moby: "docker service create" in swarm mode does not pass labels to the tasks/containers created

Output of docker version:

Client:
 Version:      1.12.0-rc2
 API version:  1.24
 Go version:   go1.6.2
 Git commit:   906eacd
 Built:        Fri Jun 17 20:45:29 2016
 OS/Arch:      darwin/amd64

Server:
 Version:      1.12.0-rc2
 API version:  1.24
 Go version:   go1.6.2
 Git commit:   906eacd
 Built:        Fri Jun 17 21:09:07 2016
 OS/Arch:      linux/amd64

Output of docker info:

Client:
 Version:      1.12.0-rc2
 API version:  1.24
 Go version:   go1.6.2
 Git commit:   906eacd
 Built:        Fri Jun 17 20:45:29 2016
 OS/Arch:      darwin/amd64

Server:
 Version:      1.12.0-rc2
 API version:  1.24
 Go version:   go1.6.2
 Git commit:   906eacd
 Built:        Fri Jun 17 21:09:07 2016
 OS/Arch:      linux/amd64
Selvis-MBP:cx selvikadirvel$ newdocker info
Containers: 6
 Running: 5
 Paused: 0
 Stopped: 1
Images: 2
Server Version: 1.12.0-rc2
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 21
 Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host null overlay
Swarm: active
 NodeID: bhdvickrzvbaw0ixvyszuzyuf
 IsManager: Yes
 Managers: 1
 Nodes: 2
 CACertHash: sha256:f06eaf86ee7c4c6d60e2e6d63857fb4256ad83a4abe4d0c996bc5c01f77ffe3d
Runtimes: default
Default Runtime: default
Security Options: apparmor seccomp
Kernel Version: 4.2.0-27-generic
Operating System: Ubuntu 14.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 4.03 GiB
Name: dev
ID: ICLK:ZYTD:5WGY:PFZL:V7CE:HCWU:EAXO:ASTM:G2DD:PHFZ:3EU5:TLNZ
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Username: cxselvi
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Labels:
 provider=generic
Insecure Registries:
 127.0.0.0/8

Additional environment details (AWS, VirtualBox, physical, etc.): Swarm manager and worker are Ubuntu 14.04 VMs running on VMware Fusion.

Steps to reproduce the issue:

On the manager node: docker swarm init --listen-addr [manager_ip]:2378
On the worker node: docker swarm join [manager_ip]:2378
Starting a service with a label: docker service create --replicas 2 --name hello --label mylabel=“finance” alpine ping docker.com
Check that the service is started

docker service ls
ID            NAME         REPLICAS  IMAGE   COMMAND
d60kak259u9q  hello        2/2       alpine  ping docker.com

Find the container IDs of the tasks:

One is scheduled on the manager:

docker ps
CONTAINER ID        IMAGE                    COMMAND                  CREATED              STATUS              PORTS               NAMES
19e981e05375        alpine:latest            "ping docker.com"        About a minute ago   Up About a minute                       hello.2.6yk92jojcwikkijfa9hazj1xo

The other is scheduled on the worker:

$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
d3611b47acbc        alpine:latest       "ping docker.com"   2 minutes ago       Up 2 minutes                            hello.1.9tb2yj57o1pate7titmir0hmz

Describe the results you received: The containers don’t have the expected labels:

$ docker inspect d3611b47acbc | grep finance
$

It only has these labels:

            "Labels": {                                                                                            
                "com.docker.swarm.node.id": "66uimldckdxsro9ygd2qu0s4w",                                           
                "com.docker.swarm.service.id": "d60kak259u9qi0v1ih2pksamn",                                        
                "com.docker.swarm.service.name": "hello",                                                          
                "com.docker.swarm.task": "",                                                                       
                "com.docker.swarm.task.id": "9tb2yj57o1pate7titmir0hmz",                                           
                "com.docker.swarm.task.name": "hello.1"                                                            
            }

Describe the results you expected: I expected to see

            "Labels": {                                                                                            
                "mylabel": "finance"                                                                               
            },

Additional information you deem important (e.g. issue happens only occasionally):

About this issue

Original URL
State: closed
Created 8 years ago
Comments: 22 (16 by maintainers)

Most upvoted comments

As @llitfkitfk said, one of the use-case would be what Træfɪk does right now (before actually supporting swarm mode services). Træfɪk listens for containers event and, to make it work with swarm mode we’ll need to have services events (but it’s another issue though) — and in the end Træfɪk aims to support both mode (with and without swarm mode).

Before having and supporting that, having the possibility to get service labels copied to containers would ease the migration between actual docker/swarm to docker swarm mode in 1.12 and later.

I feel this would not only benefit Træfɪk but a lot of the current ecosystem, to be able to use current ecosystem tooling with swarm mode without them supporting it “natively” right now (it’s gonna take time for ecosystem tooling to support the new api from swarm mode).

/cc @emilevauge

vdemeester on Jul 14, 2016

As of 1.12.0-rc5 it’s now possible to set labels to container (using --container-labels).

As @stevvooe said, “We don’t propagate service labels to containers so that one can put sensitive labels on the service and trust those separately from the container labels.”

So I think this issue can be closed now.

vdemeester on Jul 28, 2016

I think the important bit is that we don’t have service create and service update events; those events would be needed for software like traefik to act on (for auto-configuration)

thaJeztah on Jul 20, 2016

Adding this as another P1/UX issue to discuss for 1.12

cpuguy83 on Jun 29, 2016