summaryrefslogtreecommitdiff
path: root/docs/source
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2021-10-18 11:54:44 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2021-10-19 08:31:35 -0400
commit517b56b02dbcdd76ef42919a22cd335364246eb6 (patch)
tree36cf5968b1495614d97a46dcf793469501459ccf /docs/source
parente0ffc431fe7f016124fdcb36819698a90fe448a9 (diff)
downloadpodman-517b56b02dbcdd76ef42919a22cd335364246eb6.tar.gz
podman-517b56b02dbcdd76ef42919a22cd335364246eb6.tar.bz2
podman-517b56b02dbcdd76ef42919a22cd335364246eb6.zip
Generate Kube should not print default structs
If podman uses Workdir="/" or the workdir specified in the image, it should not add it to the yaml. If Podman find environment variables in the image, they should not get added to the yaml. If the container or pod do not have changes to SELinux we should not print seLinuxOpt{} If the container or pod do not change any dns options the yaml should not have a dnsOption={} If the container is not privileged it should not have privileged=false in the yaml. Fixes: https://github.com/containers/podman/issues/11995 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'docs/source')
-rw-r--r--docs/source/markdown/podman-generate-kube.1.md56
1 files changed, 5 insertions, 51 deletions
diff --git a/docs/source/markdown/podman-generate-kube.1.md b/docs/source/markdown/podman-generate-kube.1.md
index 9ae3941ec..a583afcf9 100644
--- a/docs/source/markdown/podman-generate-kube.1.md
+++ b/docs/source/markdown/podman-generate-kube.1.md
@@ -54,13 +54,7 @@ spec:
- docker-entrypoint.sh
- mysqld
env:
- - name: PATH
- value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- - name: TERM
- value: xterm
- name: HOSTNAME
- - name: container
- value: podman
- name: GOSU_VERSION
value: "1.10"
- name: GPG_KEYS
@@ -77,14 +71,14 @@ spec:
ports:
- containerPort: 3306
hostPort: 36533
- protocol: TCP
resources: {}
securityContext:
- allowPrivilegeEscalation: true
- privileged: false
- readOnlyRootFilesystem: false
+ capabilities:
+ drop:
+ - CAP_MKNOD
+ - CAP_NET_RAW
+ - CAP_AUDIT_WRITE
tty: true
- workingDir: /
status: {}
```
@@ -106,31 +100,18 @@ spec:
containers:
- command:
- /bin/sh
- env:
- - name: PATH
- value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- - name: TERM
- value: xterm
- - name: container
- value: podman
image: docker.io/library/alpine:latest
name: test-bind-mount
resources: {}
securityContext:
- allowPrivilegeEscalation: true
capabilities:
drop:
- CAP_MKNOD
- CAP_NET_RAW
- CAP_AUDIT_WRITE
- privileged: false
- readOnlyRootFilesystem: false
- seLinuxOptions: {}
volumeMounts:
- mountPath: /volume
name: home-user-my-data-host
- workingDir: /
- dnsConfig: {}
restartPolicy: Never
volumes:
- hostPath:
@@ -158,31 +139,18 @@ spec:
containers:
- command:
- /bin/sh
- env:
- - name: PATH
- value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- - name: TERM
- value: xterm
- - name: container
- value: podman
image: docker.io/library/alpine:latest
name: test-bind-mount
resources: {}
securityContext:
- allowPrivilegeEscalation: true
capabilities:
drop:
- CAP_MKNOD
- CAP_NET_RAW
- CAP_AUDIT_WRITE
- privileged: false
- readOnlyRootFilesystem: false
- seLinuxOptions: {}
volumeMounts:
- mountPath: /volume
name: priceless-data-pvc
- workingDir: /
- dnsConfig: {}
restartPolicy: Never
volumes:
- name: priceless-data-pvc
@@ -210,22 +178,9 @@ spec:
- command:
- python3
- /root/code/graph.py
- env:
- - name: PATH
- value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- - name: TERM
- value: xterm
- - name: HOSTNAME
- - name: container
- value: podman
image: quay.io/baude/demoweb:latest
name: practicalarchimedes
resources: {}
- securityContext:
- allowPrivilegeEscalation: true
- capabilities: {}
- privileged: false
- readOnlyRootFilesystem: false
tty: true
workingDir: /root/code
status: {}
@@ -242,7 +197,6 @@ spec:
- name: "8050"
nodePort: 31269
port: 8050
- protocol: TCP
targetPort: 0
selector:
app: demoweb