NAME¶

rkt-run - Run image(s) in a pod in rkt

SYNOPSIS¶

rkt run [--volume=name,kind=host,...] [--mount volume=VOL,target=PATH] IMAGE [-- image-args...[---]]... [flags]

DESCRIPTION¶

IMAGE should be a string referencing an image; either a hash, local file on disk, or URL. They will be checked in that order and the first match will be used.

Volumes are made available to the container via --volume. Mounts bind volumes into each image's root within the container via --mount. --mount is position-sensitive; occurring before any images applies to all images, occurring after any images applies only to the nearest preceding image. Per-app mounts take precedence over global ones if they have the same path.

An "--" may be used to inhibit rkt run's parsing of subsequent arguments, which will instead be appended to the preceding image app's exec arguments. End the image arguments with a lone "---" to resume argument parsing.

OPTIONS¶

--annotation=
set the app's annotations (example: '--annotation=foo=bar')

--caps-remove=
capability to remove (example: '--caps-remove=CAP_MKNOD')

--caps-retain=
capability to retain (example: '--caps-retain=CAP_SYS_ADMIN')

--cpu=
cpu limit for the preceding image (example: '--cpu=500m')

--cpu-shares=
cpu-shares assigns the specified CPU time share weight (example: '--cpu-shares=2048')

--dns=
name servers to write in /etc/resolv.conf. Pass 'host' to use host's resolv.conf. Pass 'none' to ignore CNI DNS config

--dns-domain=""
DNS domain to write in /etc/resolv.conf

--dns-opt=
DNS options to write in /etc/resolv.conf

--dns-search=
DNS search domains to write in /etc/resolv.conf

--environment=
set the app's environment variables (example: '--environment=foo=bar')

--exec=
override the exec command for the preceding image

--group=
group override for the preceding image (example: '--group=group')

-h, --help[=false]
help for run

--hostname=""
pod's hostname. If empty, it will be "rkt-$PODUUID"

--hosts-entry=
Entries to add to the pod-wide /etc/hosts. Pass 'host' to use the host's /etc/hosts

--inherit-env[=false]
inherit all environment variables not set by apps

--interactive[=false]
run pod interactively. If true, only one image may be supplied.

--ipc=""
whether to stay in the host IPC namespace. Syntax: --ipc=[auto|private|parent]

--mds-register[=false]
register pod with metadata service. needs network connectivity to the host (--net=(default|default-restricted|host)

--memory=
memory limit for the preceding image (example: '--memory=16Mi', '--memory=50M', '--memory=1G')

--mount=
mount point binding a volume to a path within an app

--name=
set the name of the app (example: '--name=foo'). If not set, then the app name default to the image's name

--net[=default]
configure the pod's networking. Optionally, pass a list of user-configured networks to load and set arguments to pass to each network, respectively. Syntax: --net[=n[:args], ...]

--no-overlay[=false]
disable overlay filesystem

--oom-score-adj=
oom-score-adj isolator override

--pod-manifest=""
the path to the pod manifest. If it's non-empty, then only '--net', '--no-overlay' and '--interactive' will have effect

--port=
ports to expose on the host (requires contained network). Syntax: --port=NAME:[HOSTIP:]HOSTPORT

--private-users[=false]
run within user namespaces.

--pull-policy="new"
when to pull an image

--readonly-rootfs=
if set, the app's rootfs will be mounted read-only

--seccomp=
seccomp filter override (example: '--seccomp mode=retain,errno=EPERM,chmod,chown')

--set-env=
environment variable to set for all the apps in the form key=value, this will be overridden by --environment

--set-env-file=
path to an environment variables file

--signature=
local signature file to use in validating the preceding image

--stage1-from-dir=
filename of an image in stage1 images directory to use as stage1

--stage1-hash=
hash of an image to use as stage1

--stage1-name=
name of an image to use as stage1

--stage1-path=
absolute or relative path to an image to use as stage1

--stage1-url=
URL to an image to use as stage1

--supplementary-gids=
supplementary group IDs override for the preceding image (examples: '--supplementary-gids=1024,2048'

--user=
user override for the preceding image (example: '--user=user')

--user-annotation=
set the app's annotations (example: '--user-annotation=foo=bar')

--user-label=
set the app's labels (example: '--user-label=foo=bar')

--uuid-file-save=""
write out pod UUID to specified file

--volume=
volumes to make available in the pod

--working-dir=
override the working directory of the preceding image

OPTIONS INHERITED FROM PARENT COMMANDS¶

--debug[=false]
print out more debug information to stderr

--dir=/var/lib/rkt
rkt data directory

--insecure-options=none
comma-separated list of security features to disable. Allowed values: "none", "image", "tls", "ondisk", "http", "pubkey", "capabilities", "paths", "seccomp", "all-fetch", "all-run", "all"

--local-config=/etc/rkt
local configuration directory

--system-config=/usr/lib/rkt
system configuration directory

--trust-keys-from-https[=false]
automatically trust gpg keys fetched from https

--user-config=
user configuration directory

SEE ALSO¶

rkt(1)

HISTORY¶

20-Dec-2019 Auto generated by spf13/cobra