformation about the affected Thing and the type of operation path /features/Metrics/outbox/messages/dataA path to the MetricsFeature and it’s message channel.Headers Additional headers content-type application/jsonThe content type Value The value of the received data from the container in json format timestamp The timestamp in ms when this measure data is published shapshot All the measurements collected per originator originator The originator for whose metric data to be reported measurements An array of measurements identifier and value for originator id The identifier whose metric data to be reported, supported are: cpu.utilization,memory.utilization,memory.total,memory.used,io.readBytes,io.writeBytes,net.readBytes,net.writeBytes,pidsvalue The measured value per metric ID
Example : Metrics data from a container.
Topic: `command//edge:device:edge:containers/res//data``
{
"topic":"edge/device:edge:containers/things/live/messages/data",
"headers":{
"content-type":"application/json",
},
"path":"/features/Metrics/outbox/messages/data",
"value":{
"snapshot":[
{
"originator":"Container:test",
"measurements":[
{
"id":"memory.total",
"value":10371616768
},
{
"id":"memory.used",
"value":1396736
},
{
"id":"memory.utilization",
"value":0.01346690714903206
},
{
"id":"net.readBytes",
"value":180
},
{
"id":"net.writeBytes",
"value":0
},
{
"id":"pids",
"value":6
}
]
},
{
"originator":"Container:test2",
"measurements":[
{
"id":"cpu.utilization",
"value":8.751566666666667
},
{
"id":"memory.total",
"value":10371616768
},
{
"id":"memory.used",
"value":4759552
},
{
"id":"memory.utilization",
"value":0.04589016453717083
},
{
"id":"io.readBytes",
"value":0
},
{
"id":"io.writeBytes",
"value":4096
},
{
"id":"net.readBytes",
"value":610
},
{
"id":"net.writeBytes",
"value":202
},
{
"id":"pids",
"value":14
}
]
}
],
"timestamp":1234567890
}
}
3.4 - Software Updatable API
The software updatable service utilizes the Eclipse hawkBit message format to install a specified list of containers (software modules) and remove already installed modules.
Install
You can install a specified list of containers (software modules).
Request
Hono Command: command//<name>:<namespace>:edge:containers/req//install
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/installInformation about the affected Thing and the type of operation path /features/SoftwareUpdatable/inbox/messages/installA path to the SoftwareUpdatableFeature, it’s message channel, andinstallcommandHeaders Additional headers response-required true/false If response is required content-type application/jsonThe content type correlation-id container UUID The container UUID Value correlationId Unique identifier that is used to associate and track the series of messages weight The weight is the priority in case of multiple, parallel instructions metadata The metadata is any other information which should be passed to the device forced true/false Forced to install the software modules softwareModules An array of modules that will be installed metadata The metadata is any other information which should be passed to the device softwareModule An unique identifier for the software module name The name of the software module version The version of the software module artifacts An array of artifacts contained in the software module filename The file name of the artifact behind the provided URLs size The size of the file in bytes download A map with protocols and links for artifact download key HTTP/HTTPS/FTP/SFTP Available transport protocols url URL to download the artifact md5url MD5URL to download the MD5SUM file checksums A map with checksums to verify the proper download MD5 MD5 checksum of the downloaded file SHA1 SHA1 checksum of the downloaded file SHA256 SHA256 checksum of the downloaded file
Example : In this example, you can install the listed modules.
Topic: command//edge:device:edge:containers/req//install
{
"topic":"edge/device:edge:containers/things/live/messages/install",
"headers":{
"response-required":true,
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/SoftwareUpdatable/inbox/messages/install",
"value":{
"correlationId":"other_correlation_id",
"forced":true,
"softwareModules":[
{
"softwareModule":{
"name":"influxdb",
"version":"1.8.4"
},
"artifacts":[
{
"filename":"valid.json",
"download":{
"HTTPS":{
"url":"https://raw.githubusercontent.com/eclipse-kanto/container-management/main/containerm/pkg/testutil/config/container/valid.json",
"md5url":"https://raw.githubusercontent.com/eclipse-kanto/container-management/main/containerm/pkg/testutil/config/container/valid.json"
}
},
"checksums":{
"MD5":"8c5a0fa2c01e218262d672bf643652fd",
"SHA1":"7539b451d818d94bcd97d401a5467b3e1c0b8981",
"SHA256":"be8f5def8e6a61caab078be0995826ae65f5993b1a35c18ed6045c3db37c4a3a"
},
"size":100
}
]
}
]
}
}
Response
Hono Command : command//<name>:<namespace>:edge:containers/res//install
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/installInformation about the affected Thing and the type of operation path /features/SoftwareUpdatable/outbox/messages/installA path to the SoftwareUpdatableFeature, it’s message channel, andinstallcommandHeaders Additional headers content-type application/jsonThe content type correlation-id <UUID> The same correlation id as the sent request message Status Status of the installoperation`
Example : Response of a successful install of the software modules.
Topic: `command//edge:device:edge:containers/res//install``
{
"topic":"edge/device:edge:containers/things/live/messages/install",
"headers":{
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/SoftwareUpdatable/outbox/messages/install",
"status": 204
}
Remove
Remove of an installed software module.
Request
Hono Command: command//<name>:<namespace>:edge:containers/req//remove
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/removeInformation about the affected Thing and the type of operation path /features/SoftwareUpdatable/inbox/messages/removeA path to the SoftwareUpdatableFeature, it’s message channel, andremovecommandHeaders Additional headers response-required true/false If response is required content-type application/jsonThe content type correlation-id container UUID The container UUID Value Json presentation of the software module to be removed correlationId Unique identifier that is used to associate and track the series of messages weight The weight is the priority in case of multiple, parallel instructions metadata The metadata is any other information which should be passed to the device forced true/false Force remove the software modules software An array of software modules to be removed group An identifier which groups the dependency into a certain category name The dependency name version The dependency version type The “category” classifier of the dependency
Example : In this example, you can remove an existing software modules.
Topic: command//edge:device:edge:containers/req//remove
{
"topic":"edge/device:edge:containers/things/live/messages/remove",
"headers":{
"response-required":true,
"content-type":"application/json",
"correlation-id":"<UUID>"
},
"path":"/features/SoftwareUpdatable/inbox/messages/remove",
"value": {
"correlationId":"other_correlation_id",
"forced":true,
"software":[
{
"name":"influxdb",
"version":""
}
]
}
}
Response
Hono Command : command//<name>:<namespace>:edge:containers/res//remove
Ditto Message:
Name Value Description topic <name>/<namespace>:edge:containers/things/live/messages/removeInformation about the affected Thing and the type of operation path /features/SoftwareUpdatable/outbox/messages/removeA path to the SoftwareUpdatableFeature, it’s message channel, andremovecommandHeaders Additional headers correlation-id container UUID The container UUID Status Status of the operation remove software modules from container
Example : The response of successful removal of software modules.
Topic: `command//edge:device:edge:containers/res//remove``
{
"topic":"edge/device:edge:containers/things/live/messages/remove",
"headers":{
"correlation-id":"<UUID>"
},
"path":"/features/SoftwareUpdatable/outbox/messages/remove",
"status":204
}
4 - Container configuration as Desired State component
Customize the deployment of a container instance as a Desired State component.
Domain Identifier
The default domain identifier for the Containers Update Agent is containers.
This can be modified within the update agent section in the container management JSON config file.
Containers Update Agent Properties
To control the container update agent behavior through desired state specification. As defined in the Desired State Specification, all properties are of type string.
| Key | Required | Default | Description |
|---|---|---|---|
| systemContainers | No | Comma-separated list of container names that shall not be processed by the update agent during the application of the given desired state. This configuration option can be used to temporarily override the general systemContainers setting from the update agent section in the container management JSON config file. The setting is valid only for the given desired state where it is present. |
Container Properties
To control all aspects of the container instance behavior. As defined in the Desired State Specification, all properties are of type string.
| Key | Required | Default | Description |
|---|---|---|---|
| General config | |||
| image | Yes | Fully qualified image reference, that follows the OCI Image Specification, the format is: host[:port]/[namespace/]name:tag. | |
| env | No | Sets the provided environment variable in the root container’s process environment.Example: VAR1=2. If VAR1= is used, the environment variable would be set to empty. If VAR1 is used, the environment variable would be removed from the container environment inherited from the image. The property can be included multiple times, each one specifying another environment variable. | |
| cmd | No | Command with arguments that is executed upon the container’s start. The property can be included multiple times (order is important), each one specifying another command argument. | |
| Host config | |||
| device | No | Device to be made available in the container and optional cgroups permissions configuration. Both path on host and in container must be set. Possible cgroup permissions options are “r” (read), “w” (write), “m” (mknod) and all combinations of the three are possible. If not set, “rwm” is default device configuration. Example: /dev/ttyACM0:/dev/ttyUSB0[:rwm]. The property can be included multiple times, each one specifying a separate device. | |
| port | No | Port to be mapped from the host to the container instance. Format: [<host-ip>:]<host-port>:<container-port>[-<range>][/<proto>]. Most common use-case: 80:80. Mapping the container’s 80 port to a host port in the 5000-6000 range: 5000-6000:80/udp. Specifying port protocol (default is tcp): 80:80/udp. By default the port mapping will set on all network interfaces, but this is also manageable: 0.0.0.0:80-100:80/udp. The property can be included multiple times, each one specifying another port mapping. | |
| network | No | bridge | Sets the networking mode for the container. Possible options are: bridge - the container is connected to the default bridge network interface of the engine and is assigned an IP. host - the container shares the network stack of the host (use with caution as this breaks the network’s isolation!) |
| host | No | Extra host to be added in the current container’s /etc/hosts file. Example: hostname1:host_ip[_<network-interface>] must be provided. Example: local.host.machine.ip.custom.if:host_ip_myNetIf0 - this will automatically resolve the host’s IP on the myNetIf0 network interface and add it to the container’s hosts file. local.host.machine.ip.default.bridge:host_ip - this will automatically resolve the host’s IP on the default bridge network interface for container management and add it to the container’s hosts file if the container is configured to use it. The property can be included multiple times, each one specifying another extra host | |
| mount | No | Sets mount points so a source directory on the host can be accessed via a destination directory in the container. Format: source:destination[:propagation_mode]. If the propagation mode parameter is omitted, rprivate will be set by default. Available propagation modes are: rprivate, private, rshared, shared, rslave, slave. The property can be included multiple times, each one specifying another mount point. | |
| IO config | |||
| terminal | No | false | Boolean flag. Enables terminal for the current container, e.g. attach standard streams to a TTY. |
| interactive | No | false | Boolean flag. Enables interaction with the container, e.g. open the terminal’s standard input for an interaction with the container. |
| privileged | No | false | Boolean flag. Creates the container as privileged, grants root capabilities to all devices on the host system |
| Restart policy config | |||
| restartPolicy | string | unless-stopped | The container’s restart policy, the supported values are: always - an attempt to restart the container will be made made each time the container exits regardless of the exit code, no - no attempts to restart the container for any reason will be made, on-failure - restart attempts will be made if the container exits with an exit code != 0, unless-stopped - restart attempts will be made only if the container has not been stopped by the user. |
| restartMaxRetries | No | 1 | Integer value. Maximum number of retries that are made to restart the container on exit with fail, valid only if the restartPolicy is on-failure. |
| restartTimeout | No | 30 | Integer value. Timeout period in seconds for each retry that is made to restart the container on exit with fail, valid only if the restartPolicy is on-failure. |
| Logging config | |||
| logDriver | No | json-file | Sets the type of the log driver to be used for the container - json-file, none. |
| logMaxFiles | No | 2 | Integer value. Sets the max number of log files to be rotated - applicable for json-file log driver only. |
| logMaxSize | No | 100M | Sets the max size of the logs files for rotation in the form of 1, 1.2m, 1g, etc. - applicable for json-file log driver only. |
| logPath | No | Sets the path to the directory where the log files will be stored - applicable for json-file log driver only. | |
| logMode | No | blocking | Sets the mode of the logger - blocking, non-blocking. |
| logMaxBufferSize | No | 1M | Sets the max size of the logger buffer in the form of 1, 1.2m - applicable for non-blocking mode only. |
| Resources config | |||
| memory | No | Sets the max amount of memory the container can use in the form of 200m, 1.2g. The minimum allowed value is 3m. By default, a container has no memory constraints. | |
| memorySwap | No | Sets the total amount of memory + swap that the container can use in the form of 200m, 1.2g. If set must not be smaller than memory. If equal to memory, then the container will not have access to swap. If not set and memory is set, than the container can use as much swap as the memory setting. If set to -1, the container can use unlimited swap, up to the amount available on the host. | |
| memoryReservation | No | Sets a soft memory limitation in the form of 200m, 1.2g. Must be smaller than memory. When the system detects memory contention or low memory, control groups are pushed back to their soft limits. There is no guarantee that the container memory usage will not exceed the soft limit. |
Desired State Containers Domain Example
{
"domains": [
{
"id": "containers",
"config": [
{
"key": "systemContainers",
"value": "self-update-agent"
}
],
"components": [
{
"id": "hello-world",
"version": "latest",
"config": [
{
"key": "image",
"value": "docker.io/library/hello-world:latest"
},
{
"key": "env",
"value": "x=y"
},
{
"key": "env",
"value": "a=b"
},
{
"key": "cmd",
"value": "arg1"
},
{
"key": "cmd",
"value": "arg2"
},
{
"key": "device",
"value": "/dev/tty:/dev/tty:rw"
},
{
"key": "port",
"value": "80:80/tcp"
},
{
"key": "network",
"value": "host"
},
{
"key": "host",
"value": "host_name"
},
{
"key": "mount",
"value": "/data:/data:private"
},
{
"key": "terminal",
"value": "true"
},
{
"key": "interactive",
"value": "true"
},
{
"key": "privileged",
"value": "true"
},
{
"key": "restartPolicy",
"value": "always"
},
{
"key": "restartMaxRetries",
"value": "3"
},
{
"key": "restartTimeout",
"value": "1000"
},
{
"key": "logDriver",
"value": "json-file"
},
{
"key": "logMaxFiles",
"value": "3"
},
{
"key": "logMaxSize",
"value": "5M"
},
{
"key": "logPath",
"value": "/var/log"
},
{
"key": "logMode",
"value": "blocking"
},
{
"key": "logMaxBufferSize",
"value": "1M"
},
{
"key": "memory",
"value": "200M"
},
{
"key": "memorySwap",
"value": "300M"
},
{
"key": "memoryReservation",
"value": "100M"
}
]
}
]
}
]
}