Unable to get capabilities to work in Docker swarm.

[trajano]

• I have tried with the latest version of my channel (Stable or Edge)
• I have uploaded Diagnostics
• Diagnostics ID:

I am trying to test the capabilities feature specified in docker/cli#2687

docker stack deploy -c havege.yml havege

> docker service inspect havege_haveged --pretty

ID:             svh3aovntbvm8hmf3bv1l31ls
Name:           havege_haveged
Labels:
 com.docker.stack.image=hortonworks/haveged:1.1.0
 com.docker.stack.namespace=havege
Service Mode:   Replicated
 Replicas:      1
Placement:
UpdateConfig:
 Parallelism:   1
 On failure:    pause
 Monitoring Period: 5s
 Max failure ratio: 0
 Update order:      stop-first
RollbackConfig:
 Parallelism:   1
 On failure:    pause
 Monitoring Period: 5s
 Max failure ratio: 0
 Rollback order:    stop-first
ContainerSpec:
 Image:         hortonworks/haveged:1.1.0
Resources:
Networks: havege_default
Endpoint Mode:  vip


>docker service inspect havege_haveged | grep -i admin

Expected behavior

I expected to see NET_ADMIN or some sort of capability

Actual behavior

No capabilities shown.

Information

• Windows Version:
• Docker Desktop Version:
• Are you running inside a virtualized Windows e.g. on a cloud server or on a mac VM:

Steps to reproduce the behavior

1. My havege.yml file

version: "3.8"
services:
  haveged:
    image: hortonworks/haveged:1.1.0
    cap_add:
      - NET_ADMIN
    # docker run --privileged -d --restart always hortonworks/haveged:1.1.0

2. ...

Client: Docker Engine - Community
 Cloud integration: 1.0.4
 Version:           20.10.0
 API version:       1.41
 Go version:        go1.13.15
 Git commit:        7287ab3
 Built:             Tue Dec  8 18:55:31 2020
 OS/Arch:           windows/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.0
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       eeddea2
  Built:            Tue Dec  8 18:58:04 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.4.3
  GitCommit:        269548fa27e0089a8b8278fc4fc781d7f65a939b
 runc:
  Version:          1.0.0-rc92
  GitCommit:        ff819c7e9184c13b7c2607fe6c30ae19403a7aff
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

[stephen-turner]

Thanks for the report, but I think you need to file this in docker/cli not here. This project is just an upstream to us.

[trajano]

Noted

[thaJeztah]

@stephen-turner Reopening this one; looks like this is a bug in the Docker Desktop API proxy not passing through options that were added in API v1.41; see docker/cli#2893 (comment) for reproduction steps

[docker-robott]

Issues go stale after 90 days of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30 days of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

[trajano]

Is it fixed yet?

[thaJeztah]

Looks to be fixed (tested on Docker Desktop for Mac 3.2.2), using the reproduction steps from docker/cli#2893 (comment)

docker stack deploy -c- through_proxy <<'EOF'
version: "3.9"
services:
  haveged:
    image: nginx:alpine
    cap_add:
      - NET_ADMIN
EOF

Check if the capabilities were set on the service:

docker service inspect --format=pretty through_proxy_haveged | grep -1 Capabilities
 Image:		nginx:alpine@sha256:e20c21e530f914fb6a95a755924b1cbf71f039372e94ac5ddcf8c3b386a44615
Capabilities:
 Add: CAP_NET_ADMIN

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked