6 files changed, 187 insertions, 1 deletions
diff --git a/docs/podman-generate-kube.1.md b/docs/podman-generate-kube.1.md
index 396f69615..5236f23fe 100644
--- a/docs/podman-generate-kube.1.md
+++ b/docs/podman-generate-kube.1.md
@@ -145,7 +145,7 @@ status:
 ```
 
 ## SEE ALSO
-podman(1), podman-container, podman-pod
+podman(1), podman-container, podman-pod, podman-play
 
 # HISTORY
 Decemeber 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/podman-image-trust.1.md b/docs/podman-image-trust.1.md
new file mode 100644
index 000000000..24209698c
--- /dev/null
+++ b/docs/podman-image-trust.1.md
@@ -0,0 +1,81 @@
+% podman-image-trust "1"
+
+# NAME
+podman\-trust - Manage container image trust policy
+
+
+# SYNOPSIS
+**podman image trust set|show**
+[**-h**|**--help**]
+[**-j**|**--json**]
+[**--raw**]
+[**-f**|**--pubkeysfile** KEY1 [**f**|**--pubkeysfile** KEY2,...]]
+[**-t**|**--type** signedBy|accept|reject]
+REGISTRY[/REPOSITORY]
+
+# DESCRIPTION
+Manages the trust policy of the host system. Trust policy describes
+a registry scope (registry and/or repository) that must be signed by public keys. Trust
+is defined in **/etc/containers/policy.json**. Trust is enforced when a user attempts to pull
+an image from a registry.
+
+Trust scope is evaluated by most specific to least specific. In other words, policy may
+be defined for an entire registry, but refined for a particular repository in that
+registry. See below for examples.
+
+Trust **type** provides a way to whitelist ("accept") or blacklist
+("reject") registries.
+
+Trust may be updated using the command **podman image trust set** for an existing trust scope.
+
+# OPTIONS
+**-h** **--help**
+  Print usage statement.
+
+**-f** **--pubkeysfile**
+  A path to an exported public key on the local system. Key paths
+  will be referenced in policy.json. Any path may be used but path
+  **/etc/pki/containers** is recommended. Option may be used multiple times to
+  require an image be sigend by multiple keys. One of **--pubkeys** or
+  **--pubkeysfile** is required for **signedBy** type.
+
+**-t** **--type**
+  The trust type for this policy entry. Accepted values:
+    **signedBy** (default): Require signatures with corresponding list of
+                        public keys
+    **accept**: do not require any signatures for this
+            registry scope
+    **reject**: do not accept images for this registry scope
+
+# show OPTIONS
+
+**--raw**
+  Output trust policy file as raw JSON
+
+**-j** **--json**
+  Output trust as JSON for machine parsing
+
+# EXAMPLES
+
+Accept all unsigned images from a registry
+
+    podman image trust set --type accept docker.io
+
+Modify default trust policy
+
+    podman image trust set -t reject default
+
+Display system trust policy
+
+    podman image trust show
+
+Display trust policy file
+
+    podman image trust show --raw
+
+Display trust as JSON
+
+    podman image trust show --json
+
+# HISTORY
+December 2018, originally compiled by Qi Wang (qiwan at redhat dot com)
diff --git a/docs/podman-image.1.md b/docs/podman-image.1.md
index 8b812af11..8aa7cee64 100644
--- a/docs/podman-image.1.md
+++ b/docs/podman-image.1.md
@@ -26,6 +26,7 @@ The image command allows you to manage images
 | rm       | [podman-rm(1)](podman-rmi.1.md)           | Removes one or more locally stored images.                                     |
 | save     | [podman-save(1)](podman-save.1.md)        | Save an image to docker-archive or oci.                                        |
 | tag      | [podman-tag(1)](podman-tag.1.md)          | Add an additional name to a local image.                                       |
+| trust    | [podman-image-trust(1)](podman-image-trust.1.md)  | Manage container image trust policy.
 
 ## SEE ALSO
 podman
diff --git a/docs/podman-play-kube.1.md b/docs/podman-play-kube.1.md
new file mode 100644
index 000000000..3fd9746a5
--- /dev/null
+++ b/docs/podman-play-kube.1.md
@@ -0,0 +1,78 @@
+% podman-play-kube Podman Man Pages
+% Brent Baude
+% December 2018
+# NAME
+podman-play-kube - Create pods and containers based on Kubernetes YAML
+
+# SYNOPSIS
+**podman play kube **
+[**-h**|**--help**]
+[**--authfile**]
+[**--cert-dir**]
+[**--creds**]
+[***-q** | **--quiet**]
+[**--signature-policy**]
+[**--tls-verify**]
+kubernetes_input.yml
+
+# DESCRIPTION
+**podman play kube** will read in a structured file of Kubernetes YAML.  It will then recreate
+the pod and containers described in the YAML.  The containers within the pod are then started and
+the ID of the new Pod is output.
+
+Ideally the input file would be one created by Podman.  This would guarantee a smooth import and expected results.
+
+# OPTIONS:
+
+**--authfile**
+
+Path of the authentication file. Default is ${XDG_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
+If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
+
+Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
+environment variable. `export REGISTRY_AUTH_FILE=path`
+
+**--cert-dir** *path*
+
+Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
+Default certificates directory is _/etc/containers/certs.d_.
+
+**--creds**
+
+The [username[:password]] to use to authenticate with the registry if required.
+If one or both values are not supplied, a command line prompt will appear and the
+value can be entered.  The password is entered without echo.
+
+**--quiet, -q**
+
+Suppress output information when pulling images
+
+**--signature-policy="PATHNAME"**
+
+Pathname of a signature policy file to use.  It is not recommended that this
+option be used, as the default behavior of using the system-wide default policy
+(frequently */etc/containers/policy.json*) is most often preferred.
+
+**--tls-verify**
+
+Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true,
+then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified,
+TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf.
+
+**--help**, **-h**
+
+Print usage statement
+
+## Examples ##
+
+Recreate the pod and containers as described in a file called `demo.yml`
+```
+$ podman play kube demo.yml
+52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
+```
+
+## SEE ALSO
+podman(1), podman-container(1), podman-pod(1), podman-generate(1), podman-play(1)
+
+# HISTORY
+Decemeber 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
diff --git a/docs/podman-play.1.md b/docs/podman-play.1.md
new file mode 100644
index 000000000..c703c1455
--- /dev/null
+++ b/docs/podman-play.1.md
@@ -0,0 +1,20 @@
+% podman-play(1)
+
+## NAME
+podman\-container - play pods and containers based on a structured input file
+
+## SYNOPSIS
+**podman play** *subcommand*
+
+## DESCRIPTION
+The play command will recreate pods and containers based on the input from a structured (like YAML)
+file input.  Containers will be automatically started.
+
+## COMMANDS
+
+| Command  | Man Page                                            | Description                                                                  |
+| -------  | --------------------------------------------------- | ---------------------------------------------------------------------------- |
+| kube | [podman-play-kube(1)](podman-play-kube.1.md)              | Recreate pods and containers based on Kubernetes YAML.
+
+## SEE ALSO
+podman, podman-pod(1), podman-container(1), podman-generate(1), podman-play(1), podman-play-kube(1)
diff --git a/docs/tutorials/podman_tutorial.md b/docs/tutorials/podman_tutorial.md
index 659973b28..f8332c820 100644
--- a/docs/tutorials/podman_tutorial.md
+++ b/docs/tutorials/podman_tutorial.md
@@ -84,6 +84,12 @@ cd $GOPATH/src/github.com/containernetworking/plugins
 sudo mkdir -p /usr/libexec/cni
 sudo cp bin/* /usr/libexec/cni
 ```
+#### Installing CNI config
+Add a most basic network config
+```console
+mkdir -p /etc/cni/net.d
+curl -qsSL https://raw.githubusercontent.com/containers/libpod/master/cni/87-podman-bridge.conflist | tee /etc/cni/net.d/99-loopback.conf
+```
 #### Installing runc
 ```console
 git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc