1 files changed, 110 insertions, 44 deletions

diff --git a/docs/configuration/container/index.rst b/docs/configuration/container/index.rst
index 796b6146..044e31b8 100644
--- a/docs/configuration/container/index.rst
+++ b/docs/configuration/container/index.rst
@@ -1,34 +1,19 @@
-:lastproofread: 2021-06-30
-
-.. include:: /_include/need_improvement.txt
-
-.. _container:
+:lastproofread: 2022-06-10
 
 #########
 Container
 #########
 
+The VyOS container implementation is based on `Podman<https://podman.io/>` as
+a deamonless container engine.
+
 *************
 Configuration
 *************
 
-.. cfgcmd:: set container <name>
-
-   Set a named container.
-
-.. cfgcmd:: set container network <networkname>
-
-    Creates a named container network
-
-.. cfgcmd:: set container registry <name>
-
-    Adds registry to list of unqualified-search-registries. By default, for any
-    image that does not include the registry in the image name, Vyos will use 
-    docker.io as the container registry. 
-
 .. cfgcmd:: set container name <name> image        
     
-    Sets the image name in the hub registry 
+    Sets the image name in the hub registry
 
     .. code-block:: none
 
@@ -50,50 +35,52 @@ Configuration
     The following commands translate to "--net host" when the container
     is created 
 
-    .. note:: **allow-host-networks** cannot be used with **network** 
+    .. note:: **allow-host-networks** cannot be used with **network**
 
-.. cfgcmd:: set container name <name> description <text>
+.. cfgcmd:: set container name <name> network <networkname> 
 
-    Sets the container description
+    Attaches user-defined network to a container.
+    Only one network must be specified and must already exist.
 
-.. cfgcmd:: set container name <name> environment '<key>' value '<value>'
+.. cfgcmd:: set container name <name> network <networkname> address <address> 
 
-    Add custom environment variables.
-    Multiple environment variables are allowed.
-    The following commands translate to "-e key=value" when the container
-    is created. 
+    Optionally set a specific static IPv4 or IPv6 address for the container.
+    This address must be within the named network prefix.
 
-    .. code-block:: none
+    .. note:: The first IP in the container network is reserved by the engine and cannot be used
 
-        set container name mysql-server environment 'MYSQL_DATABASE' value 'zabbix'
-        set container name mysql-server environment 'MYSQL_USER' value 'zabbix'
-        set container name mysql-server environment 'MYSQL_PASSWORD' value 'zabbix_pwd'
-        set container name mysql-server environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd'
+.. cfgcmd:: set container name <name> description <text>
 
-.. cfgcmd:: set container name <name> network <networkname> 
+    Set a container description
 
-    Attaches user-defined network to a container.
-    Only one network must be specified and must already exist.
+.. cfgcmd:: set container name <name> environment <key> value <value>
 
-    Optionally a specific static IPv4 or IPv6 address can be set for
-    the container. This address must be within the named network.
+    Add custom environment variables.
+    Multiple environment variables are allowed.
+    The following commands translate to "-e key=value" when the container
+    is created. 
 
     .. code-block:: none
 
-        set container <name> network <networkname> address <address> 
-
-    .. note:: The first IP in the container network is reserved by the engine and cannot be used
+        set container name mysql-server environment MYSQL_DATABASE value 'zabbix'
+        set container name mysql-server environment MYSQL_USER value 'zabbix'
+        set container name mysql-server environment MYSQL_PASSWORD value 'zabbix_pwd'
+        set container name mysql-server environment MYSQL_ROOT_PASSWORD value 'root_pwd'
 
-.. cfgcmd:: set container name <name> port <portname> [source | destination ] <portnumber>
+.. cfgcmd:: set container name <name> port <portname> source <portnumber>
+.. cfgcmd:: set container name <name> port <portname> destination <portnumber>
+.. cfgcmd:: set container name <name> port <portname> protocol <tcp | udp>
 
-    Publishes a port for the container
+    Publish a port for the container.
 
     .. code-block:: none
 
         set container name zabbix-web-nginx-mysql port http source 80
         set container name zabbix-web-nginx-mysql port http destination 8080
+        set container name zabbix-web-nginx-mysql port http protocol tcp
 
-.. cfgcmd:: set container name <name> volume <volumename> [source | destination ] <path>
+.. cfgcmd:: set container name <name> volume <volumename> source <path>
+.. cfgcmd:: set container name <name> volume <volumename> destination <path>
 
     Mount a volume into the container
 
@@ -102,6 +89,85 @@ Configuration
         set container name coredns volume 'corefile' source /config/coredns/Corefile
         set container name coredns volume 'corefile' destination /etc/Corefile
 
+.. cfgcmd:: set container name <name> restart [no | on-failure | always]
+
+   Set the restart behavior of the container.
+
+   - **no**: Do not restart containers on exit
+   - **on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)
+   - **always**: Restart containers when they exit, regardless of status, retrying indefinitely
+
+.. cfgcmd:: set container name <name> memory <MB>
+   
+   Constrain the memory available to the container.
+   
+   Default is 512 MB. Use 0 MB for unlimited memory.
+
+.. cfgcmd:: set container name <name> device <devicename> source <path>
+.. cfgcmd:: set container name <name> device <devicename> destination <path>
+
+   Add a host device to the container.
+
+.. cfgcmd:: container name <name> cap-add <text>
+
+   Set container capabilities or permissions.
+
+   - **net-admin**: Network operations (interface, firewall, routing tables)
+   - **net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)
+   - **net-raw**: Permission to create raw network sockets
+   - **setpcap**: Capability sets (from bounded or inherited set)
+   - **sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)
+   - **sys-time**: Permission to set system clock
+
+.. cfgcmd:: set container name <name> disable
+   
+   Disable a container.
+
+.. cfgcmd:: set container network <networkname>
+
+    Creates a named container network
+
+.. cfgcmd:: set container registry <name>
+
+    Adds registry to list of unqualified-search-registries. By default, for any
+    image that does not include the registry in the image name, Vyos will use 
+    docker.io as the container registry.
+
+
+******************
+Operation Commands
+******************
+
+.. opcmd:: add container image <containername>
+    
+    Pull a new image for container
+
+.. opcmd:: show container
+
+    Show the list of all active containers.
+
+.. opcmd:: show container image
+    
+    Show the local container images.
+
+.. opcmd:: show container log <containername>
+
+    Show logs from a given container
+
+.. opcmd:: show container network
+
+    Show a list available container networks
+
+.. opcmd:: restart container <containername>
+
+    Restart a given container
+
+.. opcmd:: update container image <containername>
+
+    Update container image
+
+
+
 *********************
 Example Configuration
 *********************