diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/play_kube_support.md | 152 | ||||
| -rw-r--r-- | docs/source/markdown/podman-build.1.md | 41 | ||||
| -rw-r--r-- | docs/source/markdown/podman-container-clone.1.md | 6 | ||||
| -rw-r--r-- | docs/source/markdown/podman-create.1.md | 31 | ||||
| -rw-r--r-- | docs/source/markdown/podman-kill.1.md | 2 | ||||
| -rw-r--r-- | docs/source/markdown/podman-machine-ssh.1.md | 30 | ||||
| -rw-r--r-- | docs/source/markdown/podman-network-create.1.md | 2 | ||||
| -rw-r--r-- | docs/source/markdown/podman-pod-create.1.md | 59 | ||||
| -rw-r--r-- | docs/source/markdown/podman-run.1.md | 23 | ||||
| -rw-r--r-- | docs/source/markdown/podman-volume-create.1.md | 2 | ||||
| -rw-r--r-- | docs/source/markdown/podman-volume-import.1.md | 6 | ||||
| -rw-r--r-- | docs/source/markdown/podman-volume.1.md | 2 | ||||
| -rw-r--r-- | docs/tutorials/mac_experimental.md | 2 |
13 files changed, 299 insertions, 59 deletions
diff --git a/docs/play_kube_support.md b/docs/play_kube_support.md new file mode 100644 index 000000000..cf983bc04 --- /dev/null +++ b/docs/play_kube_support.md @@ -0,0 +1,152 @@ +# Podman Play Kube Support + +This document outlines the kube yaml fields that are currently supported by the **podman play kube** command. + +Note: **N/A** means that the option cannot be supported in a single-node Podman environment. + +## Pod Fields + +| Field | Support | +|---------------------------------------------------|---------| +| containers | ✅ | +| initContainers | ✅ | +| imagePullSecrets | | +| enableServiceLinks | | +| os<nolink>.name | | +| volumes | | +| nodeSelector | N/A | +| nodeName | N/A | +| affinity.nodeAffinity | N/A | +| affinity.podAffinity | N/A | +| affinity.podAntiAffinity | N/A | +| tolerations.key | N/A | +| tolerations.operator | N/A | +| tolerations.effect | N/A | +| tolerations.tolerationSeconds | N/A | +| schedulerName | N/A | +| runtimeClassName | | +| priorityClassName | | +| priority | | +| topologySpreadConstraints.maxSkew | N/A | +| topologySpreadConstraints.topologyKey | N/A | +| topologySpreadConstraints.whenUnsatisfiable | N/A | +| topologySpreadConstraints.labelSelector | N/A | +| topologySpreadConstraints.minDomains | N/A | +| restartPolicy | ✅ | +| terminationGracePeriod | | +| activeDeadlineSeconds | | +| readinessGates.conditionType | | +| hostname | ✅ | +| setHostnameAsFQDN | | +| subdomain | | +| hostAliases.hostnames | ✅ | +| hostAliases.ip | ✅ | +| dnsConfig.nameservers | ✅ | +| dnsConfig<nolink>.options.name | ✅ | +| dnsConfig.options.value | ✅ | +| dnsConfig.searches | ✅ | +| dnsPolicy | | +| hostNetwork | ✅ | +| hostPID | | +| hostIPC | | +| shareProcessNamespace | ✅ | +| serviceAccountName | | +| automountServiceAccountToken | | +| securityContext.runAsUser | | +| securityContext.runAsNonRoot | | +| securityContext.runAsGroup | | +| securityContext.supplementalGroups | | +| securityContext.fsGroup | | +| securityContext.fsGroupChangePolicy | | +| securityContext.seccompProfile.type | | +| securityContext.seccompProfile.localhostProfile | | +| securityContext.seLinuxOptions.level | | +| securityContext.seLinuxOptions.role | | +| securityContext.seLinuxOptions.type | | +| securityContext.seLinuxOptions.user | | +| securityContext<nolink>.sysctls.name | | +| securityContext.sysctls.value | | +| securityContext.windowsOptions.gmsaCredentialSpec | | +| securityContext.windowsOptions.hostProcess | | +| securityContext.windowsOptions.runAsUserName | | + +## Container Fields + +| Field | Support | +|---------------------------------------------------|---------| +| name | ✅ | +| image | ✅ | +| imagePullPolicy | ✅ | +| command | ✅ | +| args | ✅ | +| workingDir | ✅ | +| ports.containerPort | ✅ | +| ports.hostIP | ✅ | +| ports.hostPort | ✅ | +| ports<nolink>.name | ✅ | +| ports.protocol | ✅ | +| env<nolink>.name | ✅ | +| env.value | ✅ | +| env.valueFrom.configMapKeyRef.key | ✅ | +| env<nolink>.valueFrom.configMapKeyRef.name | ✅ | +| env.valueFrom.configMapKeyRef.optional | ✅ | +| env.valueFrom.fieldRef | ✅ | +| env.valueFrom.resourceFieldRef | ✅ | +| env.valueFrom.secretKeyRef.key | ✅ | +| env<nolink>.valueFrom.secretKeyRef.name | ✅ | +| env.valueFrom.secretKeyRef.optional | ✅ | +| envFrom<nolink>.configMapRef.name | ✅ | +| envFrom.configMapRef.optional | ✅ | +| envFrom.prefix | | +| envFrom<nolink>.secretRef.name | ✅ | +| envFrom.secretRef.optional | ✅ | +| volumeMounts.mountPath | ✅ | +| volumeMounts<nolink>.name | ✅ | +| volumeMounts.mountPropagation | | +| volumeMounts.readOnly | ✅ | +| volumeMounts.subPath | | +| volumeMounts.subPathExpr | | +| volumeDevices.devicePath | | +| volumeDevices<nolink>.name | | +| resources.limits | ✅ | +| resources.requests | ✅ | +| lifecycle.postStart | | +| lifecycle.preStop | | +| terminationMessagePath | | +| terminationMessagePolicy | | +| livenessProbe | ✅ | +| readinessProbe | | +| startupProbe | | +| securityContext.runAsUser | ✅ | +| securityContext.runAsNonRoot | | +| securityContext.runAsGroup | ✅ | +| securityContext.readOnlyRootFilesystem | ✅ | +| securityContext.procMount | | +| securityContext.privileged | ✅ | +| securityContext.allowPrivilegeEscalation | ✅ | +| securityContext.capabilities.add | ✅ | +| securityContext.capabilities.drop | ✅ | +| securityContext.seccompProfile.type | | +| securityContext.seccompProfile.localhostProfile | | +| securityContext.seLinuxOptions.level | ✅ | +| securityContext.seLinuxOptions.role | ✅ | +| securityContext.seLinuxOptions.type | ✅ | +| securityContext.seLinuxOptions.user | ✅ | +| securityContext.windowsOptions.gmsaCredentialSpec | | +| securityContext.windowsOptions.hostProcess | | +| securityContext.windowsOptions.runAsUserName | | +| stdin | | +| stdinOnce | | +| tty | | + +## PersistentVolumeClaim Fields + +| Field | Support | +|--------------------|---------| +| volumeName | | +| storageClassName | ✅ | +| volumeMode | | +| accessModes | ✅ | +| selector | | +| resources.limits | | +| resources.requests | ✅ | diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md index b372bfce6..a59dcea89 100644 --- a/docs/source/markdown/podman-build.1.md +++ b/docs/source/markdown/podman-build.1.md @@ -91,6 +91,33 @@ instructions read from the Containerfiles in the same way that environment variables are, but which will not be added to environment variable list in the resulting image's configuration. +#### **--build-context**=*name=value* + +Specify an additional build context using its short name and its location. +Additional build contexts can be referenced in the same manner as we access +different stages in COPY instruction. + +Valid values could be: + +* Local directory – e.g. --build-context project2=../path/to/project2/src +* HTTP URL to a tarball – e.g. --build-context src=https://example.org/releases/src.tar +* Container image – specified with a container-image:// prefix, e.g. --build-context alpine=container-image://alpine:3.15, (also accepts docker://, docker-image://) + +On the Containerfile side, you can reference the build context on all +commands that accept the “from” parameter. Here’s how that might look: + +```dockerfile +FROM [name] +COPY --from=[name] ... +RUN --mount=from=[name] … +``` + +The value of [name] is matched with the following priority order: + +* Named build context defined with --build-context [name]=.. +* Stage defined with AS [name] inside Containerfile +* Image [name], either local or in a remote registry + #### **--cache-from** Images to utilize as potential cache sources. Podman does not currently support @@ -140,6 +167,10 @@ This option is added to be aligned with other containers CLIs. Podman doesn't communicate with a daemon or a remote server. Thus, compressing the data before sending it is irrelevant to Podman. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) +#### **--cpp-flag**=*flags* + +Set additional flags to pass to the C Preprocessor cpp(1). Containerfiles ending with a ".in" suffix will be preprocessed via cpp(1). This option can be used to pass additional flags to cpp.Note: You can also set default CPPFLAGS by setting the BUILDAH_CPPFLAGS environment variable (e.g., export BUILDAH_CPPFLAGS="-DDEBUG"). + #### **--cpu-period**=*limit* Set the CPU period for the Completely Fair Scheduler (CFS), which is a @@ -404,8 +435,8 @@ if it does not exist. This option is useful for building multi architecture imag #### **--memory**, **-m**=*LIMIT* -Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kilobytes), -m (megabytes), or g (gigabytes)) +Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), +m (mebibytes), or g (gibibytes)) Allows you to constrain the memory available to a container. If the host supports swap memory, then the **-m** memory setting can be larger than physical @@ -422,7 +453,7 @@ A limit value equal to memory plus swap. Must be used with the **-m** the value of --memory. The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes), -`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a +`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. #### **--network**=*mode*, **--net** @@ -600,8 +631,8 @@ as a seccomp filter Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`. -Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or -`g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the +Unit is optional and can be `b` (bytes), `k` (kibibytes), `m`(mebibytes), or +`g` (gibibytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. #### **--sign-by**=*fingerprint* diff --git a/docs/source/markdown/podman-container-clone.1.md b/docs/source/markdown/podman-container-clone.1.md index 69423113d..6d552db75 100644 --- a/docs/source/markdown/podman-container-clone.1.md +++ b/docs/source/markdown/podman-container-clone.1.md @@ -131,7 +131,7 @@ Force removal of the original container that we are cloning. Can only be used in #### **--memory**, **-m**=*limit* -Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) +Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) Allows the memory available to a container to be constrained. If the host supports swap memory, then the **-m** memory setting can be larger than physical @@ -143,7 +143,7 @@ If no memory limits are specified, the original container's will be used. #### **--memory-reservation**=*limit* -Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) +Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) After setting memory reservation, when the system detects memory contention or low memory, containers are forced to restrict their consumption to their @@ -159,7 +159,7 @@ A limit value equal to memory plus swap. Must be used with the **-m** the value of --memory if specified. Otherwise, the container being cloned will be used to derive the swap value. The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes), -`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a +`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. #### **--memory-swappiness**=*number* diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 009209343..913183869 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -573,7 +573,7 @@ To specify multiple static MAC addresses per container, set multiple networks us #### **--memory**, **-m**=*limit* -Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) +Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) Allows you to constrain the memory available to a container. If the host supports swap memory, then the **-m** memory setting can be larger than physical @@ -583,7 +583,7 @@ system's page size (the value would be very large, that's millions of trillions) #### **--memory-reservation**=*limit* -Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) +Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) After setting memory reservation, when the system detects memory contention or low memory, containers are forced to restrict their consumption to their @@ -599,7 +599,7 @@ A limit value equal to memory plus swap. Must be used with the **-m** the value of --memory. The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes), -`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a +`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. #### **--memory-swappiness**=*number* @@ -826,22 +826,27 @@ container. Rootless containers cannot have more privileges than the account that launched them. -#### **--publish**, **-p**=*port* +#### **--publish**, **-p**=[[_ip_:][_hostPort_]:]_containerPort_[/_protocol_] -Publish a container's port, or range of ports, to the host +Publish a container's port, or range of ports, to the host. -Format: `ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort` Both hostPort and containerPort can be specified as a range of ports. -When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. -(e.g., `podman run -p 1234-1236:1222-1224 --name thisWorks -t busybox` -but not `podman run -p 1230-1236:1230-1240 --name RangeContainerPortsBiggerThanRangeHostPorts -t busybox`) -With host IP: `podman run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT --name CONTAINER -t someimage` +When specifying ranges for both, the number of container ports in the +range must match the number of host ports in the range. + If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host. + +By default, Podman will publish TCP ports. To publish a UDP port instead, give +`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice, +with `tcp`, and `udp` as protocols respectively. Rootful containers can also +publish ports using the `sctp` protocol. + Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). If it is not, the container port will be randomly assigned a port on the host. -Use `podman port` to see the actual mapping: `podman port CONTAINER $CONTAINERPORT` -**Note:** if a container will be run within a pod, it is not necessary to publish the port for +Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`. + +**Note:** If a container will be run within a pod, it is not necessary to publish the port for the containers in the pod. The port must only be published by the pod itself. Pod network stacks act like the network stack on the host - you have a variety of containers in the pod, and programs in the container, all sharing a single interface and IP address, and @@ -1008,7 +1013,7 @@ Note: Labeling can be disabled for all containers by setting label=false in the #### **--shm-size**=*size* -Size of `/dev/shm` (format: `<number>[<unit>]`, where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) +Size of `/dev/shm` (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. When size is `0`, there is no limit on the amount of memory used for IPC by the container. diff --git a/docs/source/markdown/podman-kill.1.md b/docs/source/markdown/podman-kill.1.md index 35ca9f74f..a4f80ac81 100644 --- a/docs/source/markdown/podman-kill.1.md +++ b/docs/source/markdown/podman-kill.1.md @@ -14,7 +14,7 @@ The main process inside each container specified will be sent SIGKILL, or any si ## OPTIONS #### **--all**, **-a** -Signal all running containers. This does not include paused containers. +Signal all running and paused containers. #### **--cidfile** diff --git a/docs/source/markdown/podman-machine-ssh.1.md b/docs/source/markdown/podman-machine-ssh.1.md index db0350961..6a1455df1 100644 --- a/docs/source/markdown/podman-machine-ssh.1.md +++ b/docs/source/markdown/podman-machine-ssh.1.md @@ -14,6 +14,7 @@ first argument must be the virtual machine name. The optional command to execute can then follow. If no command is provided, an interactive session with the virtual machine is established. +The exit code from ssh command will be forwarded to the podman machine ssh caller, see [Exit Codes](#Exit-Codes). ## OPTIONS @@ -25,6 +26,35 @@ Print usage statement. Username to use when SSH-ing into the VM. +## Exit Codes + +The exit code from `podman machine ssh` gives information about why the command failed. +When `podman machine ssh` commands exit with a non-zero code, +the exit codes follow the `chroot` standard, see below: + + **125** The error is with podman **_itself_** + + $ podman machine ssh --foo; echo $? + Error: unknown flag: --foo + 125 + + **126** Executing a _contained command_ and the _command_ cannot be invoked + + $ podman machine ssh /etc; echo $? + Error: fork/exec /etc: permission denied + 126 + + **127** Executing a _contained command_ and the _command_ cannot be found + + $ podman machine ssh foo; echo $? + Error: fork/exec /usr/bin/bogus: no such file or directory + 127 + + **Exit code** _contained command_ exit code + + $ podman machine ssh /bin/sh -c 'exit 3'; echo $? + 3 + ## EXAMPLES To get an interactive session with the default virtual machine: diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md index 0cdb6fe88..1d89b12e3 100644 --- a/docs/source/markdown/podman-network-create.1.md +++ b/docs/source/markdown/podman-network-create.1.md @@ -4,7 +4,7 @@ podman\-network-create - Create a Podman network ## SYNOPSIS -**podman network create** [*options*] name +**podman network create** [*options*] [*name*] ## DESCRIPTION Create a CNI-network configuration for use with Podman. By default, Podman creates a bridge connection. diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md index fa431b611..1a98528bb 100644 --- a/docs/source/markdown/podman-pod-create.1.md +++ b/docs/source/markdown/podman-pod-create.1.md @@ -4,14 +4,24 @@ podman\-pod\-create - Create a new pod ## SYNOPSIS -**podman pod create** [*options*] +**podman pod create** [*options*] [*name*] ## DESCRIPTION Creates an empty pod, or unit of multiple containers, and prepares it to have -containers added to it. The pod id is printed to STDOUT. You can then use -**podman create --pod `<pod_id|pod_name>` ...** to add containers to the pod, and -**podman pod start `<pod_id|pod_name>`** to start the pod. +containers added to it. The pod can be created with a specific name. If a name +is not given a random name is generated. The pod id is printed to STDOUT. You +can then use **podman create --pod `<pod_id|pod_name>` ...** to add containers +to the pod, and **podman pod start `<pod_id|pod_name>`** to start the pod. + +The operator can identify a pod in three ways: +UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”) +UUID short identifier (“f78375b1c487”) +Name (“jonah”) + +podman generates a UUID for each pod, and if a name is not assigned +to the container with **--name** then a random string name will be generated +for it. The name is useful any place you need to identify a pod. ## OPTIONS @@ -217,16 +227,30 @@ Set the PID mode for the pod. The default is to create a private PID namespace f Write the pod ID to the file. -#### **--publish**=*port*, **-p** +#### **--publish**, **-p**=[[_ip_:][_hostPort_]:]_containerPort_[/_protocol_] -Publish a port or range of ports from the pod to the host. +Publish a container's port, or range of ports, within this pod to the host. -Format: `ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort` Both hostPort and containerPort can be specified as a range of ports. -When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. -Use `podman port` to see the actual mapping: `podman port CONTAINER $CONTAINERPORT`. +When specifying ranges for both, the number of container ports in the +range must match the number of host ports in the range. + +If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host. + +By default, Podman will publish TCP ports. To publish a UDP port instead, give +`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice, +with `tcp`, and `udp` as protocols respectively. Rootful containers can also +publish ports using the `sctp` protocol. + +Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). +If it is not, the container port will be randomly assigned a port on the host. -NOTE: This cannot be modified once the pod is created. +Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`. + +**Note:** You must not publish ports of containers in the pod individually, +but only by the pod itself. + +**Note:** This cannot be modified once the pod is created. #### **--replace** @@ -266,16 +290,7 @@ Note: Labeling can be disabled for all containers by setting label=false in the #### **--share**=*namespace* -A comma-separated list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared. The namespaces to choose from are cgroup, ipc, net, pid, uts. - -The operator can identify a pod in three ways: -UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”) -UUID short identifier (“f78375b1c487”) -Name (“jonah”) - -podman generates a UUID for each pod, and if a name is not assigned -to the container with **--name** then a random string name will be generated -for it. The name is useful any place you need to identify a pod. +A comma-separated list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared. The namespaces to choose from are cgroup, ipc, net, pid, uts. If the option is prefixed with a "+" then the namespace is appended to the default list, otherwise it replaces the default list. Defaults matches Kubernetes default (ipc, net, uts) #### **--share-parent** @@ -549,9 +564,11 @@ that data on the target. ``` $ podman pod create --name test +$ podman pod create mypod + $ podman pod create --infra=false -$ podman pod create --infra-command /top +$ podman pod create --infra-command /top toppod $ podman pod create --publish 8443:443 diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index a16ee9394..b9d87b5bd 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -597,7 +597,7 @@ To specify multiple static MAC addresses per container, set multiple networks us #### **--memory**, **-m**=_number_[_unit_] -Memory limit. A _unit_ can be **b** (bytes), **k** (kilobytes), **m** (megabytes), or **g** (gigabytes). +Memory limit. A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes). Allows you to constrain the memory available to a container. If the host supports swap memory, then the **-m** memory setting can be larger than physical @@ -607,7 +607,7 @@ system's page size (the value would be very large, that's millions of trillions) #### **--memory-reservation**=_number_[_unit_] -Memory soft limit. A _unit_ can be **b** (bytes), **k** (kilobytes), **m** (megabytes), or **g** (gigabytes). +Memory soft limit. A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes). After setting memory reservation, when the system detects memory contention or low memory, containers are forced to restrict their consumption to their @@ -618,7 +618,7 @@ as memory limit. #### **--memory-swap**=_number_[_unit_] A limit value equal to memory plus swap. -A _unit_ can be **b** (bytes), **k** (kilobytes), **m** (megabytes), or **g** (gigabytes). +A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes). Must be used with the **-m** (**--memory**) flag. The argument value should always be larger than that of @@ -864,22 +864,27 @@ points, Apparmor/SELinux separation, and Seccomp filters are all disabled. Rootless containers cannot have more privileges than the account that launched them. -#### **--publish**, **-p**=_ip_:_hostPort_:_containerPort_ | _ip_::_containerPort_ | _hostPort_:_containerPort_ | _containerPort_ +#### **--publish**, **-p**=[[_ip_:][_hostPort_]:]_containerPort_[/_protocol_] Publish a container's port, or range of ports, to the host. Both hostPort and containerPort can be specified as a range of ports. - -When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. +When specifying ranges for both, the number of container ports in the +range must match the number of host ports in the range. If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host. +By default, Podman will publish TCP ports. To publish a UDP port instead, give +`udp` as protocol. To publish both TCP and UDP ports, set `--publish` twice, +with `tcp`, and `udp` as protocols respectively. Rootful containers can also +publish ports using the `sctp` protocol. + Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). If it is not, the container port will be randomly assigned a port on the host. -Use **podman port** to see the actual mapping: **podman port $CONTAINER $CONTAINERPORT**. +Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`. -**Note:** if a container will be run within a pod, it is not necessary to publish the port for +**Note:** If a container will be run within a pod, it is not necessary to publish the port for the containers in the pod. The port must only be published by the pod itself. Pod network stacks act like the network stack on the host - you have a variety of containers in the pod, and programs in the container, all sharing a single interface and IP address, and @@ -1053,7 +1058,7 @@ Note: Labeling can be disabled for all containers by setting **label=false** in #### **--shm-size**=_number_[_unit_] -Size of _/dev/shm_. A _unit_ can be **b** (bytes), **k** (kilobytes), **m** (megabytes), or **g** (gigabytes). +Size of _/dev/shm_. A _unit_ can be **b** (bytes), **k** (kibibytes), **m** (mebibytes), or **g** (gibibytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the default is **64m**. When _size_ is **0**, there is no limit on the amount of memory used for IPC by the container. diff --git a/docs/source/markdown/podman-volume-create.1.md b/docs/source/markdown/podman-volume-create.1.md index 06fadcaa1..31e109791 100644 --- a/docs/source/markdown/podman-volume-create.1.md +++ b/docs/source/markdown/podman-volume-create.1.md @@ -4,7 +4,7 @@ podman\-volume\-create - Create a new volume ## SYNOPSIS -**podman volume create** [*options*] +**podman volume create** [*options*] [*name*] ## DESCRIPTION diff --git a/docs/source/markdown/podman-volume-import.1.md b/docs/source/markdown/podman-volume-import.1.md index 71956f43a..4ae9ae1e2 100644 --- a/docs/source/markdown/podman-volume-import.1.md +++ b/docs/source/markdown/podman-volume-import.1.md @@ -1,7 +1,7 @@ % podman-volume-import(1) ## NAME -podman\-volume\-import - Import tarball contents into a podman volume +podman\-volume\-import - Import tarball contents into an existing podman volume ## SYNOPSIS **podman volume import** *volume* [*source*] @@ -11,9 +11,9 @@ podman\-volume\-import - Import tarball contents into a podman volume **podman volume import** imports the contents of a tarball into the podman volume's mount point. **podman volume import** can consume piped input when using `-` as source path. -Note: Following command is not supported by podman-remote. +The given volume must already exist and will not be created by podman volume import. -**podman volume import VOLUME [SOURCE]** +Note: Following command is not supported by podman-remote. #### **--help** diff --git a/docs/source/markdown/podman-volume.1.md b/docs/source/markdown/podman-volume.1.md index d05f007c8..476d58591 100644 --- a/docs/source/markdown/podman-volume.1.md +++ b/docs/source/markdown/podman-volume.1.md @@ -16,7 +16,7 @@ podman volume is a set of subcommands that manage volumes. | create | [podman-volume-create(1)](podman-volume-create.1.md) | Create a new volume. | | exists | [podman-volume-exists(1)](podman-volume-exists.1.md) | Check if the given volume exists. | | export | [podman-volume-export(1)](podman-volume-export.1.md) | Exports volume to external tar. | -| import | [podman-volume-import(1)](podman-volume-import.1.md) | Import tarball contents into a podman volume. | +| import | [podman-volume-import(1)](podman-volume-import.1.md) | Import tarball contents into an existing podman volume. | | inspect | [podman-volume-inspect(1)](podman-volume-inspect.1.md) | Get detailed information on one or more volumes. | | ls | [podman-volume-ls(1)](podman-volume-ls.1.md) | List all the available volumes. | | mount | [podman-volume-mount(1)](podman-volume-mount.1.md) | Mount a volume filesystem. | diff --git a/docs/tutorials/mac_experimental.md b/docs/tutorials/mac_experimental.md index b5b815fe5..1e75d01b8 100644 --- a/docs/tutorials/mac_experimental.md +++ b/docs/tutorials/mac_experimental.md @@ -1,4 +1,4 @@ -# Using podman-machine on MacOS (x86_64 and Apple silicon) +# Using podman-machine on MacOS (Apple silicon and x86_64) ## Setup |