diff options
Diffstat (limited to 'docs/source/markdown')
20 files changed, 75 insertions, 163 deletions
diff --git a/docs/source/markdown/.gitignore b/docs/source/markdown/.gitignore index 74e7fc075..552e6f520 100644 --- a/docs/source/markdown/.gitignore +++ b/docs/source/markdown/.gitignore @@ -11,6 +11,7 @@ podman-login.1.md podman-logout.1.md podman-logs.1.md podman-manifest-add.1.md +podman-manifest-create.1.md podman-manifest-push.1.md podman-pause.1.md podman-pod-clone.1.md diff --git a/docs/source/markdown/options/ip.md b/docs/source/markdown/options/ip.md new file mode 100644 index 000000000..8f251ee2e --- /dev/null +++ b/docs/source/markdown/options/ip.md @@ -0,0 +1,8 @@ +#### **--ip**=*ipv4* + +Specify a static IPv4 address for the <<container|pod>>, for example **10.88.64.128**. +This option can only be used if the <<container|pod>> is joined to only a single network - i.e., **--network=network-name** is used at most once - +and if the <<container|pod>> is not joining another container's network namespace via **--network=container:_id_**. +The address must be within the network's IP address pool (default **10.88.0.0/16**). + +To specify multiple static IP addresses per <<container|pod>>, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option. diff --git a/docs/source/markdown/options/os.pull.md b/docs/source/markdown/options/os.pull.md new file mode 100644 index 000000000..547a9fff8 --- /dev/null +++ b/docs/source/markdown/options/os.pull.md @@ -0,0 +1,4 @@ +#### **--os**=*OS* + +Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`. +Unless overridden, subsequent lookups of the same image in the local storage will match this OS, regardless of the host. diff --git a/docs/source/markdown/options/publish-all.md b/docs/source/markdown/options/publish-all.md new file mode 100644 index 000000000..6651599a0 --- /dev/null +++ b/docs/source/markdown/options/publish-all.md @@ -0,0 +1,12 @@ +#### **--publish-all**, **-P** + +Publish all exposed ports to random ports on the host interfaces. The default is **false**. + +When set to **true**, publish all exposed ports to the host interfaces. The +default is **false**. If the operator uses **-P** (or **-p**) then Podman will make the +exposed port accessible on the host and the ports will be available to any +client that can reach the host. + +When using this option, Podman will bind any exposed port to a random port on the host +within an ephemeral port range defined by */proc/sys/net/ipv4/ip_local_port_range*. +To find the mapping between the host ports and the exposed ports, use **podman port**. diff --git a/docs/source/markdown/options/publish.md b/docs/source/markdown/options/publish.md new file mode 100644 index 000000000..a0394b692 --- /dev/null +++ b/docs/source/markdown/options/publish.md @@ -0,0 +1,19 @@ +#### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]* + +Publish a container's port, or range of ports,<<| within this pod>> to the host. + +Both *hostPort* and *containerPort* can be specified as a range of ports. +When specifying ranges for both, the number of container ports in the +range must match the number of host ports in the range. + +If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host. + +By default, Podman will publish TCP ports. To publish a UDP port instead, give +`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice, +with `tcp`, and `udp` as protocols respectively. Rootful containers can also +publish ports using the `sctp` protocol. + +Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). +If it is not, the container port will be randomly assigned a port on the host. + +Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`. diff --git a/docs/source/markdown/options/tls-verify.md b/docs/source/markdown/options/tls-verify.md new file mode 100644 index 000000000..e3d6f491f --- /dev/null +++ b/docs/source/markdown/options/tls-verify.md @@ -0,0 +1,5 @@ +#### **--tls-verify** + +Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, +then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, +TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. diff --git a/docs/source/markdown/podman-build.1.md.in b/docs/source/markdown/podman-build.1.md.in index ab31c492c..2c636069f 100644 --- a/docs/source/markdown/podman-build.1.md.in +++ b/docs/source/markdown/podman-build.1.md.in @@ -627,10 +627,7 @@ timestamp. If the only instruction in a Containerfile is `FROM`, this flag has no effect. -#### **--tls-verify** - -Require HTTPS and verify certificates when talking to container registries -(defaults to true). (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) +@@option tls-verify #### **--ulimit**=*type=soft-limit[:hard-limit]* diff --git a/docs/source/markdown/podman-container-runlabel.1.md.in b/docs/source/markdown/podman-container-runlabel.1.md.in index 36e021ce4..bdbd306f2 100644 --- a/docs/source/markdown/podman-container-runlabel.1.md.in +++ b/docs/source/markdown/podman-container-runlabel.1.md.in @@ -55,9 +55,7 @@ Suppress output information when pulling images If a container exists of the default or given name, as needed it will be stopped, deleted and a new container will be created from this image. -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in containers-registries.conf(5). +@@option tls-verify ## EXAMPLES diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in index 6f6bb29e5..54afe3b16 100644 --- a/docs/source/markdown/podman-create.1.md.in +++ b/docs/source/markdown/podman-create.1.md.in @@ -228,14 +228,7 @@ pod when that pod is not running. Keep STDIN open even if not attached. The default is *false*. -#### **--ip**=*ipv4* - -Specify a static IPv4 address for the container, for example **10.88.64.128**. -This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once - -and if the container is not joining another container's network namespace via **--network=container:_id_**. -The address must be within the network's IP address pool (default **10.88.0.0/16**). - -To specify multiple static IP addresses per container, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option. +@@option ip #### **--ip6**=*ipv6* @@ -333,9 +326,7 @@ This option conflicts with **--add-host**. @@option oom-score-adj -#### **--os**=*OS* -Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`. -Unless overridden, subsequent lookups of the same image in the local storage will match this OS, regardless of the host. +@@option os.pull @@option passwd-entry @@ -358,25 +349,7 @@ To make a pod with more granular options, use the `podman pod create` command be @@option privileged -#### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]* - -Publish a container's port, or range of ports, to the host. - -Both *hostPort* and *containerPort* can be specified as a range of ports. -When specifying ranges for both, the number of container ports in the -range must match the number of host ports in the range. - -If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host. - -By default, Podman will publish TCP ports. To publish a UDP port instead, give -`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice, -with `tcp`, and `udp` as protocols respectively. Rootful containers can also -publish ports using the `sctp` protocol. - -Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). -If it is not, the container port will be randomly assigned a port on the host. - -Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`. +@@option publish **Note:** If a container will be run within a pod, it is not necessary to publish the port for the containers in the pod. The port must only be published by the pod itself. Pod network @@ -386,17 +359,7 @@ associated ports. If one container binds to a port, no other container can use t within the pod while it is in use. Containers in the pod can also communicate over localhost by having one container bind to localhost in the pod, and another connect to that port. -#### **--publish-all**, **-P** - -Publish all exposed ports to random ports on the host interfaces. The default is *false*. - -When set to true publish all exposed ports to the host interfaces. The -default is false. If the operator uses -P (or -p) then Podman will make the -exposed port accessible on the host and the ports will be available to any -client that can reach the host. When using -P, Podman will bind any exposed -port to a random port on the host within an *ephemeral port range* defined by -`/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host -ports and the exposed ports, use `podman port`. +@@option publish-all @@option pull @@ -479,9 +442,7 @@ When size is `0`, there is no limit on the amount of memory used for IPC by the @@option timeout -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. +@@option tls-verify @@option tmpfs diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md index ee649c95b..b733cff8d 100644 --- a/docs/source/markdown/podman-generate-systemd.1.md +++ b/docs/source/markdown/podman-generate-systemd.1.md @@ -85,7 +85,9 @@ Set the systemd unit requires (`Requires=`) option. Similar to wants, but declar #### **--restart-policy**=*policy* Set the systemd restart policy. The restart-policy must be one of: "no", "on-success", "on-failure", "on-abnormal", -"on-watchdog", "on-abort", or "always". The default policy is *on-failure*. +"on-watchdog", "on-abort", or "always". The default policy is *on-failure* unless the container was created with a custom restart policy. + +Note that generating a unit without `--new` on a container with a custom restart policy can lead to issues on shutdown; systemd will attempt to stop the unit while Podman tries to restart it. It is recommended to to create the container without `--restart` and use the `--restart-policy` option instead when generating the unit file. #### **--restart-sec**=*time* diff --git a/docs/source/markdown/podman-kube-play.1.md.in b/docs/source/markdown/podman-kube-play.1.md.in index 6bf3acc9b..e4e1199e6 100644 --- a/docs/source/markdown/podman-kube-play.1.md.in +++ b/docs/source/markdown/podman-kube-play.1.md.in @@ -219,11 +219,7 @@ Directory path for seccomp profiles (default: "/var/lib/kubelet/seccomp"). (This Start the pod after creating it, set to false to only create it. -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, -then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, -TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. +@@option tls-verify @@option userns.container ## EXAMPLES diff --git a/docs/source/markdown/podman-login.1.md.in b/docs/source/markdown/podman-login.1.md.in index c309395fb..63798ed99 100644 --- a/docs/source/markdown/podman-login.1.md.in +++ b/docs/source/markdown/podman-login.1.md.in @@ -48,11 +48,7 @@ Password for registry Take the password from stdin -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, -then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, -TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. +@@option tls-verify #### **--username**, **-u**=*username* diff --git a/docs/source/markdown/podman-manifest-add.1.md.in b/docs/source/markdown/podman-manifest-add.1.md.in index 0d957cd1e..6a9df69b4 100644 --- a/docs/source/markdown/podman-manifest-add.1.md.in +++ b/docs/source/markdown/podman-manifest-add.1.md.in @@ -56,9 +56,7 @@ configuration information. Specify the OS version which the list or index records as a requirement for the image. This option is rarely used. -#### **--tls-verify** - -Require HTTPS and verify certificates when talking to container registries (defaults to true). +@@option tls-verify #### **--variant** diff --git a/docs/source/markdown/podman-manifest-create.1.md b/docs/source/markdown/podman-manifest-create.1.md.in index cb8ad41fb..6ebf8a055 100644 --- a/docs/source/markdown/podman-manifest-create.1.md +++ b/docs/source/markdown/podman-manifest-create.1.md.in @@ -28,9 +28,7 @@ If a manifest list named *listnameorindexname* already exists, modify the preexisting list instead of exiting with an error. The contents of *listnameorindexname* are not modified if no *imagename*s are given. -#### **--tls-verify** - -Require HTTPS and verify certificates when talking to container registries. (defaults to true) +@@option tls-verify ## EXAMPLES diff --git a/docs/source/markdown/podman-manifest-push.1.md.in b/docs/source/markdown/podman-manifest-push.1.md.in index e3d578d10..fe0a534c9 100644 --- a/docs/source/markdown/podman-manifest-push.1.md.in +++ b/docs/source/markdown/podman-manifest-push.1.md.in @@ -59,9 +59,7 @@ Sign the pushed images with a sigstore signature using a private key at the spec If signing the image (using either **--sign-by** or **--sign-by-sigstore-private-key**), read the passphrase to use from the specified path. -#### **--tls-verify** - -Require HTTPS and verify certificates when talking to container registries. (defaults to true) +@@option tls-verify ## DESTINATION diff --git a/docs/source/markdown/podman-pod-create.1.md.in b/docs/source/markdown/podman-pod-create.1.md.in index f1fdc3e6b..7a2a3c78d 100644 --- a/docs/source/markdown/podman-pod-create.1.md.in +++ b/docs/source/markdown/podman-pod-create.1.md.in @@ -99,14 +99,7 @@ The custom image that will be used for the infra container. Unless specified, P @@option infra-name -#### **--ip**=*ip* - -Specify a static IP address for the pod, for example **10.88.64.128**. -This option can only be used if the pod is joined to only a single network - i.e., **--network=network-name** is used at most once - -and if the pod is not joining another container's network namespace via **--network=container:_id_**. -The address must be within the network's IP address pool (default **10.88.0.0/16**). - -To specify multiple static IP addresses per pod, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option. +@@option ip #### **--ip6**=*ipv6* @@ -176,25 +169,7 @@ This option conflicts with **--add-host**. Write the pod ID to the file. -#### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]* - -Publish a container's port, or range of ports, within this pod to the host. - -Both *hostPort* and *containerPort* can be specified as a range of ports. -When specifying ranges for both, the number of container ports in the -range must match the number of host ports in the range. - -If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host. - -By default, Podman will publish TCP ports. To publish a UDP port instead, give -`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice, -with `tcp`, and `udp` as protocols respectively. Rootful containers can also -publish ports using the `sctp` protocol. - -Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). -If it is not, the container port will be randomly assigned a port on the host. - -Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`. +@@option publish **Note:** You must not publish ports of containers in the pod individually, but only by the pod itself. diff --git a/docs/source/markdown/podman-pull.1.md.in b/docs/source/markdown/podman-pull.1.md.in index 5405d7a45..46adec97b 100644 --- a/docs/source/markdown/podman-pull.1.md.in +++ b/docs/source/markdown/podman-pull.1.md.in @@ -63,10 +63,7 @@ All tagged images in the repository will be pulled. Print the usage statement. -#### **--os**=*OS* - -Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`. -Unless overridden, subsequent lookups of the same image in the local storage will match this OS, regardless of the host. +@@option os.pull @@option platform @@ -74,11 +71,7 @@ Unless overridden, subsequent lookups of the same image in the local storage wil Suppress output information when pulling images -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, -then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, -TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. +@@option tls-verify #### **--variant**=*VARIANT* diff --git a/docs/source/markdown/podman-push.1.md.in b/docs/source/markdown/podman-push.1.md.in index 6e6eecfa2..c679950f7 100644 --- a/docs/source/markdown/podman-push.1.md.in +++ b/docs/source/markdown/podman-push.1.md.in @@ -90,11 +90,7 @@ Add a sigstore signature at the destination using a private key at the specified If signing the image (using either **--sign-by** or **--sign-by-sigstore-private-key**), read the passphrase to use from the specified path. -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, -then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, -TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. +@@option tls-verify ## EXAMPLE diff --git a/docs/source/markdown/podman-run.1.md.in b/docs/source/markdown/podman-run.1.md.in index 53f7cfe99..fe947b1d0 100644 --- a/docs/source/markdown/podman-run.1.md.in +++ b/docs/source/markdown/podman-run.1.md.in @@ -249,14 +249,7 @@ Print usage statement When set to **true**, keep stdin open even if not attached. The default is **false**. -#### **--ip**=*ipv4* - -Specify a static IPv4 address for the container, for example **10.88.64.128**. -This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once - -and if the container is not joining another container's network namespace via **--network=container:_id_**. -The address must be within the network's IP address pool (default **10.88.0.0/16**). - -To specify multiple static IP addresses per container, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option. +@@option ip #### **--ip6**=*ipv6* @@ -353,9 +346,7 @@ This option conflicts with **--add-host**. @@option oom-score-adj -#### **--os**=*OS* -Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`. -Unless overridden, subsequent lookups of the same image in the local storage will match this OS, regardless of the host. +@@option os.pull #### **--passwd** @@ -389,25 +380,7 @@ The total FDs will be 3+N. (This option is not available with the remote Podman @@option privileged -#### **--publish**, **-p**=*[[ip:][hostPort]:]containerPort[/protocol]* - -Publish a container's port, or range of ports, to the host. - -Both *hostPort* and *containerPort* can be specified as a range of ports. -When specifying ranges for both, the number of container ports in the -range must match the number of host ports in the range. - -If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host. - -By default, Podman will publish TCP ports. To publish a UDP port instead, give -`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice, -with `tcp`, and `udp` as protocols respectively. Rootful containers can also -publish ports using the `sctp` protocol. - -Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). -If it is not, the container port will be randomly assigned a port on the host. - -Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`. +@@option publish **Note:** If a container will be run within a pod, it is not necessary to publish the port for the containers in the pod. The port must only be published by the pod itself. Pod network @@ -417,18 +390,7 @@ associated ports. If one container binds to a port, no other container can use t within the pod while it is in use. Containers in the pod can also communicate over localhost by having one container bind to localhost in the pod, and another connect to that port. -#### **--publish-all**, **-P** - -Publish all exposed ports to random ports on the host interfaces. The default is **false**. - -When set to **true**, publish all exposed ports to the host interfaces. The -default is **false**. If the operator uses **-P** (or **-p**) then Podman will make the -exposed port accessible on the host and the ports will be available to any -client that can reach the host. - -When using this option, Podman will bind any exposed port to a random port on the host -within an ephemeral port range defined by */proc/sys/net/ipv4/ip_local_port_range*. -To find the mapping between the host ports and the exposed ports, use **podman port**. +@@option publish-all @@option pull @@ -519,9 +481,7 @@ Sets whether the signals sent to the **podman run** command are proxied to the c @@option timeout -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. +@@option tls-verify @@option tmpfs diff --git a/docs/source/markdown/podman-search.1.md.in b/docs/source/markdown/podman-search.1.md.in index 102cf7ad7..89df8c29f 100644 --- a/docs/source/markdown/podman-search.1.md.in +++ b/docs/source/markdown/podman-search.1.md.in @@ -87,12 +87,7 @@ The result contains the Image name and its tag, one line for every tag associate Do not truncate the output (default *false*). -#### **--tls-verify** - -Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, -then TLS verification will be used. If set to false, then TLS verification will not be used if needed. If not specified, -default registries will be searched through (in /etc/containers/registries.conf), and TLS will be skipped if a default -registry is listed in the insecure registries. +@@option tls-verify ## EXAMPLES |