aboutsummaryrefslogtreecommitdiff
path: root/docs/source/markdown/podman-build.1.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/source/markdown/podman-build.1.md')
-rw-r--r--docs/source/markdown/podman-build.1.md136
1 files changed, 68 insertions, 68 deletions
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md
index 405628912..a411d32ab 100644
--- a/docs/source/markdown/podman-build.1.md
+++ b/docs/source/markdown/podman-build.1.md
@@ -45,14 +45,14 @@ command to see these contaienrs. External containers can be removed with the
## OPTIONS
-**--add-host**=*host*
+#### **--add-host**=*host*
Add a custom host-to-IP mapping (host:ip)
Add a line to /etc/hosts. The format is hostname:ip. The **--add-host** option
can be set multiple times.
-**--annotation**=*annotation*
+#### **--annotation**=*annotation*
Add an image *annotation* (e.g. annotation=*value*) to the image metadata. Can
be used multiple times.
@@ -60,12 +60,12 @@ be used multiple times.
Note: this information is not present in Docker image formats, so it is
discarded when writing images in Docker formats.
-**--arch**=*arch*
+#### **--arch**=*arch*
Set the ARCH of the image to the provided value instead of the architecture of
the host.
-**--authfile**=*path*
+#### **--authfile**=*path*
Path of the authentication file. Default is
${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
@@ -76,26 +76,26 @@ Note: You can also override the default path of the authentication file by
setting the REGISTRY\_AUTH\_FILE environment variable.
`export REGISTRY_AUTH_FILE=path`
-**--build-arg**=*arg=value*
+#### **--build-arg**=*arg=value*
Specifies a build argument and its value, which will be interpolated in
instructions read from the Containerfiles in the same way that environment
variables are, but which will not be added to environment variable list in the
resulting image's configuration.
-**--cache-from**
+#### **--cache-from**
Images to utilize as potential cache sources. Podman does not currently support
caching so this is a NOOP.
-**--cap-add**=*CAP\_xxx*
+#### **--cap-add**=*CAP\_xxx*
When executing RUN instructions, run the command specified in the instruction
with the specified capability added to its capability set.
Certain capabilities are granted by default; this option can be used to add
more.
-**--cap-drop**=*CAP\_xxx*
+#### **--cap-drop**=*CAP\_xxx*
When executing RUN instructions, run the command specified in the instruction
with the specified capability removed from its capability set.
@@ -108,37 +108,37 @@ If a capability is specified to both the **--cap-add** and **--cap-drop**
options, it will be dropped, regardless of the order in which the options were
given.
-**--cert-dir**=*path*
+#### **--cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
Default certificates directory is _/etc/containers/certs.d_. (Not available for
remote commands)
-**--cgroup-parent**=*path*
+#### **--cgroup-parent**=*path*
Path to cgroups under which the cgroup for the container will be created. If the
path is not absolute, the path is considered to be relative to the cgroups path
of the init process. Cgroups will be created if they do not already exist.
-**--compress**
+#### **--compress**
This option is added to be aligned with other containers CLIs.
Podman doesn't communicate with a daemon or a remote server.
Thus, compressing the data before sending it is irrelevant to Podman.
-**--cni-config-dir**=*directory*
+#### **--cni-config-dir**=*directory*
Location of CNI configuration files which will dictate which plugins will be
used to configure network interfaces and routing for containers created for
handling `RUN` instructions, if those containers will be run in their own
network namespaces, and networking is not disabled.
-**--cni-plugin-path**=*directory[:directory[:directory[...]]]*
+#### **--cni-plugin-path**=*directory[:directory[:directory[...]]]*
List of directories in which the CNI plugins which will be used for configuring
network namespaces can be found.
-**--cpu-period**=*limit*
+#### **--cpu-period**=*limit*
Set the CPU period for the Completely Fair Scheduler (CFS), which is a
duration in microseconds. Once the container's CPU quota is used up, it will
@@ -149,7 +149,7 @@ On some systems, changing the CPU limits may not be allowed for non-root
users. For more details, see
https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
-**--cpu-quota**=*limit*
+#### **--cpu-quota**=*limit*
Limit the CPU Completely Fair Scheduler (CFS) quota.
@@ -162,7 +162,7 @@ On some systems, changing the CPU limits may not be allowed for non-root
users. For more details, see
https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
-**--cpu-shares**, **-c**=*shares*
+#### **--cpu-shares**, **-c**=*shares*
CPU shares (relative weight)
@@ -200,11 +200,11 @@ division of CPU shares:
101 {C1} 1 100% of CPU1
102 {C1} 2 100% of CPU2
-**--cpuset-cpus**=*num*
+#### **--cpuset-cpus**=*num*
CPUs in which to allow execution (0-3, 0,1)
-**--cpuset-mems**=*nodes*
+#### **--cpuset-mems**=*nodes*
Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on
NUMA systems.
@@ -213,13 +213,13 @@ If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
then processes in your container will only use memory from the first
two memory nodes.
-**--creds**=*creds*
+#### **--creds**=*creds*
The [username[:password]] to use to authenticate with the registry if required.
If one or both values are not supplied, a command line prompt will appear and
the value can be entered. The password is entered without echo.
-**--device**=_host-device_[**:**_container-device_][**:**_permissions_]
+#### **--device**=_host-device_[**:**_container-device_][**:**_permissions_]
Add a host device to the container. Optional *permissions* parameter
can be used to specify device permissions, it is combination of
@@ -233,9 +233,9 @@ The container will only store the major and minor numbers of the host device.
Note: if the user only has access rights via a group, accessing the device
from inside a rootless container will fail. The **crun**(1) runtime offers a
workaround for this by adding the option
-**--annotation run.oci.keep_original_groups=1**.
+#### **--annotation run.oci.keep_original_groups=1**.
-**--disable-compression**, **-D**
+#### **--disable-compression**, **-D**
Don't compress filesystem layers when building the image unless it is required
by the location where the image is being written. This is the default setting,
@@ -244,13 +244,13 @@ registries, and images being written to local storage would only need to be
decompressed again to be stored. Compression can be forced in all cases by
specifying **--disable-compression=false**.
-**--disable-content-trust**
+#### **--disable-content-trust**
This is a Docker specific option to disable image verification to a Docker
registry and is not supported by Podman. This flag is a NOOP and provided
solely for scripting compatibility.
-**--dns**=*dns*
+#### **--dns**=*dns*
Set custom DNS servers
@@ -263,15 +263,15 @@ The special value **none** can be specified to disable creation of
/etc/resolv.conf in the container by Podman. The /etc/resolv.conf file in the
image will be used without changes.
-**--dns-option**=*option*
+#### **--dns-option**=*option*
Set custom DNS options
-**--dns-search**=*domain*
+#### **--dns-search**=*domain*
Set custom DNS search domains
-**--file**, **-f**=*Containerfile*
+#### **--file**, **-f**=*Containerfile*
Specifies a Containerfile which contains instructions for building the image,
either a local file or an **http** or **https** URL. If more than one
@@ -284,12 +284,12 @@ context.
If you specify `-f -`, the Containerfile contents will be read from stdin.
-**--force-rm**=*true|false*
+#### **--force-rm**=*true|false*
Always remove intermediate containers after a build, even if the build fails
(default false).
-**--format**
+#### **--format**
Control the format for the built image's manifest and configuration data.
Recognized formats include *oci* (OCI image-spec v1.0, the default) and
@@ -302,15 +302,15 @@ environment variable. `export BUILDAH_FORMAT=docker`
Print usage statement
-**--http-proxy**
+#### **--http-proxy**
Pass through HTTP Proxy environment variables.
-**--iidfile**=*ImageIDfile*
+#### **--iidfile**=*ImageIDfile*
Write the image ID to the file.
-**--ipc**=*how*
+#### **--ipc**=*how*
Sets the configuration for IPC namespaces when handling `RUN` instructions.
The configured value can be "" (the empty string) or "container" to indicate
@@ -319,7 +319,7 @@ that the IPC namespace in which `podman` itself is being run should be reused,
or it can be the path to an IPC namespace which is already in use by
another process.
-**--isolation**=*type*
+#### **--isolation**=*type*
Controls what type of isolation is used for running processes as part of `RUN`
instructions. Recognized types include *oci* (OCI-compatible runtime, the
@@ -333,13 +333,13 @@ chroot(1) than container technology).
Note: You can also override the default isolation type by setting the
BUILDAH\_ISOLATION environment variable. `export BUILDAH_ISOLATION=oci`
-**--jobs**=*number*
+#### **--jobs**=*number*
Run up to N concurrent stages in parallel. If the number of jobs is greater
than 1, stdin will be read from /dev/null. If 0 is specified, then there is
no limit in the number of jobs that run in parallel.
-**--label**=*label*
+#### **--label**=*label*
Add an image *label* (e.g. label=*value*) to the image metadata. Can be used
multiple times.
@@ -354,25 +354,25 @@ capabilities is a subset of the default list.
If the specified capabilities are not in the default set, Podman will
print an error message and will run the container with the default capabilities.
-**--layers**
+#### **--layers**
Cache intermediate images during the build process (Default is `true`).
Note: You can also override the default value of layers by setting the
BUILDAH\_LAYERS environment variable. `export BUILDAH_LAYERS=true`
-**--logfile**=*filename*
+#### **--logfile**=*filename*
Log output which would be sent to standard output and standard error to the
specified file instead of to standard output and standard error.
-**--loglevel**=*number*
+#### **--loglevel**=*number*
Adjust the logging level up or down. Valid option values range from -2 to 3,
with 3 being roughly equivalent to using the global *--debug* option, and
values below 0 omitting even error messages which accompany fatal errors.
-**--memory**, **-m**=*LIMIT*
+#### **--memory**, **-m**=*LIMIT*
Memory limit (format: <number>[<unit>], where unit = b (bytes), k (kilobytes),
m (megabytes), or g (gigabytes))
@@ -383,7 +383,7 @@ not limited. The actual limit may be rounded up to a multiple of the operating
system's page size (the value would be very large, that's millions of
trillions).
-**--memory-swap**=*LIMIT*
+#### **--memory-swap**=*LIMIT*
A limit value equal to memory plus swap. Must be used with the **-m**
(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
@@ -394,7 +394,7 @@ The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a
unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
-**--net**, **--network**=*string*
+#### **--net**, **--network**=*string*
Sets the configuration for network namespaces when handling `RUN` instructions.
@@ -407,17 +407,17 @@ considered insecure.
- **ns:**_path_: path to a network namespace to join.
- `private`: create a new namespace for the container (default).
-**--no-cache**
+#### **--no-cache**
Do not use existing cached images for the container build. Build from the start
with a new set of cached layers.
-**--os**=*string*
+#### **--os**=*string*
Set the OS to the provided value instead of the current operating system of the
host.
-**--pid**=*pid*
+#### **--pid**=*pid*
Sets the configuration for PID namespaces when handling `RUN` instructions.
The configured value can be "" (the empty string) or "container" to indicate
@@ -426,13 +426,13 @@ that the PID namespace in which `podman` itself is being run should be reused,
or it can be the path to a PID namespace which is already in use by another
process.
-**--platform**="Linux"
+#### **--platform**="Linux"
This option has no effect on the build. Other container engines use this option
to control the execution platform for the build (e.g., Windows, Linux) which is
not required for Buildah as it supports only Linux.
-**--pull**
+#### **--pull**
When the option is specified or set to "true", pull the image from the first
registry it is found in as listed in registries.conf. Raise an error if not
@@ -442,28 +442,28 @@ If the option is disabled (with *--pull=false*), or not specified, pull the
image from the registry only if the image is not present locally. Raise an
error if the image is not found in the registries.
-**--pull-always**
+#### **--pull-always**
Pull the image from the first registry it is found in as listed in
registries.conf. Raise an error if not found in the registries, even if the
image is present locally.
-**--pull-never**
+#### **--pull-never**
Do not pull the image from the registry, use only the local version. Raise an
error if the image is not present locally.
-**--quiet**, **-q**
+#### **--quiet**, **-q**
Suppress output messages which indicate which instruction is being processed,
and of progress when pulling images from a registry, and when writing the
output image.
-**--rm**=*true|false*
+#### **--rm**=*true|false*
Remove intermediate containers after a successful build (default true).
-**--runtime**=*path*
+#### **--runtime**=*path*
The *path* to an alternate OCI-compatible runtime, which will be used to run
commands specified by the **RUN** instruction.
@@ -471,7 +471,7 @@ commands specified by the **RUN** instruction.
Note: You can also override the default runtime by setting the BUILDAH\_RUNTIME
environment variable. `export BUILDAH_RUNTIME=/usr/local/bin/runc`
-**--security-opt**=*option*
+#### **--security-opt**=*option*
Security Options
@@ -491,7 +491,7 @@ container
- `seccomp=profile.json` : White listed syscalls seccomp Json file to be used
as a seccomp filter
-**--shm-size**=*size*
+#### **--shm-size**=*size*
Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater
than `0`.
@@ -499,34 +499,34 @@ Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or
`g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the
size entirely, the system uses `64m`.
-**--sign-by**=*fingerprint*
+#### **--sign-by**=*fingerprint*
Sign the image using a GPG key with the specified FINGERPRINT.
-**--squash**
+#### **--squash**
Squash all of the image's new layers into a single new layer; any preexisting
layers are not squashed.
-**--squash-all**
+#### **--squash-all**
Squash all of the new image's layers (including those inherited from a base
image) into a single new layer.
-**--tag**, **-t**=*imageName*
+#### **--tag**, **-t**=*imageName*
Specifies the name which will be assigned to the resulting image if the build
process completes successfully.
If _imageName_ does not include a registry name, the registry name *localhost*
will be prepended to the image name.
-**--target**=*stageName*
+#### **--target**=*stageName*
Set the target build stage to build. When building a Containerfile with
multiple build stages, --target can be used to specify an intermediate build
stage by name as the final stage for the resulting image. Commands after the target stage will be skipped.
-**--timestamp** *seconds*
+#### **--timestamp** *seconds*
Set the create timestamp to seconds since epoch to allow for deterministic
builds (defaults to current time). By default, the created timestamp is changed
@@ -537,12 +537,12 @@ specified and therefore not changed, allowing the image's sha256 hash to remain
same. All files committed to the layers of the image will be created with the
timestamp.
-**--tls-verify**=*true|false*
+#### **--tls-verify**=*true|false*
Require HTTPS and verify certificates when talking to container registries
(defaults to true).
-**--ulimit**=*type*=*soft-limit*[:*hard-limit*]
+#### **--ulimit**=*type*=*soft-limit*[:*hard-limit*]
Specifies resource limits to apply to processes launched when processing `RUN`
instructions. This option can be specified multiple times. Recognized resource
@@ -563,7 +563,7 @@ types include:
"sigpending": maximum number of pending signals (ulimit -i)
"stack": maximum stack size (ulimit -s)
-**--userns**=*how*
+#### **--userns**=*how*
Sets the configuration for user namespaces when handling `RUN` instructions.
The configured value can be "" (the empty string) or "container" to indicate
@@ -572,7 +572,7 @@ the user namespace in which `podman` itself is being run should be reused, or
it can be the path to an user namespace which is already in use by another
process.
-**--userns-uid-map**=*mapping*
+#### **--userns-uid-map**=*mapping*
Directly specifies a UID mapping which should be used to set ownership, at the
filesystem level, on the working container's contents.
@@ -593,7 +593,7 @@ If none of --userns-uid-map-user, --userns-gid-map-group, or --userns-uid-map
are specified, but --userns-gid-map is specified, the UID map will be set to
use the same numeric values as the GID map.
-**--userns-gid-map**=*mapping*
+#### **--userns-gid-map**=*mapping*
Directly specifies a GID mapping which should be used to set ownership, at the
filesystem level, on the working container's contents.
@@ -614,7 +614,7 @@ If none of --userns-uid-map-user, --userns-gid-map-group, or --userns-gid-map
are specified, but --userns-uid-map is specified, the GID map will be set to
use the same numeric values as the UID map.
-**--userns-uid-map-user**=*user*
+#### **--userns-uid-map-user**=*user*
Specifies that a UID mapping which should be used to set ownership, at the
filesystem level, on the working container's contents, can be found in entries
@@ -625,7 +625,7 @@ If --userns-gid-map-group is specified, but --userns-uid-map-user is not
specified, `podman` will assume that the specified group name is also a
suitable user name to use as the default setting for this option.
-**--userns-gid-map-group**=*group*
+#### **--userns-gid-map-group**=*group*
Specifies that a GID mapping which should be used to set ownership, at the
filesystem level, on the working container's contents, can be found in entries
@@ -636,7 +636,7 @@ If --userns-uid-map-user is specified, but --userns-gid-map-group is not
specified, `podman` will assume that the specified user name is also a
suitable group name to use as the default setting for this option.
-**--uts**=*how*
+#### **--uts**=*how*
Sets the configuration for UTS namespaces when the handling `RUN` instructions.
The configured value can be "" (the empty string) or "container" to indicate
@@ -645,7 +645,7 @@ that the UTS namespace in which `podman` itself is being run should be reused,
or it can be the path to a UTS namespace which is already in use by another
process.
-**--volume**, **-v**[=*[HOST-DIR:CONTAINER-DIR[:OPTIONS]]*]
+#### **--volume**, **-v**[=*[HOST-DIR:CONTAINER-DIR[:OPTIONS]]*]
Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Podman
bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Podman