Yaml 文件最外层分为三层。

version: "3.9"

services:
  service_name:
  my_app:
  db:
  ...:

volumes:
networks:
configs:
secrets:

Reference Links: https://docs.docker.com/compose/compose-file/compose-file-v3/

1 version

1.1 Compose file versions support specific Docker releases

1.2 Compose file structure and examples

version: "3.9"
services:

  redis:
    image: redis:alpine
    ports:
      - "6379"
    networks:
      - frontend
    deploy:
      replicas: 2
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure

  db:
    image: postgres:9.4
    volumes:
      - db-data:/var/lib/postgresql/data
    networks:
      - backend
    deploy:
      placement:
        max_replicas_per_node: 1
        constraints:
          - "node.role==manager"

  vote:
    image: dockersamples/examplevotingapp_vote:before
    ports:
      - "5000:80"
    networks:
      - frontend
    depends_on:
      - redis
    deploy:
      replicas: 2
      update_config:
        parallelism: 2
      restart_policy:
        condition: on-failure

  result:
    image: dockersamples/examplevotingapp_result:before
    ports:
      - "5001:80"
    networks:
      - backend
    depends_on:
      - db
    deploy:
      replicas: 1
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure

  worker:
    image: dockersamples/examplevotingapp_worker
    networks:
      - frontend
      - backend
    deploy:
      mode: replicated
      replicas: 1
      labels: [APP=VOTING]
      restart_policy:
        condition: on-failure
        delay: 10s
        max_attempts: 3
        window: 120s
      placement:
        constraints:
          - "node.role==manager"

  visualizer:
    image: dockersamples/visualizer:stable
    ports:
      - "8080:8080"
    stop_grace_period: 1m30s
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    deploy:
      placement:
        constraints:
          - "node.role==manager"

networks:
  frontend:
  backend:

volumes:
  db-data:

2 services

services 字段下是一段一段的服务，服务名自定义，见名知意即可。

eg:

version: "3.9"
services:
  web:
    build: .
    depends_on:
      - mysql
      - redis
  mysql:
    image: mysql:v1
  redis:s
    image: redis:v1

2.1 build

• context

build:
  context: ./dir

• dockerfile

build:
  context: .
  dockerfile: Dockerfile-alternate

• args

build:
  context: .
  args:
    - buildno=1
    - gitcommithash=cdc3b19

• cache_from

build:
  context: .
  cache_from:
    - alpine:latest
    - corp/web_app:3.14

• labels

build:
  context: .
  labels:
    com.example.description: "Accounting webapp"
    com.example.department: "Finance"
    com.example.label-with-empty-value: ""

build:
  context: .
  labels:
    - "com.example.description=Accounting webapp"
    - "com.example.department=Finance"
    - "com.example.label-with-empty-value"

• network

build:
  context: .
  network: host

build:
  context: .
  network: custom_network_1

build:
  context: .
  network: none

• shm_size

build:
  context: .
  shm_size: '2gb'

build:
  context: .
  shm_size: 10000000

• target

build:
  context: .
  target: prod

2.2 cap_add, cap_drop

cap_add:
  - ALL

cap_drop:
  - NET_ADMIN
  - SYS_ADMIN

2.3 cgroup_parent

cgroup_parent: m-executor-abcd

2.4 command

command: bundle exec thin -p 3000

command: ["bundle", "exec", "thin", "-p", "3000"]

2.5 configs

• Short syntax

version: "3.9"
services:
  redis:
    image: redis:latest
    deploy:
      replicas: 1
    configs:
      - my_config
      - my_other_config
configs:
  my_config:
    file: ./my_config.txt
  my_other_config:
    external: true

• Long syntax

version: "3.9"
services:
  redis:
    image: redis:latest
    deploy:
      replicas: 1
    configs:
      - source: my_config
        target: /redis_config
        uid: '103'
        gid: '103'
        mode: 0440
configs:
  my_config:
    file: ./my_config.txt
  my_other_config:
    external: true

2.6 container_name

container_name: my-web-container

2.7 credential_spec

credential_spec:
  file: my-credential-spec.json

credential_spec:
  registry: my-credential-spec

eg:

version: "3.9"
services:
  myservice:
    image: myimage:latest
    credential_spec:
      config: my_credential_spec

configs:
  my_credentials_spec:
    file: ./my-credential-spec.json|

2.8 depends_on

version: "3.9"
services:
  web:
    build: .
    depends_on:
      - db
      - redis
  redis:
    image: redis
  db:
    image: postgres

2.9 deploy

version: "3.9"
services:
  redis:
    image: redis:alpine
    deploy:
      replicas: 6
      placement:
        max_replicas_per_node: 1
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure

• endpoint_mode

version: "3.9"

services:
  wordpress:
    image: wordpress
    ports:
      - "8080:80"
    networks:
      - overlay
    deploy:
      mode: replicated
      replicas: 2
      endpoint_mode: vip

  mysql:
    image: mysql
    volumes:
       - db-data:/var/lib/mysql/data
    networks:
       - overlay
    deploy:
      mode: replicated
      replicas: 2
      endpoint_mode: dnsrr

volumes:
  db-data:

networks:
  overlay:

• labels

version: "3.9"
services:
  web:
    image: web
    deploy:
      labels:
        com.example.description: "This label will appear on the web service"

version: "3.9"
services:
  web:
    image: web
    labels:
      com.example.description: "This label will appear on all containers for the web service"

• mode

version: "3.9"
services:
  worker:
    image: dockersamples/examplevotingapp_worker
    deploy:
      mode: global

• placement

version: "3.9"
services:
  db:
    image: postgres
    deploy:
      placement:
        constraints:
          - "node.role==manager"
          - "engine.labels.operatingsystem==ubuntu 18.04"
        preferences:
          - spread: node.labels.zone

• max_replicas_per_node

version: "3.9"
services:
  worker:
    image: dockersamples/examplevotingapp_worker
    networks:
      - frontend
      - backend
    deploy:
      mode: replicated
      replicas: 6
      placement:
        max_replicas_per_node: 1

• replicas

version: "3.9"
services:
  worker:
    image: dockersamples/examplevotingapp_worker
    networks:
      - frontend
      - backend
    deploy:
      mode: replicated
      replicas: 6

• resources

version: "3.9"
services:
  redis:
    image: redis:alpine
    deploy:
      resources:
        limits:
          cpus: '0.50'
          memory: 50M
        reservations:
          cpus: '0.25'
          memory: 20M

• restart_policy

version: "3.9"
services:
  redis:
    image: redis:alpine
    deploy:
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 120s

• rollback_config

  • parallelism: The number of containers to rollback at a time. If set to 0, all containers rollback simultaneously.
  • delay: The time to wait between each container group’s rollback (default 0s).
  • failure_action: What to do if a rollback fails. One of continue or pause (default pause)
  • monitor: Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 5s) Note: Setting to 0 will use the default 5s.
  • max_failure_ratio: Failure rate to tolerate during a rollback (default 0).
  • order: Order of operations during rollbacks. One of stop-first (old task is stopped before starting new one), or start-first (new task is started first, and the running tasks briefly overlap) (default stop-first).

• update_config

  • parallelism: The number of containers to update at a time.
  • delay: The time to wait between updating a group of containers.
  • failure_action: What to do if an update fails. One of continue, rollback, or pause (default: pause).
  • monitor: Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 5s) Note: Setting to 0 will use the default 5s.
  • max_failure_ratio: Failure rate to tolerate during an update.
  • order: Order of operations during updates. One of stop-first (old task is stopped before starting new one), or start-first (new task is started first, and the running tasks briefly overlap) (default stop-first) Note: Only supported for v3.4 and higher.

version: "3.9"
services:
  vote:
    image: dockersamples/examplevotingapp_vote:before
    depends_on:
      - redis
    deploy:
      replicas: 2
      update_config:
        parallelism: 2
        delay: 10s
        order: stop-first

• not supported for docker stack deploy

  • build
  • cgroup_parent
  • container_name
  • devices
  • tmpfs
  • external_links
  • links
  • network_mode
  • restart
  • security_opt
  • userns_mode

2.10 devices

devices:
  - "/dev/ttyUSB0:/dev/ttyUSB0"

2.11 dns

dns: 8.8.8.8

dns:
  - 8.8.8.8
  - 9.9.9.9

2.12 dns_search

dns_search: example.com

dns_search:
  - dc1.example.com
  - dc2.example.com

2.13 entrypoint

entrypoint: /code/entrypoint.sh

entrypoint: ["php", "-d", "memory_limit=-1", "vendor/bin/phpunit"]

2.14 env_file

env_file: .env

env_file:
  - ./common.env
  - ./apps/web.env
  - /opt/runtime_opts.env

2.15 environment

environment:
  RACK_ENV: development
  SHOW: 'true'
  SESSION_SECRET:

environment:
  - RACK_ENV=development
  - SHOW=true
  - SESSION_SECRET

2.16 expose

expose:
  - "3000"
  - "8000"

2.17 external_links

external_links:
  - redis_1
  - project_db_1:mysql
  - project_db_1:postgresql

2.18 extra_hosts

extra_hosts:
  - "somehost:162.242.195.82"
  - "otherhost:50.31.209.229"

2.19 healthcheck

healthcheck:
  test: ["CMD", "curl", "-f", "http://localhost"]
  interval: 1m30s
  timeout: 10s
  retries: 3
  start_period: 40s

2.20 image

image: redis

image: ubuntu:18.04

image: tutum/influxdb

image: example-registry.com:4000/postgresql

image: a4bc65fd

2.21 init

version: "3.9"
services:
  web:
    image: alpine:latest
    init: true

2.22 isolation

2.23 labels

labels:
  com.example.description: "Accounting webapp"
  com.example.department: "Finance"
  com.example.label-with-empty-value: ""

labels:
  - "com.example.description=Accounting webapp"
  - "com.example.department=Finance"
  - "com.example.label-with-empty-value"

2.24 links

web:
  links:
    - "db"
    - "db:database"
    - "redis"

2.25 logging

logging:
  driver: syslog
  options:
    syslog-address: "tcp://192.168.0.42:123"

driver: "json-file"

driver: "syslog"

driver: "none"

eg:

version: "3.9"
services:
  some-service:
    image: some-service
    logging:
      driver: "json-file"
      options:
        max-size: "200k"
        max-file: "10"

2.26 network_mode

network_mode: "bridge"

network_mode: "host"

network_mode: "none"

network_mode: "service:[service name]"

network_mode: "container:[container name/id]"

2.27 networks

services:
  some-service:
    networks:
     - some-network
     - other-network

• aliases

services:
  some-service:
    networks:
      some-network:
        aliases:
          - alias1
          - alias3
      other-network:
        aliases:
          - alias2

eg:

version: "3.9"

services:
  web:
    image: "nginx:alpine"
    networks:
      - new

  worker:
    image: "my-worker-image:latest"
    networks:
      - legacy

  db:
    image: mysql
    networks:
      new:
        aliases:
          - database
      legacy:
        aliases:
          - mysql

networks:
  new:
  legacy:

• ipv4_address, ipv6_address

version: "3.9"

services:
  app:
    image: nginx:alpine
    networks:
      app_net:
        ipv4_address: 172.16.238.10
        ipv6_address: 2001:3984:3989::10

networks:
  app_net:
    ipam:
      driver: default
      config:
        - subnet: "172.16.238.0/24"
        - subnet: "2001:3984:3989::/64"

2.28 pid

pid: "host"

2.29 ports

• Short syntax

ports:
  - "3000"
  - "3000-3005"
  - "8000:8000"
  - "9090-9091:8080-8081"
  - "49100:22"
  - "127.0.0.1:8001:8001"
  - "127.0.0.1:5000-5010:5000-5010"
  - "127.0.0.1::5000"
  - "6060:6060/udp"
  - "12400-12500:1240"

• Long syntax

  • target: the port inside the container
  • published: the publicly exposed port
  • protocol: the port protocol (tcp or udp)
  • mode: host for publishing a host port on each node, or ingress for a swarm mode port to be load balanced.

ports:
  - target: 80
    published: 8080
    protocol: tcp
    mode: host

2.30 profiles

profiles: ["frontend", "debug"]
profiles:
  - frontend
  - debug

2.31 restart

restart: "no"
restart: always
restart: on-failure
restart: unless-stopped

2.32 secrets

• Short syntax

version: "3.9"
services:
  redis:
    image: redis:latest
    deploy:
      replicas: 1
    secrets:
      - my_secret
      - my_other_secret
secrets:
  my_secret:
    file: ./my_secret.txt
  my_other_secret:
    external: true

• Long syntax

  • source: The identifier of the secret as it is defined in this configuration.
  • target: The name of the file to be mounted in /run/secrets/ in the service’s task containers. Defaults to source if not specified.
  • uid and gid: The numeric UID or GID that owns the file within /run/secrets/ in the service’s task containers. Both default to 0 if not specified.
  • mode: The permissions for the file to be mounted in /run/secrets/ in the service’s task containers, in octal notation. For instance, 0444 represents world-readable. The default in Docker 1.13.1 is 0000, but is be 0444 in newer versions. Secrets cannot be writable because they are mounted in a temporary filesystem, so if you set the writable bit, it is ignored. The executable bit can be set. If you aren’t familiar with UNIX file permission modes, you may find this permissions calculator useful.

version: "3.9"
services:
  redis:
    image: redis:latest
    deploy:
      replicas: 1
    secrets:
      - source: my_secret
        target: redis_secret
        uid: '103'
        gid: '103'
        mode: 0440
secrets:
  my_secret:
    file: ./my_secret.txt
  my_other_secret:
    external: true

2.33 security_opt

security_opt:
  - label:user:USER
  - label:role:ROLE

2.34 stop_grace_period

stop_grace_period: 1s

stop_grace_period: 1m30s

2.35 stop_signal

stop_signal: SIGUSR1

2.36 sysctls

sysctls:
  net.core.somaxconn: 1024
  net.ipv4.tcp_syncookies: 0

sysctls:
  - net.core.somaxconn=1024
  - net.ipv4.tcp_syncookies=0

2.37 tmpfs

tmpfs: /run

tmpfs:
  - /run
  - /tmp

eg:

- type: tmpfs
  target: /app
  tmpfs:
    size: 1000

2.38 ulimits

ulimits:
  nproc: 65535
  nofile:
    soft: 20000
    hard: 40000

2.39 userns_mode

userns_mode: "host"

2.40 volumes

version: "3.9"
services:
  web:
    image: nginx:alpine
    volumes:
      - type: volume
        source: mydata
        target: /data
        volume:
          nocopy: true
      - type: bind
        source: ./static
        target: /opt/app/static

  db:
    image: postgres:latest
    volumes:
      - "/var/run/postgres/postgres.sock:/var/run/postgres/postgres.sock"
      - "dbdata:/var/lib/postgresql/data"

volumes:
  mydata:
  dbdata:

• Short syntax

volumes:
  # Just specify a path and let the Engine create a volume
  - /var/lib/mysql

  # Specify an absolute path mapping
  - /opt/data:/var/lib/mysql

  # Path on the host, relative to the Compose file
  - ./cache:/tmp/cache

  # User-relative path
  - ~/configs:/etc/configs/:ro

  # Named volume
  - datavolume:/var/lib/mysql

• Long syntax

  • type: the mount type volume, bind, tmpfs or npipe
  • source: the source of the mount, a path on the host for a bind mount, or the name of a volume defined in the top-level volumes key. Not applicable for a tmpfs mount.
  • target: the path in the container where the volume is mounted
  • read_only: flag to set the volume as read-only

  • bind: configure additional bind options

    • propagation: the propagation mode used for the bind

  • volume: configure additional volume options

    • nocopy: flag to disable copying of data from a container when a volume is created

  • tmpfs: configure additional tmpfs options

    • size: the size for the tmpfs mount in bytes

version: "3.9"
services:
  web:
    image: nginx:alpine
    ports:
      - "80:80"
    volumes:
      - type: volume
        source: mydata
        target: /data
        volume:
          nocopy: true
      - type: bind
        source: ./static
        target: /opt/app/static

networks:
  webnet:

volumes:
  mydata:

3 Other Fields

3.1 volumes

version: "3.9"

services:
  db:
    image: db
    volumes:
      - data-volume:/var/lib/db
  backup:
    image: backup-service
    volumes:
      - data-volume:/var/lib/backup/data

volumes:
  data-volume:

• driver

driver: foobar

• driver_opts

volumes:
  example:
    driver_opts:
      type: "nfs"
      o: "addr=10.40.0.199,nolock,soft,rw"
      device: ":/docker/example"

• external

version: "3.9"

services:
  db:
    image: postgres
    volumes:
      - data:/var/lib/postgresql/data

volumes:
  data:
    external: true

• labels

labels:
  com.example.description: "Database volume"
  com.example.department: "IT/Ops"
  com.example.label-with-empty-value: ""

labels:
  - "com.example.description=Database volume"
  - "com.example.department=IT/Ops"
  - "com.example.label-with-empty-value"

• name

version: "3.9"
volumes:
  data:
    name: my-app-data

version: "3.9"
volumes:
  data:
    external: true
    name: my-app-data

3.2 networks

• driver

  • bridge
  • overlay
  • host or none
• driver_opts

driver_opts:
  foo: "bar"
  baz: 1

• attachable

networks:
  mynet1:
    driver: overlay
    attachable: true

• ipam

ipam:
  driver: default
  config:
    - subnet: 172.28.0.0/16

• internal

internal: true

• labels

labels:
  com.example.description: "Financial transaction network"
  com.example.department: "Finance"
  com.example.label-with-empty-value: ""

labels:
  - "com.example.description=Financial transaction network"
  - "com.example.department=Finance"
  - "com.example.label-with-empty-value"

• external

version: "3.9"

services:
  proxy:
    build: ./proxy
    networks:
      - outside
      - default
  app:
    build: ./app
    networks:
      - default

networks:
  outside:
    external: true

version: "3.9"
networks:
  outside:
    external:
      name: actual-name-of-network

• name

version: "3.9"
networks:
  network1:
    name: my-app-net

version: "3.9"
networks:
  network1:
    external: true
    name: my-app-net

3.3 configs

• file: The config is created with the contents of the file at the specified path.
• external: If set to true, specifies that this config has already been created. Docker does not attempt to create it, and if it does not exist, a config not found error occurs.
• name: The name of the config object in Docker. This field can be used to reference configs that contain special characters. The name is used as is and will not be scoped with the stack name. Introduced in version 3.5 file format.
• driver and driver_opts: The name of a custom secret driver, and driver-specific options passed as key/value pairs. Introduced in version 3.8 file format, and only supported when using docker stack.
• template_driver: The name of the templating driver to use, which controls whether and how to evaluate the secret payload as a template. If no driver is set, no templating is used. The only driver currently supported is golang, which uses a golang. Introduced in version 3.8 file format, and only supported when using docker stack. Refer to use a templated config for a examples of templated configs.

configs:
  my_first_config:
    file: ./config_data
  my_second_config:
    external: true

configs:
  my_first_config:
    file: ./config_data
  my_second_config:
    external:
      name: redis_config

3.4 secrets

• file: The secret is created with the contents of the file at the specified path.
• external: If set to true, specifies that this secret has already been created. Docker does not attempt to create it, and if it does not exist, a secret not found error occurs.
• name: The name of the secret object in Docker. This field can be used to reference secrets that contain special characters. The name is used as is and will not be scoped with the stack name. Introduced in version 3.5 file format.
• template_driver: The name of the templating driver to use, which controls whether and how to evaluate the secret payload as a template. If no driver is set, no templating is used. The only driver currently supported is golang, which uses a golang. Introduced in version 3.8 file format, and only supported when using docker stack.

secrets:
  my_first_secret:
    file: ./secret_data
  my_second_secret:
    external: true
    name: redis_secret