Startup healthchecks are similar to K8S startup probes, in that
they are a separate check from the regular healthcheck that runs
before it. If the startup healthcheck fails repeatedly, the
associated container is restarted.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Add documentation on the new Netavark option, `metric`, used to
set default route preference for containers joined to multiple
networks.
[NO NEW TESTS NEEDED]
Signed-off-by: Matthew Heon <mheon@redhat.com>
Quadlet was doing some custom handling of uid/gid remapping, originating
from pre --userns=auto support, including its own user for getting subuids
which kinda conflicts with the "container" user used for that.
This drops all the old support for id remapping in favour of a new set
of keys that more directly map to the podman run options.
We have essentially 3 modes now:
```
RemapUsers=manual
RemapUid=0:10000:10
RemapUid=10:20000:10
RemapGid=0:10000:10
RemapGid=10:20000:10
```
This maps to --uidmap and --gidmap options.
```
RemapUsers=auto
```
This maps to --userns=auto. But you can additionally specify RemapUid,
RemapGid and RemapUidSize which gets applied as options to the
--userns podman option.
```
RemapUsers=keep-id
```
This maps to --userns=keep-id and only works for user units.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
1. proxy value from env `CONTAINER_PROXY`
2. proxy socks5 && socks5h is supported
3. the proxy dial timeout is 3s
Signed-off-by: shuai.yang <shuai.yang@mihoyo.com>
Since pasta is now considered a network mode using it as network name
causes a conflict. For now we will prefer the named network but in a
future major version bump we want to remove this and just use pasta(1).
The docs should reflect that this name is considered deprecated.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add quiet and no-info flags to podman machine start.
No-info suppresses helpful informational tips
Quiet suppresses machine start progress output, as well as informational
tips.
Signed-off-by: Ashley Cui <acui@redhat.com>
Up - do not fail if volume already exists, use the existing one
Down - allow the user to remove the volume by passing --force
Add tests
Update the documentation
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Conceptually equivalent to networking by means of slirp4netns(1),
with a few practical differences:
- pasta(1) forks to background once networking is configured in the
namespace and quits on its own once the namespace is deleted:
file descriptor synchronisation and PID tracking are not needed
- port forwarding is configured via command line options at start-up,
instead of an API socket: this is taken care of right away as we're
about to start pasta
- there's no need for further selection of port forwarding modes:
pasta behaves similarly to containers-rootlessport for local binds
(splice() instead of read()/write() pairs, without L2-L4
translation), and keeps the original source address for non-local
connections like slirp4netns does
- IPv6 is not an experimental feature, and enabled by default. IPv6
port forwarding is supported
- by default, addresses and routes are copied from the host, that is,
container users will see the same IP address and routes as if they
were in the init namespace context. The interface name is also
sourced from the host upstream interface with the first default
route in the routing table. This is also configurable as documented
- sandboxing and seccomp(2) policies cannot be disabled
- only rootless mode is supported.
See https://passt.top for more details about pasta.
Also add a link to the maintained build of pasta(1) manual as valid
in the man page cross-reference checks: that's where the man page
for the latest build actually is -- it's not on Github and it doesn't
match any existing pattern, so add it explicitly.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Remove the container/pod ID file along with the container/pod. It's
primarily used in the context of systemd and are not useful nor needed
once a container/pod has ceased to exist.
Fixes: #16387
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
--insecure and --verbose flags for docker compatibility
--tls-verify for syntax compatibility and allow users to inspect
manifests at remote Container Registiries without requiring tls.
Helps fix: https://github.com/containers/podman/issues/14917
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This was a horrible one. I basically went with the podman-run
version, with a few minor changes. See PR for discussion of
diff review.
podman-build is not included here, it is too different.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add the abilitiy to deploy the generated kube yaml to a
kubernetes cluster with the podman kube apply command.
Add support to directly apply containers, pods, or volumes
by passing in their names or ids to the command.
Use the kubernetes API endpoints and http requests to connect
to the cluster and deploy the various kubernetes object kinds.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Underscore is special in markdown. We usually escape them
properly, but these are a few that we missed. Found using:
$ ack '[A-Z]\\fI[A-Z]' docs/build/man
(plus one that I found by accident).
If anyone has ideas on how to add a commit check for these,
please speak up. I'm at a complete loss to automate this.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add a new annotation to allow the user to point to a local tar file
If the annotation is present, import the file's content into the volume
Add a flag to PlayKubeOptions to note remote requests
Fail when trying to import volume content in remote requests
Add the annotation to the documentation
Add an E2E test to the new annotation
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
It was a bit unclear what setting it to empty means.
Also, add to the tests verification that this works.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This just fixes the indentation which was previously breaking the
list such that the various network modes were just mixed into one large
paragraph instead of a list.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This makees much more sense for typical service loads, and can
easily be reverted by `ReadOnly=no`.
Also updates and adds various tests for this.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This ignores the create request if the named volume already exists.
It is very useful when scripting stuff.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Fixed the issue of `--format` and `--verbose` flags being allowed in
combination with one another.
Implemented functionality for `--format json` or `--format '{{ json }}' `.
Implemented command-completion help for `--format`.
Fixes: #16204
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
In each options/foo.md, keep a list of where the option is used.
This will be valuable to anyone making future edits, and to
those reviewing those edits.
This may be a controversial commit, because those crossref lists
are autogenerated as a side effect of the script that reads them.
It definitely violates POLA. And one day, some kind person will
reconcile (e.g.) --label, using it in more man pages, and maybe
forget to git-commit the rewritten file, and CI will fail.
I think this is a tough tradeoff, but worth doing. Without this,
it's much too easy for someone to change an option file in a way
that renders it inapplicable/misleading for some podman commands.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This adds the "podman-systemd.unit(5)" manpage that describes
the podman generators from a high level, and all the supported
options.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This is what was supposed to be an easy two-or-three-line
change to enable a more general-purpose include mechanism
than '@@option'; one that could include an arbitrary file.
This is commit 2 of 2, the "easy" part. Unfortunately, it's
not looking good. The source .md file has UTF8 checkmarks,
and nroff is not happy with those: the generated man pages
are gross.
Another problem: the source .md might need tweaking, because
we don't want a level 1 header in the man page. Obvious solution
is to make kubernetes_support.md a .md.in file as well, and
move the tables to a separate file (or files). Deferred for later.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Accumulated cleanup from the man-page deduplication effort.
Various minor things that slipped.
--publish-all : remove duplicate "default is false" (toth @dilyanpalauzov)
--shm-size : rephrase 'you' and 'y'all'
--tls-verify : make narrower, add asterisks to true/false,
and linkify containers-registries.conf
--volume : incorporate feedback from @mheon
rename pid.md to pid.container.md, because there's a pid.pod.md
for the --pid option used in pod-related man pages.
...and some whitespace, comma, other minor edits
Fixes: #15356
Signed-off-by: Ed Santiago <santiago@redhat.com>
Refactored among all files that mentioned it.
DANGER WILL ROBINSON! REVIEW CAREFULLY! Here are two major
decisions I made:
1) Look at the text for podman-run, in particular the "" text.
It currently says "will use the default". As best I can
tell this is not true, so I changed it to "will disable"
which matches all the other commands.
2) The "containers.conf" text, I decided, applies to all
commands, not just podman-run (it was only present in
podman-run). If this is not the case, please yell.
Other changes are cosmetic formatting stuff, asterisks end newlines.
Hard to review with hack/markdown-preprocess-review, because all
the text is one horrible long line instead of 80-char breaks.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only between podman-create and -run; podman-start was too
different. (But please look into it, maybe there's a way
to reconcile the diffs).
Very minor formatting changes made to reconcile the two.
Easy to review using hack/markdown-preprocess-review
Signed-off-by: Ed Santiago <santiago@redhat.com>
The new cobra update fixed a bug which caused some options to not be
included in --help when there was already a option with the same name
on a parent command.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
[Note: I already refactored --annotation for container-related
commands; this one is for manifest-related commands]
This one needed reconciling: one man page said "newly added image",
the other said "specified image", I just reduced that to "image".
If that's not cool, any suggestions on how to make it better? Or,
just reject this PR, we can live with this duplication.
Signed-off-by: Ed Santiago <santiago@redhat.com>
When the `XDG_CONFIG_HOME` environment variable is changed, for example,
to switch development contexts, the behavior of the podman-machine can
be confusing. The documentation had not mentioned this, and this commit
adds these mentions.
Closes: https://github.com/containers/podman/issues/15577
Reviewed-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Naoaki Ueda <nao@uedder.com>
Only between the two podman-manifest-* commands. podman-build
is too different.
Easy one, text was already identical
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only in container/pod stop/rm/restart man pages; the others
(volume-rm, network-rm, system-service) are too different to refactor.
Mostly an easy one, no manual reconciliation needed apart from
the pod-vs-container difference.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only between podman-create and -run; the other meanings
of --pod are too different. This almost didn't feel worth
refactoring, except the podman-run version fixed a word
and added a possibly important note about infra containers.
I went with the podman-run version.
Signed-off-by: Ed Santiago <santiago@redhat.com>
In order to allow pods to reach other pods (as in Kubernetes) they all
need to be added to the same network. A network is created (if it
doesn't exist) and pods created by play-kube are added to that network.
When network options are passed to kube command the pods are not
attached to the default kube network.
Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
Two different texts, split into two .md files. Nontrivial, but
still easy to review because the text is unchanged.
I was unable to reconcile either version with podman-build,
so that file remains with a separate version.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Tricky one. In particular: podman-kube-play did not enumerate
the "host" option; here I take the liberty of using it in the
common network.md, so it will appear in podman-kube-play.1.
If that is wrong, please tell me ASAP: I will need to un-refactor
podman-kube-play.
Other decisions:
* move the "invalid if" text to the bottom, because it can't
be shared between pod and container man pages.
* ditto for "together with --pod"
* kube-play said "Change the network mode of"; all the others
said ">SET< the network mode >FOR< ...". I chose the latter,
so that's what kube-play will have also. Again, if that's
wrong, please lmk.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Trivial one: no human intervention needed, the man page text
was already identical between both files.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Simple in reality, but hard to review due to lots of little diffs:
- "Logging driver specific options" was only in podman-run; I added it
to create and kube-play.
- whitespace changes, the 'e.g.'s got consistent 4-space indentation
- the "same keys" and "supported only" sentences, I moved up to be
closer to **tag** and without intervening whitespace, because they
were unclear as they were: I believe the intent is to apply those
sentences only to **tag**, not to the **--log-opt** option itself.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Another easy one. Option is only present in these three man pages.
I took the liberty of changing the "See note" text, making it
the same as --env. I also took the liberty of hyphenating
"line-delimited" because that's the correct thing to do.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only among podman create, exec, run. The same option in
podman build, generate-systemd, and secret-create is too
different.
Should be a trivial one to review, the only difference is
a period at the end of one sentence. And, of course, the
"See Environment note" applies only to podman-create and
run, not exec, so it can't be deduplicated.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Unusually, I discarded the podman-run version and went with
the one common to attach and start. (The defaults are left
out of the common file, because 'start' is different by
necessity). Please review extra-carefully to make sure
the new wording applies to podman-run, in particular
the "non-TTY mode" words.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Issue #15923 should have never happened: the problem should've
been autodetected. Make it so henceforth (and fix another
existing discrepancy)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Changes since 2022-09-09:
- man page: add --skip-unused-stages (buildah 4249)
- man page: bring in new Note for --cache-ttl (4248)
- system tests: de-stutter (4205)
- (internal): in skip() applier: escape asterisk, otherwise
the "bud with --dns* flags" sed expression never applies.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We added the concept of image volumes in 2.2.0, to support
inspecting an image from within a container. However, this is a
strictly read-only mount, with no modification allowed.
By contrast, the new `image` volume driver creates a c/storage
container as its underlying storage, so we have a read/write
layer. This, in and of itself, is not especially interesting, but
what it will enable in the future is. If we add a new command to
allow these image volumes to be committed, we can now distribute
volumes - and changes to them - via a standard OCI image registry
(which is rather new and quite exciting).
Future work in this area:
- Add support for `podman volume push` (commit volume changes and
push resulting image to OCI registry).
- Add support for `podman volume pull` (currently, we require
that the image a volume is created from be already pulled; it
would be simpler if we had a dedicated command that did the
pull and made a volume from it)
- Add support for scratch images (make an empty image on demand
to use as the base of the volume)
- Add UOR support to `podman volume push` and
`podman volume pull` to enable both with non-image volume
drivers
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Add --label/-l label flag to secret create, and show labels when
inspecting secrets. Also allow labeling secrets via libpod/compat API.
Signed-off-by: Ashley Cui <acui@redhat.com>
Baby steps toward merging #14046: document Go format options
for podman events.
This is deliberately imperfect. I am not the right person
to document these. I am simply the person who is getting
a skeleton framework in place.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only between podman-build, create, and run. podman-pod-create
is too different.
As usual I went with the podman-run version. This means
keeping the word "flag" (which should be "option"), for
ease of review. I will fix in my in-progress cleanup PR.
For podman-build, I removed "during the build" and changed
it to a note for that man page only.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Alias
podman --context -> podman --connection
podman context use -> podman system connection default
podman context rm -> podman system connection rm
podman context create -> podman system connection add
podman context ls ->podman system connection ls
podman context inspect ->podman system connection ls --json (For
specified connections)
Podman context is a hidden command, but can be used for existing scripts
that assume Docker under the covers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
--no-reset and --no-stream, in podman-stats and pod-stats.
Very minor tweak to --no-stream to account for pods.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Mostly went with the podman-run version. For ease of review, I
kept the "you" word -- I will fix that in my in-progress
cleanup PR.
This affects lots of files, each of which had slightly different
wording, but this actually isn't as bad as it looks. The diffs
were minor, and I'm pretty sure the new refactored text applies
equally well to all the man pages.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Three simple options shared among podman-create, exec, run.
I mostly went with the podman-run versions. For --tty, this
means that create and exec get the long stdout/stderr note.
(The example, though, remains only in podman-run). For -i,
mostly boldspace changes.
For --preserve-fds, podman-exec now has the "not with remote"
note (which it didn't until now)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Similar to yesterday's --ip. No changes to content, all I did
was variableize the instances of 'container'/'pod'.
Did not touch podman-network-connect file, but if someone
wants to look at that one and tell me whether all this long
text is applicable to it (or not), I'd appreciate it.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The default ip is 10.0.2.2 but is always the second ip from the
slirp4netns subnet, which can be changed via the cidr option.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2090166
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Ugh. This had about five different variations among twelve files.
I went with the version from podman-create, kube play, login, pull,
push, run. The others:
- manifest-add and create did not include the "true, false, missing"
text. Now they do. (If this text is N/A to these two, please yell).
Also, these two were written with "talking" instead of "contacting"
the registry.
- podman-build had "does not work with remote", but this
does not seem to be true, so I removed it. None of the
other files had that.
- the wording in podman-search is just weird, with "if needed"
and "is listed" and unclear "insecure registries". I just
nuked it all. If that wording was deliberate, for some reason
that applies only to podman-search, please yell.
- podman-container-runlabel has one diff that I like, actually
spelling out containers-registries.conf(5), but incorporating
that would make this even harder to review. I will add that
to my in-progress doc-cleanup PR.
Review recommendation: run hack/markdown-preprocess-review but
just quit out of it immediately (on both popups). Ignore it completely.
Then cd /tmp/markdown-preprocess-review.diffs/tls-verify and run
$ clear;for i in podman-*;do echo;echo $i;wdiff -t $i zzz-chosen.md;done
This will show the major diffs between each version and the chosen one.
Assumes you have wdiff installed. If you have another colorize-actual-
individual-word-diffs tool installed, use that. I like cdif[1].
[1] https://github.com/kaz-utashiro/sdif-tools
Signed-off-by: Ed Santiago <santiago@redhat.com>
Almost identical between podman-create, run, and pod-create.
The "Notes" are different, so I left those duplicated between
podman-create and run, and left the different one in pod-create.
podman-container-restore also has --publish but it's unrelated.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only shared between podman-create and run. The latter was
updated in #5192, and that is the text I chose.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only shared by podman-create, -pull, -run. No changes
made other than whitespace, so this should be a gimme.
podman-build, import, and manifest-* also have --os options,
but those are unrelated and I can't find a way to combine
any two of them.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Between podman-create, run, and pod-create. The big difference
is that I changed 'IP' to 'IPv4' in podman-pod-create, I believe
that was an oversight in #12611.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Emit a warning to the user when generating a unit with --new on a
container that was created with a custom --restart policy. As shown
in #15284, a custom --restart policy in that case can lead to issues
on system shutdown where systemd attempts to nuke the unit but Podman
keeps on restarting the container.
Fixes: #15284
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
podman-create and -run only. The SELinux text was added
to podman-run (but not -create) in #3631, and reformatted
in #5192. I assume here that it also applies to podman-create.
Per feedback from Dan, added :s0 to SELinux context
Signed-off-by: Ed Santiago <santiago@redhat.com>
Removed a spurious right-bracket; went with upper-case for options;
removed 'you's; added some <<container|pod>>s.
Hard to review because none of the existing man pages had it
quite right.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Make sure that the wording of mounting something _from_ the source
_into_ the destination is consistent.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This one is a nightmare, because --volume has been edited
in four different files throughout the years (five if you
count podman-build, which I am not including in this PR).
Those edits have not always been done in sync.
The list of options was reordered 2022-06-28 by Giuseppe in #14734,
but only in podman-create and -run (not in podman-pod-*). No
explanation of why, but I'll assume he knew what he was doing,
and have accepted that for the reference copy.
There was also a big edit in #8519.
The "Propagation property...bind mounted" sentence first appeared
in pod-clone, in #14299 by cdoern, with no obvious source of where
it came from. I choose to include it in the reference copy.
The "**copy**" option seems to work in pod-create, so I'm including
it in the reference copy. Someone please yell loudly if this is
not the case.
The "disables SELinux separation for containers used in the build",
no idea, changed that to just "for the container/pod"
The "advanced users / overlay / upperdir / workdir" paragraph
makes zero sense to me, but hey, I assume it applies to all
the commands, so I put it in the reference copy.
Finally, there's still a mishmash of backticks, asterisks, underscores,
and even quotation marks. Someone is gonna have to perform major
cleanup on this one day, but at least it'll be in only one place.
Signed-off-by: Ed Santiago <santiago@redhat.com>
For systems that have extreme robustness requirements (edge devices,
particularly those in difficult to access environments), it is important
that applications continue running in all circumstances. When the
application fails, Podman must restart it automatically to provide this
robustness. Otherwise, these devices may require customer IT to
physically gain access to restart, which can be prohibitively difficult.
Add a new `--on-failure` flag that supports four actions:
- **none**: Take no action.
- **kill**: Kill the container.
- **restart**: Restart the container. Do not combine the `restart`
action with the `--restart` flag. When running inside of
a systemd unit, consider using the `kill` or `stop`
action instead to make use of systemd's restart policy.
- **stop**: Stop the container.
To remain backwards compatible, **none** is the default action.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This commit was automatically cherry-picked
by buildah-vendor-treadmill v0.3
from the buildah vendor treadmill PR, #13808
Changes since 2022-08-16:
- buildah 4139: minor line-number changes to the diff
file because helpers.bash got edited
- buildah 4190: skip the new test if remote
- buildah 4195: add --retry / --retry-delay
- changes to deal with vendoring gomega, units
- changes to the podman login error message in system test
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Another easy one. Difference is that pod-create was fixed
in #14532 (s/ignore/not allowed/) but pod-clone was not.
I went with the fixed version.
Signed-off-by: Ed Santiago <santiago@redhat.com>
As promised, harder and harder to review. Please take your time
with this one.
For IPC, I went with the list form. For net, I used the single-
sentence form instead of a one-element list.
The container/pod diffs are clumsy, sorry. Maybe it's time to
start thinking of a more flexible conditional mechanism, but
I'd really like to avoid that so I hope this is acceptable.
In the first sentence I went with 'namespaced' (final 'd') in
all instances. I also got rid of the 'new' in 'new pod' in
pod-clone.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The refactors are starting to get harder to review - sorry.
Here the differences are pretty small, mostly changes to the
"it is a combination" wording and some asteriskization.
The more significant diffs are that there are some Notes that
are pod- or container- or build-specific; I needed to move those
from the middle to the end, then keep them in the source files
themselves. I don't think this affects readability of the
resulting man pages, but your opinion may differ.
Last important thing: I included the /dev/fuse text in the
common option, which means it will now show up in podman-build
(it was not previously there). If this text is not applicable
to podman-build, please LMK ASAP so I can just move it back
to individual source files.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add auto-update support to `podman kube play`. Auto-update policies can
be configured for:
* the entire pod via the `io.containers.autoupdate` annotation
* a specific container via the `io.containers.autoupdate/$name` annotation
To make use of rollbacks, the `io.containers.sdnotify` policy should be
set to `container` such that the workload running _inside_ the container
can send the READY message via the NOTIFY_SOCKET once ready. For
further details on auto updates and rollbacks, please refer to the
specific article [1].
Since auto updates and rollbacks bases on Podman's systemd integration,
the k8s YAML must be executed in the `podman-kube@` systemd template.
For further details on how to run k8s YAML in systemd via Podman, please
refer to the specific article [2].
An examplary k8s YAML may look as follows:
```YAML
apiVersion: v1
kind: Pod
metadata:
annotations:
io.containers.autoupdate: "local"
io.containers.autoupdate/b: "registry"
labels:
app: test
name: test_pod
spec:
containers:
- command:
- top
image: alpine
name: a
- command:
- top
image: alpine
name: b
```
[1] https://www.redhat.com/sysadmin/podman-auto-updates-rollbacks
[2] https://www.redhat.com/sysadmin/kubernetes-workloads-podman-systemd
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Alexander Larsson
OpenShift Merge Robot
Matthew Heon
Matthew Heon
Ingo Becker
gupttaru
Erik Sjölund
Daniel J Walsh
Tsubasa Watanabe
shuai.yang
Paul Holzinger
Ashley Cui
Ygal Blum
Stefano Brivio
Valentin Rothberg
Ed Santiago
Urvashi Mohnani
Leonardo Rossetti
Jake Correnti
Naoaki Ueda
Andrei Natanael Cosma
Andrew Denton
Barnabé BALP
Toshiki Sonoda