kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-04 09:25:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

docs: add missing podman task config options (#25465)

Browse Source 
---------

Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>
This commit is contained in:
Michael Smithhisler
2025-04-01 08:31:58 -04:00
committed by GitHub
parent 8257465ffa
commit 7176cf443a
1 changed files with 88 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
website/content/plugins/drivers/podman.mdx
View File

@@ -134,6 +134,15 @@ The `podman` driver implements the following [capabilities](/nomad/docs/concepts
## Task Configuration
- `apparmor_profile` - (Optional) Name of an AppArmor profile to use instead of
the default profile. The special value `unconfined` disables AppArmor for this container.
```hcl
config {
apparmor_profile = "your-profile"
}
```
- `args` - (Optional) A list of arguments to the optional command. If no
[`command`] is specified, the arguments are passed directly to the container.
@@ -161,6 +170,14 @@ The `podman` driver implements the following [capabilities](/nomad/docs/concepts
}
```
- `auth_soft_fail` - (Optional) Ignore errors returned from auth backend so Podman can fall back to a different auth method.
```hcl
config {
auth_soft_fail = true
}
```
- `cap_add` - (Optional) A list of Linux capabilities as strings to pass to
`--cap-add`.
@@ -191,6 +208,17 @@ The `podman` driver implements the following [capabilities](/nomad/docs/concepts
}
```
- `cpu_hard_limit` (Optional) `true` or `false`. Use hard CPU limiting instead
of soft limiting. By default this is `false`, which means Podman uses soft
limiting so that containers are able to burst above their CPU limit when there
is idle capacity.
- `cpu_cfs_period` - (Optional) Set the CPU period for the [Completely Fair
Scheduler (CFS)](https://docs.kernel.org/scheduler/sched-design-CFS.html),
which is a duration in microseconds. Refer to [`podman run
--cpu-period`](https://docs.podman.io/en/latest/markdown/podman-run.1.html#cpu-period-limit)
for details.
- `devices` - (Optional) A list of `host-device[:container-device][:permissions]`
definitions. Each entry adds a host device to the container. Optional
permissions can be used to specify device permissions, it is a combination of
@@ -214,6 +242,14 @@ The `podman` driver implements the following [capabilities](/nomad/docs/concepts
}
```
- `extra_hosts` - (Optional) Set additional hosts in the container.
```hcl
config {
extra_hosts = ["test4.localhost:127.0.0.2", "test6.localhost:[::1]"]
}
```
- `force_pull` - (Optional) `true` or `false` (default). Always pull the latest
image on container start.
@@ -237,14 +273,6 @@ The `podman` driver implements the following [capabilities](/nomad/docs/concepts
}
```
- `extra_hosts` - (Optional) Set additional hosts in the container
```hcl
config {
extra_hosts = ["test4.localhost:127.0.0.2", "test6.localhost:[::1]"]
}
```
- `image_pull_timeout` - (Optional) Time duration for your pull timeout
(default to `"5m"`). Cannot be longer than the [`client_http_timeout`].
@@ -383,6 +411,15 @@ The `podman` driver implements the following [capabilities](/nomad/docs/concepts
}
```
- `pids_limit` - (Optional) An integer value that specified the PID limit for
the container.
```hcl
config {
pids_limit = 64
}
```
- `ports` - (Optional) Forward and expose ports. Refer to
[Docker driver configuration][nomad_driver_ports] for details.
@@ -400,6 +437,41 @@ The `podman` driver implements the following [capabilities](/nomad/docs/concepts
}
```
- `security_opt` - (Optional) A list of security-related options that Podman sets
in the container.
```hcl
config {
security_opt = [
"no-new-privileges"
]
}
```
- `selinux_opts` - (Optional) A list of process labels that the container uses.
```hcl
config {
selinux_opts = [
"type:my_container.process"
]
}
```
- `shm_size` - (Optional) Set the size of `/dev/shm`. Refer to [`podman run
--shm-size](https://docs.podman.io/en/latest/markdown/podman-run.1.html#shm-size-number-unit)
for more details.
- `socket` - (Optional) The name of the socket as defined in the socket block in
the client agent's plugin configuration. Defaults to the socket named "default".
```hcl
config {
socket = "app1"
}
```
- `sysctl` - (Optional) A key-value map of `sysctl` configurations to set to
the containers on start.
@@ -457,6 +529,14 @@ The `podman` driver implements the following [capabilities](/nomad/docs/concepts
}
```
- `userns` - (Optional) Ser the user namespace mode for the container.
```hcl
config {
userns = "keep-id:uid=200,gid=210"
}
```
Additionally, the Podman driver supports customization of the container's user
through the task's [`user` option](/nomad/docs/job-specification/task#user).