Container applications 450 Container name [-a-zA-Z0-9]+ Container name must be alphanumeric and can contain hyphens Allow sharing host process namespace with container Allow sharing host networking with container Grant individual Linux capability to container instance net-admin net-bind-service net-raw setpcap sys-admin sys-module sys-nice sys-time net-admin Network operations (interface, firewall, routing tables) net-bind-service Bind a socket to privileged ports (port numbers less than 1024) net-raw Permission to create raw network sockets setpcap Capability sets (from bounded or inherited set) sys-admin Administation operations (quotactl, mount, sethostname, setdomainame) sys-module Load, unload and delete kernel modules sys-nice Permission to set process nice value sys-time Permission to set system clock (net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-module|sys-nice|sys-time) Configure namespaced kernel parameters of the container Sysctl key name txt Sysctl key name Sysctl configuration value #include Add a host device to the container Source device (Example: "/dev/x") txt Source device Destination container device (Example: "/dev/x") txt Destination container device #include Add custom environment variables [-_a-zA-Z0-9]+ Environment variable name must be alphanumeric and can contain hyphen and underscores Set environment option value txt Set environment option value Override the default ENTRYPOINT from the image [ !#-%&(-~]+ Entrypoint must be ASCII characters, use " and &apos for double and single quotes respectively Container host name #include Host-name must be alphanumeric and can contain hyphens Container image to use txt Image name in the hub-registry [[:ascii:]]{1,255} Override the default CMD from the image [ !#-%&(-~]+ Command must be ASCII characters, use " and &apos for double and single quotes respectively The command's arguments for this container [ !#-%&(-~]+ The command's arguments must be ASCII characters, use " and &apos for double and single quotes respectively Add label variables [a-z0-9](?:[a-z0-9.-]*[a-z0-9])? Label variable name must be alphanumeric and can contain hyphen, dots and underscores Set label option value txt Set label option value [[:ascii:]]{1,255} This limits the number of CPU resources the container can use u32:0 Unlimited txt Amount of CPU time the container can use in amount of cores (up to three decimals) (0|[1-9]\d*)(\.\d{1,3})? Container CPU limit must be a (decimal) number in range 0 to number of threads 0 Memory (RAM) available to this container u32:0 Unlimited u32:1-16384 Container memory in megabytes (MB) Container memory must be in range 0 to 16384 MB 512 Shared memory available to this container u32:0 Unlimited u32:1-8192 Container memory in megabytes (MB) Container memory must be in range 0 to 8192 MB 64 Attach user defined network to container container network #include Assign static IP address to container ipv4 IPv4 address ipv6 IPv6 address Publish port to the container #include Source host port u32:1-65535 Source host port start-end Source host port range (e.g. 10025-10030) Destination container port u32:1-65535 Destination container port start-end Destination container port range (e.g. 10025-10030) Transport protocol used for port mapping tcp udp tcp Use Transmission Control Protocol for given port udp Use User Datagram Protocol for given port (tcp|udp) tcp Restart options for container no on-failure always no Do not restart containers on exit on-failure Restart containers when they exit with a non-zero exit code, retrying indefinitely always Restart containers when they exit, regardless of status, retrying indefinitely (no|on-failure|always) on-failure User ID this container will run as u32:0-65535 User ID this container will run as Group ID this container will run as u32:0-65535 Group ID this container will run as Mount a volume into the container Source host directory txt Source host directory Destination container directory txt Destination container directory Volume access mode ro/rw ro rw ro Volume mounted into the container as read-only rw Volume mounted into the container as read-write (ro|rw) rw Volume bind propagation shared slave private rshared rslave rprivate shared Sub-mounts of the original mount are exposed to replica mounts slave Allow replica mount to see sub-mount from the original mount but not vice versa private Sub-mounts within a mount are not visible to replica mounts or the original mount rshared Allows sharing of mount points and their nested mount points between both the original and replica mounts rslave Allows mount point and their nested mount points between original an replica mounts rprivate No mount points within original or replica mounts in any direction (shared|slave|private|rshared|rslave|rprivate) rprivate Network name #include #include Prefix which allocated to that network ipv4net IPv4 network prefix ipv6net IPv6 network prefix #include Registry Name docker.io quay.io #include #include