pub struct HostConfig {
Show 70 fields pub auto_remove: Option<bool>, pub binds: Option<Vec<String, Global>>, pub blkio_device_read_bps: Option<Vec<ThrottleDevice, Global>>, pub blkio_device_read_i_ops: Option<Vec<ThrottleDevice, Global>>, pub blkio_device_write_bps: Option<Vec<ThrottleDevice, Global>>, pub blkio_device_write_i_ops: Option<Vec<ThrottleDevice, Global>>, pub blkio_weight: Option<usize>, pub blkio_weight_device: Option<Vec<HostConfigBlkioWeightDeviceInlineItem, Global>>, pub cap_add: Option<Vec<String, Global>>, pub cap_drop: Option<Vec<String, Global>>, pub cgroup: Option<String>, pub cgroup_parent: Option<String>, pub cgroupns_mode: Option<String>, pub console_size: Option<Vec<usize, Global>>, pub container_id_file: Option<String>, pub cpu_count: Option<i64>, pub cpu_percent: Option<i64>, pub cpu_period: Option<i64>, pub cpu_quota: Option<i64>, pub cpu_realtime_period: Option<i64>, pub cpu_realtime_runtime: Option<i64>, pub cpu_shares: Option<usize>, pub cpuset_cpus: Option<String>, pub cpuset_mems: Option<String>, pub device_cgroup_rules: Option<Vec<String, Global>>, pub device_requests: Option<Vec<DeviceRequest, Global>>, pub devices: Option<Vec<DeviceMapping, Global>>, pub dns: Option<Vec<String, Global>>, pub dns_options: Option<Vec<String, Global>>, pub dns_search: Option<Vec<String, Global>>, pub extra_hosts: Option<Vec<String, Global>>, pub group_add: Option<Vec<String, Global>>, pub io_maximum_bandwidth: Option<i64>, pub io_maximum_i_ops: Option<i64>, pub init: Option<bool>, pub ipc_mode: Option<String>, pub isolation: Option<String>, pub kernel_memory: Option<i64>, pub kernel_memory_tcp: Option<i64>, pub links: Option<Vec<String, Global>>, pub log_config: Option<HostConfigLogConfigInlineItem>, pub masked_paths: Option<Vec<String, Global>>, pub memory: Option<i64>, pub memory_reservation: Option<i64>, pub memory_swap: Option<i64>, pub memory_swappiness: Option<i64>, pub mounts: Option<Vec<Mount, Global>>, pub nano_cpus: Option<i64>, pub network_mode: Option<String>, pub oom_kill_disable: Option<bool>, pub oom_score_adj: Option<usize>, pub pid_mode: Option<String>, pub pids_limit: Option<i64>, pub port_bindings: Option<HashMap<String, Vec<PortBinding, Global>, RandomState>>, pub privileged: Option<bool>, pub publish_all_ports: Option<bool>, pub readonly_paths: Option<Vec<String, Global>>, pub readonly_rootfs: Option<bool>, pub restart_policy: Option<RestartPolicy>, pub runtime: Option<String>, pub security_opt: Option<Vec<String, Global>>, pub shm_size: Option<usize>, pub storage_opt: Option<HashMap<String, String, RandomState>>, pub sysctls: Option<HashMap<String, String, RandomState>>, pub tmpfs: Option<HashMap<String, String, RandomState>>, pub uts_mode: Option<String>, pub ulimits: Option<Vec<HostConfigUlimitsInlineItem, Global>>, pub userns_mode: Option<String>, pub volume_driver: Option<String>, pub volumes_from: Option<Vec<String, Global>>,
}
Expand description

Container configuration that depends on the host we are running on

Fields

auto_remove: Option<bool>

Automatically remove the container when the container’s process exits. This has no effect if RestartPolicy is set.

binds: Option<Vec<String, Global>>

A list of volume bindings for this container. Each volume binding is a string in one of these forms:

  • host-src:container-dest[:options] to bind-mount a host path into the container. Both host-src, and container-dest must be an absolute path.
  • volume-name:container-dest[:options] to bind-mount a volume managed by a volume driver into the container. container-dest must be an absolute path.

options is an optional, comma-delimited list of:

  • nocopy disables automatic copying of data from the container path to the volume. The nocopy flag only applies to named volumes.
  • [ro|rw] mounts a volume read-only or read-write, respectively. If omitted or set to rw, volumes are mounted read-write.
  • [z|Z] applies SELinux labels to allow or deny multiple containers to read and write to the same volume.
    • z: a shared content label is applied to the content. This label indicates that multiple containers can share the volume content, for both reading and writing.
    • Z: a private unshared label is applied to the content. This label indicates that only the current container can use a private volume. Labeling systems such as SELinux require proper labels to be placed on volume content that is mounted into a container. Without a label, the security system can prevent a container’s processes from using the content. By default, the labels set by the host operating system are not modified.
  • [[r]shared|[r]slave|[r]private] specifies mount propagation behavior. This only applies to bind-mounted volumes, not internal volumes or named volumes. Mount propagation requires the source mount point (the location where the source directory is mounted in the host operating system) to have the correct propagation properties. For shared volumes, the source mount point must be set to shared. For slave volumes, the mount must be set to either shared or slave.
blkio_device_read_bps: Option<Vec<ThrottleDevice, Global>>

Limit read rate (bytes per second) from a device, in the form:

[{"Path": "device_path", "Rate": rate}]
blkio_device_read_i_ops: Option<Vec<ThrottleDevice, Global>>

Limit read rate (IO per second) from a device, in the form:

[{"Path": "device_path", "Rate": rate}]
blkio_device_write_bps: Option<Vec<ThrottleDevice, Global>>

Limit write rate (bytes per second) to a device, in the form:

[{"Path": "device_path", "Rate": rate}]
blkio_device_write_i_ops: Option<Vec<ThrottleDevice, Global>>

Limit write rate (IO per second) to a device, in the form:

[{"Path": "device_path", "Rate": rate}]
blkio_weight: Option<usize>

Block IO weight (relative weight).

blkio_weight_device: Option<Vec<HostConfigBlkioWeightDeviceInlineItem, Global>>

Block IO weight (relative device weight) in the form:

[{"Path": "device_path", "Weight": weight}]
cap_add: Option<Vec<String, Global>>

A list of kernel capabilities to add to the container. Conflicts with option ‘Capabilities’.

cap_drop: Option<Vec<String, Global>>

A list of kernel capabilities to drop from the container. Conflicts with option ‘Capabilities’.

cgroup: Option<String>

Cgroup to use for the container.

cgroup_parent: Option<String>

Path to cgroups under which the container’s cgroup is created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups are created if they do not already exist.

cgroupns_mode: Option<String>

cgroup namespace mode for the container. Possible values are:

  • "private": the container runs in its own private cgroup namespace
  • "host": use the host system’s cgroup namespace

If not specified, the daemon default is used, which can either be "private" or "host", depending on daemon version, kernel support and configuration.

console_size: Option<Vec<usize, Global>>

Initial console size, as an [height, width] array. (Windows only)

container_id_file: Option<String>

Path to a file where the container ID is written

cpu_count: Option<i64>

The number of usable CPUs (Windows only).

On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is CPUCount first, then CPUShares, and CPUPercent last.

cpu_percent: Option<i64>

The usable percentage of the available CPUs (Windows only).

On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is CPUCount first, then CPUShares, and CPUPercent last.

cpu_period: Option<i64>

The length of a CPU period in microseconds.

cpu_quota: Option<i64>

Microseconds of CPU time that the container can get in a CPU period.

cpu_realtime_period: Option<i64>

The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks.

cpu_realtime_runtime: Option<i64>

The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks.

cpu_shares: Option<usize>

An integer value representing this container’s relative CPU weight versus other containers.

cpuset_cpus: Option<String>

CPUs in which to allow execution (e.g., 0-3, 0,1).

cpuset_mems: Option<String>

Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.

device_cgroup_rules: Option<Vec<String, Global>>

a list of cgroup rules to apply to the container

device_requests: Option<Vec<DeviceRequest, Global>>

A list of requests for devices to be sent to device drivers.

devices: Option<Vec<DeviceMapping, Global>>

A list of devices to add to the container.

dns: Option<Vec<String, Global>>

A list of DNS servers for the container to use.

dns_options: Option<Vec<String, Global>>

A list of DNS options.

dns_search: Option<Vec<String, Global>>

A list of DNS search domains.

extra_hosts: Option<Vec<String, Global>>

A list of hostnames/IP mappings to add to the container’s /etc/hosts file. Specified in the form ["hostname:IP"].

group_add: Option<Vec<String, Global>>

A list of additional groups that the container process will run as.

io_maximum_bandwidth: Option<i64>

Maximum IO in bytes per second for the container system drive (Windows only).

io_maximum_i_ops: Option<i64>

Maximum IOps for the container system drive (Windows only)

init: Option<bool>

Run an init inside the container that forwards signals and reaps processes. This field is omitted if empty, and the default (as configured on the daemon) is used.

ipc_mode: Option<String>

IPC sharing mode for the container. Possible values are:

  • "none": own private IPC namespace, with /dev/shm not mounted
  • "private": own private IPC namespace
  • "shareable": own private IPC namespace, with a possibility to share it with other containers
  • "container:<name|id>": join another (shareable) container’s IPC namespace
  • "host": use the host system’s IPC namespace

If not specified, daemon default is used, which can either be "private" or "shareable", depending on daemon version and configuration.

isolation: Option<String>

Isolation technology of the container. (Windows only)

kernel_memory: Option<i64>

Kernel memory limit in bytes.


Deprecated: This field is deprecated as the kernel 5.4 deprecated kmem.limit_in_bytes.

kernel_memory_tcp: Option<i64>

Hard limit for kernel TCP buffer memory (in bytes).

links: Option<Vec<String, Global>>

A list of links for the container in the form container_name:alias.

log_config: Option<HostConfigLogConfigInlineItem>

The logging configuration for this container

masked_paths: Option<Vec<String, Global>>

The list of paths to be masked inside the container (this overrides the default set of paths).

memory: Option<i64>

Memory limit in bytes.

memory_reservation: Option<i64>

Memory soft limit in bytes.

memory_swap: Option<i64>

Total memory limit (memory + swap). Set as -1 to enable unlimited swap.

memory_swappiness: Option<i64>

Tune a container’s memory swappiness behavior. Accepts an integer between 0 and 100.

mounts: Option<Vec<Mount, Global>>

Specification for mounts to be added to the container.

nano_cpus: Option<i64>

CPU quota in units of 10-9 CPUs.

network_mode: Option<String>

Network mode to use for this container. Supported standard values are: bridge, host, none, and container:<name|id>. Any other value is taken as a custom network’s name to which this container should connect to.

oom_kill_disable: Option<bool>

Disable OOM Killer for the container.

oom_score_adj: Option<usize>

An integer value containing the score given to the container in order to tune OOM killer preferences.

pid_mode: Option<String>

Set the PID (Process) Namespace mode for the container. It can be either:

  • "container:<name|id>": joins another container’s PID namespace
  • "host": use the host’s PID namespace inside the container
pids_limit: Option<i64>

Tune a container’s PIDs limit. Set 0 or -1 for unlimited, or null to not change.

port_bindings: Option<HashMap<String, Vec<PortBinding, Global>, RandomState>>privileged: Option<bool>

Gives the container full access to the host.

publish_all_ports: Option<bool>

Allocates an ephemeral host port for all of a container’s exposed ports.

Ports are de-allocated when the container stops and allocated when the container starts. The allocated port might be changed when restarting the container.

The port is selected from the ephemeral port range that depends on the kernel. For example, on Linux the range is defined by /proc/sys/net/ipv4/ip_local_port_range.

readonly_paths: Option<Vec<String, Global>>

The list of paths to be set as read-only inside the container (this overrides the default set of paths).

readonly_rootfs: Option<bool>

Mount the container’s root filesystem as read only.

restart_policy: Option<RestartPolicy>runtime: Option<String>

Runtime to use with this container.

security_opt: Option<Vec<String, Global>>

A list of string values to customize labels for MLS systems, such as SELinux.

shm_size: Option<usize>

Size of /dev/shm in bytes. If omitted, the system uses 64MB.

storage_opt: Option<HashMap<String, String, RandomState>>

Storage driver options for this container, in the form {"size": "120G"}.

sysctls: Option<HashMap<String, String, RandomState>>

A list of kernel parameters (sysctls) to set in the container. For example:

{"net.ipv4.ip_forward": "1"}
tmpfs: Option<HashMap<String, String, RandomState>>

A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example:

{ "/run": "rw,noexec,nosuid,size=65536k" }
uts_mode: Option<String>

UTS namespace to use for the container.

ulimits: Option<Vec<HostConfigUlimitsInlineItem, Global>>

A list of resource limits to set in the container. For example:

{"Name": "nofile", "Soft": 1024, "Hard": 2048}
userns_mode: Option<String>

Sets the usernamespace mode for the container when usernamespace remapping option is enabled.

volume_driver: Option<String>

Driver that this container uses to mount volumes.

volumes_from: Option<Vec<String, Global>>

A list of volumes to inherit from another container, specified in the form <container name>[:<ro|rw>].

Trait Implementations

Returns a copy of the value. Read more
Performs copy-assignment from source. Read more
Formats the value using the given formatter. Read more
Deserialize this value from the given Serde deserializer. Read more
This method tests for self and other values to be equal, and is used by ==. Read more
This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason. Read more
Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

The resulting type after obtaining ownership.
Creates owned data from borrowed data, usually by cloning. Read more
Uses borrowed data to replace owned data, usually by cloning. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.
Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more