diff options
Diffstat (limited to 'docs/source/markdown')
-rw-r--r-- | docs/source/markdown/podman-auto-update.1.md | 2 | ||||
-rw-r--r-- | docs/source/markdown/podman-create.1.md | 17 | ||||
-rw-r--r-- | docs/source/markdown/podman-run.1.md | 17 | ||||
-rw-r--r-- | docs/source/markdown/podman-secret-create.1.md | 4 | ||||
-rw-r--r-- | docs/source/markdown/podman-start.1.md | 25 |
5 files changed, 52 insertions, 13 deletions
diff --git a/docs/source/markdown/podman-auto-update.1.md b/docs/source/markdown/podman-auto-update.1.md index f298d6bf6..12e8bc70f 100644 --- a/docs/source/markdown/podman-auto-update.1.md +++ b/docs/source/markdown/podman-auto-update.1.md @@ -14,7 +14,7 @@ The label "image" is an alternative to "registry" maintained for backwards compa An image is considered updated if the digest in the local storage is different than the one of the remote image. If an image must be updated, Podman pulls it down and restarts the systemd unit executing the container. -The registry policy requires a requires a fully-qualified image reference (e.g., quay.io/podman/stable:latest) to be used to create the container. +The registry policy requires a fully-qualified image reference (e.g., quay.io/podman/stable:latest) to be used to create the container. This enforcement is necessary to know which image to actually check and pull. If an image ID was used, Podman would not know which image to check/pull anymore. diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index e4631c319..b4593e07a 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -840,7 +840,7 @@ Specify the policy to select the seccomp profile. If set to *image*, Podman will Note that this feature is experimental and may change in the future. -#### **\-\-secret**=*secret* +#### **\-\-secret**=*secret*[,opt=opt ...] Give the container access to a secret. Can be specified multiple times. @@ -848,12 +848,17 @@ A secret is a blob of sensitive data which a container needs at runtime but should not be stored in the image or in source control, such as usernames and passwords, TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size). -Secrets are copied and mounted into the container when a container is created. If a secret is deleted using -`podman secret rm`, the container will still have access to the secret. If a secret is deleted and -another secret is created with the same name, the secret inside the container will not change; the old -secret value will still remain. +When secrets are specified as type `mount`, the secrets are copied and mounted into the container when a container is created. +When secrets are specified as type `env`, the secret will be set as an environment variable within the container. +Secrets are written in the container at the time of container creation, and modifying the secret using `podman secret` commands +after the container is created will not affect the secret inside the container. -Secrets are managed using the `podman secret` command. +Secrets and its storage are managed using the `podman secret` command. + +Secret Options + +- `type=mount|env` : How the secret will be exposed to the container. Default mount. +- `target=target` : Target of secret. Defauts to secret name. #### **\-\-security-opt**=*option* diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 3270394ac..f371cacbf 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -892,7 +892,7 @@ Specify the policy to select the seccomp profile. If set to *image*, Podman will Note that this feature is experimental and may change in the future. -#### **\-\-secret**=*secret* +#### **\-\-secret**=*secret*[,opt=opt ...] Give the container access to a secret. Can be specified multiple times. @@ -900,12 +900,17 @@ A secret is a blob of sensitive data which a container needs at runtime but should not be stored in the image or in source control, such as usernames and passwords, TLS certificates and keys, SSH keys or other important generic strings or binary content (up to 500 kb in size). -Secrets are copied and mounted into the container when a container is created. If a secret is deleted using -`podman secret rm`, the container will still have access to the secret. If a secret is deleted and -another secret is created with the same name, the secret inside the container will not change; the old -secret value will still remain. +When secrets are specified as type `mount`, the secrets are copied and mounted into the container when a container is created. +When secrets are specified as type `env`, the secret will be set as an environment variable within the container. +Secrets are written in the container at the time of container creation, and modifying the secret using `podman secret` commands +after the container is created will not affect the secret inside the container. -Secrets are managed using the `podman secret` command +Secrets and its storage are managed using the `podman secret` command. + +Secret Options + +- `type=mount|env` : How the secret will be exposed to the container. Default mount. +- `target=target` : Target of secret. Defauts to secret name. #### **\-\-security-opt**=*option* diff --git a/docs/source/markdown/podman-secret-create.1.md b/docs/source/markdown/podman-secret-create.1.md index f5a97a0f3..7aacca3fe 100644 --- a/docs/source/markdown/podman-secret-create.1.md +++ b/docs/source/markdown/podman-secret-create.1.md @@ -20,6 +20,10 @@ Secrets will not be committed to an image with `podman commit`, and will not be ## OPTIONS +#### **\-\-env**=*false* + +Read secret data from environment variable + #### **\-\-driver**=*driver* Specify the secret driver (default **file**, which is unencrypted). diff --git a/docs/source/markdown/podman-start.1.md b/docs/source/markdown/podman-start.1.md index 626e6e368..7085f3f47 100644 --- a/docs/source/markdown/podman-start.1.md +++ b/docs/source/markdown/podman-start.1.md @@ -42,6 +42,31 @@ Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and Start all the containers created by Podman, default is only running containers. +#### **\-\-filter**, **-f** + +Filter what containers are going to be started from the given arguments. +Multiple filters can be given with multiple uses of the --filter flag. +Filters with the same key work inclusive with the only exception being +`label` which is exclusive. Filters with different keys always work exclusive. + +Valid filters are listed below: + +| **Filter** | **Description** | +| --------------- | -------------------------------------------------------------------------------- | +| id | [ID] Container's ID (accepts regex) | +| name | [Name] Container's name (accepts regex) | +| label | [Key] or [Key=Value] Label assigned to a container | +| exited | [Int] Container's exit code | +| status | [Status] Container's status: 'created', 'exited', 'paused', 'running', 'unknown' | +| ancestor | [ImageName] Image or descendant used to create container | +| before | [ID] or [Name] Containers created before this container | +| since | [ID] or [Name] Containers created since this container | +| volume | [VolumeName] or [MountpointDestination] Volume mounted in container | +| health | [Status] healthy or unhealthy | +| pod | [Pod] name or full or partial ID of pod | +| network | [Network] name or full ID of network | + + ## EXAMPLE podman start mywebserver |