Class: PodmanContainer
Podman container
URI: containers:PodmanContainer
classDiagram
class PodmanContainer
IacModule <|-- PodmanContainer
PodmanContainer : annotation
PodmanContainer ..> MetaObject : annotation
PodmanContainer : authfile
PodmanContainer ..> string : authfile
PodmanContainer : blkio_weight
PodmanContainer ..> integer : blkio_weight
PodmanContainer : blkio_weight_device
PodmanContainer ..> MetaObject : blkio_weight_device
PodmanContainer : cap_add
PodmanContainer ..> string : cap_add
PodmanContainer : cap_drop
PodmanContainer ..> string : cap_drop
PodmanContainer : cgroup_parent
PodmanContainer ..> string : cgroup_parent
PodmanContainer : cgroupns
PodmanContainer ..> string : cgroupns
PodmanContainer : cgroups
PodmanContainer ..> string : cgroups
PodmanContainer : cidfile
PodmanContainer ..> string : cidfile
PodmanContainer : cmd_args
PodmanContainer ..> string : cmd_args
PodmanContainer : command
PodmanContainer ..> string : command
PodmanContainer : conmon_pidfile
PodmanContainer ..> string : conmon_pidfile
PodmanContainer : cpu_period
PodmanContainer ..> integer : cpu_period
PodmanContainer : cpu_rt_period
PodmanContainer ..> integer : cpu_rt_period
PodmanContainer : cpu_rt_runtime
PodmanContainer ..> integer : cpu_rt_runtime
PodmanContainer : cpu_shares
PodmanContainer ..> integer : cpu_shares
PodmanContainer : cpus
PodmanContainer ..> string : cpus
PodmanContainer : cpuset_cpus
PodmanContainer ..> string : cpuset_cpus
PodmanContainer : cpuset_mems
PodmanContainer ..> string : cpuset_mems
PodmanContainer : debug
PodmanContainer ..> boolean : debug
PodmanContainer : detach
PodmanContainer ..> boolean : detach
PodmanContainer : detach_keys
PodmanContainer ..> string : detach_keys
PodmanContainer : device
PodmanContainer ..> string : device
PodmanContainer : device_read_bps
PodmanContainer ..> string : device_read_bps
PodmanContainer : device_read_iops
PodmanContainer ..> string : device_read_iops
PodmanContainer : device_write_bps
PodmanContainer ..> string : device_write_bps
PodmanContainer : device_write_iops
PodmanContainer ..> string : device_write_iops
PodmanContainer : dns
PodmanContainer ..> string : dns
PodmanContainer : dns_option
PodmanContainer ..> string : dns_option
PodmanContainer : dns_search
PodmanContainer ..> string : dns_search
PodmanContainer : entrypoint
PodmanContainer ..> string : entrypoint
PodmanContainer : env
PodmanContainer ..> MetaObject : env
PodmanContainer : env_file
PodmanContainer ..> string : env_file
PodmanContainer : env_host
PodmanContainer ..> boolean : env_host
PodmanContainer : etc_hosts
PodmanContainer ..> MetaObject : etc_hosts
PodmanContainer : executable
PodmanContainer ..> string : executable
PodmanContainer : expose
PodmanContainer ..> string : expose
PodmanContainer : force_restart
PodmanContainer ..> boolean : force_restart
PodmanContainer : generate_systemd
PodmanContainer ..> MetaObject : generate_systemd
PodmanContainer : gidmap
PodmanContainer ..> string : gidmap
PodmanContainer : group_add
PodmanContainer ..> string : group_add
PodmanContainer : healthcheck
PodmanContainer ..> string : healthcheck
PodmanContainer : healthcheck_interval
PodmanContainer ..> string : healthcheck_interval
PodmanContainer : healthcheck_retries
PodmanContainer ..> integer : healthcheck_retries
PodmanContainer : healthcheck_start_period
PodmanContainer ..> string : healthcheck_start_period
PodmanContainer : healthcheck_timeout
PodmanContainer ..> string : healthcheck_timeout
PodmanContainer : hostname
PodmanContainer ..> string : hostname
PodmanContainer : http_proxy
PodmanContainer ..> boolean : http_proxy
PodmanContainer : image_strict
PodmanContainer ..> boolean : image_strict
PodmanContainer : image_volume
PodmanContainer ..> ContainerImageVolumeEnum : image_volume
PodmanContainer : init
PodmanContainer ..> boolean : init
PodmanContainer : init_path
PodmanContainer ..> string : init_path
PodmanContainer : interactive
PodmanContainer ..> boolean : interactive
PodmanContainer : ip
PodmanContainer ..> string : ip
PodmanContainer : ipc
PodmanContainer ..> string : ipc
PodmanContainer : kernel_memory
PodmanContainer ..> string : kernel_memory
PodmanContainer : label
PodmanContainer ..> MetaObject : label
PodmanContainer : label_file
PodmanContainer ..> string : label_file
PodmanContainer : log_driver
PodmanContainer ..> ContainerLogDriverEnum : log_driver
PodmanContainer : log_level
PodmanContainer ..> ContainerLogLevelEnum : log_level
PodmanContainer : log_opt
PodmanContainer ..> MetaObject : log_opt
PodmanContainer : mac_address
PodmanContainer ..> string : mac_address
PodmanContainer : memory
PodmanContainer ..> string : memory
PodmanContainer : memory_reservation
PodmanContainer ..> string : memory_reservation
PodmanContainer : memory_swap
PodmanContainer ..> string : memory_swap
PodmanContainer : memory_swappiness
PodmanContainer ..> integer : memory_swappiness
PodmanContainer : mount
PodmanContainer ..> string : mount
PodmanContainer : name
PodmanContainer ..> label type : name
PodmanContainer : network
PodmanContainer ..> string : network
PodmanContainer : network_aliases
PodmanContainer ..> string : network_aliases
PodmanContainer : no_hosts
PodmanContainer ..> boolean : no_hosts
PodmanContainer : oom_kill_disable
PodmanContainer ..> boolean : oom_kill_disable
PodmanContainer : oom_score_adj
PodmanContainer ..> integer : oom_score_adj
PodmanContainer : pid
PodmanContainer ..> string : pid
PodmanContainer : pids_limit
PodmanContainer ..> integer : pids_limit
PodmanContainer : pod
PodmanContainer ..> string : pod
PodmanContainer : privileged
PodmanContainer ..> boolean : privileged
PodmanContainer : publish
PodmanContainer ..> string : publish
PodmanContainer : publish_all
PodmanContainer ..> boolean : publish_all
PodmanContainer : read_only
PodmanContainer ..> boolean : read_only
PodmanContainer : read_only_tmpfs
PodmanContainer ..> boolean : read_only_tmpfs
PodmanContainer : recreate
PodmanContainer ..> boolean : recreate
PodmanContainer : requires
PodmanContainer ..> string : requires
PodmanContainer : restart_policy
PodmanContainer ..> string : restart_policy
PodmanContainer : rm
PodmanContainer ..> boolean : rm
PodmanContainer : rootfs
PodmanContainer ..> boolean : rootfs
PodmanContainer : sdnotify
PodmanContainer ..> string : sdnotify
PodmanContainer : secrets
PodmanContainer ..> string : secrets
PodmanContainer : security_opt
PodmanContainer ..> string : security_opt
PodmanContainer : shm_size
PodmanContainer ..> string : shm_size
PodmanContainer : sig_proxy
PodmanContainer ..> boolean : sig_proxy
PodmanContainer : state
PodmanContainer ..> ContainerStateEnum : state
PodmanContainer : stop_signal
PodmanContainer ..> integer : stop_signal
PodmanContainer : stop_timeout
PodmanContainer ..> integer : stop_timeout
PodmanContainer : subgidname
PodmanContainer ..> string : subgidname
PodmanContainer : subuidname
PodmanContainer ..> string : subuidname
PodmanContainer : sysctl
PodmanContainer ..> MetaObject : sysctl
PodmanContainer : systemd
PodmanContainer ..> string : systemd
PodmanContainer : timezone
PodmanContainer ..> string : timezone
PodmanContainer : tmpfs
PodmanContainer ..> MetaObject : tmpfs
PodmanContainer : tty
PodmanContainer ..> boolean : tty
PodmanContainer : uidmap
PodmanContainer ..> string : uidmap
PodmanContainer : ulimit
PodmanContainer ..> string : ulimit
PodmanContainer : user
PodmanContainer ..> string : user
PodmanContainer : userns
PodmanContainer ..> string : userns
PodmanContainer : uts
PodmanContainer ..> string : uts
PodmanContainer : volume
PodmanContainer ..> string : volume
PodmanContainer : volumes_from
PodmanContainer ..> string : volumes_from
PodmanContainer : workdir
PodmanContainer ..> string : workdir
Inheritance
- IacModule
- PodmanContainer
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| state | 0..1 xsd:string |
The way something is with respect to its main attributes | direct |
| annotation | 0..1 xsd:string |
piece of metadata attached to a document or other entity | direct |
| authfile | 0..1 xsd:string |
A file used for authentication | direct |
| blkio_weight | 0..1 xsd:integer |
Specifies per cgroup weight | direct |
| blkio_weight_device | 0..* xsd:string |
Per cgroup per device rules using this interface | direct |
| cap_add | 0..* xsd:string |
List of capabilities to add to OCI container | direct |
| cap_drop | 0..* xsd:string |
List of capabilities to drop from OCI container | direct |
| cgroup_parent | 0..1 xsd:string |
On creation, all processes are put in the cgroup that the parent process belo... | direct |
| cgroupns | 0..1 xsd:string |
cgroup namespace provides a mechanism to virtualize the view of the "/proc/$P... | direct |
| cgroups | 0..1 xsd:string |
Resource limit method in Linux | direct |
| cidfile | 0..1 xsd:string |
Write the container ID to the file | direct |
| cmd_args | 0..* xsd:string |
Additional data that was passed as an argument to a subroutine | direct |
| conmon_pidfile | 0..1 xsd:string |
File to which the conman daemon's PID is written | direct |
| command | 0..1 xsd:string |
Directive to a computer program | direct |
| cpu_period | 0..1 xsd:integer |
Configure CPU allocation parameters using platform realtime scheduler | direct |
| cpu_rt_period | 0..1 xsd:integer |
Configure CPU allocation parameters using platform realtime scheduler | direct |
| cpu_rt_runtime | 0..1 xsd:integer |
A global limit on how much time platform realtime scheduling may use | direct |
| cpu_shares | 0..1 xsd:integer |
Control how much CPU time a process in a hierarchy can use | direct |
| cpus | 0..1 xsd:string |
Number of CPUs | direct |
| cpuset_cpus | 0..1 xsd:string |
CPUs in which to allow execution (0-3, 0,1) | direct |
| cpuset_mems | 0..1 xsd:string |
Memory nodes (MEMs) in which to allow execution (0-3, 0,1) on NUMA systems | direct |
| detach | 0..1 xsd:string |
Separate one entity to form another entity | direct |
| debug | 0..1 xsd:string |
Return additional information which can be helpful for investigations | direct |
| detach_keys | 0..1 xsd:string |
Override the key sequence for detaching a container | direct |
| device | 0..1 xsd:string |
System device | direct |
| device_read_bps | 0..1 xsd:string |
Limit read rate (bytes per second) from a device | direct |
| device_read_iops | 0..1 xsd:string |
Limit read rate (IO per second) from a device | direct |
| device_write_bps | 0..1 xsd:string |
Limit write rate (bytes per second) to a device | direct |
| device_write_iops | 0..1 xsd:string |
Limit write rate (IO per second) to a device | direct |
| dns | 0..* xsd:string |
Domain name service servers | direct |
| dns_option | 0..1 xsd:string |
DNS options | direct |
| dns_search | 0..1 xsd:string |
DNS search domains | direct |
| entrypoint | 0..1 xsd:string |
Point in a computer program where instruction-execution begins | direct |
| env | 0..1 xsd:string |
Set environment variables | direct |
| env_file | 0..1 xsd:string |
Line delimited file of environment variables | direct |
| env_host | 0..1 xsd:string |
Environment variables for a host | direct |
| etc_hosts | 0..1 xsd:string |
Computer configuration file to map hostnames to IP addresses | direct |
| expose | 0..1 xsd:string |
To present to view; exhibit; display | direct |
| force_restart | 0..1 xsd:boolean |
Force restart of entity | direct |
| generate_systemd | 0..1 MetaObject |
Generate systemd unit file for a service | direct |
| gidmap | 0..* xsd:string |
Group id mapping | direct |
| group_add | 0..* xsd:string |
Add additional groups | direct |
| healthcheck | 0..1 xsd:string |
Set or alter a healthcheck command | direct |
| healthcheck_interval | 0..1 xsd:string |
Set an interval for the healthchecks | direct |
| healthcheck_retries | 0..1 xsd:integer |
The number of retries allowed before a healthcheck is considered unhealthy | direct |
| healthcheck_start_period | 0..1 xsd:string |
The initialization time needed for a container to bootstrap | direct |
| healthcheck_timeout | 0..1 xsd:string |
The maximum time allowed to complete the healthcheck before an interval is co... | direct |
| hostname | 0..1 xsd:string |
label assigned to a device connected to a computer network | direct |
| http_proxy | 0..1 xsd:string |
The https_proxy environment variable holds the hostname or IP address of your... | direct |
| image_volume | 0..1 xsd:string |
Volume created from an Image | direct |
| image_strict | 0..1 xsd:boolean |
Whether to compare images in idempotency by taking into account a full name w... | direct |
| init | 0..1 xsd:string |
UNIX system component; 1st process started during booting of the computer sys... | direct |
| init_path | 0..1 xsd:string |
Path to the init binary | direct |
| interactive | 0..1 xsd:boolean |
Allow flow of information between a computer and a computer-user; responding ... | direct |
| ip | 0..1 xsd:string |
Principal communications protocol used for relaying datagrams (also known as ... | direct |
| ipc | 0..1 xsd:string |
Mechanisms an operating system provides allowing processes to manage shared d... | direct |
| kernel_memory | 0..1 xsd:string |
The kernel has full access to the system's memory and allows processes to saf... | direct |
| label | 0..1 xsd:string |
Word or phrase used for identification | direct |
| label_file | 0..1 xsd:string |
Line delimited file of labels | direct |
| log_driver | 0..1 xsd:string |
Driver used for logging | direct |
| log_level | 0..1 xsd:string |
Message logging level | direct |
| log_opt | 0..1 MetaObject |
Logging driver specific options | direct |
| mac_address | 0..1 xsd:string |
Unique identifier assigned to network interfaces for communications on the ph... | direct |
| memory | 0..1 xsd:string |
Storage of digital data readable by computers | direct |
| memory_reservation | 0..1 xsd:string |
A memory reservation ensures that even as other virtual devices on the same h... | direct |
| memory_swap | 0..1 xsd:string |
Memory management scheme by which a computer stores and retrieves data from s... | direct |
| memory_swappiness | 0..1 xsd:integer |
Swappiness is a Linux kernel parameter that controls the relative weight give... | direct |
| mount | 0..* xsd:string |
Directory over which a filesystem is mounted | direct |
| name | 0..1 LabelType |
A human-readable name for an attribute or entity | direct |
| network | 0..1 xsd:string |
Network that allows computers to share resources and communicate with each ot... | direct |
| network_aliases | 0..* xsd:string |
Add network-scoped alias | direct |
| no_hosts | 0..1 xsd:boolean |
Do not create /etc/hosts | direct |
| oom_kill_disable | 0..1 xsd:boolean |
Whether to disable OOM Killer for the entity or not | direct |
| oom_score_adj | 0..1 xsd:integer |
Tune the host's OOM preferences for entity (accepts -1000 to 1000) | direct |
| pid | 0..1 xsd:string |
number to identify each process running on a computer | direct |
| pids_limit | 0..1 xsd:integer |
Tune the entity's PIDs limit | direct |
| pod | 0..1 xsd:string |
Vessel that contains seeds for an entity | direct |
| privileged | 0..1 xsd:boolean |
Delegated authority to perform security-relevant functions on a system | direct |
| publish | 0..* xsd:string |
Publish things to make something externally available | direct |
| publish_all | 0..1 xsd:boolean |
Publish all exposed ports to random ports on the host interfaces | direct |
| read_only | 0..1 xsd:boolean |
Can be accessed but not modified | direct |
| read_only_tmpfs | 0..1 xsd:boolean |
If container is running in --read-only mode, then mount a read-write tmpfs on... | direct |
| recreate | 0..1 xsd:boolean |
Create again | direct |
| requires | 0..* xsd:string |
Specify one or more requirements | direct |
| restart_policy | 0..1 xsd:string |
Restart policy to follow when entity exits | direct |
| rm | 0..1 xsd:boolean |
Automatically remove the entity when it exits | direct |
| rootfs | 0..1 xsd:string |
Root filesystem at the top of the hierarchical file tree (also known as ‘/’) | direct |
| sdnotify | 0..1 xsd:string |
Notify service manager about start-up completion and other service status cha... | direct |
| secrets | 0..* xsd:string |
information that is hidden from someone | direct |
| security_opt | 0..* xsd:string |
Security Options | direct |
| shm_size | 0..1 xsd:string |
Size of /dev/shm | direct |
| sig_proxy | 0..1 xsd:string |
Proxy signals | direct |
| stop_signal | 0..1 xsd:integer |
Signal to stop a process | direct |
| stop_timeout | 0..1 xsd:integer |
Timeout (in seconds) to stop a process | direct |
| state | 0..1 xsd:string |
The way something is with respect to its main attributes | direct |
| subgidname | 0..1 xsd:string |
Name from /etc/subgid | direct |
| subuidname | 0..1 xsd:string |
Name from /etc/subuid | direct |
| sysctl | 0..1 xsd:string |
Unix-like software that manages kernel attributes | direct |
| systemd | 0..1 xsd:string |
Init system and system/service manager for Linux systems | direct |
| timezone | 0..1 xsd:string |
Region on Earth that has a uniform standard time for legal, commercial, and s... | direct |
| tmpfs | 0..1 xsd:string |
Tmpfs (short for Temporary File System) is a temporary file storage paradigm ... | direct |
| tty | 0..1 xsd:string |
Device for transmitting messages in written form by electrical signals | direct |
| uidmap | 0..1 xsd:string |
Run the container in a new user namespace using the supplied mapping | direct |
| ulimit | 0..1 xsd:string |
User limits - limit the use of system-wide resources | direct |
| user | 0..1 xsd:string |
Person who interacts with a system, typically through an interface, to extrac... | direct |
| userns | 0..1 xsd:string |
User namespaces are an isolation feature allowing processes to run with diffe... | direct |
| uts | 0..1 xsd:string |
UTS (UNIX Time-Sharing) namespaces allow a single system to appear to have di... | direct |
| volume | 0..1 xsd:string |
volume of a book or music release in a collection/series or a published colle... | direct |
| volumes_from | 0..* xsd:string |
Mount volumes from the specified source | direct |
| workdir | 0..1 xsd:string |
The currently used hierarchical file system directory associated with a runni... | direct |
| executable | 0..1 xsd:string |
Path to podman executable if it is not in the $PATH on the machine running po... | IacModule |
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ucs-containers
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | containers:PodmanContainer |
| native | containers:PodmanContainer |
LinkML Source
Direct
name: PodmanContainer
description: Podman container
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
is_a: IacModule
slots:
- state
- annotation
- authfile
- blkio_weight
- blkio_weight_device
- cap_add
- cap_drop
- cgroup_parent
- cgroupns
- cgroups
- cidfile
- cmd_args
- conmon_pidfile
- command
- cpu_period
- cpu_rt_period
- cpu_rt_runtime
- cpu_shares
- cpus
- cpuset_cpus
- cpuset_mems
- detach
- debug
- detach_keys
- device
- device_read_bps
- device_read_iops
- device_write_bps
- device_write_iops
- dns
- dns_option
- dns_search
- entrypoint
- env
- env_file
- env_host
- etc_hosts
- expose
- force_restart
- generate_systemd
- gidmap
- group_add
- healthcheck
- healthcheck_interval
- healthcheck_retries
- healthcheck_start_period
- healthcheck_timeout
- hostname
- http_proxy
- image_volume
- image_strict
- init
- init_path
- interactive
- ip
- ipc
- kernel_memory
- label
- label_file
- log_driver
- log_level
- log_opt
- mac_address
- memory
- memory_reservation
- memory_swap
- memory_swappiness
- mount
- name
- network
- network_aliases
- no_hosts
- oom_kill_disable
- oom_score_adj
- pid
- pids_limit
- pod
- privileged
- publish
- publish_all
- read_only
- read_only_tmpfs
- recreate
- requires
- restart_policy
- rm
- rootfs
- sdnotify
- secrets
- security_opt
- shm_size
- sig_proxy
- stop_signal
- stop_timeout
- state
- subgidname
- subuidname
- sysctl
- systemd
- timezone
- tmpfs
- tty
- uidmap
- ulimit
- user
- userns
- uts
- volume
- volumes_from
- workdir
slot_usage:
annotation:
name: annotation
description: Add an annotation to the container. The format is key value, multiple
times.
domain_of:
- PodmanContainer
range: MetaObject
authfile:
name: authfile
description: Path of the authentication file. Default is ``${XDG_RUNTIME_DIR}/containers/auth.json``
(Not available for remote commands) You can also override the default path of
the authentication file by setting the ``REGISTRY_AUTH_FILE`` environment variable.
``export REGISTRY_AUTH_FILE=path``
domain_of:
- PodmanContainer
- PodmanLogin
- PodmanLogout
- PodmanPlay
blkio_weight:
name: blkio_weight
description: 'Block IO weight (relative weight) accepts a weight value between
10 and 1000 minimum_value: 10'
domain_of:
- PodmanContainer
range: integer
maximum_value: 1000
blkio_weight_device:
name: blkio_weight_device
description: Block IO weight (relative device weight, format DEVICE_NAME[:]WEIGHT).
domain_of:
- PodmanContainer
range: MetaObject
cap_add:
name: cap_add
description: List of capabilities to add to the container.
aliases:
- capabilities
multivalued: true
domain_of:
- PodmanContainer
cap_drop:
name: cap_drop
description: List of capabilities to drop from the container.
multivalued: true
domain_of:
- PodmanContainer
cgroup_parent:
name: cgroup_parent
description: Path to cgroups under which the cgroup for the container will be
created. If the path is not absolute, the path is considered to be relative
to the cgroups path of the init process. Cgroups will be created if they do
not already exist.
domain_of:
- PodmanContainer
- PodmanPod
cgroupns:
name: cgroupns
description: Path to cgroups under which the cgroup for the container will be
created.
domain_of:
- PodmanContainer
cgroups:
name: cgroups
description: Determines whether the container will create CGroups. Valid values
are enabled and disabled, which the default being enabled. The disabled option
will force the container to not create CGroups, and thus conflicts with CGroup
options cgroupns and cgroup-parent.
domain_of:
- PodmanContainer
cidfile:
name: cidfile
description: Write the container ID to the file
domain_of:
- PodmanContainer
cmd_args:
name: cmd_args
description: Any additional command options you want to pass to podman command,
cmd_args - [’–other-param’, ‘value’] Be aware module doesn’t support idempotency
if this is set.
multivalued: true
domain_of:
- PodmanContainer
command:
name: command
description: Override command of container. Can be a string or a list.
multivalued: true
domain_of:
- PodmanContainer
conmon_pidfile:
name: conmon_pidfile
description: Write the pid of the conmon process to a file. conmon runs in a separate
process than Podman, so this is necessary when using systemd to restart Podman
containers.
domain_of:
- PodmanContainer
cpu_period:
name: cpu_period
description: Limit the CPU real-time period in microseconds
domain_of:
- PodmanContainer
range: integer
cpu_rt_period:
name: cpu_rt_period
description: Limit the CPU real-time period in microseconds. Limit the container’s
Real Time CPU usage. This flag tell the kernel to restrict the container’s Real
Time CPU usage to the period you specify.
domain_of:
- PodmanContainer
range: integer
cpu_rt_runtime:
name: cpu_rt_runtime
description: Limit the CPU real-time runtime in microseconds. This flag tells
the kernel to limit the amount of time in a given CPU period Real Time tasks
may consume.
domain_of:
- PodmanContainer
range: integer
cpu_shares:
name: cpu_shares
description: CPU shares (relative weight)
domain_of:
- PodmanContainer
range: integer
cpus:
name: cpus
description: Number of CPUs. The default is 0.0 which means no limit.
domain_of:
- PodmanContainer
- PodmanPod
cpuset_cpus:
name: cpuset_cpus
description: CPUs in which to allow execution (0-3, 0,1)
domain_of:
- PodmanContainer
- PodmanPod
cpuset_mems:
name: cpuset_mems
description: Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only
effective on NUMA systems.
domain_of:
- PodmanContainer
debug:
name: debug
description: Return additional information which can be helpful for investigations.
ifabsent: 'False'
domain_of:
- PodmanContainer
- PodmanContainers
- PodmanNetwork
- PodmanPlay
- PodmanPod
- PodmanVolume
range: boolean
detach:
name: detach
description: Run container in detach mode
ifabsent: 'True'
domain_of:
- PodmanContainer
range: boolean
detach_keys:
name: detach_keys
description: Override the key sequence for detaching a container. Format is a
single character or ctrl-value
domain_of:
- PodmanContainer
device:
name: device
description: Add a host device to the container. The format is <device-on-host>[:<device-on-container>][:<permissions>]
(e.g. device /dev/sdc:/dev/xvdc:rwm)
multivalued: true
domain_of:
- PodmanContainer
- PodmanPod
device_read_bps:
name: device_read_bps
description: Limit read rate (bytes per second) from a device (e.g. device-read-bps
/dev/sda:1mb)
multivalued: true
domain_of:
- PodmanContainer
- PodmanPod
device_read_iops:
name: device_read_iops
description: Limit read rate (IO per second) from a device (e.g. device-read-iops
/dev/sda:1000)
multivalued: true
domain_of:
- PodmanContainer
device_write_bps:
name: device_write_bps
description: Limit write rate (bytes per second) to a device (e.g. device-write-bps
/dev/sda:1mb)
multivalued: true
domain_of:
- PodmanContainer
device_write_iops:
name: device_write_iops
description: Limit write rate (IO per second) to a device (e.g. device-write-iops
/dev/sda:1000)
multivalued: true
domain_of:
- PodmanContainer
dns:
name: dns
description: Set custom DNS servers
aliases:
- dns_servers
multivalued: true
domain_of:
- PodmanContainer
- PodmanPod
dns_option:
name: dns_option
description: Set custom DNS options
aliases:
- dns_opts
domain_of:
- PodmanContainer
dns_search:
name: dns_search
description: Set custom DNS search domains (Use dns_search with ‘’ if you don’t
wish to set the search domain)
aliases:
- dns_search_domains
domain_of:
- PodmanContainer
- PodmanPod
entrypoint:
name: entrypoint
description: Overwrite the default ENTRYPOINT of the image
domain_of:
- PodmanContainer
env:
name: env
description: Set environment variables. This option allows you to specify arbitrary
environment variables that are available for the process that will be launched
inside of the container.
domain_of:
- PodmanContainer
- PodmanGenerateSystemd
range: MetaObject
env_file:
name: env_file
description: Read in a line delimited file of environment variables. Doesn’t support
idempotency. If users changes the file with environment variables it’s on them
to recreate the container.
domain_of:
- PodmanContainer
env_host:
name: env_host
description: Use all current host environment variables in container. Defaults
to false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
etc_hosts:
name: etc_hosts
description: Dict of host-to-IP mappings, where each host name is a key in the
dictionary. Each host name will be added to the container’s ``/etc/hosts`` file.
aliases:
- add_hosts
domain_of:
- PodmanContainer
range: MetaObject
executable:
name: executable
description: Path to podman executable if it is not in the $PATH on the machine
running podman
ifabsent: string(podman)
domain_of:
- IacModule
expose:
name: expose
description: Expose a port, or a range of ports (e.g. expose “3300-3310”) to set
up port redirection on the host system.
aliases:
- exposed
- exposed_ports
multivalued: true
domain_of:
- PodmanContainer
force_restart:
name: force_restart
description: Force restart of container.
aliases:
- restart
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
generate_systemd:
name: generate_systemd
description: Generate systemd unit file for container.
domain_of:
- PodmanContainer
- PodmanPod
range: MetaObject
gidmap:
name: gidmap
description: Run the container in a new user namespace using the supplied mapping.
multivalued: true
domain_of:
- PodmanContainer
- PodmanPod
group_add:
name: group_add
description: Add additional groups to run as
aliases:
- groups
multivalued: true
domain_of:
- PodmanContainer
healthcheck:
name: healthcheck
description: Set or alter a healthcheck command for a container.
domain_of:
- PodmanContainer
healthcheck_interval:
name: healthcheck_interval
description: Set an interval for the healthchecks (a value of disable results
in no automatic timer setup) (default “30s”)
domain_of:
- PodmanContainer
healthcheck_retries:
name: healthcheck_retries
description: The number of retries allowed before a healthcheck is considered
to be unhealthy. The default value is 3.
ifabsent: int(3)
domain_of:
- PodmanContainer
range: integer
healthcheck_start_period:
name: healthcheck_start_period
description: The initialization time needed for a container to bootstrap. The
value can be expressed in time format like 2m3s. The default value is 0s
domain_of:
- PodmanContainer
healthcheck_timeout:
name: healthcheck_timeout
description: The maximum time allowed to complete the healthcheck before an interval
is considered failed. Like start-period, the value can be expressed in a time
format such as 1m22s. The default value is 30s
domain_of:
- PodmanContainer
hostname:
name: hostname
description: Container host name. Sets the container host name that is available
inside the container.
domain_of:
- PodmanContainer
- PodmanPod
http_proxy:
name: http_proxy
description: By default proxy environment variables are passed into the container
if set for the podman process. This can be disabled by setting the http_proxy
option to false. The environment variables passed in include http_proxy, https_proxy,
ftp_proxy, no_proxy, and also the upper case versions of those. Defaults to
true
ifabsent: 'True'
domain_of:
- PodmanContainer
range: boolean
image:
name: image
description: Repository path (or image name) and tag used to create the container.
If an image is not found, the image will be pulled from the registry. If no
tag is included, latest will be used. Can also be an image ID. If this is the
case, the image is assumed to be available locally.
image_strict:
name: image_strict
description: Whether to compare images in idempotency by taking into account a
full name with registry and namespaces.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
image_volume:
name: image_volume
description: Tells podman how to handle the builtin image volumes. The options
are bind, tmpfs, or ignore (default bind)
domain_of:
- PodmanContainer
range: ContainerImageVolumeEnum
init:
name: init
description: Run an init inside the container that forwards signals and reaps
processes. The default is false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
init_path:
name: init_path
description: Path to the container-init binary.
domain_of:
- PodmanContainer
interactive:
name: interactive
description: Keep STDIN open even if not attached. The default is false. When
set to true, keep stdin open even if not attached. The default is false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
ip:
name: ip
description: Specify a static IP address for the container, for example ‘10.88.64.128’.
Can only be used if no additional CNI networks to join were specified via ‘network:’,
and if the container is not joining another container’s network namespace via
‘network container:<name|id>’. The address must be within the default CNI network’s
pool (default 10.88.0.0/16).
domain_of:
- PodmanContainer
- PodmanPod
ipc:
name: ipc
description: Default is to create a private IPC namespace (POSIX SysV IPC) for
the container
aliases:
- ipc_mode
domain_of:
- PodmanContainer
kernel_memory:
name: kernel_memory
description: Kernel memory limit (format <number>[<unit>], where unit = b, k,
m or g) Note - idempotency is supported for integers only.
domain_of:
- PodmanContainer
label:
name: label
description: Add metadata to a container, pass dictionary of label names and values
aliases:
- labels
domain_of:
- PodmanContainer
- PodmanPod
- PodmanVolume
range: MetaObject
label_file:
name: label_file
description: Read in a line delimited file of labels
domain_of:
- PodmanContainer
- PodmanPod
log_driver:
name: log_driver
description: Logging driver. Used to set the log driver for the container. For
example log_driver “k8s-file”.
domain_of:
- PodmanContainer
- PodmanPlay
range: ContainerLogDriverEnum
log_level:
name: log_level
description: Logging level for Podman. Log messages above specified level (“debug”|”info”|”warn”|”error”|”fatal”|”panic”)
(default “error”)
domain_of:
- PodmanContainer
- PodmanPlay
range: ContainerLogLevelEnum
log_opt:
name: log_opt
description: Logging driver specific options. Used to set the path to the container
log file.
aliases:
- log_options
domain_of:
- PodmanContainer
range: MetaObject
mac_address:
name: mac_address
description: Specify a MAC address for the container, for example ‘92:d0:c6:0a:29:33’.
Don’t forget that it must be unique within one Ethernet network.
domain_of:
- PodmanContainer
- PodmanPod
memory:
name: memory
description: Memory limit (format 10k, where unit = b, k, m or g) Note - idempotency
is supported for integers only.
domain_of:
- PodmanContainer
memory_reservation:
name: memory_reservation
description: Memory soft limit (format 100m, where unit = b, k, m or g) Note -
idempotency is supported for integers only.
domain_of:
- PodmanContainer
memory_swap:
name: memory_swap
description: A limit value equal to memory plus swap. Must be used with the -m
(–memory) flag. The swap LIMIT should always be larger than -m (–memory) value.
By default, the swap LIMIT will be set to double the value of –memory Note -
idempotency is supported for integers only.
domain_of:
- PodmanContainer
memory_swappiness:
name: memory_swappiness
description: Tune a container’s memory swappiness behavior. Accepts an integer
between 0 and 100.
domain_of:
- PodmanContainer
range: integer
minimum_value: 0
maximum_value: 100
mount:
name: mount
description: Attach a filesystem mount to the container. bind or tmpfs For example
mount “type=bind,source=/path/on/host,destination=/path/in/container”
aliases:
- mounts
multivalued: true
domain_of:
- PodmanContainer
name:
name: name
description: Name of the container
domain_of:
- PodmanContainer
- PodmanGenerateSystemd
- PodmanImage
- PodmanNetwork
- PodmanPod
- PodmanSecret
- PodmanVolume
- Attribute
- Entity
required: true
network:
name: network
description: Set the Network mode for the container * bridge create a network
stack on the default bridge * none no networking * container:<name|id> reuse
another container’s network stack * host use the podman host network stack.
* <network-name>|<network-id> connect to a user-defined network * ns:<path>
path to a network namespace to join * slirp4netns use slirp4netns to create
a user network stack. This is the default for rootless containers
aliases:
- net
- network_mode
multivalued: true
domain_of:
- PodmanContainer
- PodmanPlay
- PodmanPod
network_aliases:
name: network_aliases
description: Add network-scoped alias for the container. A container will only
have access to aliases on the first network that it joins. This is a limitation
that will be removed in a later release.
multivalued: true
domain_of:
- PodmanContainer
no_hosts:
name: no_hosts
description: Do not create /etc/hosts for the container Default is false.
ifabsent: 'False'
domain_of:
- PodmanContainer
- PodmanPod
range: boolean
oom_kill_disable:
name: oom_kill_disable
description: Whether to disable OOM Killer for the container or not. Default is
false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
oom_score_adj:
name: oom_score_adj
description: Tune the host’s OOM preferences for containers (accepts -1000 to
1000)
domain_of:
- PodmanContainer
range: integer
minimum_value: -1000
maximum_value: 1000
pid:
name: pid
description: Set the PID mode for the container
aliases:
- pid_mode
domain_of:
- PodmanContainer
- PodmanPod
pids_limit:
name: pids_limit
description: Tune the container’s PIDs limit. Set -1 to have unlimited PIDs for
the container.
domain_of:
- PodmanContainer
pod:
name: pod
description: Run container in an existing pod. If you want podman to make the
pod for you, prefix the pod name with “new:”
domain_of:
- PodmanContainer
privileged:
name: privileged
description: Give extended privileges to this container. The default is false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
publish:
name: publish
description: Publish a container’s port, or range of ports, to the host. Format
- ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort
In case of only containerPort is set, the hostPort will chosen randomly by Podman.
aliases:
- ports
- published
- published_ports
multivalued: true
domain_of:
- PodmanContainer
- PodmanPod
publish_all:
name: publish_all
description: Publish all exposed ports to random ports on the host interfaces.
The default is false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
read_only:
name: read_only
description: Mount the container’s root filesystem as read only. Default is false
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
read_only_tmpfs:
name: read_only_tmpfs
description: If container is running in –read-only mode, then mount a read-write
tmpfs on /run, /tmp, and /var/tmp. The default is true
ifabsent: 'True'
domain_of:
- PodmanContainer
range: boolean
recreate:
name: recreate
description: Use with present and started states to force the re-creation of an
existing container.
ifabsent: 'False'
domain_of:
- PodmanContainer
- PodmanNetwork
- PodmanPlay
- PodmanPod
- PodmanVolume
range: boolean
requires:
name: requires
description: Specify one or more requirements. A requirement is a dependency container
that will be started before this container. Containers can be specified by name
or ID.
multivalued: true
domain_of:
- PodmanContainer
- PodmanGenerateSystemd
restart_policy:
name: restart_policy
description: Restart policy to follow when containers exit. Restart policy will
not take effect if a container is stopped via the podman kill or podman stop
commands. Valid values are * no - Do not restart containers on exit * on-failure[:max_retries]
- Restart containers when they exit with a non-0 exit code, retrying indefinitely
or until the optional max_retries count is hit * always - Restart containers
when they exit, regardless of status, retrying indefinitely
domain_of:
- PodmanContainer
- PodmanGenerateSystemd
rm:
name: rm
description: Automatically remove the container when it exits. The default is
false.
aliases:
- remove
- auto_remove
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
rootfs:
name: rootfs
description: If true, the first argument refers to an exploded container on the
file system. The default is false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
sdnotify:
name: sdnotify
description: Determines how to use the NOTIFY_SOCKET, as passed with systemd and
Type=notify. Can be container, conmon, ignore.
domain_of:
- PodmanContainer
secrets:
name: secrets
description: Add the named secrets into the container. The format is secret[,opt=opt...],
see documentation for more details.
multivalued: true
domain_of:
- PodmanContainer
security_opt:
name: security_opt
description: Security Options. For example security_opt “seccomp=unconfined”
multivalued: true
domain_of:
- PodmanContainer
shm_size:
name: shm_size
description: Size of /dev/shm. The format is <number><unit>. number must be greater
than 0. Unit is optional and can be b (bytes), k (kilobytes), m(megabytes),
or g (gigabytes). If you omit the unit, the system uses bytes. If you omit the
size entirely, the system uses 64m
domain_of:
- PodmanContainer
sig_proxy:
name: sig_proxy
description: Proxy signals sent to the podman run command to the container process.
SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is true.
ifabsent: 'True'
domain_of:
- PodmanContainer
range: boolean
state:
name: state
description: 'absent - A container matching the specified name will be stopped
and removed.
present - Asserts the existence of a container matching the name and any provided
configuration parameters. If no container matches the name, a container will
be created. If a container matches the name but the provided configuration does
not match, the container will be updated, if it can be. If it cannot be updated,
it will be removed and re-created with the requested config. Image version will
be taken into account when comparing configuration. Use the recreate option
to force the re-creation of the matching container.
started - Asserts there is a running container matching the name and any provided
configuration. If no container matches the name, a container will be created
and started. Use recreate to always re-create a matching container, even if
it is running. Use force_restart to force a matching container to be stopped
and restarted.
stopped - Asserts that the container is first present, and then if the container
is running moves it to a stopped state.
created - Asserts that the container exists with given configuration. If container
doesn’t exist, the module creates it and leaves it in ‘created’ state. If configuration
doesn’t match or ‘recreate’ option is set, the container will be recreated'
ifabsent: string(started)
domain_of:
- PodmanContainer
- PodmanImage
- PodmanNetwork
- PodmanPlay
- PodmanPod
- PodmanSecret
- PodmanVolume
range: ContainerStateEnum
stop_signal:
name: stop_signal
description: Signal to stop a container. Default is SIGTERM.
domain_of:
- PodmanContainer
range: integer
stop_timeout:
name: stop_timeout
description: Timeout (in seconds) to stop a container. Default is 10.
ifabsent: int(10)
domain_of:
- PodmanContainer
- PodmanGenerateSystemd
range: integer
subgidname:
name: subgidname
description: Run the container in a new user namespace using the map with ‘name’
in the /etc/subgid file.
domain_of:
- PodmanContainer
- PodmanPod
subuidname:
name: subuidname
description: Run the container in a new user namespace using the map with ‘name’
in the /etc/subuid file.
domain_of:
- PodmanContainer
- PodmanPod
sysctl:
name: sysctl
description: Configure namespaced kernel parameters at runtime
domain_of:
- PodmanContainer
range: MetaObject
systemd:
name: systemd
description: Run container in systemd mode. The default is true.
ifabsent: string(true)
domain_of:
- PodmanContainer
timezone:
name: timezone
description: Set timezone in container. This flag takes area-based timezones,
GMT time, as well as local, which sets the timezone in the container to match
the host machine. See /usr/share/zoneinfo/ for valid timezones. Remote connections
use local containers.conf for defaults.
domain_of:
- PodmanContainer
tmpfs:
name: tmpfs
description: Create a tmpfs mount. For example tmpfs “/tmp” “rw,size=787448k,mode=1777”
domain_of:
- PodmanContainer
range: MetaObject
tty:
name: tty
description: Allocate a pseudo-TTY. The default is false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
uidmap:
name: uidmap
description: Run the container in a new user namespace using the supplied mapping.
multivalued: true
domain_of:
- PodmanContainer
- PodmanPod
ulimit:
name: ulimit
description: Ulimit options
aliases:
- ulimits
multivalued: true
domain_of:
- PodmanContainer
user:
name: user
description: Sets the username or UID used and optionally the groupname or GID
for the specified command.
domain_of:
- PodmanContainer
userns:
name: userns
description: Set the user namespace mode for the container. It defaults to the
PODMAN_USERNS environment variable. An empty value means user namespaces are
disabled.
aliases:
- userns_mode
domain_of:
- PodmanContainer
- PodmanPod
uts:
name: uts
description: Set the UTS mode for the container
domain_of:
- PodmanContainer
volume:
name: volume
description: Create a bind mount. If you specify, volume /HOST-DIR:/CONTAINER-DIR,
podman bind mounts /HOST-DIR in the host to /CONTAINER-DIR in the podman container.
aliases:
- volumes
multivalued: true
domain_of:
- PodmanContainer
- PodmanPod
volumes_from:
name: volumes_from
description: Mount volumes from the specified container(s).
multivalued: true
domain_of:
- PodmanContainer
workdir:
name: workdir
description: Working directory inside the container. The default working directory
for running binaries within a container is the root directory (/).
aliases:
- working_dir
domain_of:
- PodmanContainer
Induced
name: PodmanContainer
description: Podman container
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
is_a: IacModule
slot_usage:
annotation:
name: annotation
description: Add an annotation to the container. The format is key value, multiple
times.
domain_of:
- PodmanContainer
range: MetaObject
authfile:
name: authfile
description: Path of the authentication file. Default is ``${XDG_RUNTIME_DIR}/containers/auth.json``
(Not available for remote commands) You can also override the default path of
the authentication file by setting the ``REGISTRY_AUTH_FILE`` environment variable.
``export REGISTRY_AUTH_FILE=path``
domain_of:
- PodmanContainer
- PodmanLogin
- PodmanLogout
- PodmanPlay
blkio_weight:
name: blkio_weight
description: 'Block IO weight (relative weight) accepts a weight value between
10 and 1000 minimum_value: 10'
domain_of:
- PodmanContainer
range: integer
maximum_value: 1000
blkio_weight_device:
name: blkio_weight_device
description: Block IO weight (relative device weight, format DEVICE_NAME[:]WEIGHT).
domain_of:
- PodmanContainer
range: MetaObject
cap_add:
name: cap_add
description: List of capabilities to add to the container.
aliases:
- capabilities
multivalued: true
domain_of:
- PodmanContainer
cap_drop:
name: cap_drop
description: List of capabilities to drop from the container.
multivalued: true
domain_of:
- PodmanContainer
cgroup_parent:
name: cgroup_parent
description: Path to cgroups under which the cgroup for the container will be
created. If the path is not absolute, the path is considered to be relative
to the cgroups path of the init process. Cgroups will be created if they do
not already exist.
domain_of:
- PodmanContainer
- PodmanPod
cgroupns:
name: cgroupns
description: Path to cgroups under which the cgroup for the container will be
created.
domain_of:
- PodmanContainer
cgroups:
name: cgroups
description: Determines whether the container will create CGroups. Valid values
are enabled and disabled, which the default being enabled. The disabled option
will force the container to not create CGroups, and thus conflicts with CGroup
options cgroupns and cgroup-parent.
domain_of:
- PodmanContainer
cidfile:
name: cidfile
description: Write the container ID to the file
domain_of:
- PodmanContainer
cmd_args:
name: cmd_args
description: Any additional command options you want to pass to podman command,
cmd_args - [’–other-param’, ‘value’] Be aware module doesn’t support idempotency
if this is set.
multivalued: true
domain_of:
- PodmanContainer
command:
name: command
description: Override command of container. Can be a string or a list.
multivalued: true
domain_of:
- PodmanContainer
conmon_pidfile:
name: conmon_pidfile
description: Write the pid of the conmon process to a file. conmon runs in a separate
process than Podman, so this is necessary when using systemd to restart Podman
containers.
domain_of:
- PodmanContainer
cpu_period:
name: cpu_period
description: Limit the CPU real-time period in microseconds
domain_of:
- PodmanContainer
range: integer
cpu_rt_period:
name: cpu_rt_period
description: Limit the CPU real-time period in microseconds. Limit the container’s
Real Time CPU usage. This flag tell the kernel to restrict the container’s Real
Time CPU usage to the period you specify.
domain_of:
- PodmanContainer
range: integer
cpu_rt_runtime:
name: cpu_rt_runtime
description: Limit the CPU real-time runtime in microseconds. This flag tells
the kernel to limit the amount of time in a given CPU period Real Time tasks
may consume.
domain_of:
- PodmanContainer
range: integer
cpu_shares:
name: cpu_shares
description: CPU shares (relative weight)
domain_of:
- PodmanContainer
range: integer
cpus:
name: cpus
description: Number of CPUs. The default is 0.0 which means no limit.
domain_of:
- PodmanContainer
- PodmanPod
cpuset_cpus:
name: cpuset_cpus
description: CPUs in which to allow execution (0-3, 0,1)
domain_of:
- PodmanContainer
- PodmanPod
cpuset_mems:
name: cpuset_mems
description: Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only
effective on NUMA systems.
domain_of:
- PodmanContainer
debug:
name: debug
description: Return additional information which can be helpful for investigations.
ifabsent: 'False'
domain_of:
- PodmanContainer
- PodmanContainers
- PodmanNetwork
- PodmanPlay
- PodmanPod
- PodmanVolume
range: boolean
detach:
name: detach
description: Run container in detach mode
ifabsent: 'True'
domain_of:
- PodmanContainer
range: boolean
detach_keys:
name: detach_keys
description: Override the key sequence for detaching a container. Format is a
single character or ctrl-value
domain_of:
- PodmanContainer
device:
name: device
description: Add a host device to the container. The format is <device-on-host>[:<device-on-container>][:<permissions>]
(e.g. device /dev/sdc:/dev/xvdc:rwm)
multivalued: true
domain_of:
- PodmanContainer
- PodmanPod
device_read_bps:
name: device_read_bps
description: Limit read rate (bytes per second) from a device (e.g. device-read-bps
/dev/sda:1mb)
multivalued: true
domain_of:
- PodmanContainer
- PodmanPod
device_read_iops:
name: device_read_iops
description: Limit read rate (IO per second) from a device (e.g. device-read-iops
/dev/sda:1000)
multivalued: true
domain_of:
- PodmanContainer
device_write_bps:
name: device_write_bps
description: Limit write rate (bytes per second) to a device (e.g. device-write-bps
/dev/sda:1mb)
multivalued: true
domain_of:
- PodmanContainer
device_write_iops:
name: device_write_iops
description: Limit write rate (IO per second) to a device (e.g. device-write-iops
/dev/sda:1000)
multivalued: true
domain_of:
- PodmanContainer
dns:
name: dns
description: Set custom DNS servers
aliases:
- dns_servers
multivalued: true
domain_of:
- PodmanContainer
- PodmanPod
dns_option:
name: dns_option
description: Set custom DNS options
aliases:
- dns_opts
domain_of:
- PodmanContainer
dns_search:
name: dns_search
description: Set custom DNS search domains (Use dns_search with ‘’ if you don’t
wish to set the search domain)
aliases:
- dns_search_domains
domain_of:
- PodmanContainer
- PodmanPod
entrypoint:
name: entrypoint
description: Overwrite the default ENTRYPOINT of the image
domain_of:
- PodmanContainer
env:
name: env
description: Set environment variables. This option allows you to specify arbitrary
environment variables that are available for the process that will be launched
inside of the container.
domain_of:
- PodmanContainer
- PodmanGenerateSystemd
range: MetaObject
env_file:
name: env_file
description: Read in a line delimited file of environment variables. Doesn’t support
idempotency. If users changes the file with environment variables it’s on them
to recreate the container.
domain_of:
- PodmanContainer
env_host:
name: env_host
description: Use all current host environment variables in container. Defaults
to false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
etc_hosts:
name: etc_hosts
description: Dict of host-to-IP mappings, where each host name is a key in the
dictionary. Each host name will be added to the container’s ``/etc/hosts`` file.
aliases:
- add_hosts
domain_of:
- PodmanContainer
range: MetaObject
executable:
name: executable
description: Path to podman executable if it is not in the $PATH on the machine
running podman
ifabsent: string(podman)
domain_of:
- IacModule
expose:
name: expose
description: Expose a port, or a range of ports (e.g. expose “3300-3310”) to set
up port redirection on the host system.
aliases:
- exposed
- exposed_ports
multivalued: true
domain_of:
- PodmanContainer
force_restart:
name: force_restart
description: Force restart of container.
aliases:
- restart
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
generate_systemd:
name: generate_systemd
description: Generate systemd unit file for container.
domain_of:
- PodmanContainer
- PodmanPod
range: MetaObject
gidmap:
name: gidmap
description: Run the container in a new user namespace using the supplied mapping.
multivalued: true
domain_of:
- PodmanContainer
- PodmanPod
group_add:
name: group_add
description: Add additional groups to run as
aliases:
- groups
multivalued: true
domain_of:
- PodmanContainer
healthcheck:
name: healthcheck
description: Set or alter a healthcheck command for a container.
domain_of:
- PodmanContainer
healthcheck_interval:
name: healthcheck_interval
description: Set an interval for the healthchecks (a value of disable results
in no automatic timer setup) (default “30s”)
domain_of:
- PodmanContainer
healthcheck_retries:
name: healthcheck_retries
description: The number of retries allowed before a healthcheck is considered
to be unhealthy. The default value is 3.
ifabsent: int(3)
domain_of:
- PodmanContainer
range: integer
healthcheck_start_period:
name: healthcheck_start_period
description: The initialization time needed for a container to bootstrap. The
value can be expressed in time format like 2m3s. The default value is 0s
domain_of:
- PodmanContainer
healthcheck_timeout:
name: healthcheck_timeout
description: The maximum time allowed to complete the healthcheck before an interval
is considered failed. Like start-period, the value can be expressed in a time
format such as 1m22s. The default value is 30s
domain_of:
- PodmanContainer
hostname:
name: hostname
description: Container host name. Sets the container host name that is available
inside the container.
domain_of:
- PodmanContainer
- PodmanPod
http_proxy:
name: http_proxy
description: By default proxy environment variables are passed into the container
if set for the podman process. This can be disabled by setting the http_proxy
option to false. The environment variables passed in include http_proxy, https_proxy,
ftp_proxy, no_proxy, and also the upper case versions of those. Defaults to
true
ifabsent: 'True'
domain_of:
- PodmanContainer
range: boolean
image:
name: image
description: Repository path (or image name) and tag used to create the container.
If an image is not found, the image will be pulled from the registry. If no
tag is included, latest will be used. Can also be an image ID. If this is the
case, the image is assumed to be available locally.
image_strict:
name: image_strict
description: Whether to compare images in idempotency by taking into account a
full name with registry and namespaces.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
image_volume:
name: image_volume
description: Tells podman how to handle the builtin image volumes. The options
are bind, tmpfs, or ignore (default bind)
domain_of:
- PodmanContainer
range: ContainerImageVolumeEnum
init:
name: init
description: Run an init inside the container that forwards signals and reaps
processes. The default is false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
init_path:
name: init_path
description: Path to the container-init binary.
domain_of:
- PodmanContainer
interactive:
name: interactive
description: Keep STDIN open even if not attached. The default is false. When
set to true, keep stdin open even if not attached. The default is false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
ip:
name: ip
description: Specify a static IP address for the container, for example ‘10.88.64.128’.
Can only be used if no additional CNI networks to join were specified via ‘network:’,
and if the container is not joining another container’s network namespace via
‘network container:<name|id>’. The address must be within the default CNI network’s
pool (default 10.88.0.0/16).
domain_of:
- PodmanContainer
- PodmanPod
ipc:
name: ipc
description: Default is to create a private IPC namespace (POSIX SysV IPC) for
the container
aliases:
- ipc_mode
domain_of:
- PodmanContainer
kernel_memory:
name: kernel_memory
description: Kernel memory limit (format <number>[<unit>], where unit = b, k,
m or g) Note - idempotency is supported for integers only.
domain_of:
- PodmanContainer
label:
name: label
description: Add metadata to a container, pass dictionary of label names and values
aliases:
- labels
domain_of:
- PodmanContainer
- PodmanPod
- PodmanVolume
range: MetaObject
label_file:
name: label_file
description: Read in a line delimited file of labels
domain_of:
- PodmanContainer
- PodmanPod
log_driver:
name: log_driver
description: Logging driver. Used to set the log driver for the container. For
example log_driver “k8s-file”.
domain_of:
- PodmanContainer
- PodmanPlay
range: ContainerLogDriverEnum
log_level:
name: log_level
description: Logging level for Podman. Log messages above specified level (“debug”|”info”|”warn”|”error”|”fatal”|”panic”)
(default “error”)
domain_of:
- PodmanContainer
- PodmanPlay
range: ContainerLogLevelEnum
log_opt:
name: log_opt
description: Logging driver specific options. Used to set the path to the container
log file.
aliases:
- log_options
domain_of:
- PodmanContainer
range: MetaObject
mac_address:
name: mac_address
description: Specify a MAC address for the container, for example ‘92:d0:c6:0a:29:33’.
Don’t forget that it must be unique within one Ethernet network.
domain_of:
- PodmanContainer
- PodmanPod
memory:
name: memory
description: Memory limit (format 10k, where unit = b, k, m or g) Note - idempotency
is supported for integers only.
domain_of:
- PodmanContainer
memory_reservation:
name: memory_reservation
description: Memory soft limit (format 100m, where unit = b, k, m or g) Note -
idempotency is supported for integers only.
domain_of:
- PodmanContainer
memory_swap:
name: memory_swap
description: A limit value equal to memory plus swap. Must be used with the -m
(–memory) flag. The swap LIMIT should always be larger than -m (–memory) value.
By default, the swap LIMIT will be set to double the value of –memory Note -
idempotency is supported for integers only.
domain_of:
- PodmanContainer
memory_swappiness:
name: memory_swappiness
description: Tune a container’s memory swappiness behavior. Accepts an integer
between 0 and 100.
domain_of:
- PodmanContainer
range: integer
minimum_value: 0
maximum_value: 100
mount:
name: mount
description: Attach a filesystem mount to the container. bind or tmpfs For example
mount “type=bind,source=/path/on/host,destination=/path/in/container”
aliases:
- mounts
multivalued: true
domain_of:
- PodmanContainer
name:
name: name
description: Name of the container
domain_of:
- PodmanContainer
- PodmanGenerateSystemd
- PodmanImage
- PodmanNetwork
- PodmanPod
- PodmanSecret
- PodmanVolume
- Attribute
- Entity
required: true
network:
name: network
description: Set the Network mode for the container * bridge create a network
stack on the default bridge * none no networking * container:<name|id> reuse
another container’s network stack * host use the podman host network stack.
* <network-name>|<network-id> connect to a user-defined network * ns:<path>
path to a network namespace to join * slirp4netns use slirp4netns to create
a user network stack. This is the default for rootless containers
aliases:
- net
- network_mode
multivalued: true
domain_of:
- PodmanContainer
- PodmanPlay
- PodmanPod
network_aliases:
name: network_aliases
description: Add network-scoped alias for the container. A container will only
have access to aliases on the first network that it joins. This is a limitation
that will be removed in a later release.
multivalued: true
domain_of:
- PodmanContainer
no_hosts:
name: no_hosts
description: Do not create /etc/hosts for the container Default is false.
ifabsent: 'False'
domain_of:
- PodmanContainer
- PodmanPod
range: boolean
oom_kill_disable:
name: oom_kill_disable
description: Whether to disable OOM Killer for the container or not. Default is
false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
oom_score_adj:
name: oom_score_adj
description: Tune the host’s OOM preferences for containers (accepts -1000 to
1000)
domain_of:
- PodmanContainer
range: integer
minimum_value: -1000
maximum_value: 1000
pid:
name: pid
description: Set the PID mode for the container
aliases:
- pid_mode
domain_of:
- PodmanContainer
- PodmanPod
pids_limit:
name: pids_limit
description: Tune the container’s PIDs limit. Set -1 to have unlimited PIDs for
the container.
domain_of:
- PodmanContainer
pod:
name: pod
description: Run container in an existing pod. If you want podman to make the
pod for you, prefix the pod name with “new:”
domain_of:
- PodmanContainer
privileged:
name: privileged
description: Give extended privileges to this container. The default is false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
publish:
name: publish
description: Publish a container’s port, or range of ports, to the host. Format
- ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort
In case of only containerPort is set, the hostPort will chosen randomly by Podman.
aliases:
- ports
- published
- published_ports
multivalued: true
domain_of:
- PodmanContainer
- PodmanPod
publish_all:
name: publish_all
description: Publish all exposed ports to random ports on the host interfaces.
The default is false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
read_only:
name: read_only
description: Mount the container’s root filesystem as read only. Default is false
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
read_only_tmpfs:
name: read_only_tmpfs
description: If container is running in –read-only mode, then mount a read-write
tmpfs on /run, /tmp, and /var/tmp. The default is true
ifabsent: 'True'
domain_of:
- PodmanContainer
range: boolean
recreate:
name: recreate
description: Use with present and started states to force the re-creation of an
existing container.
ifabsent: 'False'
domain_of:
- PodmanContainer
- PodmanNetwork
- PodmanPlay
- PodmanPod
- PodmanVolume
range: boolean
requires:
name: requires
description: Specify one or more requirements. A requirement is a dependency container
that will be started before this container. Containers can be specified by name
or ID.
multivalued: true
domain_of:
- PodmanContainer
- PodmanGenerateSystemd
restart_policy:
name: restart_policy
description: Restart policy to follow when containers exit. Restart policy will
not take effect if a container is stopped via the podman kill or podman stop
commands. Valid values are * no - Do not restart containers on exit * on-failure[:max_retries]
- Restart containers when they exit with a non-0 exit code, retrying indefinitely
or until the optional max_retries count is hit * always - Restart containers
when they exit, regardless of status, retrying indefinitely
domain_of:
- PodmanContainer
- PodmanGenerateSystemd
rm:
name: rm
description: Automatically remove the container when it exits. The default is
false.
aliases:
- remove
- auto_remove
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
rootfs:
name: rootfs
description: If true, the first argument refers to an exploded container on the
file system. The default is false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
sdnotify:
name: sdnotify
description: Determines how to use the NOTIFY_SOCKET, as passed with systemd and
Type=notify. Can be container, conmon, ignore.
domain_of:
- PodmanContainer
secrets:
name: secrets
description: Add the named secrets into the container. The format is secret[,opt=opt...],
see documentation for more details.
multivalued: true
domain_of:
- PodmanContainer
security_opt:
name: security_opt
description: Security Options. For example security_opt “seccomp=unconfined”
multivalued: true
domain_of:
- PodmanContainer
shm_size:
name: shm_size
description: Size of /dev/shm. The format is <number><unit>. number must be greater
than 0. Unit is optional and can be b (bytes), k (kilobytes), m(megabytes),
or g (gigabytes). If you omit the unit, the system uses bytes. If you omit the
size entirely, the system uses 64m
domain_of:
- PodmanContainer
sig_proxy:
name: sig_proxy
description: Proxy signals sent to the podman run command to the container process.
SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is true.
ifabsent: 'True'
domain_of:
- PodmanContainer
range: boolean
state:
name: state
description: 'absent - A container matching the specified name will be stopped
and removed.
present - Asserts the existence of a container matching the name and any provided
configuration parameters. If no container matches the name, a container will
be created. If a container matches the name but the provided configuration does
not match, the container will be updated, if it can be. If it cannot be updated,
it will be removed and re-created with the requested config. Image version will
be taken into account when comparing configuration. Use the recreate option
to force the re-creation of the matching container.
started - Asserts there is a running container matching the name and any provided
configuration. If no container matches the name, a container will be created
and started. Use recreate to always re-create a matching container, even if
it is running. Use force_restart to force a matching container to be stopped
and restarted.
stopped - Asserts that the container is first present, and then if the container
is running moves it to a stopped state.
created - Asserts that the container exists with given configuration. If container
doesn’t exist, the module creates it and leaves it in ‘created’ state. If configuration
doesn’t match or ‘recreate’ option is set, the container will be recreated'
ifabsent: string(started)
domain_of:
- PodmanContainer
- PodmanImage
- PodmanNetwork
- PodmanPlay
- PodmanPod
- PodmanSecret
- PodmanVolume
range: ContainerStateEnum
stop_signal:
name: stop_signal
description: Signal to stop a container. Default is SIGTERM.
domain_of:
- PodmanContainer
range: integer
stop_timeout:
name: stop_timeout
description: Timeout (in seconds) to stop a container. Default is 10.
ifabsent: int(10)
domain_of:
- PodmanContainer
- PodmanGenerateSystemd
range: integer
subgidname:
name: subgidname
description: Run the container in a new user namespace using the map with ‘name’
in the /etc/subgid file.
domain_of:
- PodmanContainer
- PodmanPod
subuidname:
name: subuidname
description: Run the container in a new user namespace using the map with ‘name’
in the /etc/subuid file.
domain_of:
- PodmanContainer
- PodmanPod
sysctl:
name: sysctl
description: Configure namespaced kernel parameters at runtime
domain_of:
- PodmanContainer
range: MetaObject
systemd:
name: systemd
description: Run container in systemd mode. The default is true.
ifabsent: string(true)
domain_of:
- PodmanContainer
timezone:
name: timezone
description: Set timezone in container. This flag takes area-based timezones,
GMT time, as well as local, which sets the timezone in the container to match
the host machine. See /usr/share/zoneinfo/ for valid timezones. Remote connections
use local containers.conf for defaults.
domain_of:
- PodmanContainer
tmpfs:
name: tmpfs
description: Create a tmpfs mount. For example tmpfs “/tmp” “rw,size=787448k,mode=1777”
domain_of:
- PodmanContainer
range: MetaObject
tty:
name: tty
description: Allocate a pseudo-TTY. The default is false.
ifabsent: 'False'
domain_of:
- PodmanContainer
range: boolean
uidmap:
name: uidmap
description: Run the container in a new user namespace using the supplied mapping.
multivalued: true
domain_of:
- PodmanContainer
- PodmanPod
ulimit:
name: ulimit
description: Ulimit options
aliases:
- ulimits
multivalued: true
domain_of:
- PodmanContainer
user:
name: user
description: Sets the username or UID used and optionally the groupname or GID
for the specified command.
domain_of:
- PodmanContainer
userns:
name: userns
description: Set the user namespace mode for the container. It defaults to the
PODMAN_USERNS environment variable. An empty value means user namespaces are
disabled.
aliases:
- userns_mode
domain_of:
- PodmanContainer
- PodmanPod
uts:
name: uts
description: Set the UTS mode for the container
domain_of:
- PodmanContainer
volume:
name: volume
description: Create a bind mount. If you specify, volume /HOST-DIR:/CONTAINER-DIR,
podman bind mounts /HOST-DIR in the host to /CONTAINER-DIR in the podman container.
aliases:
- volumes
multivalued: true
domain_of:
- PodmanContainer
- PodmanPod
volumes_from:
name: volumes_from
description: Mount volumes from the specified container(s).
multivalued: true
domain_of:
- PodmanContainer
workdir:
name: workdir
description: Working directory inside the container. The default working directory
for running binaries within a container is the root directory (/).
aliases:
- working_dir
domain_of:
- PodmanContainer
attributes:
state:
name: state
description: 'absent - A container matching the specified name will be stopped
and removed.
present - Asserts the existence of a container matching the name and any provided
configuration parameters. If no container matches the name, a container will
be created. If a container matches the name but the provided configuration does
not match, the container will be updated, if it can be. If it cannot be updated,
it will be removed and re-created with the requested config. Image version will
be taken into account when comparing configuration. Use the recreate option
to force the re-creation of the matching container.
started - Asserts there is a running container matching the name and any provided
configuration. If no container matches the name, a container will be created
and started. Use recreate to always re-create a matching container, even if
it is running. Use force_restart to force a matching container to be stopped
and restarted.
stopped - Asserts that the container is first present, and then if the container
is running moves it to a stopped state.
created - Asserts that the container exists with given configuration. If container
doesn’t exist, the module creates it and leaves it in ‘created’ state. If configuration
doesn’t match or ‘recreate’ option is set, the container will be recreated'
from_schema: https://w3id.org/lmodel/ucs-core
is_a: associationSlot
domain: Association
slot_uri: uco-observable:state
ifabsent: string(started)
alias: state
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanImage
- PodmanNetwork
- PodmanPlay
- PodmanPod
- PodmanSecret
- PodmanVolume
range: ContainerStateEnum
annotation:
name: annotation
description: Add an annotation to the container. The format is key value, multiple
times.
from_schema: https://w3id.org/lmodel/ucs-core
alias: annotation
owner: PodmanContainer
domain_of:
- PodmanContainer
range: MetaObject
authfile:
name: authfile
description: Path of the authentication file. Default is ``${XDG_RUNTIME_DIR}/containers/auth.json``
(Not available for remote commands) You can also override the default path of
the authentication file by setting the ``REGISTRY_AUTH_FILE`` environment variable.
``export REGISTRY_AUTH_FILE=path``
from_schema: https://w3id.org/lmodel/ucs-core
alias: authfile
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanLogin
- PodmanLogout
- PodmanPlay
range: string
blkio_weight:
name: blkio_weight
description: 'Block IO weight (relative weight) accepts a weight value between
10 and 1000 minimum_value: 10'
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: blkio_weight
owner: PodmanContainer
domain_of:
- PodmanContainer
range: integer
minimum_value: 10
maximum_value: 1000
blkio_weight_device:
name: blkio_weight_device
description: Block IO weight (relative device weight, format DEVICE_NAME[:]WEIGHT).
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
multivalued: true
alias: blkio_weight_device
owner: PodmanContainer
domain_of:
- PodmanContainer
range: MetaObject
cap_add:
name: cap_add
description: List of capabilities to add to the container.
from_schema: https://w3id.org/lmodel/ucs-containers
aliases:
- capabilities
rank: 1000
multivalued: true
alias: cap_add
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
cap_drop:
name: cap_drop
description: List of capabilities to drop from the container.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
multivalued: true
alias: cap_drop
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
cgroup_parent:
name: cgroup_parent
description: Path to cgroups under which the cgroup for the container will be
created. If the path is not absolute, the path is considered to be relative
to the cgroups path of the init process. Cgroups will be created if they do
not already exist.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: cgroup_parent
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
cgroupns:
name: cgroupns
description: Path to cgroups under which the cgroup for the container will be
created.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: cgroupns
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
cgroups:
name: cgroups
description: Determines whether the container will create CGroups. Valid values
are enabled and disabled, which the default being enabled. The disabled option
will force the container to not create CGroups, and thus conflicts with CGroup
options cgroupns and cgroup-parent.
from_schema: https://w3id.org/lmodel/ucs-core
alias: cgroups
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
cidfile:
name: cidfile
description: Write the container ID to the file
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: cidfile
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
cmd_args:
name: cmd_args
description: Any additional command options you want to pass to podman command,
cmd_args - [’–other-param’, ‘value’] Be aware module doesn’t support idempotency
if this is set.
from_schema: https://w3id.org/lmodel/ucs-core
multivalued: true
alias: cmd_args
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
conmon_pidfile:
name: conmon_pidfile
description: Write the pid of the conmon process to a file. conmon runs in a separate
process than Podman, so this is necessary when using systemd to restart Podman
containers.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: conmon_pidfile
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
command:
name: command
description: Override command of container. Can be a string or a list.
from_schema: https://w3id.org/lmodel/ucs-core
multivalued: true
alias: command
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
cpu_period:
name: cpu_period
description: Limit the CPU real-time period in microseconds
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: cpu_period
owner: PodmanContainer
domain_of:
- PodmanContainer
range: integer
cpu_rt_period:
name: cpu_rt_period
description: Limit the CPU real-time period in microseconds. Limit the container’s
Real Time CPU usage. This flag tell the kernel to restrict the container’s Real
Time CPU usage to the period you specify.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: cpu_rt_period
owner: PodmanContainer
domain_of:
- PodmanContainer
range: integer
cpu_rt_runtime:
name: cpu_rt_runtime
description: Limit the CPU real-time runtime in microseconds. This flag tells
the kernel to limit the amount of time in a given CPU period Real Time tasks
may consume.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: cpu_rt_runtime
owner: PodmanContainer
domain_of:
- PodmanContainer
range: integer
cpu_shares:
name: cpu_shares
description: CPU shares (relative weight)
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: cpu_shares
owner: PodmanContainer
domain_of:
- PodmanContainer
range: integer
cpus:
name: cpus
description: Number of CPUs. The default is 0.0 which means no limit.
from_schema: https://w3id.org/lmodel/ucs-core
alias: cpus
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
cpuset_cpus:
name: cpuset_cpus
description: CPUs in which to allow execution (0-3, 0,1)
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: cpuset_cpus
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
cpuset_mems:
name: cpuset_mems
description: Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only
effective on NUMA systems.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: cpuset_mems
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
detach:
name: detach
description: Run container in detach mode
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
ifabsent: 'True'
alias: detach
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
debug:
name: debug
description: Return additional information which can be helpful for investigations.
from_schema: https://w3id.org/lmodel/ucs-core
ifabsent: 'False'
alias: debug
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanContainers
- PodmanNetwork
- PodmanPlay
- PodmanPod
- PodmanVolume
range: boolean
detach_keys:
name: detach_keys
description: Override the key sequence for detaching a container. Format is a
single character or ctrl-value
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: detach_keys
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
device:
name: device
description: Add a host device to the container. The format is <device-on-host>[:<device-on-container>][:<permissions>]
(e.g. device /dev/sdc:/dev/xvdc:rwm)
from_schema: https://w3id.org/lmodel/ucs-core
multivalued: true
alias: device
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
device_read_bps:
name: device_read_bps
description: Limit read rate (bytes per second) from a device (e.g. device-read-bps
/dev/sda:1mb)
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
multivalued: true
alias: device_read_bps
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
device_read_iops:
name: device_read_iops
description: Limit read rate (IO per second) from a device (e.g. device-read-iops
/dev/sda:1000)
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
multivalued: true
alias: device_read_iops
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
device_write_bps:
name: device_write_bps
description: Limit write rate (bytes per second) to a device (e.g. device-write-bps
/dev/sda:1mb)
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
multivalued: true
alias: device_write_bps
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
device_write_iops:
name: device_write_iops
description: Limit write rate (IO per second) to a device (e.g. device-write-iops
/dev/sda:1000)
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
multivalued: true
alias: device_write_iops
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
dns:
name: dns
description: Set custom DNS servers
from_schema: https://w3id.org/lmodel/ucs-core
aliases:
- dns_servers
multivalued: true
alias: dns
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
dns_option:
name: dns_option
description: Set custom DNS options
from_schema: https://w3id.org/lmodel/ucs-core
aliases:
- dns_opts
alias: dns_option
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
dns_search:
name: dns_search
description: Set custom DNS search domains (Use dns_search with ‘’ if you don’t
wish to set the search domain)
from_schema: https://w3id.org/lmodel/ucs-core
aliases:
- dns_search_domains
alias: dns_search
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
entrypoint:
name: entrypoint
description: Overwrite the default ENTRYPOINT of the image
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: entrypoint
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
env:
name: env
description: Set environment variables. This option allows you to specify arbitrary
environment variables that are available for the process that will be launched
inside of the container.
from_schema: https://w3id.org/lmodel/ucs-core
alias: env
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanGenerateSystemd
range: MetaObject
env_file:
name: env_file
description: Read in a line delimited file of environment variables. Doesn’t support
idempotency. If users changes the file with environment variables it’s on them
to recreate the container.
from_schema: https://w3id.org/lmodel/ucs-core
alias: env_file
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
env_host:
name: env_host
description: Use all current host environment variables in container. Defaults
to false.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
ifabsent: 'False'
alias: env_host
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
etc_hosts:
name: etc_hosts
description: Dict of host-to-IP mappings, where each host name is a key in the
dictionary. Each host name will be added to the container’s ``/etc/hosts`` file.
from_schema: https://w3id.org/lmodel/ucs-core
aliases:
- add_hosts
alias: etc_hosts
owner: PodmanContainer
domain_of:
- PodmanContainer
range: MetaObject
expose:
name: expose
description: Expose a port, or a range of ports (e.g. expose “3300-3310”) to set
up port redirection on the host system.
from_schema: https://w3id.org/lmodel/ucs-containers
aliases:
- exposed
- exposed_ports
rank: 1000
multivalued: true
alias: expose
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
force_restart:
name: force_restart
description: Force restart of container.
from_schema: https://w3id.org/lmodel/ucs-containers
aliases:
- restart
rank: 1000
ifabsent: 'False'
alias: force_restart
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
generate_systemd:
name: generate_systemd
description: Generate systemd unit file for container.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: generate_systemd
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: MetaObject
gidmap:
name: gidmap
description: Run the container in a new user namespace using the supplied mapping.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
multivalued: true
alias: gidmap
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
group_add:
name: group_add
description: Add additional groups to run as
from_schema: https://w3id.org/lmodel/ucs-containers
aliases:
- groups
rank: 1000
multivalued: true
alias: group_add
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
healthcheck:
name: healthcheck
description: Set or alter a healthcheck command for a container.
from_schema: https://w3id.org/lmodel/ucs-core
alias: healthcheck
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
healthcheck_interval:
name: healthcheck_interval
description: Set an interval for the healthchecks (a value of disable results
in no automatic timer setup) (default “30s”)
from_schema: https://w3id.org/lmodel/ucs-core
alias: healthcheck_interval
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
healthcheck_retries:
name: healthcheck_retries
description: The number of retries allowed before a healthcheck is considered
to be unhealthy. The default value is 3.
from_schema: https://w3id.org/lmodel/ucs-core
ifabsent: int(3)
alias: healthcheck_retries
owner: PodmanContainer
domain_of:
- PodmanContainer
range: integer
healthcheck_start_period:
name: healthcheck_start_period
description: The initialization time needed for a container to bootstrap. The
value can be expressed in time format like 2m3s. The default value is 0s
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
ifabsent: string(0s)
alias: healthcheck_start_period
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
healthcheck_timeout:
name: healthcheck_timeout
description: The maximum time allowed to complete the healthcheck before an interval
is considered failed. Like start-period, the value can be expressed in a time
format such as 1m22s. The default value is 30s
from_schema: https://w3id.org/lmodel/ucs-core
ifabsent: string(30s)
alias: healthcheck_timeout
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
hostname:
name: hostname
description: Container host name. Sets the container host name that is available
inside the container.
from_schema: https://w3id.org/lmodel/ucs-core
slot_uri: uco-observable:hostname
alias: hostname
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
http_proxy:
name: http_proxy
description: By default proxy environment variables are passed into the container
if set for the podman process. This can be disabled by setting the http_proxy
option to false. The environment variables passed in include http_proxy, https_proxy,
ftp_proxy, no_proxy, and also the upper case versions of those. Defaults to
true
from_schema: https://w3id.org/lmodel/ucs-core
ifabsent: 'True'
alias: http_proxy
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
image_volume:
name: image_volume
description: Tells podman how to handle the builtin image volumes. The options
are bind, tmpfs, or ignore (default bind)
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: image_volume
owner: PodmanContainer
domain_of:
- PodmanContainer
range: ContainerImageVolumeEnum
image_strict:
name: image_strict
description: Whether to compare images in idempotency by taking into account a
full name with registry and namespaces.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
ifabsent: 'False'
alias: image_strict
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
init:
name: init
description: Run an init inside the container that forwards signals and reaps
processes. The default is false.
from_schema: https://w3id.org/lmodel/ucs-core
ifabsent: 'False'
alias: init
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
init_path:
name: init_path
description: Path to the container-init binary.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: init_path
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
interactive:
name: interactive
description: Keep STDIN open even if not attached. The default is false. When
set to true, keep stdin open even if not attached. The default is false.
from_schema: https://w3id.org/lmodel/ucs-core
ifabsent: 'False'
alias: interactive
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
ip:
name: ip
description: Specify a static IP address for the container, for example ‘10.88.64.128’.
Can only be used if no additional CNI networks to join were specified via ‘network:’,
and if the container is not joining another container’s network namespace via
‘network container:<name|id>’. The address must be within the default CNI network’s
pool (default 10.88.0.0/16).
from_schema: https://w3id.org/lmodel/ucs-core
slot_uri: uco-observable:ip
alias: ip
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
ipc:
name: ipc
description: Default is to create a private IPC namespace (POSIX SysV IPC) for
the container
from_schema: https://w3id.org/lmodel/ucs-containers
aliases:
- ipc_mode
rank: 1000
alias: ipc
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
kernel_memory:
name: kernel_memory
description: Kernel memory limit (format <number>[<unit>], where unit = b, k,
m or g) Note - idempotency is supported for integers only.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: kernel_memory
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
label:
name: label
description: Add metadata to a container, pass dictionary of label names and values
from_schema: https://w3id.org/lmodel/ucs-core
aliases:
- labels
alias: label
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
- PodmanVolume
range: MetaObject
label_file:
name: label_file
description: Read in a line delimited file of labels
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: label_file
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
log_driver:
name: log_driver
description: Logging driver. Used to set the log driver for the container. For
example log_driver “k8s-file”.
from_schema: https://w3id.org/lmodel/ucs-core
alias: log_driver
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPlay
range: ContainerLogDriverEnum
log_level:
name: log_level
description: Logging level for Podman. Log messages above specified level (“debug”|”info”|”warn”|”error”|”fatal”|”panic”)
(default “error”)
from_schema: https://w3id.org/lmodel/ucs-core
alias: log_level
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPlay
range: ContainerLogLevelEnum
log_opt:
name: log_opt
description: Logging driver specific options. Used to set the path to the container
log file.
from_schema: https://w3id.org/lmodel/ucs-containers
aliases:
- log_options
rank: 1000
alias: log_opt
owner: PodmanContainer
domain_of:
- PodmanContainer
range: MetaObject
mac_address:
name: mac_address
description: Specify a MAC address for the container, for example ‘92:d0:c6:0a:29:33’.
Don’t forget that it must be unique within one Ethernet network.
from_schema: https://w3id.org/lmodel/ucs-core
alias: mac_address
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
memory:
name: memory
description: Memory limit (format 10k, where unit = b, k, m or g) Note - idempotency
is supported for integers only.
from_schema: https://w3id.org/lmodel/ucs-core
alias: memory
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
memory_reservation:
name: memory_reservation
description: Memory soft limit (format 100m, where unit = b, k, m or g) Note -
idempotency is supported for integers only.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: memory_reservation
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
memory_swap:
name: memory_swap
description: A limit value equal to memory plus swap. Must be used with the -m
(–memory) flag. The swap LIMIT should always be larger than -m (–memory) value.
By default, the swap LIMIT will be set to double the value of –memory Note -
idempotency is supported for integers only.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: memory_swap
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
memory_swappiness:
name: memory_swappiness
description: Tune a container’s memory swappiness behavior. Accepts an integer
between 0 and 100.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: memory_swappiness
owner: PodmanContainer
domain_of:
- PodmanContainer
range: integer
minimum_value: 0
maximum_value: 100
mount:
name: mount
description: Attach a filesystem mount to the container. bind or tmpfs For example
mount “type=bind,source=/path/on/host,destination=/path/in/container”
from_schema: https://w3id.org/lmodel/ucs-core
aliases:
- mounts
multivalued: true
alias: mount
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
name:
name: name
description: Name of the container
from_schema: https://w3id.org/lmodel/ucs-core
slot_uri: rdfs:label
alias: name
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanGenerateSystemd
- PodmanImage
- PodmanNetwork
- PodmanPod
- PodmanSecret
- PodmanVolume
- Attribute
- Entity
range: label type
required: true
network:
name: network
description: Set the Network mode for the container * bridge create a network
stack on the default bridge * none no networking * container:<name|id> reuse
another container’s network stack * host use the podman host network stack.
* <network-name>|<network-id> connect to a user-defined network * ns:<path>
path to a network namespace to join * slirp4netns use slirp4netns to create
a user network stack. This is the default for rootless containers
from_schema: https://w3id.org/lmodel/ucs-core
aliases:
- net
- network_mode
slot_uri: uco-observable:network
multivalued: true
alias: network
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPlay
- PodmanPod
range: string
network_aliases:
name: network_aliases
description: Add network-scoped alias for the container. A container will only
have access to aliases on the first network that it joins. This is a limitation
that will be removed in a later release.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
multivalued: true
alias: network_aliases
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
no_hosts:
name: no_hosts
description: Do not create /etc/hosts for the container Default is false.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
ifabsent: 'False'
alias: no_hosts
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: boolean
oom_kill_disable:
name: oom_kill_disable
description: Whether to disable OOM Killer for the container or not. Default is
false.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
ifabsent: 'False'
alias: oom_kill_disable
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
oom_score_adj:
name: oom_score_adj
description: Tune the host’s OOM preferences for containers (accepts -1000 to
1000)
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: oom_score_adj
owner: PodmanContainer
domain_of:
- PodmanContainer
range: integer
minimum_value: -1000
maximum_value: 1000
pid:
name: pid
description: Set the PID mode for the container
from_schema: https://w3id.org/lmodel/ucs-core
aliases:
- pid_mode
slot_uri: uco-observable:pid
alias: pid
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
pids_limit:
name: pids_limit
description: Tune the container’s PIDs limit. Set -1 to have unlimited PIDs for
the container.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: pids_limit
owner: PodmanContainer
domain_of:
- PodmanContainer
range: integer
minimum_value: -1
pod:
name: pod
description: Run container in an existing pod. If you want podman to make the
pod for you, prefix the pod name with “new:”
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: pod
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
privileged:
name: privileged
description: Give extended privileges to this container. The default is false.
from_schema: https://w3id.org/lmodel/ucs-core
ifabsent: 'False'
alias: privileged
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
publish:
name: publish
description: Publish a container’s port, or range of ports, to the host. Format
- ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort
In case of only containerPort is set, the hostPort will chosen randomly by Podman.
from_schema: https://w3id.org/lmodel/ucs-core
aliases:
- ports
- published
- published_ports
multivalued: true
alias: publish
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
publish_all:
name: publish_all
description: Publish all exposed ports to random ports on the host interfaces.
The default is false.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
ifabsent: 'False'
alias: publish_all
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
read_only:
name: read_only
description: Mount the container’s root filesystem as read only. Default is false
from_schema: https://w3id.org/lmodel/ucs-core
ifabsent: 'False'
alias: read_only
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
read_only_tmpfs:
name: read_only_tmpfs
description: If container is running in –read-only mode, then mount a read-write
tmpfs on /run, /tmp, and /var/tmp. The default is true
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
ifabsent: 'True'
alias: read_only_tmpfs
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
recreate:
name: recreate
description: Use with present and started states to force the re-creation of an
existing container.
from_schema: https://w3id.org/lmodel/ucs-core
ifabsent: 'False'
alias: recreate
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanNetwork
- PodmanPlay
- PodmanPod
- PodmanVolume
range: boolean
requires:
name: requires
description: Specify one or more requirements. A requirement is a dependency container
that will be started before this container. Containers can be specified by name
or ID.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
multivalued: true
alias: requires
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanGenerateSystemd
range: string
restart_policy:
name: restart_policy
description: Restart policy to follow when containers exit. Restart policy will
not take effect if a container is stopped via the podman kill or podman stop
commands. Valid values are * no - Do not restart containers on exit * on-failure[:max_retries]
- Restart containers when they exit with a non-0 exit code, retrying indefinitely
or until the optional max_retries count is hit * always - Restart containers
when they exit, regardless of status, retrying indefinitely
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: restart_policy
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanGenerateSystemd
range: string
rm:
name: rm
description: Automatically remove the container when it exits. The default is
false.
from_schema: https://w3id.org/lmodel/ucs-core
aliases:
- remove
- auto_remove
ifabsent: 'False'
alias: rm
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
rootfs:
name: rootfs
description: If true, the first argument refers to an exploded container on the
file system. The default is false.
from_schema: https://w3id.org/lmodel/ucs-core
ifabsent: 'False'
alias: rootfs
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
sdnotify:
name: sdnotify
description: Determines how to use the NOTIFY_SOCKET, as passed with systemd and
Type=notify. Can be container, conmon, ignore.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: sdnotify
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
secrets:
name: secrets
description: Add the named secrets into the container. The format is secret[,opt=opt...],
see documentation for more details.
from_schema: https://w3id.org/lmodel/ucs-core
multivalued: true
alias: secrets
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
security_opt:
name: security_opt
description: Security Options. For example security_opt “seccomp=unconfined”
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
multivalued: true
alias: security_opt
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
shm_size:
name: shm_size
description: Size of /dev/shm. The format is <number><unit>. number must be greater
than 0. Unit is optional and can be b (bytes), k (kilobytes), m(megabytes),
or g (gigabytes). If you omit the unit, the system uses bytes. If you omit the
size entirely, the system uses 64m
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: shm_size
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
sig_proxy:
name: sig_proxy
description: Proxy signals sent to the podman run command to the container process.
SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is true.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
ifabsent: 'True'
alias: sig_proxy
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
stop_signal:
name: stop_signal
description: Signal to stop a container. Default is SIGTERM.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: stop_signal
owner: PodmanContainer
domain_of:
- PodmanContainer
range: integer
stop_timeout:
name: stop_timeout
description: Timeout (in seconds) to stop a container. Default is 10.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
ifabsent: int(10)
alias: stop_timeout
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanGenerateSystemd
range: integer
subgidname:
name: subgidname
description: Run the container in a new user namespace using the map with ‘name’
in the /etc/subgid file.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: subgidname
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
subuidname:
name: subuidname
description: Run the container in a new user namespace using the map with ‘name’
in the /etc/subuid file.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
alias: subuidname
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
sysctl:
name: sysctl
description: Configure namespaced kernel parameters at runtime
from_schema: https://w3id.org/lmodel/ucs-core
alias: sysctl
owner: PodmanContainer
domain_of:
- PodmanContainer
range: MetaObject
systemd:
name: systemd
description: Run container in systemd mode. The default is true.
from_schema: https://w3id.org/lmodel/ucs-core
ifabsent: string(true)
alias: systemd
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
timezone:
name: timezone
description: Set timezone in container. This flag takes area-based timezones,
GMT time, as well as local, which sets the timezone in the container to match
the host machine. See /usr/share/zoneinfo/ for valid timezones. Remote connections
use local containers.conf for defaults.
from_schema: https://w3id.org/lmodel/ucs-core
alias: timezone
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
tmpfs:
name: tmpfs
description: Create a tmpfs mount. For example tmpfs “/tmp” “rw,size=787448k,mode=1777”
from_schema: https://w3id.org/lmodel/ucs-core
alias: tmpfs
owner: PodmanContainer
domain_of:
- PodmanContainer
range: MetaObject
tty:
name: tty
description: Allocate a pseudo-TTY. The default is false.
from_schema: https://w3id.org/lmodel/ucs-core
ifabsent: 'False'
alias: tty
owner: PodmanContainer
domain_of:
- PodmanContainer
range: boolean
uidmap:
name: uidmap
description: Run the container in a new user namespace using the supplied mapping.
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
multivalued: true
alias: uidmap
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
ulimit:
name: ulimit
description: Ulimit options
from_schema: https://w3id.org/lmodel/ucs-core
aliases:
- ulimits
multivalued: true
alias: ulimit
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
user:
name: user
description: Sets the username or UID used and optionally the groupname or GID
for the specified command.
from_schema: https://w3id.org/lmodel/ucs-core
alias: user
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
userns:
name: userns
description: Set the user namespace mode for the container. It defaults to the
PODMAN_USERNS environment variable. An empty value means user namespaces are
disabled.
from_schema: https://w3id.org/lmodel/ucs-containers
aliases:
- userns_mode
rank: 1000
alias: userns
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
uts:
name: uts
description: Set the UTS mode for the container
from_schema: https://w3id.org/lmodel/ucs-core
alias: uts
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
volume:
name: volume
description: Create a bind mount. If you specify, volume /HOST-DIR:/CONTAINER-DIR,
podman bind mounts /HOST-DIR in the host to /CONTAINER-DIR in the podman container.
from_schema: https://w3id.org/lmodel/ucs-core
aliases:
- volumes
is_a: nodeProperty
domain: Publication
slot_uri: uco-observable:volume
multivalued: true
alias: volume
owner: PodmanContainer
domain_of:
- PodmanContainer
- PodmanPod
range: string
volumes_from:
name: volumes_from
description: Mount volumes from the specified container(s).
from_schema: https://w3id.org/lmodel/ucs-containers
rank: 1000
multivalued: true
alias: volumes_from
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
workdir:
name: workdir
description: Working directory inside the container. The default working directory
for running binaries within a container is the root directory (/).
from_schema: https://w3id.org/lmodel/ucs-core
aliases:
- working_dir
alias: workdir
owner: PodmanContainer
domain_of:
- PodmanContainer
range: string
executable:
name: executable
description: Path to podman executable if it is not in the $PATH on the machine
running podman
from_schema: https://w3id.org/lmodel/ucs-core
ifabsent: string(podman)
alias: executable
owner: PodmanContainer
domain_of:
- IacModule
range: string