diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/source/markdown/podman-build.1.md | 57 | ||||
| -rw-r--r-- | docs/source/markdown/podman-create.1.md | 12 | ||||
| -rw-r--r-- | docs/source/markdown/podman-run.1.md | 12 |
3 files changed, 81 insertions, 0 deletions
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md index a07b55924..6618df1b9 100644 --- a/docs/source/markdown/podman-build.1.md +++ b/docs/source/markdown/podman-build.1.md @@ -351,6 +351,15 @@ another process. Do not use existing cached images for the container build. Build from the start with a new set of cached layers. +**--omit-timestamp** *bool-value* + +Set the create timestamp to epoch 0 to allow for deterministic builds (defaults to false). +By default, the created timestamp is changed and written into the image manifest with every commit, +causing the image's sha256 hash to be different even if the sources are exactly the same otherwise. +When --omit-timestamp is set to true, the created timestamp is always set to the epoch and therefore not +changed, allowing the image's sha256 to remain the same. All files committed to the layers of the image +will get the epoch 0 timestamp. + **--os**=*string* Set the OS to the provided value instead of the current operating system of the host. @@ -736,6 +745,52 @@ $ podman build -f dev/Containerfile https://10.10.10.1/podman/context.tar.gz ## Files +### `.dockerignore` + +If the file .dockerignore exists in the context directory, `podman build` reads +its contents. Podman uses the content to exclude files and directories from +the context directory, when executing COPY and ADD directives in the +Containerfile/Dockerfile + +Users can specify a series of Unix shell globals in a .dockerignore file to +identify files/directories to exclude. + +Podman supports a special wildcard string `**` which matches any number of +directories (including zero). For example, **/*.go will exclude all files that +end with .go that are found in all directories. + +Example .dockerignore file: + +``` +# exclude this content for image +*/*.c +**/output* +src +``` + +`*/*.c` +Excludes files and directories whose names ends with .c in any top level subdirectory. For example, the source file include/rootless.c. + +`**/output*` +Excludes files and directories starting with `output` from any directory. + +`src` +Excludes files named src and the directory src as well as any content in it. + +Lines starting with ! (exclamation mark) can be used to make exceptions to +exclusions. The following is an example .dockerignore file that uses this +mechanism: +``` +*.doc +!Help.doc +``` + +Exclude all doc files except Help.doc from the image. + +This functionality is compatible with the handling of .dockerignore files described here: + +https://docs.docker.com/engine/reference/builder/#dockerignore-file + **registries.conf** (`/etc/containers/registries.conf`) registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. @@ -752,6 +807,8 @@ If you are using `useradd` within your build script, you should pass the `--no-l podman(1), buildah(1), containers-registries.conf(5), crun(8), runc(8), useradd(8) ## HISTORY +Aug 2020, Additional options and .dockerignore added by Dan Walsh <dwalsh@redhat.com> + May 2018, Minor revisions added by Joe Doss <joe@solidadmin.com> December 2017, Originally compiled by Tom Sweeney <tsweeney@redhat.com> diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 976a1e681..2f59f8a09 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -89,6 +89,10 @@ The *split* option splits the current cgroup in two sub-cgroups: one for conmon Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. +**--cgroup-conf**=*KEY=VALUE* + +When running on cgroup v2, specify the cgroup file to write to and its value. For example **--cgroup-conf=memory.high=1073741824** sets the memory.high limit to 1GB. + **--cidfile**=*id* Write the container ID to the file @@ -648,6 +652,14 @@ Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). If it is not, the container port will be randomly assigned a port on the host. Use `podman port` to see the actual mapping: `podman port CONTAINER $CONTAINERPORT` +**Note:** if a container will be run within a pod, it is not necessary to publish the port for +the containers in the pod. The port must only be published by the pod itself. Pod network +stacks act like the network stack on the host - you have a variety of containers in the pod, +and programs in the container, all sharing a single interface and IP address, and +associated ports. If one container binds to a port, no other container can use that port +within the pod while it is in use. Containers in the pod can also communicate over localhost +by having one container bind to localhost in the pod, and another connect to that port. + **--publish-all**, **-P**=*true|false* Publish all exposed ports to random ports on the host interfaces. The default is *false*. diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index b6c1fab17..c86090167 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -104,6 +104,10 @@ The **split** option splits the current cgroup in two sub-cgroups: one for conmo Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. +**--cgroup-conf**=*KEY=VALUE* + +When running on cgroup v2, specify the cgroup file to write to and its value. For example **--cgroup-conf=memory.high=1073741824** sets the memory.high limit to 1GB. + **--cidfile**=*file* Write the container ID to *file*. @@ -662,6 +666,14 @@ If it is not, the container port will be randomly assigned a port on the host. Use **podman port** to see the actual mapping: **podman port $CONTAINER $CONTAINERPORT**. +**Note:** if a container will be run within a pod, it is not necessary to publish the port for +the containers in the pod. The port must only be published by the pod itself. Pod network +stacks act like the network stack on the host - you have a variety of containers in the pod, +and programs in the container, all sharing a single interface and IP address, and +associated ports. If one container binds to a port, no other container can use that port +within the pod while it is in use. Containers in the pod can also communicate over localhost +by having one container bind to localhost in the pod, and another connect to that port. + **--publish-all**, **-P**=**true**|**false** Publish all exposed ports to random ports on the host interfaces. The default is **false**. |