containers_create

Mixin to provide Container create() method.

class CreateMixin

Bases: object

Class providing create method for ContainersManager.

create(image: Image | str, command: str | List[str] | None = None, **kwargs) → Container

Create a container.

Parameters:

• image – Image to run.

• command – Command to run in the container.

Keyword Arguments:

• auto_remove (bool) – Enable auto-removal of the container on daemon side when the container’s process exits.

• blkio_weight_device (Dict[str, Any]) – Block IO weight (relative device weight) in the form of: [{“Path”: “device_path”, “Weight”: weight}].

• blkio_weight (int) – Block IO weight (relative weight), accepts a weight value between 10 and 1000.

• cap_add (List[str]) – Add kernel capabilities. For example: [“SYS_ADMIN”, “MKNOD”]

• cap_drop (List[str]) – Drop kernel capabilities.

• cgroup_parent (str) – Override the default parent cgroup.

• cpu_count (int) – Number of usable CPUs (Windows only).

• cpu_percent (int) – Usable percentage of the available CPUs (Windows only).

• cpu_period (int) – The length of a CPU period in microseconds.

• cpu_quota (int) – Microseconds of CPU time that the container can get in a CPU period.

• cpu_rt_period (int) – Limit CPU real-time period in microseconds.

• cpu_rt_runtime (int) – Limit CPU real-time runtime in microseconds.

• cpu_shares (int) – CPU shares (relative weight).

• cpuset_cpus (str) – CPUs in which to allow execution (0-3, 0,1).

• cpuset_mems (str) – Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.

• detach (bool) – Run container in the background and return a Container object.

• device_cgroup_rules (List[str]) – A list of cgroup rules to apply to the container.

• device_read_bps – Limit read rate (bytes per second) from a device in the form of: [{“Path”: “device_path”, “Rate”: rate}]

• device_read_iops – Limit read rate (IO per second) from a device.

• device_write_bps – Limit write rate (bytes per second) from a device.

• device_write_iops – Limit write rate (IO per second) from a device.

• devices (List[str]) –

  Expose host devices to the container, as a List[str] in the form <path_on_host>:<path_in_container>:<cgroup_permissions>.

  For example:

  /dev/sda:/dev/xvda:rwm allows the container to have read-write access to the host’s /dev/sda via a node named /dev/xvda inside the container.

• dns (List[str]) – Set custom DNS servers.

• dns_opt (List[str]) – Additional options to be added to the container’s resolv.conf file.

• dns_search (List[str]) – DNS search domains.

• domainname (Union[str, List[str]]) – Set custom DNS search domains.

• entrypoint (Union[str, List[str]]) – The entrypoint for the container.

• environment (Union[Dict[str, str], List[str]) – Environment variables to set inside the container, as a dictionary or a List[str] in the format [“SOMEVARIABLE=xxx”, “SOMEOTHERVARIABLE=xyz”].

• extra_hosts (Dict[str, str]) – Additional hostnames to resolve inside the container, as a mapping of hostname to IP address.

• group_add (List[str]) – List of additional group names and/or IDs that the container process will run as.

• healthcheck (Dict[str,Any]) – Specify a test to perform to check that the container is healthy.

• health_check_on_failure_action (int) – Specify an action if a healthcheck fails.

• hostname (str) – Optional hostname for the container.

• init (bool) – Run an init inside the container that forwards signals and reaps processes

• init_path (str) – Path to the docker-init binary

• ipc_mode (str) – Set the IPC mode for the container.

• isolation (str) – Isolation technology to use. Default: None.

• kernel_memory (int or str) – Kernel memory limit

• labels (Union[Dict[str, str], List[str]) – A dictionary of name-value labels (e.g. {“label1”: “value1”, “label2”: “value2”}) or a list of names of labels to set with empty values (e.g. [“label1”, “label2”])

• links (Optional[Dict[str, str]]) – Mapping of links using the {‘container’: ‘alias’} format. The alias is optional. Containers declared in this dict will be linked to the new container using the provided alias. Default: None.

• log_config (LogConfig) – Logging configuration.

• lxc_config (Dict[str, str]) – LXC config.

• mac_address (str) – MAC address to assign to the container.

• mem_limit (Union[int, str]) – Memory limit. Accepts float values (which represent the memory limit of the created container in bytes) or a string with a units identification char (100000b, 1000k, 128m, 1g). If a string is specified without a units character, bytes are assumed as an intended unit.

• mem_reservation (Union[int, str]) – Memory soft limit.

• mem_swappiness (int) – Tune a container’s memory swappiness behavior. Accepts number between 0 and 100.

• memswap_limit (Union[int, str]) – Maximum amount of memory + swap a container is allowed to consume.

• mounts (List[Mount]) –

  Specification for mounts to be added to the container. More powerful alternative to volumes. Each item in the list is expected to be a Mount object. For example:

  [

  {

  “type”: “bind”,

  ”source”: “/a/b/c1”,

  ”target” “/d1”,

  ”read_only”: True,

  ”relabel”: “Z”

  },

  {

  “type”: “tmpfs”,

  # If this was not passed, the regular directory

  # would be created rather than tmpfs mount !!!

  # as this will cause to have invalid entry

  # in /proc/self/mountinfo

  ”source”: “tmpfs”,

  ”target” “/d2”,

  ”size”: “100k”,

  ”chown”: True

  }

  ]

• name (str) – The name for this container.

• nano_cpus (int) – CPU quota in units of 1e-9 CPUs.

• networks (Dict[str, Dict[str, Union[str, List[str]]) –

  Networks which will be connected to container during container creation Values of the network configuration can be :

  • string

  • list of strings (e.g. Aliases)

• network_disabled (bool) – Disable networking.

• network_mode (str) –

  One of:

  • bridge: Create a new network stack for the container on the bridge network.

  • none: No networking for this container.

  • container:<name|id>: Reuse another container’s network stack.

  • host: Use the host network stack.

  • ns:<path>: User defined netns path.

  Incompatible with network.

• oom_kill_disable (bool) – Whether to disable OOM killer.

• oom_score_adj (int) – An integer value containing the score given to the container in order to tune OOM killer preferences.

• pid_mode (str) – If set to host, use the host PID namespace inside the container.

• pids_limit (int) – Tune a container’s pids limit. Set -1 for unlimited.

• platform (str) – Platform in the format os[/arch[/variant]]. Only used if the method needs to pull the requested image.

• ports (Dict[str, Union[int, Tuple[str, int], List[int], Dict[str, Union[int, Tuple[str, int], List[int]]]]]) –

  Ports to bind inside the container.

  The keys of the dictionary are the ports to bind inside the container, either as an integer or a string in the form port/protocol, where the protocol is either tcp, udp, or sctp.

  The values of the dictionary are the corresponding ports to open on the host, which can be either:

  • The port number, as an integer.

    For example: {‘2222/tcp’: 3333} will expose port 2222 inside the container as port 3333 on the host.

  • None, to assign a random host port.

    For example: {‘2222/tcp’: None}.

  • A tuple of (address, port) if you want to specify the host interface.

    For example: {‘1111/tcp’: (‘127.0.0.1’, 1111)}.

  • A list of integers or tuples of (address, port), if you want to bind multiple host ports to a single container port.

    For example: {‘1111/tcp’: [1234, (“127.0.0.1”, 4567)]}.

    For example: {‘9090’: 7878, ‘10932/tcp’: ‘8781’,

    ”8989/tcp”: (“127.0.0.1”, 9091)}

  • A dictionary of the options mentioned above except for random host port.

    The dictionary has additional option “range”,

    which allows binding range of ports.

    For example:

    • {‘2222/tcp’: {“port”: 3333, “range”: 4}}

    • {‘1111/tcp’: {“port”: (‘127.0.0.1’, 1111), “range”: 4}}

    • {‘1111/tcp’: [

      {“port”: 1234, “range”: 4},

      {“ip”: “127.0.0.1”, “port”: 4567}

      ]

    }

• privileged (bool) – Give extended privileges to this container.

• publish_all_ports (bool) – Publish all ports to the host.

• read_only (bool) – Mount the container’s root filesystem as read only.

• read_write_tmpfs (bool) – Mount temporary file systems as read write, in case of read_only options set to True. Default: False

• remove (bool) – Remove the container when it has finished running. Default: False.

• restart_policy (Dict[str, Union[str, int]]) –

  Restart the container when it exits. Configured as a dictionary with keys:

  • Name: One of on-failure, or always.

  • MaximumRetryCount: Number of times to restart the container on failure.

  For example: {“Name”: “on-failure”, “MaximumRetryCount”: 5}

• runtime (str) – Runtime to use with this container.

• secrets (List[Union[str, Secret, Dict[str, Union[str, int]]]]) –

  Secrets to mount to this container.

  For example:

  • As list of strings, each string representing a secret’s ID or name:

    [‘my_secret’, ‘my_secret2’]

  • As list of Secret objects the corresponding IDs are read from:

    [Secret, Secret]

  • As list of dictionaries:

    [

    {

    “source”: “my_secret”, # A string representing the ID or name of

    # a secret

    ”target”: “/my_secret”, # An optional target to mount source to,

    # falls back to /run/secrets/source

    ”uid”: 1000, # An optional UID that falls back to 0

    # if not given

    ”gid”: 1000, # An optional GID that falls back to 0

    # if not given

    ”mode”: 0o400, # An optional mode to apply to the target,

    # use an 0o prefix for octal integers

    },

    ]

• secret_env (Dict[str, str]) –

  Secrets to add as environment variables available in the container.

  For example: {“VARIABLE1”: “NameOfSecret”, “VARIABLE2”: “NameOfAnotherSecret”}

• security_opt (List[str]) – A List[str]ing values to customize labels for MLS systems, such as SELinux.

• shm_size (Union[str, int]) – Size of /dev/shm (e.g. 1G).

• stdin_open (bool) – Keep STDIN open even if not attached.

• stdout (bool) – Return logs from STDOUT when detach=False. Default: True.

• stderr (bool) – Return logs from STDERR when detach=False. Default: False.

• stop_signal (str) – The stop signal to use to stop the container (e.g. SIGINT).

• storage_opt (Dict[str, str]) – Storage driver options per container as a key-value mapping.

• stream (bool) – If true and detach is false, return a log generator instead of a string. Ignored if detach is true. Default: False.

• sysctls (Dict[str, str]) – Kernel parameters to set in the container.

• tmpfs (Dict[str, str]) –

  Temporary filesystems to mount, as a dictionary mapping a path inside the container to options for that path.

  For example: {‘/mnt/vol2’: ‘’, ‘/mnt/vol1’: ‘size=3G,uid=1000’}

• tty (bool) – Allocate a pseudo-TTY.

• ulimits (List[Ulimit]) – Ulimits to set inside the container.

• use_config_proxy (bool) – If True, and if the docker client configuration file (~/.config/containers/config.json by default) contains a proxy configuration, the corresponding environment variables will be set in the container being built.

• user (Union[str, int]) – Username or UID to run commands as inside the container.

• userns_mode (str) – Sets the user namespace mode for the container when user namespace remapping option is enabled. Supported values documented here

• uts_mode (str) – Sets the UTS namespace mode for the container. These are the supported values.

• version (str) – The version of the API to use. Set to auto to automatically detect the server’s version. Default: 3.0.0

• volume_driver (str) – The name of a volume driver/plugin.

• volumes (Dict[str, Dict[str, Union[str, list]]]) –

  A dictionary to configure volumes mounted inside the container. The key is either the host path or a volume name, and the value is a dictionary with the keys:

  • bind: The path to mount the volume inside the container

  • mode: Either rw to mount the volume read/write, or ro to mount it read-only.

    Kept for docker-py compatibility

  • extended_mode: List of options passed to volume mount.

  For example:

  {

  ‘test_bind_1’:

  {‘bind’: ‘/mnt/vol1’, ‘mode’: ‘rw’},

  ’test_bind_2’:

  {‘bind’: ‘/mnt/vol2’, ‘extended_mode’: [‘ro’, ‘noexec’]},

  ’test_bind_3’:

  {‘bind’: ‘/mnt/vol3’, ‘extended_mode’: [‘noexec’], ‘mode’: ‘rw’}

  }

• volumes_from (List[str]) – List of container names or IDs to get volumes from.

• working_dir (str) – Path to the working directory.

• workdir (str) – Alias of working_dir - Path to the working directory.

Returns:

A Container object.

Raises:

• ImageNotFound – when Image not found by Podman service

• APIError – when Podman service reports an error