diff options
Diffstat (limited to 'docs/source/markdown/podman-build.1.md')
| -rw-r--r-- | docs/source/markdown/podman-build.1.md | 136 |
1 files changed, 68 insertions, 68 deletions
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md index 405628912..a411d32ab 100644 --- a/docs/source/markdown/podman-build.1.md +++ b/docs/source/markdown/podman-build.1.md @@ -45,14 +45,14 @@ command to see these contaienrs. External containers can be removed with the ## OPTIONS -**--add-host**=*host* +#### **--add-host**=*host* Add a custom host-to-IP mapping (host:ip) Add a line to /etc/hosts. The format is hostname:ip. The **--add-host** option can be set multiple times. -**--annotation**=*annotation* +#### **--annotation**=*annotation* Add an image *annotation* (e.g. annotation=*value*) to the image metadata. Can be used multiple times. @@ -60,12 +60,12 @@ be used multiple times. Note: this information is not present in Docker image formats, so it is discarded when writing images in Docker formats. -**--arch**=*arch* +#### **--arch**=*arch* Set the ARCH of the image to the provided value instead of the architecture of the host. -**--authfile**=*path* +#### **--authfile**=*path* Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`. @@ -76,26 +76,26 @@ Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE environment variable. `export REGISTRY_AUTH_FILE=path` -**--build-arg**=*arg=value* +#### **--build-arg**=*arg=value* Specifies a build argument and its value, which will be interpolated in instructions read from the Containerfiles in the same way that environment variables are, but which will not be added to environment variable list in the resulting image's configuration. -**--cache-from** +#### **--cache-from** Images to utilize as potential cache sources. Podman does not currently support caching so this is a NOOP. -**--cap-add**=*CAP\_xxx* +#### **--cap-add**=*CAP\_xxx* When executing RUN instructions, run the command specified in the instruction with the specified capability added to its capability set. Certain capabilities are granted by default; this option can be used to add more. -**--cap-drop**=*CAP\_xxx* +#### **--cap-drop**=*CAP\_xxx* When executing RUN instructions, run the command specified in the instruction with the specified capability removed from its capability set. @@ -108,37 +108,37 @@ If a capability is specified to both the **--cap-add** and **--cap-drop** options, it will be dropped, regardless of the order in which the options were given. -**--cert-dir**=*path* +#### **--cert-dir**=*path* Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. Default certificates directory is _/etc/containers/certs.d_. (Not available for remote commands) -**--cgroup-parent**=*path* +#### **--cgroup-parent**=*path* Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. -**--compress** +#### **--compress** This option is added to be aligned with other containers CLIs. Podman doesn't communicate with a daemon or a remote server. Thus, compressing the data before sending it is irrelevant to Podman. -**--cni-config-dir**=*directory* +#### **--cni-config-dir**=*directory* Location of CNI configuration files which will dictate which plugins will be used to configure network interfaces and routing for containers created for handling `RUN` instructions, if those containers will be run in their own network namespaces, and networking is not disabled. -**--cni-plugin-path**=*directory[:directory[:directory[...]]]* +#### **--cni-plugin-path**=*directory[:directory[:directory[...]]]* List of directories in which the CNI plugins which will be used for configuring network namespaces can be found. -**--cpu-period**=*limit* +#### **--cpu-period**=*limit* Set the CPU period for the Completely Fair Scheduler (CFS), which is a duration in microseconds. Once the container's CPU quota is used up, it will @@ -149,7 +149,7 @@ On some systems, changing the CPU limits may not be allowed for non-root users. For more details, see https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error -**--cpu-quota**=*limit* +#### **--cpu-quota**=*limit* Limit the CPU Completely Fair Scheduler (CFS) quota. @@ -162,7 +162,7 @@ On some systems, changing the CPU limits may not be allowed for non-root users. For more details, see https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error -**--cpu-shares**, **-c**=*shares* +#### **--cpu-shares**, **-c**=*shares* CPU shares (relative weight) @@ -200,11 +200,11 @@ division of CPU shares: 101 {C1} 1 100% of CPU1 102 {C1} 2 100% of CPU2 -**--cpuset-cpus**=*num* +#### **--cpuset-cpus**=*num* CPUs in which to allow execution (0-3, 0,1) -**--cpuset-mems**=*nodes* +#### **--cpuset-mems**=*nodes* Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. @@ -213,13 +213,13 @@ If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1` then processes in your container will only use memory from the first two memory nodes. -**--creds**=*creds* +#### **--creds**=*creds* The [username[:password]] to use to authenticate with the registry if required. If one or both values are not supplied, a command line prompt will appear and the value can be entered. The password is entered without echo. -**--device**=_host-device_[**:**_container-device_][**:**_permissions_] +#### **--device**=_host-device_[**:**_container-device_][**:**_permissions_] Add a host device to the container. Optional *permissions* parameter can be used to specify device permissions, it is combination of @@ -233,9 +233,9 @@ The container will only store the major and minor numbers of the host device. Note: if the user only has access rights via a group, accessing the device from inside a rootless container will fail. The **crun**(1) runtime offers a workaround for this by adding the option -**--annotation run.oci.keep_original_groups=1**. +#### **--annotation run.oci.keep_original_groups=1**. -**--disable-compression**, **-D** +#### **--disable-compression**, **-D** Don't compress filesystem layers when building the image unless it is required by the location where the image is being written. This is the default setting, @@ -244,13 +244,13 @@ registries, and images being written to local storage would only need to be decompressed again to be stored. Compression can be forced in all cases by specifying **--disable-compression=false**. -**--disable-content-trust** +#### **--disable-content-trust** This is a Docker specific option to disable image verification to a Docker registry and is not supported by Podman. This flag is a NOOP and provided solely for scripting compatibility. -**--dns**=*dns* +#### **--dns**=*dns* Set custom DNS servers @@ -263,15 +263,15 @@ The special value **none** can be specified to disable creation of /etc/resolv.conf in the container by Podman. The /etc/resolv.conf file in the image will be used without changes. -**--dns-option**=*option* +#### **--dns-option**=*option* Set custom DNS options -**--dns-search**=*domain* +#### **--dns-search**=*domain* Set custom DNS search domains -**--file**, **-f**=*Containerfile* +#### **--file**, **-f**=*Containerfile* Specifies a Containerfile which contains instructions for building the image, either a local file or an **http** or **https** URL. If more than one @@ -284,12 +284,12 @@ context. If you specify `-f -`, the Containerfile contents will be read from stdin. -**--force-rm**=*true|false* +#### **--force-rm**=*true|false* Always remove intermediate containers after a build, even if the build fails (default false). -**--format** +#### **--format** Control the format for the built image's manifest and configuration data. Recognized formats include *oci* (OCI image-spec v1.0, the default) and @@ -302,15 +302,15 @@ environment variable. `export BUILDAH_FORMAT=docker` Print usage statement -**--http-proxy** +#### **--http-proxy** Pass through HTTP Proxy environment variables. -**--iidfile**=*ImageIDfile* +#### **--iidfile**=*ImageIDfile* Write the image ID to the file. -**--ipc**=*how* +#### **--ipc**=*how* Sets the configuration for IPC namespaces when handling `RUN` instructions. The configured value can be "" (the empty string) or "container" to indicate @@ -319,7 +319,7 @@ that the IPC namespace in which `podman` itself is being run should be reused, or it can be the path to an IPC namespace which is already in use by another process. -**--isolation**=*type* +#### **--isolation**=*type* Controls what type of isolation is used for running processes as part of `RUN` instructions. Recognized types include *oci* (OCI-compatible runtime, the @@ -333,13 +333,13 @@ chroot(1) than container technology). Note: You can also override the default isolation type by setting the BUILDAH\_ISOLATION environment variable. `export BUILDAH_ISOLATION=oci` -**--jobs**=*number* +#### **--jobs**=*number* Run up to N concurrent stages in parallel. If the number of jobs is greater than 1, stdin will be read from /dev/null. If 0 is specified, then there is no limit in the number of jobs that run in parallel. -**--label**=*label* +#### **--label**=*label* Add an image *label* (e.g. label=*value*) to the image metadata. Can be used multiple times. @@ -354,25 +354,25 @@ capabilities is a subset of the default list. If the specified capabilities are not in the default set, Podman will print an error message and will run the container with the default capabilities. -**--layers** +#### **--layers** Cache intermediate images during the build process (Default is `true`). Note: You can also override the default value of layers by setting the BUILDAH\_LAYERS environment variable. `export BUILDAH_LAYERS=true` -**--logfile**=*filename* +#### **--logfile**=*filename* Log output which would be sent to standard output and standard error to the specified file instead of to standard output and standard error. -**--loglevel**=*number* +#### **--loglevel**=*number* Adjust the logging level up or down. Valid option values range from -2 to 3, with 3 being roughly equivalent to using the global *--debug* option, and values below 0 omitting even error messages which accompany fatal errors. -**--memory**, **-m**=*LIMIT* +#### **--memory**, **-m**=*LIMIT* Memory limit (format: <number>[<unit>], where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) @@ -383,7 +383,7 @@ not limited. The actual limit may be rounded up to a multiple of the operating system's page size (the value would be very large, that's millions of trillions). -**--memory-swap**=*LIMIT* +#### **--memory-swap**=*LIMIT* A limit value equal to memory plus swap. Must be used with the **-m** (**--memory**) flag. The swap `LIMIT` should always be larger than **-m** @@ -394,7 +394,7 @@ The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. -**--net**, **--network**=*string* +#### **--net**, **--network**=*string* Sets the configuration for network namespaces when handling `RUN` instructions. @@ -407,17 +407,17 @@ considered insecure. - **ns:**_path_: path to a network namespace to join. - `private`: create a new namespace for the container (default). -**--no-cache** +#### **--no-cache** Do not use existing cached images for the container build. Build from the start with a new set of cached layers. -**--os**=*string* +#### **--os**=*string* Set the OS to the provided value instead of the current operating system of the host. -**--pid**=*pid* +#### **--pid**=*pid* Sets the configuration for PID namespaces when handling `RUN` instructions. The configured value can be "" (the empty string) or "container" to indicate @@ -426,13 +426,13 @@ that the PID namespace in which `podman` itself is being run should be reused, or it can be the path to a PID namespace which is already in use by another process. -**--platform**="Linux" +#### **--platform**="Linux" This option has no effect on the build. Other container engines use this option to control the execution platform for the build (e.g., Windows, Linux) which is not required for Buildah as it supports only Linux. -**--pull** +#### **--pull** When the option is specified or set to "true", pull the image from the first registry it is found in as listed in registries.conf. Raise an error if not @@ -442,28 +442,28 @@ If the option is disabled (with *--pull=false*), or not specified, pull the image from the registry only if the image is not present locally. Raise an error if the image is not found in the registries. -**--pull-always** +#### **--pull-always** Pull the image from the first registry it is found in as listed in registries.conf. Raise an error if not found in the registries, even if the image is present locally. -**--pull-never** +#### **--pull-never** Do not pull the image from the registry, use only the local version. Raise an error if the image is not present locally. -**--quiet**, **-q** +#### **--quiet**, **-q** Suppress output messages which indicate which instruction is being processed, and of progress when pulling images from a registry, and when writing the output image. -**--rm**=*true|false* +#### **--rm**=*true|false* Remove intermediate containers after a successful build (default true). -**--runtime**=*path* +#### **--runtime**=*path* The *path* to an alternate OCI-compatible runtime, which will be used to run commands specified by the **RUN** instruction. @@ -471,7 +471,7 @@ commands specified by the **RUN** instruction. Note: You can also override the default runtime by setting the BUILDAH\_RUNTIME environment variable. `export BUILDAH_RUNTIME=/usr/local/bin/runc` -**--security-opt**=*option* +#### **--security-opt**=*option* Security Options @@ -491,7 +491,7 @@ container - `seccomp=profile.json` : White listed syscalls seccomp Json file to be used as a seccomp filter -**--shm-size**=*size* +#### **--shm-size**=*size* Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`. @@ -499,34 +499,34 @@ Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. -**--sign-by**=*fingerprint* +#### **--sign-by**=*fingerprint* Sign the image using a GPG key with the specified FINGERPRINT. -**--squash** +#### **--squash** Squash all of the image's new layers into a single new layer; any preexisting layers are not squashed. -**--squash-all** +#### **--squash-all** Squash all of the new image's layers (including those inherited from a base image) into a single new layer. -**--tag**, **-t**=*imageName* +#### **--tag**, **-t**=*imageName* Specifies the name which will be assigned to the resulting image if the build process completes successfully. If _imageName_ does not include a registry name, the registry name *localhost* will be prepended to the image name. -**--target**=*stageName* +#### **--target**=*stageName* Set the target build stage to build. When building a Containerfile with multiple build stages, --target can be used to specify an intermediate build stage by name as the final stage for the resulting image. Commands after the target stage will be skipped. -**--timestamp** *seconds* +#### **--timestamp** *seconds* Set the create timestamp to seconds since epoch to allow for deterministic builds (defaults to current time). By default, the created timestamp is changed @@ -537,12 +537,12 @@ specified and therefore not changed, allowing the image's sha256 hash to remain same. All files committed to the layers of the image will be created with the timestamp. -**--tls-verify**=*true|false* +#### **--tls-verify**=*true|false* Require HTTPS and verify certificates when talking to container registries (defaults to true). -**--ulimit**=*type*=*soft-limit*[:*hard-limit*] +#### **--ulimit**=*type*=*soft-limit*[:*hard-limit*] Specifies resource limits to apply to processes launched when processing `RUN` instructions. This option can be specified multiple times. Recognized resource @@ -563,7 +563,7 @@ types include: "sigpending": maximum number of pending signals (ulimit -i) "stack": maximum stack size (ulimit -s) -**--userns**=*how* +#### **--userns**=*how* Sets the configuration for user namespaces when handling `RUN` instructions. The configured value can be "" (the empty string) or "container" to indicate @@ -572,7 +572,7 @@ the user namespace in which `podman` itself is being run should be reused, or it can be the path to an user namespace which is already in use by another process. -**--userns-uid-map**=*mapping* +#### **--userns-uid-map**=*mapping* Directly specifies a UID mapping which should be used to set ownership, at the filesystem level, on the working container's contents. @@ -593,7 +593,7 @@ If none of --userns-uid-map-user, --userns-gid-map-group, or --userns-uid-map are specified, but --userns-gid-map is specified, the UID map will be set to use the same numeric values as the GID map. -**--userns-gid-map**=*mapping* +#### **--userns-gid-map**=*mapping* Directly specifies a GID mapping which should be used to set ownership, at the filesystem level, on the working container's contents. @@ -614,7 +614,7 @@ If none of --userns-uid-map-user, --userns-gid-map-group, or --userns-gid-map are specified, but --userns-uid-map is specified, the GID map will be set to use the same numeric values as the UID map. -**--userns-uid-map-user**=*user* +#### **--userns-uid-map-user**=*user* Specifies that a UID mapping which should be used to set ownership, at the filesystem level, on the working container's contents, can be found in entries @@ -625,7 +625,7 @@ If --userns-gid-map-group is specified, but --userns-uid-map-user is not specified, `podman` will assume that the specified group name is also a suitable user name to use as the default setting for this option. -**--userns-gid-map-group**=*group* +#### **--userns-gid-map-group**=*group* Specifies that a GID mapping which should be used to set ownership, at the filesystem level, on the working container's contents, can be found in entries @@ -636,7 +636,7 @@ If --userns-uid-map-user is specified, but --userns-gid-map-group is not specified, `podman` will assume that the specified user name is also a suitable group name to use as the default setting for this option. -**--uts**=*how* +#### **--uts**=*how* Sets the configuration for UTS namespaces when the handling `RUN` instructions. The configured value can be "" (the empty string) or "container" to indicate @@ -645,7 +645,7 @@ that the UTS namespace in which `podman` itself is being run should be reused, or it can be the path to a UTS namespace which is already in use by another process. -**--volume**, **-v**[=*[HOST-DIR:CONTAINER-DIR[:OPTIONS]]*] +#### **--volume**, **-v**[=*[HOST-DIR:CONTAINER-DIR[:OPTIONS]]*] Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Podman bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Podman |