rpms/containers-common
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to grab latest man pages and configuration files, also switch to using some main rather then master branches

Browse Source
This commit is contained in:
Daniel J Walsh 2021-07-15 12:26:10 -04:00
parent abac6aa948
commit fcf99dc5d1
No known key found for this signature in database
GPG Key ID: A2DF901DABE2C028
6 changed files with 112 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
containers-auth.json.5.md
View File

@ -23,7 +23,20 @@ user to container image registries. The file can have zero to many entries and
is created by a `login` command from a container tool such as `podman login`, is created by a `login` command from a container tool such as `podman login`,
`buildah login` or `skopeo login`. Each entry includes the name of the registry and then an auth `buildah login` or `skopeo login`. Each entry includes the name of the registry and then an auth
token in the form of a base64 encoded string from the concatenation of the token in the form of a base64 encoded string from the concatenation of the
username, a colon, and the password. username, a colon, and the password. The registry name can additionally contain
a path or repository name (an image name without tag or digest). The path (or
namespace) is matched in its hierarchical order when checking for available
authentications. For example, an image pull for
`my-registry.local/namespace/user/image:latest` will result in a lookup in
`auth.json` in the following order:
- `my-registry.local/namespace/user/image`
- `my-registry.local/namespace/user`
- `my-registry.local/namespace`
- `my-registry.local`
This way it is possible to setup multiple credentials for a single registry
which can be distinguished by their path.
The following example shows the values found in auth.json after the user logged in to The following example shows the values found in auth.json after the user logged in to
their accounts on quay.io and docker.io: their accounts on quay.io and docker.io:
@ -41,6 +54,25 @@ their accounts on quay.io and docker.io:
} }
``` ```
This example demonstrates how to use multiple paths for a single registry, while
preserving a fallback for `my-registry.local`:
```
{
"auths": {
"my-registry.local/foo/bar/image": {
"auth": "…"
},
"my-registry.local/foo": {
"auth": "…"
},
"my-registry.local": {
"auth": "…"
},
}
}
```
An entry can be removed by using a `logout` command from a container An entry can be removed by using a `logout` command from a container
tool such as `podman logout` or `buildah logout`. tool such as `podman logout` or `buildah logout`.

9
containers-common.spec
View File

@ -3,8 +3,8 @@
# These vendored components must have the same version. If it is not the case, # These vendored components must have the same version. If it is not the case,
# pick the oldest version on c/image, c/common, c/storage vendored in # pick the oldest version on c/image, c/common, c/storage vendored in
# Buildah/Podman/Skopeo. # Buildah/Podman/Skopeo.
%global skopeo_branch master %global skopeo_branch main
%global podman_branch master %global podman_branch main
%global image_branch main %global image_branch main
%global common_branch main %global common_branch main
%global storage_branch main %global storage_branch main
@ -15,7 +15,7 @@
Epoch: 4 Epoch: 4
Name: containers-common Name: containers-common
Version: 1 Version: 1
Release: 21%{?dist} Release: 22%{?dist}
Summary: Common configuration and documentation for containers Summary: Common configuration and documentation for containers
License: ASL 2.0 License: ASL 2.0
BuildArch: noarch BuildArch: noarch
@ -136,6 +136,9 @@ ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secret
%{_datadir}/rhel/secrets/* %{_datadir}/rhel/secrets/*
%changelog %changelog
* Thu Jul 15 2021 Dan Walsh <dwalsh@fedoraproject.org> - 4:1-22
- Update to grab latest man pages and configuration files, also switch to using some main rather then master branches
* Tue Jun 29 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 4:1-21 * Tue Jun 29 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 4:1-21
- fetch latest upstream configs - fetch latest upstream configs

2
containers-policy.json.5.md
View File

@ -68,7 +68,7 @@ i.e. either specifying a complete name of a tagged image, or prefix denoting
a host/namespace/image stream or a wildcarded expression for matching all a host/namespace/image stream or a wildcarded expression for matching all
subdomains. For wildcarded subdomain matching, `*.example.com` is a valid case, but `example*.*.com` is not. subdomains. For wildcarded subdomain matching, `*.example.com` is a valid case, but `example*.*.com` is not.
*Note:* The _hostname_ and _port_ refer to the Docker registry host and port (the one used *Note:* The _hostname_ and _port_ refer to the container registry host and port (the one used
e.g. for `docker pull`), _not_ to the OpenShift API host and port. e.g. for `docker pull`), _not_ to the OpenShift API host and port.
### `dir:` ### `dir:`

4
containers-registries.conf.5.md
View File

@ -39,8 +39,8 @@ Given an image name, a single `[[registry]]` TOML table is chosen based on its `
The user-specified image name must start with the specified `prefix` (and continue The user-specified image name must start with the specified `prefix` (and continue
with the appropriate separator) for a particular `[[registry]]` TOML table to be with the appropriate separator) for a particular `[[registry]]` TOML table to be
considered; (only) the TOML table with the longest match is used. It can considered; (only) the TOML table with the longest match is used. It can
also include wildcarded subdomains in the format `*.example.com` along as mentioned also include wildcarded subdomains in the format `*.example.com`.
above. The wildcard should only be present at the beginning as shown in the formats The wildcard should only be present at the beginning as shown in the formats
above. Other cases will not work. For example, `*.example.com` is valid but above. Other cases will not work. For example, `*.example.com` is valid but
`example.*.com`, `*.example.com/foo` and `*.example.com:5000/foo/bar:baz` are not. `example.*.com`, `*.example.com/foo` and `*.example.com:5000/foo/bar:baz` are not.

19
containers.conf
View File

@ -189,6 +189,13 @@ log_driver = "journald"
# #
# pids_limit = 2048 # pids_limit = 2048
# Copy the content from the underlying image into the newly created volume
# when the container is created instead of when it is started. If false,
# the container engine will not copy the content until the container is started.
# Setting it to true may have negative performance implications.
#
# prepare_volume_on_create = false
# Indicates the networking to be used for rootless containers # Indicates the networking to be used for rootless containers
# rootless_networking = "slirp4netns" # rootless_networking = "slirp4netns"
@ -243,6 +250,12 @@ log_driver = "journald"
# The network table contains settings pertaining to the management of # The network table contains settings pertaining to the management of
# CNI plugins. # CNI plugins.
[secrets]
# driver = "file"
[secrets.opts]
# root = "/example/directory"
[network] [network]
# Path to directory where CNI plugin binaries are located. # Path to directory where CNI plugin binaries are located.
@ -503,9 +516,3 @@ log_driver = "journald"
# TOML does not provide a way to end a table other than a further table being # TOML does not provide a way to end a table other than a further table being
# defined, so every key hereafter will be part of [volume_plugins] and not the # defined, so every key hereafter will be part of [volume_plugins] and not the
# main config. # main config.
[secret]
# driver = "file"
[secret.opts]
# root = "/example/directory"

11
containers.conf.5.md
View File

@ -219,6 +219,10 @@ Options are:
Maximum number of processes allowed in a container. 0 indicates that no limit Maximum number of processes allowed in a container. 0 indicates that no limit
is imposed. is imposed.
**prepare_volume_on_create**=false
Copy the content from the underlying image into the newly created volume when the container is created instead of when it is started. If `false`, the container engine will not copy the content until the container is started. Setting it to `true` may have negative performance implications.
**rootless_networking**="slirp4netns" **rootless_networking**="slirp4netns"
Set type of networking rootless containers should use. Valid options are `slirp4netns` Set type of networking rootless containers should use. Valid options are `slirp4netns`
@ -494,6 +498,11 @@ By default this will be configured relative to where containers/storage store
containers. This convention is followed by the default volume driver, but may containers. This convention is followed by the default volume driver, but may
not be by other drivers. not be by other drivers.
**chown_copied_files**=true
Determines whether file copied into a container will have changed ownership to
the primary uid/gid of the container.
## SERVICE DESTINATION TABLE ## SERVICE DESTINATION TABLE
The `service_destinations` table contains configuration options used to set up remote connections to the podman service for the podman API. The `service_destinations` table contains configuration options used to set up remote connections to the podman service for the podman API.
@ -530,7 +539,7 @@ Currently valid values are:
* file * file
* pass * pass
**opts**={} **[secrets.opts]**
The driver specific options object. The driver specific options object.