1podman-play-kube(1)()                                    podman-play-kube(1)()
2
3
4

NAME

6       podman-play-kube  -  Create containers, pods or volumes based on Kuber‐
7       netes YAML
8
9

SYNOPSIS

11       podman play kube [options] file.yml|-
12
13

DESCRIPTION

15       podman play kube will read in a structured file of Kubernetes YAML.  It
16       will  then  recreate  the  containers, pods or volumes described in the
17       YAML.  Containers within a pod are then started and the ID of  the  new
18       Pod or the name of the new Volume is output. If the yaml file is speci‐
19       fied as "-" then podman play kube will read the YAML file  from  stdin.
20       Using  the  --down  command  line option, it is also capable of tearing
21       down the pods created by a previous run of podman play  kube.   Ideally
22       the  input  file  would  be one created by Podman (see podman-generate-
23       kube(1)).  This would guarantee a smooth import and expected results.
24
25
26       Currently, the supported Kubernetes kinds are: -  Pod  -  Deployment  -
27       PersistentVolumeClaim
28
29
30       Kubernetes Pods or Deployments
31
32
33       Only two volume types are supported by play kube, the hostPath and per‐
34       sistentVolumeClaim volume types. For the hostPath volume type, only the
35       default  (empty), DirectoryOrCreate, Directory, FileOrCreate, File, and
36       Socket subtypes are supported. The CharDevice and BlockDevice  subtypes
37       are  not  supported.  Podman interprets the value of hostPath path as a
38       file path when it contains at least one forward slash, otherwise Podman
39       treats  the  value  as the name of a named volume. When using a persis‐
40       tentVolumeClaim, the value for claimName is the  name  for  the  Podman
41       named volume.
42
43
44       Note: When playing a kube YAML with init containers, the init container
45       will be created with init type value always.
46
47
48       Note: hostPath volume types created by  play  kube  will  be  given  an
49       SELinux private label (Z)
50
51
52       Note: If the :latest tag is used, Podman will attempt to pull the image
53       from a registry. If the image was built locally with Podman or Buildah,
54       it will have localhost as the domain, in that case, Podman will use the
55       image from the local store even if it has the :latest tag.
56
57
58       Kubernetes PersistentVolumeClaims
59
60
61       A Kubernetes PersistentVolumeClaim represents a  Podman  named  volume.
62       Only  the  PersistentVolumeClaim name is required by Podman to create a
63       volume. Kubernetes annotations can be used to make use of the available
64       options for Podman volumes.
65
66
67              • volume.podman.io/driver
68
69              • volume.podman.io/device
70
71              • volume.podman.io/type
72
73              • volume.podman.io/uid
74
75              • volume.podman.io/gid
76
77              • volume.podman.io/mount-options
78
79
80
81       Play  kube  is  capable of building images on the fly given the correct
82       directory layout and Containerfiles. This option is not  available  for
83       remote clients yet. Consider the following excerpt from a YAML file:
84
85
86              apiVersion: v1
87              kind: Pod
88              metadata:
89              spec:
90                containers:
91                - command:
92                  - top
93                  - name: container
94                    value: podman
95                  image: foobar
96
97
98
99       If  there  is a directory named foobar in the current working directory
100       with a file named Containerfile or Dockerfile, Podman  play  kube  will
101       build  that  image  and name it foobar.  An example directory structure
102       for this example would look like:
103
104
105              |- mykubefiles
106                  |- myplayfile.yaml
107                  |- foobar
108                       |- Containerfile
109
110
111
112       The build will consider foobar to be  the  context  directory  for  the
113       build.  If  there is an image in local storage called foobar, the image
114       will not be built unless the --build flag is used.
115
116

OPTIONS

118   --authfile=path
119       Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
120       ers/auth.json,  which  is set using podman login.  If the authorization
121       state is not found there, $HOME/.docker/config.json is  checked,  which
122       is set using docker login.
123
124
125       Note: You can also override the default path of the authentication file
126       by setting the REGISTRY_AUTH_FILE  environment  variable.  export  REG‐
127       ISTRY_AUTH_FILE=path
128
129
130   --build
131       Build images even if they are found in the local storage.
132
133
134   --cert-dir=path
135       Use  certificates at path (*.crt, *.cert, *.key) to connect to the reg‐
136       istry.  Please refer to containers-certs.d(5) for details. (This option
137       is not available with the remote Podman client)
138
139
140   --configmap=path
141       Use  Kubernetes configmap YAML at path to provide a source for environ‐
142       ment variable values within the containers of the pod.
143
144
145       Note: The --configmap option can be used multiple times or a comma-sep‐
146       arated  list of paths can be used to pass multiple Kubernetes configmap
147       YAMLs.
148
149
150   --creds
151       The [username[:password]] to use to authenticate with the  registry  if
152       required.   If  one  or  both  values  are not supplied, a command line
153       prompt will appear and the value can be entered.  The password  is  en‐
154       tered without echo.
155
156
157   --down
158       Tears  down  the pods that were created by a previous run of play kube.
159       The pods are stopped and then removed.  Any volumes  created  are  left
160       intact.
161
162
163   --ip=IP address
164       Assign  a  static  ip  address to the pod. This option can be specified
165       several times when play kube creates more than one pod.
166
167
168   --log-driver=driver
169       Set logging driver for all created containers.
170
171
172   --mac-address=MAC address
173       Assign a static mac address to the pod. This option  can  be  specified
174       several times when play kube creates more than one pod.
175
176
177   --network=mode, --net
178       Change  the  network  mode of the pod. The host and bridge network mode
179       should be configured in the yaml file.  Valid mode values are:
180
181
182none: Create a network namespace for the container but do  not
183                configure network interfaces for it, thus the container has no
184                network connectivity.
185
186container:id: Reuse another container's network stack.
187
188network: Connect to a user-defined network, multiple  networks
189                should be comma-separated.
190
191ns:path: Path to a network namespace to join.
192
193private:  Create  a new namespace for the container. This will
194                use the bridge mode for rootfull  containers  and  slirp4netns
195                for rootless ones.
196
197slirp4netns[:OPTIONS,...]: use slirp4netns(1) to create a user
198                network stack. This is the default for rootless containers. It
199                is possible to specify these additional options:
200
201allow_host_loopback=true|false:  Allow  the  slirp4netns  to
202                  reach the host loopback IP  (10.0.2.2,  which  is  added  to
203                  /etc/hosts   as  host.containers.internal  for  your  conve‐
204                  nience). Default is false.
205
206mtu=MTU: Specify the MTU to use for this  network.  (Default
207                  is 65520).
208
209cidr=CIDR:  Specify  ip  range to use for this network. (De‐
210                  fault is 10.0.2.0/24).
211
212enable_ipv6=true|false: Enable IPv6. Default is false.  (Re‐
213                  quired for outbound_addr6).
214
215outbound_addr=INTERFACE:   Specify  the  outbound  interface
216                  slirp should bind to (ipv4 traffic only).
217
218outbound_addr=IPv4: Specify the outbound ipv4 address  slirp
219                  should bind to.
220
221outbound_addr6=INTERFACE:  Specify  the  outbound  interface
222                  slirp should bind to (ipv6 traffic only).
223
224outbound_addr6=IPv6: Specify the outbound ipv6 address slirp
225                  should bind to.
226
227port_handler=rootlesskit:  Use rootlesskit for port forward‐
228                  ing. Default.  Note: Rootlesskit changes the source  IP  ad‐
229                  dress  of  incoming packets to a IP address in the container
230                  network namespace, usually 10.0.2.100. If  your  application
231                  requires  the  real source IP address, e.g. web server logs,
232                  use the slirp4netns port handler. The rootlesskit port  han‐
233                  dler  is also used for rootless containers when connected to
234                  user-defined networks.
235
236port_handler=slirp4netns: Use the slirp4netns port  forward‐
237                  ing, it is slower than rootlesskit but preserves the correct
238                  source IP address. This port  handler  cannot  be  used  for
239                  user-defined networks.
240
241
242
243
244
245   --quiet, -q
246       Suppress output information when pulling images
247
248
249   --seccomp-profile-root=path
250       Directory  path  for  seccomp profiles (default: "/var/lib/kubelet/sec‐
251       comp"). (This option is not available with the remote Podman client)
252
253
254   --start=true|false
255       Start the pod after creating it, set to false to only create it.
256
257
258   --tls-verify=true|false
259       Require HTTPS and verify certificates when contacting  registries  (de‐
260       fault:  true). If explicitly set to true, then TLS verification will be
261       used. If set to false, then TLS verification will not be used.  If  not
262       specified,  TLS verification will be used unless the target registry is
263       listed as an insecure registry in registries.conf.
264
265
266   --help, -h
267       Print usage statement
268
269

EXAMPLES

271       Recreate the pod and containers as described in a file called demo.yml
272
273
274              $ podman play kube demo.yml
275              52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
276
277
278
279       Recreate the pod and containers as described in a file demo.yml sent to
280       stdin
281
282
283              $ cat demo.yml | podman play kube -
284              52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
285
286
287
288
289       Teardown the pod and containers as described in a file demo.yml
290
291
292              $  podman play kube --down demo.yml
293              Pods stopped:
294              52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
295              Pods removed:
296              52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
297
298
299
300       Provide configmap-foo.yml and configmap-bar.yml as sources for environ‐
301       ment variables within the containers.
302
303
304              $ podman play kube demo.yml --configmap configmap-foo.yml,configmap-bar.yml
305              52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
306
307              $ podman play kube demo.yml --configmap configmap-foo.yml --configmap configmap-bar.yml
308              52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
309
310
311
312       CNI network(s) can be specified as comma-separated list using --network
313
314
315              $ podman play kube demo.yml --network cni1,cni2
316              52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
317
318
319
320       Please take into account that CNI networks must be created first  using
321       podman-network-create(1).
322
323

SEE ALSO

325       podman(1), podman-container(1), podman-pod(1), podman-generate-kube(1),
326       podman-play(1), podman-network-create(1), containers-certs.d(5)
327
328

HISTORY

330       December 2018, Originally compiled by Brent Baude (bbaude at redhat dot
331       com)
332
333
334
335                                                         podman-play-kube(1)()
Impressum