diff options
author | Sebastiaan van Stijn <thaJeztah@users.noreply.github.com> | 2018-05-07 15:12:52 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-07 15:12:52 +0200 |
commit | 57493cd60628ebf6e8b02725f44e1a4ef152a39e (patch) | |
tree | c167f3c1f4acaa3527884801c0b9816321fa5263 /cmd | |
parent | 5f395b35bc600edf38fb17b87a9ac1af612c83a2 (diff) | |
parent | d1d7bcd6d73516af5ae70c01bf08a0f73ad87743 (diff) | |
download | docker-57493cd60628ebf6e8b02725f44e1a4ef152a39e.tar.gz |
Merge pull request #36921 from cyli/filter-namespaced-labels
Warn when reserved-namespace engine labels are configured
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/dockerd/daemon.go | 40 |
1 files changed, 32 insertions, 8 deletions
diff --git a/cmd/dockerd/daemon.go b/cmd/dockerd/daemon.go index 994f848875..908e058e9e 100644 --- a/cmd/dockerd/daemon.go +++ b/cmd/dockerd/daemon.go @@ -284,29 +284,41 @@ func newRouterOptions(config *config.Config, daemon *daemon.Daemon) (routerOptio } func (cli *DaemonCli) reloadConfig() { - reload := func(config *config.Config) { + reload := func(c *config.Config) { // Revalidate and reload the authorization plugins - if err := validateAuthzPlugins(config.AuthorizationPlugins, cli.d.PluginStore); err != nil { + if err := validateAuthzPlugins(c.AuthorizationPlugins, cli.d.PluginStore); err != nil { logrus.Fatalf("Error validating authorization plugin: %v", err) return } - cli.authzMiddleware.SetPlugins(config.AuthorizationPlugins) + cli.authzMiddleware.SetPlugins(c.AuthorizationPlugins) + + // The namespaces com.docker.*, io.docker.*, org.dockerproject.* have been documented + // to be reserved for Docker's internal use, but this was never enforced. Allowing + // configured labels to use these namespaces are deprecated for 18.05. + // + // The following will check the usage of such labels, and report a warning for deprecation. + // + // TODO: At the next stable release, the validation should be folded into the other + // configuration validation functions and an error will be returned instead, and this + // block should be deleted. + if err := config.ValidateReservedNamespaceLabels(c.Labels); err != nil { + logrus.Warnf("Configured labels using reserved namespaces is deprecated: %s", err) + } - if err := cli.d.Reload(config); err != nil { + if err := cli.d.Reload(c); err != nil { logrus.Errorf("Error reconfiguring the daemon: %v", err) return } - if config.IsValueSet("debug") { + if c.IsValueSet("debug") { debugEnabled := debug.IsEnabled() switch { - case debugEnabled && !config.Debug: // disable debug + case debugEnabled && !c.Debug: // disable debug debug.Disable() - case config.Debug && !debugEnabled: // enable debug + case c.Debug && !debugEnabled: // enable debug debug.Enable() } - } } @@ -406,6 +418,18 @@ func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) { if err != nil { return nil, err } + // The namespaces com.docker.*, io.docker.*, org.dockerproject.* have been documented + // to be reserved for Docker's internal use, but this was never enforced. Allowing + // configured labels to use these namespaces are deprecated for 18.05. + // + // The following will check the usage of such labels, and report a warning for deprecation. + // + // TODO: At the next stable release, the validation should be folded into the other + // configuration validation functions and an error will be returned instead, and this + // block should be deleted. + if err := config.ValidateReservedNamespaceLabels(newLabels); err != nil { + logrus.Warnf("Configured labels using reserved namespaces is deprecated: %s", err) + } conf.Labels = newLabels // Regardless of whether the user sets it to true or false, if they |