|
65 | 65 |
|
66 | 66 | # Authentication |
67 | 67 |
|
68 | | - Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a Base64 encoded (JSON) string with the following structure: |
| 68 | + Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as `POST /images/(name)/push`. These are sent as `X-Registry-Auth` header as a [base64url encoded](https://tools.ietf.org/html/rfc4648#section-5) (JSON) string with the following structure: |
69 | 69 |
|
70 | 70 | ``` |
71 | 71 | { |
@@ -3021,14 +3021,36 @@ definitions: |
3021 | 3021 | type: "object" |
3022 | 3022 | properties: |
3023 | 3023 | Constraints: |
3024 | | - description: "An array of constraints." |
| 3024 | + description: | |
| 3025 | + An array of constraint expressions to limit the set of nodes where |
| 3026 | + a task can be scheduled. Constraint expressions can either use a |
| 3027 | + _match_ (`==`) or _exclude_ (`!=`) rule. Multiple constraints find |
| 3028 | + nodes that satisfy every expression (AND match). Constraints can |
| 3029 | + match node or Docker Engine labels as follows: |
| 3030 | +
|
| 3031 | + node attribute | matches | example |
| 3032 | + ---------------------|--------------------------------|----------------------------------------------- |
| 3033 | + `node.id` | Node ID | `node.id==2ivku8v2gvtg4` |
| 3034 | + `node.hostname` | Node hostname | `node.hostname!=node-2` |
| 3035 | + `node.role` | Node role (`manager`/`worker`) | `node.role==manager` |
| 3036 | + `node.platform.os` | Node operating system | `node.platform.os==windows` |
| 3037 | + `node.platform.arch` | Node architecture | `node.platform.arch==x86_64` |
| 3038 | + `node.labels` | User-defined node labels | `node.labels.security==high` |
| 3039 | + `engine.labels` | Docker Engine's labels | `engine.labels.operatingsystem==ubuntu-14.04` |
| 3040 | +
|
| 3041 | + `engine.labels` apply to Docker Engine labels like operating system, |
| 3042 | + drivers, etc. Swarm administrators add `node.labels` for operational |
| 3043 | + purposes by using the [`node update endpoint`](#operation/NodeUpdate). |
| 3044 | +
|
3025 | 3045 | type: "array" |
3026 | 3046 | items: |
3027 | 3047 | type: "string" |
3028 | 3048 | example: |
3029 | 3049 | - "node.hostname!=node3.corp.example.com" |
3030 | 3050 | - "node.role!=manager" |
3031 | 3051 | - "node.labels.type==production" |
| 3052 | + - "node.platform.os==linux" |
| 3053 | + - "node.platform.arch==x86_64" |
3032 | 3054 | Preferences: |
3033 | 3055 | description: "Preferences provide a way to make the scheduler aware of factors such as topology. They are provided in order from highest to lowest precedence." |
3034 | 3056 | type: "array" |
@@ -3617,7 +3639,7 @@ definitions: |
3617 | 3639 | com.example.some-other-label: "some-other-value" |
3618 | 3640 | Data: |
3619 | 3641 | description: | |
3620 | | - Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2)) |
| 3642 | + Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5)) |
3621 | 3643 | data to store as secret. |
3622 | 3644 |
|
3623 | 3645 | This field is only used to _create_ a secret, and is not returned by |
@@ -3667,7 +3689,7 @@ definitions: |
3667 | 3689 | type: "string" |
3668 | 3690 | Data: |
3669 | 3691 | description: | |
3670 | | - Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2)) |
| 3692 | + Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-5)) |
3671 | 3693 | config data. |
3672 | 3694 | type: "string" |
3673 | 3695 | Templating: |
@@ -6749,7 +6771,7 @@ paths: |
6749 | 6771 | required: false |
6750 | 6772 | - name: "X-Registry-Auth" |
6751 | 6773 | in: "header" |
6752 | | - description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)" |
| 6774 | + description: "A base64url-encoded auth configuration. [See the authentication section for details.](#section/Authentication)" |
6753 | 6775 | type: "string" |
6754 | 6776 | - name: "platform" |
6755 | 6777 | in: "query" |
@@ -6977,7 +6999,7 @@ paths: |
6977 | 6999 | type: "string" |
6978 | 7000 | - name: "X-Registry-Auth" |
6979 | 7001 | in: "header" |
6980 | | - description: "A base64-encoded auth configuration. [See the authentication section for details.](#section/Authentication)" |
| 7002 | + description: "A base64url-encoded auth configuration. [See the authentication section for details.](#section/Authentication)" |
6981 | 7003 | type: "string" |
6982 | 7004 | required: true |
6983 | 7005 | tags: ["Image"] |
@@ -8683,7 +8705,7 @@ paths: |
8683 | 8705 | type: "string" |
8684 | 8706 | - name: "X-Registry-Auth" |
8685 | 8707 | in: "header" |
8686 | | - description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)" |
| 8708 | + description: "A base64url-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)" |
8687 | 8709 | type: "string" |
8688 | 8710 | - name: "body" |
8689 | 8711 | in: "body" |
@@ -8848,7 +8870,7 @@ paths: |
8848 | 8870 | type: "string" |
8849 | 8871 | - name: "X-Registry-Auth" |
8850 | 8872 | in: "header" |
8851 | | - description: "A base64-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)" |
| 8873 | + description: "A base64url-encoded auth configuration to use when pulling a plugin from a registry. [See the authentication section for details.](#section/Authentication)" |
8852 | 8874 | type: "string" |
8853 | 8875 | - name: "body" |
8854 | 8876 | in: "body" |
@@ -9541,7 +9563,7 @@ paths: |
9541 | 9563 | foo: "bar" |
9542 | 9564 | - name: "X-Registry-Auth" |
9543 | 9565 | in: "header" |
9544 | | - description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)" |
| 9566 | + description: "A base64url-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)" |
9545 | 9567 | type: "string" |
9546 | 9568 | tags: ["Service"] |
9547 | 9569 | /services/{id}: |
@@ -9700,7 +9722,7 @@ paths: |
9700 | 9722 | type: "string" |
9701 | 9723 | - name: "X-Registry-Auth" |
9702 | 9724 | in: "header" |
9703 | | - description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)" |
| 9725 | + description: "A base64url-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)" |
9704 | 9726 | type: "string" |
9705 | 9727 |
|
9706 | 9728 | tags: ["Service"] |
|
0 commit comments