github.com/blixtra/rkt@v0.8.1-0.20160204105720-ab0d1add1a43/Documentation/subcommands/api-service.md

github.com/blixtra/rkt@v0.8.1-0.20160204105720-ab0d1add1a43/Documentation/subcommands/api-service.md (about)

     1  # rkt api-service
     2  
     3  ## Overview
     4  
     5  The API service lists and introspects pods and images.
     6  The API service is implemented with [gRPC](http://www.grpc.io/).
     7  The API service is designed to run without root privileges, and currently provides a read-only interface.
     8  The API service is optional for running pods, the start/stop/crash of the API service won't affect any pods or images.
     9  
    10  ## Running the API service
    11  
    12  The API service listens for gRPC requests on the address and port specified by the `--listen` option.
    13  The default is to listen on the loopback interface on port number `15441`, equivalent to invoking `rkt api-service --listen=localhost:15441`.
    14  Specify the address `0.0.0.0` to listen on all interfaces.
    15  
    16  ## Using the API service
    17  
    18  The interfaces are defined in the [protobuf here](../../api/v1alpha/api.proto).
    19  Here is a small [Go program](../../api/v1alpha/client_example.go) that illustrates how to use the API service.
    20  
    21  ## Options
    22  
    23  | Flag | Default | Options | Description |
    24  | --- | --- | --- | --- |
    25  | `--listen` |  `localhost:15441` | An address to listen on | Address to listen for client API requests |
    26  
    27  ## Global options
    28  
    29  | Flag | Default | Options | Description |
    30  | --- | --- | --- | --- |
    31  | `--debug` |  `false` | `true` or `false` | Prints out more debug information to `stderr` |
    32  | `--dir` | `/var/lib/rkt` | A directory path | Path to the `rkt` data directory |
    33  | `--insecure-options` |  none | <ul><li>**none**: All security features are enabled</li><li>**http**: Allow HTTP connections. Be warned that this will send any credentials as clear text.</li><li>**image**: Disables verifying image signatures</li><li>**tls**: Accept any certificate from the server and any host name in that certificate</li><li>**ondisk**: Disables verifying the integrity of the on-disk, rendered image before running. This significantly speeds up start time.</li><li>**all**: Disables all security checks</li></ul>  | Comma-separated list of security features to disable |
    34  | `--local-config` |  `/etc/rkt` | A directory path | Path to the local configuration directory |
    35  | `--system-config` |  `/usr/lib/rkt` | A directory path | Path to the system configuration directory |
    36  | `--trust-keys-from-https` |  `false` | `true` or `false` | Automatically trust gpg keys fetched from https |
    37  | `--user-config` |  `` | A directory path | Path to the user configuration directory |