首页 💦 CloudNative

Yaml 文件最外层分为三层。

version: "3.9"

services:
  service_name:
  my_app:
  db:
  ...:

volumes:
networks:
configs:
secrets:

Reference Links: https://docs.docker.com/compose/compose-file/compose-file-v3/

1 version

1.1 Compose file versions support specific Docker releases

Compose file formatDocker Engine release
Compose specification19.03.0+
3.819.03.0+
3.718.06.0+
3.618.02.0+
3.517.12.0+
3.417.09.0+
3.317.06.0+
3.217.04.0+
3.11.13.1+
3.01.13.0+
2.417.12.0+
2.317.06.0+
2.21.13.0+
2.11.12.0+
2.01.10.0+

1.2 Compose file structure and examples

version: "3.9"
services:

  redis:
    image: redis:alpine
    ports:
      - "6379"
    networks:
      - frontend
    deploy:
      replicas: 2
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure

  db:
    image: postgres:9.4
    volumes:
      - db-data:/var/lib/postgresql/data
    networks:
      - backend
    deploy:
      placement:
        max_replicas_per_node: 1
        constraints:
          - "node.role==manager"

  vote:
    image: dockersamples/examplevotingapp_vote:before
    ports:
      - "5000:80"
    networks:
      - frontend
    depends_on:
      - redis
    deploy:
      replicas: 2
      update_config:
        parallelism: 2
      restart_policy:
        condition: on-failure

  result:
    image: dockersamples/examplevotingapp_result:before
    ports:
      - "5001:80"
    networks:
      - backend
    depends_on:
      - db
    deploy:
      replicas: 1
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure

  worker:
    image: dockersamples/examplevotingapp_worker
    networks:
      - frontend
      - backend
    deploy:
      mode: replicated
      replicas: 1
      labels: [APP=VOTING]
      restart_policy:
        condition: on-failure
        delay: 10s
        max_attempts: 3
        window: 120s
      placement:
        constraints:
          - "node.role==manager"

  visualizer:
    image: dockersamples/visualizer:stable
    ports:
      - "8080:8080"
    stop_grace_period: 1m30s
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    deploy:
      placement:
        constraints:
          - "node.role==manager"

networks:
  frontend:
  backend:

volumes:
  db-data:

2 services

services 字段下是一段一段的服务,服务名自定义,见名知意即可。

eg:

version: "3.9"
services:
  web:
    build: .
    depends_on:
      - mysql
      - redis
  mysql:
    image: mysql:v1
  redis:s
    image: redis:v1

2.1 build

  • context
build:
  context: ./dir
  • dockerfile
build:
  context: .
  dockerfile: Dockerfile-alternate
  • args
build:
  context: .
  args:
    - buildno=1
    - gitcommithash=cdc3b19
  • cache_from
build:
  context: .
  cache_from:
    - alpine:latest
    - corp/web_app:3.14
  • labels
build:
  context: .
  labels:
    com.example.description: "Accounting webapp"
    com.example.department: "Finance"
    com.example.label-with-empty-value: ""
build:
  context: .
  labels:
    - "com.example.description=Accounting webapp"
    - "com.example.department=Finance"
    - "com.example.label-with-empty-value"
  • network
build:
  context: .
  network: host
build:
  context: .
  network: custom_network_1
build:
  context: .
  network: none
  • shm_size
build:
  context: .
  shm_size: '2gb'
build:
  context: .
  shm_size: 10000000
  • target
build:
  context: .
  target: prod

2.2 cap_add, cap_drop

cap_add:
  - ALL

cap_drop:
  - NET_ADMIN
  - SYS_ADMIN

2.3 cgroup_parent

cgroup_parent: m-executor-abcd

2.4 command

command: bundle exec thin -p 3000
command: ["bundle", "exec", "thin", "-p", "3000"]

2.5 configs

  • Short syntax
version: "3.9"
services:
  redis:
    image: redis:latest
    deploy:
      replicas: 1
    configs:
      - my_config
      - my_other_config
configs:
  my_config:
    file: ./my_config.txt
  my_other_config:
    external: true
  • Long syntax
version: "3.9"
services:
  redis:
    image: redis:latest
    deploy:
      replicas: 1
    configs:
      - source: my_config
        target: /redis_config
        uid: '103'
        gid: '103'
        mode: 0440
configs:
  my_config:
    file: ./my_config.txt
  my_other_config:
    external: true

2.6 container_name

container_name: my-web-container

2.7 credential_spec

credential_spec:
  file: my-credential-spec.json
credential_spec:
  registry: my-credential-spec

eg:

version: "3.9"
services:
  myservice:
    image: myimage:latest
    credential_spec:
      config: my_credential_spec

configs:
  my_credentials_spec:
    file: ./my-credential-spec.json|

2.8 depends_on

version: "3.9"
services:
  web:
    build: .
    depends_on:
      - db
      - redis
  redis:
    image: redis
  db:
    image: postgres

2.9 deploy

version: "3.9"
services:
  redis:
    image: redis:alpine
    deploy:
      replicas: 6
      placement:
        max_replicas_per_node: 1
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure
  • endpoint_mode
version: "3.9"

services:
  wordpress:
    image: wordpress
    ports:
      - "8080:80"
    networks:
      - overlay
    deploy:
      mode: replicated
      replicas: 2
      endpoint_mode: vip

  mysql:
    image: mysql
    volumes:
       - db-data:/var/lib/mysql/data
    networks:
       - overlay
    deploy:
      mode: replicated
      replicas: 2
      endpoint_mode: dnsrr

volumes:
  db-data:

networks:
  overlay:
  • labels
version: "3.9"
services:
  web:
    image: web
    deploy:
      labels:
        com.example.description: "This label will appear on the web service"
version: "3.9"
services:
  web:
    image: web
    labels:
      com.example.description: "This label will appear on all containers for the web service"
  • mode
version: "3.9"
services:
  worker:
    image: dockersamples/examplevotingapp_worker
    deploy:
      mode: global
  • placement
version: "3.9"
services:
  db:
    image: postgres
    deploy:
      placement:
        constraints:
          - "node.role==manager"
          - "engine.labels.operatingsystem==ubuntu 18.04"
        preferences:
          - spread: node.labels.zone
  • max_replicas_per_node
version: "3.9"
services:
  worker:
    image: dockersamples/examplevotingapp_worker
    networks:
      - frontend
      - backend
    deploy:
      mode: replicated
      replicas: 6
      placement:
        max_replicas_per_node: 1
  • replicas
version: "3.9"
services:
  worker:
    image: dockersamples/examplevotingapp_worker
    networks:
      - frontend
      - backend
    deploy:
      mode: replicated
      replicas: 6
  • resources
version: "3.9"
services:
  redis:
    image: redis:alpine
    deploy:
      resources:
        limits:
          cpus: '0.50'
          memory: 50M
        reservations:
          cpus: '0.25'
          memory: 20M
  • restart_policy
version: "3.9"
services:
  redis:
    image: redis:alpine
    deploy:
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 120s
  • rollback_config

    • parallelism: The number of containers to rollback at a time. If set to 0, all containers rollback simultaneously.
    • delay: The time to wait between each container group’s rollback (default 0s).
    • failure_action: What to do if a rollback fails. One of continue or pause (default pause)
    • monitor: Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 5s) Note: Setting to 0 will use the default 5s.
    • max_failure_ratio: Failure rate to tolerate during a rollback (default 0).
    • order: Order of operations during rollbacks. One of stop-first (old task is stopped before starting new one), or start-first (new task is started first, and the running tasks briefly overlap) (default stop-first).
  • update_config

    • parallelism: The number of containers to update at a time.
    • delay: The time to wait between updating a group of containers.
    • failure_action: What to do if an update fails. One of continue, rollback, or pause (default: pause).
    • monitor: Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 5s) Note: Setting to 0 will use the default 5s.
    • max_failure_ratio: Failure rate to tolerate during an update.
    • order: Order of operations during updates. One of stop-first (old task is stopped before starting new one), or start-first (new task is started first, and the running tasks briefly overlap) (default stop-first) Note: Only supported for v3.4 and higher.
version: "3.9"
services:
  vote:
    image: dockersamples/examplevotingapp_vote:before
    depends_on:
      - redis
    deploy:
      replicas: 2
      update_config:
        parallelism: 2
        delay: 10s
        order: stop-first

2.10 devices

devices:
  - "/dev/ttyUSB0:/dev/ttyUSB0"

2.11 dns

dns: 8.8.8.8
dns:
  - 8.8.8.8
  - 9.9.9.9

2.12 dns_search

dns_search: example.com
dns_search:
  - dc1.example.com
  - dc2.example.com

2.13 entrypoint

entrypoint: /code/entrypoint.sh
entrypoint: ["php", "-d", "memory_limit=-1", "vendor/bin/phpunit"]

2.14 env_file

env_file: .env
env_file:
  - ./common.env
  - ./apps/web.env
  - /opt/runtime_opts.env

2.15 environment

environment:
  RACK_ENV: development
  SHOW: 'true'
  SESSION_SECRET:
environment:
  - RACK_ENV=development
  - SHOW=true
  - SESSION_SECRET

2.16 expose

expose:
  - "3000"
  - "8000"

2.17 external_links

external_links:
  - redis_1
  - project_db_1:mysql
  - project_db_1:postgresql

2.18 extra_hosts

extra_hosts:
  - "somehost:162.242.195.82"
  - "otherhost:50.31.209.229"

2.19 healthcheck

healthcheck:
  test: ["CMD", "curl", "-f", "http://localhost"]
  interval: 1m30s
  timeout: 10s
  retries: 3
  start_period: 40s

2.20 image

image: redis
image: ubuntu:18.04
image: tutum/influxdb
image: example-registry.com:4000/postgresql
image: a4bc65fd

2.21 init

version: "3.9"
services:
  web:
    image: alpine:latest
    init: true

2.22 isolation

2.23 labels

labels:
  com.example.description: "Accounting webapp"
  com.example.department: "Finance"
  com.example.label-with-empty-value: ""
labels:
  - "com.example.description=Accounting webapp"
  - "com.example.department=Finance"
  - "com.example.label-with-empty-value"

2.24 links

web:
  links:
    - "db"
    - "db:database"
    - "redis"

2.25 logging

logging:
  driver: syslog
  options:
    syslog-address: "tcp://192.168.0.42:123"
driver: "json-file"

driver: "syslog"

driver: "none"

eg:

version: "3.9"
services:
  some-service:
    image: some-service
    logging:
      driver: "json-file"
      options:
        max-size: "200k"
        max-file: "10"

2.26 network_mode

network_mode: "bridge"

network_mode: "host"

network_mode: "none"

network_mode: "service:[service name]"

network_mode: "container:[container name/id]"

2.27 networks

services:
  some-service:
    networks:
     - some-network
     - other-network
  • aliases
services:
  some-service:
    networks:
      some-network:
        aliases:
          - alias1
          - alias3
      other-network:
        aliases:
          - alias2

eg:

version: "3.9"

services:
  web:
    image: "nginx:alpine"
    networks:
      - new

  worker:
    image: "my-worker-image:latest"
    networks:
      - legacy

  db:
    image: mysql
    networks:
      new:
        aliases:
          - database
      legacy:
        aliases:
          - mysql

networks:
  new:
  legacy:
  • ipv4_address, ipv6_address
version: "3.9"

services:
  app:
    image: nginx:alpine
    networks:
      app_net:
        ipv4_address: 172.16.238.10
        ipv6_address: 2001:3984:3989::10

networks:
  app_net:
    ipam:
      driver: default
      config:
        - subnet: "172.16.238.0/24"
        - subnet: "2001:3984:3989::/64"

2.28 pid

pid: "host"

2.29 ports

  • Short syntax
ports:
  - "3000"
  - "3000-3005"
  - "8000:8000"
  - "9090-9091:8080-8081"
  - "49100:22"
  - "127.0.0.1:8001:8001"
  - "127.0.0.1:5000-5010:5000-5010"
  - "127.0.0.1::5000"
  - "6060:6060/udp"
  - "12400-12500:1240"
  • Long syntax

    • target: the port inside the container
    • published: the publicly exposed port
    • protocol: the port protocol (tcp or udp)
    • mode: host for publishing a host port on each node, or ingress for a swarm mode port to be load balanced.
ports:
  - target: 80
    published: 8080
    protocol: tcp
    mode: host

2.30 profiles

profiles: ["frontend", "debug"]
profiles:
  - frontend
  - debug

2.31 restart

restart: "no"
restart: always
restart: on-failure
restart: unless-stopped

2.32 secrets

  • Short syntax
version: "3.9"
services:
  redis:
    image: redis:latest
    deploy:
      replicas: 1
    secrets:
      - my_secret
      - my_other_secret
secrets:
  my_secret:
    file: ./my_secret.txt
  my_other_secret:
    external: true
  • Long syntax

    • source: The identifier of the secret as it is defined in this configuration.
    • target: The name of the file to be mounted in /run/secrets/ in the service’s task containers. Defaults to source if not specified.
    • uid and gid: The numeric UID or GID that owns the file within /run/secrets/ in the service’s task containers. Both default to 0 if not specified.
    • mode: The permissions for the file to be mounted in /run/secrets/ in the service’s task containers, in octal notation. For instance, 0444 represents world-readable. The default in Docker 1.13.1 is 0000, but is be 0444 in newer versions. Secrets cannot be writable because they are mounted in a temporary filesystem, so if you set the writable bit, it is ignored. The executable bit can be set. If you aren’t familiar with UNIX file permission modes, you may find this permissions calculator useful.
version: "3.9"
services:
  redis:
    image: redis:latest
    deploy:
      replicas: 1
    secrets:
      - source: my_secret
        target: redis_secret
        uid: '103'
        gid: '103'
        mode: 0440
secrets:
  my_secret:
    file: ./my_secret.txt
  my_other_secret:
    external: true

2.33 security_opt

security_opt:
  - label:user:USER
  - label:role:ROLE

2.34 stop_grace_period

stop_grace_period: 1s
stop_grace_period: 1m30s

2.35 stop_signal

stop_signal: SIGUSR1

2.36 sysctls

sysctls:
  net.core.somaxconn: 1024
  net.ipv4.tcp_syncookies: 0
sysctls:
  - net.core.somaxconn=1024
  - net.ipv4.tcp_syncookies=0

2.37 tmpfs

tmpfs: /run
tmpfs:
  - /run
  - /tmp

eg:

- type: tmpfs
  target: /app
  tmpfs:
    size: 1000

2.38 ulimits

ulimits:
  nproc: 65535
  nofile:
    soft: 20000
    hard: 40000

2.39 userns_mode

userns_mode: "host"

2.40 volumes

version: "3.9"
services:
  web:
    image: nginx:alpine
    volumes:
      - type: volume
        source: mydata
        target: /data
        volume:
          nocopy: true
      - type: bind
        source: ./static
        target: /opt/app/static

  db:
    image: postgres:latest
    volumes:
      - "/var/run/postgres/postgres.sock:/var/run/postgres/postgres.sock"
      - "dbdata:/var/lib/postgresql/data"

volumes:
  mydata:
  dbdata:
  • Short syntax
volumes:
  # Just specify a path and let the Engine create a volume
  - /var/lib/mysql

  # Specify an absolute path mapping
  - /opt/data:/var/lib/mysql

  # Path on the host, relative to the Compose file
  - ./cache:/tmp/cache

  # User-relative path
  - ~/configs:/etc/configs/:ro

  # Named volume
  - datavolume:/var/lib/mysql
  • Long syntax

    • type: the mount type volume, bind, tmpfs or npipe
    • source: the source of the mount, a path on the host for a bind mount, or the name of a volume defined in the top-level volumes key. Not applicable for a tmpfs mount.
    • target: the path in the container where the volume is mounted
    • read_only: flag to set the volume as read-only
    • bind: configure additional bind options

      • propagation: the propagation mode used for the bind
    • volume: configure additional volume options

      • nocopy: flag to disable copying of data from a container when a volume is created
    • tmpfs: configure additional tmpfs options

      • size: the size for the tmpfs mount in bytes
version: "3.9"
services:
  web:
    image: nginx:alpine
    ports:
      - "80:80"
    volumes:
      - type: volume
        source: mydata
        target: /data
        volume:
          nocopy: true
      - type: bind
        source: ./static
        target: /opt/app/static

networks:
  webnet:

volumes:
  mydata:

3 Other Fields

3.1 volumes

version: "3.9"

services:
  db:
    image: db
    volumes:
      - data-volume:/var/lib/db
  backup:
    image: backup-service
    volumes:
      - data-volume:/var/lib/backup/data

volumes:
  data-volume:
  • driver
driver: foobar
  • driver_opts
volumes:
  example:
    driver_opts:
      type: "nfs"
      o: "addr=10.40.0.199,nolock,soft,rw"
      device: ":/docker/example"
  • external
version: "3.9"

services:
  db:
    image: postgres
    volumes:
      - data:/var/lib/postgresql/data

volumes:
  data:
    external: true
  • labels
labels:
  com.example.description: "Database volume"
  com.example.department: "IT/Ops"
  com.example.label-with-empty-value: ""
labels:
  - "com.example.description=Database volume"
  - "com.example.department=IT/Ops"
  - "com.example.label-with-empty-value"
  • name
version: "3.9"
volumes:
  data:
    name: my-app-data
version: "3.9"
volumes:
  data:
    external: true
    name: my-app-data

3.2 networks

  • driver

    • bridge
    • overlay
    • host or none
  • driver_opts
driver_opts:
  foo: "bar"
  baz: 1
  • attachable
networks:
  mynet1:
    driver: overlay
    attachable: true
  • ipam
ipam:
  driver: default
  config:
    - subnet: 172.28.0.0/16
  • internal
internal: true
  • labels
labels:
  com.example.description: "Financial transaction network"
  com.example.department: "Finance"
  com.example.label-with-empty-value: ""
labels:
  - "com.example.description=Financial transaction network"
  - "com.example.department=Finance"
  - "com.example.label-with-empty-value"
  • external
version: "3.9"

services:
  proxy:
    build: ./proxy
    networks:
      - outside
      - default
  app:
    build: ./app
    networks:
      - default

networks:
  outside:
    external: true
version: "3.9"
networks:
  outside:
    external:
      name: actual-name-of-network
  • name
version: "3.9"
networks:
  network1:
    name: my-app-net
version: "3.9"
networks:
  network1:
    external: true
    name: my-app-net

3.3 configs

  • file: The config is created with the contents of the file at the specified path.
  • external: If set to true, specifies that this config has already been created. Docker does not attempt to create it, and if it does not exist, a config not found error occurs.
  • name: The name of the config object in Docker. This field can be used to reference configs that contain special characters. The name is used as is and will not be scoped with the stack name. Introduced in version 3.5 file format.
  • driver and driver_opts: The name of a custom secret driver, and driver-specific options passed as key/value pairs. Introduced in version 3.8 file format, and only supported when using docker stack.
  • template_driver: The name of the templating driver to use, which controls whether and how to evaluate the secret payload as a template. If no driver is set, no templating is used. The only driver currently supported is golang, which uses a golang. Introduced in version 3.8 file format, and only supported when using docker stack. Refer to use a templated config for a examples of templated configs.
configs:
  my_first_config:
    file: ./config_data
  my_second_config:
    external: true
configs:
  my_first_config:
    file: ./config_data
  my_second_config:
    external:
      name: redis_config

3.4 secrets

  • file: The secret is created with the contents of the file at the specified path.
  • external: If set to true, specifies that this secret has already been created. Docker does not attempt to create it, and if it does not exist, a secret not found error occurs.
  • name: The name of the secret object in Docker. This field can be used to reference secrets that contain special characters. The name is used as is and will not be scoped with the stack name. Introduced in version 3.5 file format.
  • template_driver: The name of the templating driver to use, which controls whether and how to evaluate the secret payload as a template. If no driver is set, no templating is used. The only driver currently supported is golang, which uses a golang. Introduced in version 3.8 file format, and only supported when using docker stack.
secrets:
  my_first_secret:
    file: ./secret_data
  my_second_secret:
    external: true
    name: redis_secret



文章评论

目录