diff options
Diffstat (limited to 'docs/source/markdown/podman-create.1.md.in')
| -rw-r--r-- | docs/source/markdown/podman-create.1.md.in | 124 |
1 files changed, 16 insertions, 108 deletions
diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in index 0d03c8671..742a32b5a 100644 --- a/docs/source/markdown/podman-create.1.md.in +++ b/docs/source/markdown/podman-create.1.md.in @@ -141,19 +141,11 @@ flag to pass the user's supplementary group access into the container. @@option disable-content-trust -#### **--dns**=*dns* +@@option dns -Set custom DNS servers. Invalid if using **--dns** and **--network** that is set to 'none' or `container:<name|id>`. +This option cannot be combined with **--network** that is set to **none** or **container:**_id_. -This option can be used to override the DNS -configuration passed to the container. Typically this is necessary when the -host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this -is the case the **--dns** flag is necessary for every run. - -The special value **none** can be specified to disable creation of **/etc/resolv.conf** in the container by Podman. -The **/etc/resolv.conf** file in the image will be used without changes. - -@@option dns-opt.container +@@option dns-option.container @@option dns-search.container @@ -224,28 +216,11 @@ pod when that pod is not running. @@option init-path -#### **--interactive**, **-i** - -Keep STDIN open even if not attached. The default is *false*. - -#### **--ip**=*ipv4* - -Specify a static IPv4 address for the container, for example **10.88.64.128**. -This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once - -and if the container is not joining another container's network namespace via **--network=container:_id_**. -The address must be within the network's IP address pool (default **10.88.0.0/16**). - -To specify multiple static IP addresses per container, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option. - -#### **--ip6**=*ipv6* +@@option interactive -Specify a static IPv6 address for the container, for example **fd46:db93:aa76:ac37::10**. -This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once - -and if the container is not joining another container's network namespace via **--network=container:_id_**. -The address must be within the network's IPv6 address pool. - -To specify multiple static IPv6 addresses per container, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option. +@@option ip +@@option ip6 @@option ipc @@ -290,7 +265,7 @@ This option is currently supported only by the **journald** log driver. #### **--network**=*mode*, **--net** -Set the network mode for the container. Invalid if using **--dns**, **--dns-opt**, or **--dns-search** with **--network** set to **none** or **container:**_id_. If used together with **--pod**, the container will not join the pod's network namespace. +Set the network mode for the container. Invalid if using **--dns**, **--dns-option**, or **--dns-search** with **--network** set to **none** or **container:**_id_. If used together with **--pod**, the container will not join the pod's network namespace. Valid _mode_ values are: @@ -309,7 +284,7 @@ Valid _mode_ values are: - **ns:**_path_: Path to a network namespace to join. - **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones. - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf: - - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false. + - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false. - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`). - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`). - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`). @@ -333,9 +308,7 @@ This option conflicts with **--add-host**. @@option oom-score-adj -#### **--os**=*OS* -Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`. -Unless overridden, subsequent lookups of the same image in the local storage will match this OS, regardless of the host. +@@option os.pull @@option passwd-entry @@ -358,25 +331,7 @@ To make a pod with more granular options, use the `podman pod create` command be @@option privileged -#### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]* - -Publish a container's port, or range of ports, to the host. - -Both *hostPort* and *containerPort* can be specified as a range of ports. -When specifying ranges for both, the number of container ports in the -range must match the number of host ports in the range. - -If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host. - -By default, Podman will publish TCP ports. To publish a UDP port instead, give -`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice, -with `tcp`, and `udp` as protocols respectively. Rootful containers can also -publish ports using the `sctp` protocol. - -Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). -If it is not, the container port will be randomly assigned a port on the host. - -Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`. +@@option publish **Note:** If a container will be run within a pod, it is not necessary to publish the port for the containers in the pod. The port must only be published by the pod itself. Pod network @@ -386,17 +341,7 @@ associated ports. If one container binds to a port, no other container can use t within the pod while it is in use. Containers in the pod can also communicate over localhost by having one container bind to localhost in the pod, and another connect to that port. -#### **--publish-all**, **-P** - -Publish all exposed ports to random ports on the host interfaces. The default is *false*. - -When set to true publish all exposed ports to the host interfaces. The -default is false. If the operator uses -P (or -p) then Podman will make the -exposed port accessible on the host and the ports will be available to any -client that can reach the host. When using -P, Podman will bind any exposed -port to a random port on the host within an *ephemeral port range* defined by -`/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host -ports and the exposed ports, use `podman port`. +@@option publish-all @@option pull @@ -418,22 +363,7 @@ Suppress output information when pulling images Automatically remove the container when it exits. The default is *false*. -#### **--rootfs** - -If specified, the first argument refers to an exploded container on the file system. - -This is useful to run a container without requiring any image management, the rootfs -of the container is assumed to be managed externally. - - `Overlay Rootfs Mounts` - - The `:O` flag tells Podman to mount the directory from the rootfs path as -storage using the `overlay file system`. The container processes -can modify content within the mount point which is stored in the -container storage in a separate directory. In overlay terms, the source -directory will be the lower, and the container storage directory will be the -upper. Modifications to the mount point are destroyed when the container -finishes executing, similar to a tmpfs mount point being unmounted. +@@option rootfs @@option sdnotify @@ -474,11 +404,7 @@ Note: Labeling can be disabled for all containers by setting label=false in the Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file. -#### **--shm-size**=*size* - -Size of `/dev/shm` (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) -If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. -When size is `0`, there is no limit on the amount of memory used for IPC by the container. +@@option shm-size @@option stop-signal @@ -494,22 +420,11 @@ When size is `0`, there is no limit on the amount of memory used for IPC by the @@option timeout -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. +@@option tls-verify @@option tmpfs -#### **--tty**, **-t** - -Allocate a pseudo-TTY. The default is *false*. - -When set to true Podman will allocate a pseudo-tty and attach to the standard -input of the container. This can be used, for example, to run a throwaway -interactive shell. The default is false. - -Note: The **-t** option is incompatible with a redirection of the Podman client -standard input. +@@option tty @@option tz @@ -523,14 +438,7 @@ standard input. @@option unsetenv-all -#### **--user**, **-u**=*user* - -Sets the username or UID used and optionally the groupname or GID for the specified command. - -The following examples are all valid: ---user [user | user:group | uid | uid:gid | user:gid | uid:group ] - -Without this argument the command will be run as root in the container. +@@option user @@option userns.container |