Skip to content

Instantly share code, notes, and snippets.

@martencassel

martencassel/ucp-swagger.yaml

Created September 14, 2021 21:02
Show Gist options
  • Save martencassel/990f589dcdd07af5a7a23e991ddc831f to your computer and use it in GitHub Desktop.
Save martencassel/990f589dcdd07af5a7a23e991ddc831f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ucp-swagger.yaml
---
swagger: '2.0'
info:
description: |-
The Mirantis Kubernetes Engine API is a REST API, available using HTTPS, that enables programmatic access to swarm resources that are managed by MKE. MKE exposes the full Docker Engine API, so you can extend your existing code with UCP features. The API is secured with role-based access control so that only authorized users can make changes and deploy applications to your Docker swarm.
The MKE API is accessible in the same IP addresses and domain names that you use to access the web UI. It's the same API that the MKE web UI uses, so everything you can do on the UCP web UI from your browser, you can also do programmatically.
The system manages swarm resources by using collections, which you access through the `/collection` endpoint. For example, `GET /defaultCollection/<userID>` retrieves the default collection for a user. [Learn more about resource collections](https://docs.mirantis.com/mke-03).
- The `/roles` endpoint lets you enumerate and create custom permissions for accessing collections.
- The `/accounts` endpoint enables managing users, teams, and organizations.
- The `/configs` endpoint gives you access to the swarm's configuration.
title: MKE API Documentation
version: '1.40'
paths:
"/_ping":
get:
description: |-
Check the health of a UCP manager.
Use the `_ping` endpoint to check the health of a single UCP manager node. The UCP manager validates that all of its internal components are working, and it returns either 200, if all components are healthy, or 500, if any aren't healthy.
If you’re accessing the `_ping` endpoint through a load balancer, you have no way of knowing which UCP manager node isn't healthy, because any manager node may be serving your request. Make sure you’re connecting directly to the URL of a manager node, and not a load balancer.
tags:
- UCP
summary: Check the health of a UCP manager.
operationId: Ping
responses:
'200':
description: Success, manager healthy
'500':
description: Failure, manager unhealthy
default:
description: Success, manager healthy
"/accounts/":
get:
description: |-
List user and organization accounts.
Lists information about user and organization accounts. Supports sorting and
filtering.
Requires authentication and authorization as an admin user or as a privileged
service.
consumes:
- application/json
produces:
- application/json
tags:
- Accounts
summary: List user and organization accounts.
operationId: ListAccounts
parameters:
- type: string
default: all
description: Filter accounts by type or attribute - either "users", "orgs",
"admins", "non-admins", "active-users", "inactive-users", or "all" (default).
These filters cannot be combined in any way.
name: filter
in: query
- type: string
default: ''
description: Specifies the ordering of the results - either "name" (default)
or "fullName". Prefix with "+" (default) or "-" to specify acscending or
descending order, respectively.
name: order
in: query
- type: string
default: ''
description: Only return accounts with an order marker starting from this
value.
name: start
in: query
- type: int
default: '10'
description: Maximum number of accounts per page of results.
name: limit
in: query
- type: string
default: ''
description: Additionally filter results to those which have either a name
or full name which contains this case insensitive string
name: contains
in: query
responses:
'200':
description: Success, page of accounts listed.
schema:
"$ref": "#/definitions/responses.Accounts"
default:
description: Success, page of accounts listed.
schema:
"$ref": "#/definitions/responses.Accounts"
post:
description: |-
Create a user or organization account.
To search for and import a user from an LDAP directory, the system must be
configured with LDAP integration.
Requires authentication and authorization as an admin user.
consumes:
- application/json
produces:
- application/json
tags:
- Accounts
summary: Create a user or organization account.
operationId: CreateAccount
parameters:
- type: forms.CreateAccount
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.CreateAccount"
responses:
'201':
description: Success, account created.
schema:
"$ref": "#/definitions/responses.Account"
patch:
description: |-
Update information about user accounts or organizations, in bulk.
Requires authentication and authorization as an admin user.
consumes:
- application/json
produces:
- application/json
tags:
- Accounts
summary: Update information about user accounts or organizations, in bulk.
operationId: BulkAccountOps
parameters:
- type: forms.BulkOperations
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.BulkOperations"
responses:
'200':
description: Success, bulk operations performed. Any errors encountered
for an operation are returned.
schema:
"$ref": "#/definitions/responses.BulkResults"
default:
description: Success, bulk operations performed. Any errors encountered
for an operation are returned.
schema:
"$ref": "#/definitions/responses.BulkResults"
"/accounts/{accountNameOrID}":
get:
description: |-
Details for a user or organization account.
Requires authentication and authorization a user with access to view that account.
consumes:
- application/json
produces:
- application/json
tags:
- Accounts
summary: Details for a user or organization account.
operationId: GetAccount
parameters:
- type: string
default: ''
description: Name or id of account to fetch
name: accountNameOrID
in: path
required: true
responses:
'200':
description: Success, account returned.
schema:
"$ref": "#/definitions/responses.Account"
default:
description: Success, account returned.
schema:
"$ref": "#/definitions/responses.Account"
delete:
description: |-
Delete a user or organization account.
If the system is configured to import users from an LDAP directory, the user
may be created again if they still match the current LDAP search config.
Requires authentication and authorization as an admin user.
consumes:
- application/json
produces:
- application/json
tags:
- Accounts
summary: Delete a user or organization account.
operationId: DeleteAccount
parameters:
- type: string
default: ''
description: Name or id of account to delete
name: accountNameOrID
in: path
required: true
responses:
'204':
description: Success, account deleted.
patch:
description: |-
Update details for a user or organization account.
Requires authentication and authorization as an admin user, the target user (if
a user), or an admin member of the target organization (if an organization).
consumes:
- application/json
produces:
- application/json
tags:
- Accounts
summary: Update details for a user or organization account.
operationId: UpdateAccount
parameters:
- type: string
default: ''
description: Name or id of account to update
name: accountNameOrID
in: path
required: true
- type: forms.UpdateAccount
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.UpdateAccount"
responses:
'200':
description: Success, account updated.
schema:
"$ref": "#/definitions/responses.Account"
default:
description: Success, account updated.
schema:
"$ref": "#/definitions/responses.Account"
"/accounts/{accountNameOrID}/publicKeys":
get:
description: |-
List accountPublicKeys in an account.
Lists accountPublicKeys in ascending order by key ID.
Requires authentication and authorization as any user.
consumes:
- application/json
produces:
- application/json
tags:
- Account Public Keys
- Accounts
summary: List accountPublicKeys in an account.
operationId: ListAccountPublicKeys
parameters:
- type: string
default: ''
description: Name or id of the account whose accountPublicKeys will be listed
name: accountNameOrID
in: path
required: true
- type: string
default: ''
description: Only return accountPublicKeys with a key ID greater than or equal
to this name.
name: start
in: query
- type: int
default: '10'
description: Maximum number of accountPublicKeys per page of results.
name: limit
in: query
responses:
'200':
description: Success, page of accountPublicKeys listed.
schema:
"$ref": "#/definitions/responses.AccountPublicKeys"
default:
description: Success, page of accountPublicKeys listed.
schema:
"$ref": "#/definitions/responses.AccountPublicKeys"
post:
description: |-
Create a public key for an account.
Requires authentication and authorization as an admin user, the target user (if
a user), or an admin member of the target organization (if an organization).
consumes:
- application/json
produces:
- application/json
tags:
- Account Public Keys
- Accounts
summary: Create a public key for an account.
operationId: CreateAccountPublicKey
parameters:
- type: string
default: ''
description: Name or id of account to fetch
name: accountNameOrID
in: path
required: true
- type: forms.CreateAccountPublicKey
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.CreateAccountPublicKey"
responses:
'201':
description: Success, account public key created.
schema:
"$ref": "#/definitions/responses.AccountPublicKey"
"/accounts/{accountNameOrID}/publicKeys/{keyID}":
delete:
description: |-
Remove an account public key.
Requires authentication and authorization as an admin user, the target user (if
a user), or an admin member of the target organization (if an organization).
consumes:
- application/json
produces:
- application/json
tags:
- Account Public Keys
- Accounts
summary: Remove an account public key.
operationId: DeleteAccountPublicKey
parameters:
- type: string
default: ''
description: Name or id of the account
name: accountNameOrID
in: path
required: true
- type: string
default: ''
description: Public key id of the account
name: keyID
in: path
required: true
responses:
'204':
description: Success, acount public key removed.
patch:
description: |-
Update details for an account public key.
Requires authentication and authorization as an admin user, the target user (if
a user), or an admin member of the target organization (if an organization).
consumes:
- application/json
produces:
- application/json
tags:
- Account Public Keys
- Accounts
summary: Update details for an account public key.
operationId: UpdateAccountPublicKey
parameters:
- type: string
default: ''
description: Name or id of the account
name: accountNameOrID
in: path
required: true
- type: string
default: ''
description: Public key id of the account
name: keyID
in: path
required: true
- type: forms.UpdateAccountPublicKey
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.UpdateAccountPublicKey"
responses:
'200':
description: Success, account public key updated.
schema:
"$ref": "#/definitions/responses.AccountPublicKey"
default:
description: Success, account public key updated.
schema:
"$ref": "#/definitions/responses.AccountPublicKey"
"/accounts/{orgNameOrID}/adminMemberSyncConfig":
get:
description: |-
Get options for syncing admin members of an organization.
Requires authentication and authorization as an admin user or an admin member
of the organization.
consumes:
- application/json
produces:
- application/json
tags:
- Organization Membership
- Organizations
- Accounts
summary: Get options for syncing admin members of an organization.
operationId: GetOrganizationAdminSyncConfig
parameters:
- type: string
default: ''
description: Name or id of organization whose LDAP sync options to be retrieved
name: orgNameOrID
in: path
required: true
responses:
'200':
description: Success, LDAP sync options retrieved.
schema:
"$ref": "#/definitions/responses.MemberSyncOpts"
default:
description: Success, LDAP sync options retrieved.
schema:
"$ref": "#/definitions/responses.MemberSyncOpts"
put:
description: |-
Set options for syncing admin members of an organization.
Enabling sync of organization admin members will disable the ability to
directly manage organization membership for any users imported from an LDAP
directory. Their organization membership is instead set by being synced as an
admin member of the organization or by being a member of any team within the
organization.
Requires authentication and authorization as an admin user or an admin member
of the organization.
consumes:
- application/json
produces:
- application/json
tags:
- Organization Membership
- Organizations
- Accounts
summary: Set options for syncing admin members of an organization.
operationId: SetOrganizationAdminSyncConfig
parameters:
- type: string
default: ''
description: Name or id of organization whose LDAP sync options to set
name: orgNameOrID
in: path
required: true
- type: forms.MemberSyncOpts
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.MemberSyncOpts"
responses:
'200':
description: Success, LDAP sync options set.
schema:
"$ref": "#/definitions/responses.MemberSyncOpts"
default:
description: Success, LDAP sync options set.
schema:
"$ref": "#/definitions/responses.MemberSyncOpts"
"/accounts/{orgNameOrID}/members":
get:
description: |-
List members of an organization.
Lists memberships in ascending order by user ID.
Requires authentication and authorization as an admin user or a member of the
organization.
consumes:
- application/json
produces:
- application/json
tags:
- Organization Membership
- Organizations
- Accounts
summary: List members of an organization.
operationId: ListOrganizationMembers
parameters:
- type: string
default: ''
description: Name or id of organization whose members will be listed
name: orgNameOrID
in: path
required: true
- type: string
default: all
description: Filter members by type - either 'admins', 'non-admins', or 'all'
(default).
name: filter
in: query
- type: string
default: ''
description: Only return members with a user ID greater than or equal to this
ID.
name: start
in: query
- type: int
default: '10'
description: Maximum number of members per page of results.
name: limit
in: query
responses:
'200':
description: Success, page of organization members listed.
schema:
"$ref": "#/definitions/responses.Members"
default:
description: Success, page of organization members listed.
schema:
"$ref": "#/definitions/responses.Members"
"/accounts/{orgNameOrID}/members/{memberNameOrID}":
get:
description: |-
Details of a user's membership in an organization.
Requires authentication and authorization as an admin user, a member of the
organization, or the target user.
consumes:
- application/json
produces:
- application/json
tags:
- Organization Membership
- Organizations
- Accounts
summary: Details of a user's membership in an organization.
operationId: GetOrganizationMembership
parameters:
- type: string
default: ''
description: Name or id of organization in which the membership will be retrieved
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of user whose membership will be retrieved
name: memberNameOrID
in: path
required: true
responses:
'200':
description: Success, membership returned.
schema:
"$ref": "#/definitions/responses.Member"
default:
description: Success, membership returned.
schema:
"$ref": "#/definitions/responses.Member"
put:
description: |-
Add a user to an organization.
If organization admin members are configured to be synced with LDAP, users
which are imported from LDAP cannot be manually added as members of the
organization and must be either synced as an organization admin member or be
added as a member of team within the organization.
Requires authentication and authorization as an admin user or an admin member
of the organization
consumes:
- application/json
produces:
- application/json
tags:
- Organization Membership
- Organizations
- Accounts
summary: Add a user to an organization.
operationId: AddOrganizationMember
parameters:
- type: string
default: ''
description: Name or id of organization in which the membership will be added
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of user which will be added as a member
name: memberNameOrID
in: path
required: true
- type: forms.SetMembership
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.SetMembership"
responses:
'200':
description: Success, membership set.
schema:
"$ref": "#/definitions/responses.Member"
default:
description: Success, membership set.
schema:
"$ref": "#/definitions/responses.Member"
delete:
description: |-
Remove a user from an organization.
Removing a member of the organization will also remove them from any teams in
the organization. If organization admin members are configured to be synced
with LDAP, users which are imported from LDAP cannot be manually removed as
members of the organization and must be either synced as an organization admin
member or removed as a member of all teams within the organization.
Requires authentication and authorization as an admin user or an admin member
of the organization.
consumes:
- application/json
produces:
- application/json
tags:
- Organization Membership
- Organizations
- Accounts
summary: Remove a user from an organization.
operationId: DeleteOrganizationMember
parameters:
- type: string
default: ''
description: Name or id of organization in which the membership will be deleted
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of user whose membership will be deleted
name: memberNameOrID
in: path
required: true
responses:
'204':
description: Success, membership removed.
"/accounts/{orgNameOrID}/members/{memberNameOrID}/teams":
get:
description: |-
List a user's team membership in an organization.
Lists team memberships in ascending order by team ID.
Requires authentication and authorization as an admin user or a member of the
organization.
consumes:
- application/json
produces:
- application/json
tags:
- Organization Membership
- Organizations
- Accounts
summary: List a user's team membership in an organization.
operationId: ListOrganizationMemberTeams
parameters:
- type: string
default: ''
description: Name or id of user whose memberships will be listed
name: memberNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of organization in which the member's team memberships
will be listed
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Only return team memberships with a team ID greater than or equal
to this ID.
name: start
in: query
- type: int
default: '10'
description: Maximum number of team memberships per page of results.
name: limit
in: query
responses:
'200':
description: Success, page of member's teams listed.
schema:
"$ref": "#/definitions/responses.MemberTeams"
default:
description: Success, page of member's teams listed.
schema:
"$ref": "#/definitions/responses.MemberTeams"
"/accounts/{orgNameOrID}/teams":
get:
description: |-
List teams in an organization.
Lists teams in ascending order by name.
Requires authentication and authorization as an admin user or a member of the
organization.
consumes:
- application/json
produces:
- application/json
tags:
- Teams
- Organizations
- Accounts
summary: List teams in an organization.
operationId: ListTeams
parameters:
- type: string
default: ''
description: Name or id of organization whose teams will be listed
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Only return teams with a name greater than or equal to this name.
name: start
in: query
- type: int
default: '10'
description: Maximum number of teams per page of results.
name: limit
in: query
responses:
'200':
description: Success, page of teams listed.
schema:
"$ref": "#/definitions/responses.Teams"
default:
description: Success, page of teams listed.
schema:
"$ref": "#/definitions/responses.Teams"
post:
description: |-
Create a team.
Requires authentication and authorization as an admin user or an admin member
of the organization.
consumes:
- application/json
produces:
- application/json
tags:
- Teams
- Organizations
- Accounts
summary: Create a team.
operationId: CreateTeam
parameters:
- type: string
default: ''
description: Name or id of organization in which the team will be created
name: orgNameOrID
in: path
required: true
- type: forms.CreateTeam
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.CreateTeam"
responses:
'201':
description: Success, team created.
schema:
"$ref": "#/definitions/responses.Team"
"/accounts/{orgNameOrID}/teams/{teamNameOrID}":
get:
description: |-
Details for a team.
Requires authentication and authorization as an admin user or a member of the
organization.
consumes:
- application/json
produces:
- application/json
tags:
- Teams
- Organizations
- Accounts
summary: Details for a team.
operationId: GetTeam
parameters:
- type: string
default: ''
description: Name or id of organization in which the team will be retrieved
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of team which will be retrieved
name: teamNameOrID
in: path
required: true
responses:
'200':
description: Success, team returned.
schema:
"$ref": "#/definitions/responses.Team"
default:
description: Success, team returned.
schema:
"$ref": "#/definitions/responses.Team"
delete:
description: |-
Delete a team.
Requires authentication and authorization as an admin user or an admin member
of the organization.
consumes:
- application/json
produces:
- application/json
tags:
- Teams
- Organizations
- Accounts
summary: Delete a team.
operationId: DeleteTeam
parameters:
- type: string
default: ''
description: Name or id of organization in which the team will be deleted
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of team which will be deleted
name: teamNameOrID
in: path
required: true
responses:
'204':
description: Success, team deleted.
patch:
description: |-
Update details for a team.
Requires authentication and authorization as an admin user, an admin member of
the organization, or an admin member of the team.
consumes:
- application/json
produces:
- application/json
tags:
- Teams
- Organizations
- Accounts
summary: Update details for a team.
operationId: UpdateTeam
parameters:
- type: string
default: ''
description: Name or id of organization in which the team will be updated
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of team which will be updated
name: teamNameOrID
in: path
required: true
- type: forms.UpdateTeam
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.UpdateTeam"
responses:
'200':
description: Success, team updated.
schema:
"$ref": "#/definitions/responses.Team"
default:
description: Success, team updated.
schema:
"$ref": "#/definitions/responses.Team"
"/accounts/{orgNameOrID}/teams/{teamNameOrID}/groupLinkConfig":
get:
description: |-
Get options for linking group of a team.
Requires authentication and authorization as an admin user, an admin group of
the organization, or an admin group of the team.
consumes:
- application/json
produces:
- application/json
tags:
- Team Membership
- Teams
- Organizations
- Accounts
summary: Get options for linking group of a team.
operationId: GetTeamGroupLinkConfig
parameters:
- type: string
default: ''
description: Name or id of organization to which the team belongs
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of team whose SAML link config will be retrieved
name: teamNameOrID
in: path
required: true
responses:
'200':
description: Success, SAML link options retrieved.
schema:
"$ref": "#/definitions/responses.GroupLinkOpts"
default:
description: Success, SAML link options retrieved.
schema:
"$ref": "#/definitions/responses.GroupLinkOpts"
put:
description: |-
Set options for linking this team with a group attribute from SAML assertions.
Enabling link of team members will disable the ability to manually manage team
membership for any users imported from SAML. Their team membership is instead
managed by the group attribute of the SAML assertion.
Requires authentication and authorization as an admin user, an admin member of
the organization, or an admin member of the team.
consumes:
- application/json
produces:
- application/json
tags:
- Team Membership
- Teams
- Organizations
- Accounts
summary: Set options for linking this team with a group attribute from SAML
assertions.
operationId: SetTeamGroupLinkConfig
parameters:
- type: string
default: ''
description: Name or id of organization to which the team belongs
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of team whose SAML link config will be set
name: teamNameOrID
in: path
required: true
- type: forms.GroupLinkOpts
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.GroupLinkOpts"
responses:
'200':
description: Success, SAML link options set.
schema:
"$ref": "#/definitions/responses.GroupLinkOpts"
default:
description: Success, SAML link options set.
schema:
"$ref": "#/definitions/responses.GroupLinkOpts"
"/accounts/{orgNameOrID}/teams/{teamNameOrID}/kaasRoleConfig":
get:
description: |-
Get options for linking team with KaaS roles.
Requires authentication and authorization as an admin user, an admin group of
the organization, or an admin group of the team.
consumes:
- application/json
produces:
- application/json
tags:
- Team Membership
- Teams
- Organizations
- Accounts
summary: Get options for linking team with KaaS roles.
operationId: GetTeamKaasRoleConfig
parameters:
- type: string
default: ''
description: Name or id of organization to which the team belongs
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of team whose KaaS role config will be retrieved
name: teamNameOrID
in: path
required: true
responses:
'200':
description: Success, KaaS role options retrieved.
schema:
"$ref": "#/definitions/responses.KaasRoleOpts"
default:
description: Success, KaaS role options retrieved.
schema:
"$ref": "#/definitions/responses.KaasRoleOpts"
put:
description: |-
Set options for linking team with KaaS roles.
Enabling link of team members will disable the ability to manually manage team
membership for any users authenticated with openID tokens. Their team
membership is instead managed by the iam roles field of the auth token.
Requires authentication and authorization as an admin user, an admin member of
the organization, or an admin member of the team.
consumes:
- application/json
produces:
- application/json
tags:
- Team Membership
- Teams
- Organizations
- Accounts
summary: Set options for linking team with KaaS roles.
operationId: SetTeamKaasRoleConfig
parameters:
- type: string
default: ''
description: Name or id of organization to which the team belongs
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of team whose KaaS role config will be set
name: teamNameOrID
in: path
required: true
- type: forms.KaasRoleOpts
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.KaasRoleOpts"
responses:
'200':
description: Success, KaaS role options set.
schema:
"$ref": "#/definitions/responses.KaasRoleOpts"
default:
description: Success, KaaS role options set.
schema:
"$ref": "#/definitions/responses.KaasRoleOpts"
"/accounts/{orgNameOrID}/teams/{teamNameOrID}/memberSyncConfig":
get:
description: |-
Get options for syncing members of a team.
Requires authentication and authorization as an admin user, an admin member of
the organization, or an admin member of the team.
consumes:
- application/json
produces:
- application/json
tags:
- Team Membership
- Teams
- Organizations
- Accounts
summary: Get options for syncing members of a team.
operationId: GetTeamMemberSyncConfig
parameters:
- type: string
default: ''
description: Name or id of organization to which the team belongs
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of team whose LDAP sync config will be retrieved
name: teamNameOrID
in: path
required: true
responses:
'200':
description: Success, LDAP sync options retrieved.
schema:
"$ref": "#/definitions/responses.MemberSyncOpts"
default:
description: Success, LDAP sync options retrieved.
schema:
"$ref": "#/definitions/responses.MemberSyncOpts"
put:
description: |-
Set options for syncing members of a team.
Enabling sync of team members will disable the ability to manually manage team
membership for any users imported from LDAP. Their team membership is instead
managed by the LDAP sync.
Requires authentication and authorization as an admin user, an admin member of
the organization, or an admin member of the team.
consumes:
- application/json
produces:
- application/json
tags:
- Team Membership
- Teams
- Organizations
- Accounts
summary: Set options for syncing members of a team.
operationId: SetTeamMemberSyncConfig
parameters:
- type: string
default: ''
description: Name or id of team whose LDAP sync config will be set
name: teamNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of organization to which the team belongs
name: orgNameOrID
in: path
required: true
- type: forms.MemberSyncOpts
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.MemberSyncOpts"
responses:
'200':
description: Success, LDAP sync options set.
schema:
"$ref": "#/definitions/responses.MemberSyncOpts"
default:
description: Success, LDAP sync options set.
schema:
"$ref": "#/definitions/responses.MemberSyncOpts"
"/accounts/{orgNameOrID}/teams/{teamNameOrID}/members":
get:
description: |-
List members of a team.
Lists memberships in ascending order by user ID.
Requires authentication and authorization as an admin user or a member of the
organization.
consumes:
- application/json
produces:
- application/json
tags:
- Team Membership
- Teams
- Organizations
- Accounts
summary: List members of a team.
operationId: ListTeamMembers
parameters:
- type: string
default: ''
description: Name or id of organization in which the team's members will be
listed'
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of team whose members will be listed
name: teamNameOrID
in: path
required: true
- type: string
default: all
description: Filter members by type - either 'admins', 'non-admins', or 'all'
(default).
name: filter
in: query
- type: string
default: ''
description: Only return members with a user ID greater than or equal to this
ID.
name: start
in: query
- type: int
default: '10'
description: Maximum number of members per page of results.
name: limit
in: query
responses:
'200':
description: Success, page of team members listed.
schema:
"$ref": "#/definitions/responses.Members"
default:
description: Success, page of team members listed.
schema:
"$ref": "#/definitions/responses.Members"
"/accounts/{orgNameOrID}/teams/{teamNameOrID}/members/{memberNameOrID}":
get:
description: |-
Details of a user's membership in a team.
Requires authentication and authorization as an admin user or a member of the
organization.
consumes:
- application/json
produces:
- application/json
tags:
- Team Membership
- Teams
- Organizations
- Accounts
summary: Details of a user's membership in a team.
operationId: GetTeamMembership
parameters:
- type: string
default: ''
description: Name or id of organization in which the team membership will
be retrieved
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of the team in which the membership will be retrieved
name: teamNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of user whose team membership will be retrieved
name: memberNameOrID
in: path
required: true
responses:
'200':
description: Success, team membership retuned.
schema:
"$ref": "#/definitions/responses.Member"
default:
description: Success, team membership retuned.
schema:
"$ref": "#/definitions/responses.Member"
put:
description: |-
Add a user to a team.
The user will be added as a member of the organization if they are not already.
If team members are configured to be synced with LDAP, users which are imported
from LDAP cannot be manually added as members of the team and must be synced
with LDAP.
Requires authentication and authorization as an admin user, an admin member of
the organization, or an admin member of the team.
consumes:
- application/json
produces:
- application/json
tags:
- Team Membership
- Teams
- Organizations
- Accounts
summary: Add a user to a team.
operationId: AddTeamMember
parameters:
- type: string
default: ''
description: Name or id of organization in which the team membership will
be added
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of the team in which the membership will be added
name: teamNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of user which will be added as a member
name: memberNameOrID
in: path
required: true
- type: forms.SetMembership
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.SetMembership"
responses:
'200':
description: Success, team membership set.
schema:
"$ref": "#/definitions/responses.Member"
default:
description: Success, team membership set.
schema:
"$ref": "#/definitions/responses.Member"
delete:
description: |-
Remove a member from a team.
The user will remain a member of the organization. If team members are
configured to be synced with LDAP, users which are imported from LDAP cannot be
manually removed as members of the team and must be synced with LDAP.
Requires authentication and authorization as an admin user, an admin member of
the organization, or an admin member of the team.
consumes:
- application/json
produces:
- application/json
tags:
- Team Membership
- Teams
- Organizations
- Accounts
summary: Remove a member from a team.
operationId: DeleteTeamMember
parameters:
- type: string
default: ''
description: Name or id of organization in which the team membership will
be deleted
name: orgNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of the team in which the membership will be deleted
name: teamNameOrID
in: path
required: true
- type: string
default: ''
description: Name or id of user whose team membership will be deleted
name: memberNameOrID
in: path
required: true
responses:
'204':
description: Success, team membership deleted.
"/accounts/{userNameOrID}/changePassword":
post:
description: |-
Change a user's password.
Requires authentication and authorization as an admin user or the target user.
consumes:
- application/json
produces:
- application/json
tags:
- User Accounts
- Accounts
summary: Change a user's password.
operationId: ChangePassword
parameters:
- type: string
default: ''
description: Username or id of user whose password is to be changed
name: userNameOrID
in: path
required: true
- type: forms.ChangePassword
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.ChangePassword"
responses:
'200':
description: Success, password changed.
schema:
"$ref": "#/definitions/responses.Account"
default:
description: Success, password changed.
schema:
"$ref": "#/definitions/responses.Account"
"/accounts/{userNameOrID}/organizations":
get:
description: |-
List a user's organization memberships.
Lists organization memberships in ascending order by organization ID.
Requires authentication and authorization as an admin user or the target user.
consumes:
- application/json
produces:
- application/json
tags:
- User Accounts
- Accounts
summary: List a user's organization memberships.
operationId: ListUserOrganizations
parameters:
- type: string
default: ''
description: Name or id of user to whose organizations will be listed
name: userNameOrID
in: path
required: true
- type: string
default: ''
description: Only return memberships with an org ID greater than or equal
to this ID.
name: start
in: query
- type: int
default: '10'
description: Maximum number of organizations per page of results.
name: limit
in: query
responses:
'200':
description: Success, page of user's organizations listed.
schema:
"$ref": "#/definitions/responses.MemberOrgs"
default:
description: Success, page of user's organizations listed.
schema:
"$ref": "#/definitions/responses.MemberOrgs"
"/accounts/{userNameOrID}/otp/disable":
post:
description: |-
Disable User's one time passwords.
Requires authentication and authorization as an admin user or the target user.
consumes:
- application/json
- application/octet-stream
produces:
- application/json
tags:
- User One Time Passwords
- Accounts
summary: Disable User's one time passwords.
operationId: Disable One Time Passwords
parameters:
- type: string
default: ''
description: Username or id of user whose one time passwords is disabled
name: userNameOrID
in: path
required: true
responses:
'200':
description: Success, one time passwords changed.
schema:
"$ref": "#/definitions/responses.Account"
default:
description: Success, one time passwords changed.
schema:
"$ref": "#/definitions/responses.Account"
"/accounts/{userNameOrID}/otp/enable":
post:
description: |-
Enable User's one time passwords.
Requires authentication and authorization as the target user.
consumes:
- application/json
produces:
- application/json
tags:
- User One Time Passwords
- Accounts
summary: Enable User's one time passwords.
operationId: Enable One Time Passwords
parameters:
- type: string
default: ''
description: Username or id of user that one-time password enables
name: userNameOrID
in: path
required: true
- type: forms.OneTimePasswordCode
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.OneTimePasswordCode"
responses:
'200':
description: Success, the one-time password is enabled.
schema:
"$ref": "#/definitions/responses.UserWithRecoveryCodes"
default:
description: Success, the one-time password is enabled.
schema:
"$ref": "#/definitions/responses.UserWithRecoveryCodes"
"/accounts/{userNameOrID}/otp/init":
post:
description: |-
Init User's one time passwords.
Requires authentication and authorization as the target user.
consumes:
- application/json
- application/octet-stream
produces:
- application/json
tags:
- User One Time Passwords
- Accounts
summary: Init User's one time passwords.
operationId: Init One Time Passwords
parameters:
- type: string
default: ''
description: Username or id of user that one-time password inits
name: userNameOrID
in: path
required: true
responses:
'200':
description: Success, the one-time password is inited.
schema:
"$ref": "#/definitions/responses.OneTimePasswordsCode"
default:
description: Success, the one-time password is inited.
schema:
"$ref": "#/definitions/responses.OneTimePasswordsCode"
"/accounts/{userNameOrID}/otp/validate":
post:
description: Validate User's one time passwords. Requires authenticated as the
target user.
consumes:
- application/json
produces:
- application/json
tags:
- User One Time Passwords
- Accounts
summary: Validate User's one time passwords. Requires authenticated as the target
user.
operationId: Validate One Time Passwords
parameters:
- type: string
default: ''
description: Username or id of user that one-time password validation checks
against
name: userNameOrID
in: path
required: true
- type: forms.OneTimePasswordCode
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.OneTimePasswordCode"
responses:
'200':
description: Success, the one-time password is validated.
schema:
"$ref": "#/definitions/responses.Account"
default:
description: Success, the one-time password is validated.
schema:
"$ref": "#/definitions/responses.Account"
"/api/composehelper":
get:
tags:
- UCP
summary: "/api/composehelper"
operationId: restfulNoop
responses: {}
"/api/ucp/backup":
post:
description: Creates a new backup
produces:
- application/json
tags:
- UCP
summary: Creates a new backup
operationId: CreateBackup
responses:
'200':
description: Success
schema:
"$ref": "#/definitions/types.CreateBackupResponse"
default:
description: Success
schema:
"$ref": "#/definitions/types.CreateBackupResponse"
"/api/ucp/backup/{id}":
get:
description: Retrieves the historical metadata for the backup with given ID
produces:
- application/json
tags:
- UCP
summary: Retrieves the historical metadata for the backup with given ID
operationId: GetBackup
parameters:
- type: string
default: ''
description: ID of the backup
name: id
in: path
required: true
responses:
'200':
description: Success
schema:
"$ref": "#/definitions/types.Backup"
default:
description: Success
schema:
"$ref": "#/definitions/types.Backup"
"/api/ucp/backups":
get:
description: Lists the historical metadata about all backups that are being
or have been taken
produces:
- application/json
tags:
- UCP
summary: Lists the historical metadata about all backups that are being or have
been taken
operationId: ListBackups
responses:
'200':
description: Success
schema:
type: array
items:
"$ref": "#/definitions/types.Backup"
default:
description: Success
schema:
type: array
items:
"$ref": "#/definitions/types.Backup"
"/api/ucp/config-toml":
get:
description: Export the current UCP Configuration as a TOML file.
produces:
- application/toml
tags:
- UCP
summary: Export the current UCP Configuration as a TOML file.
operationId: Get Config TOML
responses:
'200':
description: Success
schema:
"$ref": "#/definitions/config.UCPConfiguration"
default:
description: Success
schema:
"$ref": "#/definitions/config.UCPConfiguration"
put:
description: Import UCP Configuration from a TOML file.
consumes:
- application/toml
produces:
- application/json
tags:
- UCP
summary: Import UCP Configuration from a TOML file.
operationId: PUT Config TOML
responses:
'200':
description: Success
schema:
"$ref": "#/definitions/api.putConfigOrLicenseResponse"
default:
description: Success
schema:
"$ref": "#/definitions/api.putConfigOrLicenseResponse"
"/api/ucp/config/auth/ldap":
get:
description: Retrieve current system LDAP configuration
consumes:
- application/json
produces:
- application/json
tags:
- Config
summary: Retrieve current system LDAP configuration
operationId: GetLDAPSettings
responses:
'200':
description: Success, current LDAP config returned.
schema:
"$ref": "#/definitions/responses.LDAPSettings"
default:
description: Success, current LDAP config returned.
schema:
"$ref": "#/definitions/responses.LDAPSettings"
put:
description: Set system LDAP configuration
consumes:
- application/json
produces:
- application/json
tags:
- Config
summary: Set system LDAP configuration
operationId: SetLDAPSettings
parameters:
- type: forms.LDAPSettings
name: body
in: body
required: true
schema:
"$ref": "#/definitions/forms.LDAPSettings"
responses:
'200':
description: Success, current LDAP config set.
schema:
"$ref": "#/definitions/responses.LDAPSettings"
default:
description: Success, current LDAP config set.
schema:
"$ref": "#/definitions/responses.LDAPSettings"
"/auth":
post:
description: Validate credentials for a registry and, if available, get an identity
token for accessing the registry without password.
consumes:
- application/json
produces:
- application/json
tags:
- System
summary: Check auth configuration
operationId: SystemAuth
parameters:
- description: Authentication to check
name: authConfig
in: body
schema:
"$ref": "#/definitions/AuthConfig"
responses:
'200':
description: An identity token was generated successfully.
schema:
type: object
title: SystemAuthResponse
required:
- Status
properties:
IdentityToken:
description: An opaque token used to authenticate a user after a successful
login
type: string
x-nullable: false
Status:
description: The status of the authentication
type: string
x-nullable: false
examples:
application/json:
IdentityToken: 9cbaf023786cd7...
Status: Login Succeeded
'204':
description: No error
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/auth/login":
post:
description: Submit a Login Form in exchange for a Session Token.
consumes:
- application/json
tags:
- UCP
summary: Submit a Login Form in exchange for a Session Token.
operationId: Login
parameters:
- type: auth.Credentials
name: body
in: body
required: true
schema:
"$ref": "#/definitions/auth.Credentials"
responses:
'200':
description: Success, login response returned.
schema:
"$ref": "#/definitions/auth.LoginResponse"
'401':
description: Invalid username or password.
default:
description: Success, login response returned.
schema:
"$ref": "#/definitions/auth.LoginResponse"
"/build":
post:
description: |
Build an image from a tar archive with a `Dockerfile` in it.
The `Dockerfile` specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the `dockerfile` parameter. [See the `Dockerfile` reference for more information](https://docs.docker.com/engine/reference/builder/).
The Docker daemon performs a preliminary validation of the `Dockerfile` before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.
The build is canceled if the client drops the connection by quitting or being killed.
consumes:
- application/octet-stream
produces:
- application/json
tags:
- Image
summary: Build an image
operationId: ImageBuild
parameters:
- description: 'A tar archive compressed with one of the following algorithms:
identity (no compression), gzip, bzip2, xz.'
name: inputStream
in: body
schema:
type: string
format: binary
- type: string
default: Dockerfile
description: Path within the build context to the `Dockerfile`. This is ignored
if `remote` is specified and points to an external `Dockerfile`.
name: dockerfile
in: query
- type: string
description: A name and optional tag to apply to the image in the `name:tag`
format. If you omit the tag the default `latest` value is assumed. You can
provide several `t` parameters.
name: t
in: query
- type: string
description: Extra hosts to add to /etc/hosts
name: extrahosts
in: query
- type: string
description: A Git repository URI or HTTP/HTTPS context URI. If the URI points
to a single text file, the file’s contents are placed into a file called
`Dockerfile` and the image is built from that file. If the URI points to
a tarball, the file is downloaded by the daemon and the contents therein
used as the context for the build. If the URI points to a tarball and the
`dockerfile` parameter is also specified, there must be a file with the
corresponding path inside the tarball.
name: remote
in: query
- type: boolean
default: false
description: Suppress verbose build output.
name: q
in: query
- type: boolean
default: false
description: Do not use the cache when building the image.
name: nocache
in: query
- type: string
description: JSON array of images used for build cache resolution.
name: cachefrom
in: query
- type: string
description: Attempt to pull the image even if an older image exists locally.
name: pull
in: query
- type: boolean
default: true
description: Remove intermediate containers after a successful build.
name: rm
in: query
- type: boolean
default: false
description: Always remove intermediate containers, even upon failure.
name: forcerm
in: query
- type: integer
description: Set memory limit for build.
name: memory
in: query
- type: integer
description: Total memory (memory + swap). Set as `-1` to disable swap.
name: memswap
in: query
- type: integer
description: CPU shares (relative weight).
name: cpushares
in: query
- type: string
description: CPUs in which to allow execution (e.g., `0-3`, `0,1`).
name: cpusetcpus
in: query
- type: integer
description: The length of a CPU period in microseconds.
name: cpuperiod
in: query
- type: integer
description: Microseconds of CPU time that the container can get in a CPU
period.
name: cpuquota
in: query
- type: string
description: |
JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the `Dockerfile` RUN instruction, or for variable expansion in other `Dockerfile` instructions. This is not meant for passing secret values.
For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
[Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)
name: buildargs
in: query
- type: integer
description: Size of `/dev/shm` in bytes. The size must be greater than 0.
If omitted the system uses 64MB.
name: shmsize
in: query
- type: boolean
description: Squash the resulting images layers into a single layer. *(Experimental
release only.)*
name: squash
in: query
- type: string
description: Arbitrary key/value labels to set on the image, as a JSON map
of string pairs.
name: labels
in: query
- type: string
description: 'Sets the networking mode for the run commands during build.
Supported standard values are: `bridge`, `host`, `none`, and `container:<name|id>`.
Any other value is taken as a custom network''s name to which this container
should connect to.'
name: networkmode
in: query
- enum:
- application/x-tar
type: string
default: application/x-tar
name: Content-type
in: header
- type: string
description: |
This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.
The key is a registry URL, and the value is an auth configuration object, [as described in the authentication section](#section/Authentication). For example:
```
{
"docker.example.com": {
"username": "janedoe",
"password": "hunter2"
},
"https://index.docker.io/v1/": {
"username": "mobydock",
"password": "conta1n3rize14"
}
}
```
Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a `https://` prefix and a `/v1/` suffix even though Docker will prefer to use the v2 registry API.
name: X-Registry-Config
in: header
- type: string
default: ''
description: Platform in the format os[/arch[/variant]]
name: platform
in: query
- type: string
default: ''
description: Target build stage
name: target
in: query
responses:
'200':
description: no error
'400':
description: Bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/build/cancel":
post:
tags:
- UCP
summary: "/build/cancel"
operationId: restfulNoop
responses: {}
"/collectionByPath":
get:
description: Retrieve a single collection by path.
produces:
- application/json
tags:
- UCP
summary: Retrieve a single collection by path.
operationId: Get Collection by path
parameters:
- type: string
default: ''
description: Path of the collection to get.
name: path
in: query
responses:
'200':
description: Success
schema:
"$ref": "#/definitions/authz.Collection"
default:
description: Success
schema:
"$ref": "#/definitions/authz.Collection"
"/collectionGrants":
get:
description: Lists all collection grants
produces:
- application/json
tags:
- UCP
summary: Lists all collection grants
operationId: ListGrants
parameters:
- type: string
default: ''
description: Filter grants by subjectID. Only a single value may be specified
for this query parameter. A subjectID may be an account ID for a user or
organization, or a team ID.
name: subjectID
in: query
- type: string
default: ''
description: Filter grants by collection ID. Only a single value may be specified
for this query parameter.
name: objectID
in: query
- type: string
default: ''
description: Filter grants by roleID. Only a single value may be specified
for this query parameter.
name: roleID
in: query
- type: string
default: all
description: Filter grants by a subject type - either "agent", "all" (default),
"anonymous", "authenticated", "org", "team", or "user" . These filters cannot
be combined in any way.
name: subjectType
in: query
- type: boolean
default: 'false'
description: Expands the subject into a list of subjects that it belongs to.
name: expandUser
in: query
- type: boolean
default: 'false'
description: Include the collection paths in the response.
name: showPaths
in: query
- type: string
default: ''
description: Only return grants with an order marker starting from this value.
name: start
in: query
- type: int
default: '10'
description: Maximum number of grants per page of results.
name: limit
in: query
responses:
'200':
description: Success
schema:
"$ref": "#/definitions/responses.Grants"
default:
description: Success
schema:
"$ref": "#/definitions/responses.Grants"
"/collectionGrants/{subjectID}/{objectID}/{roleID}":
put:
description: Creates a collection grant
tags:
- UCP
summary: Creates a collection grant
operationId: CreateGrant
parameters:
- type: string
default: ''
description: ObjectID of grant to create
name: objectID
in: path
required: true
- type: string
default: ''
description: RoleID of grant to create
name: roleID
in: path
required: true
- type: string
default: ''
description: SubjectID of grant to create. For a service account, it should
follow the format `system:serviceaccount:<namespace>:<serviceaccount>`
name: subjectID
in: path
required: true
responses:
'201':
description: Success
delete:
description: Deletes a collection grant.
tags:
- UCP
summary: Deletes a collection grant.
operationId: DeleteGrant
parameters:
- type: string
default: ''
description: SubjectID of grant to delete
name: subjectID
in: path
required: true
- type: string
default: ''
description: ObjectID of grant to delete
name: objectID
in: path
required: true
- type: string
default: ''
description: RoleID of grant to delete
name: roleID
in: path
required: true
responses:
'204':
description: Success
"/collections":
get:
description: List all visible collections.
produces:
- application/json
tags:
- UCP
summary: List all visible collections.
operationId: List collections
parameters:
- type: string
default: ''
description: Only return collections with an order marker starting from this
value.
name: start
in: query
- type: int
default: '10'
description: Maximum number of collections per page of results.
name: limit
in: query
responses:
'200':
description: Success
schema:
type: array
items:
"$ref": "#/definitions/authz.Collection"
default:
description: Success
schema:
type: array
items:
"$ref": "#/definitions/authz.Collection"
post:
description: Create a new collection of resources that share mutual authorization
settings.
consumes:
- application/json
produces:
- application/json
tags:
- UCP
summary: Create a new collection of resources that share mutual authorization
settings.
operationId: Create Collection
parameters:
- type: authz.CollectionCreate
name: body
in: body
required: true
schema:
"$ref": "#/definitions/authz.CollectionCreate"
responses:
'201':
description: Success
schema:
"$ref": "#/definitions/authz.CollectionCreateResponse"
"/collections/{id}":
get:
description: Retrieve a single collection by ID.
produces:
- application/json
tags:
- UCP
summary: Retrieve a single collection by ID.
operationId: Get Collection
parameters:
- type: string
default: ''
description: ID of the collection to get
name: id
in: path
required: true
responses:
'200':
description: Success
schema:
"$ref": "#/definitions/authz.Collection"
default:
description: Success
schema:
"$ref": "#/definitions/authz.Collection"
delete:
description: Delete a single collection by ID.
tags:
- UCP
summary: Delete a single collection by ID.
operationId: Delete Collection
parameters:
- type: string
default: ''
description: ID of the collection to delete.
name: id
in: path
required: true
responses:
'204':
description: Success
patch:
description: Updates an existing collection
consumes:
- application/json
tags:
- UCP
summary: Updates an existing collection
operationId: Update Collection
parameters:
- type: string
default: ''
description: ID of the collection to update.
name: id
in: path
required: true
- type: authz.CollectionUpdate
name: body
in: body
required: true
schema:
"$ref": "#/definitions/authz.CollectionUpdate"
responses:
'200':
description: Success
default:
description: Success
"/collections/{id}/children":
get:
description: Retrieve all children collection to a specific collection.
produces:
- application/json
tags:
- UCP
summary: Retrieve all children collection to a specific collection.
operationId: Get Collection Children
parameters:
- type: string
default: ''
description: ID of the collection whose children will be returned
name: id
in: path
required: true
- type: string
default: ''
description: Only return collections with an order marker starting from this
value.
name: start
in: query
- type: int
default: '10'
description: Maximum number of collections per page of results.
name: limit
in: query
responses:
'200':
description: Success
schema:
type: array
items:
"$ref": "#/definitions/authz.Collection"
default:
description: Success
schema:
type: array
items:
"$ref": "#/definitions/authz.Collection"
"/commit":
post:
consumes:
- application/json
produces:
- application/json
tags:
- Image
summary: Create a new image from a container
operationId: ImageCommit
parameters:
- description: The container configuration
name: containerConfig
in: body
schema:
"$ref": "#/definitions/ContainerConfig"
- type: string
description: The ID or name of the container to commit
name: container
in: query
- type: string
description: Repository name for the created image
name: repo
in: query
- type: string
description: Tag name for the create image
name: tag
in: query
- type: string
description: Commit message
name: comment
in: query
- type: string
description: Author of the image (e.g., `John Hannibal Smith <hannibal@a-team.com>`)
name: author
in: query
- type: boolean
default: true
description: Whether to pause the container before committing
name: pause
in: query
- type: string
description: "`Dockerfile` instructions to apply while committing"
name: changes
in: query
responses:
'201':
description: no error
schema:
"$ref": "#/definitions/IdResponse"
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/configs":
get:
produces:
- application/json
tags:
- Config
summary: List configs
operationId: ConfigList
parameters:
- type: string
description: |
A JSON encoded value of the filters (a `map[string][]string`) to process on the configs list. Available filters:
- `id=<config id>`
- `label=<key> or label=<key>=value`
- `name=<config name>`
- `names=<config name>`
name: filters
in: query
responses:
'200':
description: no error
schema:
type: array
items:
"$ref": "#/definitions/Config"
example:
- CreatedAt: '2016-11-05T01:20:17.327670065Z'
ID: ktnbjxoalbkvbvedmg1urrz8h
Spec:
Name: server.conf
UpdatedAt: '2016-11-05T01:20:17.327670065Z'
Version:
Index: 11
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/configs/create":
post:
description: If you create a UCP config with a name that starts with `com.docker.ucp.config`,
UCP verifies that the config is valid before saving it. Also, UCP validates
any licenses with names that start with `com.docker.license`.
consumes:
- application/json
produces:
- application/json
tags:
- Config
summary: Create a config
operationId: ConfigCreate
parameters:
- name: body
in: body
schema:
allOf:
- "$ref": "#/definitions/ConfigSpec"
- type: object
example:
Data: VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg==
Labels:
foo: bar
Name: server.conf
responses:
'201':
description: no error
schema:
"$ref": "#/definitions/IdResponse"
'409':
description: name conflicts with an existing object
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/configs/{id}":
get:
produces:
- application/json
tags:
- Config
summary: Inspect a config
operationId: ConfigInspect
parameters:
- type: string
description: ID of the config
name: id
in: path
required: true
responses:
'200':
description: no error
schema:
"$ref": "#/definitions/Config"
examples:
application/json:
CreatedAt: '2016-11-05T01:20:17.327670065Z'
ID: ktnbjxoalbkvbvedmg1urrz8h
Spec:
Name: app-dev.crt
UpdatedAt: '2016-11-05T01:20:17.327670065Z'
Version:
Index: 11
'404':
description: config not found
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
delete:
produces:
- application/json
tags:
- Config
summary: Delete a config
operationId: ConfigDelete
parameters:
- type: string
description: ID of the config
name: id
in: path
required: true
responses:
'204':
description: no error
'404':
description: config not found
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/configs/{id}/update":
post:
tags:
- Config
summary: Update a Config
operationId: ConfigUpdate
parameters:
- type: string
description: The ID or name of the config
name: id
in: path
required: true
- description: The spec of the config to update. Currently, only the Labels
field can be updated. All other fields must remain unchanged from the [ConfigInspect
endpoint](#operation/ConfigInspect) response values.
name: body
in: body
schema:
"$ref": "#/definitions/ConfigSpec"
- type: integer
format: int64
description: The version number of the config object being updated. This is
required to avoid conflicting writes.
name: version
in: query
required: true
responses:
'200':
description: no error
'400':
description: bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'404':
description: no such config
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/create":
post:
consumes:
- application/json
- application/octet-stream
produces:
- application/json
tags:
- Container
summary: Create a container
operationId: ContainerCreate
parameters:
- pattern: "/?[a-zA-Z0-9_-]+"
type: string
description: Assign the specified name to the container. Must match `/?[a-zA-Z0-9_-]+`.
name: name
in: query
- description: Container to create
name: body
in: body
required: true
schema:
allOf:
- "$ref": "#/definitions/ContainerConfig"
example:
AttachStderr: true
AttachStdin: false
AttachStdout: true
Cmd:
- date
Domainname: ''
Entrypoint: ''
Env:
- FOO=bar
- BAZ=quux
ExposedPorts:
22/tcp: {}
HostConfig:
AutoRemove: true
Binds:
- "/tmp:/tmp"
BlkioDeviceReadBps:
- {}
BlkioDeviceReadIOps:
- {}
BlkioDeviceWriteBps:
- {}
BlkioDeviceWriteIOps:
- {}
BlkioWeight: 300
BlkioWeightDevice:
- {}
CapAdd:
- NET_ADMIN
CapDrop:
- MKNOD
CgroupParent: ''
CpuPercent: 80
CpuPeriod: 100000
CpuQuota: 50000
CpuRealtimePeriod: 1000000
CpuRealtimeRuntime: 10000
CpuShares: 512
CpusetCpus: '0,1'
CpusetMems: '0,1'
Devices: []
Dns:
- 8.8.8.8
DnsOptions:
- ''
DnsSearch:
- ''
GroupAdd:
- newgroup
KernelMemory: 0
Links:
- redis3:redis
LogConfig:
Config: {}
Type: json-file
MaximumIOBps: 0
MaximumIOps: 0
Memory: 0
MemoryReservation: 0
MemorySwap: 0
MemorySwappiness: 60
NanoCPUs: 500000
NetworkMode: bridge
OomKillDisable: false
OomScoreAdj: 500
PidMode: ''
PidsLimit: -1
PortBindings:
22/tcp:
- HostPort: '11022'
Privileged: false
PublishAllPorts: false
ReadonlyRootfs: false
RestartPolicy:
MaximumRetryCount: 0
Name: ''
SecurityOpt: []
ShmSize: 67108864
StorageOpt: {}
Ulimits:
- {}
VolumeDriver: ''
VolumesFrom:
- parent
- other:ro
Hostname: ''
Image: ubuntu
Labels:
com.example.license: GPL
com.example.vendor: Acme
com.example.version: '1.0'
MacAddress: 12:34:56:78:9a:bc
NetworkDisabled: false
NetworkingConfig:
EndpointsConfig:
isolated_nw:
Aliases:
- server_x
- server_y
IPAMConfig:
IPv4Address: 172.20.30.33
IPv6Address: 2001:db8:abcd::3033
LinkLocalIPs:
- 169.254.34.68
- fe80::3468
Links:
- container_1
- container_2
OpenStdin: false
StdinOnce: false
StopSignal: SIGTERM
StopTimeout: 10
Tty: false
User: ''
Volumes:
"/volumes/data": {}
WorkingDir: ''
- type: object
properties:
HostConfig:
"$ref": "#/definitions/HostConfig"
NetworkingConfig:
description: This container's networking configuration.
type: object
properties:
EndpointsConfig:
description: A mapping of network name to endpoint configuration
for that network.
type: object
additionalProperties:
"$ref": "#/definitions/EndpointSettings"
example:
AttachStderr: true
AttachStdin: false
AttachStdout: true
Cmd:
- date
Domainname: ''
Entrypoint: ''
Env:
- FOO=bar
- BAZ=quux
ExposedPorts:
22/tcp: {}
HostConfig:
AutoRemove: true
Binds:
- "/tmp:/tmp"
BlkioDeviceReadBps:
- {}
BlkioDeviceReadIOps:
- {}
BlkioDeviceWriteBps:
- {}
BlkioDeviceWriteIOps:
- {}
BlkioWeight: 300
BlkioWeightDevice:
- {}
CapAdd:
- NET_ADMIN
CapDrop:
- MKNOD
CgroupParent: ''
CpuPercent: 80
CpuPeriod: 100000
CpuQuota: 50000
CpuRealtimePeriod: 1000000
CpuRealtimeRuntime: 10000
CpuShares: 512
CpusetCpus: '0,1'
CpusetMems: '0,1'
Devices: []
Dns:
- 8.8.8.8
DnsOptions:
- ''
DnsSearch:
- ''
GroupAdd:
- newgroup
KernelMemory: 0
Links:
- redis3:redis
LogConfig:
Config: {}
Type: json-file
MaximumIOBps: 0
MaximumIOps: 0
Memory: 0
MemoryReservation: 0
MemorySwap: 0
MemorySwappiness: 60
NanoCPUs: 500000
NetworkMode: bridge
OomKillDisable: false
OomScoreAdj: 500
PidMode: ''
PidsLimit: -1
PortBindings:
22/tcp:
- HostPort: '11022'
Privileged: false
PublishAllPorts: false
ReadonlyRootfs: false
RestartPolicy:
MaximumRetryCount: 0
Name: ''
SecurityOpt: []
ShmSize: 67108864
StorageOpt: {}
Ulimits:
- {}
VolumeDriver: ''
VolumesFrom:
- parent
- other:ro
Hostname: ''
Image: ubuntu
Labels:
com.example.license: GPL
com.example.vendor: Acme
com.example.version: '1.0'
MacAddress: 12:34:56:78:9a:bc
NetworkDisabled: false
NetworkingConfig:
EndpointsConfig:
isolated_nw:
Aliases:
- server_x
- server_y
IPAMConfig:
IPv4Address: 172.20.30.33
IPv6Address: 2001:db8:abcd::3033
LinkLocalIPs:
- 169.254.34.68
- fe80::3468
Links:
- container_1
- container_2
OpenStdin: false
StdinOnce: false
StopSignal: SIGTERM
StopTimeout: 10
Tty: false
User: ''
Volumes:
"/volumes/data": {}
WorkingDir: ''
example:
AttachStderr: true
AttachStdin: false
AttachStdout: true
Cmd:
- date
Domainname: ''
Entrypoint: ''
Env:
- FOO=bar
- BAZ=quux
ExposedPorts:
22/tcp: {}
HostConfig:
AutoRemove: true
Binds:
- "/tmp:/tmp"
BlkioDeviceReadBps:
- {}
BlkioDeviceReadIOps:
- {}
BlkioDeviceWriteBps:
- {}
BlkioDeviceWriteIOps:
- {}
BlkioWeight: 300
BlkioWeightDevice:
- {}
CapAdd:
- NET_ADMIN
CapDrop:
- MKNOD
CgroupParent: ''
CpuPercent: 80
CpuPeriod: 100000
CpuQuota: 50000
CpuRealtimePeriod: 1000000
CpuRealtimeRuntime: 10000
CpuShares: 512
CpusetCpus: '0,1'
CpusetMems: '0,1'
Devices: []
Dns:
- 8.8.8.8
DnsOptions:
- ''
DnsSearch:
- ''
GroupAdd:
- newgroup
KernelMemory: 0
Links:
- redis3:redis
LogConfig:
Config: {}
Type: json-file
MaximumIOBps: 0
MaximumIOps: 0
Memory: 0
MemoryReservation: 0
MemorySwap: 0
MemorySwappiness: 60
NanoCPUs: 500000
NetworkMode: bridge
OomKillDisable: false
OomScoreAdj: 500
PidMode: ''
PidsLimit: -1
PortBindings:
22/tcp:
- HostPort: '11022'
Privileged: false
PublishAllPorts: false
ReadonlyRootfs: false
RestartPolicy:
MaximumRetryCount: 0
Name: ''
SecurityOpt: []
ShmSize: 67108864
StorageOpt: {}
Ulimits:
- {}
VolumeDriver: ''
VolumesFrom:
- parent
- other:ro
Hostname: ''
Image: ubuntu
Labels:
com.example.license: GPL
com.example.vendor: Acme
com.example.version: '1.0'
MacAddress: 12:34:56:78:9a:bc
NetworkDisabled: false
NetworkingConfig:
EndpointsConfig:
isolated_nw:
Aliases:
- server_x
- server_y
IPAMConfig:
IPv4Address: 172.20.30.33
IPv6Address: 2001:db8:abcd::3033
LinkLocalIPs:
- 169.254.34.68
- fe80::3468
Links:
- container_1
- container_2
OpenStdin: false
StdinOnce: false
StopSignal: SIGTERM
StopTimeout: 10
Tty: false
User: ''
Volumes:
"/volumes/data": {}
WorkingDir: ''
responses:
'201':
description: Container created successfully
schema:
description: OK response to ContainerCreate operation
type: object
title: ContainerCreateResponse
required:
- Id
- Warnings
properties:
Id:
description: The ID of the created container
type: string
x-nullable: false
Warnings:
description: Warnings encountered when creating the container
type: array
items:
type: string
x-nullable: false
examples:
application/json:
Id: e90e34656806
Warnings: []
'400':
description: bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'409':
description: conflict
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/json":
get:
description: |
Returns a list of containers. For details on the format, see [the inspect endpoint](#operation/ContainerInspect).
Note that it uses a different, smaller representation of a container than inspecting a single container. For example,
the list of linked containers is not propagated .
produces:
- application/json
tags:
- Container
summary: List containers
operationId: ContainerList
parameters:
- type: boolean
default: false
description: Return all containers. By default, only running containers are
shown
name: all
in: query
- type: integer
description: Return this number of most recently created containers, including
non-running ones.
name: limit
in: query
- type: boolean
default: false
description: Return the size of container as fields `SizeRw` and `SizeRootFs`.
name: size
in: query
- type: string
description: |
Filters to process on the container list, encoded as JSON (a `map[string][]string`). For example, `{"status": ["paused"]}` will only return paused containers. Available filters:
- `ancestor`=(`<image-name>[:<tag>]`, `<image id>`, or `<image@digest>`)
- `before`=(`<container id>` or `<container name>`)
- `expose`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
- `exited=<int>` containers with exit code of `<int>`
- `health`=(`starting`|`healthy`|`unhealthy`|`none`)
- `id=<ID>` a container's ID
- `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
- `is-task=`(`true`|`false`)
- `label=key` or `label="key=value"` of a container label
- `name=<name>` a container's name
- `network`=(`<network id>` or `<network name>`)
- `publish`=(`<port>[/<proto>]`|`<startport-endport>/[<proto>]`)
- `since`=(`<container id>` or `<container name>`)
- `status=`(`created`|`restarting`|`running`|`removing`|`paused`|`exited`|`dead`)
- `volume`=(`<volume name>` or `<mount point destination>`)
name: filters
in: query
responses:
'200':
description: no error
schema:
"$ref": "#/definitions/ContainerSummary"
examples:
application/json:
- Command: echo 1
Created: 1367854155
HostConfig:
NetworkMode: default
Id: 8dfafdbc3a40
Image: ubuntu:latest
ImageID: d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82
Labels:
com.example.license: GPL
com.example.vendor: Acme
com.example.version: '1.0'
Mounts:
- Destination: "/data"
Driver: local
Mode: ro,Z
Name: fac362...80535
Propagation: ''
RW: false
Source: "/data"
Names:
- "/boring_feynman"
NetworkSettings:
Networks:
bridge:
EndpointID: 2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f
Gateway: 172.17.0.1
GlobalIPv6Address: ''
GlobalIPv6PrefixLen: 0
IPAddress: 172.17.0.2
IPPrefixLen: 16
IPv6Gateway: ''
MacAddress: 02:42:ac:11:00:02
NetworkID: 7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812
Ports:
- PrivatePort: 2222
PublicPort: 3333
Type: tcp
SizeRootFs: 0
SizeRw: 12288
State: Exited
Status: Exit 0
- Command: echo 222222
Created: 1367854155
HostConfig:
NetworkMode: default
Id: 9cd87474be90
Image: ubuntu:latest
ImageID: d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82
Labels: {}
Mounts: []
Names:
- "/coolName"
NetworkSettings:
Networks:
bridge:
EndpointID: 88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a
Gateway: 172.17.0.1
GlobalIPv6Address: ''
GlobalIPv6PrefixLen: 0
IPAddress: 172.17.0.8
IPPrefixLen: 16
IPv6Gateway: ''
MacAddress: 02:42:ac:11:00:08
NetworkID: 7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812
Ports: []
SizeRootFs: 0
SizeRw: 12288
State: Exited
Status: Exit 0
- Command: echo 3333333333333333
Created: 1367854154
HostConfig:
NetworkMode: default
Id: 3176a2479c92
Image: ubuntu:latest
ImageID: d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82
Labels: {}
Mounts: []
Names:
- "/sleepy_dog"
NetworkSettings:
Networks:
bridge:
EndpointID: 8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d
Gateway: 172.17.0.1
GlobalIPv6Address: ''
GlobalIPv6PrefixLen: 0
IPAddress: 172.17.0.6
IPPrefixLen: 16
IPv6Gateway: ''
MacAddress: 02:42:ac:11:00:06
NetworkID: 7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812
Ports: []
SizeRootFs: 0
SizeRw: 12288
State: Exited
Status: Exit 0
- Command: echo 444444444444444444444444444444444
Created: 1367854152
HostConfig:
NetworkMode: default
Id: 4cb07b47f9fb
Image: ubuntu:latest
ImageID: d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82
Labels: {}
Mounts: []
Names:
- "/running_cat"
NetworkSettings:
Networks:
bridge:
EndpointID: d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9
Gateway: 172.17.0.1
GlobalIPv6Address: ''
GlobalIPv6PrefixLen: 0
IPAddress: 172.17.0.5
IPPrefixLen: 16
IPv6Gateway: ''
MacAddress: 02:42:ac:11:00:05
NetworkID: 7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812
Ports: []
SizeRootFs: 0
SizeRw: 12288
State: Exited
Status: Exit 0
'400':
description: bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/prune":
post:
produces:
- application/json
tags:
- Container
summary: Delete stopped containers
operationId: ContainerPrune
parameters:
- type: string
description: |
Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
Available filters:
- `until=<timestamp>` Prune containers created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
- `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune containers with (or without, in case `label!=...` is used) the specified labels.
name: filters
in: query
responses:
'200':
description: No error
schema:
type: object
title: ContainerPruneResponse
properties:
ContainersDeleted:
description: Container IDs that were deleted
type: array
items:
type: string
SpaceReclaimed:
description: Disk space reclaimed in bytes
type: integer
format: int64
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}":
delete:
tags:
- Container
summary: Remove a container
operationId: ContainerDelete
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: boolean
default: false
description: Remove the volumes associated with the container.
name: v
in: query
- type: boolean
default: false
description: If the container is running, kill it before removing it.
name: force
in: query
- type: boolean
default: false
description: Remove the specified link associated with the container.
name: link
in: query
responses:
'204':
description: no error
'400':
description: bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'409':
description: conflict
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'You cannot remove a running container: c2ada9df5af8. Stop
the container before attempting removal or force remove'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/archive":
get:
description: Get a tar archive of a resource in the filesystem of container
id.
produces:
- application/x-tar
tags:
- Container
summary: Get an archive of a filesystem resource in a container
operationId: ContainerArchive
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: string
description: Resource in the container’s filesystem to archive.
name: path
in: query
required: true
responses:
'200':
description: no error
'400':
description: Bad parameter
schema:
allOf:
- "$ref": "#/definitions/ErrorResponse"
- type: object
properties:
message:
description: The error message. Either "must specify path parameter"
(path cannot be empty) or "not a directory" (path was asserted
to be a directory but exists as a file).
type: string
x-nullable: false
'404':
description: Container or path does not exist
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
put:
description: Upload a tar archive to be extracted to a path in the filesystem
of container id.
consumes:
- application/x-tar
- application/octet-stream
tags:
- Container
summary: Extract an archive of files or folders to a directory in a container
operationId: PutContainerArchive
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: string
description: 'Path to a directory in the container to extract the archive’s
contents into. '
name: path
in: query
required: true
- type: string
description: If “1”, “true”, or “True” then it will be an error if unpacking
the given content would cause an existing directory to be replaced with
a non-directory and vice versa.
name: noOverwriteDirNonDir
in: query
- description: 'The input stream must be a tar archive compressed with one of
the following algorithms: identity (no compression), gzip, bzip2, xz.'
name: inputStream
in: body
required: true
schema:
type: string
responses:
'200':
description: The content was extracted successfully
'400':
description: Bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'403':
description: Permission denied, the volume or container rootfs is marked
as read-only.
schema:
"$ref": "#/definitions/ErrorResponse"
'404':
description: No such container or path does not exist inside the container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
head:
description: A response header `X-Docker-Container-Path-Stat` is return containing
a base64 - encoded JSON object with some filesystem header information about
the path.
tags:
- Container
summary: Get information about files in a container
operationId: ContainerArchiveInfo
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: string
description: Resource in the container’s filesystem to archive.
name: path
in: query
required: true
responses:
'200':
description: no error
headers:
X-Docker-Container-Path-Stat:
type: string
description: A base64 - encoded JSON object with some filesystem header
information about the path
'400':
description: Bad parameter
schema:
allOf:
- "$ref": "#/definitions/ErrorResponse"
- type: object
properties:
message:
description: The error message. Either "must specify path parameter"
(path cannot be empty) or "not a directory" (path was asserted
to be a directory but exists as a file).
type: string
x-nullable: false
'404':
description: Container or path does not exist
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/attach":
post:
description: |
Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
Either the `stream` or `logs` parameter must be `true` for this endpoint to do anything.
See [the documentation for the `docker attach` command](https://docs.docker.com/engine/reference/commandline/attach/) for more details.
### Hijacking
This endpoint hijacks the HTTP connection to transport `stdin`, `stdout`, and `stderr` on the same socket.
This is the response from the daemon for an attach request:
```
HTTP/1.1 200 OK
Content-Type: application/vnd.docker.raw-stream
[STREAM]
```
After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
For example, the client sends this request to upgrade the connection:
```
POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
Upgrade: tcp
Connection: Upgrade
```
The Docker daemon will respond with a `101 UPGRADED` response, and will similarly follow with the raw stream:
```
HTTP/1.1 101 UPGRADED
Content-Type: application/vnd.docker.raw-stream
Connection: Upgrade
Upgrade: tcp
[STREAM]
```
### Stream format
When the TTY setting is disabled in [`POST /containers/create`](#operation/ContainerCreate), the stream over the hijacked connected is multiplexed to separate out `stdout` and `stderr`. The stream consists of a series of frames, each containing a header and a payload.
The header contains the information which the stream writes (`stdout` or `stderr`). It also contains the size of the associated frame encoded in the last four bytes (`uint32`).
It is encoded on the first eight bytes like this:
```go
header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
```
`STREAM_TYPE` can be:
- 0: `stdin` (is written on `stdout`)
- 1: `stdout`
- 2: `stderr`
`SIZE1, SIZE2, SIZE3, SIZE4` are the four bytes of the `uint32` size encoded as big endian.
Following the header is the payload, which is the specified number of bytes of `STREAM_TYPE`.
The simplest way to implement this protocol is the following:
1. Read 8 bytes.
2. Choose `stdout` or `stderr` depending on the first byte.
3. Extract the frame size from the last four bytes.
4. Read the extracted size and output it on the correct output.
5. Goto 1.
### Stream format when using a TTY
When the TTY setting is enabled in [`POST /containers/create`](#operation/ContainerCreate), the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's `stdin`.
produces:
- application/vnd.docker.raw-stream
tags:
- Container
summary: Attach to a container
operationId: ContainerAttach
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: string
description: 'Override the key sequence for detaching a container.Format is
a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of:
`a-z`, `@`, `^`, `[`, `,` or `_`.'
name: detachKeys
in: query
- type: boolean
default: false
description: |
Replay previous logs from the container.
This is useful for attaching to a container that has started and you want to output everything since the container started.
If `stream` is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.
name: logs
in: query
- type: boolean
default: false
description: Stream attached streams from the time the request was made onwards
name: stream
in: query
- type: boolean
default: false
description: Attach to `stdin`
name: stdin
in: query
- type: boolean
default: false
description: Attach to `stdout`
name: stdout
in: query
- type: boolean
default: false
description: Attach to `stderr`
name: stderr
in: query
responses:
'101':
description: no error, hints proxy about hijacking
'200':
description: no error, no upgrade header found
'400':
description: bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/changes":
get:
description: |
Returns which files in a container's filesystem have been added, deleted,
or modified. The `Kind` of modification can be one of:
- `0`: Modified
- `1`: Added
- `2`: Deleted
produces:
- application/json
tags:
- Container
summary: Get changes on a container’s filesystem
operationId: ContainerChanges
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
responses:
'200':
description: The list of changes
schema:
type: array
items:
description: change item in response to ContainerChanges operation
type: object
title: ContainerChangeResponseItem
required:
- Path
- Kind
properties:
Kind:
description: Kind of change
type: integer
format: uint8
enum:
- 0
- 1
- 2
x-nullable: false
Path:
description: Path to file that has changed
type: string
x-nullable: false
x-go-name: ContainerChangeResponseItem
examples:
application/json:
- Kind: 0
Path: "/dev"
- Kind: 1
Path: "/dev/kmsg"
- Kind: 1
Path: "/test"
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/exec":
post:
description: Run a command inside a running container.
consumes:
- application/json
produces:
- application/json
tags:
- Exec
summary: Create an exec instance
operationId: ContainerExec
parameters:
- description: Exec configuration
name: execConfig
in: body
required: true
schema:
type: object
properties:
AttachStderr:
description: Attach to `stderr` of the exec command.
type: boolean
AttachStdin:
description: Attach to `stdin` of the exec command.
type: boolean
AttachStdout:
description: Attach to `stdout` of the exec command.
type: boolean
Cmd:
description: Command to run, as a string or array of strings.
type: array
items:
type: string
DetachKeys:
description: 'Override the key sequence for detaching a container. Format
is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is
one of: `a-z`, `@`, `^`, `[`, `,` or `_`.'
type: string
Env:
description: A list of environment variables in the form `["VAR=value",
...]`.
type: array
items:
type: string
Privileged:
description: Runs the exec process with extended privileges.
type: boolean
default: false
Tty:
description: Allocate a pseudo-TTY.
type: boolean
User:
description: 'The user, and optionally, group to run the exec process
inside the container. Format is one of: `user`, `user:group`, `uid`,
or `uid:gid`.'
type: string
WorkingDir:
description: The working directory for the exec process inside the container.
type: string
example:
AttachStderr: true
AttachStdin: false
AttachStdout: true
Cmd:
- date
DetachKeys: ctrl-p,ctrl-q
Env:
- FOO=bar
- BAZ=quux
Tty: false
- type: string
description: ID or name of container
name: id
in: path
required: true
responses:
'201':
description: no error
schema:
"$ref": "#/definitions/IdResponse"
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'409':
description: container is paused
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/export":
get:
description: Export the contents of a container as a tarball.
produces:
- application/octet-stream
tags:
- Container
summary: Export a container
operationId: ContainerExport
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
responses:
'200':
description: no error
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/json":
get:
description: Return low-level information about a container.
produces:
- application/json
tags:
- Container
summary: Inspect a container
operationId: ContainerInspect
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: boolean
default: false
description: Return the size of container as fields `SizeRw` and `SizeRootFs`
name: size
in: query
responses:
'200':
description: no error
schema:
type: object
title: ContainerInspectResponse
properties:
AppArmorProfile:
type: string
Args:
description: The arguments to the command being run
type: array
items:
type: string
Config:
"$ref": "#/definitions/ContainerConfig"
Created:
description: The time the container was created
type: string
Driver:
type: string
ExecIDs:
description: IDs of exec instances that are running in the container.
type: array
items:
type: string
x-nullable: true
GraphDriver:
"$ref": "#/definitions/GraphDriverData"
HostConfig:
"$ref": "#/definitions/HostConfig"
HostnamePath:
type: string
HostsPath:
type: string
Id:
description: The ID of the container
type: string
Image:
description: The container's image
type: string
LogPath:
type: string
MountLabel:
type: string
Mounts:
type: array
items:
"$ref": "#/definitions/MountPoint"
Name:
type: string
NetworkSettings:
"$ref": "#/definitions/NetworkSettings"
Node:
description: TODO
type: object
Path:
description: The path to the command being run
type: string
ProcessLabel:
type: string
ResolvConfPath:
type: string
RestartCount:
type: integer
SizeRootFs:
description: The total size of all the files in this container.
type: integer
format: int64
SizeRw:
description: The size of files that have been created or changed by
this container.
type: integer
format: int64
State:
description: The state of the container.
type: object
properties:
Dead:
type: boolean
Error:
type: string
ExitCode:
description: The last exit code of this container
type: integer
FinishedAt:
description: The time when this container last exited.
type: string
OOMKilled:
description: Whether this container has been killed because it
ran out of memory.
type: boolean
Paused:
description: Whether this container is paused.
type: boolean
Pid:
description: The process ID of this container
type: integer
Restarting:
description: Whether this container is restarting.
type: boolean
Running:
description: |
Whether this container is running.
Note that a running container can be _paused_. The `Running` and `Paused`
booleans are not mutually exclusive:
When pausing a container (on Linux), the cgroups freezer is used to suspend
all processes in the container. Freezing the process requires the process to
be running. As a result, paused containers are both `Running` _and_ `Paused`.
Use the `Status` field instead to determine if a container's state is "running".
type: boolean
StartedAt:
description: The time when this container was last started.
type: string
Status:
description: 'The status of the container. For example, `"running"`
or `"exited"`.
'
type: string
enum:
- created
- running
- paused
- restarting
- removing
- exited
- dead
examples:
application/json:
AppArmorProfile: ''
Args:
- "-c"
- exit 9
Config:
AttachStderr: true
AttachStdin: false
AttachStdout: true
Cmd:
- "/bin/sh"
- "-c"
- exit 9
Domainname: ''
Env:
- PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Hostname: ba033ac44011
Image: ubuntu
Labels:
com.example.license: GPL
com.example.vendor: Acme
com.example.version: '1.0'
MacAddress: ''
NetworkDisabled: false
OpenStdin: false
StdinOnce: false
StopSignal: SIGTERM
StopTimeout: 10
Tty: false
User: ''
Volumes:
"/volumes/data": {}
WorkingDir: ''
Created: '2015-01-06T15:47:31.485331387Z'
Driver: devicemapper
ExecIDs:
- b35395de42bc8abd327f9dd65d913b9ba28c74d2f0734eeeae84fa1c616a0fca
- 3fc1232e5cd20c8de182ed81178503dc6437f4e7ef12b52cc5e8de020652f1c4
HostConfig:
BlkioDeviceReadBps:
- {}
BlkioDeviceReadIOps:
- {}
BlkioDeviceWriteBps:
- {}
BlkioDeviceWriteIOps:
- {}
BlkioWeight: 0
BlkioWeightDevice:
- {}
ContainerIDFile: ''
CpuPercent: 80
CpuPeriod: 100000
CpuRealtimePeriod: 1000000
CpuRealtimeRuntime: 10000
CpuShares: 0
CpusetCpus: ''
CpusetMems: ''
Devices: []
IpcMode: ''
KernelMemory: 0
LogConfig:
Type: json-file
LxcConf: []
MaximumIOBps: 0
MaximumIOps: 0
Memory: 0
MemoryReservation: 0
MemorySwap: 0
NetworkMode: bridge
OomKillDisable: false
OomScoreAdj: 500
PidMode: ''
PortBindings: {}
Privileged: false
PublishAllPorts: false
ReadonlyRootfs: false
RestartPolicy:
MaximumRetryCount: 2
Name: on-failure
ShmSize: 67108864
Sysctls:
net.ipv4.ip_forward: '1'
Ulimits:
- {}
VolumeDriver: ''
HostnamePath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname"
HostsPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts"
Id: ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39
Image: 04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2
LogPath: "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log"
MountLabel: ''
Mounts:
- Destination: "/data"
Driver: local
Mode: ro,Z
Name: fac362...80535
Propagation: ''
RW: false
Source: "/data"
Name: "/boring_euclid"
NetworkSettings:
Bridge: ''
EndpointID: ''
Gateway: ''
GlobalIPv6Address: ''
GlobalIPv6PrefixLen: 0
HairpinMode: false
IPAddress: ''
IPPrefixLen: 0
IPv6Gateway: ''
LinkLocalIPv6Address: ''
LinkLocalIPv6PrefixLen: 0
MacAddress: ''
Networks:
bridge:
EndpointID: 7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d
Gateway: 172.17.0.1
GlobalIPv6Address: ''
GlobalIPv6PrefixLen: 0
IPAddress: 172.17.0.2
IPPrefixLen: 16
IPv6Gateway: ''
MacAddress: 02:42:ac:12:00:02
NetworkID: 7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812
SandboxID: ''
SandboxKey: ''
Path: "/bin/sh"
ProcessLabel: ''
ResolvConfPath: "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf"
RestartCount: 1
State:
Dead: false
Error: ''
ExitCode: 9
FinishedAt: '2015-01-06T15:47:32.080254511Z'
OOMKilled: false
Paused: false
Pid: 0
Restarting: false
Running: true
StartedAt: '2015-01-06T15:47:32.072697474Z'
Status: running
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/kill":
post:
description: Send a POSIX signal to a container, defaulting to killing to the
container.
tags:
- Container
summary: Kill a container
operationId: ContainerKill
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: string
default: SIGKILL
description: Signal to send to the container as an integer or string (e.g.
`SIGINT`)
name: signal
in: query
responses:
'204':
description: no error
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'409':
description: container is not running
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: Container d37cde0fe4ad63c3a7252023b2f9800282894247d145cb5933ddf6e52cc03a28
is not running
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/logs":
get:
description: |
Get `stdout` and `stderr` logs from a container.
Note: This endpoint works only for containers with the `json-file` or `journald` logging driver.
tags:
- Container
summary: Get container logs
operationId: ContainerLogs
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: boolean
default: false
description: |
Return the logs as a stream.
This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
name: follow
in: query
- type: boolean
default: false
description: Return logs from `stdout`
name: stdout
in: query
- type: boolean
default: false
description: Return logs from `stderr`
name: stderr
in: query
- type: integer
default: 0
description: Only return logs since this time, as a UNIX timestamp
name: since
in: query
- type: integer
default: 0
description: Only return logs before this time, as a UNIX timestamp
name: until
in: query
- type: boolean
default: false
description: Add timestamps to every log line
name: timestamps
in: query
- type: string
default: all
description: Only return this number of log lines from the end of the logs.
Specify as an integer or `all` to output all log lines.
name: tail
in: query
responses:
'101':
description: logs returned as a stream
schema:
type: string
format: binary
'200':
description: logs returned as a string in response body
schema:
type: string
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/pause":
post:
description: |
Use the cgroups freezer to suspend all processes in a container.
Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
tags:
- Container
summary: Pause a container
operationId: ContainerPause
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
responses:
'204':
description: no error
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/rename":
post:
tags:
- Container
summary: Rename a container
operationId: ContainerRename
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: string
description: New name for the container
name: name
in: query
required: true
responses:
'204':
description: no error
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'409':
description: name already in use
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/resize":
post:
description: Resize the TTY for a container. You must restart the container
for the resize to take effect.
consumes:
- application/octet-stream
produces:
- text/plain
tags:
- Container
summary: Resize a container TTY
operationId: ContainerResize
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: integer
description: Height of the tty session in characters
name: h
in: query
- type: integer
description: Width of the tty session in characters
name: w
in: query
responses:
'200':
description: no error
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: cannot resize container
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/restart":
post:
tags:
- Container
summary: Restart a container
operationId: ContainerRestart
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: integer
description: Number of seconds to wait before killing the container
name: t
in: query
responses:
'204':
description: no error
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/start":
post:
tags:
- Container
summary: Start a container
operationId: ContainerStart
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: string
description: 'Override the key sequence for detaching a container. Format
is a single character `[a-Z]` or `ctrl-<value>` where `<value>` is one of:
`a-z`, `@`, `^`, `[`, `,` or `_`.'
name: detachKeys
in: query
responses:
'204':
description: no error
'304':
description: container already started
schema:
"$ref": "#/definitions/ErrorResponse"
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/stats":
get:
description: |
This endpoint returns a live stream of a container’s resource usage
statistics.
The `precpu_stats` is the CPU statistic of the *previous* read, and is
used to calculate the CPU usage percentage. It is not an exact copy
of the `cpu_stats` field.
If either `precpu_stats.online_cpus` or `cpu_stats.online_cpus` is
nil then for compatibility with older daemons the length of the
corresponding `cpu_usage.percpu_usage` array should be used.
produces:
- application/json
tags:
- Container
summary: Get container stats based on resource usage
operationId: ContainerStats
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: boolean
default: true
description: Stream the output. If false, the stats will be output once and
then it will disconnect.
name: stream
in: query
responses:
'200':
description: no error
schema:
type: object
examples:
application/json:
blkio_stats: {}
cpu_stats:
cpu_usage:
percpu_usage:
- 8646879
- 24472255
- 36438778
- 30657443
total_usage: 100215355
usage_in_kernelmode: 30000000
usage_in_usermode: 50000000
online_cpus: 4
system_cpu_usage: 739306590000000
throttling_data:
periods: 0
throttled_periods: 0
throttled_time: 0
memory_stats:
failcnt: 0
limit: 67108864
max_usage: 6651904
stats:
active_anon: 6537216
active_file: 0
cache: 0
hierarchical_memory_limit: 67108864
inactive_anon: 0
inactive_file: 0
mapped_file: 0
pgfault: 964
pgmajfault: 0
pgpgin: 477
pgpgout: 414
rss: 6537216
rss_huge: 6291456
total_active_anon: 6537216
total_active_file: 0
total_cache: 0
total_inactive_anon: 0
total_inactive_file: 0
total_mapped_file: 0
total_pgfault: 964
total_pgmajfault: 0
total_pgpgin: 477
total_pgpgout: 414
total_rss: 6537216
total_rss_huge: 6291456
total_unevictable: 0
total_writeback: 0
unevictable: 0
writeback: 0
usage: 6537216
networks:
eth0:
rx_bytes: 5338
rx_dropped: 0
rx_errors: 0
rx_packets: 36
tx_bytes: 648
tx_dropped: 0
tx_errors: 0
tx_packets: 8
eth5:
rx_bytes: 4641
rx_dropped: 0
rx_errors: 0
rx_packets: 26
tx_bytes: 690
tx_dropped: 0
tx_errors: 0
tx_packets: 9
pids_stats:
current: 3
precpu_stats:
cpu_usage:
percpu_usage:
- 8646879
- 24350896
- 36438778
- 30657443
total_usage: 100093996
usage_in_kernelmode: 30000000
usage_in_usermode: 50000000
online_cpus: 4
system_cpu_usage: 9492140000000
throttling_data:
periods: 0
throttled_periods: 0
throttled_time: 0
read: '2015-01-08T22:57:31.547920715Z'
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/stop":
post:
tags:
- Container
summary: Stop a container
operationId: ContainerStop
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: integer
description: Number of seconds to wait before killing the container
name: t
in: query
responses:
'204':
description: no error
'304':
description: container already stopped
schema:
"$ref": "#/definitions/ErrorResponse"
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/top":
get:
description: On Unix systems, this is done by running the `ps` command. This
endpoint is not supported on Windows.
tags:
- Container
summary: List processes running inside a container
operationId: ContainerTop
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: string
default: "-ef"
description: The arguments to pass to `ps`. For example, `aux`
name: ps_args
in: query
responses:
'200':
description: no error
schema:
description: OK response to ContainerTop operation
type: object
title: ContainerTopResponse
properties:
Processes:
description: Each process running in the container, where each is
process is an array of values corresponding to the titles
type: array
items:
type: array
items:
type: string
Titles:
description: The ps column titles
type: array
items:
type: string
examples:
application/json:
Processes:
- - root
- '13642'
- '882'
- '0'
- '17:03'
- pts/0
- '00:00:00'
- "/bin/bash"
- - root
- '13735'
- '13642'
- '0'
- '17:06'
- pts/0
- '00:00:00'
- sleep 10
Titles:
- UID
- PID
- PPID
- C
- STIME
- TTY
- TIME
- CMD
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/unpause":
post:
description: Resume a container which has been paused.
tags:
- Container
summary: Unpause a container
operationId: ContainerUnpause
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
responses:
'204':
description: no error
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/containers/{id}/wait":
post:
description: Block until a container stops, then returns the exit code.
produces:
- application/json
tags:
- Container
summary: Wait for a container
operationId: ContainerWait
parameters:
- type: string
description: ID or name of the container
name: id
in: path
required: true
- type: string
default: not-running
description: Wait until a container state reaches the given condition, either
'not-running' (default), 'next-exit', or 'removed'.
name: condition
in: query
responses:
'200':
description: The container has exit.
schema:
description: OK response to ContainerWait operation
type: object
title: ContainerWaitResponse
required:
- StatusCode
properties:
Error:
description: container waiting error, if any
type: object
properties:
Message:
description: Details of an error
type: string
StatusCode:
description: Exit code of the container
type: integer
x-nullable: false
'404':
description: no such container
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such container: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/defaultCollection/{userID}":
get:
description: Retrieve a user's default collection.
produces:
- application/json
tags:
- UCP
summary: Retrieve a user's default collection.
operationId: Get user default collection
parameters:
- type: string
default: ''
description: ID of the user
name: userID
in: path
required: true
responses:
'200':
description: Success
schema:
"$ref": "#/definitions/authz.Collection"
default:
description: Success
schema:
"$ref": "#/definitions/authz.Collection"
put:
description: Set a user's default collection.
consumes:
- application/json
tags:
- UCP
summary: Set a user's default collection.
operationId: Set user default collection
parameters:
- type: string
default: ''
description: ID of the user
name: userID
in: path
required: true
- type: authz.CollectionID
name: body
in: body
required: true
schema:
"$ref": "#/definitions/authz.CollectionID"
responses:
'201':
description: Success
delete:
description: Delete the default collection setting for a user
tags:
- UCP
summary: Delete the default collection setting for a user
operationId: DeleteUserDefaultCollection
parameters:
- type: string
default: ''
description: ID of the user whose default collection mapping will be deleted
name: userID
in: path
required: true
responses:
'204':
description: Success
"/defaultCollectionRole":
get:
description: Retrieve the role for the logged-in user's default collection.
produces:
- application/json
tags:
- UCP
summary: Retrieve the role for the logged-in user's default collection.
operationId: Get the logged-in user's role for their default collection
responses:
'200':
description: Success
schema:
"$ref": "#/definitions/role.Role"
default:
description: Success
schema:
"$ref": "#/definitions/role.Role"
"/disks":
get:
tags:
- UCP
summary: "/disks"
operationId: restfulNoop
responses: {}
"/disks/{id}":
get:
description: Retrieve a node's disk information.
produces:
- application/json
tags:
- UCP
summary: Retrieve a node's disk information.
operationId: Get disk information about a node
parameters:
- type: string
default: ''
description: ID of the node
name: id
in: path
required: true
responses:
'200':
description: Success
schema:
"$ref": "#/definitions/types.NodeDiskInformation"
default:
description: Success
schema:
"$ref": "#/definitions/types.NodeDiskInformation"
"/distribution/{name}/json":
get:
description: Return image digest and platform information by contacting the
registry.
produces:
- application/json
tags:
- Distribution
summary: Get image information from the registry
operationId: DistributionInspect
parameters:
- type: string
description: Image name or id
name: name
in: path
required: true
responses:
'200':
description: descriptor and platform information
schema:
type: object
title: DistributionInspectResponse
required:
- Descriptor
- Platforms
properties:
Descriptor:
description: A descriptor struct containing digest, media type, and
size
type: object
properties:
Digest:
type: string
MediaType:
type: string
Size:
type: integer
format: int64
URLs:
type: array
items:
type: string
Platforms:
description: An array containing all platforms supported by the image
type: array
items:
type: object
properties:
Architecture:
type: string
Features:
type: array
items:
type: string
OS:
type: string
OSFeatures:
type: array
items:
type: string
OSVersion:
type: string
Variant:
type: string
x-go-name: DistributionInspect
examples:
application/json:
Descriptor:
Digest: sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96
MediaType: application/vnd.docker.distribution.manifest.v2+json
Size: 3987495
URLs:
- ''
Platforms:
- Architecture: amd64
Features:
- ''
OS: linux
OSFeatures:
- ''
OSVersion: ''
Variant: ''
'401':
description: Failed authentication or no image found
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such image: someimage (tag: latest)'
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/events":
get:
description: |
Stream real-time events from the server.
Various objects within Docker report events when something happens to them.
Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, and `update`
Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, and `untag`
Volumes report these events: `create`, `mount`, `unmount`, and `destroy`
Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, and `remove`
The Docker daemon reports these events: `reload`
Services report these events: `create`, `update`, and `remove`
Nodes report these events: `create`, `update`, and `remove`
Secrets report these events: `create`, `update`, and `remove`
Configs report these events: `create`, `update`, and `remove`
produces:
- application/json
tags:
- System
summary: Monitor events
operationId: SystemEvents
parameters:
- type: string
description: Show events created since this timestamp then stream new events.
name: since
in: query
- type: string
description: Show events created until this timestamp then stop streaming.
name: until
in: query
- type: string
description: |
A JSON encoded value of filters (a `map[string][]string`) to process on the event list. Available filters:
- `config=<string>` config name or ID
- `container=<string>` container name or ID
- `daemon=<string>` daemon name or ID
- `event=<string>` event type
- `image=<string>` image name or ID
- `label=<string>` image or container label
- `network=<string>` network name or ID
- `node=<string>` node ID
- `plugin`=<string> plugin name or ID
- `scope`=<string> local or swarm
- `secret=<string>` secret name or ID
- `service=<string>` service name or ID
- `type=<string>` object to filter by, one of `container`, `image`, `volume`, `network`, `daemon`, `plugin`, `node`, `service`, `secret` or `config`
- `volume=<string>` volume name
name: filters
in: query
responses:
'200':
description: no error
schema:
type: object
title: SystemEventsResponse
properties:
Action:
description: The type of event
type: string
Actor:
type: object
properties:
Attributes:
description: Various key/value attributes of the object, depending
on its type
type: object
additionalProperties:
type: string
ID:
description: The ID of the object emitting the event
type: string
Type:
description: The type of object emitting the event
type: string
time:
description: Timestamp of event
type: integer
timeNano:
description: Timestamp of event, with nanosecond accuracy
type: integer
format: int64
examples:
application/json:
Action: create
Actor:
Attributes:
com.example.some-label: some-label-value
image: alpine
name: my-container
ID: ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743
Type: container
time: 1461943101
'400':
description: bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/exec/{id}/json":
get:
description: Return low-level information about an exec instance.
produces:
- application/json
tags:
- Exec
summary: Inspect an exec instance
operationId: ExecInspect
parameters:
- type: string
description: Exec instance ID
name: id
in: path
required: true
responses:
'200':
description: No error
schema:
type: object
title: ExecInspectResponse
properties:
CanRemove:
type: boolean
ContainerID:
type: string
DetachKeys:
type: string
ExitCode:
type: integer
ID:
type: string
OpenStderr:
type: boolean
OpenStdin:
type: boolean
OpenStdout:
type: boolean
Pid:
description: The system process ID for the exec process.
type: integer
ProcessConfig:
"$ref": "#/definitions/ProcessConfig"
Running:
type: boolean
examples:
application/json:
CanRemove: false
ContainerID: b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126
DetachKeys: ''
ExitCode: 2
ID: f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b
OpenStderr: true
OpenStdin: true
OpenStdout: true
Pid: 42000
ProcessConfig:
arguments:
- "-c"
- exit 2
entrypoint: sh
privileged: false
tty: true
user: '1000'
Running: false
'404':
description: No such exec instance
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/exec/{id}/resize":
post:
description: Resize the TTY session used by an exec instance. This endpoint
only works if `tty` was specified as part of creating and starting the exec
instance.
tags:
- Exec
summary: Resize an exec instance
operationId: ExecResize
parameters:
- type: string
description: Exec instance ID
name: id
in: path
required: true
- type: integer
description: Height of the TTY session in characters
name: h
in: query
- type: integer
description: Width of the TTY session in characters
name: w
in: query
responses:
'201':
description: No error
'404':
description: No such exec instance
schema:
"$ref": "#/definitions/ErrorResponse"
"/exec/{id}/start":
post:
description: Starts a previously set up exec instance. If detach is true, this
endpoint returns immediately after starting the command. Otherwise, it sets
up an interactive session with the command.
consumes:
- application/json
produces:
- application/vnd.docker.raw-stream
tags:
- Exec
summary: Start an exec instance
operationId: ExecStart
parameters:
- name: execStartConfig
in: body
schema:
type: object
properties:
Detach:
description: Detach from the command.
type: boolean
Tty:
description: Allocate a pseudo-TTY.
type: boolean
example:
Detach: false
Tty: false
- type: string
description: Exec instance ID
name: id
in: path
required: true
responses:
'200':
description: No error
'404':
description: No such exec instance
schema:
"$ref": "#/definitions/ErrorResponse"
'409':
description: Container is stopped or paused
schema:
"$ref": "#/definitions/ErrorResponse"
"/hardware":
get:
tags:
- UCP
summary: "/hardware"
operationId: restfulNoop
responses: {}
"/hardware/{id}":
get:
description: Retrieve a node's hardware information.
produces:
- application/json
tags:
- UCP
summary: Retrieve a node's hardware information.
operationId: Get hardware information about a node
parameters:
- type: string
default: ''
description: ID of the node
name: id
in: path
required: true
responses:
'200':
description: Success
schema:
"$ref": "#/definitions/types.HardwareInformation"
default:
description: Success
schema:
"$ref": "#/definitions/types.HardwareInformation"
"/id/":
get:
description: Identify the currently authenticated account.
produces:
- application/json
tags:
- Identity
summary: Identify the currently authenticated account.
operationId: ID
responses:
'200':
description: Success, current account returned.
schema:
"$ref": "#/definitions/responses.Account"
default:
description: Success, current account returned.
schema:
"$ref": "#/definitions/responses.Account"
"/id/logout":
post:
description: Delete the current session in use.
produces:
- application/json
tags:
- Identity
summary: Delete the current session in use.
operationId: Logout
responses:
'204':
description: Success, current session deleted.
"/images/create":
post:
description: |-
Create an image by either pulling it from a registry or importing it.
The `create` request pulls the image onto every node in the swarm that exists at that time and that have the right operating system. Nodes that join the swarm later or that don't have the same base OS as the image won't get the image.
consumes:
- text/plain
- application/octet-stream
produces:
- application/json
tags:
- Image
summary: Create an image
operationId: ImageCreate
parameters:
- type: string
description: Name of the image to pull. The name may include a tag or digest.
This parameter may only be used when pulling an image. The pull is cancelled
if the HTTP connection is closed.
name: fromImage
in: query
- type: string
description: Source to import. The value may be a URL from which the image
can be retrieved or `-` to read the image from the request body. This parameter
may only be used when importing an image.
name: fromSrc
in: query
- type: string
description: Repository name given to an image when it is imported. The repo
may include a tag. This parameter may only be used when importing an image.
name: repo
in: query
- type: string
description: Tag or digest. If empty when pulling an image, this causes all
tags for the given image to be pulled.
name: tag
in: query
- description: Image content if the value `-` has been specified in fromSrc
query parameter
name: inputImage
in: body
schema:
type: string
- type: string
description: A base64-encoded auth configuration. [See the authentication
section for details.](#section/Authentication)
name: X-Registry-Auth
in: header
- type: string
default: ''
description: Platform in the format os[/arch[/variant]]
name: platform
in: query
responses:
'200':
description: no error
'404':
description: repository does not exist or no read access
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/images/get":
get:
description: |
Get a tarball containing all images and metadata for several image repositories.
For each value of the `names` parameter: if it is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.
For details on the format, see [the export image endpoint](#operation/ImageGet).
produces:
- application/x-tar
tags:
- Image
summary: Export several images
operationId: ImageGetAll
parameters:
- type: array
items:
type: string
description: Image names to filter by
name: names
in: query
responses:
'200':
description: no error
schema:
type: string
format: binary
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/images/json":
get:
description: |-
Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image.
This endpoint returns the union of all images on all nodes in the cluster.
produces:
- application/json
tags:
- Image
summary: List Images
operationId: ImageList
parameters:
- type: boolean
default: false
description: Show all images. Only images from a final layer (no children)
are shown by default.
name: all
in: query
- type: string
description: |
A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
- `before`=(`<image-name>[:<tag>]`, `<image id>` or `<image@digest>`)
- `dangling=true`
- `label=key` or `label="key=value"` of an image label
- `reference`=(`<image-name>[:<tag>]`)
- `since`=(`<image-name>[:<tag>]`, `<image id>` or `<image@digest>`)
name: filters
in: query
- type: boolean
default: false
description: Show digest information as a `RepoDigests` field on each image.
name: digests
in: query
responses:
'200':
description: Summary image data for the images matching the query
schema:
type: array
items:
"$ref": "#/definitions/ImageSummary"
examples:
application/json:
- Containers: 2
Created: 1474925151
Id: sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8
Labels: {}
ParentId: ''
RepoDigests:
- ubuntu@sha256:992069aee4016783df6345315302fa59681aae51a8eeb2f889dea59290f21787
RepoTags:
- ubuntu:12.04
- ubuntu:precise
SharedSize: 0
Size: 103579269
VirtualSize: 103579269
- Containers: 5
Created: 1403128455
Id: sha256:3e314f95dcace0f5e4fd37b10862fe8398e3c60ed36600bc0ca5fda78b087175
Labels: {}
ParentId: ''
RepoDigests:
- ubuntu@sha256:002fba3e3255af10be97ea26e476692a7ebed0bb074a9ab960b2e7a1526b15d7
- ubuntu@sha256:68ea0200f0b90df725d99d823905b04cf844f6039ef60c60bf3e019915017bd3
RepoTags:
- ubuntu:12.10
- ubuntu:quantal
SharedSize: 0
Size: 172064416
VirtualSize: 172064416
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/images/load":
post:
description: |-
Load a set of images and tags into a repository.
For details on the format, see [the export image endpoint](#operation/ImageGet).
The image is loaded on all nodes in the swarm that are compatible with the image's architecture. For example, Windows images aren't loaded on Linux nodes, and vice-versa.
consumes:
- application/x-tar
produces:
- application/json
tags:
- Image
summary: Import images
operationId: ImageLoad
parameters:
- description: Tar archive containing images
name: imagesTarball
in: body
schema:
type: string
format: binary
- type: boolean
default: false
description: Suppress progress details during load.
name: quiet
in: query
responses:
'200':
description: no error
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/images/prune":
post:
produces:
- application/json
tags:
- Image
summary: Delete unused images
operationId: ImagePrune
parameters:
- type: string
description: |
Filters to process on the prune list, encoded as JSON (a `map[string][]string`). Available filters:
- `dangling=<boolean>` When set to `true` (or `1`), prune only
unused *and* untagged images. When set to `false`
(or `0`), all unused images are pruned.
- `until=<string>` Prune images created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
- `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune images with (or without, in case `label!=...` is used) the specified labels.
name: filters
in: query
responses:
'200':
description: No error
schema:
type: object
title: ImagePruneResponse
properties:
ImagesDeleted:
description: Images that were deleted
type: array
items:
"$ref": "#/definitions/ImageDeleteResponseItem"
SpaceReclaimed:
description: Disk space reclaimed in bytes
type: integer
format: int64
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/images/search":
get:
description: Search for an image on Docker Hub.
produces:
- application/json
tags:
- Image
summary: Search images
operationId: ImageSearch
parameters:
- type: string
description: Term to search
name: term
in: query
required: true
- type: integer
description: Maximum number of results to return
name: limit
in: query
- type: string
description: |
A JSON encoded value of the filters (a `map[string][]string`) to process on the images list. Available filters:
- `is-automated=(true|false)`
- `is-official=(true|false)`
- `stars=<number>` Matches images that has at least 'number' stars.
name: filters
in: query
responses:
'200':
description: No error
schema:
type: array
items:
type: object
title: ImageSearchResponseItem
properties:
description:
type: string
is_automated:
type: boolean
is_official:
type: boolean
name:
type: string
star_count:
type: integer
examples:
application/json:
- description: ''
is_automated: false
is_official: false
name: wma55/u1210sshd
star_count: 0
- description: ''
is_automated: false
is_official: false
name: jdswinbank/sshd
star_count: 0
- description: ''
is_automated: false
is_official: false
name: vgauthier/sshd
star_count: 0
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/images/{name}":
delete:
description: |
Remove an image, along with any untagged parent images that were
referenced by that image.
Images can't be removed if they have descendant images, are being
used by a running container or are being used by a build.
produces:
- application/json
tags:
- Image
summary: Remove an image
operationId: ImageDelete
parameters:
- type: string
description: Image name or ID
name: name
in: path
required: true
- type: boolean
default: false
description: Remove the image even if it is being used by stopped containers
or has other tags
name: force
in: query
- type: boolean
default: false
description: Do not delete untagged parent images
name: noprune
in: query
responses:
'200':
description: The image was deleted successfully
schema:
type: array
items:
"$ref": "#/definitions/ImageDeleteResponseItem"
examples:
application/json:
- Untagged: 3e2f21a89f
- Deleted: 3e2f21a89f
- Deleted: 53b4f83ac9
'404':
description: No such image
schema:
"$ref": "#/definitions/ErrorResponse"
'409':
description: Conflict
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/images/{name}/get":
get:
description: |
Get a tarball containing all images and metadata for a repository.
If `name` is a specific name and tag (e.g. `ubuntu:latest`), then only that image (and its parents) are returned. If `name` is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the `repositories` file in the tarball, as there were no image names referenced.
### Image tarball format
An image tarball contains one directory per image layer (named using its long ID), each containing these files:
- `VERSION`: currently `1.0` - the file format version
- `json`: detailed layer information, similar to `docker inspect layer_id`
- `layer.tar`: A tarfile containing the filesystem changes in this layer
The `layer.tar` file contains `aufs` style `.wh..wh.aufs` files and directories for storing attribute changes and deletions.
If the tarball defines a repository, the tarball should also include a `repositories` file at the root that contains a list of repository and tag names mapped to layer IDs.
```json
{
"hello-world": {
"latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
}
}
```
produces:
- application/x-tar
tags:
- Image
summary: Export an image
operationId: ImageGet
parameters:
- type: string
description: Image name or ID
name: name
in: path
required: true
responses:
'200':
description: no error
schema:
type: string
format: binary
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/images/{name}/history":
get:
description: Return parent layers of an image.
produces:
- application/json
tags:
- Image
summary: Get the history of an image
operationId: ImageHistory
parameters:
- type: string
description: Image name or ID
name: name
in: path
required: true
responses:
'200':
description: List of image layers
schema:
type: array
items:
description: individual image layer information in response to ImageHistory
operation
type: object
title: HistoryResponseItem
required:
- Id
- Created
- CreatedBy
- Tags
- Size
- Comment
properties:
Comment:
type: string
x-nullable: false
Created:
type: integer
format: int64
x-nullable: false
CreatedBy:
type: string
x-nullable: false
Id:
type: string
x-nullable: false
Size:
type: integer
format: int64
x-nullable: false
Tags:
type: array
items:
type: string
x-go-name: HistoryResponseItem
examples:
application/json:
- Comment: ''
Created: 1398108230
CreatedBy: "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148
in /"
Id: 3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710
Size: 182964289
Tags:
- ubuntu:lucid
- ubuntu:10.04
- Comment: ''
Created: 1398108222
CreatedBy: "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com>
- mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t
lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/"
Id: 6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8
Size: 0
Tags: []
- Comment: Imported from -
Created: 1371157430
CreatedBy: ''
Id: 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158
Size: 0
Tags:
- scratch12:latest
- scratch:latest
'404':
description: No such image
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/images/{name}/json":
get:
description: Return low-level information about an image.
produces:
- application/json
tags:
- Image
summary: Inspect an image
operationId: ImageInspect
parameters:
- type: string
description: Image name or id
name: name
in: path
required: true
responses:
'200':
description: No error
schema:
"$ref": "#/definitions/Image"
examples:
application/json:
Architecture: amd64
Author: ''
Comment: ''
Config:
AttachStderr: false
AttachStdin: false
AttachStdout: false
Cmd:
- "/bin/bash"
Domainname: ''
Env:
- PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Hostname: e611e15f9c9d
Image: 91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c
Labels:
com.example.license: GPL
com.example.vendor: Acme
com.example.version: '1.0'
MacAddress: ''
NetworkDisabled: false
OnBuild: []
OpenStdin: false
PublishService: ''
StdinOnce: false
Tty: false
User: ''
WorkingDir: ''
Container: cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a
ContainerConfig:
AttachStderr: false
AttachStdin: false
AttachStdout: false
Cmd:
- "/bin/sh"
- "-c"
- "#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
Domainname: ''
Env:
- PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Hostname: e611e15f9c9d
Image: 91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c
Labels:
com.example.license: GPL
com.example.vendor: Acme
com.example.version: '1.0'
MacAddress: ''
NetworkDisabled: false
OnBuild: []
OpenStdin: false
PublishService: ''
StdinOnce: false
Tty: false
User: ''
WorkingDir: ''
Created: '2015-09-10T08:30:53.26995814Z'
DockerVersion: 1.9.0-dev
GraphDriver:
Data: {}
Name: aufs
Id: sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c
Os: linux
Parent: sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c
RepoDigests:
- localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
RepoTags:
- example:1.0
- example:latest
- example:stable
RootFS:
Layers:
- sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6
- sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef
Type: layers
Size: 0
VirtualSize: 188359297
'404':
description: No such image
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such image: someimage (tag: latest)'
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/images/{name}/push":
post:
description: |
Push an image to a registry.
If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, `registry.example.com/myimage:latest`.
The push is cancelled if the HTTP connection is closed.
consumes:
- application/octet-stream
tags:
- Image
summary: Push an image
operationId: ImagePush
parameters:
- type: string
description: Image name or ID.
name: name
in: path
required: true
- type: string
description: The tag to associate with the image on the registry.
name: tag
in: query
- type: string
description: A base64-encoded auth configuration. [See the authentication
section for details.](#section/Authentication)
name: X-Registry-Auth
in: header
required: true
responses:
'200':
description: No error
'404':
description: No such image
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/images/{name}/tag":
post:
description: Tag an image so that it becomes part of a repository.
tags:
- Image
summary: Tag an image
operationId: ImageTag
parameters:
- type: string
description: Image name or ID to tag.
name: name
in: path
required: true
- type: string
description: The repository to tag in. For example, `someuser/someimage`.
name: repo
in: query
- type: string
description: The name of the new tag.
name: tag
in: query
responses:
'201':
description: No error
'400':
description: Bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'404':
description: No such image
schema:
"$ref": "#/definitions/ErrorResponse"
'409':
description: Conflict
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/info":
get:
description: |-
UCP returns a combination of info about the swarm, including:
- Swarm manager status
- Swarm scheduler strategy
- Swarm-manager endpoints that are useful for administrator access when troubleshooting
- Engine proxy endpoints for each node in the swarm that are useful for troubleshooting
- Plugins present on the current manager node
- Engine information for the current manager node
produces:
- application/json
tags:
- System
summary: Get system information
operationId: SystemInfo
responses:
'200':
description: No error
schema:
"$ref": "#/definitions/SystemInfo"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/kubernetesNamespaces":
get:
description: Lists all namespaces for which a user has a grant
produces:
- application/json
tags:
- UCP
summary: Lists all namespaces for which a user has a grant
operationId: ListUserNamespaces
responses:
'200':
description: Success
schema:
"$ref": "#/definitions/v1.NamespaceList"
default:
description: Success
schema:
"$ref": "#/definitions/v1.NamespaceList"
"/metricsdiscovery":
get:
tags:
- UCP
summary: "/metricsdiscovery"
operationId: restfulNoop
responses: {}
"/networks":
get:
description: |-
Returns a list of networks. For details on the format, see [the network inspect endpoint](#operation/NetworkInspect).
Note that it uses a different, smaller representation of a network than inspecting a single network. For example,
the list of containers attached to the network is not propagated in API versions 1.28 and up.
Node-specific networks, like those with bridge and third-party drivers, are prefixed with the node name.
produces:
- application/json
tags:
- Network
summary: List networks
operationId: NetworkList
parameters:
- type: string
description: |
JSON encoded value of the filters (a `map[string][]string`) to process on the networks list. Available filters:
- `driver=<driver-name>` Matches a network's driver.
- `id=<network-id>` Matches all or part of a network ID.
- `label=<key>` or `label=<key>=<value>` of a network label.
- `name=<network-name>` Matches all or part of a network name.
- `scope=["swarm"|"global"|"local"]` Filters networks by scope (`swarm`, `global`, or `local`).
- `type=["custom"|"builtin"]` Filters networks by type. The `custom` keyword returns all user-defined networks.
name: filters
in: query
responses:
'200':
description: No error
schema:
type: array
items:
"$ref": "#/definitions/Network"
examples:
application/json:
- Attachable: false
Created: '2016-10-19T06:21:00.416543526Z'
Driver: bridge
EnableIPv6: false
IPAM:
Config:
- Subnet: 172.17.0.0/16
Driver: default
Id: f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566
Ingress: false
Internal: false
Name: bridge
Options:
com.docker.network.bridge.default_bridge: 'true'
com.docker.network.bridge.enable_icc: 'true'
com.docker.network.bridge.enable_ip_masquerade: 'true'
com.docker.network.bridge.host_binding_ipv4: 0.0.0.0
com.docker.network.bridge.name: docker0
com.docker.network.driver.mtu: '1500'
Scope: local
- Attachable: false
Containers: {}
Created: '0001-01-01T00:00:00Z'
Driver: 'null'
EnableIPv6: false
IPAM:
Config: []
Driver: default
Id: e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794
Ingress: false
Internal: false
Name: none
Options: {}
Scope: local
- Attachable: false
Containers: {}
Created: '0001-01-01T00:00:00Z'
Driver: host
EnableIPv6: false
IPAM:
Config: []
Driver: default
Id: 13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e
Ingress: false
Internal: false
Name: host
Options: {}
Scope: local
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/networks/create":
post:
description: If the name is prefixed with the name of a node, the `create` request
is sent to the specified node. Use the '/' character to separate the node
name, like `testnode/testnet`.
consumes:
- application/json
produces:
- application/json
tags:
- Network
summary: Create a network
operationId: NetworkCreate
parameters:
- description: Network configuration
name: networkConfig
in: body
required: true
schema:
type: object
required:
- Name
properties:
Attachable:
description: Globally scoped network is manually attachable by regular
containers from workers in swarm mode.
type: boolean
CheckDuplicate:
description: Check for networks with duplicate names. Since Network
is primarily keyed based on a random ID and not on the name, and network
name is strictly a user-friendly alias to the network which is uniquely
identified using ID, there is no guaranteed way to check for duplicates.
CheckDuplicate is there to provide a best effort checking of any networks
which has the same name but it is not guaranteed to catch all name
collisions.
type: boolean
Driver:
description: Name of the network driver plugin to use.
type: string
default: bridge
EnableIPv6:
description: Enable IPv6 on the network.
type: boolean
IPAM:
description: Optional custom IP scheme for the network.
"$ref": "#/definitions/IPAM"
Ingress:
description: Ingress network is the network which provides the routing-mesh
in swarm mode.
type: boolean
Internal:
description: Restrict external access to the network.
type: boolean
Labels:
description: User-defined key/value metadata.
type: object
additionalProperties:
type: string
Name:
description: The network's name.
type: string
Options:
description: Network specific options to be used by the drivers.
type: object
additionalProperties:
type: string
example:
Attachable: false
CheckDuplicate: false
Driver: bridge
EnableIPv6: true
IPAM:
Config:
- Gateway: 172.20.10.11
IPRange: 172.20.10.0/24
Subnet: 172.20.0.0/16
- Gateway: 2001:db8:abcd::1011
Subnet: 2001:db8:abcd::/64
Driver: default
Options:
foo: bar
Ingress: false
Internal: true
Labels:
com.example.some-label: some-value
com.example.some-other-label: some-other-value
Name: isolated_nw
Options:
com.docker.network.bridge.default_bridge: 'true'
com.docker.network.bridge.enable_icc: 'true'
com.docker.network.bridge.enable_ip_masquerade: 'true'
com.docker.network.bridge.host_binding_ipv4: 0.0.0.0
com.docker.network.bridge.name: docker0
com.docker.network.driver.mtu: '1500'
responses:
'201':
description: No error
schema:
type: object
title: NetworkCreateResponse
properties:
Id:
description: The ID of the created network.
type: string
Warning:
type: string
example:
Id: 22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30
Warning: ''
'403':
description: operation not supported for pre-defined networks
schema:
"$ref": "#/definitions/ErrorResponse"
'404':
description: plugin not found
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/networks/prune":
post:
description: Not supported on UCP.
produces:
- application/json
tags:
- Network
summary: Delete unused networks
operationId: NetworkPrune
parameters:
- type: string
description: |
Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
Available filters:
- `until=<timestamp>` Prune networks created before this timestamp. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon machine’s time.
- `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune networks with (or without, in case `label!=...` is used) the specified labels.
name: filters
in: query
responses:
'200':
description: No error
schema:
type: object
title: NetworkPruneResponse
properties:
NetworksDeleted:
description: Networks that were deleted
type: array
items:
type: string
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/networks/{id}":
get:
description: Node-specific networks, like those with bridge and third-party
drivers, are prefixed with the node name.
produces:
- application/json
tags:
- Network
summary: Inspect a network
operationId: NetworkInspect
parameters:
- type: string
description: Network ID or name
name: id
in: path
required: true
- type: boolean
default: false
description: Detailed inspect output for troubleshooting
name: verbose
in: query
- type: string
description: Filter the network by scope (swarm, global, or local)
name: scope
in: query
responses:
'200':
description: No error
schema:
"$ref": "#/definitions/Network"
'404':
description: Network not found
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
delete:
tags:
- Network
summary: Remove a network
operationId: NetworkDelete
parameters:
- type: string
description: Network ID or name
name: id
in: path
required: true
responses:
'204':
description: No error
'403':
description: operation not supported for pre-defined networks
schema:
"$ref": "#/definitions/ErrorResponse"
'404':
description: no such network
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/networks/{id}/connect":
post:
consumes:
- application/json
tags:
- Network
summary: Connect a container to a network
operationId: NetworkConnect
parameters:
- type: string
description: Network ID or name
name: id
in: path
required: true
- name: container
in: body
required: true
schema:
type: object
properties:
Container:
description: The ID or name of the container to connect to the network.
type: string
EndpointConfig:
"$ref": "#/definitions/EndpointSettings"
example:
Container: 3613f73ba0e4
EndpointConfig:
IPAMConfig:
IPv4Address: 172.24.56.89
IPv6Address: 2001:db8::5689
responses:
'200':
description: No error
'403':
description: Operation not supported for swarm scoped networks
schema:
"$ref": "#/definitions/ErrorResponse"
'404':
description: Network or container not found
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/networks/{id}/disconnect":
post:
consumes:
- application/json
tags:
- Network
summary: Disconnect a container from a network
operationId: NetworkDisconnect
parameters:
- type: string
description: Network ID or name
name: id
in: path
required: true
- name: container
in: body
required: true
schema:
type: object
properties:
Container:
description: The ID or name of the container to disconnect from the
network.
type: string
Force:
description: Force the container to disconnect from the network.
type: boolean
responses:
'200':
description: No error
'403':
description: Operation not supported for swarm scoped networks
schema:
"$ref": "#/definitions/ErrorResponse"
'404':
description: Network or container not found
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/nodes":
get:
description: UCP augments the `Status.State` based on the status of the UCP
components running on the current node.
tags:
- Node
summary: List nodes
operationId: NodeList
parameters:
- type: string
description: |
Filters to process on the nodes list, encoded as JSON (a `map[string][]string`).
Available filters:
- `id=<node id>`
- `label=<engine label>`
- `membership=`(`accepted`|`pending`)`
- `name=<node name>`
- `role=`(`manager`|`worker`)`
name: filters
in: query
responses:
'200':
description: no error
schema:
type: array
items:
"$ref": "#/definitions/Node"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/nodes/{id}":
get:
description: UCP augments the `Status.State` based on the status of the UCP
components running on the current node.
tags:
- Node
summary: Inspect a node
operationId: NodeInspect
parameters:
- type: string
description: The ID or name of the node
name: id
in: path
required: true
responses:
'200':
description: no error
schema:
"$ref": "#/definitions/Node"
'404':
description: no such node
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
delete:
description: If the current node is a manager, to keep the system healthy UCP
attempts to unwind swarm components, like the KV store and auth store, from
the node.
tags:
- Node
summary: Delete a node
operationId: NodeDelete
parameters:
- type: string
description: The ID or name of the node
name: id
in: path
required: true
- type: boolean
default: false
description: Force remove a node from the swarm
name: force
in: query
responses:
'200':
description: no error
'404':
description: no such node
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/nodes/{id}/update":
post:
tags:
- Node
summary: Update a node
operationId: NodeUpdate
parameters:
- type: string
description: The ID of the node
name: id
in: path
required: true
- name: body
in: body
schema:
"$ref": "#/definitions/NodeSpec"
- type: integer
format: int64
description: The version number of the node object being updated. This is
required to avoid conflicting writes.
name: version
in: query
required: true
responses:
'200':
description: no error
'400':
description: bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'404':
description: no such node
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/oscal/assessments/{assessmentID}":
get:
description: Gets OSCAL Assessement by assessment identifier
consumes:
- application/json
produces:
- application/json
tags:
- OSCAL
summary: Gets OSCAL Assessement by assessment identifier
operationId: Get OSCAL Assessment
parameters:
- type: string
default: ''
description: ID of the assessment
name: assessmentID
in: path
required: true
responses:
'200':
description: Success, assessment found
schema:
"$ref": "#/definitions/oscal.AssessmentResult"
default:
description: Success, assessment found
schema:
"$ref": "#/definitions/oscal.AssessmentResult"
"/oscal/catalog/{catalogID}/profile/{profileID}/assessments":
post:
description: Assess OSCAL implementation by catalog ID and profile ID
consumes:
- application/json
produces:
- application/json
tags:
- OSCAL
summary: Assess OSCAL implementation by catalog ID and profile ID
operationId: Assess OSCAL Implementation
parameters:
- type: string
default: ''
description: ID of the catalog
name: catalogID
in: path
required: true
- type: string
default: ''
description: ID of the profile
name: profileID
in: path
required: true
responses:
'202':
description: Success, assessment initiated.
schema:
"$ref": "#/definitions/oscal.AssessmentID"
"/oscal/catalogs":
get:
description: |-
Retrieve a list of OSCAL-formatted security control catalogs supported
by the automated reporting, assessment and enforcement capabilities in UCP.
produces:
- application/json
tags:
- OSCAL
summary: Retrieve a list of OSCAL-formatted security control catalogs supported
operationId: List OSCAL Catalogs
responses:
'200':
description: Success, catalog listing retrieved.
schema:
type: array
items:
"$ref": "#/definitions/catalog.Catalog"
default:
description: Success, catalog listing retrieved.
schema:
type: array
items:
"$ref": "#/definitions/catalog.Catalog"
"/oscal/catalogs/{id}/implementation":
get:
description: Get OSCAL implementation by catalog ID
produces:
- application/json
tags:
- OSCAL
summary: Get OSCAL implementation by catalog ID
operationId: Get OSCAL Implementation
parameters:
- type: string
default: ''
description: ID of the catalog
name: id
in: path
required: true
responses:
'200':
description: Success, implementation retrieved.
schema:
"$ref": "#/definitions/implementation.Implementation"
default:
description: Success, implementation retrieved.
schema:
"$ref": "#/definitions/implementation.Implementation"
patch:
description: Update OSCAL implementation by catalog ID
produces:
- application/json
tags:
- OSCAL
summary: Update OSCAL implementation by catalog ID
operationId: Update OSCAL Implementation
parameters:
- type: string
default: ''
description: ID of the catalog
name: id
in: path
required: true
responses:
'200':
description: Success, implementation updated.
schema:
"$ref": "#/definitions/implementation.Implementation"
default:
description: Success, implementation updated.
schema:
"$ref": "#/definitions/implementation.Implementation"
"/oscal/controls":
get:
description: |-
Retrieve a list of OSCAL-formatted security catalogs with controls and groups supported
by the automated reporting, assessment and enforcement capabilities in UCP.
produces:
- application/json
tags:
- OSCAL
summary: Retrieve a list of OSCAL-formatted security catalogs with controls
and groups supported
operationId: List OSCAL Controls
responses:
'200':
description: Success, control listing retrieved.
schema:
type: array
items:
"$ref": "#/definitions/catalog.Catalog"
default:
description: Success, control listing retrieved.
schema:
type: array
items:
"$ref": "#/definitions/catalog.Catalog"
"/plugins":
get:
description: |-
Returns information about installed plugins.
NOTE: This API endpoint does not work through the UCP API. Admins can use this API directly on each individual node's Docker daemon.
produces:
- application/json
tags:
- Plugin
summary: List plugins
operationId: PluginList
parameters:
- type: string
description: |
A JSON encoded value of the filters (a `map[string][]string`) to process on the plugin list. Available filters:
- `capability=<capability name>`
- `enable=<true>|<false>`
name: filters
in: query
responses:
'200':
description: No error
schema:
type: array
items:
"$ref": "#/definitions/Plugin"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/plugins/create":
post:
description: |2-
NOTE: This API endpoint does not work through the UCP API. Admins can use this API directly on each individual node's Docker daemon.
consumes:
- application/x-tar
tags:
- Plugin
summary: Create a plugin
operationId: PluginCreate
parameters:
- type: string
description: The name of the plugin. The `:latest` tag is optional, and is
the default if omitted.
name: name
in: query
required: true
- description: Path to tar containing plugin rootfs and manifest
name: tarContext
in: body
schema:
type: string
format: binary
responses:
'204':
description: no error
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/plugins/pull":
post:
description: |-
Pulls and installs a plugin. After the plugin is installed, it can be enabled using the [`POST /plugins/{name}/enable` endpoint](#operation/PostPluginsEnable).
NOTE: This API endpoint does not work through the UCP API. Admins can use this API directly on each individual node's Docker daemon.
produces:
- application/json
tags:
- Plugin
summary: Install a plugin
operationId: PluginPull
parameters:
- type: string
description: |
Remote reference for plugin to install.
The `:latest` tag is optional, and is used as the default if omitted.
name: remote
in: query
required: true
- type: string
description: |
Local name for the pulled plugin.
The `:latest` tag is optional, and is used as the default if omitted.
name: name
in: query
- type: string
description: A base64-encoded auth configuration to use when pulling a plugin
from a registry. [See the authentication section for details.](#section/Authentication)
name: X-Registry-Auth
in: header
- name: body
in: body
schema:
type: array
items:
description: Describes a permission accepted by the user upon installing
the plugin.
type: object
properties:
Description:
type: string
Name:
type: string
Value:
type: array
items:
type: string
example:
- Description: ''
Name: network
Value:
- host
- Description: ''
Name: mount
Value:
- "/data"
- Description: ''
Name: device
Value:
- "/dev/cpu_dma_latency"
responses:
'204':
description: no error
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/plugins/{name}":
delete:
description: |2-
NOTE: This API endpoint does not work through the UCP API. Admins can use this API directly on each individual node's Docker daemon.
tags:
- Plugin
summary: Remove a plugin
operationId: PluginDelete
parameters:
- type: string
description: The name of the plugin. The `:latest` tag is optional, and is
the default if omitted.
name: name
in: path
required: true
- type: boolean
default: false
description: Disable the plugin before removing. This may result in issues
if the plugin is in use by a container.
name: force
in: query
responses:
'200':
description: no error
schema:
"$ref": "#/definitions/Plugin"
'404':
description: plugin is not installed
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/plugins/{name}/disable":
post:
description: |2-
NOTE: This API endpoint does not work through the UCP API. Admins can use this API directly on each individual node's Docker daemon.
tags:
- Plugin
summary: Disable a plugin
operationId: PluginDisable
parameters:
- type: string
description: The name of the plugin. The `:latest` tag is optional, and is
the default if omitted.
name: name
in: path
required: true
responses:
'200':
description: no error
'404':
description: plugin is not installed
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/plugins/{name}/enable":
post:
description: |2-
NOTE: This API endpoint does not work through the UCP API. Admins can use this API directly on each individual node's Docker daemon.
tags:
- Plugin
summary: Enable a plugin
operationId: PluginEnable
parameters:
- type: string
description: The name of the plugin. The `:latest` tag is optional, and is
the default if omitted.
name: name
in: path
required: true
- type: integer
default: 0
description: Set the HTTP client timeout (in seconds)
name: timeout
in: query
responses:
'200':
description: no error
'404':
description: plugin is not installed
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/plugins/{name}/push":
post:
description: |-
Push a plugin to the registry.
NOTE: This API endpoint does not work through the UCP API. Admins can use this API directly on each individual node's Docker daemon.
tags:
- Plugin
summary: Push a plugin
operationId: PluginPush
parameters:
- type: string
description: The name of the plugin. The `:latest` tag is optional, and is
the default if omitted.
name: name
in: path
required: true
responses:
'200':
description: no error
'404':
description: plugin not installed
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/plugins/{name}/set":
post:
description: |2-
NOTE: This API endpoint does not work through the UCP API. Admins can use this API directly on each individual node's Docker daemon.
consumes:
- application/json
tags:
- Plugin
summary: Configure a plugin
operationId: PluginSet
parameters:
- type: string
description: The name of the plugin. The `:latest` tag is optional, and is
the default if omitted.
name: name
in: path
required: true
- name: body
in: body
schema:
type: array
items:
type: string
example:
- DEBUG=1
responses:
'204':
description: No error
'404':
description: Plugin not installed
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/plugins/{name}/upgrade":
post:
description: |2-
NOTE: This API endpoint does not work through the UCP API. Admins can use this API directly on each individual node's Docker daemon.
tags:
- Plugin
summary: Upgrade a plugin
operationId: PluginUpgrade
parameters:
- type: string
description: The name of the plugin. The `:latest` tag is optional, and is
the default if omitted.
name: name
in: path
required: true
- type: string
description: |
Remote reference to upgrade to.
The `:latest` tag is optional, and is used as the default if omitted.
name: remote
in: query
required: true
- type: string
description: A base64-encoded auth configuration to use when pulling a plugin
from a registry. [See the authentication section for details.](#section/Authentication)
name: X-Registry-Auth
in: header
- name: body
in: body
schema:
type: array
items:
description: Describes a permission accepted by the user upon installing
the plugin.
type: object
properties:
Description:
type: string
Name:
type: string
Value:
type: array
items:
type: string
example:
- Description: ''
Name: network
Value:
- host
- Description: ''
Name: mount
Value:
- "/data"
- Description: ''
Name: device
Value:
- "/dev/cpu_dma_latency"
responses:
'204':
description: no error
'404':
description: plugin not installed
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/prelogonmessage":
get:
description: Get pre logon message set by admin
tags:
- UCP
summary: Get pre logon message set by admin
operationId: Pre Logon Message
responses:
'200':
description: Success
'500':
description: Failed to get pre-logon message
default:
description: Success
"/roles":
get:
description: Lists all roles in the system.
produces:
- application/json
tags:
- UCP
summary: Lists all roles in the system.
operationId: ListRoles
responses:
'200':
description: Success
schema:
type: array
items:
"$ref": "#/definitions/role.Role"
default:
description: Success
schema:
type: array
items:
"$ref": "#/definitions/role.Role"
post:
description: Creates a new custom role
consumes:
- application/json
tags:
- UCP
summary: Creates a new custom role
operationId: CreateRole
parameters:
- type: role.Role
name: body
in: body
required: true
schema:
"$ref": "#/definitions/role.Role"
responses:
'201':
description: Success
schema:
type: array
items:
"$ref": "#/definitions/authz.RoleCreateResponse"
"/roles/{role}":
get:
description: Retrieves a single role by ID
produces:
- application/json
tags:
- UCP
summary: Retrieves a single role by ID
operationId: GetRole
parameters:
- type: string
default: ''
description: Name of the role to get
name: role
in: path
required: true
responses:
'200':
description: Success
schema:
"$ref": "#/definitions/role.Role"
default:
description: Success
schema:
"$ref": "#/definitions/role.Role"
delete:
description: Deletes a role by name
produces:
- application/json
tags:
- UCP
summary: Deletes a role by name
operationId: DeleteRole
parameters:
- type: string
default: ''
description: Name of the role to delete
name: role
in: path
required: true
responses:
'204':
description: Success
"/secrets":
get:
produces:
- application/json
tags:
- Secret
summary: List secrets
operationId: SecretList
parameters:
- type: string
description: |
A JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Available filters:
- `id=<secret id>`
- `label=<key> or label=<key>=value`
- `name=<secret name>`
- `names=<secret name>`
name: filters
in: query
responses:
'200':
description: no error
schema:
type: array
items:
"$ref": "#/definitions/Secret"
example:
- CreatedAt: '2017-07-20T13:55:28.678958722Z'
ID: blt1owaxmitz71s9v5zh81zun
Spec:
Driver:
Name: secret-bucket
Options:
OptionA: value for driver option A
OptionB: value for driver option B
Labels:
some.label: some.value
Name: mysql-passwd
UpdatedAt: '2017-07-20T13:55:28.678958722Z'
Version:
Index: 85
- CreatedAt: '2016-11-05T01:20:17.327670065Z'
ID: ktnbjxoalbkvbvedmg1urrz8h
Spec:
Labels:
foo: bar
Name: app-dev.crt
UpdatedAt: '2016-11-05T01:20:17.327670065Z'
Version:
Index: 11
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/secrets/create":
post:
consumes:
- application/json
produces:
- application/json
tags:
- Secret
summary: Create a secret
operationId: SecretCreate
parameters:
- name: body
in: body
schema:
allOf:
- "$ref": "#/definitions/SecretSpec"
- type: object
example:
Data: VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg==
Driver:
Name: secret-bucket
Options:
OptionA: value for driver option A
OptionB: value for driver option B
Labels:
foo: bar
Name: app-key.crt
responses:
'201':
description: no error
schema:
"$ref": "#/definitions/IdResponse"
'409':
description: name conflicts with an existing object
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/secrets/{id}":
get:
produces:
- application/json
tags:
- Secret
summary: Inspect a secret
operationId: SecretInspect
parameters:
- type: string
description: ID of the secret
name: id
in: path
required: true
responses:
'200':
description: no error
schema:
"$ref": "#/definitions/Secret"
examples:
application/json:
CreatedAt: '2016-11-05T01:20:17.327670065Z'
ID: ktnbjxoalbkvbvedmg1urrz8h
Spec:
Driver:
Name: secret-bucket
Options:
OptionA: value for driver option A
OptionB: value for driver option B
Labels:
foo: bar
Name: app-dev.crt
UpdatedAt: '2016-11-05T01:20:17.327670065Z'
Version:
Index: 11
'404':
description: secret not found
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
delete:
produces:
- application/json
tags:
- Secret
summary: Delete a secret
operationId: SecretDelete
parameters:
- type: string
description: ID of the secret
name: id
in: path
required: true
responses:
'204':
description: no error
'404':
description: secret not found
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/secrets/{id}/update":
post:
tags:
- Secret
summary: Update a Secret
operationId: SecretUpdate
parameters:
- type: string
description: The ID or name of the secret
name: id
in: path
required: true
- description: The spec of the secret to update. Currently, only the Labels
field can be updated. All other fields must remain unchanged from the [SecretInspect
endpoint](#operation/SecretInspect) response values.
name: body
in: body
schema:
"$ref": "#/definitions/SecretSpec"
- type: integer
format: int64
description: The version number of the secret object being updated. This is
required to avoid conflicting writes.
name: version
in: query
required: true
responses:
'200':
description: no error
'400':
description: bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'404':
description: no such secret
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/services":
get:
tags:
- Service
summary: List services
operationId: ServiceList
parameters:
- type: string
description: |
A JSON encoded value of the filters (a `map[string][]string`) to process on the services list. Available filters:
- `id=<service id>`
- `label=<service label>`
- `mode=["replicated"|"global"]`
- `name=<service name>`
name: filters
in: query
responses:
'200':
description: no error
schema:
type: array
items:
"$ref": "#/definitions/Service"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/services/create":
post:
consumes:
- application/json
produces:
- application/json
tags:
- Service
summary: Create a service
operationId: ServiceCreate
parameters:
- name: body
in: body
required: true
schema:
allOf:
- "$ref": "#/definitions/ServiceSpec"
- type: object
example:
EndpointSpec:
Ports:
- Protocol: tcp
PublishedPort: 8080
TargetPort: 80
Labels:
foo: bar
Mode:
Replicated:
Replicas: 4
Name: web
RollbackConfig:
Delay: 1000000000
FailureAction: pause
MaxFailureRatio: 0.15
Monitor: 15000000000
Parallelism: 1
TaskTemplate:
ContainerSpec:
DNSConfig:
Nameservers:
- 8.8.8.8
Options:
- timeout:3
Search:
- example.org
Hosts:
- 10.10.10.10 host1
- ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 host2
Image: nginx:alpine
Mounts:
- ReadOnly: true
Source: web-data
Target: "/usr/share/nginx/html"
Type: volume
VolumeOptions:
DriverConfig: {}
Labels:
com.example.something: something-value
Secrets:
- File:
GID: '33'
Mode: 384
Name: www.example.org.key
UID: '33'
SecretID: fpjqlhnwb19zds35k8wn80lq9
SecretName: example_org_domain_key
User: '33'
LogDriver:
Name: json-file
Options:
max-file: '3'
max-size: 10M
Placement: {}
Resources:
Limits:
MemoryBytes: 104857600
Reservations: {}
RestartPolicy:
Condition: on-failure
Delay: 10000000000
MaxAttempts: 10
UpdateConfig:
Delay: 1000000000
FailureAction: pause
MaxFailureRatio: 0.15
Monitor: 15000000000
Parallelism: 2
- type: string
description: A base64-encoded auth configuration for pulling from private
registries. [See the authentication section for details.](#section/Authentication)
name: X-Registry-Auth
in: header
responses:
'201':
description: no error
schema:
type: object
title: ServiceCreateResponse
properties:
ID:
description: The ID of the created service.
type: string
Warning:
description: Optional warning message
type: string
example:
ID: ak7w3gjqoa3kuz8xcpnyy0pvl
Warning: 'unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest
not found'
'400':
description: bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'403':
description: network is not eligible for services
schema:
"$ref": "#/definitions/ErrorResponse"
'409':
description: name conflicts with an existing service
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/services/{id}":
get:
tags:
- Service
summary: Inspect a service
operationId: ServiceInspect
parameters:
- type: string
description: ID or name of service.
name: id
in: path
required: true
- type: boolean
default: false
description: Fill empty fields with default values.
name: insertDefaults
in: query
responses:
'200':
description: no error
schema:
"$ref": "#/definitions/Service"
'404':
description: no such service
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
delete:
tags:
- Service
summary: Delete a service
operationId: ServiceDelete
parameters:
- type: string
description: ID or name of service.
name: id
in: path
required: true
responses:
'200':
description: no error
'404':
description: no such service
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/services/{id}/logs":
get:
description: |
Get `stdout` and `stderr` logs from a service.
**Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
produces:
- application/vnd.docker.raw-stream
- application/json
tags:
- Service
summary: Get service logs
operationId: ServiceLogs
parameters:
- type: string
description: ID or name of the service
name: id
in: path
required: true
- type: boolean
default: false
description: Show service context and extra details provided to logs.
name: details
in: query
- type: boolean
default: false
description: |
Return the logs as a stream.
This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
name: follow
in: query
- type: boolean
default: false
description: Return logs from `stdout`
name: stdout
in: query
- type: boolean
default: false
description: Return logs from `stderr`
name: stderr
in: query
- type: integer
default: 0
description: Only return logs since this time, as a UNIX timestamp
name: since
in: query
- type: boolean
default: false
description: Add timestamps to every log line
name: timestamps
in: query
- type: string
default: all
description: Only return this number of log lines from the end of the logs.
Specify as an integer or `all` to output all log lines.
name: tail
in: query
responses:
'101':
description: logs returned as a stream
schema:
type: string
format: binary
'200':
description: logs returned as a string in response body
schema:
type: string
'404':
description: no such service
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such service: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/services/{id}/update":
post:
consumes:
- application/json
produces:
- application/json
tags:
- Service
summary: Update a service
operationId: ServiceUpdate
parameters:
- type: string
description: ID or name of service.
name: id
in: path
required: true
- name: body
in: body
required: true
schema:
allOf:
- "$ref": "#/definitions/ServiceSpec"
- type: object
example:
EndpointSpec:
Mode: vip
Mode:
Replicated:
Replicas: 1
Name: top
RollbackConfig:
Delay: 1000000000
FailureAction: pause
MaxFailureRatio: 0.15
Monitor: 15000000000
Parallelism: 1
TaskTemplate:
ContainerSpec:
Args:
- top
Image: busybox
ForceUpdate: 0
Placement: {}
Resources:
Limits: {}
Reservations: {}
RestartPolicy:
Condition: any
MaxAttempts: 0
UpdateConfig:
Delay: 1000000000
FailureAction: pause
MaxFailureRatio: 0.15
Monitor: 15000000000
Parallelism: 2
- type: integer
description: The version number of the service object being updated. This
is required to avoid conflicting writes.
name: version
in: query
required: true
- type: string
default: spec
description: If the X-Registry-Auth header is not specified, this parameter
indicates where to find registry authorization credentials. The valid values
are `spec` and `previous-spec`.
name: registryAuthFrom
in: query
- type: string
description: Set to this parameter to `previous` to cause a server-side rollback
to the previous service spec. The supplied spec will be ignored in this
case.
name: rollback
in: query
- type: string
description: A base64-encoded auth configuration for pulling from private
registries. [See the authentication section for details.](#section/Authentication)
name: X-Registry-Auth
in: header
responses:
'200':
description: no error
schema:
"$ref": "#/definitions/ServiceUpdateResponse"
'400':
description: bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'404':
description: no such service
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/session":
post:
description: |
Start a new interactive session with a server. Session allows server to call back to the client for advanced capabilities.
> **Note**: This endpoint is *experimental* and only available if the daemon is started with experimental
> features enabled. The specifications for this endpoint may still change in a future version of the API.
### Hijacking
This endpoint hijacks the HTTP connection to HTTP2 transport that allows the client to expose gPRC services on that connection.
For example, the client sends this request to upgrade the connection:
```
POST /session HTTP/1.1
Upgrade: h2c
Connection: Upgrade
```
The Docker daemon will respond with a `101 UPGRADED` response follow with the raw stream:
```
HTTP/1.1 101 UPGRADED
Connection: Upgrade
Upgrade: h2c
```
produces:
- application/vnd.docker.raw-stream
tags:
- Session (experimental)
summary: Initialize interactive session
operationId: Session
responses:
'101':
description: no error, hijacking successful
'400':
description: bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/swarm":
get:
tags:
- Swarm
summary: Inspect swarm
operationId: SwarmInspect
responses:
'200':
description: no error
schema:
"$ref": "#/definitions/Swarm"
'404':
description: no such swarm
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/swarm/init":
post:
produces:
- application/json
- text/plain
tags:
- Swarm
summary: Initialize a new swarm
operationId: SwarmInit
parameters:
- name: body
in: body
required: true
schema:
type: object
properties:
AdvertiseAddr:
description: Externally reachable address advertised to other nodes.
This can either be an address/port combination in the form `192.168.1.1:4567`,
or an interface followed by a port number, like `eth0:4567`. If the
port number is omitted, the port number from the listen address is
used. If `AdvertiseAddr` is not specified, it will be automatically
detected when possible.
type: string
DataPathAddr:
description: |
Address or interface to use for data path traffic (format: `<ip|interface>`), for example, `192.168.1.1`,
or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
is used.
The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
nodes in order to reach the containers running on this node. Using this parameter it is possible to
separate the container data traffic from the management traffic of the cluster.
type: string
DefaultAddrPool:
description: 'Default Address Pool specifies default subnet pools for
global scope networks.
'
type: array
items:
type: string
example:
- 10.10.0.0/16
- 20.20.0.0/16
ForceNewCluster:
description: Force creation of a new swarm.
type: boolean
ListenAddr:
description: Listen address used for inter-manager communication, as
well as determining the networking interface used for the VXLAN Tunnel
Endpoint (VTEP). This can either be an address/port combination in
the form `192.168.1.1:4567`, or an interface followed by a port number,
like `eth0:4567`. If the port number is omitted, the default swarm
listening port is used.
type: string
Spec:
"$ref": "#/definitions/SwarmSpec"
SubnetSize:
description: 'SubnetSize specifies the subnet size of the networks created
from the default subnet pool
'
type: integer
format: uint32
example:
AdvertiseAddr: 192.168.1.1:2377
DefaultAddrPool:
- 10.10.0.0/8
- 20.20.0.0/8
ForceNewCluster: false
ListenAddr: 0.0.0.0:2377
Spec:
CAConfig: {}
Dispatcher: {}
EncryptionConfig:
AutoLockManagers: false
Orchestration: {}
Raft: {}
SubnetSize: 24
responses:
'200':
description: no error
schema:
description: The node ID
type: string
example: 7v2t30z9blmxuhnyo6s4cpenp
'400':
description: bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is already part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/swarm/join":
post:
tags:
- Swarm
summary: Join an existing swarm
operationId: SwarmJoin
parameters:
- name: body
in: body
required: true
schema:
type: object
properties:
AdvertiseAddr:
description: Externally reachable address advertised to other nodes.
This can either be an address/port combination in the form `192.168.1.1:4567`,
or an interface followed by a port number, like `eth0:4567`. If the
port number is omitted, the port number from the listen address is
used. If `AdvertiseAddr` is not specified, it will be automatically
detected when possible.
type: string
DataPathAddr:
description: |
Address or interface to use for data path traffic (format: `<ip|interface>`), for example, `192.168.1.1`,
or an interface, like `eth0`. If `DataPathAddr` is unspecified, the same address as `AdvertiseAddr`
is used.
The `DataPathAddr` specifies the address that global scope network drivers will publish towards other
nodes in order to reach the containers running on this node. Using this parameter it is possible to
separate the container data traffic from the management traffic of the cluster.
type: string
JoinToken:
description: Secret token for joining this swarm.
type: string
ListenAddr:
description: Listen address used for inter-manager communication if
the node gets promoted to manager, as well as determining the networking
interface used for the VXLAN Tunnel Endpoint (VTEP).
type: string
RemoteAddrs:
description: Addresses of manager nodes already participating in the
swarm.
type: string
example:
AdvertiseAddr: 192.168.1.1:2377
JoinToken: SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2
ListenAddr: 0.0.0.0:2377
RemoteAddrs:
- node1:2377
responses:
'200':
description: no error
'400':
description: bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is already part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/swarm/leave":
post:
tags:
- Swarm
summary: Leave a swarm
operationId: SwarmLeave
parameters:
- type: boolean
default: false
description: Force leave swarm, even if this is the last manager or that it
will break the cluster.
name: force
in: query
responses:
'200':
description: no error
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/swarm/update":
post:
tags:
- Swarm
summary: Update a swarm
operationId: SwarmUpdate
parameters:
- name: body
in: body
required: true
schema:
"$ref": "#/definitions/SwarmSpec"
- type: integer
format: int64
description: The version number of the swarm object being updated. This is
required to avoid conflicting writes.
name: version
in: query
required: true
- type: boolean
default: false
description: Rotate the worker join token.
name: rotateWorkerToken
in: query
- type: boolean
default: false
description: Rotate the manager join token.
name: rotateManagerToken
in: query
- type: boolean
default: false
description: Rotate the manager unlock key.
name: rotateManagerUnlockKey
in: query
responses:
'200':
description: no error
'400':
description: bad parameter
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/tasks":
get:
produces:
- application/json
tags:
- Task
summary: List tasks
operationId: TaskList
parameters:
- type: string
description: |
A JSON encoded value of the filters (a `map[string][]string`) to process on the tasks list. Available filters:
- `desired-state=(running | shutdown | accepted)`
- `id=<task id>`
- `label=key` or `label="key=value"`
- `name=<task name>`
- `node=<node id or name>`
- `service=<service name>`
name: filters
in: query
responses:
'200':
description: no error
schema:
type: array
items:
"$ref": "#/definitions/Task"
example:
- CreatedAt: '2016-06-07T21:07:31.171892745Z'
DesiredState: running
ID: 0kzzo1i0y4jz6027t0k7aezc7
NetworksAttachments:
- Addresses:
- 10.255.0.10/16
Network:
CreatedAt: '2016-06-07T20:31:11.912919752Z'
DriverState:
Name: overlay
Options:
com.docker.network.driver.overlay.vxlanid_list: '256'
ID: 4qvuz4ko70xaltuqbt8956gd1
IPAMOptions:
Configs:
- Gateway: 10.255.0.1
Subnet: 10.255.0.0/16
Driver:
Name: default
Spec:
DriverConfiguration: {}
IPAMOptions:
Configs:
- Gateway: 10.255.0.1
Subnet: 10.255.0.0/16
Driver: {}
Labels:
com.docker.swarm.internal: 'true'
Name: ingress
UpdatedAt: '2016-06-07T21:07:29.955277358Z'
Version:
Index: 18
NodeID: 60gvrl6tm78dmak4yl7srz94v
ServiceID: 9mnpnzenvg8p8tdbtq4wvbkcz
Slot: 1
Spec:
ContainerSpec:
Image: redis
Placement: {}
Resources:
Limits: {}
Reservations: {}
RestartPolicy:
Condition: any
MaxAttempts: 0
Status:
ContainerStatus:
ContainerID: e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035
PID: 677
Message: started
State: running
Timestamp: '2016-06-07T21:07:31.290032978Z'
UpdatedAt: '2016-06-07T21:07:31.376370513Z'
Version:
Index: 71
- CreatedAt: '2016-06-07T21:07:30.019104782Z'
DesiredState: shutdown
ID: 1yljwbmlr8er2waf8orvqpwms
Name: hopeful_cori
NetworksAttachments:
- Addresses:
- 10.255.0.5/16
Network:
CreatedAt: '2016-06-07T20:31:11.912919752Z'
DriverState:
Name: overlay
Options:
com.docker.network.driver.overlay.vxlanid_list: '256'
ID: 4qvuz4ko70xaltuqbt8956gd1
IPAMOptions:
Configs:
- Gateway: 10.255.0.1
Subnet: 10.255.0.0/16
Driver:
Name: default
Spec:
DriverConfiguration: {}
IPAMOptions:
Configs:
- Gateway: 10.255.0.1
Subnet: 10.255.0.0/16
Driver: {}
Labels:
com.docker.swarm.internal: 'true'
Name: ingress
UpdatedAt: '2016-06-07T21:07:29.955277358Z'
Version:
Index: 18
NodeID: 60gvrl6tm78dmak4yl7srz94v
ServiceID: 9mnpnzenvg8p8tdbtq4wvbkcz
Slot: 1
Spec:
ContainerSpec:
Image: redis
Placement: {}
Resources:
Limits: {}
Reservations: {}
RestartPolicy:
Condition: any
MaxAttempts: 0
Status:
ContainerStatus:
ContainerID: 1cf8d63d18e79668b0004a4be4c6ee58cddfad2dae29506d8781581d0688a213
Message: shutdown
State: shutdown
Timestamp: '2016-06-07T21:07:30.202183143Z'
UpdatedAt: '2016-06-07T21:07:30.231958098Z'
Version:
Index: 30
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/tasks/{id}":
get:
produces:
- application/json
tags:
- Task
summary: Inspect a task
operationId: TaskInspect
parameters:
- type: string
description: ID of the task
name: id
in: path
required: true
responses:
'200':
description: no error
schema:
"$ref": "#/definitions/Task"
'404':
description: no such task
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/tasks/{id}/logs":
get:
description: |
Get `stdout` and `stderr` logs from a task.
**Note**: This endpoint works only for services with the `json-file` or `journald` logging drivers.
produces:
- application/vnd.docker.raw-stream
- application/json
tags:
- UCP
summary: Get task logs
operationId: TaskLogs
parameters:
- type: string
description: ID of the task
name: id
in: path
required: true
- type: boolean
default: false
description: Show task context and extra details provided to logs.
name: details
in: query
- type: boolean
default: false
description: |
Return the logs as a stream.
This will return a `101` HTTP response with a `Connection: upgrade` header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, [see the documentation for the attach endpoint](#operation/ContainerAttach).
name: follow
in: query
- type: boolean
default: false
description: Return logs from `stdout`
name: stdout
in: query
- type: boolean
default: false
description: Return logs from `stderr`
name: stderr
in: query
- type: integer
default: 0
description: Only return logs since this time, as a UNIX timestamp
name: since
in: query
- type: boolean
default: false
description: Add timestamps to every log line
name: timestamps
in: query
- type: string
default: all
description: Only return this number of log lines from the end of the logs.
Specify as an integer or `all` to output all log lines.
name: tail
in: query
responses:
'101':
description: logs returned as a stream
schema:
type: string
format: binary
'200':
description: logs returned as a string in response body
schema:
type: string
'404':
description: no such task
schema:
"$ref": "#/definitions/ErrorResponse"
examples:
application/json:
message: 'No such task: c2ada9df5af8'
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
'503':
description: node is not part of a swarm
schema:
"$ref": "#/definitions/ErrorResponse"
"/totalRole":
get:
description: Returns a role with all operations that a user can perform against
at least one collection in the system.
produces:
- application/json
tags:
- UCP
summary: Returns a role with all operations that a user can perform against
at least one collection in the system.
operationId: TotalRole
responses:
'200':
description: Success
schema:
type: array
items:
"$ref": "#/definitions/role.Role"
default:
description: Success
schema:
type: array
items:
"$ref": "#/definitions/role.Role"
"/version":
get:
description: Returns the version of Docker that is running and various information
about the system that Docker is running on.
produces:
- application/json
tags:
- System
summary: Get version
operationId: SystemVersion
responses:
'200':
description: no error
schema:
type: object
title: SystemVersionResponse
properties:
ApiVersion:
type: string
Arch:
type: string
BuildTime:
type: string
Components:
type: array
items:
type: object
required:
- Name
- Version
properties:
Details:
type: object
x-nullable: true
Name:
type: string
Version:
type: string
x-nullable: false
x-go-name: ComponentVersion
Experimental:
type: boolean
GitCommit:
type: string
GoVersion:
type: string
KernelVersion:
type: string
MinAPIVersion:
type: string
Os:
type: string
Platform:
type: object
required:
- Name
properties:
Name:
type: string
Version:
type: string
examples:
application/json:
ApiVersion: '1.27'
Arch: amd64
BuildTime: '2016-06-14T07:09:13.444803460+00:00'
Experimental: true
GitCommit: deadbee
GoVersion: go1.7.5
KernelVersion: 3.19.0-23-generic
MinAPIVersion: '1.12'
Os: linux
Version: 17.04.0
'500':
description: server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/volumes":
get:
description: If the name is prefixed with the name of a node, the request is
sent to the specified node. Use the '/' character to distinguish the node
name, like `testnode/testvolume`.
produces:
- application/json
tags:
- Volume
summary: List volumes
operationId: VolumeList
parameters:
- type: string
format: json
description: |
JSON encoded value of the filters (a `map[string][]string`) to
process on the volumes list. Available filters:
- `dangling=<boolean>` When set to `true` (or `1`), returns all
volumes that are not in use by a container. When set to `false`
(or `0`), only volumes that are in use by one or more
containers are returned.
- `driver=<volume-driver-name>` Matches volumes based on their driver.
- `label=<key>` or `label=<key>:<value>` Matches volumes based on
the presence of a `label` alone or a `label` and a value.
- `name=<volume-name>` Matches all or part of a volume name.
name: filters
in: query
responses:
'200':
description: Summary volume data that matches the query
schema:
description: Volume list response
type: object
title: VolumeListResponse
required:
- Volumes
- Warnings
properties:
Volumes:
description: List of volumes
type: array
items:
"$ref": "#/definitions/Volume"
x-nullable: false
Warnings:
description: Warnings that occurred when fetching the list of volumes
type: array
items:
type: string
x-nullable: false
examples:
application/json:
Volumes:
- CreatedAt: '2017-07-19T12:00:26Z'
Driver: local
Labels:
com.example.some-label: some-value
com.example.some-other-label: some-other-value
Mountpoint: "/var/lib/docker/volumes/tardis"
Name: tardis
Options:
device: tmpfs
o: size=100m,uid=1000
type: tmpfs
Scope: local
Warnings: []
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/volumes/create":
post:
consumes:
- application/json
produces:
- application/json
tags:
- Volume
summary: Create a volume
operationId: VolumeCreate
parameters:
- description: Volume configuration
name: volumeConfig
in: body
required: true
schema:
description: Volume configuration
type: object
title: VolumeConfig
properties:
Driver:
description: Name of the volume driver to use.
type: string
default: local
x-nullable: false
DriverOpts:
description: A mapping of driver options and values. These options are
passed directly to the driver and are driver specific.
type: object
additionalProperties:
type: string
Labels:
description: User-defined key/value metadata.
type: object
additionalProperties:
type: string
Name:
description: The new volume's name. If not specified, Docker generates
a name.
type: string
x-nullable: false
example:
Driver: custom
Labels:
com.example.some-label: some-value
com.example.some-other-label: some-other-value
Name: tardis
responses:
'201':
description: The volume was created successfully
schema:
"$ref": "#/definitions/Volume"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/volumes/prune":
post:
produces:
- application/json
tags:
- Volume
summary: Delete unused volumes
operationId: VolumePrune
parameters:
- type: string
description: |
Filters to process on the prune list, encoded as JSON (a `map[string][]string`).
Available filters:
- `label` (`label=<key>`, `label=<key>=<value>`, `label!=<key>`, or `label!=<key>=<value>`) Prune volumes with (or without, in case `label!=...` is used) the specified labels.
name: filters
in: query
responses:
'200':
description: No error
schema:
type: object
title: VolumePruneResponse
properties:
SpaceReclaimed:
description: Disk space reclaimed in bytes
type: integer
format: int64
VolumesDeleted:
description: Volumes that were deleted
type: array
items:
type: string
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
"/volumes/{name}":
get:
description: If the name is prefixed with the name of a node, the request is
sent to the specified node. Use the '/' character to distinguish the node
name, like `testnode/testvolume`.
produces:
- application/json
tags:
- Volume
summary: Inspect a volume
operationId: VolumeInspect
parameters:
- type: string
description: Volume name or ID
name: name
in: path
required: true
responses:
'200':
description: No error
schema:
"$ref": "#/definitions/Volume"
'404':
description: No such volume
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
delete:
description: Instruct the driver to remove the volume.
tags:
- Volume
summary: Remove a volume
operationId: VolumeDelete
parameters:
- type: string
description: Volume name or ID
name: name
in: path
required: true
- type: boolean
default: false
description: Force the removal of the volume
name: force
in: query
responses:
'204':
description: The volume was removed
'404':
description: No such volume or volume driver
schema:
"$ref": "#/definitions/ErrorResponse"
'409':
description: Volume is in use and cannot be removed
schema:
"$ref": "#/definitions/ErrorResponse"
'500':
description: Server error
schema:
"$ref": "#/definitions/ErrorResponse"
definitions:
Address:
description: Address represents an IPv4 or IPv6 IP address.
type: object
properties:
Addr:
description: IP address.
type: string
PrefixLen:
description: Mask length of the IP address.
type: integer
AuthConfig:
type: object
properties:
email:
type: string
password:
type: string
serveraddress:
type: string
username:
type: string
example:
password: xxxx
serveraddress: https://index.docker.io/v1/
username: hannibal
BuildInfo:
type: object
properties:
aux:
"$ref": "#/definitions/ImageID"
error:
type: string
errorDetail:
"$ref": "#/definitions/ErrorDetail"
id:
type: string
progress:
type: string
progressDetail:
"$ref": "#/definitions/ProgressDetail"
status:
type: string
stream:
type: string
ClusterInfo:
description: |
ClusterInfo represents information about the swarm as is returned by the
"/info" endpoint. Join-tokens are not included.
type: object
properties:
CreatedAt:
description: |
Date and time at which the swarm was initialised in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: string
format: dateTime
example: '2016-08-18T10:44:24.496525531Z'
ID:
description: The ID of the swarm.
type: string
example: abajmipo7b4xz5ip2nrla6b11
RootRotationInProgress:
description: Whether there is currently a root CA rotation in progress for
the swarm
type: boolean
example: false
Spec:
"$ref": "#/definitions/SwarmSpec"
TLSInfo:
"$ref": "#/definitions/TLSInfo"
UpdatedAt:
description: |
Date and time at which the swarm was last updated in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: string
format: dateTime
example: '2017-08-09T07:09:37.632105588Z'
Version:
"$ref": "#/definitions/ObjectVersion"
x-nullable: true
Commit:
description: |
Commit holds the Git-commit (SHA1) that a binary was built from, as
reported in the version-string of external tools, such as `containerd`,
or `runC`.
type: object
properties:
Expected:
description: 'Commit ID of external tool expected by dockerd as set at build
time.
'
type: string
example: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4
ID:
description: Actual commit ID of external tool.
type: string
example: cfb82a876ecc11b5ca0977d1733adbe58599088a
Config:
type: object
properties:
CreatedAt:
type: string
format: dateTime
ID:
type: string
Spec:
"$ref": "#/definitions/ConfigSpec"
UpdatedAt:
type: string
format: dateTime
Version:
"$ref": "#/definitions/ObjectVersion"
ConfigSpec:
type: object
properties:
Data:
description: |
Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
config data.
type: string
Labels:
description: User-defined key/value metadata.
type: object
additionalProperties:
type: string
Name:
description: User-defined name of the config.
type: string
Templating:
description: |
Templating driver, if applicable
Templating controls whether and how to evaluate the config payload as
a template. If no driver is set, no templating is used.
"$ref": "#/definitions/Driver"
ContainerConfig:
description: Configuration for a container that is portable between hosts
type: object
properties:
ArgsEscaped:
description: Command is already escaped (Windows only)
type: boolean
AttachStderr:
description: Whether to attach to `stderr`.
type: boolean
default: true
AttachStdin:
description: Whether to attach to `stdin`.
type: boolean
default: false
AttachStdout:
description: Whether to attach to `stdout`.
type: boolean
default: true
Cmd:
description: Command to run specified as a string or an array of strings.
type: array
items:
type: string
Domainname:
description: The domain name to use for the container.
type: string
Entrypoint:
description: |
The entry point for the container as a string or an array of strings.
If the array consists of exactly one empty string (`[""]`) then the entry point is reset to system default (i.e., the entry point used by docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`).
type: array
items:
type: string
Env:
description: 'A list of environment variables to set inside the container
in the form `["VAR=value", ...]`. A variable without `=` is removed from
the environment, rather than to have an empty value.
'
type: array
items:
type: string
ExposedPorts:
description: |
An object mapping ports to an empty object in the form:
`{"<port>/<tcp|udp|sctp>": {}}`
type: object
additionalProperties:
type: object
default: {}
enum:
- {}
Healthcheck:
"$ref": "#/definitions/HealthConfig"
Hostname:
description: The hostname to use for the container, as a valid RFC 1123 hostname.
type: string
Image:
description: The name of the image to use when creating the container
type: string
Labels:
description: User-defined key/value metadata.
type: object
additionalProperties:
type: string
MacAddress:
description: MAC address of the container.
type: string
NetworkDisabled:
description: Disable networking for the container.
type: boolean
OnBuild:
description: "`ONBUILD` metadata that were defined in the image's `Dockerfile`."
type: array
items:
type: string
OpenStdin:
description: Open `stdin`
type: boolean
default: false
Shell:
description: Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell.
type: array
items:
type: string
StdinOnce:
description: Close `stdin` after one attached client disconnects
type: boolean
default: false
StopSignal:
description: Signal to stop a container as a string or unsigned integer.
type: string
default: SIGTERM
StopTimeout:
description: Timeout to stop a container in seconds.
type: integer
default: 10
Tty:
description: Attach standard streams to a TTY, including `stdin` if it is
not closed.
type: boolean
default: false
User:
description: The user that commands are run as inside the container.
type: string
Volumes:
description: An object mapping mount point paths inside the container to empty
objects.
type: object
additionalProperties:
type: object
default: {}
enum:
- {}
WorkingDir:
description: The working directory for commands to run in.
type: string
ContainerSummary:
type: array
items:
type: object
properties:
Command:
description: Command to run when starting the container
type: string
Created:
description: When the container was created
type: integer
format: int64
HostConfig:
type: object
properties:
NetworkMode:
type: string
Id:
description: The ID of this container
type: string
x-go-name: ID
Image:
description: The name of the image used when creating this container
type: string
ImageID:
description: The ID of the image that this container was created from
type: string
Labels:
description: User-defined key/value metadata.
type: object
additionalProperties:
type: string
Mounts:
type: array
items:
"$ref": "#/definitions/Mount"
Names:
description: The names that this container has been given
type: array
items:
type: string
NetworkSettings:
description: A summary of the container's network settings
type: object
properties:
Networks:
type: object
additionalProperties:
"$ref": "#/definitions/EndpointSettings"
Ports:
description: The ports exposed by this container
type: array
items:
"$ref": "#/definitions/Port"
SizeRootFs:
description: The total size of all the files in this container
type: integer
format: int64
SizeRw:
description: The size of files that have been created or changed by this
container
type: integer
format: int64
State:
description: The state of this container (e.g. `Exited`)
type: string
Status:
description: Additional human-readable status of this container (e.g. `Exit
0`)
type: string
CreateImageInfo:
type: object
properties:
error:
type: string
id:
type: string
progress:
type: string
progressDetail:
"$ref": "#/definitions/ProgressDetail"
status:
type: string
DeviceMapping:
description: A device mapping between the host and container
type: object
properties:
CgroupPermissions:
type: string
PathInContainer:
type: string
PathOnHost:
type: string
example:
CgroupPermissions: mrw
PathInContainer: "/dev/deviceName"
PathOnHost: "/dev/deviceName"
Driver:
description: Driver represents a driver (network, logging, secrets).
type: object
required:
- Name
properties:
Name:
description: Name of the driver.
type: string
x-nullable: false
example: some-driver
Options:
description: Key/value map of driver-specific options.
type: object
additionalProperties:
type: string
x-nullable: false
example:
OptionA: value for driver-specific option A
OptionB: value for driver-specific option B
EndpointIPAMConfig:
description: 'EndpointIPAMConfig represents an endpoint''s IPAM configuration.
'
type: object
properties:
IPv4Address:
type: string
example: 172.20.30.33
IPv6Address:
type: string
example: 2001:db8:abcd::3033
LinkLocalIPs:
type: array
items:
type: string
example:
- 169.254.34.68
- fe80::3468
x-nullable: true
EndpointPortConfig:
type: object
properties:
Name:
type: string
Protocol:
type: string
enum:
- tcp
- udp
- sctp
PublishMode:
description: |
The mode in which port is published.
<p><br /></p>
- "ingress" makes the target port accessible on on every node,
regardless of whether there is a task for the service running on
that node or not.
- "host" bypasses the routing mesh and publish the port directly on
the swarm node where that service is running.
type: string
default: ingress
enum:
- ingress
- host
example: ingress
PublishedPort:
description: The port on the swarm hosts.
type: integer
TargetPort:
description: The port inside the container.
type: integer
EndpointSettings:
description: Configuration for a network endpoint.
type: object
properties:
Aliases:
type: array
items:
type: string
example:
- server_x
- server_y
DriverOpts:
description: |
DriverOpts is a mapping of driver options and values. These options
are passed directly to the driver and are driver specific.
type: object
additionalProperties:
type: string
x-nullable: true
example:
com.example.some-label: some-value
com.example.some-other-label: some-other-value
EndpointID:
description: 'Unique ID for the service endpoint in a Sandbox.
'
type: string
example: b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b
Gateway:
description: 'Gateway address for this network.
'
type: string
example: 172.17.0.1
GlobalIPv6Address:
description: 'Global IPv6 address.
'
type: string
example: 2001:db8::5689
GlobalIPv6PrefixLen:
description: 'Mask length of the global IPv6 address.
'
type: integer
format: int64
example: 64
IPAMConfig:
"$ref": "#/definitions/EndpointIPAMConfig"
IPAddress:
description: 'IPv4 address.
'
type: string
example: 172.17.0.4
IPPrefixLen:
description: 'Mask length of the IPv4 address.
'
type: integer
example: 16
IPv6Gateway:
description: 'IPv6 gateway address.
'
type: string
example: 2001:db8:2::100
Links:
type: array
items:
type: string
example:
- container_1
- container_2
MacAddress:
description: 'MAC address for the endpoint on this network.
'
type: string
example: 02:42:ac:11:00:04
NetworkID:
description: 'Unique ID of the network.
'
type: string
example: '08754567f1f40222263eab4102e1c733ae697e8e354aa9cd6e18d7402835292a'
EndpointSpec:
description: Properties that can be configured to access and load balance a service.
type: object
properties:
Mode:
description: The mode of resolution to use for internal load balancing between
tasks.
type: string
default: vip
enum:
- vip
- dnsrr
Ports:
description: List of exposed ports that this service is accessible on from
the outside. Ports can only be provided if `vip` resolution mode is used.
type: array
items:
"$ref": "#/definitions/EndpointPortConfig"
EngineDescription:
description: EngineDescription provides information about an engine.
type: object
properties:
EngineVersion:
type: string
example: 17.06.0
Labels:
type: object
additionalProperties:
type: string
example:
foo: bar
Plugins:
type: array
items:
type: object
properties:
Name:
type: string
Type:
type: string
example:
- Name: awslogs
Type: Log
- Name: fluentd
Type: Log
- Name: gcplogs
Type: Log
- Name: gelf
Type: Log
- Name: journald
Type: Log
- Name: json-file
Type: Log
- Name: logentries
Type: Log
- Name: splunk
Type: Log
- Name: syslog
Type: Log
- Name: bridge
Type: Network
- Name: host
Type: Network
- Name: ipvlan
Type: Network
- Name: macvlan
Type: Network
- Name: 'null'
Type: Network
- Name: overlay
Type: Network
- Name: local
Type: Volume
- Name: localhost:5000/vieux/sshfs:latest
Type: Volume
- Name: vieux/sshfs:latest
Type: Volume
ErrorDetail:
type: object
properties:
code:
type: integer
message:
type: string
ErrorResponse:
description: Represents an error.
type: object
required:
- message
properties:
message:
description: The error message.
type: string
x-nullable: false
example:
message: Something went wrong.
GenericResources:
description: User-defined resources can be either Integer resources (e.g, `SSD=3`)
or String resources (e.g, `GPU=UUID1`)
type: array
items:
type: object
properties:
DiscreteResourceSpec:
type: object
properties:
Kind:
type: string
Value:
type: integer
format: int64
NamedResourceSpec:
type: object
properties:
Kind:
type: string
Value:
type: string
example:
- DiscreteResourceSpec:
Kind: SSD
Value: 3
- NamedResourceSpec:
Kind: GPU
Value: UUID1
- NamedResourceSpec:
Kind: GPU
Value: UUID2
GraphDriverData:
description: Information about a container's graph driver.
type: object
required:
- Name
- Data
properties:
Data:
type: object
additionalProperties:
type: string
x-nullable: false
Name:
type: string
x-nullable: false
HealthConfig:
description: A test to perform to check that the container is healthy.
type: object
properties:
Interval:
description: The time to wait between checks in nanoseconds. It should be
0 or at least 1000000 (1 ms). 0 means inherit.
type: integer
Retries:
description: The number of consecutive failures needed to consider a container
as unhealthy. 0 means inherit.
type: integer
StartPeriod:
description: Start period for the container to initialize before starting
health-retries countdown in nanoseconds. It should be 0 or at least 1000000
(1 ms). 0 means inherit.
type: integer
Test:
description: |
The test to perform. Possible values are:
- `[]` inherit healthcheck from image or parent image
- `["NONE"]` disable healthcheck
- `["CMD", args...]` exec arguments directly
- `["CMD-SHELL", command]` run command with system's default shell
type: array
items:
type: string
Timeout:
description: The time to wait before considering the check to have hung. It
should be 0 or at least 1000000 (1 ms). 0 means inherit.
type: integer
HostConfig:
description: Container configuration that depends on the host we are running on
allOf:
- "$ref": "#/definitions/Resources"
- type: object
properties:
AutoRemove:
description: Automatically remove the container when the container's process
exits. This has no effect if `RestartPolicy` is set.
type: boolean
Binds:
description: |
A list of volume bindings for this container. Each volume binding is a string in one of these forms:
- `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
- `host-src:container-dest:ro` to make the bind mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
- `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
- `volume-name:container-dest:ro` to mount the volume read-only inside the container. `container-dest` must be an _absolute_ path.
type: array
items:
type: string
CapAdd:
description: A list of kernel capabilities to add to the container.
type: array
items:
type: string
CapDrop:
description: A list of kernel capabilities to drop from the container.
type: array
items:
type: string
Cgroup:
description: Cgroup to use for the container.
type: string
ConsoleSize:
description: Initial console size, as an `[height, width]` array. (Windows
only)
type: array
maxItems: 2
minItems: 2
items:
type: integer
minimum: 0
ContainerIDFile:
description: Path to a file where the container ID is written
type: string
Dns:
description: A list of DNS servers for the container to use.
type: array
items:
type: string
DnsOptions:
description: A list of DNS options.
type: array
items:
type: string
DnsSearch:
description: A list of DNS search domains.
type: array
items:
type: string
ExtraHosts:
description: 'A list of hostnames/IP mappings to add to the container''s
`/etc/hosts` file. Specified in the form `["hostname:IP"]`.
'
type: array
items:
type: string
GroupAdd:
description: A list of additional groups that the container process will
run as.
type: array
items:
type: string
IpcMode:
description: |
IPC sharing mode for the container. Possible values are:
- `"none"`: own private IPC namespace, with /dev/shm not mounted
- `"private"`: own private IPC namespace
- `"shareable"`: own private IPC namespace, with a possibility to share it with other containers
- `"container:<name|id>"`: join another (shareable) container's IPC namespace
- `"host"`: use the host system's IPC namespace
If not specified, daemon default is used, which can either be `"private"`
or `"shareable"`, depending on daemon version and configuration.
type: string
Isolation:
description: Isolation technology of the container. (Windows only)
type: string
enum:
- default
- process
- hyperv
Links:
description: A list of links for the container in the form `container_name:alias`.
type: array
items:
type: string
LogConfig:
description: The logging configuration for this container
type: object
properties:
Config:
type: object
additionalProperties:
type: string
Type:
type: string
enum:
- json-file
- syslog
- journald
- gelf
- fluentd
- awslogs
- splunk
- etwlogs
- none
MaskedPaths:
description: The list of paths to be masked inside the container (this overrides
the default set of paths)
type: array
items:
type: string
Mounts:
description: Specification for mounts to be added to the container.
type: array
items:
"$ref": "#/definitions/Mount"
NetworkMode:
description: 'Network mode to use for this container. Supported standard
values are: `bridge`, `host`, `none`, and `container:<name|id>`. Any other
value is taken as a custom network''s name to which this container should
connect to.'
type: string
OomScoreAdj:
description: An integer value containing the score given to the container
in order to tune OOM killer preferences.
type: integer
example: 500
PidMode:
description: |
Set the PID (Process) Namespace mode for the container. It can be either:
- `"container:<name|id>"`: joins another container's PID namespace
- `"host"`: use the host's PID namespace inside the container
type: string
PortBindings:
"$ref": "#/definitions/PortMap"
Privileged:
description: Gives the container full access to the host.
type: boolean
PublishAllPorts:
description: |
Allocates an ephemeral host port for all of a container's
exposed ports.
Ports are de-allocated when the container stops and allocated when the container starts.
The allocated port might be changed when restarting the container.
The port is selected from the ephemeral port range that depends on the kernel.
For example, on Linux the range is defined by `/proc/sys/net/ipv4/ip_local_port_range`.
type: boolean
ReadonlyPaths:
description: The list of paths to be set as read-only inside the container
(this overrides the default set of paths)
type: array
items:
type: string
ReadonlyRootfs:
description: Mount the container's root filesystem as read only.
type: boolean
RestartPolicy:
"$ref": "#/definitions/RestartPolicy"
Runtime:
description: Runtime to use with this container.
type: string
SecurityOpt:
description: A list of string values to customize labels for MLS systems,
such as SELinux.
type: array
items:
type: string
ShmSize:
description: Size of `/dev/shm` in bytes. If omitted, the system uses 64MB.
type: integer
minimum: 0
StorageOpt:
description: 'Storage driver options for this container, in the form `{"size":
"120G"}`.
'
type: object
additionalProperties:
type: string
Sysctls:
description: 'A list of kernel parameters (sysctls) to set in the container.
For example: `{"net.ipv4.ip_forward": "1"}`
'
type: object
additionalProperties:
type: string
Tmpfs:
description: 'A map of container directories which should be replaced by
tmpfs mounts, and their corresponding mount options. For example: `{ "/run":
"rw,noexec,nosuid,size=65536k" }`.
'
type: object
additionalProperties:
type: string
UTSMode:
description: UTS namespace to use for the container.
type: string
UsernsMode:
description: Sets the usernamespace mode for the container when usernamespace
remapping option is enabled.
type: string
VolumeDriver:
description: Driver that this container uses to mount volumes.
type: string
VolumesFrom:
description: A list of volumes to inherit from another container, specified
in the form `<container name>[:<ro|rw>]`.
type: array
items:
type: string
IPAM:
type: object
properties:
Config:
description: 'List of IPAM configuration options, specified as a map: `{"Subnet":
<CIDR>, "IPRange": <CIDR>, "Gateway": <IP address>, "AuxAddress": <device_name:IP
address>}`'
type: array
items:
type: object
additionalProperties:
type: string
Driver:
description: Name of the IPAM driver to use.
type: string
default: default
Options:
description: Driver-specific options, specified as a map.
type: array
items:
type: object
additionalProperties:
type: string
IdResponse:
description: Response to an API call that returns just an Id
type: object
required:
- Id
properties:
Id:
description: The id of the newly created object.
type: string
x-nullable: false
Image:
type: object
required:
- Id
- Parent
- Comment
- Created
- Container
- DockerVersion
- Author
- Architecture
- Os
- Size
- VirtualSize
- GraphDriver
- RootFS
properties:
Architecture:
type: string
x-nullable: false
Author:
type: string
x-nullable: false
Comment:
type: string
x-nullable: false
Config:
"$ref": "#/definitions/ContainerConfig"
Container:
type: string
x-nullable: false
ContainerConfig:
"$ref": "#/definitions/ContainerConfig"
Created:
type: string
x-nullable: false
DockerVersion:
type: string
x-nullable: false
GraphDriver:
"$ref": "#/definitions/GraphDriverData"
Id:
type: string
x-nullable: false
Metadata:
type: object
properties:
LastTagTime:
type: string
format: dateTime
Os:
type: string
x-nullable: false
OsVersion:
type: string
Parent:
type: string
x-nullable: false
RepoDigests:
type: array
items:
type: string
RepoTags:
type: array
items:
type: string
RootFS:
type: object
required:
- Type
properties:
BaseLayer:
type: string
Layers:
type: array
items:
type: string
Type:
type: string
x-nullable: false
Size:
type: integer
format: int64
x-nullable: false
VirtualSize:
type: integer
format: int64
x-nullable: false
ImageDeleteResponseItem:
type: object
properties:
Deleted:
description: The image ID of an image that was deleted
type: string
Untagged:
description: The image ID of an image that was untagged
type: string
ImageID:
description: Image ID or Digest
type: object
properties:
ID:
type: string
example:
ID: sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c
ImageSummary:
type: object
required:
- Id
- ParentId
- RepoTags
- RepoDigests
- Created
- Size
- SharedSize
- VirtualSize
- Labels
- Containers
properties:
Containers:
type: integer
x-nullable: false
Created:
type: integer
x-nullable: false
Id:
type: string
x-nullable: false
Labels:
type: object
additionalProperties:
type: string
x-nullable: false
ParentId:
type: string
x-nullable: false
RepoDigests:
type: array
items:
type: string
x-nullable: false
RepoTags:
type: array
items:
type: string
x-nullable: false
SharedSize:
type: integer
x-nullable: false
Size:
type: integer
x-nullable: false
VirtualSize:
type: integer
x-nullable: false
IndexInfo:
description: IndexInfo contains information about a registry.
type: object
properties:
Mirrors:
description: 'List of mirrors, expressed as URIs.
'
type: array
items:
type: string
example:
- https://hub-mirror.corp.example.com:5000/
- https://registry-2.docker.io/
- https://registry-3.docker.io/
Name:
description: 'Name of the registry, such as "docker.io".
'
type: string
example: docker.io
Official:
description: 'Indicates whether this is an official registry (i.e., Docker
Hub / docker.io)
'
type: boolean
example: true
Secure:
description: |
Indicates if the registry is part of the list of insecure
registries.
If `false`, the registry is insecure. Insecure registries accept
un-encrypted (HTTP) and/or untrusted (HTTPS with certificates from
unknown CAs) communication.
> **Warning**: Insecure registries can be useful when running a local
> registry. However, because its use creates security vulnerabilities
> it should ONLY be enabled for testing purposes. For increased
> security, users should add their CA to their system's list of
> trusted CAs instead of enabling this option.
type: boolean
example: true
x-nullable: true
JoinTokens:
description: 'JoinTokens contains the tokens workers and managers need to join
the swarm.
'
type: object
properties:
Manager:
description: 'The token managers can use to join the swarm.
'
type: string
example: SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2
Worker:
description: 'The token workers can use to join the swarm.
'
type: string
example: SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx
LocalNodeState:
description: Current local status of this node.
type: string
default: ''
enum:
- ''
- inactive
- pending
- active
- error
- locked
example: active
ManagerStatus:
description: |
ManagerStatus represents the status of a manager.
It provides the current status of a node's manager component, if the node
is a manager.
type: object
properties:
Addr:
description: 'The IP address and port at which the manager is reachable.
'
type: string
example: 10.0.0.46:2377
Leader:
type: boolean
default: false
example: true
Reachability:
"$ref": "#/definitions/Reachability"
x-nullable: true
Mount:
type: object
properties:
BindOptions:
description: Optional configuration for the `bind` type.
type: object
properties:
Propagation:
description: A propagation mode with the value `[r]private`, `[r]shared`,
or `[r]slave`.
type: string
enum:
- private
- rprivate
- shared
- rshared
- slave
- rslave
Consistency:
description: 'The consistency requirement for the mount: `default`, `consistent`,
`cached`, or `delegated`.'
type: string
ReadOnly:
description: Whether the mount should be read-only.
type: boolean
Source:
description: Mount source (e.g. a volume name, a host path).
type: string
Target:
description: Container path.
type: string
TmpfsOptions:
description: Optional configuration for the `tmpfs` type.
type: object
properties:
Mode:
description: The permission mode for the tmpfs mount in an integer.
type: integer
SizeBytes:
description: The size for the tmpfs mount in bytes.
type: integer
format: int64
Type:
description: |
The mount type. Available types:
- `bind` Mounts a file or directory from the host into the container. Must exist prior to creating the container.
- `volume` Creates a volume with the given name and options (or uses a pre-existing volume with the same name and options). These are **not** removed when the container is removed.
- `tmpfs` Create a tmpfs with the given options. The mount source cannot be specified for tmpfs.
type: string
enum:
- bind
- volume
- tmpfs
VolumeOptions:
description: Optional configuration for the `volume` type.
type: object
properties:
DriverConfig:
description: Map of driver specific options
type: object
properties:
Name:
description: Name of the driver to use to create the volume.
type: string
Options:
description: key/value map of driver specific options.
type: object
additionalProperties:
type: string
Labels:
description: User-defined key/value metadata.
type: object
additionalProperties:
type: string
NoCopy:
description: Populate volume with data from the target.
type: boolean
default: false
MountPoint:
description: A mount point inside a container
type: object
properties:
Destination:
type: string
Driver:
type: string
Mode:
type: string
Name:
type: string
Propagation:
type: string
RW:
type: boolean
Source:
type: string
Type:
type: string
Network:
type: object
properties:
Attachable:
type: boolean
Containers:
type: object
additionalProperties:
"$ref": "#/definitions/NetworkContainer"
Created:
type: string
format: dateTime
Driver:
type: string
EnableIPv6:
type: boolean
IPAM:
"$ref": "#/definitions/IPAM"
Id:
type: string
Ingress:
type: boolean
Internal:
type: boolean
Labels:
type: object
additionalProperties:
type: string
Name:
type: string
Options:
type: object
additionalProperties:
type: string
Scope:
type: string
example:
Attachable: false
Containers:
19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c:
EndpointID: 628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a
IPv4Address: 172.19.0.2/16
IPv6Address: ''
MacAddress: 02:42:ac:13:00:02
Name: test
Created: '2016-10-19T04:33:30.360899459Z'
Driver: bridge
EnableIPv6: false
IPAM:
Config:
- Gateway: 172.19.0.1
Subnet: 172.19.0.0/16
Driver: default
Options:
foo: bar
Id: 7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99
Ingress: false
Internal: false
Labels:
com.example.some-label: some-value
com.example.some-other-label: some-other-value
Name: net01
Options:
com.docker.network.bridge.default_bridge: 'true'
com.docker.network.bridge.enable_icc: 'true'
com.docker.network.bridge.enable_ip_masquerade: 'true'
com.docker.network.bridge.host_binding_ipv4: 0.0.0.0
com.docker.network.bridge.name: docker0
com.docker.network.driver.mtu: '1500'
Scope: local
NetworkContainer:
type: object
properties:
EndpointID:
type: string
IPv4Address:
type: string
IPv6Address:
type: string
MacAddress:
type: string
Name:
type: string
NetworkSettings:
description: NetworkSettings exposes the network settings in the API
type: object
properties:
Bridge:
description: Name of the network'a bridge (for example, `docker0`).
type: string
example: docker0
EndpointID:
description: |
EndpointID uniquely represents a service endpoint in a Sandbox.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: string
example: b88f5b905aabf2893f3cbc4ee42d1ea7980bbc0a92e2c8922b1e1795298afb0b
Gateway:
description: |
Gateway address for the default "bridge" network.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: string
example: 172.17.0.1
GlobalIPv6Address:
description: |
Global IPv6 address for the default "bridge" network.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: string
example: 2001:db8::5689
GlobalIPv6PrefixLen:
description: |
Mask length of the global IPv6 address.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: integer
example: 64
HairpinMode:
description: 'Indicates if hairpin NAT should be enabled on the virtual interface.
'
type: boolean
example: false
IPAddress:
description: |
IPv4 address for the default "bridge" network.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: string
example: 172.17.0.4
IPPrefixLen:
description: |
Mask length of the IPv4 address.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: integer
example: 16
IPv6Gateway:
description: |
IPv6 gateway address for this network.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: string
example: 2001:db8:2::100
LinkLocalIPv6Address:
description: IPv6 unicast address using the link-local prefix.
type: string
example: fe80::42:acff:fe11:1
LinkLocalIPv6PrefixLen:
description: Prefix length of the IPv6 unicast address.
type: integer
example: '64'
MacAddress:
description: |
MAC address for the container on the default "bridge" network.
<p><br /></p>
> **Deprecated**: This field is only propagated when attached to the
> default "bridge" network. Use the information from the "bridge"
> network inside the `Networks` map instead, which contains the same
> information. This field was deprecated in Docker 1.9 and is scheduled
> to be removed in Docker 17.12.0
type: string
example: 02:42:ac:11:00:04
Networks:
description: 'Information about all networks that the container is connected
to.
'
type: object
additionalProperties:
"$ref": "#/definitions/EndpointSettings"
Ports:
"$ref": "#/definitions/PortMap"
SandboxID:
description: SandboxID uniquely represents a container's network stack.
type: string
example: 9d12daf2c33f5959c8bf90aa513e4f65b561738661003029ec84830cd503a0c3
SandboxKey:
description: SandboxKey identifies the sandbox
type: string
example: "/var/run/docker/netns/8ab54b426c38"
SecondaryIPAddresses:
type: array
items:
"$ref": "#/definitions/Address"
x-nullable: true
SecondaryIPv6Addresses:
type: array
items:
"$ref": "#/definitions/Address"
x-nullable: true
Node:
type: object
properties:
CreatedAt:
description: |
Date and time at which the node was added to the swarm in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: string
format: dateTime
example: '2016-08-18T10:44:24.496525531Z'
Description:
"$ref": "#/definitions/NodeDescription"
ID:
type: string
example: 24ifsmvkjbyhk
ManagerStatus:
"$ref": "#/definitions/ManagerStatus"
Spec:
"$ref": "#/definitions/NodeSpec"
Status:
"$ref": "#/definitions/NodeStatus"
UpdatedAt:
description: |
Date and time at which the node was last updated in
[RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
type: string
format: dateTime
example: '2017-08-09T07:09:37.632105588Z'
Version:
"$ref": "#/definitions/ObjectVersion"
NodeDescription:
description: |
NodeDescription encapsulates the properties of the Node as reported by the
agent.
type: object
properties:
Engine:
"$ref": "#/definitions/EngineDescription"
Hostname:
type: string
example: bf3067039e47
Platform:
"$ref": "#/definitions/Platform"
Resources:
"$ref": "#/definitions/ResourceObject"
TLSInfo:
"$ref": "#/definitions/TLSInfo"
NodeSpec:
type: object
properties:
Availability:
description: Availability of the node.
type: string
enum:
- active
- pause
- drain
example: active
Labels:
description: User-defined key/value metadata.
type: object
additionalProperties:
type: string
Name:
description: Name for the node.
type: string
example: my-node
Role:
description: Role of the node.
type: string
enum:
- worker
- manager
example: manager
example:
Availability: active
Labels:
foo: bar
Name: node-name
Role: manager
NodeState:
description: NodeState represents the state of a node.
type: string
enum:
- unknown
- down
- ready
- disconnected
example: ready
NodeStatus:
description: |
NodeStatus represents the status of a node.
It provides the current status of the node, as seen by the manager.
type: object
properties:
Addr:
description: IP address of the node.
type: string
example: 172.17.0.2
Message:
type: string
example: ''
State:
"$ref": "#/definitions/NodeState"
ObjectVersion:
description: |
The version number of the object such as node, service, etc. This is needed to avoid conflicting writes.
The client must send the version number along with the modified specification when updating these objects.
This approach ensures safe concurrency and determinism in that the change on the object
may not be applied if the version number has changed from the last read. In other words,
if two update requests specify the same base version, only one of the requests can succeed.
As a result, two separate update requests that happen at the same time will not
unintentionally overwrite each other.
type: object
properties:
Index:
type: integer
format: uint64
example: 373531
PeerNode:
description: Represents a peer-node in the swarm
properties:
Addr:
description: 'IP address and ports at which this node can be reached.
'
type: string
NodeID:
description: Unique identifier of for this node in the swarm.
type: string
Platform:
description: 'Platform represents the platform (Arch/OS).
'
type: object
properties:
Architecture:
description: |
Architecture represents the hardware architecture (for example,
`x86_64`).
type: string
example: x86_64
OS:
description: 'OS represents the Operating System (for example, `linux` or
`windows`).
'
type: string
example: linux
Plugin:
description: A plugin for the Engine API
type: object
required:
- Settings
- Enabled
- Config
- Name
properties:
Config:
description: The config of a plugin.
type: object
required:
- Description
- Documentation
- Interface
- Entrypoint
- WorkDir
- Network
- Linux
- PidHost
- PropagatedMount
- IpcHost
- Mounts
- Env
- Args
properties:
Args:
type: object
required:
- Name
- Description
- Settable
- Value
properties:
Description:
type: string
x-nullable: false
example: command line arguments
Name:
type: string
x-nullable: false
example: args
Settable:
type: array
items:
type: string
Value:
type: array
items:
type: string
x-nullable: false
Description:
type: string
x-nullable: false
example: A sample volume plugin for Docker
DockerVersion:
description: Docker Version used to create the plugin
type: string
x-nullable: false
example: 17.06.0-ce
Documentation:
type: string
x-nullable: false
example: https://docs.docker.com/engine/extend/plugins/
Entrypoint:
type: array
items:
type: string
example:
- "/usr/bin/sample-volume-plugin"
- "/data"
Env:
type: array
items:
"$ref": "#/definitions/PluginEnv"
example:
- Description: If set, prints debug messages
Name: DEBUG
Settable:
Value: '0'
Interface:
description: The interface between Docker and the plugin
type: object
required:
- Types
- Socket
properties:
ProtocolScheme:
description: Protocol to use for clients connecting to the plugin.
type: string
enum:
- ''
- moby.plugins.http/v1
example: some.protocol/v1.0
Socket:
type: string
x-nullable: false
example: plugins.sock
Types:
type: array
items:
"$ref": "#/definitions/PluginInterfaceType"
example:
- docker.volumedriver/1.0
x-nullable: false
IpcHost:
type: boolean
x-nullable: false
example: false
Linux:
type: object
required:
- Capabilities
- AllowAllDevices
- Devices
properties:
AllowAllDevices:
type: boolean
x-nullable: false
example: false
Capabilities:
type: array
items:
type: string
example:
- CAP_SYS_ADMIN
- CAP_SYSLOG
Devices:
type: array
items:
"$ref": "#/definitions/PluginDevice"
x-nullable: false
Mounts:
type: array
items:
"$ref": "#/definitions/PluginMount"
Network:
type: object
required:
- Type
properties:
Type:
type: string
x-nullable: false
example: host
x-nullable: false
PidHost:
type: boolean
x-nullable: false
example: false
PropagatedMount:
type: string
x-nullable: false
example: "/mnt/volumes"
User:
type: object
properties:
GID:
type: integer
format: uint32
example: 1000
UID:
type: integer
format: uint32
example: 1000
x-nullable: false
WorkDir:
type: string
x-nullable: false
example: "/bin/"
rootfs:
type: object
properties:
diff_ids:
type: array
items:
type: string
example:
- sha256:675532206fbf3030b8458f88d6e26d4eb1577688a25efec97154c94e8b6b4887
- sha256:e216a057b1cb1efc11f8a268f37ef62083e70b1b38323ba252e25ac88904a7e8
type:
type: string
example: layers
x-nullable: false
Enabled:
description: True if the plugin is running. False if the plugin is not running,
only installed.
type: boolean
x-nullable: false
example: true
Id:
type: string
example: 5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078
Name:
type: string
x-nullable: false
example: tiborvass/sample-volume-plugin
PluginReference:
description: plugin remote reference used to push/pull the plugin
type: string
x-nullable: false
example: localhost:5000/tiborvass/sample-volume-plugin:latest
Settings:
description: Settings that can be modified by users.
type: object
required:
- Args
- Devices
- Env
- Mounts
properties:
Args:
type: array
items:
type: string
Devices:
type: array
items:
"$ref": "#/definitions/PluginDevice"
Env:
type: array
items:
type: string
example:
- DEBUG=0
Mounts:
type: array
items:
"$ref": "#/definitions/PluginMount"
x-nullable: false
PluginDevice:
type: object
required:
- Name
- Description
- Settable
- Path
properties:
Description:
type: string
x-nullable: false
Name:
type: string
x-nullable: false
Path:
type: string
example: "/dev/fuse"
Settable:
type: array
items:
type: string
x-nullable: false
PluginEnv:
type: object
required:
- Name
- Description
- Settable
- Value
properties:
Description:
type: string
x-nullable: false
Name:
type: string
x-nullable: false
Settable:
type: array
items:
type: string
Value:
type: string
x-nullable: false
PluginInterfaceType:
type: object
required:
- Prefix
- Capability
- Version
properties:
Capability:
type: string
x-nullable: false
Prefix:
type: string
x-nullable: false
Version:
type: string
x-nullable: false
x-nullable: false
PluginMount:
type: object
required:
- Name
- Description
- Settable
- Source
- Destination
- Type
- Options
properties:
Description:
type: string
x-nullable: false
example: This is a mount that's used by the plugin.
Destination:
type: string
x-nullable: false
example: "/mnt/state"
Name:
type: string
x-nullable: false
example: some-mount
Options:
type: array
items:
type: string
example:
- rbind
- rw
Settable:
type: array
items:
type: string
Source:
type: string
example: "/var/lib/docker/plugins/"
Type:
type: string
x-nullable: false
example: bind
x-nullable: false
PluginsInfo:
description: |
Available plugins per type.
<p><br /></p>
> **Note**: Only unmanaged (V1) plugins are included in this list.
> V1 plugins are "lazily" loaded, and are not returned in this list
> if there is no resource using the plugin.
type: object
properties:
Authorization:
description: Names of available authorization plugins.
type: array
items:
type: string
example:
- img-authz-plugin
- hbm
Log:
description: Names of available logging-drivers, and logging-driver plugins.
type: array
items:
type: string
example:
- awslogs
- fluentd
- gcplogs
- gelf
- journald
- json-file
- logentries
- splunk
- syslog
Network:
description: Names of available network-drivers, and network-driver plugins.
type: array
items:
type: string
example:
- bridge
- host
- ipvlan
- macvlan
- 'null'
- overlay
Volume:
description: Names of available volume-drivers, and network-driver plugins.
type: array
items:
type: string
example:
- local
Port:
description: An open port on a container
type: object
required:
- PrivatePort
- Type
properties:
IP:
description: Host IP address that the container's port is mapped to
type: string
format: ip-address
PrivatePort:
description: Port on the container
type: integer
format: uint16
x-nullable: false
PublicPort:
description: Port exposed on the host
type: integer
format: uint16
Type:
type: string
enum:
- tcp
- udp
- sctp
x-nullable: false
example:
PrivatePort: 8080
PublicPort: 80
Type: tcp
PortBinding:
description: |
PortBinding represents a binding between a host IP address and a host
port.
type: object
properties:
HostIp:
description: Host IP address that the container's port is mapped to.
type: string
example: 127.0.0.1
HostPort:
description: Host port number that the container's port is mapped to.
type: string
example: '4443'
x-nullable: true
PortMap:
description: |
PortMap describes the mapping of container ports to host ports, using the
container's port-number and protocol as key in the format `<port>/<protocol>`,
for example, `80/udp`.
If a container's port is mapped for multiple protocols, separate entries
are added to the mapping table.
type: object
additionalProperties:
type: array
items:
"$ref": "#/definitions/PortBinding"
example:
2377/tcp:
443/tcp:
- HostIp: 127.0.0.1
HostPort: '4443'
53/udp:
- HostIp: 0.0.0.0
HostPort: '53'
80/tcp:
- HostIp: 0.0.0.0
HostPort: '80'
- HostIp: 0.0.0.0
HostPort: '8080'
80/udp:
- HostIp: 0.0.0.0
HostPort: '80'
ProcessConfig:
type: object
properties:
arguments:
type: array
items:
type: string
entrypoint:
type: string
privileged:
type: boolean
tty:
type: boolean
user:
type: string
ProgressDetail:
type: object
properties:
current:
type: integer
total:
type: integer
PushImageInfo:
type: object
properties:
error:
type: string
progress:
type: string
progressDetail:
"$ref": "#/definitions/ProgressDetail"
status:
type: string
Reachability:
description: Reachability represents the reachability of a node.
type: string
enum:
- unknown
- unreachable
- reachable
example: reachable
RegistryServiceConfig:
description: 'RegistryServiceConfig stores daemon registry services configuration.
'
type: object
properties:
AllowNondistributableArtifactsCIDRs:
description: |
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior, and enables the daemon to
push nondistributable artifacts to all registries whose resolved IP
address is within the subnet described by the CIDR syntax.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
type: array
items:
type: string
example:
- "::1/128"
- 127.0.0.0/8
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `<hostname>[:<port>]` or `<IP address>[:<port>]`.
Some images (for example, Windows base images) contain artifacts
whose distribution is restricted by license. When these images are
pushed to a registry, restricted artifacts are not included.
This configuration override this behavior for the specified
registries.
This option is useful when pushing images containing
nondistributable artifacts to a registry on an air-gapped network so
hosts on that network can pull the images without connecting to
another server.
> **Warning**: Nondistributable artifacts typically have restrictions
> on how and where they can be distributed and shared. Only use this
> feature to push artifacts to private registries and ensure that you
> are in compliance with any terms that cover redistributing
> nondistributable artifacts.
type: array
items:
type: string
example:
- registry.internal.corp.example.com:3000
- "[2001:db8:a0b:12f0::1]:443"
IndexConfigs:
type: object
additionalProperties:
"$ref": "#/definitions/IndexInfo"
example:
127.0.0.1:5000:
Mirrors: []
Name: 127.0.0.1:5000
Official: false
Secure: false
"[2001:db8:a0b:12f0::1]:80":
Mirrors: []
Name: "[2001:db8:a0b:12f0::1]:80"
Official: false
Secure: false
docker.io:
Mirrors:
- https://hub-mirror.corp.example.com:5000/
Name: docker.io
Official: true
Secure: true
registry.internal.corp.example.com:3000:
Mirrors: []
Name: registry.internal.corp.example.com:3000
Official: false
Secure: false
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax
([RFC 4632](https://tools.ietf.org/html/4632)). Insecure registries
accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
from unknown CAs) communication.
By default, local registries (`127.0.0.0/8`) are configured as
insecure. All other registries are secure. Communicating with an
insecure registry is not possible if the daemon assumes that registry
is secure.
This configuration override this behavior, insecure communication with
registries whose resolved IP address is within the subnet described by
the CIDR syntax.
Registries can also be marked insecure by hostname. Those registries
are listed under `IndexConfigs` and have their `Secure` field set to
`false`.
> **Warning**: Using this option can be useful when running a local
> registry, but introduces security vulnerabilities. This option
> should therefore ONLY be used for testing purposes. For increased
> security, users should add their CA to their system's list of trusted
> CAs instead of enabling this option.
type: array
items:
type: string
example:
- "::1/128"
- 127.0.0.0/8
Mirrors:
description: |
List of registry URLs that act as a mirror for the official
(`docker.io`) registry.
type: array
items:
type: string
example:
- https://hub-mirror.corp.example.com:5000/
- https://[2001:db8:a0b:12f0::1]/
x-nullable: true
ResourceObject:
description: An object describing the resources which can be advertised by a node
and requested by a task
type: object
properties:
GenericResources:
"$ref": "#/definitions/GenericResources"
MemoryBytes:
type: integer
format: int64
example: 8272408576
NanoCPUs:
type: integer
format: int64
example: 4000000000
Resources:
description: A container's resources (cgroups config, ulimits, etc)
type: object
properties:
BlkioDeviceReadBps:
description: 'Limit read rate (bytes per second) from a device, in the form
`[{"Path": "device_path", "Rate": rate}]`.
'
type: array
items:
"$ref": "#/definitions/ThrottleDevice"
BlkioDeviceReadIOps:
description: 'Limit read rate (IO per second) from a device, in the form `[{"Path":
"device_path", "Rate": rate}]`.
'
type: array
items:
"$ref": "#/definitions/ThrottleDevice"
BlkioDeviceWriteBps:
description: 'Limit write rate (bytes per second) to a device, in the form
`[{"Path": "device_path", "Rate": rate}]`.
'
type: array
items:
"$ref": "#/definitions/ThrottleDevice"
BlkioDeviceWriteIOps:
description: 'Limit write rate (IO per second) to a device, in the form `[{"Path":
"device_path", "Rate": rate}]`.
'
type: array
items:
"$ref": "#/definitions/ThrottleDevice"
BlkioWeight:
description: Block IO weight (relative weight).
type: integer
maximum: 1000
minimum: 0
BlkioWeightDevice:
description: 'Block IO weight (relative device weight) in the form `[{"Path":
"device_path", "Weight": weight}]`.
'
type: array
items:
type: object
properties:
Path:
type: string
Weight:
type: integer
minimum: 0
CgroupParent:
description: Path to `cgroups` under which the container's `cgroup` is created.
If the path is not absolute, the path is considered to be relative to the
`cgroups` path of the init process. Cgroups are created if they do not already
exist.
type: string
CpuCount:
description: |
The number of usable CPUs (Windows only).
On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
type: integer
format: int64
CpuPercent:
description: |
The usable percentage of the available CPUs (Windows only).
On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is `CPUCount` first, then `CPUShares`, and `CPUPercent` last.
type: integer
format: int64
CpuPeriod:
description: The length of a CPU period in microseconds.
type: integer
format: int64
CpuQuota:
description: Microseconds of CPU time that the container can get in a CPU
period.
type: integer
format: int64
CpuRealtimePeriod:
description: The length of a CPU real-time period in microseconds. Set to
0 to allocate no time allocated to real-time tasks.
type: integer
format: int64
CpuRealtimeRuntime:
description: The length of a CPU real-time runtime in microseconds. Set to
0 to allocate no time allocated to real-time tasks.
type: integer
format: int64
CpuShares:
description: An integer value representing this container's relative CPU weight
versus other containers.
type: integer
CpusetCpus:
description: CPUs in which to allow execution (e.g., `0-3`, `0,1`)
type: string
example: 0-3
CpusetMems:
description: Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only
effective on NUMA systems.
type: string
DeviceCgroupRules:
description: a list of cgroup rules to apply to the container
type: array
items:
type: string
example: c 13:* rwm
Devices:
description: A list of devices to add to the container.
type: array
items:
"$ref": "#/definitions/DeviceMapping"
DiskQuota:
description: Disk limit (in bytes).
type: integer
format: int64
IOMaximumBandwidth:
description: Maximum IO in bytes per second for the container system drive
(Windows only)
type: integer
format: int64
IOMaximumIOps:
description: Maximum IOps for the container system drive (Windows only)
type: integer
format: int64
Init:
description: Run an init inside the container that forwards signals and reaps
processes. This field is omitted if empty, and the default (as configured
on the daemon) is used.
type: boolean
x-nullable: true
KernelMemory:
description: Kernel memory limit in bytes.
type: integer
format: int64
Memory:
description: Memory limit in bytes.
type: integer
format: int64
default: 0
MemoryReservation:
description: Memory soft limit in bytes.
type: integer
format: int64
MemorySwap:
description: Total memory limit (memory + swap). Set as `-1` to enable unlimited
swap.
type: integer
format: int64
MemorySwappiness:
description: Tune a container's memory swappiness behavior. Accepts an integer
between 0 and 100.
type: integer
format: int64
maximum: 100
minimum: 0
NanoCPUs:
description: CPU quota in units of 10<sup>-9</sup> CPUs.
type: integer
format: int64
OomKillDisable:
description: Disable OOM Killer for the container.
type: boolean
PidsLimit:
description: Tune a container's pids limit. Set -1 for unlimited.
type: integer
format: int64
Ulimits:
description: 'A list of resource limits to set in the container. For example:
`{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
'
type: array
items:
type: object
properties:
Hard:
description: Hard limit
type: integer
Name:
description: Name of ulimit
type: string
Soft:
description: Soft limit
type: integer
RestartPolicy:
description: |
The behavior to apply when the container exits. The default is not to restart.
An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.
type: object
properties:
MaximumRetryCount:
description: If `on-failure` is used, the number of times to retry before
giving up
type: integer
Name:
description: |
- Empty string means not to restart
- `always` Always restart
- `unless-stopped` Restart always except when the user has manually stopped the container
- `on-failure` Restart only when the container exit code is non-zero
type: string
enum:
- ''
- always
- unless-stopped
- on-failure
Runtime:
description: |
Runtime describes an [OCI compliant](https://github.com/opencontainers/runtime-spec)
runtime.
The runtime is invoked by the daemon via the `containerd` daemon. OCI
runtimes act as an interface to the Linux kernel namespaces, cgroups,
and SELinux.
type: object
properties:
path:
description: |
Name and, optional, path, of the OCI executable binary.
If the path is omitted, the daemon searches the host's `$PATH` for the
binary and uses the first result.
type: string
example: "/usr/local/bin/my-oci-runtime"
runtimeArgs:
description: 'List of command-line arguments to pass to the runtime when invoked.
'
type: array
items:
type: string
x-nullable: true
example:
- "--debug"
- "--systemd-cgroup=false"
Secret:
type: object
properties:
CreatedAt:
type: string
format: dateTime
example: '2017-07-20T13:55:28.678958722Z'
ID:
type: string
example: blt1owaxmitz71s9v5zh81zun
Spec:
"$ref": "#/definitions/SecretSpec"
UpdatedAt:
type: string
format: dateTime
example: '2017-07-20T13:55:28.678958722Z'
Version:
"$ref": "#/definitions/ObjectVersion"
SecretSpec:
type: object
properties:
Data:
description: |
Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2))
data to store as secret.
This field is only used to _create_ a secret, and is not returned by
other endpoints.
type: string
example: ''
Driver:
description: Name of the secrets driver used to fetch the secret's value from
an external secret store
"$ref": "#/definitions/Driver"
Labels:
description: User-defined key/value metadata.
type: object
additionalProperties:
type: string
example:
com.example.some-label: some-value
com.example.some-other-label: some-other-value
Name:
description: User-defined name of the secret.
type: string
Templating:
description: |
Templating driver, if applicable
Templating controls whether and how to evaluate the config payload as
a template. If no driver is set, no templating is used.
"$ref": "#/definitions/Driver"
Service:
type: object
properties:
CreatedAt:
type: string
format: dateTime
Endpoint:
type: object
properties:
Ports:
type: array
items:
"$ref": "#/definitions/EndpointPortConfig"
Spec:
"$ref": "#/definitions/EndpointSpec"
VirtualIPs:
type: array
items:
type: object
properties:
Addr:
type: string
NetworkID:
type: string
ID:
type: string
Spec:
"$ref": "#/definitions/ServiceSpec"
UpdateStatus:
description: The status of a service update.
type: object
properties:
CompletedAt:
type: string
format: dateTime
Message:
type: string
StartedAt:
type: string
format: dateTime
State:
type: string
enum:
- updating
- paused
- completed
UpdatedAt:
type: string
format: dateTime
Version:
"$ref": "#/definitions/ObjectVersion"
example:
CreatedAt: '2016-06-07T21:05:51.880065305Z'
Endpoint:
Ports:
- Protocol: tcp
PublishedPort: 30001
TargetPort: 6379
Spec:
Mode: vip
Ports:
- Protocol: tcp
PublishedPort: 30001
TargetPort: 6379
VirtualIPs:
- Addr: 10.255.0.2/16
NetworkID: 4qvuz4ko70xaltuqbt8956gd1
- Addr: 10.255.0.3/16
NetworkID: 4qvuz4ko70xaltuqbt8956gd1
ID: 9mnpnzenvg8p8tdbtq4wvbkcz
Spec:
EndpointSpec:
Mode: vip
Ports:
- Protocol: tcp
PublishedPort: 30001
TargetPort: 6379
Mode:
Replicated:
Replicas: 1
Name: hopeful_cori
RollbackConfig:
Delay: 1000000000
FailureAction: pause
MaxFailureRatio: 0.15
Monitor: 15000000000
Parallelism: 1
TaskTemplate:
ContainerSpec:
Image: redis
ForceUpdate: 0
Placement: {}
Resources:
Limits: {}
Reservations: {}
RestartPolicy:
Condition: any
MaxAttempts: 0
UpdateConfig:
Delay: 1000000000
FailureAction: pause
MaxFailureRatio: 0.15
Monitor: 15000000000
Parallelism: 1
UpdatedAt: '2016-06-07T21:07:29.962229872Z'
Version:
Index: 19
ServiceSpec:
description: User modifiable configuration for a service.
properties:
EndpointSpec:
"$ref": "#/definitions/EndpointSpec"
Labels:
description: User-defined key/value metadata.
type: object
additionalProperties:
type: string
Mode:
description: Scheduling mode for the service.
type: object
properties:
Global:
type: object
Replicated:
type: object
properties:
Replicas:
type: integer
format: int64
Name:
description: Name of the service.
type: string
Networks:
description: Array of network names or IDs to attach the service to.
type: array
items:
type: object
properties:
Aliases:
type: array
items:
type: string
Target:
type: string
RollbackConfig:
description: Specification for the rollback strategy of the service.
type: object
properties:
Delay:
description: Amount of time between rollback iterations, in nanoseconds.
type: integer
format: int64
FailureAction:
description: Action to take if an rolled back task fails to run, or stops
running during the rollback.
type: string
enum:
- continue
- pause
MaxFailureRatio:
description: The fraction of tasks that may fail during a rollback before
the failure action is invoked, specified as a floating point number
between 0 and 1.
type: number
default: 0
Monitor:
description: Amount of time to monitor each rolled back task for failures,
in nanoseconds.
type: integer
format: int64
Order:
description: The order of operations when rolling back a task. Either
the old task is shut down before the new task is started, or the new
task is started before the old task is shut down.
type: string
enum:
- stop-first
- start-first
Parallelism:
description: Maximum number of tasks to be rolled back in one iteration
(0 means unlimited parallelism).
type: integer
format: int64
TaskTemplate:
"$ref": "#/definitions/TaskSpec"
UpdateConfig:
description: Specification for the update strategy of the service.
type: object
properties:
Delay:
description: Amount of time between updates, in nanoseconds.
type: integer
format: int64
FailureAction:
description: Action to take if an updated task fails to run, or stops
running during the update.
type: string
enum:
- continue
- pause
- rollback
MaxFailureRatio:
description: The fraction of tasks that may fail during an update before
the failure action is invoked, specified as a floating point number
between 0 and 1.
type: number
default: 0
Monitor:
description: Amount of time to monitor each updated task for failures,
in nanoseconds.
type: integer
format: int64
Order:
description: The order of operations when rolling out an updated task.
Either the old task is shut down before the new task is started, or
the new task is started before the old task is shut down.
type: string
enum:
- stop-first
- start-first
Parallelism:
description: Maximum number of tasks to be updated in one iteration (0
means unlimited parallelism).
type: integer
format: int64
ServiceUpdateResponse:
type: object
properties:
Warnings:
description: Optional warning messages
type: array
items:
type: string
example:
Warning: 'unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest
not found'
Swarm:
type: object
allOf:
- "$ref": "#/definitions/ClusterInfo"
- type: object
properties:
JoinTokens:
"$ref": "#/definitions/JoinTokens"
SwarmInfo:
description: 'Represents generic information about swarm.
'
type: object
properties:
Cluster:
"$ref": "#/definitions/ClusterInfo"
ControlAvailable:
type: boolean
default: false
example: true
Error:
type: string
default: ''
LocalNodeState:
"$ref": "#/definitions/LocalNodeState"
Managers:
description: Total number of managers in the swarm.
type: integer
x-nullable: true
example: 3
NodeAddr:
description: |
IP address at which this node can be reached by other nodes in the
swarm.
type: string
default: ''
example: 10.0.0.46
NodeID:
description: Unique identifier of for this node in the swarm.
type: string
default: ''
example: k67qz4598weg5unwwffg6z1m1
Nodes:
description: Total number of nodes in the swarm.
type: integer
x-nullable: true
example: 4
RemoteManagers:
description: 'List of ID''s and addresses of other managers in the swarm.
'
type: array
items:
"$ref": "#/definitions/PeerNode"
x-nullable: true
example:
- Addr: 10.0.0.158:2377
NodeID: 71izy0goik036k48jg985xnds
- Addr: 10.0.0.159:2377
NodeID: 79y6h1o4gv8n120drcprv5nmc
- Addr: 10.0.0.46:2377
NodeID: k67qz4598weg5unwwffg6z1m1
SwarmSpec:
description: User modifiable swarm configuration.
type: object
properties:
CAConfig:
description: CA configuration.
type: object
properties:
ExternalCAs:
description: Configuration for forwarding signing requests to an external
certificate authority.
type: array
items:
type: object
properties:
CACert:
description: The root CA certificate (in PEM format) this external
CA uses to issue TLS certificates (assumed to be to the current
swarm root CA certificate if not provided).
type: string
Options:
description: An object with key/value pairs that are interpreted
as protocol-specific options for the external CA driver.
type: object
additionalProperties:
type: string
Protocol:
description: Protocol for communication with the external CA (currently
only `cfssl` is supported).
type: string
default: cfssl
enum:
- cfssl
URL:
description: URL where certificate signing requests should be sent.
type: string
ForceRotate:
description: An integer whose purpose is to force swarm to generate a
new signing CA certificate and key, if none have been specified in `SigningCACert`
and `SigningCAKey`
type: integer
format: uint64
NodeCertExpiry:
description: The duration node certificates are issued for.
type: integer
format: int64
example: 7776000000000000
SigningCACert:
description: The desired signing CA certificate for all swarm node TLS
leaf certificates, in PEM format.
type: string
SigningCAKey:
description: The desired signing CA key for all swarm node TLS leaf certificates,
in PEM format.
type: string
x-nullable: true
Dispatcher:
description: Dispatcher configuration.
type: object
properties:
HeartbeatPeriod:
description: The delay for an agent to send a heartbeat to the dispatcher.
type: integer
format: int64
example: 5000000000
x-nullable: true
EncryptionConfig:
description: Parameters related to encryption-at-rest.
type: object
properties:
AutoLockManagers:
description: If set, generate a key and use it to lock data stored on
the managers.
type: boolean
example: false
Labels:
description: User-defined key/value metadata.
type: object
additionalProperties:
type: string
example:
com.example.corp.department: engineering
com.example.corp.type: production
Name:
description: Name of the swarm.
type: string
example: default
Orchestration:
description: Orchestration configuration.
type: object
properties:
TaskHistoryRetentionLimit:
description: The number of historic tasks to keep per instance or node.
If negative, never remove completed or failed tasks.
type: integer
format: int64
example: 10
x-nullable: true
Raft:
description: Raft configuration.
type: object
properties:
ElectionTick:
description: |
The number of ticks that a follower will wait for a message from the leader before becoming a candidate and starting an election. `ElectionTick` must be greater than `HeartbeatTick`.
A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
type: integer
example: 3
HeartbeatTick:
description: |
The number of ticks between heartbeats. Every HeartbeatTick ticks, the leader will send a heartbeat to the followers.
A tick currently defaults to one second, so these translate directly to seconds currently, but this is NOT guaranteed.
type: integer
example: 1
KeepOldSnapshots:
description: The number of snapshots to keep beyond the current snapshot.
type: integer
format: uint64
LogEntriesForSlowFollowers:
description: The number of log entries to keep around to sync up slow
followers after a snapshot is created.
type: integer
format: uint64
example: 500
SnapshotInterval:
description: The number of log entries between snapshots.
type: integer
format: uint64
example: 10000
TaskDefaults:
description: Defaults for creating tasks in this cluster.
type: object
properties:
LogDriver:
description: |
The log driver to use for tasks created in the orchestrator if
unspecified by a service.
Updating this value only affects new tasks. Existing tasks continue
to use their previously configured log driver until recreated.
type: object
properties:
Name:
description: 'The log driver to use as a default for new tasks.
'
type: string
example: json-file
Options:
description: |
Driver-specific options for the selectd log driver, specified
as key/value pairs.
type: object
additionalProperties:
type: string
example:
max-file: '10'
max-size: 100m
SystemInfo:
type: object
properties:
Architecture:
description: |
Hardware architecture of the host, as returned by the Go runtime
(`GOARCH`).
A full list of possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
type: string
example: x86_64
BridgeNfIp6tables:
description: Indicates if `bridge-nf-call-ip6tables` is available on the host.
type: boolean
example: true
BridgeNfIptables:
description: Indicates if `bridge-nf-call-iptables` is available on the host.
type: boolean
example: true
CPUSet:
description: |
Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host.
See [cpuset(7)](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt)
type: boolean
example: true
CPUShares:
description: Indicates if CPU Shares limiting is supported by the host.
type: boolean
example: true
CgroupDriver:
description: 'The driver to use for managing cgroups.
'
type: string
default: cgroupfs
enum:
- cgroupfs
- systemd
example: cgroupfs
ClusterAdvertise:
description: |
The network endpoint that the Engine advertises for the purpose of
node discovery. ClusterAdvertise is a `host:port` combination on which
the daemon is reachable by other hosts.
<p><br /></p>
> **Note**: This field is only propagated when using standalone Swarm
> mode, and overlay networking using an external k/v store. Overlay
> networks with Swarm mode enabled use the built-in raft store, and
> this field will be empty.
type: string
example: node5.corp.example.com:8000
ClusterStore:
description: |
URL of the distributed storage backend.
The storage backend is used for multihost networking (to store
network and endpoint information) and by the node discovery mechanism.
<p><br /></p>
> **Note**: This field is only propagated when using standalone Swarm
> mode, and overlay networking using an external k/v store. Overlay
> networks with Swarm mode enabled use the built-in raft store, and
> this field will be empty.
type: string
example: consul://consul.corp.example.com:8600/some/path
ContainerdCommit:
"$ref": "#/definitions/Commit"
Containers:
description: Total number of containers on the host.
type: integer
example: 14
ContainersPaused:
description: 'Number of containers with status `"paused"`.
'
type: integer
example: 1
ContainersRunning:
description: 'Number of containers with status `"running"`.
'
type: integer
example: 3
ContainersStopped:
description: 'Number of containers with status `"stopped"`.
'
type: integer
example: 10
CpuCfsPeriod:
description: Indicates if CPU CFS(Completely Fair Scheduler) period is supported
by the host.
type: boolean
example: true
CpuCfsQuota:
description: Indicates if CPU CFS(Completely Fair Scheduler) quota is supported
by the host.
type: boolean
example: true
Debug:
description: Indicates if the daemon is running in debug-mode / with debug-level
logging enabled.
type: boolean
example: true
DefaultRuntime:
description: |
Name of the default OCI runtime that is used when starting containers.
The default can be overridden per-container at create time.
type: string
default: runc
example: runc
DockerRootDir:
description: |
Root directory of persistent Docker state.
Defaults to `/var/lib/docker` on Linux, and `C:\ProgramData\docker`
on Windows.
type: string
example: "/var/lib/docker"
Driver:
description: Name of the storage driver in use.
type: string
example: overlay2
DriverStatus:
description: |
Information specific to the storage driver, provided as
"label" / "value" pairs.
This information is provided by the storage driver, and formatted
in a way consistent with the output of `docker info` on the command
line.
<p><br /></p>
> **Note**: The information returned in this field, including the
> formatting of values and labels, should not be considered stable,
> and may change without notice.
type: array
items:
type: array
items:
type: string
example:
- - Backing Filesystem
- extfs
- - Supports d_type
- 'true'
- - Native Overlay Diff
- 'true'
ExperimentalBuild:
description: 'Indicates if experimental features are enabled on the daemon.
'
type: boolean
example: true
GenericResources:
"$ref": "#/definitions/GenericResources"
HttpProxy:
description: |
HTTP-proxy configured for the daemon. This value is obtained from the
[`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
Containers do not automatically inherit this configuration.
type: string
example: http://user:pass@proxy.corp.example.com:8080
HttpsProxy:
description: |
HTTPS-proxy configured for the daemon. This value is obtained from the
[`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
Containers do not automatically inherit this configuration.
type: string
example: https://user:pass@proxy.corp.example.com:4443
ID:
description: |
Unique identifier of the daemon.
<p><br /></p>
> **Note**: The format of the ID itself is not part of the API, and
> should not be considered stable.
type: string
example: 7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS
IPv4Forwarding:
description: Indicates IPv4 forwarding is enabled.
type: boolean
example: true
Images:
description: |
Total number of images on the host.
Both _tagged_ and _untagged_ (dangling) images are counted.
type: integer
example: 508
IndexServerAddress:
description: |
Address / URL of the index server that is used for image search,
and as a default for user authentication for Docker Hub and Docker Cloud.
type: string
default: https://index.docker.io/v1/
example: https://index.docker.io/v1/
InitBinary:
description: |
Name and, optional, path of the `docker-init` binary.
If the path is omitted, the daemon searches the host's `$PATH` for the
binary and uses the first result.
type: string
example: docker-init
InitCommit:
"$ref": "#/definitions/Commit"
Isolation:
description: |
Represents the isolation technology to use as a default for containers.
The supported values are platform-specific.
If no isolation value is specified on daemon start, on Windows client,
the default is `hyperv`, and on Windows server, the default is `process`.
This option is currently not used on other platforms.
type: string
default: default
enum:
- default
- hyperv
- process
KernelMemory:
description: Indicates if the host has kernel memory limit support enabled.
type: boolean
example: true
KernelVersion:
description: |
Kernel version of the host.
On Linux, this information obtained from `uname`. On Windows this
information is queried from the <kbd>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\</kbd>
registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_.
type: string
example: 4.9.38-moby
Labels:
description: |
User-defined labels (key/value metadata) as set on the daemon.
<p><br /></p>
> **Note**: When part of a Swarm, nodes can both have _daemon_ labels,
> set through the daemon configuration, and _node_ labels, set from a
> manager node in the Swarm. Node labels are not included in this
> field. Node labels can be retrieved using the `/nodes/(id)` endpoint
> on a manager node in the Swarm.
type: array
items:
type: string
example:
- storage=ssd
- production
LiveRestoreEnabled:
description: |
Indicates if live restore is enabled.
If enabled, containers are kept running when the daemon is shutdown
or upon daemon start if running containers are detected.
type: boolean
default: false
example: false
LoggingDriver:
description: 'The logging driver to use as a default for new containers.
'
type: string
MemTotal:
description: 'Total amount of physical memory available on the host, in kilobytes
(kB).
'
type: integer
format: int64
example: 2095882240
MemoryLimit:
description: Indicates if the host has memory limit support enabled.
type: boolean
example: true
NCPU:
description: |
The number of logical CPUs usable by the daemon.
The number of available CPUs is checked by querying the operating
system when the daemon starts. Changes to operating system CPU
allocation after the daemon is started are not reflected.
type: integer
example: 4
NEventsListener:
description: Number of event listeners subscribed.
type: integer
example: 30
NFd:
description: |
The total number of file Descriptors in use by the daemon process.
This information is only returned if debug-mode is enabled.
type: integer
example: 64
NGoroutines:
description: |
The number of goroutines that currently exist.
This information is only returned if debug-mode is enabled.
type: integer
example: 174
Name:
description: Hostname of the host.
type: string
example: node5.corp.example.com
NoProxy:
description: |
Comma-separated list of domain extensions for which no proxy should be
used. This value is obtained from the [`NO_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html)
environment variable.
Containers do not automatically inherit this configuration.
type: string
example: "*.local, 169.254/16"
OSType:
description: |
Generic type of the operating system of the host, as returned by the
Go runtime (`GOOS`).
Currently returned values are "linux" and "windows". A full list of
possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
type: string
example: linux
OomKillDisable:
description: Indicates if OOM killer disable is supported on the host.
type: boolean
OperatingSystem:
description: |
Name of the host's operating system, for example: "Ubuntu 16.04.2 LTS"
or "Windows Server 2016 Datacenter"
type: string
example: Alpine Linux v3.5
Plugins:
"$ref": "#/definitions/PluginsInfo"
ProductLicense:
description: |
Reports a summary of the product license on the daemon.
If a commercial license has been applied to the daemon, information
such as number of nodes, and expiration are included.
type: string
example: Community Engine
RegistryConfig:
"$ref": "#/definitions/RegistryServiceConfig"
RuncCommit:
"$ref": "#/definitions/Commit"
Runtimes:
description: |
List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
runtimes configured on the daemon. Keys hold the "name" used to
reference the runtime.
The Docker daemon relies on an OCI compliant runtime (invoked via the
`containerd` daemon) as its interface to the Linux kernel namespaces,
cgroups, and SELinux.
The default runtime is `runc`, and automatically configured. Additional
runtimes can be configured by the user and will be listed here.
type: object
default:
runc:
path: docker-runc
additionalProperties:
"$ref": "#/definitions/Runtime"
example:
custom:
path: "/usr/local/bin/my-oci-runtime"
runtimeArgs:
- "--debug"
- "--systemd-cgroup=false"
runc:
path: docker-runc
runc-master:
path: "/go/bin/runc"
SecurityOptions:
description: |
List of security features that are enabled on the daemon, such as
apparmor, seccomp, SELinux, and user-namespaces (userns).
Additional configuration options for each security feature may
be present, and are included as a comma-separated list of key/value
pairs.
type: array
items:
type: string
example:
- name=apparmor
- name=seccomp,profile=default
- name=selinux
- name=userns
ServerVersion:
description: |
Version string of the daemon.
> **Note**: the [standalone Swarm API](https://docs.docker.com/swarm/swarm-api/)
> returns the Swarm version instead of the daemon version, for example
> `swarm/1.2.8`.
type: string
example: 17.06.0-ce
SwapLimit:
description: Indicates if the host has memory swap limit support enabled.
type: boolean
example: true
Swarm:
"$ref": "#/definitions/SwarmInfo"
SystemStatus:
description: |
Status information about this node (standalone Swarm API).
<p><br /></p>
> **Note**: The information returned in this field is only propagated
> by the Swarm standalone API, and is empty (`null`) when using
> built-in swarm mode.
type: array
items:
type: array
items:
type: string
example:
- - Role
- primary
- - State
- Healthy
- - Strategy
- spread
- - Filters
- health, port, containerslots, dependency, affinity, constraint, whitelist
- - Nodes
- '2'
- - " swarm-agent-00"
- 192.168.99.102:2376
- - " └ ID"
- 5CT6:FBGO:RVGO:CZL4:PB2K:WCYN:2JSV:KSHH:GGFW:QOPG:6J5Q:IOZ2|192.168.99.102:2376
- - " └ Status"
- Healthy
- - " └ Containers"
- 1 (1 Running, 0 Paused, 0 Stopped)
- - " └ Reserved CPUs"
- 0 / 1
- - " └ Reserved Memory"
- 0 B / 1.021 GiB
- - " └ Labels"
- 'kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce
(TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux,
provider=virtualbox, storagedriver=aufs'
- - " └ UpdatedAt"
- '2017-08-09T10:03:46Z'
- - " └ ServerVersion"
- 17.06.0-ce
- - " swarm-manager"
- 192.168.99.101:2376
- - " └ ID"
- TAMD:7LL3:SEF7:LW2W:4Q2X:WVFH:RTXX:JSYS:XY2P:JEHL:ZMJK:JGIW|192.168.99.101:2376
- - " └ Status"
- Healthy
- - " └ Containers"
- 2 (2 Running, 0 Paused, 0 Stopped)
- - " └ Reserved CPUs"
- 0 / 1
- - " └ Reserved Memory"
- 0 B / 1.021 GiB
- - " └ Labels"
- 'kernelversion=4.4.74-boot2docker, operatingsystem=Boot2Docker 17.06.0-ce
(TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017, ostype=linux,
provider=virtualbox, storagedriver=aufs'
- - " └ UpdatedAt"
- '2017-08-09T10:04:11Z'
- - " └ ServerVersion"
- 17.06.0-ce
SystemTime:
description: |
Current system-time in [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
format with nano-seconds.
type: string
example: '2017-08-08T20:28:29.06202363Z'
Warnings:
description: |
List of warnings / informational messages about missing features, or
issues related to the daemon configuration.
These messages can be printed by the client as information to the user.
type: array
items:
type: string
example:
- 'WARNING: No memory limit support'
- 'WARNING: bridge-nf-call-iptables is disabled'
- 'WARNING: bridge-nf-call-ip6tables is disabled'
TLSInfo:
description: Information about the issuer of leaf TLS certificates and the trusted
root CA certificate
type: object
properties:
CertIssuerPublicKey:
description: The base64-url-safe-encoded raw public key bytes of the issuer
type: string
CertIssuerSubject:
description: The base64-url-safe-encoded raw subject bytes of the issuer
type: string
TrustRoot:
description: The root CA certificate(s) that are used to validate leaf TLS
certificates
type: string
example:
CertIssuerPublicKey: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmT9XIw9h1qoNclv9VeHmf/Vi6/uI2vFXdBveXTpcPjqx6i9wNazchk1XWV/dKTKvSh9xyGKmiIeRcE4OiMnJ1A==
CertIssuerSubject: MBMxETAPBgNVBAMTCHN3YXJtLWNh
TrustRoot: |
-----BEGIN CERTIFICATE-----
MIIBajCCARCgAwIBAgIUbYqrLSOSQHoxD8CwG6Bi2PJi9c8wCgYIKoZIzj0EAwIw
EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNDI0MjE0MzAwWhcNMzcwNDE5MjE0
MzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABJk/VyMPYdaqDXJb/VXh5n/1Yuv7iNrxV3Qb3l06XD46seovcDWs3IZNV1lf
3Skyr0ofcchipoiHkXBODojJydSjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
Af8EBTADAQH/MB0GA1UdDgQWBBRUXxuRcnFjDfR/RIAUQab8ZV/n4jAKBggqhkjO
PQQDAgNIADBFAiAy+JTe6Uc3KyLCMiqGl2GyWGQqQDEcO3/YG36x7om65AIhAJvz
pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
-----END CERTIFICATE-----
Task:
type: object
properties:
AssignedGenericResources:
"$ref": "#/definitions/GenericResources"
CreatedAt:
type: string
format: dateTime
DesiredState:
"$ref": "#/definitions/TaskState"
ID:
description: The ID of the task.
type: string
Labels:
description: User-defined key/value metadata.
type: object
additionalProperties:
type: string
Name:
description: Name of the task.
type: string
NodeID:
description: The ID of the node that this task is on.
type: string
ServiceID:
description: The ID of the service this task is part of.
type: string
Slot:
type: integer
Spec:
"$ref": "#/definitions/TaskSpec"
Status:
type: object
properties:
ContainerStatus:
type: object
properties:
ContainerID:
type: string
ExitCode:
type: integer
PID:
type: integer
Err:
type: string
Message:
type: string
State:
"$ref": "#/definitions/TaskState"
Timestamp:
type: string
format: dateTime
UpdatedAt:
type: string
format: dateTime
Version:
"$ref": "#/definitions/ObjectVersion"
example:
AssignedGenericResources:
- DiscreteResourceSpec:
Kind: SSD
Value: 3
- NamedResourceSpec:
Kind: GPU
Value: UUID1
- NamedResourceSpec:
Kind: GPU
Value: UUID2
CreatedAt: '2016-06-07T21:07:31.171892745Z'
DesiredState: running
ID: 0kzzo1i0y4jz6027t0k7aezc7
NetworksAttachments:
- Addresses:
- 10.255.0.10/16
Network:
CreatedAt: '2016-06-07T20:31:11.912919752Z'
DriverState:
Name: overlay
Options:
com.docker.network.driver.overlay.vxlanid_list: '256'
ID: 4qvuz4ko70xaltuqbt8956gd1
IPAMOptions:
Configs:
- Gateway: 10.255.0.1
Subnet: 10.255.0.0/16
Driver:
Name: default
Spec:
DriverConfiguration: {}
IPAMOptions:
Configs:
- Gateway: 10.255.0.1
Subnet: 10.255.0.0/16
Driver: {}
Labels:
com.docker.swarm.internal: 'true'
Name: ingress
UpdatedAt: '2016-06-07T21:07:29.955277358Z'
Version:
Index: 18
NodeID: 60gvrl6tm78dmak4yl7srz94v
ServiceID: 9mnpnzenvg8p8tdbtq4wvbkcz
Slot: 1
Spec:
ContainerSpec:
Image: redis
Placement: {}
Resources:
Limits: {}
Reservations: {}
RestartPolicy:
Condition: any
MaxAttempts: 0
Status:
ContainerStatus:
ContainerID: e5d62702a1b48d01c3e02ca1e0212a250801fa8d67caca0b6f35919ebc12f035
PID: 677
Message: started
State: running
Timestamp: '2016-06-07T21:07:31.290032978Z'
UpdatedAt: '2016-06-07T21:07:31.376370513Z'
Version:
Index: 71
TaskSpec:
description: User modifiable task configuration.
type: object
properties:
ContainerSpec:
description: |
Container spec for the service.
<p><br /></p>
> **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
> mutually exclusive. PluginSpec is only used when the Runtime field
> is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
> field is set to `attachment`.
type: object
properties:
Args:
description: Arguments to the command.
type: array
items:
type: string
Command:
description: The command to be run in the image.
type: array
items:
type: string
Configs:
description: Configs contains references to zero or more configs that
will be exposed to the service.
type: array
items:
type: object
properties:
ConfigID:
description: ConfigID represents the ID of the specific config that
we're referencing.
type: string
ConfigName:
description: |
ConfigName is the name of the config that this references, but this is just provided for
lookup/display purposes. The config in the reference will be identified by its ID.
type: string
File:
description: File represents a specific target that is backed by
a file.
type: object
properties:
GID:
description: GID represents the file GID.
type: string
Mode:
description: Mode represents the FileMode of the file.
type: integer
format: uint32
Name:
description: Name represents the final filename in the filesystem.
type: string
UID:
description: UID represents the file UID.
type: string
DNSConfig:
description: Specification for DNS related configurations in resolver
configuration file (`resolv.conf`).
type: object
properties:
Nameservers:
description: The IP addresses of the name servers.
type: array
items:
type: string
Options:
description: A list of internal resolver variables to be modified
(e.g., `debug`, `ndots:3`, etc.).
type: array
items:
type: string
Search:
description: A search list for host-name lookup.
type: array
items:
type: string
Dir:
description: The working directory for commands to run in.
type: string
Env:
description: A list of environment variables in the form `VAR=value`.
type: array
items:
type: string
Groups:
description: A list of additional groups that the container process will
run as.
type: array
items:
type: string
HealthCheck:
"$ref": "#/definitions/HealthConfig"
Hostname:
description: The hostname to use for the container, as a valid RFC 1123
hostname.
type: string
Hosts:
description: |
A list of hostname/IP mappings to add to the container's `hosts`
file. The format of extra hosts is specified in the
[hosts(5)](http://man7.org/linux/man-pages/man5/hosts.5.html)
man page:
IP_address canonical_hostname [aliases...]
type: array
items:
type: string
Image:
description: The image name to use for the container
type: string
Init:
description: Run an init inside the container that forwards signals and
reaps processes. This field is omitted if empty, and the default (as
configured on the daemon) is used.
type: boolean
x-nullable: true
Isolation:
description: Isolation technology of the containers running the service.
(Windows only)
type: string
enum:
- default
- process
- hyperv
Labels:
description: User-defined key/value data.
type: object
additionalProperties:
type: string
Mounts:
description: Specification for mounts to be added to containers created
as part of the service.
type: array
items:
"$ref": "#/definitions/Mount"
OpenStdin:
description: Open `stdin`
type: boolean
Privileges:
description: Security options for the container
type: object
properties:
CredentialSpec:
description: CredentialSpec for managed service account (Windows only)
type: object
properties:
File:
description: |
Load credential spec from this file. The file is read by the daemon, and must be present in the
`CredentialSpecs` subdirectory in the docker data directory, which defaults to
`C:\ProgramData\Docker\` on Windows.
For example, specifying `spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
<p><br /></p>
> **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
type: string
Registry:
description: |
Load credential spec from this value in the Windows registry. The specified registry value must be
located in:
`HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
<p><br /></p>
> **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
type: string
SELinuxContext:
description: SELinux labels of the container
type: object
properties:
Disable:
description: Disable SELinux
type: boolean
Level:
description: SELinux level label
type: string
Role:
description: SELinux role label
type: string
Type:
description: SELinux type label
type: string
User:
description: SELinux user label
type: string
ReadOnly:
description: Mount the container's root filesystem as read only.
type: boolean
Secrets:
description: Secrets contains references to zero or more secrets that
will be exposed to the service.
type: array
items:
type: object
properties:
File:
description: File represents a specific target that is backed by
a file.
type: object
properties:
GID:
description: GID represents the file GID.
type: string
Mode:
description: Mode represents the FileMode of the file.
type: integer
format: uint32
Name:
description: Name represents the final filename in the filesystem.
type: string
UID:
description: UID represents the file UID.
type: string
SecretID:
description: SecretID represents the ID of the specific secret that
we're referencing.
type: string
SecretName:
description: |
SecretName is the name of the secret that this references, but this is just provided for
lookup/display purposes. The secret in the reference will be identified by its ID.
type: string
StopGracePeriod:
description: Amount of time to wait for the container to terminate before
forcefully killing it.
type: integer
format: int64
StopSignal:
description: Signal to stop the container.
type: string
TTY:
description: Whether a pseudo-TTY should be allocated.
type: boolean
User:
description: The user inside the container.
type: string
ForceUpdate:
description: A counter that triggers an update even if no relevant parameters
have been changed.
type: integer
LogDriver:
description: Specifies the log driver to use for tasks created from this spec.
If not present, the default one for the swarm will be used, finally falling
back to the engine default if not specified.
type: object
properties:
Name:
type: string
Options:
type: object
additionalProperties:
type: string
NetworkAttachmentSpec:
description: |
Read-only spec type for non-swarm containers attached to swarm overlay
networks.
<p><br /></p>
> **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
> mutually exclusive. PluginSpec is only used when the Runtime field
> is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
> field is set to `attachment`.
type: object
properties:
ContainerID:
description: ID of the container represented by this task
type: string
Networks:
type: array
items:
type: object
properties:
Aliases:
type: array
items:
type: string
Target:
type: string
Placement:
type: object
properties:
Constraints:
description: An array of constraints.
type: array
items:
type: string
example:
- node.hostname!=node3.corp.example.com
- node.role!=manager
- node.labels.type==production
Platforms:
description: |
Platforms stores all the platforms that the service's image can
run on. This field is used in the platform filter for scheduling.
If empty, then the platform filter is off, meaning there are no
scheduling restrictions.
type: array
items:
"$ref": "#/definitions/Platform"
Preferences:
description: Preferences provide a way to make the scheduler aware of
factors such as topology. They are provided in order from highest to
lowest precedence.
type: array
items:
type: object
properties:
Spread:
type: object
properties:
SpreadDescriptor:
description: label descriptor, such as engine.labels.az
type: string
example:
- Spread:
SpreadDescriptor: node.labels.datacenter
- Spread:
SpreadDescriptor: node.labels.rack
PluginSpec:
description: |
Plugin spec for the service. *(Experimental release only.)*
<p><br /></p>
> **Note**: ContainerSpec, NetworkAttachmentSpec, and PluginSpec are
> mutually exclusive. PluginSpec is only used when the Runtime field
> is set to `plugin`. NetworkAttachmentSpec is used when the Runtime
> field is set to `attachment`.
type: object
properties:
Disabled:
description: Disable the plugin once scheduled.
type: boolean
Name:
description: The name or 'alias' to use for the plugin.
type: string
PluginPrivilege:
type: array
items:
description: Describes a permission accepted by the user upon installing
the plugin.
type: object
properties:
Description:
type: string
Name:
type: string
Value:
type: array
items:
type: string
Remote:
description: The plugin image reference to use.
type: string
Resources:
description: Resource requirements which apply to each individual container
created as part of the service.
type: object
properties:
Limits:
description: Define resources limits.
"$ref": "#/definitions/ResourceObject"
Reservation:
description: Define resources reservation.
"$ref": "#/definitions/ResourceObject"
RestartPolicy:
description: Specification for the restart policy which applies to containers
created as part of this service.
type: object
properties:
Condition:
description: Condition for restart.
type: string
enum:
- none
- on-failure
- any
Delay:
description: Delay between restart attempts.
type: integer
format: int64
MaxAttempts:
description: Maximum attempts to restart a given container before giving
up (default value is 0, which is ignored).
type: integer
format: int64
default: 0
Window:
description: Windows is the time window used to evaluate the restart policy
(default value is 0, which is unbounded).
type: integer
format: int64
default: 0
Runtime:
description: Runtime is the type of runtime specified for the task executor.
type: string
TaskState:
type: string
enum:
- new
- allocated
- pending
- assigned
- accepted
- preparing
- ready
- starting
- running
- complete
- shutdown
- failed
- rejected
- remove
- orphaned
ThrottleDevice:
type: object
properties:
Path:
description: Device path
type: string
Rate:
description: Rate
type: integer
format: int64
minimum: 0
Volume:
type: object
required:
- Name
- Driver
- Mountpoint
- Labels
- Scope
- Options
properties:
CreatedAt:
description: Date/Time the volume was created.
type: string
format: dateTime
Driver:
description: Name of the volume driver used by the volume.
type: string
x-nullable: false
Labels:
description: User-defined key/value metadata.
type: object
additionalProperties:
type: string
x-nullable: false
Mountpoint:
description: Mount path of the volume on the host.
type: string
x-nullable: false
Name:
description: Name of the volume.
type: string
x-nullable: false
Options:
description: The driver specific options used when creating the volume.
type: object
additionalProperties:
type: string
Scope:
description: The level at which the volume exists. Either `global` for cluster-wide,
or `local` for machine level.
type: string
default: local
enum:
- local
- global
x-nullable: false
Status:
description: |
Low-level details about the volume, provided by the volume driver.
Details are returned as a map with key/value pairs:
`{"key":"value","key2":"value2"}`.
The `Status` field is optional, and is omitted if the volume driver
does not support this feature.
type: object
additionalProperties:
type: object
UsageData:
description: |
Usage details about the volume. This information is used by the
`GET /system/df` endpoint, and omitted in other endpoints.
type: object
required:
- Size
- RefCount
properties:
RefCount:
description: |
The number of containers referencing this volume. This field
is set to `-1` if the reference-count is not available.
type: integer
default: -1
x-nullable: false
Size:
description: |
Amount of disk space used by the volume (in bytes). This information
is only available for volumes created with the `"local"` volume
driver. For volumes created with other volume drivers, this field
is set to `-1` ("not available")
type: integer
default: -1
x-nullable: false
x-nullable: true
example:
CreatedAt: '2016-06-07T20:31:11.853781916Z'
Driver: custom
Labels:
com.example.some-label: some-value
com.example.some-other-label: some-other-value
Mountpoint: "/var/lib/docker/volumes/tardis"
Name: tardis
Scope: local
Status:
hello: world
api.putConfigOrLicenseResponse:
id: api.putConfigOrLicenseResponse
required:
- message
properties:
message:
type: string
apitypes.IngressNodeToleration:
id: apitypes.IngressNodeToleration
required:
- key
- value
- operator
- effect
properties:
effect:
type: string
key:
type: string
operator:
type: string
value:
type: string
auth.Credentials:
id: auth.Credentials
properties:
code:
type: string
password:
type: string
token:
type: string
useTLS:
type: boolean
username:
type: string
auth.LoginResponse:
id: auth.LoginResponse
properties:
auth_token:
type: string
authz.Collection:
id: authz.Collection
required:
- name
- path
- id
- parent_ids
- label_constraints
- legacylabelkey
- legacylabelvalue
- created_at
- updated_at
properties:
created_at:
description: When the collection was created
type: string
format: date-time
id:
description: A unique ID for this collection
type: string
label_constraints:
description: A set of label constraints to be applied to any service or container
created in this collection
type: array
items:
"$ref": "#/definitions/authz.LabelConstraint"
legacylabelkey:
description: The key of the legacy authorization label for this collection
type: string
legacylabelvalue:
description: The value of the legacy authorization label for this collection
type: string
name:
description: The name of the collection
type: string
parent_ids:
description: A list of collection IDs of parent collections
type: array
items:
type: string
path:
description: The full path of the collection
type: string
updated_at:
description: When the collection was updated
type: string
format: date-time
authz.CollectionCreate:
id: authz.CollectionCreate
required:
- name
- parent_id
- label_constraints
- legacy_label_key
- legacy_label_value
properties:
label_constraints:
type: array
items:
"$ref": "#/definitions/authz.LabelConstraint"
legacy_label_key:
type: string
legacy_label_value:
type: string
name:
type: string
parent_id:
type: string
authz.CollectionCreateResponse:
id: authz.CollectionCreateResponse
required:
- id
properties:
id:
type: string
authz.CollectionID:
id: authz.CollectionID
required:
- id
properties:
id:
type: string
authz.CollectionUpdate:
id: authz.CollectionUpdate
required:
- label_constraints
properties:
label_constraints:
type: array
items:
"$ref": "#/definitions/authz.LabelConstraint"
authz.LabelConstraint:
id: authz.LabelConstraint
required:
- type
- label_key
- label_value
- equality
properties:
equality:
type: boolean
label_key:
type: string
label_value:
type: string
type:
type: string
authz.RoleCreateResponse:
id: authz.RoleCreateResponse
required:
- id
properties:
id:
description: The ID of the newly created role
type: string
catalog.Catalog:
id: catalog.Catalog
properties:
controls:
type: array
items:
"$ref": "#/definitions/catalog.Control"
declarations:
"$ref": "#/definitions/catalog.Declarations"
groups:
type: array
items:
"$ref": "#/definitions/catalog.Group"
id:
type: string
modelVersion:
type: string
references:
"$ref": "#/definitions/catalog.References"
sections:
type: array
items:
"$ref": "#/definitions/catalog.Section"
title:
type: string
catalog.Choice:
id: catalog.Choice
catalog.Citation:
id: catalog.Citation
properties:
href:
"$ref": "#/definitions/catalog.Href"
id:
type: string
value:
type: string
catalog.Constraint:
id: catalog.Constraint
properties:
test:
type: string
value:
type: string
catalog.Control:
id: catalog.Control
properties:
class:
type: string
id:
type: string
links:
type: array
items:
"$ref": "#/definitions/catalog.Link"
params:
type: array
items:
"$ref": "#/definitions/catalog.Param"
parts:
type: array
items:
"$ref": "#/definitions/catalog.Part"
props:
type: array
items:
"$ref": "#/definitions/catalog.Prop"
references:
"$ref": "#/definitions/catalog.References"
subcontrols:
type: array
items:
"$ref": "#/definitions/catalog.Subcontrol"
title:
type: string
catalog.Declarations:
id: catalog.Declarations
properties:
href:
"$ref": "#/definitions/catalog.Href"
value:
type: string
catalog.Desc:
id: catalog.Desc
properties:
id:
type: string
value:
type: string
catalog.Group:
id: catalog.Group
properties:
class:
type: string
controls:
type: array
items:
"$ref": "#/definitions/catalog.Control"
groups:
type: array
items:
"$ref": "#/definitions/catalog.Group"
id:
type: string
params:
type: array
items:
"$ref": "#/definitions/catalog.Param"
parts:
type: array
items:
"$ref": "#/definitions/catalog.Part"
props:
type: array
items:
"$ref": "#/definitions/catalog.Prop"
references:
"$ref": "#/definitions/catalog.References"
title:
type: string
catalog.Guideline:
id: catalog.Guideline
properties:
prose:
type: string
catalog.Href:
id: catalog.Href
required:
- URL
properties:
URL:
"$ref": "#/definitions/url.URL"
catalog.Link:
id: catalog.Link
properties:
href:
"$ref": "#/definitions/catalog.Href"
rel:
type: string
value:
type: string
catalog.Param:
id: catalog.Param
properties:
class:
type: string
constraints:
type: array
items:
"$ref": "#/definitions/catalog.Constraint"
dependsOn:
type: string
descs:
type: array
items:
"$ref": "#/definitions/catalog.Desc"
guidelines:
type: array
items:
"$ref": "#/definitions/catalog.Guideline"
id:
type: string
label:
type: string
links:
type: array
items:
"$ref": "#/definitions/catalog.Link"
select:
"$ref": "#/definitions/catalog.Select"
value:
type: string
catalog.Part:
id: catalog.Part
properties:
class:
type: string
id:
type: string
links:
type: array
items:
"$ref": "#/definitions/catalog.Link"
parts:
type: array
items:
"$ref": "#/definitions/catalog.Part"
props:
type: array
items:
"$ref": "#/definitions/catalog.Prop"
prose:
type: string
title:
type: string
catalog.Prop:
id: catalog.Prop
properties:
class:
type: string
id:
type: string
value:
type: string
catalog.Ref:
id: catalog.Ref
properties:
citations:
type: array
items:
"$ref": "#/definitions/catalog.Citation"
id:
type: string
prose:
type: string
catalog.References:
id: catalog.References
properties:
id:
type: string
links:
type: array
items:
"$ref": "#/definitions/catalog.Link"
refs:
type: array
items:
"$ref": "#/definitions/catalog.Ref"
catalog.Section:
id: catalog.Section
properties:
class:
type: string
id:
type: string
prose:
type: string
references:
"$ref": "#/definitions/catalog.References"
sections:
type: array
items:
"$ref": "#/definitions/catalog.Section"
title:
type: string
catalog.Select:
id: catalog.Select
properties:
choices:
type: array
items:
"$ref": "#/definitions/catalog.Choice"
howMany:
type: string
catalog.Subcontrol:
id: catalog.Subcontrol
properties:
class:
type: string
id:
type: string
links:
type: array
items:
"$ref": "#/definitions/catalog.Link"
params:
type: array
items:
"$ref": "#/definitions/catalog.Param"
parts:
type: array
items:
"$ref": "#/definitions/catalog.Part"
props:
type: array
items:
"$ref": "#/definitions/catalog.Prop"
references:
"$ref": "#/definitions/catalog.References"
title:
type: string
config.AuditLogConfiguration:
id: config.AuditLogConfiguration
required:
- level
- support_bundle_include_audit_logs
properties:
level:
type: string
support_bundle_include_audit_logs:
type: boolean
config.AuthConfiguration:
id: config.AuthConfiguration
required:
- sessions
- saml
- scim
- backend
properties:
backend:
description: The name of the auth backend to use
type: string
enum:
- managed
- ldap
defaultNewUserRole:
type: string
externalOpenIdHttpProxy:
description: HTTP proxy used to connect to an external openID provider
type: string
externalOpenIdHttpsProxy:
description: HTTPS proxy used to connect to an external openID provider
type: string
externalOpenIdProviderClientId:
description: Client id of external OpenID provider
type: string
managedPasswordDisabled:
description: Whether the managed authentication is disabled in the system
type: boolean
managedPasswordFallbackUser:
description: Fallback user that may log in when basic authentication is disabled
type: string
saml:
"$ref": "#/definitions/forms.SAMLSettings"
samlEnabled:
description: Whether SAML SSO is enabled in the system
type: boolean
samlLoginText:
description: Customized SAML Login Text
type: string
scim:
"$ref": "#/definitions/forms.SCIMSettings"
scimEnabled:
description: Whether SCIM is enabled in the system
type: boolean
sessions:
"$ref": "#/definitions/forms.SessionsConfig"
wellKnownOpenIdConfig:
description: ".well-known/openid-configuration address of external OpenID
provider"
type: string
config.HTTPHeader:
id: config.HTTPHeader
required:
- name
- value
properties:
name:
type: string
value:
type: string
config.LicenseConfiguration:
id: config.LicenseConfiguration
required:
- auto_refresh
- license_server_url
- license_server_public_key
properties:
auto_refresh:
type: boolean
license_server_public_key:
type: string
license_server_url:
type: string
config.LogConfiguration:
id: config.LogConfiguration
required:
- level
properties:
level:
type: string
config.PKI:
id: config.PKI
required:
- clientCABundle
properties:
clientCABundle:
type: string
config.SchedulingConfiguration:
id: config.SchedulingConfiguration
required:
- enable_admin_ucp_scheduling
- default_node_orchestrator
properties:
default_node_orchestrator:
type: string
enable_admin_ucp_scheduling:
type: boolean
config.TrackingConfiguration:
id: config.TrackingConfiguration
required:
- disable_usageinfo
- disable_tracking
- ClusterLabel
- analytics_server_url
properties:
ClusterLabel:
type: string
analytics_server_url:
type: string
disable_tracking:
type: boolean
disable_usageinfo:
type: boolean
config.TrustConfiguration:
id: config.TrustConfiguration
required:
- require_content_trust
- require_signature_from
- allow_repos
properties:
allow_repos:
type: array
items:
type: string
require_content_trust:
type: boolean
require_signature_from:
type: array
items:
type: string
config.TrustedRegistryConfig:
id: config.TrustedRegistryConfig
required:
- hostAddress
- serviceID
- caBundle
- batchScanningDataEnabled
properties:
batchScanningDataEnabled:
type: boolean
caBundle:
type: string
hostAddress:
type: string
serviceID:
type: string
config.UCPConfiguration:
id: config.UCPConfiguration
required:
- auth
- Registries
- SchedulingConfiguration
- TrackingConfiguration
- TrustConfiguration
- LogConfiguration
- AuditLogConfiguration
- LicenseConfiguration
- customAPIServerHeaders
- pki
- user_workload_defaults
- ClusterConfig
properties:
AuditLogConfiguration:
"$ref": "#/definitions/config.AuditLogConfiguration"
ClusterConfig:
"$ref": "#/definitions/types.ClusterConfig"
LicenseConfiguration:
"$ref": "#/definitions/config.LicenseConfiguration"
LogConfiguration:
"$ref": "#/definitions/config.LogConfiguration"
Registries:
type: array
items:
"$ref": "#/definitions/config.TrustedRegistryConfig"
SchedulingConfiguration:
"$ref": "#/definitions/config.SchedulingConfiguration"
TrackingConfiguration:
"$ref": "#/definitions/config.TrackingConfiguration"
TrustConfiguration:
"$ref": "#/definitions/config.TrustConfiguration"
auth:
"$ref": "#/definitions/config.AuthConfiguration"
customAPIServerHeaders:
type: array
items:
"$ref": "#/definitions/config.HTTPHeader"
pki:
"$ref": "#/definitions/config.PKI"
user_workload_defaults:
"$ref": "#/definitions/config.UserWorkloadDefaults"
config.UserWorkloadDefaults:
id: config.UserWorkloadDefaults
required:
- swarmDefaults
properties:
swarmDefaults:
type: object
errors.APIError:
id: errors.APIError
required:
- code
- message
properties:
code:
type: string
detail:
"$ref": "#/definitions/errors.APIError.detail"
message:
type: string
errors.APIError.detail:
id: errors.APIError.detail
forms.BulkOperation:
id: forms.BulkOperation
required:
- op
properties:
op:
description: The operation to perform
type: string
ref:
description: An identifier referencing the object on which to perform the
operation, if applicable
type: string
value:
description: The form value to submit for the operation, if applicable
type: string
forms.BulkOperations:
id: forms.BulkOperations
required:
- operations
properties:
operations:
type: array
items:
"$ref": "#/definitions/forms.BulkOperation"
forms.Certificate:
id: forms.Certificate
required:
- label
- cert
properties:
cert:
description: Encoded PEM for the cert
type: string
label:
description: Label for the certificate
type: string
forms.ChangePassword:
id: forms.ChangePassword
required:
- oldPassword
- newPassword
properties:
newPassword:
description: User's new password
type: string
oldPassword:
description: User's current password. Required if the client is changing their
own password. May be omitted if an admin is changing another user's password
type: string
forms.CreateAccount:
id: forms.CreateAccount
required:
- name
properties:
fullName:
description: Full name of account
type: string
isActive:
description: Whether the user is active and can login (users only)
type: boolean
isAdmin:
description: Whether the user is an admin (users only)
type: boolean
isOrg:
description: Whether the account is an organization
type: boolean
name:
description: Name of account
type: string
password:
description: Password for the user (users only)
type: string
searchLDAP:
description: Whether the user should be found by searching against the currently
configured LDAP servers. If true, the password field may be omitted and
the discovered full name of the user will be used if one is not specified
in this form (users only)
type: boolean
tags:
description: Metadata for the user.
type: object
forms.CreateAccountPublicKey:
id: forms.CreateAccountPublicKey
required:
- publicKey
properties:
certificates:
description: certificates for the public key
type: array
items:
"$ref": "#/definitions/forms.Certificate"
label:
description: Label or description for the key
type: string
publicKey:
description: Encoded PEM for the public key
type: string
forms.CreateTeam:
id: forms.CreateTeam
required:
- name
properties:
description:
description: Description of the team
type: string
name:
description: Name of the team
type: string
forms.GroupLinkOpts:
id: forms.GroupLinkOpts
required:
- enableLink
- groupName
properties:
enableLink:
description: Whether to enable SAML linking. If false, all other fields are
ignored
type: boolean
groupName:
description: The group name that is obtained from group attribute of the SAML
assertion
type: string
forms.KaasRoleOpts:
id: forms.KaasRoleOpts
required:
- enableIamRole
- roleName
properties:
enableIamRole:
description: Whether to enable KaaS role linking. If false, all other fields
are ignored.
type: boolean
roleName:
description: The group name that is obtained from the iam_roles field of the
openID auth token.
type: string
forms.LDAPDomainServerConfig:
id: forms.LDAPDomainServerConfig
required:
- domain
- readerPassword
- noSimplePagination
- tlsSkipVerify
- rootCerts
- readerDN
- lastReaderDN
- lastReaderPassword
- serverURL
- startTLS
properties:
domain:
description: The root domain component of this server, e.g., dc=example,dc=com.
A longest-suffix match of the base DN for LDAP searches is used to select
which LDAP server to use for search requests. If no matching domain is found,
the default LDAP server config is used.
type: string
lastReaderDN:
type: string
lastReaderPassword:
type: string
noSimplePagination:
description: The server does not support the Simple Paged Results control
extension (RFC 2696)
type: boolean
readerDN:
description: The distinguished name the system will use to bind to the LDAP
server when performing searches
type: string
readerPassword:
description: The password that the system will use to bind to the LDAP server
when performing searches
type: string
rootCerts:
description: A root certificate PEM bundle to use when establishing a TLS
connection to the server
type: string
serverURL:
description: The URL of the LDAP server
type: string
startTLS:
description: Whether to use StartTLS to secure the connection to the server,
ignored if server URL scheme is 'ldaps://'
type: boolean
tlsSkipVerify:
description: Whether to skip verifying of the server's certificate when establishing
a TLS connection, not recommended unless testing on a secure network
type: boolean
forms.LDAPSettings:
id: forms.LDAPSettings
required:
- syncSchedule
- jitUserProvisioning
- serverURL
- rootCerts
- tlsSkipVerify
- readerDN
- readerPassword
- noSimplePagination
- startTLS
- lastReaderDN
- lastReaderPassword
- additionalDomains
- userSearchConfigs
- adminSyncOpts
properties:
additionalDomains:
description: A list of additional LDAP domains (and corresponding server configs)
from which to sync users and team members
type: array
items:
"$ref": "#/definitions/forms.LDAPDomainServerConfig"
adminSyncOpts:
description: Settings for syncing system admin users
"$ref": "#/definitions/forms.MemberSyncOpts"
jitUserProvisioning:
description: Whether to only create user accounts upon first login (recommended)
type: boolean
lastReaderDN:
type: string
lastReaderPassword:
type: string
noSimplePagination:
description: The server does not support the Simple Paged Results control
extension (RFC 2696)
type: boolean
readerDN:
description: The distinguished name the system will use to bind to the LDAP
server when performing searches
type: string
readerPassword:
description: The password that the system will use to bind to the LDAP server
when performing searches
type: string
rootCerts:
description: A root certificate PEM bundle to use when establishing a TLS
connection to the server
type: string
serverURL:
description: The URL of the LDAP server
type: string
startTLS:
description: Whether to use StartTLS to secure the connection to the server,
ignored if server URL scheme is 'ldaps://'
type: boolean
syncSchedule:
description: 'The scheduled time for automatic LDAP sync jobs. Can be specified
in CRON table entry format (with a seconds field always set to 0): ''0 (minutes)
(hours) (day of month) (month of year) (day of week, optional)''. Can also
be specified as a predefined scheduling definition: ''@hourly'', ''@daily'',
or ''@weekly''. Default is ''@hourly'' if empty or omitted'
type: string
tlsSkipVerify:
description: Whether to skip verifying of the server's certificate when establishing
a TLS connection, not recommended unless testing on a secure network
type: boolean
userSearchConfigs:
description: One or more settings for syncing users
type: array
items:
"$ref": "#/definitions/forms.UserSearchOpts"
forms.MemberSyncOpts:
id: forms.MemberSyncOpts
required:
- enableSync
- selectGroupMembers
- groupDN
- groupMemberAttr
- searchBaseDN
- searchScopeSubtree
- searchFilter
properties:
enableSync:
description: Whether to enable LDAP syncing. If false, all other fields are
ignored
type: boolean
groupDN:
description: The distinguished name of the LDAP group. Required if selectGroupMembers
is true, ignored otherwise
type: string
groupMemberAttr:
description: The name of the LDAP group entry attribute which corresponds
to distinguished names of members. Required if selectGroupMembers is true,
ignored otherwise
type: string
searchBaseDN:
description: The distinguished name of the element from which the LDAP server
will search for users. Required if selectGroupMembers is false, ignored
otherwise
type: string
searchFilter:
description: The LDAP search filter used to select users if selectGroupMembers
is false, may be left blank
type: string
searchScopeSubtree:
description: Whether to search for users in the entire subtree of the base
DN or to only search one level under the base DN (if false). Required if
selectGroupMembers is false, ignored otherwise
type: boolean
selectGroupMembers:
description: Whether to sync using a group DN and member attribute selection
or to use a search filter (if false)
type: boolean
forms.OneTimePasswordCode:
id: forms.OneTimePasswordCode
required:
- code
properties:
code:
description: The code provided to check One Time passwords
type: string
forms.SAMLSettings:
id: forms.SAMLSettings
required:
- idpMetadataURL
- spHost
- rootCerts
- tlsSkipVerify
properties:
idpMetadataURL:
description: The Identity Provider's Metadata URL'
type: string
rootCerts:
description: Root Certs to access IdP Metadata
type: string
spHost:
description: The Host address of the Service Provider
type: string
tlsSkipVerify:
description: Option for TLSSkipVerify
type: boolean
forms.SCIMSettings:
id: forms.SCIMSettings
required:
- token
- orgName
properties:
orgName:
description: Organization name for the teams
type: string
token:
description: API token for accessing the SCIM endpoints
type: string
forms.SessionsConfig:
id: forms.SessionsConfig
required:
- lifetimeMinutes
- renewalThresholdMinutes
- perUserLimit
- storeTokenPerSession
properties:
lifetimeMinutes:
description: Specifies the initial lifetime (in minutes) of a session from
the moment it is generated, minimum is 10 minutes
type: integer
format: integer
perUserLimit:
description: Indicates the maximum number of sessions that any user can have
active at any given time. If creating a new session would put a user over
this limit then the least recently used session will be deleted. A value
of zero disables limiting the number of sessions that users may have
type: integer
format: integer
renewalThresholdMinutes:
description: Indicates a period of time (in minutes) before the expiration
of a session where, if used, a session will be extended by the current configured
lifetime from then, a zero value disables session extension, maximum is
5 minutes less than initial session lifetime
type: integer
format: integer
storeTokenPerSession:
description: StoreTokenPerSession if set, user token that's used to identify
will be stored in sessionStorage instead of localStorage. This will cause
side affects in which, user being logged out per tab session.
type: boolean
forms.SetMembership:
id: forms.SetMembership
properties:
isAdmin:
description: Whether the member should be an admin of the organization or
team (default false), unchanged if nil or omitted
type: boolean
forms.UpdateAccount:
id: forms.UpdateAccount
properties:
fullName:
description: Full name of account, unchanged if null or omitted
type: string
isActive:
description: Whether the user is active and can login (users only), unchanged
if null or omitted
type: boolean
isAdmin:
description: Whether the user is an admin (users only), unchanged if null
or omitted
type: boolean
forms.UpdateAccountPublicKey:
id: forms.UpdateAccountPublicKey
properties:
certificates:
description: certificates for the public key
type: array
items:
"$ref": "#/definitions/forms.Certificate"
label:
description: Label or description for the key
type: string
forms.UpdateTeam:
id: forms.UpdateTeam
properties:
description:
description: Description of the team, unchanged if nil or omitted
type: string
name:
description: Name of the team, unchanged if nil or omitted
type: string
forms.UserSearchOpts:
id: forms.UserSearchOpts
required:
- baseDN
- scopeSubtree
- usernameAttr
- fullNameAttr
- filter
- matchGroup
- matchGroupDN
- matchGroupMemberAttr
- matchGroupIterate
properties:
baseDN:
description: The distinguished name of the element from which the LDAP server
will search for users
type: string
filter:
description: The LDAP search filter used to select user elements, may be left
blank
type: string
fullNameAttr:
description: The name of the attribute of the LDAP user element which should
be selected as the full name of the user
type: string
matchGroup:
description: Whether to additionally filter users to those who are direct
members of a group
type: boolean
matchGroupDN:
description: The distinguished name of the LDAP group. Required if matchGroup
is true, ignored otherwise
type: string
matchGroupIterate:
description: Whether to iterate through the group members and perform a lookup
for each one separately to get all of the user attributes, instead of searching
users first then apply the group selection filter. Ignored if matchGroup
is false
type: boolean
matchGroupMemberAttr:
description: The name of the LDAP group entry attribute which corresponds
to distinguished names of members. Required if matchGroup is true, ignored
otherwise
type: string
scopeSubtree:
description: Whether to search for users in the entire subtree of the base
DN or to only search one level under the base DN (if false)
type: boolean
usernameAttr:
description: The name of the attribute of the LDAP user element which should
be selected as the username
type: string
implementation.AssessedValue:
id: implementation.AssessedValue
required:
- value
properties:
assessmentId:
type: string
compliant:
type: boolean
output:
type: string
value:
type: string
implementation.AssessmentData:
id: implementation.AssessmentData
properties:
assessmentId:
type: string
guidance:
type: string
validationResults:
type: array
items:
"$ref": "#/definitions/implementation.ValidationResult"
implementation.Capabilities:
id: implementation.Capabilities
implementation.ComponentConfiguration:
id: implementation.ComponentConfiguration
required:
- id
- labels
- name
- description
- provisioningMechanisms
- validationMechanisms
- configurableValues
properties:
configurableValues:
type: array
items:
"$ref": "#/definitions/implementation.ConfigurableValue"
description:
type: string
id:
type: string
labels:
type: object
name:
type: string
provisioningMechanisms:
type: array
items:
"$ref": "#/definitions/implementation.Mechanism"
validationMechanisms:
type: array
items:
"$ref": "#/definitions/implementation.Mechanism"
implementation.ComponentDefinition:
id: implementation.ComponentDefinition
required:
- id
properties:
componentConfigurations:
type: array
items:
"$ref": "#/definitions/implementation.ComponentConfiguration"
componentType:
type: string
controlImplementations:
type: array
items:
"$ref": "#/definitions/implementation.ControlImplementation"
id:
type: string
implementsProfiles:
type: array
items:
"$ref": "#/definitions/implementation.ImplementsProfile"
name:
type: string
relationships:
type: array
items:
"$ref": "#/definitions/implementation.Relationship"
version:
type: string
implementation.ComponentSpecifications:
id: implementation.ComponentSpecifications
implementation.ConfigurableValue:
id: implementation.ConfigurableValue
required:
- valueId
- value
properties:
value:
type: string
valueId:
type: string
implementation.ControlConfiguration:
id: implementation.ControlConfiguration
required:
- configurationIdRef
- parameters
properties:
configurationIdRef:
type: string
parameters:
type: array
items:
"$ref": "#/definitions/implementation.Parameter"
provisioningMechanisms:
type: array
items:
"$ref": "#/definitions/implementation.ProvisioningMechanism"
implementation.ControlId:
id: implementation.ControlId
required:
- assesmentData
properties:
assesmentData:
"$ref": "#/definitions/implementation.AssessmentData"
catalogIdRef:
type: string
controlId:
type: string
itemId:
type: string
implementation.ControlImplementation:
id: implementation.ControlImplementation
required:
- id
- controlIds
- satisfactionRequirements
- guidance
- controlConfigurations
- validationMechanisms
- parameters
properties:
controlConfigurations:
type: array
items:
"$ref": "#/definitions/implementation.ControlConfiguration"
controlIds:
type: array
items:
"$ref": "#/definitions/implementation.ControlId"
guidance:
type: string
id:
type: string
parameters:
type: array
items:
"$ref": "#/definitions/implementation.Parameter"
satisfactionRequirements:
type: string
validationMechanisms:
type: array
items:
"$ref": "#/definitions/implementation.ValidationMechanism"
implementation.Implementation:
id: implementation.Implementation
required:
- componentDefinitions
properties:
capabilities:
"$ref": "#/definitions/implementation.Capabilities"
component-specifications:
"$ref": "#/definitions/implementation.ComponentSpecifications"
componentDefinitions:
type: array
items:
"$ref": "#/definitions/implementation.ComponentDefinition"
implementation.ImplementsProfile:
id: implementation.ImplementsProfile
required:
- profileId
- controlConfigurations
properties:
controlConfigurations:
type: array
items:
"$ref": "#/definitions/implementation.ControlConfiguration"
profileId:
type: string
implementation.Mechanism:
id: implementation.Mechanism
required:
- id
- type
- data
properties:
data:
type: string
id:
type: string
type:
type: string
implementation.Parameter:
id: implementation.Parameter
properties:
assessedValue:
"$ref": "#/definitions/implementation.AssessedValue"
defaultValue:
type: string
guidance:
type: array
items:
type: string
parameterId:
type: string
possibleValues:
type: array
items:
type: string
valueId:
type: string
implementation.ProvisioningMechanism:
id: implementation.ProvisioningMechanism
required:
- ProvisioningMechanismRefIds
properties:
ProvisioningMechanismRefIds:
type: array
items:
type: string
provisionedControls:
type: array
items:
"$ref": "#/definitions/implementation.ControlId"
implementation.Relationship:
id: implementation.Relationship
required:
- idRef
- type
- cardinality
properties:
cardinality:
type: string
idRef:
type: string
type:
type: string
implementation.ValidationMechanism:
id: implementation.ValidationMechanism
required:
- validationMechanismRefIds
- validatedControls
properties:
validatedControls:
type: array
items:
"$ref": "#/definitions/implementation.ControlId"
validationMechanismRefIds:
type: array
items:
type: string
implementation.ValidationResult:
id: implementation.ValidationResult
properties:
compliant:
type: boolean
output:
type: string
validationMechanismRefId:
type: string
oscal.AssessmentComponent:
id: oscal.AssessmentComponent
required:
- name
properties:
name:
type: string
version:
type: string
oscal.AssessmentID:
id: oscal.AssessmentID
oscal.AssessmentResult:
id: oscal.AssessmentResult
required:
- component
- message
- systemStatus
- applicableControls
properties:
applicableControls:
type: array
items:
"$ref": "#/definitions/catalog.Control"
component:
"$ref": "#/definitions/oscal.AssessmentComponent"
message:
type: string
nodeStatus:
type: object
subComponent:
type: array
items:
"$ref": "#/definitions/oscal.AssessmentSubComponent"
systemStatus:
type: string
systemValue:
type: string
oscal.AssessmentSubComponent:
id: oscal.AssessmentSubComponent
required:
- name
- value
properties:
applicableControls:
type: array
items:
"$ref": "#/definitions/catalog.Control"
config:
type: string
name:
type: string
status:
type: string
value:
"$ref": "#/definitions/oscal.AssessmentSubComponent.value"
oscal.AssessmentSubComponent.value:
id: oscal.AssessmentSubComponent.value
responses.Account:
id: responses.Account
required:
- name
- id
- fullName
- isOrg
properties:
fullName:
description: Full Name of the account
type: string
id:
description: ID of the account
type: string
isActive:
description: Whether the user is active and can login (users only)
type: boolean
isAdmin:
description: Whether the user is a system admin (users only)
type: boolean
isImported:
description: Whether the user was imported from an upstream identity provider
type: boolean
isOrg:
description: Whether the account is an organization (or user)
type: boolean
membersCount:
description: The number of members of the organization
type: integer
format: int32
name:
description: Name of the account
type: string
onDemand:
description: Whether the user is a KaaS created-on-demand user
type: boolean
otpEnabled:
description: Whether the user enabled one-time password
type: boolean
tags:
description: User metadata information like his/her ID from external IDP.
type: object
teamsCount:
description: The number of teams in the organization
type: integer
format: int32
responses.AccountPublicKey:
id: responses.AccountPublicKey
required:
- id
- accountID
- publicKey
- label
properties:
accountID:
description: the ID of the account
type: string
certificates:
description: certificates for the public key
type: array
items:
"$ref": "#/definitions/responses.Certificate"
id:
description: the hash of the public key's DER bytes
type: string
label:
description: the label or description for the key
type: string
publicKey:
description: the encoded PEM of the public key
type: string
responses.AccountPublicKeys:
id: responses.AccountPublicKeys
required:
- accountPublicKeys
- nextPageStart
properties:
accountPublicKeys:
type: array
items:
"$ref": "#/definitions/responses.AccountPublicKey"
nextPageStart:
description: The page start value which can be used to request the next batch
of items (empty if there are no more items remaining)
type: string
responses.Accounts:
id: responses.Accounts
required:
- accounts
- usersCount
- orgsCount
- nextPageStart
- resourceCount
properties:
accounts:
type: array
items:
"$ref": "#/definitions/responses.Account"
nextPageStart:
description: The page start value which can be used to request the next batch
of items (empty if there are no more items remaining)
type: string
orgsCount:
description: The total (unpaged) number of organizations (not considering
any filters applied to this request)
type: integer
format: int32
resourceCount:
description: The total (unpaged) number of items (not considering any filters
applied to the request)
type: integer
format: int32
usersCount:
description: The total (unpaged) number of users (not considering any filters
applied to this request)
type: integer
format: int32
responses.BulkResult:
id: responses.BulkResult
required:
- op
- success
properties:
error:
description: If not successful, the error encountered when performing the
operation on this resource
"$ref": "#/definitions/errors.APIError"
op:
description: The operation which was perfomed
type: string
ref:
description: The corresponding identifier in the bulk operation request
type: string
success:
description: Whether the bulk operation was successful for this resource
type: boolean
responses.BulkResults:
id: responses.BulkResults
required:
- results
properties:
results:
description: List of results for the bulk operation. The index of a bulk result
corresponds to the index of the resource in the bulk request if result identifiers
are omitted
type: array
items:
"$ref": "#/definitions/responses.BulkResult"
responses.Certificate:
id: responses.Certificate
required:
- label
- cert
properties:
cert:
description: Encoded PEM for the cert
type: string
label:
description: Label for the certificate
type: string
responses.Grant:
id: responses.Grant
required:
- subjectID
- objectID
- roleID
properties:
objectID:
description: ID of the object managed by the service
type: string
roleID:
description: ID of the role managed by the service
type: string
subjectID:
description: ID of the subject of this grant
type: string
responses.GrantSubject:
id: responses.GrantSubject
required:
- id
- subject_type
properties:
account:
description: The account associated with this subject, if any
"$ref": "#/definitions/responses.Account"
id:
description: ID of this subject
type: string
subject_type:
description: The type of this subject (anonymous, authenticated, user, team,
org)
type: string
team:
description: The team associated with this subject, if any
"$ref": "#/definitions/responses.Team"
responses.Grants:
id: responses.Grants
required:
- grants
- subjects
- nextPageStart
- resourceCount
properties:
grants:
type: array
items:
"$ref": "#/definitions/responses.Grant"
nextPageStart:
description: The page start value which can be used to request the next batch
of items (empty if there are no more items remaining)
type: string
resourceCount:
description: The total (unpaged) number of items (not considering any filters
applied to the request)
type: integer
format: int32
subjects:
type: array
items:
"$ref": "#/definitions/responses.GrantSubject"
responses.GroupLinkOpts:
id: responses.GroupLinkOpts
required:
- enableLink
- groupName
properties:
enableLink:
description: Whether to enable SAML linking. If false, all other fields are
ignored
type: boolean
groupName:
description: The group name that is obtained from group attribute of the SAML
assertion
type: string
responses.KaasRoleOpts:
id: responses.KaasRoleOpts
required:
- enableIamRole
- roleName
properties:
enableIamRole:
description: Whether to enable linking to KaaS roles. If false, all other
fields are ignored
type: boolean
roleName:
description: The group name that is obtained from the iam_roles attribute
of an openID auth token
type: string
responses.LDAPDomainServerConfig:
id: responses.LDAPDomainServerConfig
required:
- domain
- readerDN
- serverURL
- noSimplePagination
- startTLS
- rootCerts
- tlsSkipVerify
properties:
domain:
description: The root domain component of this server, e.g., dc=example,dc=com.
A longest-suffix match of the base DN for LDAP searches is used to select
which LDAP server to use for search requests. If no matching domain is found,
the default LDAP server config is used.
type: string
noSimplePagination:
description: The server does not support the Simple Paged Results control
extension (RFC 2696)
type: boolean
readerDN:
description: The distinguished name the system will use to bind to the LDAP
server when performing searches
type: string
rootCerts:
description: A root certificate bundle to use when establishing a TLS connection
to the server
type: string
serverURL:
description: The URL of the LDAP server
type: string
startTLS:
description: Whether to use StartTLS to secure the connection to the server,
ignored if server URL scheme is 'ldaps://'
type: boolean
tlsSkipVerify:
description: Whether to skip verifying of the server's certificate when establishing
a TLS connection, not recommended unless testing on a secure network
type: boolean
responses.LDAPSettings:
id: responses.LDAPSettings
required:
- serverURL
- noSimplePagination
- startTLS
- rootCerts
- tlsSkipVerify
- readerDN
- additionalDomains
- userSearchConfigs
- adminSyncOpts
- syncSchedule
- jitUserProvisioning
properties:
additionalDomains:
description: A list of additional LDAP domains (and corresponding server configs)
from which to sync users and team members
type: array
items:
"$ref": "#/definitions/responses.LDAPDomainServerConfig"
adminSyncOpts:
description: Settings for syncing system admin users
"$ref": "#/definitions/responses.MemberSyncOpts"
jitUserProvisioning:
description: Whether to only create user accounts upon first login (recommended)
type: boolean
noSimplePagination:
description: The server does not support the Simple Paged Results control
extension (RFC 2696)
type: boolean
readerDN:
description: The distinguished name the system will use to bind to the LDAP
server when performing searches
type: string
rootCerts:
description: A root certificate bundle to use when establishing a TLS connection
to the server
type: string
serverURL:
description: The URL of the LDAP server
type: string
startTLS:
description: Whether to use StartTLS to secure the connection to the server,
ignored if server URL scheme is 'ldaps://'
type: boolean
syncSchedule:
description: The sync job schedule in CRON format
type: string
tlsSkipVerify:
description: Whether to skip verifying of the server's certificate when establishing
a TLS connection, not recommended unless testing on a secure network
type: boolean
userSearchConfigs:
description: One or more settings for syncing users
type: array
items:
"$ref": "#/definitions/responses.UserSearchOpts"
responses.Member:
id: responses.Member
required:
- member
- isAdmin
properties:
isAdmin:
description: Whether the member is an admin of the organization or team
type: boolean
member:
description: The user which is a member of the organization or team
"$ref": "#/definitions/responses.Account"
responses.MemberOrg:
id: responses.MemberOrg
required:
- org
- isAdmin
properties:
isAdmin:
description: Whether the user is an admin of the organization
type: boolean
org:
description: The organization which the user is a member of
"$ref": "#/definitions/responses.Account"
responses.MemberOrgs:
id: responses.MemberOrgs
required:
- memberOrgs
- nextPageStart
properties:
memberOrgs:
type: array
items:
"$ref": "#/definitions/responses.MemberOrg"
nextPageStart:
description: The page start value which can be used to request the next batch
of items (empty if there are no more items remaining)
type: string
responses.MemberSyncOpts:
id: responses.MemberSyncOpts
required:
- enableSync
- selectGroupMembers
- groupDN
- groupMemberAttr
- searchBaseDN
- searchScopeSubtree
- searchFilter
properties:
enableSync:
description: Whether to enable LDAP syncing. If false, all other fields are
ignored
type: boolean
groupDN:
description: The distinguished name of the LDAP group. Applicable only if
selectGroupMembers is true, ignored otherwise
type: string
groupMemberAttr:
description: The name of the LDAP group entry attribute which corresponds
to distinguished names of members. Applicable only if selectGroupMembers
is true, ignored otherwise
type: string
searchBaseDN:
description: The distinguished name of the element from which the LDAP server
will search for users. Applicable only if selectGroupMembers is false, ignored
otherwise
type: string
searchFilter:
description: The LDAP search filter used to select users if selectGroupMembers
is false, may be left blank
type: string
searchScopeSubtree:
description: Whether to search for users in the entire subtree of the base
DN or to only search one level under the base DN (if false). Applicable
only if selectGroupMembers is false, ignored otherwise
type: boolean
selectGroupMembers:
description: Whether to sync using a group DN and member attribute selection
or to use a search filter (if false)
type: boolean
responses.MemberTeam:
id: responses.MemberTeam
required:
- team
- isAdmin
properties:
isAdmin:
description: Whether the user is an admin of the team
type: boolean
team:
description: The team which the user is a member of
"$ref": "#/definitions/responses.Team"
responses.MemberTeams:
id: responses.MemberTeams
required:
- memberTeams
- nextPageStart
properties:
memberTeams:
type: array
items:
"$ref": "#/definitions/responses.MemberTeam"
nextPageStart:
description: The page start value which can be used to request the next batch
of items (empty if there are no more items remaining)
type: string
responses.Members:
id: responses.Members
required:
- members
- nextPageStart
- resourceCount
properties:
members:
type: array
items:
"$ref": "#/definitions/responses.Member"
nextPageStart:
description: The page start value which can be used to request the next batch
of items (empty if there are no more items remaining)
type: string
resourceCount:
description: The total (unpaged) number of items (not considering any filters
applied to the request)
type: integer
format: int32
responses.OneTimePasswordsCode:
id: responses.OneTimePasswordsCode
required:
- code
properties:
code:
description: The QR code of the user's one time passwords'
type: string
responses.Team:
id: responses.Team
required:
- orgID
- name
- id
- description
- membersCount
properties:
description:
description: Description of the team
type: string
id:
description: ID of the team
type: string
membersCount:
description: The number of members of the team
type: integer
format: int32
name:
description: Name of the team
type: string
orgID:
description: ID of the organization to which this team belongs
type: string
responses.Teams:
id: responses.Teams
required:
- teams
- nextPageStart
- resourceCount
properties:
nextPageStart:
description: The page start value which can be used to request the next batch
of items (empty if there are no more items remaining)
type: string
resourceCount:
description: The total (unpaged) number of items (not considering any filters
applied to the request)
type: integer
format: int32
teams:
type: array
items:
"$ref": "#/definitions/responses.Team"
responses.UserSearchOpts:
id: responses.UserSearchOpts
required:
- baseDN
- scopeSubtree
- usernameAttr
- fullNameAttr
- filter
- matchGroup
- matchGroupDN
- matchGroupMemberAttr
- matchGroupIterate
properties:
baseDN:
description: The distinguished name of the element from which the LDAP server
will search for users
type: string
filter:
description: The LDAP search filter used to select user elements, may be left
blank
type: string
fullNameAttr:
description: The name of the attribute of the LDAP user element which should
be selected as the full name of the user
type: string
matchGroup:
description: Whether to additionally filter users to those who are direct
members of a group
type: boolean
matchGroupDN:
description: The distinguished name of the LDAP group. Required if matchGroup
is true, ignored otherwise
type: string
matchGroupIterate:
description: Whether to iterate through the group members and perform a lookup
for each one separately to get all of the user attributes, instead of searching
users first then apply the group selection filter. Ignored if matchGroup
is false
type: boolean
matchGroupMemberAttr:
description: The name of the LDAP group entry attribute which corresponds
to distinguished names of members. Required if matchGroup is true, ignored
otherwise
type: string
scopeSubtree:
description: Whether to search for users in the entire subtree of the base
DN or to only search one level under the base DN (if false)
type: boolean
usernameAttr:
description: The name of the attribute of the LDAP user element which should
be selected as the username
type: string
responses.UserWithRecoveryCodes:
id: responses.UserWithRecoveryCodes
required:
- name
- id
properties:
id:
description: ID of the account
type: string
name:
description: Name of the account
type: string
otpEnabled:
description: Whether the user enabled one-time password
type: boolean
recoveryCodes:
description: RecoveryCodes returned for the user
type: array
items:
type: string
role.Role:
id: role.Role
required:
- id
- name
- system_role
- operations
properties:
id:
type: string
name:
type: string
operations:
type: object
system_role:
type: boolean
types.Backup:
id: types.Backup
required:
- id
- encrypted
- fileName
- md5sum
- logFileName
- backupPath
- backupState
- nodeLocation
- shortError
- created_at
- completed_at
properties:
backupPath:
description: host path where backup resides
type: string
backupState:
description: current state of the backup
type: string
completed_at:
description: When the backup was completed
type: string
format: date-time
created_at:
description: When the backup was created
type: string
format: date-time
encrypted:
description: true if encrypted with a passphrase
type: boolean
fileName:
description: Name of the backup file if backing up to a file, empty otherwise
type: string
id:
description: A unique ID for this collection
type: string
logFileName:
description: Name of the backup log file if saving backup logs, empty otherwise
type: string
md5sum:
description: MD5 checksum of the backup file if backing up to a file, empty
otherwise
type: string
nodeLocation:
description: node on which the backup resides
type: string
shortError:
description: short error
type: string
types.Baseboard:
id: types.Baseboard
required:
- asset_tag
- serial_number
- vendor
- version
properties:
asset_tag:
type: string
serial_number:
type: string
vendor:
type: string
version:
type: string
types.Bios:
id: types.Bios
required:
- vendor
- version
- date
properties:
date:
type: string
vendor:
type: string
version:
type: string
types.Block:
id: types.Block
required:
- total_size_bytes
- disks
properties:
disks:
type: array
items:
"$ref": "#/definitions/types.Disk"
total_size_bytes:
type: integer
format: int64
types.CPU:
id: types.CPU
required:
- total_cores
- total_threads
- processors
properties:
processors:
type: array
items:
"$ref": "#/definitions/types.Processor"
total_cores:
type: integer
format: int32
total_threads:
type: integer
format: int32
types.Chassis:
id: types.Chassis
required:
- asset_tag
- serial_number
- type
- type_description
- vendor
- version
properties:
asset_tag:
type: string
serial_number:
type: string
type:
type: string
type_description:
type: string
vendor:
type: string
version:
type: string
types.ClusterConfig:
id: types.ClusterConfig
required:
- ControllerPort
- KubeAPIServerPort
- ProxyKubeAPIServerPort
- SwarmPort
- SwarmStrategy
- ContainerdRoot
- WindowsContainerdRoot
- DNS
- DNSOpt
- DNSSearch
- KVTimeout
- KVSnapshotCount
- ProfilingEnabled
- SwarmPollingDisabled
- HideSwarmUI
- ImageScanAggregationEnabled
- ImageScanCvssVersion
- AuthzCacheTimeout
- ExternalServiceLB
- MetricsRetentionTime
- MetricsScrapeInterval
- ProxyMetricsScrapeInterval
- RethinkDBCacheSize
- ExcludeServerIdentityHeaders
- CloudProvider
- iscsiEnabled
- iscsiAdmPath
- iscsiDBPath
- StorageExptEnabled
- CNIInstallerURL
- PodCIDR
- CalicoIPAutoMethod
- CalicoMTU
- CalicoStrictAffinity
- CalicoVXLANEnabled
- CalicoVXLANVNI
- CalicoVXLANMTU
- CalicoVXLANPort
- IPIPMTU
- UnmanagedCNI
- KubeProxyMode
- IPVSExcludeCIDRs
- IPVSMinSyncPeriod
- IPVSScheduler
- IPVSStrictARP
- IPVSSyncPeriod
- IPVSTCPTimeout
- IPVSTCPFinTimeout
- IPVSUDPTimeout
- ServiceClusterIPRange
- NodePortRange
- serviceMesh
- AzureIPCount
- SecureOverlay
- KMSEnabled
- KMSName
- KMSEndpoint
- KMSCachesize
- CustomKubeAPIServerFlags
- CustomKubeControllerManagerFlags
- CustomKubeletFlags
- CustomKubeSchedulerFlags
- CustomKubeProxyFlags
- LocalVolumeCollectionMapping
- AuthKeySecretID
- managerKubeReservedResources
- workerKubeReservedResources
- kubeletMaxPods
- kubeletPodsPerCore
- WindowsGMSA
- IgnorePodUpdatesForNodeSelector
- GMSAAllowNonAdmins
- clusterName
- PrivAttributesAllowedForUserAccounts
- PrivAttributesUserAccounts
- PrivAttributesAllowedForServiceAccounts
- PrivAttributesServiceAccounts
- kubeletDataRoot
- windowsKubeletDataRoot
- preLogonMessage
- NetworksQuotaPerCollection
- SwarmOnly
properties:
AuthKeySecretID:
type: string
AuthzCacheTimeout:
type: integer
format: int32
AzureIPCount:
type: string
CNIInstallerURL:
type: string
CalicoIPAutoMethod:
type: string
CalicoMTU:
type: string
CalicoStrictAffinity:
type: boolean
CalicoVXLANEnabled:
type: boolean
CalicoVXLANMTU:
type: string
CalicoVXLANPort:
type: string
CalicoVXLANVNI:
type: integer
format: integer
CloudProvider:
type: string
ContainerdRoot:
type: string
ControllerPort:
type: integer
format: int32
CustomKubeAPIServerFlags:
type: array
items:
type: string
CustomKubeControllerManagerFlags:
type: array
items:
type: string
CustomKubeProxyFlags:
type: array
items:
type: string
CustomKubeSchedulerFlags:
type: array
items:
type: string
CustomKubeletFlags:
type: array
items:
type: string
DNS:
type: array
items:
type: string
DNSOpt:
type: array
items:
type: string
DNSSearch:
type: array
items:
type: string
ExcludeServerIdentityHeaders:
type: boolean
ExternalServiceLB:
type: string
GMSAAllowNonAdmins:
type: boolean
HideSwarmUI:
type: boolean
IPIPMTU:
type: string
IPVSExcludeCIDRs:
type: string
IPVSMinSyncPeriod:
type: string
IPVSScheduler:
type: string
IPVSStrictARP:
type: boolean
IPVSSyncPeriod:
type: string
IPVSTCPFinTimeout:
type: string
IPVSTCPTimeout:
type: string
IPVSUDPTimeout:
type: string
IgnorePodUpdatesForNodeSelector:
type: boolean
ImageScanAggregationEnabled:
type: boolean
ImageScanCvssVersion:
type: integer
format: int32
KMSCachesize:
type: integer
format: int32
KMSEnabled:
type: boolean
KMSEndpoint:
type: string
KMSName:
type: string
KVSnapshotCount:
type: integer
format: int32
KVTimeout:
type: integer
format: int32
KubeAPIServerPort:
type: integer
format: int32
KubeProxyMode:
type: string
LocalVolumeCollectionMapping:
type: boolean
MetricsRetentionTime:
type: string
MetricsScrapeInterval:
type: string
NetworksQuotaPerCollection:
type: integer
format: int32
NodePortRange:
type: string
PodCIDR:
type: string
PrivAttributesAllowedForServiceAccounts:
type: array
items:
type: string
PrivAttributesAllowedForUserAccounts:
type: array
items:
type: string
PrivAttributesServiceAccounts:
type: array
items:
type: string
PrivAttributesUserAccounts:
type: array
items:
type: string
ProfilingEnabled:
type: boolean
ProxyKubeAPIServerPort:
type: integer
format: int32
ProxyMetricsScrapeInterval:
type: string
RethinkDBCacheSize:
type: string
SecureOverlay:
type: boolean
ServiceClusterIPRange:
type: string
StorageExptEnabled:
type: boolean
SwarmOnly:
type: boolean
SwarmPollingDisabled:
type: boolean
SwarmPort:
type: integer
format: int32
SwarmStrategy:
type: string
UnmanagedCNI:
type: boolean
WindowsContainerdRoot:
type: string
WindowsGMSA:
type: boolean
clusterName:
type: string
iscsiAdmPath:
type: string
iscsiDBPath:
type: string
iscsiEnabled:
type: boolean
kubeletDataRoot:
type: string
kubeletMaxPods:
type: integer
format: int32
kubeletPodsPerCore:
type: integer
format: int32
managerKubeReservedResources:
type: string
preLogonMessage:
type: string
serviceMesh:
"$ref": "#/definitions/types.IstioServiceMesh"
windowsKubeletDataRoot:
type: string
workerKubeReservedResources:
type: string
types.CreateBackupResponse:
id: types.CreateBackupResponse
required:
- backupId
properties:
backupId:
type: string
types.Disk:
id: types.Disk
required:
- name
- size_bytes
- physical_block_size_bytes
- drive_type
- removable
- storage_controller
- bus_path
- vendor
- model
- serial_number
- wwn
- partitions
properties:
bus_path:
type: string
drive_type:
type: string
model:
type: string
name:
type: string
partitions:
type: array
items:
"$ref": "#/definitions/types.Disk.partitions"
physical_block_size_bytes:
type: integer
format: int32
removable:
type: boolean
serial_number:
type: string
size_bytes:
type: integer
format: int32
storage_controller:
type: string
vendor:
type: string
wwn:
type: string
types.Disk.partitions:
id: types.Disk.partitions
types.Gpu:
id: types.Gpu
required:
- cards
properties:
cards:
type: array
items:
"$ref": "#/definitions/types.Gpu.cards"
types.Gpu.cards:
id: types.Gpu.cards
required:
- address
- index
- Pci
properties:
Pci:
"$ref": "#/definitions/types.PciDevice"
address:
type: string
index:
type: integer
format: int32
types.HardwareInformation:
id: types.HardwareInformation
required:
- memory
- block
- cpu
- topology
- network
- gpu
- chassis
- bios
- baseboard
- product
- pci
properties:
baseboard:
"$ref": "#/definitions/types.Baseboard"
bios:
"$ref": "#/definitions/types.Bios"
block:
"$ref": "#/definitions/types.Block"
chassis:
"$ref": "#/definitions/types.Chassis"
cpu:
"$ref": "#/definitions/types.CPU"
gpu:
"$ref": "#/definitions/types.Gpu"
memory:
"$ref": "#/definitions/types.Memory"
network:
"$ref": "#/definitions/types.Network"
pci:
"$ref": "#/definitions/types.Pci"
product:
"$ref": "#/definitions/types.Product"
topology:
"$ref": "#/definitions/types.Topology"
types.IstioIngressExposedPort:
id: types.IstioIngressExposedPort
required:
- name
- port
- targetPort
- nodePort
properties:
name:
type: string
nodePort:
type: integer
format: int32
port:
type: integer
format: int32
targetPort:
type: integer
format: int32
types.IstioServiceMesh:
id: types.IstioServiceMesh
required:
- enabled
- ingressExposedPorts
- ingressNumReplicas
- ingressExternalIPs
- ingressNodeAffinity
- ingressNodeToleration
- ingressEnableLB
- ingressPreserveClientIP
properties:
enabled:
type: boolean
ingressEnableLB:
type: boolean
ingressExposedPorts:
type: array
items:
"$ref": "#/definitions/types.IstioIngressExposedPort"
ingressExternalIPs:
type: array
items:
type: string
ingressNodeAffinity:
type: object
ingressNodeToleration:
type: array
items:
"$ref": "#/definitions/apitypes.IngressNodeToleration"
ingressNumReplicas:
type: integer
format: int32
ingressPreserveClientIP:
type: boolean
types.Memory:
id: types.Memory
required:
- total_physical_bytes
- total_usable_bytes
- supported_page_sizes
- modules
properties:
modules:
"$ref": "#/definitions/types.Memory.modules"
supported_page_sizes:
type: array
items:
type: integer
total_physical_bytes:
type: integer
format: int64
total_usable_bytes:
type: integer
format: int64
types.Memory.modules:
id: types.Memory.modules
types.Network:
id: types.Network
required:
- nics
properties:
nics:
type: array
items:
"$ref": "#/definitions/types.Network.nics"
types.Network.nics:
id: types.Network.nics
required:
- name
- mac_address
- is_virtual
- capabilities
properties:
capabilities:
type: array
items:
"$ref": "#/definitions/types.Network.nics.capabilities"
is_virtual:
type: boolean
mac_address:
type: string
name:
type: string
pci_address:
type: string
types.Network.nics.capabilities:
id: types.Network.nics.capabilities
types.NodeDisk:
id: types.NodeDisk
required:
- name
- size_bytes
- drive_type
- storage_controller
properties:
drive_type:
type: string
name:
type: string
size_bytes:
type: integer
storage_controller:
type: string
types.NodeDiskInformation:
id: types.NodeDiskInformation
required:
- num_disks
- total_disk_size_bytes
- num_nvme_disks
- total_nvme_size_bytes
- raw_disks
properties:
num_disks:
type: integer
format: int32
num_nvme_disks:
type: integer
format: int32
raw_disks:
type: array
items:
"$ref": "#/definitions/types.NodeDisk"
total_disk_size_bytes:
type: integer
total_nvme_size_bytes:
type: integer
types.Pci:
id: types.Pci
required:
- Devices
properties:
Devices:
type: array
items:
"$ref": "#/definitions/types.PciDevice"
types.PciDevice:
id: types.PciDevice
required:
- address
- vendor
- product
- revision
- subsystem
- class
- subclass
- programming_interface
properties:
address:
type: string
class:
"$ref": "#/definitions/types.PciDevice.class"
product:
"$ref": "#/definitions/types.PciDevice.product"
programming_interface:
"$ref": "#/definitions/types.PciDevice.programming_interface"
revision:
type: string
subclass:
"$ref": "#/definitions/types.PciDevice.subclass"
subsystem:
"$ref": "#/definitions/types.PciDevice.subsystem"
vendor:
"$ref": "#/definitions/types.PciDevice.vendor"
types.PciDevice.class:
id: types.PciDevice.class
required:
- id
- name
properties:
id:
type: string
name:
type: string
types.PciDevice.product:
id: types.PciDevice.product
required:
- id
- name
properties:
id:
type: string
name:
type: string
types.PciDevice.programming_interface:
id: types.PciDevice.programming_interface
required:
- id
- name
properties:
id:
type: string
name:
type: string
types.PciDevice.subclass:
id: types.PciDevice.subclass
required:
- id
- name
properties:
id:
type: string
name:
type: string
types.PciDevice.subsystem:
id: types.PciDevice.subsystem
required:
- id
- name
properties:
id:
type: string
name:
type: string
types.PciDevice.vendor:
id: types.PciDevice.vendor
required:
- id
- name
properties:
id:
type: string
name:
type: string
types.Processor:
id: types.Processor
required:
- id
- total_cores
- total_threads
- vendor
- model
- capabilities
- cores
properties:
capabilities:
type: array
items:
type: string
cores:
type: array
items:
"$ref": "#/definitions/types.Processor.cores"
id:
type: integer
format: int32
model:
type: string
total_cores:
type: integer
format: int32
total_threads:
type: integer
format: int32
vendor:
type: string
types.Processor.cores:
id: types.Processor.cores
required:
- id
- index
- total_threads
- logical_processors
properties:
id:
type: integer
format: int32
index:
type: integer
format: int32
logical_processors:
type: array
items:
type: integer
total_threads:
type: integer
format: int32
types.Product:
id: types.Product
required:
- family
- name
- vendor
- serial_number
- uuid
- sku
- version
properties:
family:
type: string
name:
type: string
serial_number:
type: string
sku:
type: string
uuid:
type: string
vendor:
type: string
version:
type: string
types.Topology:
id: types.Topology
required:
- architecture
- nodes
properties:
architecture:
type: string
nodes:
type: array
items:
"$ref": "#/definitions/types.Topology.nodes"
types.Topology.nodes:
id: types.Topology.nodes
required:
- id
- cores
- caches
- distances
properties:
caches:
type: array
items:
"$ref": "#/definitions/types.Topology.nodes.caches"
cores:
type: array
items:
"$ref": "#/definitions/types.Topology.nodes.cores"
distances:
type: array
items:
type: integer
id:
type: integer
format: int32
types.Topology.nodes.caches:
id: types.Topology.nodes.caches
required:
- level
- type
- size_bytes
- logical_processors
properties:
level:
type: integer
format: int32
logical_processors:
type: array
items:
type: integer
size_bytes:
type: integer
format: int32
type:
type: string
types.Topology.nodes.cores:
id: types.Topology.nodes.cores
required:
- id
- index
- total_threads
- logical_processors
properties:
id:
type: integer
format: int32
index:
type: integer
format: int32
logical_processors:
type: array
items:
type: integer
total_threads:
type: integer
format: int32
url.URL:
id: url.URL
required:
- Scheme
- Opaque
- User
- Host
- Path
- RawPath
- ForceQuery
- RawQuery
- Fragment
- RawFragment
properties:
ForceQuery:
type: boolean
Fragment:
type: string
Host:
type: string
Opaque:
type: string
Path:
type: string
RawFragment:
type: string
RawPath:
type: string
RawQuery:
type: string
Scheme:
type: string
User:
"$ref": "#/definitions/url.Userinfo"
url.Userinfo:
id: url.Userinfo
required:
- username
- password
- passwordSet
properties:
password:
type: string
passwordSet:
type: boolean
username:
type: string
v1.FinalizerName:
id: v1.FinalizerName
v1.ListMeta:
id: v1.ListMeta
description: ListMeta describes metadata that synthetic resources must have, including
lists and various status objects. A resource may have only one of {ObjectMeta,
ListMeta}.
properties:
continue:
description: continue may be set if the user set a limit on the number of
items returned, and indicates that the server has more data available. The
value is opaque and may be used to issue another request to the endpoint
that served this list to retrieve the next set of available objects. Continuing
a consistent list may not be possible if the server configuration has changed
or more than a few minutes have passed. The resourceVersion field returned
when using this continue value will be identical to the value in the first
response, unless you have received this token from an error message.
type: string
remainingItemCount:
description: remainingItemCount is the number of subsequent items in the list
which are not included in this list response. If the list request contained
label or field selectors, then the number of remaining items is unknown
and the field will be left unset and omitted during serialization. If the
list is complete (either because it is not chunking or because this is the
last chunk), then there are no more remaining items and this field will
be left unset and omitted during serialization. Servers older than v1.15
do not set this field. The intended use of the remainingItemCount is *estimating*
the size of a collection. Clients should not rely on the remainingItemCount
to be set or to be exact.
type: integer
format: int64
resourceVersion:
description: 'String that identifies the server''s internal version of this
object that can be used by clients to determine when objects have changed.
Value must be treated as opaque by clients and passed unmodified back to
the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
selfLink:
description: |-
selfLink is a URL representing this object. Populated by the system. Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
type: string
v1.ManagedFieldsEntry:
id: v1.ManagedFieldsEntry
description: ManagedFieldsEntry is a workflow-id, a FieldSet and the group version
of the resource that the fieldset applies to.
properties:
apiVersion:
description: APIVersion defines the version of this resource that this field
set applies to. The format is "group/version" just like the top-level APIVersion
field. It is necessary to track the version of a field set because it cannot
be automatically converted.
type: string
fieldsType:
description: 'FieldsType is the discriminator for the different fields format
and version. There is currently only one possible value: "FieldsV1"'
type: string
fieldsV1:
description: FieldsV1 holds the first JSON version format as described in
the "FieldsV1" type.
type: string
manager:
description: Manager is an identifier of the workflow managing these fields.
type: string
operation:
description: Operation is the type of operation which lead to this ManagedFieldsEntry
being created. The only valid values for this field are 'Apply' and 'Update'.
type: string
time:
description: Time is timestamp of when these fields were set. It should always
be empty if Operation is 'Apply'
type: string
v1.Namespace:
id: v1.Namespace
description: Namespace provides a scope for Names. Use of multiple namespaces
is optional.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
"$ref": "#/definitions/v1.ObjectMeta"
spec:
description: 'Spec defines the behavior of the Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
"$ref": "#/definitions/v1.NamespaceSpec"
status:
description: 'Status describes the current status of a Namespace. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
"$ref": "#/definitions/v1.NamespaceStatus"
v1.NamespaceCondition:
id: v1.NamespaceCondition
description: NamespaceCondition contains details about state of namespace.
required:
- type
- status
properties:
lastTransitionTime:
type: string
message:
type: string
reason:
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of namespace controller condition.
type: string
v1.NamespaceList:
id: v1.NamespaceList
description: NamespaceList is a list of Namespaces.
required:
- items
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
items:
description: 'Items is the list of Namespace objects in the list. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: array
items:
"$ref": "#/definitions/v1.Namespace"
kind:
description: 'Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
description: 'Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
"$ref": "#/definitions/v1.ListMeta"
v1.NamespaceSpec:
id: v1.NamespaceSpec
description: NamespaceSpec describes the attributes on a Namespace.
properties:
finalizers:
description: 'Finalizers is an opaque list of values that must be empty to
permanently remove object from storage. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/'
type: array
items:
"$ref": "#/definitions/v1.FinalizerName"
v1.NamespaceStatus:
id: v1.NamespaceStatus
description: NamespaceStatus is information about the current status of a Namespace.
properties:
conditions:
description: Represents the latest available observations of a namespace's
current state.
type: array
items:
"$ref": "#/definitions/v1.NamespaceCondition"
phase:
description: 'Phase is the current lifecycle phase of the namespace. More
info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/'
type: string
v1.ObjectMeta:
id: v1.ObjectMeta
description: ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
properties:
annotations:
description: 'Annotations is an unstructured key value map stored with a resource
that may be set by external tools to store and retrieve arbitrary metadata.
They are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations'
type: object
clusterName:
description: The name of the cluster which the object belongs to. This is
used to distinguish resources with same name and namespace in different
clusters. This field is not set anywhere right now and apiserver is going
to ignore it if set in create or update request.
type: string
creationTimestamp:
description: |-
CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
type: string
deletionGracePeriodSeconds:
description: Number of seconds allowed for this object to gracefully terminate
before it will be removed from the system. Only set when deletionTimestamp
is also set. May only be shortened. Read-only.
type: integer
format: int64
deletionTimestamp:
description: |-
DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
type: string
finalizers:
description: Must be empty before the object is deleted from the registry.
Each entry is an identifier for the responsible component that will remove
the entry from the list. If the deletionTimestamp of the object is non-nil,
entries in this list can only be removed. Finalizers may be processed and
removed in any order. Order is NOT enforced because it introduces significant
risk of stuck finalizers. finalizers is a shared field, any actor with permission
can reorder it. If the finalizer list is processed in order, then this can
lead to a situation in which the component responsible for the first finalizer
in the list is waiting for a signal (field value, external system, or other)
produced by a component responsible for a finalizer later in the list, resulting
in a deadlock. Without enforced ordering finalizers are free to order amongst
themselves and are not vulnerable to ordering changes in the list.
type: array
items:
type: string
generateName:
description: |-
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
type: string
generation:
description: A sequence number representing a specific generation of the desired
state. Populated by the system. Read-only.
type: integer
format: int64
labels:
description: 'Map of string keys and values that can be used to organize and
categorize (scope and select) objects. May match selectors of replication
controllers and services. More info: http://kubernetes.io/docs/user-guide/labels'
type: object
managedFields:
description: ManagedFields maps workflow-id and version to the set of fields
that are managed by that workflow. This is mostly for internal housekeeping,
and users typically shouldn't need to set or understand this field. A workflow
can be the user's name, a controller's name, or the name of a specific apply
path like "ci-cd". The set of fields is always in the version that the workflow
used when modifying the object.
type: array
items:
"$ref": "#/definitions/v1.ManagedFieldsEntry"
name:
description: 'Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the generation
of an appropriate name automatically. Name is primarily intended for creation
idempotence and configuration definition. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
namespace:
description: |-
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
type: string
ownerReferences:
description: List of objects depended by this object. If ALL objects in the
list have been deleted, this object will be garbage collected. If this object
is managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
type: array
items:
"$ref": "#/definitions/v1.OwnerReference"
resourceVersion:
description: |-
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
selfLink:
description: |-
SelfLink is a URL representing this object. Populated by the system. Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
type: string
uid:
description: |-
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
type: string
v1.OwnerReference:
id: v1.OwnerReference
description: OwnerReference contains enough information to let you identify an
owning object. An owning object must be in the same namespace as the dependent,
or be cluster-scoped, so there is no namespace field.
required:
- apiVersion
- kind
- name
- uid
properties:
apiVersion:
description: API version of the referent.
type: string
blockOwnerDeletion:
description: If true, AND if the owner has the "foregroundDeletion" finalizer,
then the owner cannot be deleted from the key-value store until this reference
is removed. Defaults to false. To set this field, a user needs "delete"
permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.
type: boolean
controller:
description: If true, this reference points to the managing controller.
type: boolean
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
uid:
description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
type: string
"||authz.Collection":
id: "||authz.Collection"
"||authz.RoleCreateResponse":
id: "||authz.RoleCreateResponse"
"||catalog.Catalog":
id: "||catalog.Catalog"
"||role.Role":
id: "||role.Role"
"||types.Backup":
id: "||types.Backup"
securityDefinitions:
BearerToken:
type: apiKey
name: Authorization
in: header
security:
- BearerToken: []
tags:
- description: 'Create and manage containers.
'
name: Container
x-displayName: Containers
- name: Image
x-displayName: Images
- description: 'Networks are user-defined networks that containers can be attached
to. See the [networking documentation](https://docs.docker.com/engine/userguide/networking/)
for more information.
'
name: Network
x-displayName: Networks
- description: 'Create and manage persistent storage that can be attached to containers.
'
name: Volume
x-displayName: Volumes
- description: |
Run new commands inside running containers. See the [command-line reference](https://docs.docker.com/engine/reference/commandline/exec/) for more information.
To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, `docker exec`.
name: Exec
x-displayName: Exec
- description: 'Engines can be clustered together in a swarm. See [the swarm mode
documentation](https://docs.docker.com/engine/swarm/) for more information.
'
name: Swarm
x-displayName: Swarm
- description: 'Nodes are instances of the Engine participating in a swarm. Swarm
mode must be enabled for these endpoints to work.
'
name: Node
x-displayName: Nodes
- description: 'Services are the definitions of tasks to run on a swarm. Swarm mode
must be enabled for these endpoints to work.
'
name: Service
x-displayName: Services
- description: 'A task is a container running on a swarm. It is the atomic scheduling
unit of swarm. Swarm mode must be enabled for these endpoints to work.
'
name: Task
x-displayName: Tasks
- description: 'Secrets are sensitive data that can be used by services. Swarm mode
must be enabled for these endpoints to work.
'
name: Secret
x-displayName: Secrets
- description: 'Configs are application configurations that can be used by services.
Swarm mode must be enabled for these endpoints to work.
'
name: Config
x-displayName: Configs
- name: Plugin
x-displayName: Plugins
- name: System
x-displayName: System
- description: API endpoints which are specific to UCP
name: UCP
- description: OSCAL refers to the Open Security Controls Assessment Language. See
https://pages.nist.gov/OSCAL/ for more information.
name: OSCAL
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment