github.com/rkt/rkt@v1.30.1-0.20200224141603-171c416fac02/Documentation/subcommands/prepare.md

github.com/rkt/rkt@v1.30.1-0.20200224141603-171c416fac02/Documentation/subcommands/prepare.md (about)

     1  # rkt prepare
     2  
     3  rkt can prepare images to run in a pod.
     4  This means it will fetch (if necessary) the images, extract them in its internal tree store, and allocate a pod UUID.
     5  If overlay fs is not supported or disabled, it will also copy the tree in the pod rootfs.
     6  
     7  Support for overlay fs will be auto-detected if `--no-overlay` is set to `false`. If an unsupported filesystem is detected, rkt will print a warning message and continue preparing the pod by falling back in non-overlay mode as described above:
     8  
     9  ```
    10  # rkt prepare --insecure-options=image docker://busybox --exec=/bin/sh
    11  image: using image from local store for image name coreos.com/rkt/stage1-coreos:1.30.0
    12  image: remote fetching from URL "docker://busybox"
    13  Downloading sha256:8ddc19f1652 [===============================] 668 KB / 668 KB
    14  prepare: disabling overlay support: "unsupported filesystem: missing d_type support"
    15  ```
    16  
    17  The following conditions can lead to non-overlay mode:
    18  
    19  The data directory (usually `/var/lib/rkt`) is on ...
    20  - an AUFS filesystem
    21  - a ZFS filesystem
    22  - a XFS filesystem having `ftype=0`
    23  - a file system where the `d_type` field is set to `DT_UNKNOWN`, see getdents(2)
    24  
    25  In this way, the pod is ready to be launched immediately by the [run-prepared][run-prepared] command.
    26  
    27  Running `rkt prepare` + `rkt run-prepared` is semantically equivalent to running [rkt run][run].
    28  Therefore, the supported arguments are mostly the same as in `run` except runtime arguments like `--interactive` or `--mds-register`.
    29  
    30  ## Example
    31  
    32  ```
    33  # rkt prepare coreos.com/etcd:v2.0.10
    34  rkt prepare coreos.com/etcd:v2.0.10
    35  rkt: using image from local store for image name coreos.com/rkt/stage1-coreos:1.30.0
    36  rkt: searching for app image coreos.com/etcd:v2.0.10
    37  rkt: remote fetching from url https://github.com/coreos/etcd/releases/download/v2.0.10/etcd-v2.0.10-linux-amd64.aci
    38  prefix: "coreos.com/etcd"
    39  key: "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg"
    40  gpg key fingerprint is: 8B86 DE38 890D DB72 9186  7B02 5210 BD88 8818 2190
    41  	CoreOS ACI Builder <release@coreos.com>
    42  Key "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg" already in the keystore
    43  Downloading signature from https://github.com/coreos/etcd/releases/download/v2.0.10/etcd-v2.0.10-linux-amd64.aci.asc
    44  Downloading signature: [=======================================] 819 B/819 B
    45  Downloading ACI: [=============================================] 3.79 MB/3.79 MB
    46  rkt: signature verified:
    47    CoreOS ACI Builder <release@coreos.com>
    48  c9fad0e6-8236-4fc2-ad17-55d0a4c7d742
    49  ```
    50  
    51  ## Options
    52  
    53  | Flag | Default | Options | Description |
    54  | --- | --- | --- | --- |
    55  | `--user-annotation` | none | annotation add to the app's UserAnnotations field | Set the app's annotations (example: '--annotation=foo=bar'). |
    56  | `--caps-remove` | none | capability to remove (example: '--caps-remove=CAP\_SYS\_CHROOT,CAP\_MKNOD') | Capabilities to remove from the process's capabilities bounding set, all others from the default set will be included |
    57  | `--caps-retain` | none | capability to retain (example: '--caps-remove=CAP\_SYS\_ADMIN,CAP\_NET\_ADMIN') | Capabilities to retain in the process's capabilities bounding set, all others will be removed |
    58  | `--environment` | none | environment variables add to the app's environment variables | Set the app's environment variables (example: '--environment=foo=bar'). |
    59  | `--exec` | none | Path to executable | Override the exec command for the preceding image. |
    60  | `--group` | root | gid, groupname or file path | Group override for the preceding image (example: '--group=group') |
    61  | `--inherit-env` | `false` | `true` or `false` | Inherit all environment variables not set by apps. |
    62  | `--user-label` | none | label add to the apps' UserLabels field | Set the app's labels (example: '--label=foo=bar'). |
    63  | `--mount` | none | Mount syntax (ex. `--mount volume=NAME,target=PATH`) | Mount point binding a volume to a path within an app. See [Mounting Volumes without Mount Points][vol-no-mount]. |
    64  | `--name` | none | Name of the app | Set the name of the app (example: '--name=foo'). If not set, then the app name default to the image's name |
    65  | `--no-overlay` | `false` | `true` or `false` | Disable the overlay filesystem. |
    66  | `--pull-policy` | `new` | `never`, `new`, or `update` | Sets the policy for when to fetch an image. See [image fetching behavior][img-fetch] |
    67  | `--pod-manifest` | none | A path | The path to the pod manifest. If it's non-empty, then only `--net`, `--no-overlay` and `--interactive` will have effect. |
    68  | `--port` | none | A port name and number pair | Container port name to expose through host port number. Requires [contained network][contained]. Syntax: `--port=NAME:HOSTPORT` The NAME is that given in the ACI. By convention, Docker containers' EXPOSEd ports are given a name formed from the port number, a hyphen, and the protocol, e.g., `80-tcp`, giving something like `--port=80-tcp:8080` |
    69  | `--private-users` |  `false` | `true` or `false` | Run within user namespaces |
    70  | `--quiet` |  `false` | `true` or `false` | Suppress superfluous output on stdout, print only the UUID on success |
    71  | `--set-env` |  `` | An environment variable. Syntax `NAME=VALUE` | An environment variable to set for apps |
    72  | `--set-env-file` |  `` | Path of an environment variables file | Environment variables to set for apps |
    73  | `--signature` |  `` | A file path | Local signature file to use in validating the preceding image |
    74  | `--stage1-url` |  `` | A URL to a stage1 image. HTTP/HTTPS/File/Docker URLs are supported | Image to use as stage1 |
    75  | `--stage1-path` |  `` | A path to a stage1 image. Absolute and relative paths are supported | Image to use as stage1 |
    76  | `--stage1-name` |  `` | A name of a stage1 image. Will perform a discovery if the image is not in the store | Image to use as stage1 |
    77  | `--stage1-hash` |  `` | A hash of a stage1 image. The image must exist in the store | Image to use as stage1 |
    78  | `--stage1-from-dir` |  `` | A stage1 image file inside the default stage1 images directory | Image to use as stage1 |
    79  | `--user` | none | uid, username or file path | user override for the preceding image (example: '--user=user') |
    80  | `--volume` |  `` | Volume syntax (`NAME,kind=KIND,source=PATH,readOnly=BOOL,recursive=BOOL`). See [Mount Volumes into a Pod][mount-vol] | Volumes to make available in the pod |
    81  
    82  ## Global options
    83  
    84  See the table with [global options in general commands documentation][global-options].
    85  
    86  
    87  [contained]: ../networking/overview.md#contained-mode
    88  [global-options]: ../commands.md#global-options
    89  [img-fetch]: ../image-fetching-behavior.md
    90  [mount-vol]: run.md#mount-volumes-into-a-pod
    91  [run]: run.md
    92  [run-prepared]: run-prepared.md
    93  [vol-no-mount]: run.md#mounting-volumes-without-mount-points