A list of volume bindings for this container. Each volume binding is a string in one of these forms: - host-src:container-dest[:options] to bind-mount a host path into the container. Both host-src, and container-dest must be an absolute path. - volume-name:container-dest[:options] to bind-mount a volume managed by a volume driver into the container. container-dest must be an absolute path. options is an optional, comma-delimited list of: - nocopy disables automatic copying of data from the container path to the volume. The nocopy flag only applies to named volumes. - [ro|rw] mounts a volume read-only or read-write, respectively. If omitted or set to rw, volumes are mounted read-write. - [z|Z] applies SELinux labels to allow or deny multiple containers to read and write to the same volume. - z: a shared content label is applied to the content. This label indicates that multiple containers can share the volume content, for both reading and writing. - Z: a private unshared label is applied to the content. This label indicates that only the current container can use a private volume. Labeling systems such as SELinux require proper labels to be placed on volume content that is mounted into a container. Without a label, the security system can prevent a container's processes from using the content. By default, the labels set by the host operating system are not modified. - [[r]shared|[r]slave|[r]private] specifies mount propagation behavior. This only applies to bind-mounted volumes, not internal volumes or named volumes. Mount propagation requires the source mount point (the location where the source directory is mounted in the host operating system) to have the correct propagation properties. For shared volumes, the source mount point must be set to shared. For slave volumes, the mount must be set to either shared or slave.
cgroup namespace mode for the container. Possible values are: - \"private\": the container runs in its own private cgroup namespace - \"host\": use the host system's cgroup namespace If not specified, the daemon default is used, which can either be \"private\" or \"host\", depending on daemon version, kernel support and configuration.
Path to cgroups under which the container's cgroup is created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups are created if they do not already exist.
The number of usable CPUs (Windows only). On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is CPUCount first, then CPUShares, and CPUPercent last.
The usable percentage of the available CPUs (Windows only). On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is CPUCount first, then CPUShares, and CPUPercent last.
Run an init inside the container that forwards signals and reaps processes. This field is omitted if empty, and the default (as configured on the daemon) is used.
IPC sharing mode for the container. Possible values are: - \"none\": own private IPC namespace, with /dev/shm not mounted - \"private\": own private IPC namespace - \"shareable\": own private IPC namespace, with a possibility to share it with other containers - \"container:<name|id>\": join another (shareable) container's IPC namespace - \"host\": use the host system's IPC namespace If not specified, daemon default is used, which can either be \"private\" or \"shareable\", depending on daemon version and configuration.
Hard limit for kernel TCP buffer memory (in bytes). Depending on the OCI runtime in use, this option may be ignored. It is no longer supported by the default (runc) runtime. This field is omitted when empty.
Please note: This property should have been non-nullable! Since the specification file
does not include a default value (using the "default:" property), however, the generated
source code must fall back to having a nullable type.
Consider adding a "default:" property in the specification file to hide this note.
Network mode to use for this container. Supported standard values are: bridge, host, none, and container:<name|id>. Any other value is taken as a custom network's name to which this container should connect to.
Set the PID (Process) Namespace mode for the container. It can be either: - \"container:<name|id>\": joins another container's PID namespace - \"host\": use the host's PID namespace inside the container
PortMap describes the mapping of container ports to host ports, using the container's port-number and protocol as key in the format <port>/<protocol>, for example, 80/udp. If a container's port is mapped for multiple protocols, separate entries are added to the mapping table.
Allocates an ephemeral host port for all of a container's exposed ports. Ports are de-allocated when the container stops and allocated when the container starts. The allocated port might be changed when restarting the container. The port is selected from the ephemeral port range that depends on the kernel. For example, on Linux the range is defined by /proc/sys/net/ipv4/ip_local_port_range.
Please note: This property should have been non-nullable! Since the specification file
does not include a default value (using the "default:" property), however, the generated
source code must fall back to having a nullable type.
Consider adding a "default:" property in the specification file to hide this note.
A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options. For example: { \"/run\": \"rw,noexec,nosuid,size=65536k\" }
