rkt−run − Run image(s) in a pod in rkt
rkt run [−−volume=name,kind=host,...] [−−mount volume=VOL,target=PATH] IMAGE [−− image−args...[−−−]]...
IMAGE should be a string referencing an image; either a hash, local file on disk, or URL. They will be checked in that order and the first match will be used.
Volumes are made available to the container via −−volume. Mounts bind volumes into each image’s root within the container via −−mount. −−mount is position−sensitive; occurring before any images applies to all images, occurring after any images applies only to the nearest preceding image. Per−app mounts take precedence over global ones if they have the same path.
An "−−" may be used to inhibit rkt run’s parsing of subsequent arguments, which will instead be appended to the preceding image app’s exec arguments. End the image arguments with a lone "−−−" to resume argument parsing.
−−caps−remove=
capability to remove (example: ’−−caps−remove=CAP_MKNOD’)
−−caps−retain=
capability to retain (example: ’−−caps−retain=CAP_SYS_ADMIN’)
−−cpu=
cpu limit for the preceding image (example: ’−−cpu=500m’)
−−cpu−shares=
cpu−shares assigns the specified CPU time share weight (example: ’−−cpu−shares=2048’)
−−dns=
name servers to write in /etc/resolv.conf. Pass ’host’ to use host’s resolv.conf. Pass ’none’ to ignore CNI DNS config
−−dns−domain=""
DNS domain to write in /etc/resolv.conf
−−dns−opt=
DNS options to write in /etc/resolv.conf
−−dns−search=
DNS search domains to write in /etc/resolv.conf
−−environment=
set the app’s environment variables (example: ’−−environment=foo=bar’)
−−exec=
override the exec command for the preceding image
−−group=
group override for the preceding image (example: ’−−group=group’)
−−hostname=""
pod’s hostname. If empty, it will be "rkt−$PODUUID"
−−hosts−entry=
Entries to add to the pod−wide /etc/hosts. Pass ’host’ to use the host’s /etc/hosts
−−inherit−env[=false]
inherit all environment variables not set by apps
−−interactive[=false]
run pod interactively. If true, only one image may be supplied.
−−mds−register[=false]
register pod with metadata service. needs network connectivity to the host (−−net=(default|default−restricted|host)
−−memory=
memory limit for the preceding image (example: ’−−memory=16Mi’, ’−−memory=50M’, ’−−memory=1G’)
−−mount=
mount point binding a volume to a path within an app
−−name=
set the name of the app (example: ’−−name=foo’). If not set, then the app name default to the image’s name
−−net[=default]
configure the pod’s networking. Optionally, pass a list of user−configured networks to load and set arguments to pass to each network, respectively. Syntax: −−net[=n[:args], ...]
−−no−overlay[=false]
disable overlay filesystem
−−no−store[=false]
fetch images ignoring the local store
−−oom−score−adj=
oom−score−adj isolator override
−−pod−manifest=""
the path to the pod manifest. If it’s non−empty, then only ’−−net’, ’−−no−overlay’ and ’−−interactive’ will have effect
−−port=
ports to expose on the host (requires contained network). Syntax: −−port=NAME:[HOSTIP:]HOSTPORT
−−private−users[=false]
run within user namespaces.
−−readonly−rootfs=
if set, the app’s rootfs will be mounted read−only
−−seccomp=
seccomp filter override (example: ’−−seccomp mode=retain,errno=EPERM,chmod,chown’)
−−set−env=
environment variable to set for all the apps in the form key=value, this will be overriden by −−environment
−−set−env−file=
path to an environment variables file
−−signature=
local signature file to use in validating the preceding image
−−stage1−from−dir=
filename of an image in stage1 images directory to use as stage1
−−stage1−hash=
hash of an image to use as stage1
−−stage1−name=
name of an image to use as stage1
−−stage1−path=
absolute or relative path to an image to use as stage1
−−stage1−url=
URL to an image to use as stage1
−−store−only[=false]
use only available images in the store (do not discover or download from remote URLs)
−−supplementary−gids=
supplementary group IDs override for the preceding image (examples: ’−−supplementary−gids=1024,2048’
−−user=
user override for the preceding image (example: ’−−user=user’)
−−user−annotation=
set the app’s annotations (example: ’−−user−annotation=foo=bar’)
−−user−label=
set the app’s labels (example: ’−−user−label=foo=bar’)
−−uuid−file−save=""
write out pod UUID to specified file
−−volume=
volumes to make available in the pod
−−working−dir=
override the working directory of the preceding image
−−debug[=false]
print out more debug information to stderr
−−dir=/var/lib/rkt
rkt data directory
−−insecure−options=none
comma−separated list of security features to disable. Allowed values: "none", "image", "tls", "ondisk", "http", "pubkey", "capabilities", "paths", "seccomp", "all−fetch", "all−run", "all"
−−local−config=/etc/rkt
local configuration directory
−−system−config=/usr/lib/rkt
system configuration directory
−−trust−keys−from−https[=false]
automatically trust gpg keys fetched from https
−−user−config=
user configuration directory
17−Mar−2017 Auto generated by spf13/cobra