Yaml 文件最外层分为三层。
version: "3.9"
services:
service_name:
my_app:
db:
...:
volumes:
networks:
configs:
secrets:
Reference Links: https://docs.docker.com/compose/compose-file/compose-file-v3/
1 version
1.1 Compose file versions support specific Docker releases
Compose file format | Docker Engine release |
---|---|
Compose specification | 19.03.0+ |
3.8 | 19.03.0+ |
3.7 | 18.06.0+ |
3.6 | 18.02.0+ |
3.5 | 17.12.0+ |
3.4 | 17.09.0+ |
3.3 | 17.06.0+ |
3.2 | 17.04.0+ |
3.1 | 1.13.1+ |
3.0 | 1.13.0+ |
2.4 | 17.12.0+ |
2.3 | 17.06.0+ |
2.2 | 1.13.0+ |
2.1 | 1.12.0+ |
2.0 | 1.10.0+ |
1.2 Compose file structure and examples
version: "3.9"
services:
redis:
image: redis:alpine
ports:
- "6379"
networks:
- frontend
deploy:
replicas: 2
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
db:
image: postgres:9.4
volumes:
- db-data:/var/lib/postgresql/data
networks:
- backend
deploy:
placement:
max_replicas_per_node: 1
constraints:
- "node.role==manager"
vote:
image: dockersamples/examplevotingapp_vote:before
ports:
- "5000:80"
networks:
- frontend
depends_on:
- redis
deploy:
replicas: 2
update_config:
parallelism: 2
restart_policy:
condition: on-failure
result:
image: dockersamples/examplevotingapp_result:before
ports:
- "5001:80"
networks:
- backend
depends_on:
- db
deploy:
replicas: 1
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
worker:
image: dockersamples/examplevotingapp_worker
networks:
- frontend
- backend
deploy:
mode: replicated
replicas: 1
labels: [APP=VOTING]
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 3
window: 120s
placement:
constraints:
- "node.role==manager"
visualizer:
image: dockersamples/visualizer:stable
ports:
- "8080:8080"
stop_grace_period: 1m30s
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
deploy:
placement:
constraints:
- "node.role==manager"
networks:
frontend:
backend:
volumes:
db-data:
2 services
services 字段下是一段一段的服务,服务名自定义,见名知意即可。
eg:
version: "3.9"
services:
web:
build: .
depends_on:
- mysql
- redis
mysql:
image: mysql:v1
redis:s
image: redis:v1
2.1 build
- context
build:
context: ./dir
- dockerfile
build:
context: .
dockerfile: Dockerfile-alternate
- args
build:
context: .
args:
- buildno=1
- gitcommithash=cdc3b19
- cache_from
build:
context: .
cache_from:
- alpine:latest
- corp/web_app:3.14
- labels
build:
context: .
labels:
com.example.description: "Accounting webapp"
com.example.department: "Finance"
com.example.label-with-empty-value: ""
build:
context: .
labels:
- "com.example.description=Accounting webapp"
- "com.example.department=Finance"
- "com.example.label-with-empty-value"
- network
build:
context: .
network: host
build:
context: .
network: custom_network_1
build:
context: .
network: none
- shm_size
build:
context: .
shm_size: '2gb'
build:
context: .
shm_size: 10000000
- target
build:
context: .
target: prod
2.2 cap_add, cap_drop
cap_add:
- ALL
cap_drop:
- NET_ADMIN
- SYS_ADMIN
2.3 cgroup_parent
cgroup_parent: m-executor-abcd
2.4 command
command: bundle exec thin -p 3000
command: ["bundle", "exec", "thin", "-p", "3000"]
2.5 configs
- Short syntax
version: "3.9"
services:
redis:
image: redis:latest
deploy:
replicas: 1
configs:
- my_config
- my_other_config
configs:
my_config:
file: ./my_config.txt
my_other_config:
external: true
- Long syntax
version: "3.9"
services:
redis:
image: redis:latest
deploy:
replicas: 1
configs:
- source: my_config
target: /redis_config
uid: '103'
gid: '103'
mode: 0440
configs:
my_config:
file: ./my_config.txt
my_other_config:
external: true
2.6 container_name
container_name: my-web-container
2.7 credential_spec
credential_spec:
file: my-credential-spec.json
credential_spec:
registry: my-credential-spec
eg:
version: "3.9"
services:
myservice:
image: myimage:latest
credential_spec:
config: my_credential_spec
configs:
my_credentials_spec:
file: ./my-credential-spec.json|
2.8 depends_on
version: "3.9"
services:
web:
build: .
depends_on:
- db
- redis
redis:
image: redis
db:
image: postgres
2.9 deploy
version: "3.9"
services:
redis:
image: redis:alpine
deploy:
replicas: 6
placement:
max_replicas_per_node: 1
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
- endpoint_mode
version: "3.9"
services:
wordpress:
image: wordpress
ports:
- "8080:80"
networks:
- overlay
deploy:
mode: replicated
replicas: 2
endpoint_mode: vip
mysql:
image: mysql
volumes:
- db-data:/var/lib/mysql/data
networks:
- overlay
deploy:
mode: replicated
replicas: 2
endpoint_mode: dnsrr
volumes:
db-data:
networks:
overlay:
- labels
version: "3.9"
services:
web:
image: web
deploy:
labels:
com.example.description: "This label will appear on the web service"
version: "3.9"
services:
web:
image: web
labels:
com.example.description: "This label will appear on all containers for the web service"
- mode
version: "3.9"
services:
worker:
image: dockersamples/examplevotingapp_worker
deploy:
mode: global
- placement
version: "3.9"
services:
db:
image: postgres
deploy:
placement:
constraints:
- "node.role==manager"
- "engine.labels.operatingsystem==ubuntu 18.04"
preferences:
- spread: node.labels.zone
- max_replicas_per_node
version: "3.9"
services:
worker:
image: dockersamples/examplevotingapp_worker
networks:
- frontend
- backend
deploy:
mode: replicated
replicas: 6
placement:
max_replicas_per_node: 1
- replicas
version: "3.9"
services:
worker:
image: dockersamples/examplevotingapp_worker
networks:
- frontend
- backend
deploy:
mode: replicated
replicas: 6
- resources
version: "3.9"
services:
redis:
image: redis:alpine
deploy:
resources:
limits:
cpus: '0.50'
memory: 50M
reservations:
cpus: '0.25'
memory: 20M
- restart_policy
version: "3.9"
services:
redis:
image: redis:alpine
deploy:
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
rollback_config
parallelism
: The number of containers to rollback at a time. If set to 0, all containers rollback simultaneously.delay
: The time to wait between each container group’s rollback (default 0s).failure_action
: What to do if a rollback fails. One ofcontinue
orpause
(defaultpause
)monitor
: Duration after each task update to monitor for failure(ns|us|ms|s|m|h)
(default 5s) Note: Setting to 0 will use the default 5s.max_failure_ratio
: Failure rate to tolerate during a rollback (default 0).order
: Order of operations during rollbacks. One ofstop-first
(old task is stopped before starting new one), orstart-first
(new task is started first, and the running tasks briefly overlap) (defaultstop-first
).
update_config
parallelism
: The number of containers to update at a time.delay
: The time to wait between updating a group of containers.failure_action
: What to do if an update fails. One ofcontinue
,rollback
, orpause
(default:pause
).monitor
: Duration after each task update to monitor for failure(ns|us|ms|s|m|h)
(default 5s) Note: Setting to 0 will use the default 5s.max_failure_ratio
: Failure rate to tolerate during an update.order
: Order of operations during updates. One ofstop-first
(old task is stopped before starting new one), orstart-first
(new task is started first, and the running tasks briefly overlap) (defaultstop-first
) Note: Only supported for v3.4 and higher.
version: "3.9"
services:
vote:
image: dockersamples/examplevotingapp_vote:before
depends_on:
- redis
deploy:
replicas: 2
update_config:
parallelism: 2
delay: 10s
order: stop-first
not supported for
docker stack deploy
2.10 devices
devices:
- "/dev/ttyUSB0:/dev/ttyUSB0"
2.11 dns
dns: 8.8.8.8
dns:
- 8.8.8.8
- 9.9.9.9
2.12 dns_search
dns_search: example.com
dns_search:
- dc1.example.com
- dc2.example.com
2.13 entrypoint
entrypoint: /code/entrypoint.sh
entrypoint: ["php", "-d", "memory_limit=-1", "vendor/bin/phpunit"]
2.14 env_file
env_file: .env
env_file:
- ./common.env
- ./apps/web.env
- /opt/runtime_opts.env
2.15 environment
environment:
RACK_ENV: development
SHOW: 'true'
SESSION_SECRET:
environment:
- RACK_ENV=development
- SHOW=true
- SESSION_SECRET
2.16 expose
expose:
- "3000"
- "8000"
2.17 external_links
external_links:
- redis_1
- project_db_1:mysql
- project_db_1:postgresql
2.18 extra_hosts
extra_hosts:
- "somehost:162.242.195.82"
- "otherhost:50.31.209.229"
2.19 healthcheck
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
interval: 1m30s
timeout: 10s
retries: 3
start_period: 40s
2.20 image
image: redis
image: ubuntu:18.04
image: tutum/influxdb
image: example-registry.com:4000/postgresql
image: a4bc65fd
2.21 init
version: "3.9"
services:
web:
image: alpine:latest
init: true
2.22 isolation
2.23 labels
labels:
com.example.description: "Accounting webapp"
com.example.department: "Finance"
com.example.label-with-empty-value: ""
labels:
- "com.example.description=Accounting webapp"
- "com.example.department=Finance"
- "com.example.label-with-empty-value"
2.24 links
web:
links:
- "db"
- "db:database"
- "redis"
2.25 logging
logging:
driver: syslog
options:
syslog-address: "tcp://192.168.0.42:123"
driver: "json-file"
driver: "syslog"
driver: "none"
eg:
version: "3.9"
services:
some-service:
image: some-service
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
2.26 network_mode
network_mode: "bridge"
network_mode: "host"
network_mode: "none"
network_mode: "service:[service name]"
network_mode: "container:[container name/id]"
2.27 networks
services:
some-service:
networks:
- some-network
- other-network
- aliases
services:
some-service:
networks:
some-network:
aliases:
- alias1
- alias3
other-network:
aliases:
- alias2
eg:
version: "3.9"
services:
web:
image: "nginx:alpine"
networks:
- new
worker:
image: "my-worker-image:latest"
networks:
- legacy
db:
image: mysql
networks:
new:
aliases:
- database
legacy:
aliases:
- mysql
networks:
new:
legacy:
- ipv4_address, ipv6_address
version: "3.9"
services:
app:
image: nginx:alpine
networks:
app_net:
ipv4_address: 172.16.238.10
ipv6_address: 2001:3984:3989::10
networks:
app_net:
ipam:
driver: default
config:
- subnet: "172.16.238.0/24"
- subnet: "2001:3984:3989::/64"
2.28 pid
pid: "host"
2.29 ports
- Short syntax
ports:
- "3000"
- "3000-3005"
- "8000:8000"
- "9090-9091:8080-8081"
- "49100:22"
- "127.0.0.1:8001:8001"
- "127.0.0.1:5000-5010:5000-5010"
- "127.0.0.1::5000"
- "6060:6060/udp"
- "12400-12500:1240"
Long syntax
target
: the port inside the containerpublished
: the publicly exposed portprotocol
: the port protocol (tcp
orudp
)mode
:host
for publishing a host port on each node, oringress
for a swarm mode port to be load balanced.
ports:
- target: 80
published: 8080
protocol: tcp
mode: host
2.30 profiles
profiles: ["frontend", "debug"]
profiles:
- frontend
- debug
2.31 restart
restart: "no"
restart: always
restart: on-failure
restart: unless-stopped
2.32 secrets
- Short syntax
version: "3.9"
services:
redis:
image: redis:latest
deploy:
replicas: 1
secrets:
- my_secret
- my_other_secret
secrets:
my_secret:
file: ./my_secret.txt
my_other_secret:
external: true
Long syntax
source
: The identifier of the secret as it is defined in this configuration.target
: The name of the file to be mounted in/run/secrets/
in the service’s task containers. Defaults tosource
if not specified.uid
andgid
: The numeric UID or GID that owns the file within/run/secrets/
in the service’s task containers. Both default to0
if not specified.mode
: The permissions for the file to be mounted in/run/secrets/
in the service’s task containers, in octal notation. For instance,0444
represents world-readable. The default in Docker 1.13.1 is0000
, but is be0444
in newer versions. Secrets cannot be writable because they are mounted in a temporary filesystem, so if you set the writable bit, it is ignored. The executable bit can be set. If you aren’t familiar with UNIX file permission modes, you may find this permissions calculator useful.
version: "3.9"
services:
redis:
image: redis:latest
deploy:
replicas: 1
secrets:
- source: my_secret
target: redis_secret
uid: '103'
gid: '103'
mode: 0440
secrets:
my_secret:
file: ./my_secret.txt
my_other_secret:
external: true
2.33 security_opt
security_opt:
- label:user:USER
- label:role:ROLE
2.34 stop_grace_period
stop_grace_period: 1s
stop_grace_period: 1m30s
2.35 stop_signal
stop_signal: SIGUSR1
2.36 sysctls
sysctls:
net.core.somaxconn: 1024
net.ipv4.tcp_syncookies: 0
sysctls:
- net.core.somaxconn=1024
- net.ipv4.tcp_syncookies=0
2.37 tmpfs
tmpfs: /run
tmpfs:
- /run
- /tmp
eg:
- type: tmpfs
target: /app
tmpfs:
size: 1000
2.38 ulimits
ulimits:
nproc: 65535
nofile:
soft: 20000
hard: 40000
2.39 userns_mode
userns_mode: "host"
2.40 volumes
version: "3.9"
services:
web:
image: nginx:alpine
volumes:
- type: volume
source: mydata
target: /data
volume:
nocopy: true
- type: bind
source: ./static
target: /opt/app/static
db:
image: postgres:latest
volumes:
- "/var/run/postgres/postgres.sock:/var/run/postgres/postgres.sock"
- "dbdata:/var/lib/postgresql/data"
volumes:
mydata:
dbdata:
- Short syntax
volumes:
# Just specify a path and let the Engine create a volume
- /var/lib/mysql
# Specify an absolute path mapping
- /opt/data:/var/lib/mysql
# Path on the host, relative to the Compose file
- ./cache:/tmp/cache
# User-relative path
- ~/configs:/etc/configs/:ro
# Named volume
- datavolume:/var/lib/mysql
Long syntax
type
: the mount typevolume
,bind
,tmpfs
ornpipe
source
: the source of the mount, a path on the host for a bind mount, or the name of a volume defined in the top-levelvolumes
key. Not applicable for a tmpfs mount.target
: the path in the container where the volume is mountedread_only
: flag to set the volume as read-onlybind
: configure additional bind optionspropagation
: the propagation mode used for the bind
volume
: configure additional volume optionsnocopy
: flag to disable copying of data from a container when a volume is created
tmpfs
: configure additional tmpfs optionssize
: the size for the tmpfs mount in bytes
version: "3.9"
services:
web:
image: nginx:alpine
ports:
- "80:80"
volumes:
- type: volume
source: mydata
target: /data
volume:
nocopy: true
- type: bind
source: ./static
target: /opt/app/static
networks:
webnet:
volumes:
mydata:
3 Other Fields
3.1 volumes
version: "3.9"
services:
db:
image: db
volumes:
- data-volume:/var/lib/db
backup:
image: backup-service
volumes:
- data-volume:/var/lib/backup/data
volumes:
data-volume:
- driver
driver: foobar
- driver_opts
volumes:
example:
driver_opts:
type: "nfs"
o: "addr=10.40.0.199,nolock,soft,rw"
device: ":/docker/example"
- external
version: "3.9"
services:
db:
image: postgres
volumes:
- data:/var/lib/postgresql/data
volumes:
data:
external: true
- labels
labels:
com.example.description: "Database volume"
com.example.department: "IT/Ops"
com.example.label-with-empty-value: ""
labels:
- "com.example.description=Database volume"
- "com.example.department=IT/Ops"
- "com.example.label-with-empty-value"
- name
version: "3.9"
volumes:
data:
name: my-app-data
version: "3.9"
volumes:
data:
external: true
name: my-app-data
3.2 networks
driver
- bridge
- overlay
- host or none
- driver_opts
driver_opts:
foo: "bar"
baz: 1
- attachable
networks:
mynet1:
driver: overlay
attachable: true
- ipam
ipam:
driver: default
config:
- subnet: 172.28.0.0/16
- internal
internal: true
- labels
labels:
com.example.description: "Financial transaction network"
com.example.department: "Finance"
com.example.label-with-empty-value: ""
labels:
- "com.example.description=Financial transaction network"
- "com.example.department=Finance"
- "com.example.label-with-empty-value"
- external
version: "3.9"
services:
proxy:
build: ./proxy
networks:
- outside
- default
app:
build: ./app
networks:
- default
networks:
outside:
external: true
version: "3.9"
networks:
outside:
external:
name: actual-name-of-network
- name
version: "3.9"
networks:
network1:
name: my-app-net
version: "3.9"
networks:
network1:
external: true
name: my-app-net
3.3 configs
file
: The config is created with the contents of the file at the specified path.external
: If set to true, specifies that this config has already been created. Docker does not attempt to create it, and if it does not exist, aconfig not found
error occurs.name
: The name of the config object in Docker. This field can be used to reference configs that contain special characters. The name is used as is and will not be scoped with the stack name. Introduced in version 3.5 file format.driver
anddriver_opts
: The name of a custom secret driver, and driver-specific options passed as key/value pairs. Introduced in version 3.8 file format, and only supported when usingdocker stack
.template_driver
: The name of the templating driver to use, which controls whether and how to evaluate the secret payload as a template. If no driver is set, no templating is used. The only driver currently supported isgolang
, which uses agolang
. Introduced in version 3.8 file format, and only supported when usingdocker stack
. Refer to use a templated config for a examples of templated configs.
configs:
my_first_config:
file: ./config_data
my_second_config:
external: true
configs:
my_first_config:
file: ./config_data
my_second_config:
external:
name: redis_config
3.4 secrets
file
: The secret is created with the contents of the file at the specified path.external
: If set to true, specifies that this secret has already been created. Docker does not attempt to create it, and if it does not exist, asecret not found
error occurs.name
: The name of the secret object in Docker. This field can be used to reference secrets that contain special characters. The name is used as is and will not be scoped with the stack name. Introduced in version 3.5 file format.template_driver
: The name of the templating driver to use, which controls whether and how to evaluate the secret payload as a template. If no driver is set, no templating is used. The only driver currently supported isgolang
, which uses agolang
. Introduced in version 3.8 file format, and only supported when usingdocker stack
.
secrets:
my_first_secret:
file: ./secret_data
my_second_secret:
external: true
name: redis_secret