aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/source/markdown/podman-container-inspect.1.md44
-rw-r--r--docs/source/markdown/podman-info.1.md10
-rw-r--r--docs/source/markdown/podman-pod-inspect.1.md52
-rw-r--r--docs/source/markdown/podman-pod-stats.1.md.in8
-rw-r--r--docs/source/markdown/podman-secret-inspect.1.md11
-rw-r--r--docs/source/markdown/podman-stats.1.md.in42
-rw-r--r--docs/source/markdown/podman-version.1.md8
-rw-r--r--docs/tutorials/podman-for-windows.md5
-rw-r--r--docs/tutorials/podman-install-certificate-authority.md102
9 files changed, 251 insertions, 31 deletions
diff --git a/docs/source/markdown/podman-container-inspect.1.md b/docs/source/markdown/podman-container-inspect.1.md
index f92eea7bd..7157a3ec0 100644
--- a/docs/source/markdown/podman-container-inspect.1.md
+++ b/docs/source/markdown/podman-container-inspect.1.md
@@ -18,6 +18,50 @@ all results in a JSON array. If a format is specified, the given template will b
Format the output using the given Go template.
The keys of the returned JSON can be used as the values for the --format flag (see examples below).
+Valid placeholders for the Go template are listed below:
+
+| **Placeholder** | **Description** |
+| ----------------- | ------------------ |
+| .AppArmorProfile | AppArmor profile (string) |
+| .Args | Command-line arguments (array of strings) |
+| .BoundingCaps | Bounding capability set (array of strings) |
+| .Config ... | Structure with config info |
+| .ConmonPidFile | Path to file containing conmon pid (string) |
+| .Created | Container creation time (string, ISO3601) |
+| .Dependencies | Dependencies (array of strings) |
+| .Driver | Storage driver (string) |
+| .EffectiveCaps | Effective capability set (array of strings) |
+| .ExecIDs | Exec IDs (array of strings) |
+| .GraphDriver ... | Further details of graph driver (struct) |
+| .HostConfig ... | Host config details (struct) |
+| .HostnamePath | Path to file containing hostname (string) |
+| .HostsPath | Path to container /etc/hosts file (string) |
+| .ID | Container ID (full 64-char hash) |
+| .Image | Container image ID (64-char hash) |
+| .ImageName | Container image name (string) |
+| .IsInfra | Is this an infra container? (string: true/false) |
+| .IsService | Is this a service container? (string: true/false) |
+| .MountLabel | SELinux label of mount (string) |
+| .Mounts | Mounts (array of strings) |
+| .Name | Container name (string) |
+| .Namespace | Container namespace (string) |
+| .NetworkSettings ... | Network settings (struct) |
+| .OCIConfigPath | Path to OCI config file (string) |
+| .OCIRuntime | OCI runtime name (string) |
+| .Path | Path to container command (string) |
+| .PidFile | Path to file containing container PID (string) |
+| .Pod | Parent pod (string) |
+| .ProcessLabel | SELinux label of process (string) |
+| .ResolvConfPath | Path to container's resolv.conf file (string) |
+| .RestartCount | Number of times container has been restarted (int) |
+| .Rootfs | Container rootfs (string) |
+| .SizeRootFs | Size of rootfs, in bytes [1] |
+| .SizeRw | Size of upper (R/W) container layer, in bytes [1] |
+| .State ... | Container state info (struct) |
+| .StaticDir | Path to container metadata dir (string) |
+
+[1] This format specifier requires the **--size** option
+
#### **--latest**, **-l**
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md
index b0e4d68c0..f892c2d7d 100644
--- a/docs/source/markdown/podman-info.1.md
+++ b/docs/source/markdown/podman-info.1.md
@@ -19,6 +19,16 @@ Displays information pertinent to the host, current storage stats, configured co
Change output format to "json" or a Go template.
+| **Placeholder** | **Info pertaining to ...** |
+| ------------------- | --------------------------------------- |
+| .Host ... | ...the host on which podman is running |
+| .Plugins ... | ...external plugins |
+| .Registries ... | ...configured registries |
+| .Store ... | ...the storage driver and paths |
+| .Version ... | ...podman version |
+
+Each of the above branch out into further subfields, more than can
+reasonably be enumerated in this document.
## EXAMPLES
diff --git a/docs/source/markdown/podman-pod-inspect.1.md b/docs/source/markdown/podman-pod-inspect.1.md
index e100256af..609cc47da 100644
--- a/docs/source/markdown/podman-pod-inspect.1.md
+++ b/docs/source/markdown/podman-pod-inspect.1.md
@@ -18,22 +18,42 @@ Change the default output format. This can be of a supported type like 'json'
or a Go template.
Valid placeholders for the Go template are listed below:
-| **Placeholder** | **Description** |
-| ----------------- | ----------------------------------------------------------------------------- |
-| .ID | Pod ID |
-| .Name | Pod name |
-| .State | Pod state |
-| .Hostname | Pod hostname |
-| .Labels | Pod labels |
-| .Created | Time when the pod was created |
-| .CreateCgroup | Whether cgroup was created |
-| .CgroupParent | Pod cgroup parent |
-| .CgroupPath | Pod cgroup path |
-| .CreateInfra | Whether infrastructure created |
-| .InfraContainerID | Pod infrastructure ID |
-| .SharedNamespaces | Pod shared namespaces |
-| .NumContainers | Number of containers in the pod |
-| .Containers | Pod containers |
+| **Placeholder** | **Description** |
+|----------------------|---------------------------------------------|
+| .BlkioDeviceReadBps | Block I/O Device Read, in bytes/sec |
+| .BlkioDeviceWriteBps | Block I/O Device Read, in bytes/sec |
+| .BlkioWeight | Block I/O Weight |
+| .BlkioWeightDevice | Block I/O Device Weight |
+| .CgroupParent | Pod cgroup parent |
+| .CgroupPath | Pod cgroup path |
+| .Containers | Pod containers |
+| .CPUPeriod | CPU period |
+| .CPUQuota | CPU quota |
+| .CPUSetCPUs | CPU Set CPUs |
+| .CPUSetMems | CPU Set Mems |
+| .CPUShares | CPU Shares |
+| .CreateCgroup | Whether cgroup was created |
+| .CreateCommand | Create command |
+| .Created | Time when the pod was created |
+| .CreateInfra | Whether infrastructure created |
+| .Devices | Devices |
+| .ExitPolicy | Exit policy |
+| .Hostname | Pod hostname |
+| .ID | Pod ID |
+| .InfraConfig ... | Infra config (contains further fields) |
+| .InfraContainerID | Pod infrastructure ID |
+| .InspectPodData ... | Nested structure, for experts only |
+| .Labels | Pod labels |
+| .MemoryLimit | Memory limit, bytes |
+| .MemorySwap | Memory swap limit, in bytes |
+| .Mounts | Mounts |
+| .Name | Pod name |
+| .Namespace | Namespace |
+| .NumContainers | Number of containers in the pod |
+| .SecurityOpts | Security options |
+| .SharedNamespaces | Pod shared namespaces |
+| .State | Pod state |
+| .VolumesFrom | Volumes from |
#### **--latest**, **-l**
diff --git a/docs/source/markdown/podman-pod-stats.1.md.in b/docs/source/markdown/podman-pod-stats.1.md.in
index 83a4b7a1e..4ecb30bdb 100644
--- a/docs/source/markdown/podman-pod-stats.1.md.in
+++ b/docs/source/markdown/podman-pod-stats.1.md.in
@@ -23,16 +23,16 @@ Valid placeholders for the Go template are listed below:
| **Placeholder** | **Description** |
| --------------- | ------------------ |
-| .Pod | Pod ID |
+| .BlockIO | Block IO |
| .CID | Container ID |
-| .Name | Container Name |
| .CPU | CPU percentage |
+| .Mem | Memory percentage |
| .MemUsage | Memory usage |
| .MemUsageBytes | Memory usage (IEC) |
-| .Mem | Memory percentage |
+| .Name | Container Name |
| .NetIO | Network IO |
-| .BlockIO | Block IO |
| .PIDS | Number of PIDs |
+| .Pod | Pod ID |
When using a GO template, you may precede the format with `table` to print headers.
diff --git a/docs/source/markdown/podman-secret-inspect.1.md b/docs/source/markdown/podman-secret-inspect.1.md
index 0e0d16120..77d9276bd 100644
--- a/docs/source/markdown/podman-secret-inspect.1.md
+++ b/docs/source/markdown/podman-secret-inspect.1.md
@@ -19,6 +19,17 @@ Secrets can be queried individually by providing their full name or a unique par
Format secret output using Go template.
+| **Placeholder** | **Description** |
+| ------------------------ | ----------------------------------------------------------------- |
+| .CreatedAt | When secret was created (relative timestamp, human-readable) |
+| .ID | ID of secret |
+| .Spec | Details of secret |
+| .Spec.Driver | Driver info |
+| .Spec.Driver.Name | Driver name (string) |
+| .Spec.Driver.Options ... | Driver options (map of driver-specific options) |
+| .Spec.Name | Name of secret |
+| .UpdatedAt | When secret was last updated (relative timestamp, human-readable) |
+
#### **--help**
Print usage statement.
diff --git a/docs/source/markdown/podman-stats.1.md.in b/docs/source/markdown/podman-stats.1.md.in
index f06bd3fcc..a14bd81e6 100644
--- a/docs/source/markdown/podman-stats.1.md.in
+++ b/docs/source/markdown/podman-stats.1.md.in
@@ -30,17 +30,37 @@ Pretty-print container statistics to JSON or using a Go template
Valid placeholders for the Go template are listed below:
-| **Placeholder** | **Description** |
-| --------------- | ------------------ |
-| .ID | Container ID |
-| .Name | Container Name |
-| .CPUPerc | CPU percentage |
-| .MemUsage | Memory usage |
-| .MemUsageBytes | Memory usage (IEC) |
-| .MemPerc | Memory percentage |
-| .NetIO | Network IO |
-| .BlockIO | Block IO |
-| .PIDS | Number of PIDs |
+| **Placeholder** | **Description** |
+|---------------------|--------------------------------------------------|
+| .AvgCPU | Average CPU, full precision float |
+| .AVGCPU | Average CPU, formatted as a percent |
+| .BlockInput | Block Input |
+| .BlockIO | Block IO |
+| .BlockOutput | Block Output |
+| .ContainerID | Container ID, full (untruncated) hash |
+| .ContainerStats ... | Nested structure, for experts only |
+| .CPU | Percent CPU, full precision float |
+| .CPUNano | CPU Usage, total, in nanoseconds |
+| .CPUPerc | CPU percentage |
+| .CPUSystemNano | CPU Usage, kernel, in nanoseconds |
+| .Duration | Same as CPUNano |
+| .ID | Container ID, truncated |
+| .MemLimit | Memory limit, in bytes |
+| .MemPerc | Memory percentage |
+| .MemUsage | Memory usage |
+| .MemUsageBytes | Memory usage (IEC) |
+| .Name | Container Name |
+| .NetInput | Network Input |
+| .NetIO | Network IO |
+| .NetOutput | Network Output |
+| .PerCPU | CPU time consumed by all tasks [1] |
+| .PIDs | Number of PIDs |
+| .PIDS | Number of PIDs (yes, we know it's a dup) |
+| .SystemNano | Current system datetime, nanoseconds since epoch |
+| .Up | Duration (CPUNano), in human-readable form |
+| .UpTime | Same as UpTime |
+
+[1] Cgroups V1 only
When using a GO template, you may precede the format with `table` to print headers.
diff --git a/docs/source/markdown/podman-version.1.md b/docs/source/markdown/podman-version.1.md
index 3062d10ab..93d4d54d5 100644
--- a/docs/source/markdown/podman-version.1.md
+++ b/docs/source/markdown/podman-version.1.md
@@ -16,6 +16,14 @@ OS, and Architecture.
Change output format to "json" or a Go template.
+| **Placeholder** | **Description** |
+| ------------------- | ------------------------ |
+| .Client ... | Version of local podman |
+| .Server ... | Version of remote podman |
+
+Each of the above fields branch deeper into further subfields
+such as .Version, .APIVersion, .GoVersion, and more.
+
## Example
A sample output of the `version` command:
diff --git a/docs/tutorials/podman-for-windows.md b/docs/tutorials/podman-for-windows.md
index bb37f4a48..da1e0c059 100644
--- a/docs/tutorials/podman-for-windows.md
+++ b/docs/tutorials/podman-for-windows.md
@@ -415,3 +415,8 @@ your WSL system state and perform a manual WSL installation using the `wsl
wsl --install
```
5. Continue with podman machine init
+
+Install Certificate Authority
+=============================
+
+Instructions for installing a CA certificate can be found [here](podman-install-certificate-authority.md).
diff --git a/docs/tutorials/podman-install-certificate-authority.md b/docs/tutorials/podman-install-certificate-authority.md
new file mode 100644
index 000000000..bcd3056ba
--- /dev/null
+++ b/docs/tutorials/podman-install-certificate-authority.md
@@ -0,0 +1,102 @@
+![PODMAN logo](../../logo/podman-logo-source.svg)
+
+Install Certificate Authority
+=============================
+
+Organizations may create their own local certificate authority (CA) or acquire one from a third party. This may mean more than one certificate, such as one or more intermediate certificates and a root certificate, for example. In any case, it is necessary to add the certificate authority (CA) certificate(s) so that it can be employed for various use cases.
+
+### Method one
+
+Certificates may be either individual or concatenated (bundles). The following steps are one method to add such certificates to Podman. It is assumed that Podman is running and the certificate(s) to be installed are available on an accessible server via curl. If such access is not possible, an alternative method follows.
+
+First, assuming a running Podman machine, ssh into the machine:
+```
+podman machine ssh
+```
+
+If Podman is running in the default rootless mode, an additional command is required to get to a root shell:
+
+```
+[core@localhost ~]$ sudo su -
+```
+
+After issuing the above command, the prompt should change to indicate the "root" instead of the "core" user.
+
+Next, while in the machine, change to the directory where the certificate(s) should be installed:
+```
+[root@localhost ~]# cd /etc/pki/ca-trust/source/anchors
+```
+
+Then use curl to download the certificate. Notes:
+* The -k is only necessary if connecting securely to a server for which the certificate is not yet trusted
+* The MY-SERVER.COM/SOME-CERTIFICATE.pem should be replaced as appropriate
+```
+[root@localhost anchors]# curl -k -o some-certificate.pem https://MY-SERVER.COM/SOME-CERTIFICATE.pem
+```
+
+Repeat as necessary for multiple certificates.
+
+Once all of the certificates have been downloaded, run the command to add the certificates to the list of trusted CAs:
+```
+[root@localhost anchors]# update-ca-trust
+```
+
+Exit the machine:
+```
+[root@localhost anchors]# exit
+```
+
+If the "sudo su -" command was used to switch to a root shell as described above, an additional exit command is needed to exit the machine:
+
+```
+[core@localhost ~]$ exit
+```
+
+### Alternative Method
+
+If the above method is for some reason not practical or desirable, the certificate may be created using vi.
+
+As above, assuming a running Podman machine, ssh into the machine:
+
+```
+podman machine ssh
+```
+
+If the prompt starts with "core" instead of "root", switch to a root shell:
+
+```
+[core@localhost ~]$ sudo su -
+```
+
+Next, change to the directory where the certificate(s) should be installed:
+```
+[root@localhost ~]# cd /etc/pki/ca-trust/source/anchors
+```
+
+Then use vi to create the certificate.
+```
+[root@localhost ~]# vi SOME-CERTIFICATE.pem
+```
+After vi opens, copy the certificate to the clipboard, then in insert mode, paste the clipboard contents to vi. Lastly, save the file and close vi.
+
+Repeat as necessary for multiple certificates.
+
+Once all of the certificates have been created, run the command to add the certificates to the list of trusted CAs:
+```
+[root@localhost anchors]# update-ca-trust
+```
+
+Exit the machine:
+```
+[root@localhost anchors]# exit
+```
+
+If the "sudo su -" command described above was used, an additional exit command is needed:
+
+```
+[core@localhost ~]$ exit
+```
+
+### Final Notes
+
+The certificate installation will persist during machine restarts. There is no need to stop and start the machine to begin using the certificate.
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-12 05:30:46 +0000