1podman-play-kube(1)() podman-play-kube(1)()
2
6 podman-play-kube - Create containers, pods or volumes based on Kuber‐
7 netes YAML
8
11 podman play kube [options] file.yml|-
12
15 podman play kube will read in a structured file of Kubernetes YAML. It
16 will then recreate the containers, pods or volumes described in the
17 YAML. Containers within a pod are then started and the ID of the new
18 Pod or the name of the new Volume is output. If the yaml file is speci‐
19 fied as "-" then podman play kube will read the YAML file from stdin.
20 Ideally the input file would be one created by Podman (see podman-gen‐
23 erate-kube(1)). This would guarantee a smooth import and expected re‐
24 sults.
25 Currently, the supported Kubernetes kinds are: - Pod - Deployment -
28 PersistentVolumeClaim
29 Kubernetes Pods or Deployments
32 Only two volume types are supported by play kube, the hostPath and per‐
35 sistentVolumeClaim volume types. For the hostPath volume type, only the
36 default (empty), DirectoryOrCreate, Directory, FileOrCreate, File, and
37 Socket subtypes are supported. The CharDevice and BlockDevice subtypes
38 are not supported. Podman interprets the value of hostPath path as a
39 file path when it contains at least one forward slash, otherwise Podman
40 treats the value as the name of a named volume. When using a persis‐
41 tentVolumeClaim, the value for claimName is the name for the Podman
42 named volume.
43 Note: hostPath volume types created by play kube will be given an
46 SELinux private label (Z)
47 Note: If the :latest tag is used, Podman will attempt to pull the image
50 from a registry. If the image was built locally with Podman or Buildah,
51 it will have localhost as the domain, in that case, Podman will use the
52 image from the local store even if it has the :latest tag.
53 Kubernetes PersistentVolumeClaims
56 A Kubernetes PersistentVolumeClaim represents a Podman named volume.
59 Only the PersistentVolumeClaim name is required by Podman to create a
60 volume. Kubernetes annotations can be used to make use of the available
61 options for Podman volumes.
62 • volume.podman.io/driver
65 • volume.podman.io/device
67 • volume.podman.io/type
69 • volume.podman.io/uid
71 • volume.podman.io/gid
73 • volume.podman.io/mount-options
75
79 --authfile=path
80 Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
81 ers/auth.json, which is set using podman login. If the authorization
82 state is not found there, $HOME/.docker/config.json is checked, which
83 is set using docker login.
84 Note: You can also override the default path of the authentication file
87 by setting the REGISTRY_AUTH_FILE environment variable. export REG‐
88 ISTRY_AUTH_FILE=path
89 --cert-dir=path
92 Use certificates at path (*.crt, *.cert, *.key) to connect to the reg‐
93 istry. Please refer to containers-certs.d(5) for details. (This option
94 is not available with the remote Podman client)
95 --configmap=path
98 Use Kubernetes configmap YAML at path to provide a source for environ‐
99 ment variable values within the containers of the pod.
100 Note: The --configmap option can be used multiple times or a comma-sep‐
103 arated list of paths can be used to pass multiple Kubernetes configmap
104 YAMLs.
105 --creds
108 The [username[:password]] to use to authenticate with the registry if
109 required. If one or both values are not supplied, a command line
110 prompt will appear and the value can be entered. The password is en‐
111 tered without echo.
112 --ip=IP address
115 Assign a static ip address to the pod. This option can be specified
116 several times when play kube creates more than one pod.
117 --log-driver=driver
120 Set logging driver for all created containers.
121 --mac-address=MAC address
124 Assign a static mac address to the pod. This option can be specified
125 several times when play kube creates more than one pod.
126 --network=networks, --net
129 A comma-separated list of the names of CNI networks the pod should
130 join.
131 --quiet, -q
134 Suppress output information when pulling images
135 --seccomp-profile-root=path
138 Directory path for seccomp profiles (default: "/var/lib/kubelet/sec‐
139 comp"). (This option is not available with the remote Podman client)
140 --start=true|false
143 Start the pod after creating it, set to false to only create it.
144 --tls-verify=true|false
147 Require HTTPS and verify certificates when contacting registries (de‐
148 fault: true). If explicitly set to true, then TLS verification will be
149 used. If set to false, then TLS verification will not be used. If not
150 specified, TLS verification will be used unless the target registry is
151 listed as an insecure registry in registries.conf.
152 --help, -h
155 Print usage statement
156
159 Recreate the pod and containers as described in a file called demo.yml
160 $ podman play kube demo.yml
163 52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
164 Recreate the pod and containers as described in a file demo.yml sent to
168 stdin
169 $ cat demo.yml | podman play kube -
172 52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
173 Provide configmap-foo.yml and configmap-bar.yml as sources for environ‐
177 ment variables within the containers.
178 $ podman play kube demo.yml --configmap configmap-foo.yml,configmap-bar.yml
181 52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
182 $ podman play kube demo.yml --configmap configmap-foo.yml --configmap configmap-bar.yml
184 52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
185 CNI network(s) can be specified as comma-separated list using --network
189 $ podman play kube demo.yml --network cni1,cni2
192 52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
193 Please take into account that CNI networks must be created first using
197 podman-network-create(1).
198
201 podman(1), podman-container(1), podman-pod(1), podman-generate-kube(1),
202 podman-play(1), podman-network-create(1), containers-certs.d(5)
203
206 December 2018, Originally compiled by Brent Baude (bbaude at redhat dot
207 com)
208 podman-play-kube(1)()