.TH "rkt - App Container runtime" "1" "Dec 2016" "Auto generated by spf13/cobra" "" .nh .ad l .SH NAME .PP rkt\-run \- Run image(s) in a pod in rkt .SH SYNOPSIS .PP \fBrkt run\fP [OPTIONS] .SH DESCRIPTION .PP IMAGE should be a string referencing an image; either a hash, local file on disk, or URL. They will be checked in that order and the first match will be used. .PP Volumes are made available to the container via \-\-volume. Mounts bind volumes into each image's root within the container via \-\-mount. \-\-mount is position\-sensitive; occurring before any images applies to all images, occurring after any images applies only to the nearest preceding image. Per\-app mounts take precedence over global ones if they have the same path. .PP An "\-\-" may be used to inhibit rkt run's parsing of subsequent arguments, which will instead be appended to the preceding image app's exec arguments. End the image arguments with a lone "\-\-\-" to resume argument parsing. .SH OPTIONS .PP \fB\-\-caps\-remove\fP= capability to remove (example: '\-\-caps\-remove=CAP\_MKNOD') .PP \fB\-\-caps\-retain\fP= capability to retain (example: '\-\-caps\-retain=CAP\_SYS\_ADMIN') .PP \fB\-\-cpu\fP= cpu limit for the preceding image (example: '\-\-cpu=500m') .PP \fB\-\-cpu\-shares\fP= cpu\-shares assigns the specified CPU time share weight (example: '\-\-cpu\-shares=2048') .PP \fB\-\-dns\fP= name servers to write in /etc/resolv.conf. Pass 'host' to use host's resolv.conf. Pass 'none' to ignore CNI DNS config .PP \fB\-\-dns\-domain\fP="" DNS domain to write in /etc/resolv.conf .PP \fB\-\-dns\-opt\fP= DNS options to write in /etc/resolv.conf .PP \fB\-\-dns\-search\fP= DNS search domains to write in /etc/resolv.conf .PP \fB\-\-environment\fP= set the app's environment variables (example: '\-\-environment=foo=bar') .PP \fB\-\-exec\fP= override the exec command for the preceding image .PP \fB\-\-group\fP= group override for the preceding image (example: '\-\-group=group') .PP \fB\-\-hostname\fP="" pod's hostname. If empty, it will be "rkt\-$PODUUID" .PP \fB\-\-hosts\-entry\fP= Entries to add to the pod\-wide /etc/hosts. Pass 'host' to use the host's /etc/hosts .PP \fB\-\-inherit\-env\fP[=false] inherit all environment variables not set by apps .PP \fB\-\-interactive\fP[=false] run pod interactively. If true, only one image may be supplied. .PP \fB\-\-mds\-register\fP[=false] register pod with metadata service. needs network connectivity to the host (\-\-net=(default|default\-restricted|host) .PP \fB\-\-memory\fP= memory limit for the preceding image (example: '\-\-memory=16Mi', '\-\-memory=50M', '\-\-memory=1G') .PP \fB\-\-mount\fP= mount point binding a volume to a path within an app .PP \fB\-\-name\fP= set the name of the app (example: '\-\-name=foo'). If not set, then the app name default to the image's name .PP \fB\-\-net\fP[=default] configure the pod's networking. Optionally, pass a list of user\-configured networks to load and set arguments to pass to each network, respectively. Syntax: \-\-net[=n[:args], ...] .PP \fB\-\-no\-overlay\fP[=false] disable overlay filesystem .PP \fB\-\-no\-store\fP[=false] fetch images ignoring the local store .PP \fB\-\-oom\-score\-adj\fP= oom\-score\-adj isolator override .PP \fB\-\-pod\-manifest\fP="" the path to the pod manifest. If it's non\-empty, then only '\-\-net', '\-\-no\-overlay' and '\-\-interactive' will have effect .PP \fB\-\-port\fP= ports to expose on the host (requires contained network). Syntax: \-\-port=NAME:[HOSTIP:]HOSTPORT .PP \fB\-\-private\-users\fP[=false] run within user namespaces. .PP \fB\-\-readonly\-rootfs\fP= if set, the app's rootfs will be mounted read\-only .PP \fB\-\-seccomp\fP= seccomp filter override (example: '\-\-seccomp mode=retain,errno=EPERM,chmod,chown') .PP \fB\-\-set\-env\fP= environment variable to set for all the apps in the form key=value, this will be overriden by \-\-environment .PP \fB\-\-set\-env\-file\fP= path to an environment variables file .PP \fB\-\-signature\fP= local signature file to use in validating the preceding image .PP \fB\-\-stage1\-from\-dir\fP= filename of an image in stage1 images directory to use as stage1 .PP \fB\-\-stage1\-hash\fP= hash of an image to use as stage1 .PP \fB\-\-stage1\-name\fP= name of an image to use as stage1 .PP \fB\-\-stage1\-path\fP= absolute or relative path to an image to use as stage1 .PP \fB\-\-stage1\-url\fP= URL to an image to use as stage1 .PP \fB\-\-store\-only\fP[=false] use only available images in the store (do not discover or download from remote URLs) .PP \fB\-\-supplementary\-gids\fP= supplementary group IDs override for the preceding image (examples: '\-\-supplementary\-gids=1024,2048' .PP \fB\-\-user\fP= user override for the preceding image (example: '\-\-user=user') .PP \fB\-\-user\-annotation\fP= set the app's annotations (example: '\-\-user\-annotation=foo=bar') .PP \fB\-\-user\-label\fP= set the app's labels (example: '\-\-user\-label=foo=bar') .PP \fB\-\-uuid\-file\-save\fP="" write out pod UUID to specified file .PP \fB\-\-volume\fP= volumes to make available in the pod .PP \fB\-\-working\-dir\fP= override the working directory of the preceding image .SH OPTIONS INHERITED FROM PARENT COMMANDS .PP \fB\-\-debug\fP[=false] print out more debug information to stderr .PP \fB\-\-dir\fP=/var/lib/rkt rkt data directory .PP \fB\-\-insecure\-options\fP=none comma\-separated list of security features to disable. Allowed values: "none", "image", "tls", "ondisk", "http", "pubkey", "capabilities", "paths", "seccomp", "all\-fetch", "all\-run", "all" .PP \fB\-\-local\-config\fP=/etc/rkt local configuration directory .PP \fB\-\-system\-config\fP=/usr/lib/rkt system configuration directory .PP \fB\-\-trust\-keys\-from\-https\fP[=false] automatically trust gpg keys fetched from https .PP \fB\-\-user\-config\fP= user configuration directory .SH SEE ALSO .PP \fBrkt(1)\fP .SH HISTORY .PP 8\-Dec\-2016 Auto generated by spf13/cobra