2025-07-22 12:57:26 +02:00
|
|
|
{
|
|
|
|
|
"name": "example-container",
|
|
|
|
|
"image": {
|
|
|
|
|
"registry": "registry.opensuse.org",
|
|
|
|
|
"image": "nginx",
|
|
|
|
|
"tag": "latest"
|
|
|
|
|
},
|
|
|
|
|
"privileged": false,
|
|
|
|
|
"read_only": false,
|
|
|
|
|
"replace": false,
|
|
|
|
|
"pull_policy": "always",
|
|
|
|
|
"restart": "always",
|
|
|
|
|
"network": {
|
|
|
|
|
"mode": "podman1",
|
|
|
|
|
"options": []
|
|
|
|
|
},
|
|
|
|
|
"dns": {
|
|
|
|
|
"search": "internal.contenso.com",
|
|
|
|
|
"servers": [ "1.1.1.1", "1.0.0.1" ]
|
|
|
|
|
},
|
|
|
|
|
"ports": {
|
|
|
|
|
"tcp": [ "53", "80", "443" ],
|
|
|
|
|
"udp": [ "53", "443" ]
|
|
|
|
|
},
|
|
|
|
|
"env": {
|
|
|
|
|
"FOO": "BAR",
|
|
|
|
|
"MAN_WIDTH": "42"
|
|
|
|
|
},
|
|
|
|
|
"secrets": {
|
|
|
|
|
"MySecret1": {
|
|
|
|
|
"type": "mount",
|
|
|
|
|
"options": "uid=0,gid=0,chmod=0777",
|
|
|
|
|
"target": "/var/run/secrets/MySecret1"
|
|
|
|
|
},
|
|
|
|
|
"MySecret2": {
|
|
|
|
|
"type": "mount",
|
|
|
|
|
"target": "/var/run/secrets/MySecret2"
|
|
|
|
|
},
|
|
|
|
|
"MySecret3": {
|
|
|
|
|
"type": "env",
|
|
|
|
|
"target": "MY_SECRET_3"
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
"volumes": {
|
2025-07-29 10:07:38 +02:00
|
|
|
"/etc": "/etc:ro,noexec",
|
2025-07-22 12:57:26 +02:00
|
|
|
"var": "/var"
|
|
|
|
|
},
|
|
|
|
|
"capabilities": {
|
|
|
|
|
"add": [ "NET_RAW" ],
|
|
|
|
|
"drop": [ "CAP_SYS_ADMIN" ]
|
2025-07-30 10:22:25 +02:00
|
|
|
},
|
|
|
|
|
"accounting": {
|
|
|
|
|
"cgroup": {
|
|
|
|
|
"config": ["memory.high=1073741824"],
|
|
|
|
|
"parent": "/example-parent",
|
|
|
|
|
"namespace": "host",
|
|
|
|
|
"how": "enabled"
|
|
|
|
|
},
|
|
|
|
|
"cpu": {
|
|
|
|
|
"period": "100000",
|
|
|
|
|
"quota": "100000",
|
|
|
|
|
"shares": "1024",
|
|
|
|
|
"number": "4",
|
|
|
|
|
"cpuset": {
|
|
|
|
|
"cpus": "0-3,11-15",
|
|
|
|
|
"mems": "0,1"
|
|
|
|
|
}
|
|
|
|
|
}
|
2025-07-22 12:57:26 +02:00
|
|
|
}
|
|
|
|
|
}
|
