local build
This commit is contained in:
parent
1b174b2d24
commit
2c5e1f3bbf
@ -154,6 +154,47 @@ Current supported mount TYPES are bind, cache, secret and tmpfs.
|
|||||||
|
|
||||||
· rw, read-write: allows writes on the mount.
|
· rw, read-write: allows writes on the mount.
|
||||||
|
|
||||||
|
**RUN --network**
|
||||||
|
|
||||||
|
`RUN --network` allows control over which networking environment the command
|
||||||
|
is run in.
|
||||||
|
|
||||||
|
Syntax: `--network=<TYPE>`
|
||||||
|
|
||||||
|
**Network types**
|
||||||
|
|
||||||
|
| Type | Description |
|
||||||
|
|----------------------------------------------|----------------------------------------|
|
||||||
|
| [`default`](#run---networkdefault) (default) | Run in the default network. |
|
||||||
|
| [`none`](#run---networknone) | Run with no network access. |
|
||||||
|
| [`host`](#run---networkhost) | Run in the host's network environment. |
|
||||||
|
|
||||||
|
##### RUN --network=default
|
||||||
|
|
||||||
|
Equivalent to not supplying a flag at all, the command is run in the default
|
||||||
|
network for the build.
|
||||||
|
|
||||||
|
##### RUN --network=none
|
||||||
|
|
||||||
|
The command is run with no network access (`lo` is still available, but is
|
||||||
|
isolated to this process).
|
||||||
|
|
||||||
|
##### Example: isolating external effects
|
||||||
|
|
||||||
|
```dockerfile
|
||||||
|
FROM python:3.6
|
||||||
|
ADD mypackage.tgz wheels/
|
||||||
|
RUN --network=none pip install --find-links wheels mypackage
|
||||||
|
```
|
||||||
|
|
||||||
|
`pip` will only be able to install the packages provided in the tarfile, which
|
||||||
|
can be controlled by an earlier build stage.
|
||||||
|
|
||||||
|
##### RUN --network=host
|
||||||
|
|
||||||
|
The command is run in the host's network environment (similar to
|
||||||
|
`buildah build --network=host`, but on a per-instruction basis)
|
||||||
|
|
||||||
|
|
||||||
**RUN Secrets**
|
**RUN Secrets**
|
||||||
|
|
||||||
|
@ -18,8 +18,8 @@ Except the primary (read/write) file, other files are read-only, unless the user
|
|||||||
|
|
||||||
## FORMAT
|
## FORMAT
|
||||||
|
|
||||||
The auth.json file stores encrypted authentication information for the
|
The auth.json file stores, or references, credentials that allow the user to authenticate
|
||||||
user to container image registries. The file can have zero to many entries and
|
to container image registries. The file can have zero to many entries and
|
||||||
is created by a `login` command from a container tool such as `podman login`,
|
is created by a `login` command from a container tool such as `podman login`,
|
||||||
`buildah login` or `skopeo login`. Each entry either contains a single
|
`buildah login` or `skopeo login`. Each entry either contains a single
|
||||||
hostname (e.g. `docker.io`) or a namespace (e.g. `quay.io/user/image`) as a key
|
hostname (e.g. `docker.io`) or a namespace (e.g. `quay.io/user/image`) as a key
|
||||||
|
@ -282,7 +282,7 @@ signed by the provided public key.
|
|||||||
The `signedIdentity` field has the same semantics as in the `signedBy` requirement described above.
|
The `signedIdentity` field has the same semantics as in the `signedBy` requirement described above.
|
||||||
Note that `cosign`-created signatures only contain a repository, so only `matchRepository` and `exactRepository` can be used to accept them (and that does not protect against substitution of a signed image with an unexpected tag).
|
Note that `cosign`-created signatures only contain a repository, so only `matchRepository` and `exactRepository` can be used to accept them (and that does not protect against substitution of a signed image with an unexpected tag).
|
||||||
|
|
||||||
To use this with images hosted on image registries, the relevant registry or repository must have the `use-sigstore-attachments` option enabled in containers-registries.d(5).
|
To use this with images hosted on image registries, the `use-sigstore-attachments` option needs to be enabled for the relevant registry or repository in the client's containers-registries.d(5).
|
||||||
|
|
||||||
## Examples
|
## Examples
|
||||||
|
|
||||||
|
@ -68,7 +68,9 @@ the consumer MUST verify at least the following aspects of the signature
|
|||||||
(like the `github.com/containers/image/signature` package does):
|
(like the `github.com/containers/image/signature` package does):
|
||||||
|
|
||||||
- The blob MUST be a “Signed Message” as defined RFC 4880 section 11.3.
|
- The blob MUST be a “Signed Message” as defined RFC 4880 section 11.3.
|
||||||
(e.g. it MUST NOT be an unsigned “Literal Message”, or any other non-signature format).
|
(e.g. it MUST NOT be an unsigned “Literal Message”,
|
||||||
|
a “Cleartext Signature” as defined in RFC 4880 section 7,
|
||||||
|
or any other non-signature format).
|
||||||
- The signature MUST have been made by an expected key trusted for the purpose (and the specific container image).
|
- The signature MUST have been made by an expected key trusted for the purpose (and the specific container image).
|
||||||
- The signature MUST be correctly formed and pass the cryptographic validation.
|
- The signature MUST be correctly formed and pass the cryptographic validation.
|
||||||
- The signature MUST correctly authenticate the included JSON payload
|
- The signature MUST correctly authenticate the included JSON payload
|
||||||
|
@ -64,6 +64,12 @@ Default directory to store all temporary writable content created by container s
|
|||||||
By default, the storage driver is set via the `driver` option. If it is not defined, then the best driver will be picked according to the current platform. This option allows you to override this internal priority list with a custom one to prefer certain drivers.
|
By default, the storage driver is set via the `driver` option. If it is not defined, then the best driver will be picked according to the current platform. This option allows you to override this internal priority list with a custom one to prefer certain drivers.
|
||||||
Setting this option only has an effect if the local storage has not been initialized yet and the driver name is not set.
|
Setting this option only has an effect if the local storage has not been initialized yet and the driver name is not set.
|
||||||
|
|
||||||
|
**transient_store** = "false" | "true"
|
||||||
|
|
||||||
|
Transient store mode makes all container metadata be saved in temporary storage
|
||||||
|
(i.e. runroot above). This is faster, but doesn't persist across reboots.
|
||||||
|
Additional garbage collection must also be performed at boot-time, so this option should remain disabled in most configurations. (default: false)
|
||||||
|
|
||||||
### STORAGE OPTIONS TABLE
|
### STORAGE OPTIONS TABLE
|
||||||
|
|
||||||
The `storage.options` table supports the following options:
|
The `storage.options` table supports the following options:
|
||||||
|
@ -33,6 +33,11 @@
|
|||||||
#
|
#
|
||||||
#base_hosts_file = ""
|
#base_hosts_file = ""
|
||||||
|
|
||||||
|
# List of cgroup_conf entries specifying a list of cgroup files to write to and
|
||||||
|
# their values. For example `memory.high=1073741824` sets the
|
||||||
|
# memory.high limit to 1GB.
|
||||||
|
# cgroup_conf = []
|
||||||
|
|
||||||
# Default way to to create a cgroup namespace for the container
|
# Default way to to create a cgroup namespace for the container
|
||||||
# Options are:
|
# Options are:
|
||||||
# `private` Create private Cgroup Namespace for the container.
|
# `private` Create private Cgroup Namespace for the container.
|
||||||
@ -63,6 +68,7 @@
|
|||||||
# "SETGID",
|
# "SETGID",
|
||||||
# "SETPCAP",
|
# "SETPCAP",
|
||||||
# "SETUID",
|
# "SETUID",
|
||||||
|
# "SYS_CHROOT",
|
||||||
#]
|
#]
|
||||||
|
|
||||||
# A list of sysctls to be set in containers by default,
|
# A list of sysctls to be set in containers by default,
|
||||||
@ -197,6 +203,10 @@ log_driver = "journald"
|
|||||||
#
|
#
|
||||||
#no_hosts = false
|
#no_hosts = false
|
||||||
|
|
||||||
|
# Tune the host's OOM preferences for containers
|
||||||
|
# (accepts values from -1000 to 1000).
|
||||||
|
#oom_score_adj = 0
|
||||||
|
|
||||||
# Default way to to create a PID namespace for the container
|
# Default way to to create a PID namespace for the container
|
||||||
# Options are:
|
# Options are:
|
||||||
# `private` Create private PID Namespace for the container.
|
# `private` Create private PID Namespace for the container.
|
||||||
@ -294,6 +304,15 @@ log_driver = "journald"
|
|||||||
# "/opt/cni/bin",
|
# "/opt/cni/bin",
|
||||||
#]
|
#]
|
||||||
|
|
||||||
|
# List of directories that will be searched for netavark plugins.
|
||||||
|
#
|
||||||
|
#netavark_plugin_dirs = [
|
||||||
|
# "/usr/local/libexec/netavark",
|
||||||
|
# "/usr/libexec/netavark",
|
||||||
|
# "/usr/local/lib/netavark",
|
||||||
|
# "/usr/lib/netavark",
|
||||||
|
#]
|
||||||
|
|
||||||
# The network name of the default network to attach pods to.
|
# The network name of the default network to attach pods to.
|
||||||
#
|
#
|
||||||
#default_network = "podman"
|
#default_network = "podman"
|
||||||
@ -447,7 +466,7 @@ log_driver = "journald"
|
|||||||
#
|
#
|
||||||
#image_parallel_copies = 0
|
#image_parallel_copies = 0
|
||||||
|
|
||||||
# Tells container engines how to handle the builtin image volumes.
|
# Tells container engines how to handle the built-in image volumes.
|
||||||
# * bind: An anonymous named volume will be created and mounted
|
# * bind: An anonymous named volume will be created and mounted
|
||||||
# into the container.
|
# into the container.
|
||||||
# * tmpfs: The volume is mounted onto the container as a tmpfs,
|
# * tmpfs: The volume is mounted onto the container as a tmpfs,
|
||||||
@ -463,13 +482,17 @@ log_driver = "journald"
|
|||||||
|
|
||||||
# Infra (pause) container image name for pod infra containers. When running a
|
# Infra (pause) container image name for pod infra containers. When running a
|
||||||
# pod, we start a `pause` process in a container to hold open the namespaces
|
# pod, we start a `pause` process in a container to hold open the namespaces
|
||||||
# associated with the pod. This container does nothing other then sleep,
|
# associated with the pod. This container does nothing other than sleep,
|
||||||
# reserving the pods resources for the lifetime of the pod. By default container
|
# reserving the pod's resources for the lifetime of the pod. By default container
|
||||||
# engines run a builtin container using the pause executable. If you want override
|
# engines run a built-in container using the pause executable. If you want override
|
||||||
# specify an image to pull.
|
# specify an image to pull.
|
||||||
#
|
#
|
||||||
#infra_image = ""
|
#infra_image = ""
|
||||||
|
|
||||||
|
# Default Kubernetes kind/specification of the kubernetes yaml generated with the `podman kube generate` command.
|
||||||
|
# The possible options are `pod` and `deployment`.
|
||||||
|
#kube_generate_type = "pod"
|
||||||
|
|
||||||
# Specify the locking mechanism to use; valid values are "shm" and "file".
|
# Specify the locking mechanism to use; valid values are "shm" and "file".
|
||||||
# Change the default only if you are sure of what you are doing, in general
|
# Change the default only if you are sure of what you are doing, in general
|
||||||
# "file" is useful only on platforms where cgo is not available for using the
|
# "file" is useful only on platforms where cgo is not available for using the
|
||||||
|
@ -9,11 +9,12 @@ Container engines like Podman & Buildah read containers.conf file, if it exists
|
|||||||
and modify the defaults for running containers on the host. containers.conf uses
|
and modify the defaults for running containers on the host. containers.conf uses
|
||||||
a TOML format that can be easily modified and versioned.
|
a TOML format that can be easily modified and versioned.
|
||||||
|
|
||||||
Container engines read the /usr/share/containers/containers.conf and
|
Container engines read the __/usr/share/containers/containers.conf__,
|
||||||
/etc/containers/containers.conf, and /etc/containers/containers.conf.d/*.conf files
|
__/etc/containers/containers.conf__, and __/etc/containers/containers.conf.d/\*.conf__
|
||||||
if they exist. When running in rootless mode, they also read
|
files if they exist.
|
||||||
$HOME/.config/containers/containers.conf and
|
When running in rootless mode, they also read
|
||||||
$HOME/.config/containers/containers.conf.d/*.conf files.
|
__$HOME/.config/containers/containers.conf__ and
|
||||||
|
__$HOME/.config/containers/containers.conf.d/\*.conf__ files.
|
||||||
|
|
||||||
Fields specified in containers conf override the default options, as well as
|
Fields specified in containers conf override the default options, as well as
|
||||||
options in previously read containers.conf files.
|
options in previously read containers.conf files.
|
||||||
@ -22,10 +23,10 @@ Config files in the `.d` directories, are added in alpha numeric sorted order an
|
|||||||
|
|
||||||
Not all options are supported in all container engines.
|
Not all options are supported in all container engines.
|
||||||
|
|
||||||
Note container engines also use other configuration files for configuring the environment.
|
Note, container engines also use other configuration files for configuring the environment.
|
||||||
|
|
||||||
* `storage.conf` for configuration of container and images storage.
|
* `storage.conf` for configuration of container and images storage.
|
||||||
* `registries.conf` for definition of container registires to search while pulling.
|
* `registries.conf` for definition of container registries to search while pulling.
|
||||||
container images.
|
container images.
|
||||||
* `policy.conf` for controlling which images can be pulled to the system.
|
* `policy.conf` for controlling which images can be pulled to the system.
|
||||||
|
|
||||||
@ -50,6 +51,7 @@ TOML can be simplified to:
|
|||||||
The containers table contains settings to configure and manage the OCI runtime.
|
The containers table contains settings to configure and manage the OCI runtime.
|
||||||
|
|
||||||
**annotations** = []
|
**annotations** = []
|
||||||
|
|
||||||
List of annotations. Specified as "key=value" pairs to be added to all containers.
|
List of annotations. Specified as "key=value" pairs to be added to all containers.
|
||||||
|
|
||||||
Example: "run.oci.keep_original_groups=1"
|
Example: "run.oci.keep_original_groups=1"
|
||||||
@ -66,6 +68,12 @@ file. This must be either an absolute path or as special values "image" which
|
|||||||
uses the hosts file from the container image or "none" which means
|
uses the hosts file from the container image or "none" which means
|
||||||
no base hosts file is used. The default is "" which will use /etc/hosts.
|
no base hosts file is used. The default is "" which will use /etc/hosts.
|
||||||
|
|
||||||
|
**cgroup_conf**=[]
|
||||||
|
|
||||||
|
List of cgroup_conf entries specifying a list of cgroup files to write to and
|
||||||
|
their values. For example `memory.high=1073741824` sets the
|
||||||
|
memory.high limit to 1GB.
|
||||||
|
|
||||||
**cgroups**="enabled"
|
**cgroups**="enabled"
|
||||||
|
|
||||||
Determines whether the container will create CGroups.
|
Determines whether the container will create CGroups.
|
||||||
@ -98,6 +106,7 @@ default_capabilities = [
|
|||||||
"SETGID",
|
"SETGID",
|
||||||
"SETPCAP",
|
"SETPCAP",
|
||||||
"SETUID",
|
"SETUID",
|
||||||
|
"SYS_CHROOT",
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -227,6 +236,10 @@ Options are:
|
|||||||
Create /etc/hosts for the container. By default, container engines manage
|
Create /etc/hosts for the container. By default, container engines manage
|
||||||
/etc/hosts, automatically adding the container's own IP address.
|
/etc/hosts, automatically adding the container's own IP address.
|
||||||
|
|
||||||
|
**oom_score_adj**=0
|
||||||
|
|
||||||
|
Tune the host's OOM preferences for containers (accepts values from -1000 to 1000).
|
||||||
|
|
||||||
**pidns**="private"
|
**pidns**="private"
|
||||||
|
|
||||||
Default way to to create a PID namespace for the container.
|
Default way to to create a PID namespace for the container.
|
||||||
@ -324,6 +337,20 @@ cni_plugin_dirs = [
|
|||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
**netavark_plugin_dirs**=[]
|
||||||
|
|
||||||
|
List of directories that will be searched for netavark plugins.
|
||||||
|
|
||||||
|
The default list is:
|
||||||
|
```
|
||||||
|
netavark_plugin_dirs = [
|
||||||
|
"/usr/local/libexec/netavark",
|
||||||
|
"/usr/libexec/netavark",
|
||||||
|
"/usr/local/lib/netavark",
|
||||||
|
"/usr/lib/netavark",
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
**default_network**="podman"
|
**default_network**="podman"
|
||||||
|
|
||||||
The network name of the default network to attach pods to.
|
The network name of the default network to attach pods to.
|
||||||
@ -355,8 +382,8 @@ default_subnet_pools = [
|
|||||||
**network_config_dir**="/etc/cni/net.d/"
|
**network_config_dir**="/etc/cni/net.d/"
|
||||||
|
|
||||||
Path to the directory where network configuration files are located.
|
Path to the directory where network configuration files are located.
|
||||||
For the CNI backend the default is "/etc/cni/net.d" as root
|
For the CNI backend the default is __/etc/cni/net.d__ as root
|
||||||
and "$HOME/.config/cni/net.d" as rootless.
|
and __$HOME/.config/cni/net.d__ as rootless.
|
||||||
For the netavark backend "/etc/containers/networks" is used as root
|
For the netavark backend "/etc/containers/networks" is used as root
|
||||||
and "$graphroot/networks" as rootless.
|
and "$graphroot/networks" as rootless.
|
||||||
|
|
||||||
@ -462,12 +489,14 @@ with detailed information about the container. Set to false by default.
|
|||||||
A is a list of directories which are used to search for helper binaries.
|
A is a list of directories which are used to search for helper binaries.
|
||||||
|
|
||||||
The default paths on Linux are:
|
The default paths on Linux are:
|
||||||
|
|
||||||
- `/usr/local/libexec/podman`
|
- `/usr/local/libexec/podman`
|
||||||
- `/usr/local/lib/podman`
|
- `/usr/local/lib/podman`
|
||||||
- `/usr/libexec/podman`
|
- `/usr/libexec/podman`
|
||||||
- `/usr/lib/podman`
|
- `/usr/lib/podman`
|
||||||
|
|
||||||
The default paths on macOS are:
|
The default paths on macOS are:
|
||||||
|
|
||||||
- `/usr/local/opt/podman/libexec`
|
- `/usr/local/opt/podman/libexec`
|
||||||
- `/opt/homebrew/bin`
|
- `/opt/homebrew/bin`
|
||||||
- `/opt/homebrew/opt/podman/libexec`
|
- `/opt/homebrew/opt/podman/libexec`
|
||||||
@ -478,6 +507,7 @@ The default paths on macOS are:
|
|||||||
- `/usr/lib/podman`
|
- `/usr/lib/podman`
|
||||||
|
|
||||||
The default path on Windows is:
|
The default path on Windows is:
|
||||||
|
|
||||||
- `C:\Program Files\RedHat\Podman`
|
- `C:\Program Files\RedHat\Podman`
|
||||||
|
|
||||||
**hooks_dir**=["/etc/containers/oci/hooks.d", ...]
|
**hooks_dir**=["/etc/containers/oci/hooks.d", ...]
|
||||||
@ -502,7 +532,7 @@ Not setting this field will fall back to containers/image defaults. (6)
|
|||||||
|
|
||||||
**image_volume_mode**="bind"
|
**image_volume_mode**="bind"
|
||||||
|
|
||||||
Tells container engines how to handle the builtin image volumes.
|
Tells container engines how to handle the built-in image volumes.
|
||||||
|
|
||||||
* bind: An anonymous named volume will be created and mounted into the container.
|
* bind: An anonymous named volume will be created and mounted into the container.
|
||||||
* tmpfs: The volume is mounted onto the container as a tmpfs, which allows the users to create content that disappears when the container is stopped.
|
* tmpfs: The volume is mounted onto the container as a tmpfs, which allows the users to create content that disappears when the container is stopped.
|
||||||
@ -512,18 +542,22 @@ Tells container engines how to handle the builtin image volumes.
|
|||||||
|
|
||||||
Infra (pause) container image command for pod infra containers. When running a
|
Infra (pause) container image command for pod infra containers. When running a
|
||||||
pod, we start a `/pause` process in a container to hold open the namespaces
|
pod, we start a `/pause` process in a container to hold open the namespaces
|
||||||
associated with the pod. This container does nothing other then sleep,
|
associated with the pod. This container does nothing other than sleep,
|
||||||
reserving the pods resources for the lifetime of the pod.
|
reserving the pod's resources for the lifetime of the pod.
|
||||||
|
|
||||||
**infra_image**=""
|
**infra_image**=""
|
||||||
|
|
||||||
Infra (pause) container image for pod infra containers. When running a
|
Infra (pause) container image for pod infra containers. When running a
|
||||||
pod, we start a `pause` process in a container to hold open the namespaces
|
pod, we start a `pause` process in a container to hold open the namespaces
|
||||||
associated with the pod. This container does nothing other then sleep,
|
associated with the pod. This container does nothing other than sleep,
|
||||||
reserving the pods resources for the lifetime of the pod. By default container
|
reserving the pod's resources for the lifetime of the pod. By default container
|
||||||
engines run a builtin container using the pause executable. If you want override
|
engines run a built-in container using the pause executable. If you want override
|
||||||
specify an image to pull.
|
specify an image to pull.
|
||||||
|
|
||||||
|
**kube_generate_type**="pod"
|
||||||
|
|
||||||
|
Default Kubernetes kind/specification of the kubernetes yaml generated with the `podman kube generate` command. The possible options are `pod` and `deployment`.
|
||||||
|
|
||||||
**lock_type**="shm"
|
**lock_type**="shm"
|
||||||
|
|
||||||
Specify the locking mechanism to use; valid values are "shm" and "file".
|
Specify the locking mechanism to use; valid values are "shm" and "file".
|
||||||
@ -595,6 +629,7 @@ Pull image before running or creating a container. The default is **missing**.
|
|||||||
- **never**: do not pull the image from the registry, use only the local version. Raise an error if the image is not present locally.
|
- **never**: do not pull the image from the registry, use only the local version. Raise an error if the image is not present locally.
|
||||||
|
|
||||||
**remote** = false
|
**remote** = false
|
||||||
|
|
||||||
Indicates whether the application should be running in remote mode. This flag modifies the
|
Indicates whether the application should be running in remote mode. This flag modifies the
|
||||||
--remote option on container engines. Setting the flag to true will default `podman --remote=true` for access to the remote Podman service.
|
--remote option on container engines. Setting the flag to true will default `podman --remote=true` for access to the remote Podman service.
|
||||||
|
|
||||||
@ -745,7 +780,9 @@ Environment variables like $HOME as well as complete paths are supported for
|
|||||||
the source and destination. An optional third field `:ro` can be used to
|
the source and destination. An optional third field `:ro` can be used to
|
||||||
tell the container engines to mount the volume readonly.
|
tell the container engines to mount the volume readonly.
|
||||||
|
|
||||||
On Mac, the default volumes are: `"/Users:/Users", "/private:/private", "/var/folders:/var/folders"`
|
On Mac, the default volumes are:
|
||||||
|
|
||||||
|
[ "/Users:/Users", "/private:/private", "/var/folders:/var/folders" ]
|
||||||
|
|
||||||
**provider**=""
|
**provider**=""
|
||||||
|
|
||||||
@ -757,23 +794,31 @@ default is `QEMU` and on Windows it is `WSL`.
|
|||||||
|
|
||||||
**containers.conf**
|
**containers.conf**
|
||||||
|
|
||||||
Distributions often provide a `/usr/share/containers/containers.conf` file to
|
Distributions often provide a __/usr/share/containers/containers.conf__ file to
|
||||||
define default container configuration. Administrators can override fields in
|
provide a default configuration. Administrators can override fields in this
|
||||||
this file by creating `/etc/containers/containers.conf` to specify their own
|
file by creating __/etc/containers/containers.conf__ to specify their own
|
||||||
configuration. Rootless users can further override fields in the config by
|
configuration. They may also drop `.conf` files in
|
||||||
creating a config file stored in the `$HOME/.config/containers/containers.conf` file.
|
__/etc/containers/containers.conf.d__ which will be loaded in alphanumeric order.
|
||||||
|
Rootless users can further override fields in the config by creating a config
|
||||||
|
file stored in the __$HOME/.config/containers/containers.conf__ file or __.conf__ files in __$HOME/.config/containers/containers.conf.d__.
|
||||||
|
|
||||||
If the `CONTAINERS_CONF` path environment variable is set, just
|
If the `CONTAINERS_CONF` environment variable is set, all system and user
|
||||||
this path will be used. This is primarily used for testing.
|
config files are ignored and only the specified config file will be loaded.
|
||||||
|
|
||||||
Fields specified in the containers.conf file override the default options, as
|
If the `CONTAINERS_CONF_OVERRIDE` path environment variable is set, the config
|
||||||
well as options in previously read containers.conf files.
|
file will be loaded last even when `CONTAINERS_CONF` is set.
|
||||||
|
|
||||||
|
The values of both environment variables may be absolute or relative paths, for
|
||||||
|
instance, `CONTAINERS_CONF=/tmp/my_containers.conf`.
|
||||||
|
|
||||||
|
Fields specified in a containers.conf file override the default options, as
|
||||||
|
well as options in previously loaded containers.conf files.
|
||||||
|
|
||||||
**storage.conf**
|
**storage.conf**
|
||||||
|
|
||||||
The `/etc/containers/storage.conf` file is the default storage configuration file.
|
The `/etc/containers/storage.conf` file is the default storage configuration file.
|
||||||
Rootless users can override fields in the storage config by creating
|
Rootless users can override fields in the storage config by creating
|
||||||
`$HOME/.config/containers/storage.conf`.
|
__$HOME/.config/containers/storage.conf__.
|
||||||
|
|
||||||
If the `CONTAINERS_STORAGE_CONF` path environment variable is set, this path
|
If the `CONTAINERS_STORAGE_CONF` path environment variable is set, this path
|
||||||
is used for the storage.conf file rather than the default.
|
is used for the storage.conf file rather than the default.
|
||||||
|
@ -2,6 +2,8 @@
|
|||||||
# almalinux
|
# almalinux
|
||||||
"almalinux" = "docker.io/library/almalinux"
|
"almalinux" = "docker.io/library/almalinux"
|
||||||
"almalinux-minimal" = "docker.io/library/almalinux-minimal"
|
"almalinux-minimal" = "docker.io/library/almalinux-minimal"
|
||||||
|
# Amazon Linux
|
||||||
|
"amazonlinux" = "public.ecr.aws/amazonlinux/amazonlinux"
|
||||||
# Arch Linux
|
# Arch Linux
|
||||||
"archlinux" = "docker.io/library/archlinux"
|
"archlinux" = "docker.io/library/archlinux"
|
||||||
# centos
|
# centos
|
||||||
|
@ -34,6 +34,8 @@ graphroot = "/var/lib/containers/storage"
|
|||||||
|
|
||||||
# Transient store mode makes all container metadata be saved in temporary storage
|
# Transient store mode makes all container metadata be saved in temporary storage
|
||||||
# (i.e. runroot above). This is faster, but doesn't persist across reboots.
|
# (i.e. runroot above). This is faster, but doesn't persist across reboots.
|
||||||
|
# Additional garbage collection must also be performed at boot-time, so this
|
||||||
|
# option should remain disabled in most configurations.
|
||||||
# transient_store = true
|
# transient_store = true
|
||||||
|
|
||||||
[storage.options]
|
[storage.options]
|
||||||
|
Loading…
Reference in New Issue
Block a user