diff options
Diffstat (limited to 'docs/source/markdown/podman-pod-create.1.md.in')
| -rw-r--r-- | docs/source/markdown/podman-pod-create.1.md.in | 80 |
1 files changed, 6 insertions, 74 deletions
diff --git a/docs/source/markdown/podman-pod-create.1.md.in b/docs/source/markdown/podman-pod-create.1.md.in index 3a3909340..7700f5e62 100644 --- a/docs/source/markdown/podman-pod-create.1.md.in +++ b/docs/source/markdown/podman-pod-create.1.md.in @@ -99,23 +99,9 @@ The custom image that will be used for the infra container. Unless specified, P @@option infra-name -#### **--ip**=*ip* +@@option ip -Specify a static IP address for the pod, for example **10.88.64.128**. -This option can only be used if the pod is joined to only a single network - i.e., **--network=network-name** is used at most once - -and if the pod is not joining another container's network namespace via **--network=container:_id_**. -The address must be within the network's IP address pool (default **10.88.0.0/16**). - -To specify multiple static IP addresses per pod, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option. - -#### **--ip6**=*ipv6* - -Specify a static IPv6 address for the pod, for example **fd46:db93:aa76:ac37::10**. -This option can only be used if the pod is joined to only a single network - i.e., **--network=network-name** is used at most once - -and if the pod is not joining another container's network namespace via **--network=container:_id_**. -The address must be within the network's IPv6 address pool. - -To specify multiple static IPv6 addresses per pod, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option. +@@option ip6 @@option label @@ -152,7 +138,7 @@ Valid _mode_ values are: - **ns:**_path_: Path to a network namespace to join. - **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones. - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf: - - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false. + - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false. - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`). - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`). - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`). @@ -176,25 +162,7 @@ This option conflicts with **--add-host**. Write the pod ID to the file. -#### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]* - -Publish a container's port, or range of ports, within this pod to the host. - -Both *hostPort* and *containerPort* can be specified as a range of ports. -When specifying ranges for both, the number of container ports in the -range must match the number of host ports in the range. - -If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host. - -By default, Podman will publish TCP ports. To publish a UDP port instead, give -`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice, -with `tcp`, and `udp` as protocols respectively. Rootful containers can also -publish ports using the `sctp` protocol. - -Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). -If it is not, the container port will be randomly assigned a port on the host. - -Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`. +@@option publish **Note:** You must not publish ports of containers in the pod individually, but only by the pod itself. @@ -245,11 +213,7 @@ This boolean determines whether or not all containers entering the pod will use Note: This options conflict with **--share=cgroup** since that would set the pod as the cgroup parent but enter the container into the same cgroupNS as the infra container. -#### **--shm-size**=*size* - -Size of `/dev/shm` (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) -If the unit is omitted, the system uses bytes. If the size is omitted, the system uses `64m`. -When size is `0`, there is no limit on the amount of memory used for IPC by the pod. This option conflicts with **--ipc=host** when running containers. +@@option shm-size @@option subgidname @@ -265,39 +229,7 @@ When size is `0`, there is no limit on the amount of memory used for IPC by the @@option volume -#### **--volumes-from**=*container[:options]]* - -Mount volumes from the specified container(s). Used to share volumes between -containers and pods. The *options* is a comma-separated list with the following available elements: - -* **rw**|**ro** -* **z** - -Mounts already mounted volumes from a source container into another -pod. You must supply the source's container-id or container-name. -To share a volume, use the --volumes-from option when running -the target container. You can share volumes even if the source container -is not running. - -By default, Podman mounts the volumes in the same mode (read-write or -read-only) as it is mounted in the source container. -You can change this by adding a `ro` or `rw` _option_. - -Labeling systems like SELinux require that proper labels are placed on volume -content mounted into a pod. Without a label, the security system might -prevent the processes running inside the container from using the content. By -default, Podman does not change the labels set by the OS. - -To change a label in the pod context, you can add `z` to the volume mount. -This suffix tells Podman to relabel file objects on the shared volumes. The `z` -option tells Podman that two entities share the volume content. As a result, -Podman labels the content with a shared content label. Shared volume labels allow -all containers to read/write content. - -If the location of the volume from the source container overlaps with -data residing on a target pod, then the volume hides -that data on the target. - +@@option volumes-from ## EXAMPLES |