Ultimate Docker Compose Yaml
Possible values list for Docker Compose Yaml.
# Ultimate Docker Compose YAML Reference
# This is NOT intended to be a valid file, but a comprehensive reference of all possible options
version: '3.9' # Obsolete. Docker Compose now uses the latest specification by default
name: my-project # Project name for resources grouping and isolation
include: # Include other compose files
- path: ./common-services.yml
project_directory: ./common
- path: ./logging.yml
env_file: ./.env.logging
services:
service-name: # Define a service (container configuration)
# Base configuration
image: nginx:latest | ubuntu:20.04 | postgres:15 # Use existing image
container_name: custom-container-name # Custom name instead of auto-generated
pull_policy: always | if_not_present | never # When to pull the image
# Build configuration (alternative to image)
build: . | ./dir |
context: . | ./dir # Build context path
dockerfile: Dockerfile | Dockerfile.dev # Path to Dockerfile
args: # Build arguments
buildno: 1
debug: 0
GITHUB_TOKEN: ${GITHUB_TOKEN} # Environment variable interpolation
cache_from: # Images to consider as cache sources
- alpine:latest
- myapp:latest
target: prod | staging # Build specific stage from Dockerfile
network: host | bridge # Network to use during build
labels: # Labels to apply to the built image
com.example.description: "My service"
shm_size: 2gb | 512m # Size of /dev/shm
secrets: # Secrets available during build
- server-certificate
# Execution configuration
command: npm start | ["npm", "start"] # Command to execute
entrypoint: /docker-entrypoint.sh | ["sh", "-c", "echo $HOME"] # Override container entrypoint
working_dir: /app | /usr/src/app # Working directory inside container
user: node | 1000:1000 # User or UID:GID to run as
group_add: [audio, video] # Additional groups to join
# Environment configuration
environment: # Environment variables
- NODE_ENV=development
- DEBUG=1
- PASSWORD=${DB_PASSWORD} # Use host environment variables
env_file: .env | [.env, .env.dev] | # Load environment from file(s)
- path: ./default.env
required: true | false
format: raw
# Network configuration
ports: # Expose ports (HOST:CONTAINER format)
- "3000" # Only container port (random host port)
- "8080:80" # Host:container
- "127.0.0.1:8080:80" # IP:host:container
- target: 80 # Long syntax with additional options
published: 8080
protocol: tcp | udp | sctp
mode: host | ingress
expose: ["3000", "8080"] # Expose ports only to linked services
networks: # Connect to networks
frontend: # Named network with options
aliases: [app, web-service]
ipv4_address: 172.16.238.10
ipv6_address: 2001:3984:3989::10
backend: # Just the network name
network_mode: bridge | host | none | service:another-service | container:some-container
extra_hosts: # Add hostname mappings
- "host.docker.internal:host-gateway"
- "somehost:162.242.195.82"
# Dependency configuration
depends_on: # Service dependencies
db: # Simple dependency
redis: # Enhanced dependency (v2 and above)
condition: service_started | service_healthy | service_completed_successfully
restart: true | false
cache:
condition: service_healthy
links: # Legacy way to connect services (use networks instead)
- db
- db:database # Link with alias
extends: # Extend another service
file: common.yml
service: webapp
# Storage configuration
volumes: # Mount volumes
- /var/lib/mysql # Anonymous volume
- data-volume:/var/lib/mysql # Named volume
- ./cache:/tmp/cache # Bind mount (relative path)
- $HOME/.npmrc:/app/.npmrc:ro # Dynamic host path with read-only flag
- type: volume | bind | tmpfs # Long syntax
source: mydata | ./static
target: /data
read_only: true | false
volume:
nocopy: true
bind:
propagation: shared | slave | private
tmpfs:
size: 10000000
tmpfs: /tmp | [/run, /tmp] # Mount tmpfs
volumes_from: [service_name, container_name] # Mount volumes from other containers
# Health check configuration
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"] | curl -f http://localhost || exit 1
interval: 30s | 1m
timeout: 10s
retries: 3
start_period: 40s
start_interval: 5s
disable: true | false
# Resource constraints
deploy: # Swarm/Compose V2 resource constraints
mode: replicated | global # Deployment mode
replicas: 2 # Number of replicas
resources:
limits:
cpus: '0.50'
memory: 512M
reservations:
cpus: '0.25'
memory: 256M
restart_policy:
condition: none | on-failure | any
delay: 5s
max_attempts: 3
window: 120s
update_config:
parallelism: 2 # Number of containers to update at a time
delay: 10s # Time between updates
failure_action: continue | rollback # Action on update failure
monitor: 60s # Time to monitor for failure after update
max_failure_ratio: 0.3 # Failure ratio that will trigger rollback
order: start-first | stop-first # Update order
rollback_config:
parallelism: 1
delay: 5s
failure_action: pause | continue
labels:
com.example.description: "Deployment labels"
restart: no | always | on-failure | unless-stopped # Restart policy
cpu_count: 2 # Number of CPUs
cpu_percent: 50 # CPU percent
cpu_shares: 512 # CPU shares (relative weight)
cpu_period: 100000 # CPU CFS period
cpu_quota: 50000 # CPU CFS quota
cpus: 0.5 # CPUs (simplified)
mem_limit: 500m | 1G # Memory limit
mem_reservation: 250m # Memory reservation
memswap_limit: 1G # Total memory + swap
pids_limit: 100 # Container process limit
oom_kill_disable: true | false # Disable OOM Killer
oom_score_adj: 500 # OOM score adjustment
# Security configuration
cap_add: [ALL, NET_ADMIN, SYS_ADMIN] # Add Linux capabilities
cap_drop: [NET_ADMIN, SYS_ADMIN] # Drop Linux capabilities
privileged: true | false # Give extended privileges
read_only: true | false # Mount root filesystem as read only
security_opt: # Security options
- label=level:s0:c100,c200
- no-new-privileges:true
# Additional configuration
dns: [8.8.8.8, 9.9.9.9] # Custom DNS servers
dns_search: [example.com, dc1.example.com] # DNS search domains
dns_opt: # DNS options
- use-vc
- no-tld-query
domainname: example.com # Container domain name
hostname: myservice # Container hostname
ipc: host | service:web # IPC namespace
isolation: default | process | hyperv # Container isolation technology
logging: # Logging configuration
driver: json-file | syslog | journald | fluentd | awslogs | splunk
options:
max-size: 10m
max-file: '3'
tag: "{{.ImageName}}/{{.Name}}"
pid: host | service:web # PID namespace
platform: linux/amd64 | windows/amd64 | linux/arm64 # OS platform
profiles: [dev, prod, test] # Profiles for selective service deployment
secrets: # Service secrets
- source: my_secret
target: /etc/secrets/my_secret
uid: '103'
gid: '103'
mode: 0440
- my_other_secret # Short syntax
configs: # Service configs
- source: my_config
target: /etc/configs/my_config
uid: '103'
gid: '103'
mode: 0440
- my_other_config # Short syntax
sysctls: # Kernel parameters
net.core.somaxconn: 1024
net.ipv4.tcp_syncookies: 0
ulimits: # Resource limits
nproc: 65535
nofile:
soft: 20000
hard: 40000
init: true | false # Run init inside container
stop_grace_period: 10s | 1m # Time to wait before killing container
stop_signal: SIGINT | SIGTERM # Signal to stop container
devices: # Expose devices to container
- "/dev/ttyUSB0:/dev/ttyUSB0"
- "/dev/sda:/dev/xvda:rwm"
# Less common options
cgroup_parent: m-executor-abcd # Parent cgroup
credential_spec: # Windows credential specs
file: config.json
registry: credentialspec:group:contoso_web
external_links: # Link to containers started outside Compose
- redis_1
- project_db_1:mysql
mac_address: 02:42:ac:11:65:43 # Container MAC address
runtime: runc | nvidia # Container runtime
scale: 3 # Default number of containers
shm_size: 64M | 2g # Size of /dev/shm
stdin_open: true | false # Keep STDIN open
tty: true | false # Allocate a pseudo-TTY
userns_mode: host # User namespace mode
# Labels for container
labels:
com.example.description: "Web application"
com.example.environment: "production"
networks:
network-name: # Define a network
driver: bridge | overlay | host | none # Network driver
driver_opts: # Driver-specific options
com.docker.network.bridge.name: docker1
com.docker.network.driver.mtu: 1500
ipam: # IP Address Management
driver: default | dhcp
config:
- subnet: 172.28.0.0/16
ip_range: 172.28.5.0/24
gateway: 172.28.5.254
external: true | false # Use pre-existing network
name: existing-network-name # Custom name for external network
internal: true | false # Restrict external access
attachable: true | false # Enable standalone containers to attach
enable_ipv6: true | false # Enable IPv6
labels: # Network metadata
com.example.description: "App network"
volumes:
volume-name: # Define a volume
driver: local | nfs | cifs | azure_file # Volume driver
driver_opts: # Driver-specific options
type: nfs
o: addr=10.40.0.199,rw
device: ":/docker/example"
external: true | false # Use pre-existing volume
name: existing-volume-name # Custom name for external volume
labels: # Volume metadata
com.example.description: "Database data"
configs:
config-name: # Define a config
file: ./configs/app.conf # Path to file
external: true | false # Use pre-existing config
name: existing-config-name # Custom name for external config
secrets:
secret-name: # Define a secret
file: ./secrets/api_key.txt # Path to file
external: true | false # Use pre-existing secret
name: existing-secret-name # Custom name for external secret
environment: SECRET_ENV_VAR # Use value from environment variable