Table: docker_info - Query Docker Information using SQL
Docker is an open-source platform that automates the deployment, scaling, and management of applications inside lightweight, portable containers. It provides an additional layer of abstraction and automation of operating-system-level virtualization on Windows and Linux. Docker uses the resource isolation features of the Linux kernel to allow independent containers to run within a single Linux instance.
Table Usage Guide
The docker_info table provides insights into the Docker engine running on the host machine. As a system administrator or a DevOps engineer, you can explore details about the Docker engine through this table, including its configuration, version, and runtime information. Utilize it to uncover information about the Docker engine, such as its operating system, architecture, number of containers, and images.
Examples
Get info
Explore the comprehensive details of your Docker environment to better understand its current state and configuration. This can aid in troubleshooting, optimizing resource usage, and enhancing your overall Docker management strategy.
select *from docker_info;select *from docker_info;Control examples
- CIS v1.6.0 > 2 Docker daemon configuration > 2.13 Ensure centralized and remote logging is configured
- CIS v1.6.0 > 2 Docker daemon configuration > 2.15 Ensure live restore is enabled
- CIS v1.6.0 > 2 Docker daemon configuration > 2.17 Ensure that a daemon-wide custom seccomp profile is applied if appropriate
- CIS v1.6.0 > 2 Docker daemon configuration > 2.5 Ensure insecure registries are not used
- CIS v1.6.0 > 2 Docker daemon configuration > 2.6 Ensure aufs storage driver is not used
- CIS v1.6.0 > 2 Docker daemon configuration > 2.9 Enable user namespace support
- CIS v1.6.0 > 5 Container Runtime Configuration > 5.1 Ensure swarm mode is not Enabled, if not needed
- CIS v1.6.0 > 6 Docker Security Operations > 6.2 Ensure that container sprawl is avoided
- CIS v1.6.0 > 7 Docker Swarm Configuration > 7.1 Ensure that the minimum number of manager nodes have been created in a swarm
- CIS v1.6.0 > 7 Docker Swarm Configuration > 7.5 Ensure that swarm manager is run in auto-lock mode
- CIS v1.6.0 > 7 Docker Swarm Configuration > 7.7 Ensure that node certificates are rotated as appropriate
Schema for docker_info
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| architecture | text | Hardware architecture of the host, as returned by the Go runtime (GOARCH), e.g. amd64. | |
| bridge_nf_ip6_tables | boolean | Indicates if bridge-nf-call-ip6tables is available on the host. | |
| bridge_nf_ip_tables | boolean | Indicates if bridge-nf-call-iptables is available on the host. | |
| cgroup_driver | text | The driver to use for managing cgroups: cgroupfs, systemd, none. | |
| cgroup_version | text | The version of the cgroup: 1, 2 | |
| containerd_commit | text | Commit holds the Git-commit (SHA1) that a binary was built from, as reported in the version-string of external tools, such as containerd, or runC. | |
| containers | bigint | Total number of containers on the host. | |
| containers_paused | bigint | Number of containers with status paused. | |
| containers_running | bigint | Number of containers with status running. | |
| containers_stopped | bigint | Number of containers with status stopped. | |
| cpu_cfs_period | boolean | Indicates if CPU CFS(Completely Fair Scheduler) period is supported by the host. | |
| cpu_cfs_quota | boolean | Indicates if CPU CFS(Completely Fair Scheduler) quota is supported by the host. | |
| cpu_set | boolean | Indicates if CPUsets (cpuset.cpus, cpuset.mems) are supported by the host. | |
| cpu_shares | boolean | Indicates if CPU Shares limiting is supported by the host. | |
| debug | boolean | Indicates if the daemon is running in debug-mode / with debug-level logging enabled. | |
| default_address_pools | jsonb | List of custom default address pools for local networks, which can be specified in the daemon.json file or dockerd option. Example: a Base 10.10.0.0/16 with Size 24 will define the set of 256 10.10.[0-255].0/24 address pools. | |
| default_runtime | text | Name of the default OCI runtime that is used when starting containers. The default can be overridden per-container at create time. Default: runc. | |
| docker_root_dir | text | Root directory of persistent Docker state. Defaults to /var/lib/docker on Linux, and C:\ProgramData\docker on Windows. | |
| driver | text | Name of the storage driver in use. | |
| driver_status | jsonb | Information specific to the storage driver, provided as label / value pairs. | |
| experimental_build | boolean | Indicates if experimental features are enabled on the daemon. | |
| generic_resources | jsonb | User-defined resources can be either Integer resources (e.g, SSD=3) or String resources (e.g, GPU=UUID1). | |
| http_proxy | text | HTTP-proxy configured for the daemon. This value is obtained from the HTTP_PROXY environment variable. Credentials (user info component) in the proxy URL are masked in the API response. Containers do not automatically inherit this configuration. | |
| https_proxy | text | HTTPS-proxy configured for the daemon. This value is obtained from the HTTPS_PROXY environment variable. Credentials (user info component) in the proxy URL are masked in the API response. Containers do not automatically inherit this configuration. | |
| id | text | Unique identifier of the daemon. | |
| images | bigint | Total number of images on the host. Both tagged and untagged (dangling) images are counted. | |
| index_server_address | text | Address / URL of the index server that is used for image search, and as a default for user authentication for Docker Hub and Docker Cloud. | |
| init_binary | text | Name and, optional, path of the docker-init binary. If the path is omitted, the daemon searches the host's $PATH for the binary and uses the first result. | |
| init_commit | text | Commit holds the Git-commit (SHA1) that a binary was built from, as reported in the version-string of external tools, such as containerd, or runC. | |
| ipv4_forwarding | boolean | Indicates IPv4 forwarding is enabled. | |
| isolation | text | Represents the isolation technology to use as a default for containers. The supported values are platform-specific, e.g. default, hyperv, process. | |
| kernel_memory | boolean | Indicates if the host has kernel memory limit support enabled. | |
| kernel_version | text | Kernel version. | |
| labels | jsonb | User-defined labels (key/value metadata) as set on the daemon. | |
| live_restore_enabled | boolean | Indicates if live restore is enabled. If enabled, containers are kept running when the daemon is shutdown or upon daemon start if running containers are detected. | |
| logging_driver | text | The logging driver to use as a default for new containers. | |
| mem_total | bigint | Total amount of physical memory available on the host, in bytes. | |
| memory_limit | boolean | Indicates if the host has memory limit support enabled. | |
| n_cpu | text | The number of logical CPUs usable by the daemon. | |
| n_events_listener | text | Number of event listeners subscribed. | |
| n_fd | bigint | The total number of file Descriptors in use by the daemon process. This information is only returned if debug-mode is enabled. | |
| n_goroutines | bigint | The number of goroutines that currently exist. This information is only returned if debug-mode is enabled. | |
| name | text | Hostname of the host. | |
| no_proxy | text | Comma-separated list of domain extensions for which no proxy should be used. This value is obtained from the NO_PROXY environment variable. Containers do not automatically inherit this configuration. | |
| oom_kill_disable | boolean | Indicates if OOM killer disable is supported on the host. | |
| operating_system | text | Name of the host's operating system, for example: 'Ubuntu 16.04.2 LTS' or 'Windows Server 2016 Datacenter'. | |
| os_type | text | Generic type of the operating system of the host, as returned by the Go runtime (GOOS), e.g. linux, windows. | |
| os_version | text | Version of the host's operating system. | |
| pids_limit | boolean | Indicates if the host kernel has PID limit support enabled. | |
| plugins | jsonb | Available plugins per type. | |
| product_license | text | Reports a summary of the product license on the daemon. If a commercial license has been applied to the daemon, information such as number of nodes, and expiration are included. | |
| registry_config | jsonb | RegistryServiceConfig stores daemon registry services configuration. | |
| runc_commit | text | Commit holds the Git-commit (SHA1) that a binary was built from, as reported in the version-string of external tools, such as containerd, or runC. | |
| runtimes | jsonb | List of OCI compliant runtimes configured on the daemon. Keys hold the name used to reference the runtime. | |
| security_options | jsonb | List of security features that are enabled on the daemon, such as apparmor, seccomp, SELinux, user-namespaces (userns), and rootless. Additional configuration options for each security feature may be present, and are included as a comma-separated list of key/value pairs. | |
| server_version | text | Version string of the daemon. | |
| swap_limit | boolean | Indicates if the host has memory swap limit support enabled. | |
| swarm | jsonb | Represents generic information about swarm. | |
| system_status | jsonb | Information specific to the storage driver, provided as label / value pairs. | |
| system_time | text | Current system-time in RFC 3339 format with nano-seconds. | |
| warnings | jsonb | List of warnings / informational messages about missing features, or issues related to the daemon configuration. These messages can be printed by the client as information to the user. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- dockerYou can pass the configuration to the command with the --config argument:
steampipe_export_docker --config '<your_config>' docker_info