Use a custom Docker host
If you are interfacing with Docker via TCP, set DOCKER_HOST
to the correct URL.
DOCKER_HOST=tcp://docker_socket_proxy:2375
If you do this as you seek to restrict access to the Docker socket, this tool is potentially calling the following Docker APIs:
API | When |
---|---|
Info | always |
ContainerExecCreate | running commands from exec-labels |
ContainerExecAttach | running commands from exec-labels |
ContainerExecInspect | running commands from exec-labels |
ContainerList | always |
ServiceList | Docker engine is running in Swarm mode |
ServiceInspect | Docker engine is running in Swarm mode |
ServiceUpdate | Docker engine is running in Swarm mode and stop-during-backup is used |
ConatinerStop | stop-during-backup labels are applied to containers |
ContainerStart | stop-during-backup labels are applied to container |
In case you are using docker-socket-proxy
, this means following permissions are required:
Permission | When |
---|---|
INFO | always required |
CONTAINERS | always required |
POST | required when using stop-during-backup or exec labels |
EXEC | required when using exec -labeled commands |
SERVICES | required when Docker Engine is running in Swarm mode |
NODES | required when labeling services stop-during-backup |
TASKS | required when labeling services stop-during-backup |