Struct podman_api::opts::ContainerCreateOptsBuilder

source · 
pub struct ContainerCreateOptsBuilder { /* private fields */ }
Expand description

A builder struct for ContainerCreateOpts.

Implementations§

Finish building ContainerCreateOpts.

Annotations are key-value options passed into the container runtime that can be used to trigger special behavior.

ApparmorProfile is the name of the Apparmor profile the container will use.

Capabilities which will be added to the container. Conflicts with privileged.

Capabilities which will be removed from the container. Conflicts with privileged.

Set the container’s CGroup parent. If not set, the default for the current cgroup driver will be used.

Namespace to use for cgroups.

Sets a policy for how cgroups will be created in the container, including the ability to disable creation entirely.

Additional set of directories that need to be treated as root directories. Standard bind mounts will be mounted into paths relative to these directories.

Command that the container should run. If not given and Image is specified, this will be populated by the image’s configuration.

A path at which a PID file for Conmon will be placed. If not given, a default location will be used.

The command that was used to create this container. This will be returned when inspecting the container.

CPU period of the cpuset

CPU quota of the cpuset

Create the working directory if it doesn’t exist. If unset, it doesn’t create it.

An array of containers this container depends on. Dependency containers must be started before this container. Dependencies can be specified by name or full/partial ID.

DeviceCgroupRule are device cgroup rules that allow containers to use additional types of devices.

Devices are devices that will be added to the container.

A way to ensure your container inherits device specific information from another container.

A set of DNS options that will be used in the container’s resolv.conf, replacing the host’s DNS options which are used by default. Conflicts with use_image_resolv_conf.

A set of DNS search domains that will be used in the container’s resolv.conf, replacing the host’s DNS search domains which are used by default. Conflicts with use_image_resolv_conf.

A set of DNS servers that will be used in the container’s resolv.conf, replacing the host’s DNS Servers which are used by default. Conflicts with use_image_resolv_conf.

Container’s entrypoint. If not given and Image is specified, this will be populated by the image’s configuration.

A list of environment variables that will be set in the container.

Indicates that the host environment should be added to container.

Takes the specified environment variables from image and preprocess them before injecting them into the container.

Groups are a list of supplemental groups the container’s user will be granted access to.

Defines how Podman reacts when a container’s health status turns unhealthy.

Health config which holds configuration settings for the HEALTHCHECK feature, from docker/docker/api/types/container.

The bits have the same definition on all systems, so that information about files can be moved from one system to another portably. Not all bits apply to all systems. The only required bit is ModeDir for directories.

A set of hosts which will be added to the container’s etc/hosts file. Conflicts with use_image_hosts.

If not set, the hostname will not be modified (if UtsNS is not private) or will be set to the container ID (if UtsNS is private). Conflicts with UtsNS if UtsNS is not set to private.

List of host usernames or UIDs to add to the container etc/passwd file.

Indicates that the http host proxy environment variables should be added to container.

Used for specifying how ID mapping should be set up for a layer or container.

Image is the image the container will be based on. The image will be used as the container’s root filesystem, and its environment vars, volumes, and other configuration will be applied to the container. Conflicts with rootfs.

At least one of image or rootfs must be specified.

User-specified image architecture

User-specified image OS

User-specified image variant

Indicates how image volumes will be created. The default if unset is anonymous.

Image volumes bind-mount a container-image mount into the container.

Specifies that an init binary will be mounted into the container, and will be used as PID1.

Describes if this container is an init container and if so, what type: always or once.

Specifies the path to the init binary that will be added if init is specified above. If not specified, the default set in the Libpod config will be used. Ignored if init is not set.

Namespace to use for IPC.

A list of labels that will be assigned to the container.

Logging configuration for the container.

Container run option that determines if we are validating users/groups before running the container.

The path we want to mask in the container. This masks the paths given in addition to the default list.

Mounts that will be added to the container. These will supersede image_volumes and volumes_from volumes where there are conflicts.

The name the container will be given. If no name is provided, one will be randomly generated.

The libpod namespace the container will be placed in.

Namespace to use for network.

Additional options for each network.

Map of networks names or ids that the container should join. You can request additional settings for each network, you can set network aliases, static ips, static mac address and the network interface name for this container on the specific network. If the map is empty and the bridge network mode is set the container will be joined to the default network.

Whether the container will set the no new privileges flag on create, which disables gaining additional privileges (e.g. via setuid) in the container.

The name of the OCI runtime that will be used to create the container. If not specified, the default will be used.

Adjusts the score used by the OOM killer to determine processes to kill for the container’s process.

Overlay volumes are named volumes that will be added to the container.

source

pub fn passwd_entry(self, passwd_entry: impl Serialize) -> Self

Specifies arbitrary data to append to a file.

Specify the Linux personality syscall input.

Namespace to use for pids.

ID of the pod the container should join.

Set of ports to map into the container. Only available if NetNS is set to bridge or slirp.

Whether the container is privileged. Privileged does the following: Adds all devices on the system to the container. Adds all capabilities to the container. Disables Seccomp, SELinux, and Apparmor confinement. (Though SELinux can be manually re-enabled).

The options used for the proc mount.

If set to true the ports specified in the image will be published to random unused ports (guaranteed to be above 1024) on the host. This is based on ports set in Expose below, and any ports specified by the Image (if one is given). Only available if net_namespace is set to Bridge or Slirp.

Rlimits are POSIX rlimits to apply to the container. Optional.

The user-specified and unprocessed input referring to a local or a remote image.

If set to true everything will be mounted as read-only.

If set to true the container will be removed upon exitting.

Set the container runtime resource contstraints.

An action which will be taken when the container exits. If not given, the default policy, which does nothing, will be used.

The number of attempts that will be made to restart the container. Only available when restart_policy is set to on-failure.

The path to a directory that will be used as the container’s root filesystem. No modification will be made to the directory, it will be directly mounted into the container as root. Conflicts with image.

At least one of image or rootfs must be specified.

Tells if rootfs is actuall an overlay on top of base path.

The rootfs propagation mode for the container. If not set, the default of rslave will be used.

Determine how to handle NOTIFY_SOCKET.

Determines which seccomp profile gets applied the container.

The path to a JSON file containing the container’s Seccomp profile. If not specified, no Seccomp profile will be used.

A list of secrets that will be set as environment variables.

Secrets are the secrets that will be added to the container.

The process label the container will use. if SELinux is enabled and this is not specified, a label will be automatically generated if not specified.

The size of the tmpfs to mount in at /dev/shm, in bytes.

Whether the container should keep it’s STDIN open.

A number describing a process signal.

A timeout between the container’s stop signal being sent and SIGKILL being sent. If not provided, the default will be used. If 0 is used, stop signal will not be sent, and SIGKILL will be sent instead.

A list of container’s storage options.

A list of kernel parameters to set in the container.

Whether the container will create a PTY.

IO read rate limit per cgroup per device, bytes per second

IO read rate limit per cgroup per device, IO per second

IO write rate limit per cgroup per device, bytes per second

IO write rate limit per cgroup per device, IO per second

A maximum time in seconds the container will run before main process is sent SIGKILL. If 0 is used, signal will not be sent.

The timezone inside the container. Local means it has the same timezone as the host machine.

The umask the init process of the container will be run with.

A list of key-value options passed into the container runtime that are used to configure cgroup v2.

The path we want to unmask in the container. To override all the default paths that are masked, set unmask=ALL.

A list of environment variables to unset if specified in the image or from buildin or containers.conf

If true all environment variables from the image or from buldin or containers.conf will get unset.

Indicates that /etc/hosts should not be managed by Podman, and instead sourced from the image. Conflicts with hosts_add.

Indicates that /etc/hosts should not be managed by Podman, and instead sourced from the image. Conflicts with dns_server, dns_search, dns_option.

The user the container will be run as. Can be given as a UID or a username; if a username, it will be resolved within the container, using the container’s /etc/passwd. If unset, the container will be run as root.

Namespace to use for users.

Namespace to use for uts.

Specifies whether the container storage can be optimized at the cost of not syncing all the dirty files in memory.

Specifies the container volume to use with this container.

Set of containers whose volumes will be added to this container. The name or ID of the container must be provided, and may optionally be followed by a : and then one or more comma-separated options. Valid options are ‘ro’, ‘rw’, and ‘z’. Options will be used for all volumes sourced from the container.

Weight per cgroup per device.

Override the container’s working directory. If unset, the default, /, will be used.

Trait Implementations§

Returns a copy of the value. Read more
Performs copy-assignment from source. Read more
Formats the value using the given formatter. Read more
Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

The resulting type after obtaining ownership.
Creates owned data from borrowed data, usually by cloning. Read more
Uses borrowed data to replace owned data, usually by cloning. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.
Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more