pub type ContainerCreateLibpodCreateParam = SpecGenerator;Expand description
SpecGenerator creates an OCI spec and Libpod configuration options to create a container based on the given configuration.
Aliased Type§
struct ContainerCreateLibpodCreateParam {Show 113 fields
pub networks: Option<HashMap<String, PerNetworkOptions>>,
pub annotations: Option<HashMap<String, String>>,
pub apparmor_profile: Option<String>,
pub cap_add: Option<Vec<String>>,
pub cap_drop: Option<Vec<String>>,
pub cgroup_parent: Option<String>,
pub cgroupns: Option<Namespace>,
pub cgroups_mode: Option<String>,
pub chroot_directories: Option<Vec<String>>,
pub cni_networks: Option<Vec<String>>,
pub command: Option<Vec<String>>,
pub conmon_pid_file: Option<String>,
pub container_create_command: Option<Vec<String>>,
pub cpu_period: Option<u64>,
pub cpu_quota: Option<i64>,
pub create_working_dir: Option<bool>,
pub dependency_containers: Option<Vec<String>>,
pub device_cgroup_rule: Option<Vec<LinuxDeviceCgroup>>,
pub devices: Option<Vec<LinuxDevice>>,
pub devices_from: Option<Vec<String>>,
pub dns_option: Option<Vec<String>>,
pub dns_search: Option<Vec<String>>,
pub dns_server: Option<Vec<String>>,
pub entrypoint: Option<Vec<String>>,
pub env: Option<HashMap<String, String>>,
pub env_host: Option<bool>,
pub envmerge: Option<Vec<String>>,
pub expose: Option<Value>,
pub groups: Option<Vec<String>>,
pub health_check_on_failure_action: Option<i64>,
pub healthconfig: Option<Schema2HealthConfig>,
pub host_device_list: Option<Vec<LinuxDevice>>,
pub hostadd: Option<Vec<String>>,
pub hostname: Option<String>,
pub hostusers: Option<Vec<String>>,
pub httpproxy: Option<bool>,
pub idmappings: Option<IdMappingOptions>,
pub image: Option<String>,
pub image_arch: Option<String>,
pub image_os: Option<String>,
pub image_variant: Option<String>,
pub image_volume_mode: Option<String>,
pub image_volumes: Option<Vec<ImageVolume>>,
pub init: Option<bool>,
pub init_container_type: Option<String>,
pub init_path: Option<String>,
pub ipcns: Option<Namespace>,
pub labels: Option<HashMap<String, String>>,
pub log_configuration: Option<LogConfigLibpod>,
pub manage_password: Option<bool>,
pub mask: Option<Vec<String>>,
pub mounts: Option<Vec<Mount>>,
pub name: Option<String>,
pub namespace: Option<String>,
pub netns: Option<Namespace>,
pub network_options: Option<HashMap<String, Vec<String>>>,
pub no_new_privileges: Option<bool>,
pub oci_runtime: Option<String>,
pub oom_score_adj: Option<i64>,
pub overlay_volumes: Option<Vec<OverlayVolume>>,
pub passwd_entry: Option<String>,
pub personality: Option<LinuxPersonality>,
pub pidns: Option<Namespace>,
pub pod: Option<String>,
pub portmappings: Option<Vec<PortMapping>>,
pub privileged: Option<bool>,
pub procfs_opts: Option<Vec<String>>,
pub publish_image_ports: Option<bool>,
pub r_limits: Option<Vec<PosixRlimit>>,
pub raw_image_name: Option<String>,
pub read_only_filesystem: Option<bool>,
pub remove: Option<bool>,
pub resource_limits: Option<LinuxResources>,
pub restart_policy: Option<String>,
pub restart_tries: Option<u64>,
pub rootfs: Option<String>,
pub rootfs_overlay: Option<bool>,
pub rootfs_propagation: Option<String>,
pub sdnotify_mode: Option<String>,
pub seccomp_policy: Option<String>,
pub seccomp_profile_path: Option<String>,
pub secret_env: Option<HashMap<String, String>>,
pub secrets: Option<Vec<Secret>>,
pub selinux_opts: Option<Vec<String>>,
pub shm_size: Option<i64>,
pub stdin: Option<bool>,
pub stop_signal: Option<i64>,
pub stop_timeout: Option<u64>,
pub storage_opts: Option<HashMap<String, String>>,
pub sysctl: Option<HashMap<String, String>>,
pub systemd: Option<String>,
pub terminal: Option<bool>,
pub throttle_read_bps_device: Option<HashMap<String, LinuxThrottleDevice>>,
pub throttle_read_iops_device: Option<HashMap<String, LinuxThrottleDevice>>,
pub throttle_write_bps_device: Option<HashMap<String, LinuxThrottleDevice>>,
pub throttle_write_iops_device: Option<HashMap<String, LinuxThrottleDevice>>,
pub timeout: Option<u64>,
pub timezone: Option<String>,
pub umask: Option<String>,
pub unified: Option<HashMap<String, String>>,
pub unmask: Option<Vec<String>>,
pub unsetenv: Option<Vec<String>>,
pub unsetenvall: Option<bool>,
pub use_image_hosts: Option<bool>,
pub use_image_resolve_conf: Option<bool>,
pub user: Option<String>,
pub userns: Option<Namespace>,
pub utsns: Option<Namespace>,
pub volatile: Option<bool>,
pub volumes: Option<Vec<NamedVolume>>,
pub volumes_from: Option<Vec<String>>,
pub weight_device: Option<HashMap<String, LinuxWeightDevice>>,
pub work_dir: Option<String>,
}Fields§
§networks: Option<HashMap<String, PerNetworkOptions>>Map of networks names or ids that the container should join. You can request additional settings for each network, you can set network aliases, static ips, static mac address and the network interface name for this container on the specific network. If the map is empty and the bridge network mode is set the container will be joined to the default network.
annotations: Option<HashMap<String, String>>Annotations are key-value options passed into the container runtime that can be used to trigger special behavior. Optional.
apparmor_profile: Option<String>ApparmorProfile is the name of the Apparmor profile the container will use. Optional.
cap_add: Option<Vec<String>>CapAdd are capabilities which will be added to the container. Conflicts with Privileged. Optional.
cap_drop: Option<Vec<String>>CapDrop are capabilities which will be removed from the container. Conflicts with Privileged. Optional.
cgroup_parent: Option<String>CgroupParent is the container’s Cgroup parent. If not set, the default for the current cgroup driver will be used. Optional.
cgroupns: Option<Namespace>§cgroups_mode: Option<String>CgroupsMode sets a policy for how cgroups will be created in the container, including the ability to disable creation entirely.
chroot_directories: Option<Vec<String>>ChrootDirs is an additional set of directories that need to be treated as root directories. Standard bind mounts will be mounted into paths relative to these directories.
cni_networks: Option<Vec<String>>CNINetworks is a list of CNI networks to join the container to. If this list is empty, the default CNI network will be joined instead. If at least one entry is present, we will not join the default network (unless it is part of this list). Only available if NetNS is set to bridge. Optional. Deprecated: as of podman 4.0 use “Networks” instead.
command: Option<Vec<String>>Command is the container’s command. If not given and Image is specified, this will be populated by the image’s configuration. Optional.
conmon_pid_file: Option<String>ConmonPidFile is a path at which a PID file for Conmon will be placed. If not given, a default location will be used. Optional.
container_create_command: Option<Vec<String>>ContainerCreateCommand is the command that was used to create this
container.
This will be shown in the output of Inspect() on the container, and
may also be used by some tools that wish to recreate the container
(e.g. podman generate systemd --new).
Optional.
cpu_period: Option<u64>CPU period of the cpuset, determined by –cpus
cpu_quota: Option<i64>CPU quota of the cpuset, determined by –cpus
create_working_dir: Option<bool>Create the working directory if it doesn’t exist. If unset, it doesn’t create it. Optional.
dependency_containers: Option<Vec<String>>DependencyContainers is an array of containers this container depends on. Dependency containers must be started before this container. Dependencies can be specified by name or full/partial ID. Optional.
device_cgroup_rule: Option<Vec<LinuxDeviceCgroup>>DeviceCgroupRule are device cgroup rules that allow containers to use additional types of devices.
devices: Option<Vec<LinuxDevice>>Devices are devices that will be added to the container. Optional.
devices_from: Option<Vec<String>>DevicesFrom is a way to ensure your container inherits device specific information from another container
dns_option: Option<Vec<String>>DNSOptions is a set of DNS options that will be used in the container’s resolv.conf, replacing the host’s DNS options which are used by default. Conflicts with UseImageResolvConf. Optional.
dns_search: Option<Vec<String>>DNSSearch is a set of DNS search domains that will be used in the container’s resolv.conf, replacing the host’s DNS search domains which are used by default. Conflicts with UseImageResolvConf. Optional.
dns_server: Option<Vec<String>>DNSServers is a set of DNS servers that will be used in the container’s resolv.conf, replacing the host’s DNS Servers which are used by default. Conflicts with UseImageResolvConf. Optional.
entrypoint: Option<Vec<String>>Entrypoint is the container’s entrypoint. If not given and Image is specified, this will be populated by the image’s configuration. Optional.
env: Option<HashMap<String, String>>Env is a set of environment variables that will be set in the container. Optional.
env_host: Option<bool>EnvHost indicates that the host environment should be added to container Optional.
envmerge: Option<Vec<String>>EnvMerge takes the specified environment variables from image and preprocess them before injecting them into the container.
expose: Option<Value>Expose is a number of ports that will be forwarded to the container if PublishExposedPorts is set. Expose is a map of uint16 (port number) to a string representing protocol i.e map[uint16]string. Allowed protocols are “tcp”, “udp”, and “sctp”, or some combination of the three separated by commas. If protocol is set to “” we will assume TCP. Only available if NetNS is set to Bridge or Slirp, and PublishExposedPorts is set. Optional.
groups: Option<Vec<String>>Groups are a list of supplemental groups the container’s user will be granted access to. Optional.
health_check_on_failure_action: Option<i64>§healthconfig: Option<Schema2HealthConfig>§host_device_list: Option<Vec<LinuxDevice>>HostDeviceList is used to recreate the mounted device on inherited containers
hostadd: Option<Vec<String>>HostAdd is a set of hosts which will be added to the container’s etc/hosts file. Conflicts with UseImageHosts. Optional.
hostname: Option<String>Hostname is the container’s hostname. If not set, the hostname will not be modified (if UtsNS is not private) or will be set to the container ID (if UtsNS is private). Conflicts with UtsNS if UtsNS is not set to private. Optional.
hostusers: Option<Vec<String>>HostUses is a list of host usernames or UIDs to add to the container etc/passwd file
httpproxy: Option<bool>EnvHTTPProxy indicates that the http host proxy environment variables should be added to container Optional.
idmappings: Option<IdMappingOptions>§image: Option<String>Image is the image the container will be based on. The image will be used as the container’s root filesystem, and its environment vars, volumes, and other configuration will be applied to the container. Conflicts with Rootfs. At least one of Image or Rootfs must be specified.
image_arch: Option<String>ImageArch is the user-specified image architecture
image_os: Option<String>ImageOS is the user-specified image OS
image_variant: Option<String>ImageVariant is the user-specified image variant
image_volume_mode: Option<String>ImageVolumeMode indicates how image volumes will be created. Supported modes are “ignore” (do not create), “tmpfs” (create as tmpfs), and “anonymous” (create as anonymous volumes). The default if unset is anonymous. Optional.
image_volumes: Option<Vec<ImageVolume>>Image volumes bind-mount a container-image mount into the container. Optional.
init: Option<bool>Init specifies that an init binary will be mounted into the container, and will be used as PID1.
init_container_type: Option<String>InitContainerType describes if this container is an init container and if so, what type: always or once
init_path: Option<String>InitPath specifies the path to the init binary that will be added if Init is specified above. If not specified, the default set in the Libpod config will be used. Ignored if Init above is not set. Optional.
ipcns: Option<Namespace>§labels: Option<HashMap<String, String>>Labels are key-value pairs that are used to add metadata to containers. Optional.
log_configuration: Option<LogConfigLibpod>§manage_password: Option<bool>Passwd is a container run option that determines if we are validating users/groups before running the container
mask: Option<Vec<String>>Mask is the path we want to mask in the container. This masks the paths given in addition to the default list. Optional
mounts: Option<Vec<Mount>>Mounts are mounts that will be added to the container. These will supersede Image Volumes and VolumesFrom volumes where there are conflicts. Optional.
name: Option<String>Name is the name the container will be given. If no name is provided, one will be randomly generated. Optional.
namespace: Option<String>Namespace is the libpod namespace the container will be placed in. Optional.
netns: Option<Namespace>§network_options: Option<HashMap<String, Vec<String>>>NetworkOptions are additional options for each network Optional.
no_new_privileges: Option<bool>NoNewPrivileges is whether the container will set the no new privileges flag on create, which disables gaining additional privileges (e.g. via setuid) in the container.
oci_runtime: Option<String>OCIRuntime is the name of the OCI runtime that will be used to create the container. If not specified, the default will be used. Optional.
oom_score_adj: Option<i64>OOMScoreAdj adjusts the score used by the OOM killer to determine processes to kill for the container’s process. Optional.
overlay_volumes: Option<Vec<OverlayVolume>>Overlay volumes are named volumes that will be added to the container. Optional.
passwd_entry: Option<String>PasswdEntry specifies arbitrary data to append to a file.
personality: Option<LinuxPersonality>§pidns: Option<Namespace>§pod: Option<String>Pod is the ID of the pod the container will join. Optional.
portmappings: Option<Vec<PortMapping>>PortBindings is a set of ports to map into the container. Only available if NetNS is set to bridge or slirp. Optional.
privileged: Option<bool>Privileged is whether the container is privileged. Privileged does the following: Adds all devices on the system to the container. Adds all capabilities to the container. Disables Seccomp, SELinux, and Apparmor confinement. (Though SELinux can be manually re-enabled). TODO: this conflicts with things. TODO: this does more.
procfs_opts: Option<Vec<String>>ProcOpts are the options used for the proc mount.
publish_image_ports: Option<bool>PublishExposedPorts will publish ports specified in the image to random unused ports (guaranteed to be above 1024) on the host. This is based on ports set in Expose below, and any ports specified by the Image (if one is given). Only available if NetNS is set to Bridge or Slirp.
r_limits: Option<Vec<PosixRlimit>>Rlimits are POSIX rlimits to apply to the container. Optional.
raw_image_name: Option<String>RawImageName is the user-specified and unprocessed input referring to a local or a remote image.
read_only_filesystem: Option<bool>ReadOnlyFilesystem indicates that everything will be mounted as read-only
remove: Option<bool>Remove indicates if the container should be removed once it has been started and exits
resource_limits: Option<LinuxResources>§restart_policy: Option<String>RestartPolicy is the container’s restart policy - an action which will be taken when the container exits. If not given, the default policy, which does nothing, will be used. Optional.
restart_tries: Option<u64>RestartRetries is the number of attempts that will be made to restart the container. Only available when RestartPolicy is set to “on-failure”. Optional.
rootfs: Option<String>Rootfs is the path to a directory that will be used as the container’s root filesystem. No modification will be made to the directory, it will be directly mounted into the container as root. Conflicts with Image. At least one of Image or Rootfs must be specified.
rootfs_overlay: Option<bool>RootfsOverlay tells if rootfs is actually an overlay on top of base path
rootfs_propagation: Option<String>RootfsPropagation is the rootfs propagation mode for the container. If not set, the default of rslave will be used. Optional.
sdnotify_mode: Option<String>Determine how to handle the NOTIFY_SOCKET - do we participate or pass it through “container” - let the OCI runtime deal with it, advertise conmon’s MAINPID “conmon-only” - advertise conmon’s MAINPID, send READY when started, don’t pass to OCI “ignore” - unset NOTIFY_SOCKET
seccomp_policy: Option<String>SeccompPolicy determines which seccomp profile gets applied the container. valid values: empty,default,image
seccomp_profile_path: Option<String>SeccompProfilePath is the path to a JSON file containing the container’s Seccomp profile. If not specified, no Seccomp profile will be used. Optional.
secret_env: Option<HashMap<String, String>>EnvSecrets are secrets that will be set as environment variables Optional.
secrets: Option<Vec<Secret>>Secrets are the secrets that will be added to the container Optional.
selinux_opts: Option<Vec<String>>SelinuxProcessLabel is the process label the container will use. If SELinux is enabled and this is not specified, a label will be automatically generated if not specified. Optional.
shm_size: Option<i64>ShmSize is the size of the tmpfs to mount in at /dev/shm, in bytes. Conflicts with ShmSize if IpcNS is not private. Optional.
stdin: Option<bool>Stdin is whether the container will keep its STDIN open.
stop_signal: Option<i64>§stop_timeout: Option<u64>StopTimeout is a timeout between the container’s stop signal being sent and SIGKILL being sent. If not provided, the default will be used. If 0 is used, stop signal will not be sent, and SIGKILL will be sent instead. Optional.
storage_opts: Option<HashMap<String, String>>StorageOpts is the container’s storage options Optional.
sysctl: Option<HashMap<String, String>>Sysctl sets kernel parameters for the container
systemd: Option<String>Systemd is whether the container will be started in systemd mode. Valid options are “true”, “false”, and “always”. “true” enables this mode only if the binary run in the container is sbin/init or systemd. “always” unconditionally enables systemd mode. “false” unconditionally disables systemd mode. If enabled, mounts and stop signal will be modified. If set to “always” or set to “true” and conditionally triggered, conflicts with StopSignal. If not specified, “false” will be assumed. Optional.
terminal: Option<bool>Terminal is whether the container will create a PTY. Optional.
throttle_read_bps_device: Option<HashMap<String, LinuxThrottleDevice>>IO read rate limit per cgroup per device, bytes per second
throttle_read_iops_device: Option<HashMap<String, LinuxThrottleDevice>>IO read rate limit per cgroup per device, IO per second
throttle_write_bps_device: Option<HashMap<String, LinuxThrottleDevice>>IO write rate limit per cgroup per device, bytes per second
throttle_write_iops_device: Option<HashMap<String, LinuxThrottleDevice>>IO write rate limit per cgroup per device, IO per second
timeout: Option<u64>Timeout is a maximum time in seconds the container will run before main process is sent SIGKILL. If 0 is used, signal will not be sent. Container can run indefinitely Optional.
timezone: Option<String>Timezone is the timezone inside the container. Local means it has the same timezone as the host machine Optional.
umask: Option<String>Umask is the umask the init process of the container will be run with.
unified: Option<HashMap<String, String>>CgroupConf are key-value options passed into the container runtime that are used to configure cgroup v2. Optional.
unmask: Option<Vec<String>>Unmask is the path we want to unmask in the container. To override all the default paths that are masked, set unmask=ALL.
unsetenv: Option<Vec<String>>UnsetEnv unsets the specified default environment variables from the image or from buildin or containers.conf Optional.
unsetenvall: Option<bool>UnsetEnvAll unsetall default environment variables from the image or from buildin or containers.conf UnsetEnvAll unsets all default environment variables from the image or from buildin Optional.
use_image_hosts: Option<bool>UseImageHosts indicates that /etc/hosts should not be managed by Podman, and instead sourced from the image. Conflicts with HostAdd. Do not set omitempty here, if this is false it should be set to not get the server default. Ideally this would be a pointer so we could differentiate between an explicitly false/true and unset (containers.conf default). However specgen is stable so we can not change this right now. TODO (5.0): change to pointer
use_image_resolve_conf: Option<bool>UseImageResolvConf indicates that resolv.conf should not be managed by Podman, but instead sourced from the image. Conflicts with DNSServer, DNSSearch, DNSOption.
user: Option<String>User is the user the container will be run as. Can be given as a UID or a username; if a username, it will be resolved within the container, using the container’s /etc/passwd. If unset, the container will be run as root. Optional.
userns: Option<Namespace>§utsns: Option<Namespace>§volatile: Option<bool>Volatile specifies whether the container storage can be optimized at the cost of not syncing all the dirty files in memory.
volumes: Option<Vec<NamedVolume>>Volumes are named volumes that will be added to the container. These will supersede Image Volumes and VolumesFrom volumes where there are conflicts. Optional.
volumes_from: Option<Vec<String>>VolumesFrom is a set of containers whose volumes will be added to this container. The name or ID of the container must be provided, and may optionally be followed by a : and then one or more comma-separated options. Valid options are ‘ro’, ‘rw’, and ‘z’. Options will be used for all volumes sourced from the container.
weight_device: Option<HashMap<String, LinuxWeightDevice>>Weight per cgroup per device, can override BlkioWeight
work_dir: Option<String>WorkDir is the container’s working directory. If unset, the default, /, will be used. Optional.