lunar (1) podman-play-kube.1.gz

Provided by: podman_3.4.4+ds1-1ubuntu1_amd64 bug

NAME

       podman-play-kube - Create containers, pods or volumes based on Kubernetes YAML

SYNOPSIS

       podman play kube [options] file.yml|-

DESCRIPTION

       podman play kube will read in a structured file of Kubernetes YAML.  It will then recreate
       the containers, pods or volumes described in the YAML.  Containers within a pod  are  then
       started  and  the  ID  of the new Pod or the name of the new Volume is output. If the yaml
       file is specified as "-" then podman play kube will read the YAML file from stdin.   Using
       the  --down  command line option, it is also capable of tearing down the pods created by a
       previous run of podman play kube.  Ideally the input file would be one created  by  Podman
       (see podman-generate-kube(1)).  This would guarantee a smooth import and expected results.

       Currently,  the supported Kubernetes kinds are: - Pod - Deployment - PersistentVolumeClaim
       - ConfigMap

       Kubernetes Pods or Deployments

       Only two volume types are supported by play kube, the hostPath  and  persistentVolumeClaim
       volume  types. For the hostPath volume type, only the  default (empty), DirectoryOrCreate,
       Directory, FileOrCreate, File, and Socket  subtypes  are  supported.  The  CharDevice  and
       BlockDevice  subtypes are not supported. Podman interprets the value of hostPath path as a
       file path when it contains at least one forward slash, otherwise Podman treats  the  value
       as the name of a named volume. When using a persistentVolumeClaim, the value for claimName
       is the name for the Podman named volume.

       Note: When playing a kube YAML with init containers, the init container  will  be  created
       with init type value always.

       Note:  hostPath  volume  types created by play kube will be given an SELinux private label
       (Z)

       Note: If the :latest tag is used, Podman will attempt to pull the image from  a  registry.
       If  the  image  was  built  locally  with Podman or Buildah, it will have localhost as the
       domain, in that case, Podman will use the image from the local store even if  it  has  the
       :latest tag.

       Kubernetes PersistentVolumeClaims

       A   Kubernetes   PersistentVolumeClaim   represents   a  Podman  named  volume.  Only  the
       PersistentVolumeClaim  name  is  required  by  Podman  to  create  a  volume.   Kubernetes
       annotations can be used to make use of the available options for Podman volumes.

              • volume.podman.io/driver

              • volume.podman.io/device

              • volume.podman.io/type

              • volume.podman.io/uid

              • volume.podman.io/gid

              • volume.podman.io/mount-options

       Play  kube is capable of building images on the fly given the correct directory layout and
       Containerfiles. This option  is  not  available  for  remote  clients  yet.  Consider  the
       following excerpt from a YAML file:

              apiVersion: v1
              kind: Pod
              metadata:
              spec:
                containers:
                - command:
                  - top
                  - name: container
                    value: podman
                  image: foobar

       If  there  is  a directory named foobar in the current working directory with a file named
       Containerfile or Dockerfile, Podman play kube will build that image and  name  it  foobar.
       An example directory structure for this example would look like:

              |- mykubefiles
                  |- myplayfile.yaml
                  |- foobar
                       |- Containerfile

       The  build  will consider foobar to be the context directory for the build. If there is an
       image in local storage called foobar, the image will not be built unless the --build  flag
       is used.

       Kubernetes ConfigMap

       Kubernetes  ConfigMap  can  be  referred  as  a source of environment variables in Pods or
       Deployments.

       For example ConfigMap defined in following YAML:

              apiVersion: v1
              kind: ConfigMap
              metadata:
                name: foo
              data:
                  FOO: bar

       can be referred in a Pod in following way:

              apiVersion: v1
              kind: Pod
              metadata:
              spec:
                containers:
                - command:
                  - top
                  name: container-1
                  image: foobar
                  envFrom:
                    - configMapRef:
                    name: foo
                    optional: false

       and as a result environment variable FOO will be set to bar for container container-1.

OPTIONS

   --authfile=path
       Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json, which
       is   set   using   podman   login.   If  the  authorization  state  is  not  found  there,
       $HOME/.docker/config.json is checked, which is set using docker login.

       Note: You can also override the default path of the authentication  file  by  setting  the
       REGISTRY_AUTH_FILE environment variable. export REGISTRY_AUTH_FILE=path

   --build
       Build images even if they are found in the local storage.

   --cert-dir=path
       Use  certificates  at  path  (*.crt,  *.cert, *.key) to connect to the registry. (Default:
       /etc/containers/certs.d) Please refer to containers-certs.d(5) for details.  (This  option
       is not available with the remote Podman client)

   --configmap=path
       Use  Kubernetes configmap YAML at path to provide a source for environment variable values
       within the containers of the pod.

       Note: The --configmap option can be used multiple times or a comma-separated list of paths
       can be used to pass multiple Kubernetes configmap YAMLs.

   --creds
       The [username[:password]] to use to authenticate with the registry if required.  If one or
       both values are not supplied, a command line prompt will  appear  and  the  value  can  be
       entered.  The password is entered without echo.

   --down
       Tears  down  the  pods  that  were  created  by a previous run of play kube.  The pods are
       stopped and then removed.  Any volumes created are left intact.

   --ip=IP address
       Assign a static ip address to the pod. This option can be  specified  several  times  when
       play kube creates more than one pod.

   --log-driver=driver
       Set logging driver for all created containers.

   --mac-address=MAC address
       Assign  a  static  mac address to the pod. This option can be specified several times when
       play kube creates more than one pod.

   --network=mode, --net
       Change the network mode of the pod. The host and bridge network mode should be  configured
       in the yaml file.  Valid mode values are:

              • none:  Create  a network namespace for the container but do not configure network
                interfaces for it, thus the container has no network connectivity.

              • container:id: Reuse another container's network stack.

              • network: Connect to a user-defined network, multiple networks  should  be  comma-
                separated.

              • ns:path: Path to a network namespace to join.

              • private:  Create a new namespace for the container. This will use the bridge mode
                for rootfull containers and slirp4netns for rootless ones.

              • slirp4netns[:OPTIONS,...]: use slirp4netns(1) to create  a  user  network  stack.
                This  is  the  default  for  rootless containers. It is possible to specify these
                additional options:

                • allow_host_loopback=true|false:  Allow  the  slirp4netns  to  reach  the   host
                  loopback IP (10.0.2.2, which is added to /etc/hosts as host.containers.internal
                  for your convenience). Default is false.

                • mtu=MTU: Specify the MTU to use for this network. (Default is 65520).

                • cidr=CIDR: Specify ip range to use for this network. (Default is 10.0.2.0/24).

                • enable_ipv6=true|false:  Enable  IPv6.  Default   is   false.   (Required   for
                  outbound_addr6).

                • outbound_addr=INTERFACE:  Specify  the  outbound interface slirp should bind to
                  (ipv4 traffic only).

                • outbound_addr=IPv4: Specify the outbound ipv4 address slirp should bind to.

                • outbound_addr6=INTERFACE: Specify the outbound interface slirp should  bind  to
                  (ipv6 traffic only).

                • outbound_addr6=IPv6: Specify the outbound ipv6 address slirp should bind to.

                • port_handler=rootlesskit:  Use rootlesskit for port forwarding. Default.  Note:
                  Rootlesskit changes the source IP address of incoming packets to a  IP  address
                  in  the  container  network  namespace, usually 10.0.2.100. If your application
                  requires the real source IP address, e.g. web server logs, use the  slirp4netns
                  port handler. The rootlesskit port handler is also used for rootless containers
                  when connected to user-defined networks.

                • port_handler=slirp4netns: Use the slirp4netns port  forwarding,  it  is  slower
                  than rootlesskit but preserves the correct source IP address. This port handler
                  cannot be used for user-defined networks.

   --quiet, -q
       Suppress output information when pulling images

   --seccomp-profile-root=path
       Directory path for seccomp profiles (default: "/var/lib/kubelet/seccomp"). (This option is
       not available with the remote Podman client)

   --start=true|false
       Start the pod after creating it, set to false to only create it.

   --tls-verify=true|false
       Require  HTTPS  and  verify  certificates  when  contacting registries (default: true). If
       explicitly set to true, then TLS verification will be used. If  set  to  false,  then  TLS
       verification  will not be used. If not specified, TLS verification will be used unless the
       target registry is listed as an insecure registry in registries.conf.

   --help, -h
       Print usage statement

EXAMPLES

       Recreate the pod and containers as described in a file called demo.yml

              $ podman play kube demo.yml
              52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6

       Recreate the pod and containers as described in a file demo.yml sent to stdin

              $ cat demo.yml | podman play kube -
              52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6

       Teardown the pod and containers as described in a file demo.yml

              $  podman play kube --down demo.yml
              Pods stopped:
              52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
              Pods removed:
              52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6

       Provide configmap-foo.yml and  configmap-bar.yml  as  sources  for  environment  variables
       within the containers.

              $ podman play kube demo.yml --configmap configmap-foo.yml,configmap-bar.yml
              52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6

              $ podman play kube demo.yml --configmap configmap-foo.yml --configmap configmap-bar.yml
              52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6

       CNI network(s) can be specified as comma-separated list using --network

              $ podman play kube demo.yml --network cni1,cni2
              52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6

       Please  take  into  account  that CNI networks must be created first using podman-network-
       create(1).

SEE ALSO

       podman(1), podman-container(1),  podman-pod(1),  podman-generate-kube(1),  podman-play(1),
       podman-network-create(1), containers-certs.d(5)

HISTORY

       December 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)

                                                                            podman-play-kube(1)()