Add missing fields to be used with podman
We also want to be able to default namespaces to host, so that HPC machines can default to not using most of the namespaces by default. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
parent
163e22fa0d
commit
c4d2aafd65
|
|
@ -17,6 +17,11 @@
|
|||
# profile name is "container-default".
|
||||
# apparmor_profile = "container-default"
|
||||
|
||||
# Default way to to create a cgroup namespace for the container
|
||||
# Options are:
|
||||
# `private` Create private Cgroup Namespace for the container.
|
||||
# `host` Share host Cgroup Namespace with the container.
|
||||
# cgroupns="private"
|
||||
|
||||
# Cgroup management implementation used for the runtime.
|
||||
# cgroup_manager = "systemd"
|
||||
|
|
@ -53,43 +58,106 @@
|
|||
# default_sysctls = [
|
||||
# ]
|
||||
|
||||
# Set default DNS servers.
|
||||
# This option can be used to override the DNS configuration passed to the container. Typically this is necessary
|
||||
# when the host DNS configuration is invalid for the container (e.g., 127.0.0.1).
|
||||
# When this is the case the --dns flags is necessary for every run.
|
||||
# The special value none can be specified to disable creation of /etc/resolv.conf in the container.
|
||||
# The /etc/resolv.conf file in the image will be used without changes.
|
||||
# dns=
|
||||
|
||||
# Set default DNS options.
|
||||
# dns-option=
|
||||
|
||||
# Set default DNS search domains.
|
||||
# dns-search=
|
||||
|
||||
# Environment variable list for the conmon process, used for passing necessary
|
||||
# environment variables to conmon or the runtime.
|
||||
# env = [
|
||||
# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
|
||||
# ]
|
||||
|
||||
# Use host environment inside of the container. See Environment note below for precedence.
|
||||
# env-host=false
|
||||
|
||||
# Path to OCI hooks directories for automatically executed hooks.
|
||||
# hooks_dir = [
|
||||
# “/usr/share/containers/oci/hooks.d”,
|
||||
# ]
|
||||
|
||||
# Run an init inside the container that forwards signals and reaps processes.
|
||||
# init = false
|
||||
|
||||
# Default proxy environment variables passed into the container. The environment variables passed in include
|
||||
# http_proxy, https_proxy, ftp_proxy, no_proxy, and also the upper case versions of these. This option is
|
||||
# only needed when the host system must use a proxy but the container should not use any proxy. Proxy envi‐
|
||||
# ronment variables specified for the container in any other way will override the values that would have
|
||||
# been passed thru from the host. (Other ways to specify the proxy for the container include passing the
|
||||
# values with the --env flag, or hard coding the proxy environment at container build time.)
|
||||
# proxy environment variables are passed into the container
|
||||
# http_proxy = [
|
||||
# ]
|
||||
# http_proxy=true
|
||||
|
||||
# whether the container tool will support container labeling.
|
||||
# container engines use container separation using MAC(SELinux) labeling.
|
||||
# label = true
|
||||
|
||||
# Tells container engines how to handle the builtin image volumes.
|
||||
# The options are: bind, tmpfs, or ignore (default bind)
|
||||
# · bind: A directory is created inside the container state directory and bind mounted into the
|
||||
# container for the volumes.
|
||||
# · tmpfs: The volume is mounted onto the container as a tmpfs, which allows the users to create
|
||||
# content that disappears when the container is stopped.
|
||||
# · ignore: All volumes are just ignored and no action is taken.
|
||||
# image-volume="bind"
|
||||
|
||||
# Default way to to create a IPC namespace (POSIX SysV IPC) for the container
|
||||
# Options are:
|
||||
# `private` Create private IPC Namespace for the container.
|
||||
# `host` Share host IPC Namespace with the container.
|
||||
# ipcns="private"
|
||||
|
||||
# Logging driver for the container. Available options: k8s-file and journald
|
||||
# log-driver="k8s-file"
|
||||
|
||||
# Maximum size allowed for the container log file. Negative numbers indicate
|
||||
# that no size limit is imposed. If it is positive, it must be >= 8192 to
|
||||
# match/exceed conmon's read buffer. The file is truncated and re-opened so the
|
||||
# limit is never exceeded.
|
||||
# log_size_max = -1
|
||||
|
||||
# Default way to to create a Network namespace for the container
|
||||
# Options are:
|
||||
# `private` Create private Network Namespace for the container.
|
||||
# `host` Share host Network Namespace with the container.
|
||||
# `none` Containers do not use the netwoek
|
||||
# netns="private"
|
||||
|
||||
# Create /etc/hosts for the container. By default, container engines manage /etc/hosts, adding the
|
||||
# container's own IP address.
|
||||
# no-host="false"
|
||||
|
||||
# Default way to to create a PID namespace for the container
|
||||
# Options are:
|
||||
# `private` Create private PID Namespace for the container.
|
||||
# `host` Share host PID Namespace with the container.
|
||||
# pidns="private"
|
||||
|
||||
# Maximum number of processes allowed in a container.
|
||||
# pids_limit = 2048
|
||||
|
||||
# Path to the seccomp.json profile which is used as the default seccomp profile
|
||||
# for the runtime.
|
||||
# seccomp_profile = "/tmp/seccomp.json"
|
||||
# seccomp_profile = "/usr/share/containers/seccomp.json"
|
||||
|
||||
# Size of /dev/shm. Specified as <number><unit>.
|
||||
# Unit is optional and can be b (bytes), k (kilobytes), m (megabytes), or g (gigabytes). If the unit is omitted, the system uses bytes.
|
||||
# shm_size = "65536k"
|
||||
|
||||
# Default way to to create a UTS namespace for the container
|
||||
# Options are: # `private` Create private UTS Namespace for the container.
|
||||
# `host` Share host UTS Namespace with the container.
|
||||
# utsns="private"
|
||||
|
||||
# The network table containers settings pertaining to the management of
|
||||
# CNI plugins.
|
||||
[network]
|
||||
|
|
@ -172,7 +240,7 @@
|
|||
# Uncomment to change location from this default.
|
||||
# volume_path = "/var/lib/containers/storage/volumes"
|
||||
|
||||
# Selects which logging mechanism to use for Podman events. Valid values
|
||||
# Selects which logging mechanism to use for container engine events. Valid values
|
||||
# are `journald` or `file`.
|
||||
# events_logger = "file"
|
||||
|
||||
|
|
@ -193,7 +261,7 @@
|
|||
# Paths to look for a valid OCI runtime (runc, runv, etc)
|
||||
[libpod.runtimes]
|
||||
# runc = [
|
||||
# "/usr/bin/runc",
|
||||
# "/usr/bin/runc",
|
||||
# "/usr/sbin/runc",
|
||||
# "/usr/local/bin/runc",
|
||||
# "/usr/local/sbin/runc",
|
||||
|
|
@ -217,3 +285,13 @@
|
|||
# TOML does not provide a way to end a table other than a further table being
|
||||
# defined, so every key hereafter will be part of [runtimes] and not the main
|
||||
# config.
|
||||
|
||||
# The network table containers settings pertaining to the management of
|
||||
# CNI plugins.
|
||||
[network]
|
||||
|
||||
# Path to directory where CNI plugin binaries are located.
|
||||
# cni_plugin_dirs = ["/usr/libexec/cni"]
|
||||
|
||||
# Path to the directory where CNI configuration files are located.
|
||||
# network_config_dir = "/etc/cni/net.d/"
|
||||
|
|
|
|||
Loading…
Reference in New Issue