diff options
Diffstat (limited to 'interface-definitions/container.xml.in')
| -rw-r--r-- | interface-definitions/container.xml.in | 114 |
1 files changed, 111 insertions, 3 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in index 3dd1b3249..434bf7528 100644 --- a/interface-definitions/container.xml.in +++ b/interface-definitions/container.xml.in @@ -31,7 +31,7 @@ <properties> <help>Grant individual Linux capability to container instance</help> <completionHelp> - <list>net-admin net-bind-service net-raw setpcap sys-admin sys-module sys-nice sys-time</list> + <list>net-admin net-bind-service net-raw mknod setpcap sys-admin sys-module sys-nice sys-time</list> </completionHelp> <valueHelp> <format>net-admin</format> @@ -46,6 +46,10 @@ <description>Permission to create raw network sockets</description> </valueHelp> <valueHelp> + <format>mknod</format> + <description>Permission to create special files</description> + </valueHelp> + <valueHelp> <format>setpcap</format> <description>Capability sets (from bounded or inherited set)</description> </valueHelp> @@ -66,11 +70,17 @@ <description>Permission to set system clock</description> </valueHelp> <constraint> - <regex>(net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-module|sys-nice|sys-time)</regex> + <regex>(net-admin|net-bind-service|net-raw|mknod|setpcap|sys-admin|sys-module|sys-nice|sys-time)</regex> </constraint> <multi/> </properties> </leafNode> + <leafNode name="privileged"> + <properties> + <help>Grant root capabilities to the container</help> + <valueless/> + </properties> + </leafNode> <node name="sysctl"> <properties> <help>Configure namespaced kernel parameters of the container</help> @@ -131,7 +141,7 @@ <properties> <help>Add custom environment variables</help> <constraint> - <regex>[-_a-zA-Z0-9]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> </constraint> <constraintErrorMessage>Environment variable name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> </properties> @@ -275,6 +285,7 @@ </properties> <defaultValue>64</defaultValue> </leafNode> + #include <include/name-server-ipv4-ipv6.xml.i> <tagNode name="network"> <properties> <help>Attach user defined network to container</help> @@ -411,6 +422,35 @@ </constraint> </properties> </leafNode> + <tagNode name="tmpfs"> + <properties> + <help>Mount a tmpfs filesystem into the container</help> + </properties> + <children> + <leafNode name="destination"> + <properties> + <help>Destination container directory</help> + <valueHelp> + <format>txt</format> + <description>Destination container directory</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="size"> + <properties> + <help>tmpfs filesystem size in MB</help> + <valueHelp> + <format>u32:1-65536</format> + <description>tmpfs filesystem size in MB</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + <constraintErrorMessage>Container tmpfs size must be between 1 and 65535 MB</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> <tagNode name="volume"> <properties> <help>Mount a volume into the container</help> @@ -501,6 +541,7 @@ </properties> <children> #include <include/generic-description.xml.i> + #include <include/interface/mtu-68-16000.xml.i> <leafNode name="prefix"> <properties> <help>Prefix which allocated to that network</help> @@ -536,8 +577,75 @@ <children> #include <include/interface/authentication.xml.i> #include <include/generic-disable-node.xml.i> + <leafNode name="insecure"> + <properties> + <help>Allow registry access over unencrypted HTTP or TLS connections with untrusted certificates</help> + <valueless/> + </properties> + </leafNode> + <node name="mirror"> + <properties> + <help>Registry mirror, use host-name|address[:port][/path]</help> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IP address of container registry mirror</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of container registry mirror</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of container registry mirror</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="ipv6-link-local"/> + </constraint> + </properties> + </leafNode> + <leafNode name="host-name"> + <properties> + <help>Hostname of container registry mirror</help> + <valueHelp> + <format>hostname</format> + <description>FQDN of container registry mirror</description> + </valueHelp> + <constraint> + <validator name="fqdn"/> + </constraint> + </properties> + </leafNode> + #include <include/port-number.xml.i> + <leafNode name="path"> + <properties> + <help>Path of container registry mirror, optional, must be start with '/' if not empty</help> + </properties> + </leafNode> + </children> + </node> </children> </tagNode> + <leafNode name="log-driver"> + <properties> + <help>Configure container log driver</help> + <completionHelp> + <list>k8s-file journald</list> + </completionHelp> + <valueHelp> + <format>k8s-file</format> + <description>Logs to plain-text json file</description> + </valueHelp> + <valueHelp> + <format>journald</format> + <description>Logs to systemd's journal</description> + </valueHelp> + <constraint> + <regex>(k8s-file|journald)</regex> + </constraint> + </properties> + </leafNode> </children> </node> </interfaceDefinition> |