container/podman
container/podman
1
0
Fork 0
mirror of https://github.com/containers/podman synced 2024-10-19 16:54:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
podman/docs/podman-play-kube.1.md
Peter Hunt 0d0ad59641 Default to SELinux private label for play kube mounts 
Before, there were SELinux denials when a volume was bind-mounted by podman play kube.
Partially fix this by setting the default private label for mounts created by play kube (with DirectoryOrCreate)
For volumes mounted as Directory, the user will have to set their own SELinux permissions on the mount point

also remove left over debugging print statement

Signed-off-by: Peter Hunt <pehunt@redhat.com>
2019-03-28 09:54:31 -04:00

2.7 KiB
Raw Blame History

% podman-play-kube Podman Man Pages % Brent Baude % December 2018

NAME

podman-play-kube - Create pods and containers based on Kubernetes YAML

SYNOPSIS

podman play kube [-h|--help] [--authfile] [--cert-dir] [--creds] [-q | --quiet] [--signature-policy*] [--tls-verify] kubernetes_input.yml

DESCRIPTION

podman play kube will read in a structured file of Kubernetes YAML. It will then recreate the pod and containers described in the YAML. The containers within the pod are then started and the ID of the new Pod is output.

Ideally the input file would be one created by Podman (see podman-generate-kube(1)). This would guarantee a smooth import and expected results.

Note: HostPath volume types created by play kube will be given an SELinux private label (Z)

OPTIONS:

--authfile

Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json, which is set using podman login. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using docker login.

Note: You can also override the default path of the authentication file by setting the REGISTRY_AUTH_FILE environment variable. export REGISTRY_AUTH_FILE=path

--cert-dir path

Use certificates at path (*.crt, *.cert, *.key) to connect to the registry. Default certificates directory is /etc/containers/certs.d.

--creds

The [username[:password]] to use to authenticate with the registry if required. If one or both values are not supplied, a command line prompt will appear and the value can be entered. The password is entered without echo.

--quiet, -q

Suppress output information when pulling images

--signature-policy="PATHNAME"

Pathname of a signature policy file to use. It is not recommended that this option be used, as the default behavior of using the system-wide default policy (frequently /etc/containers/policy.json) is most often preferred.

--tls-verify

Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf.

--help, -h

Print usage statement

Examples

Recreate the pod and containers as described in a file called demo.yml

$ podman play kube demo.yml
52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6

SEE ALSO

podman(1), podman-container(1), podman-pod(1), podman-generate-kube(1), podman-play(1)

HISTORY

Decemeber 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)