diff --git a/docs/configuration/container/index.rst b/docs/configuration/container/index.rst
index 796b6146..044e31b8 100644
--- a/docs/configuration/container/index.rst
+++ b/docs/configuration/container/index.rst
@@ -1,34 +1,19 @@
-:lastproofread: 2021-06-30
-
-.. include:: /_include/need_improvement.txt
-
-.. _container:
+:lastproofread: 2022-06-10
#########
Container
#########
+The VyOS container implementation is based on `Podman` as
+a deamonless container engine.
+
*************
Configuration
*************
-.. cfgcmd:: set container
-
- Set a named container.
-
-.. cfgcmd:: set container network
-
- Creates a named container network
-
-.. cfgcmd:: set container registry
-
- Adds registry to list of unqualified-search-registries. By default, for any
- image that does not include the registry in the image name, Vyos will use
- docker.io as the container registry.
-
.. cfgcmd:: set container name image
- Sets the image name in the hub registry
+ Sets the image name in the hub registry
.. code-block:: none
@@ -50,13 +35,25 @@ Configuration
The following commands translate to "--net host" when the container
is created
- .. note:: **allow-host-networks** cannot be used with **network**
+ .. note:: **allow-host-networks** cannot be used with **network**
+
+.. cfgcmd:: set container name network
+
+ Attaches user-defined network to a container.
+ Only one network must be specified and must already exist.
+
+.. cfgcmd:: set container name network address
+
+ Optionally set a specific static IPv4 or IPv6 address for the container.
+ This address must be within the named network prefix.
+
+ .. note:: The first IP in the container network is reserved by the engine and cannot be used
.. cfgcmd:: set container name description
- Sets the container description
+ Set a container description
-.. cfgcmd:: set container name environment '' value ''
+.. cfgcmd:: set container name environment value
Add custom environment variables.
Multiple environment variables are allowed.
@@ -65,35 +62,25 @@ Configuration
.. code-block:: none
- set container name mysql-server environment 'MYSQL_DATABASE' value 'zabbix'
- set container name mysql-server environment 'MYSQL_USER' value 'zabbix'
- set container name mysql-server environment 'MYSQL_PASSWORD' value 'zabbix_pwd'
- set container name mysql-server environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd'
+ set container name mysql-server environment MYSQL_DATABASE value 'zabbix'
+ set container name mysql-server environment MYSQL_USER value 'zabbix'
+ set container name mysql-server environment MYSQL_PASSWORD value 'zabbix_pwd'
+ set container name mysql-server environment MYSQL_ROOT_PASSWORD value 'root_pwd'
-.. cfgcmd:: set container name network
+.. cfgcmd:: set container name port source
+.. cfgcmd:: set container name port destination
+.. cfgcmd:: set container name port protocol
- Attaches user-defined network to a container.
- Only one network must be specified and must already exist.
-
- Optionally a specific static IPv4 or IPv6 address can be set for
- the container. This address must be within the named network.
-
- .. code-block:: none
-
- set container network address
-
- .. note:: The first IP in the container network is reserved by the engine and cannot be used
-
-.. cfgcmd:: set container name port [source | destination ]
-
- Publishes a port for the container
+ Publish a port for the container.
.. code-block:: none
set container name zabbix-web-nginx-mysql port http source 80
set container name zabbix-web-nginx-mysql port http destination 8080
+ set container name zabbix-web-nginx-mysql port http protocol tcp
-.. cfgcmd:: set container name volume [source | destination ]
+.. cfgcmd:: set container name volume source
+.. cfgcmd:: set container name volume destination
Mount a volume into the container
@@ -102,6 +89,85 @@ Configuration
set container name coredns volume 'corefile' source /config/coredns/Corefile
set container name coredns volume 'corefile' destination /etc/Corefile
+.. cfgcmd:: set container name restart [no | on-failure | always]
+
+ Set the restart behavior of the container.
+
+ - **no**: Do not restart containers on exit
+ - **on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)
+ - **always**: Restart containers when they exit, regardless of status, retrying indefinitely
+
+.. cfgcmd:: set container name memory
+
+ Constrain the memory available to the container.
+
+ Default is 512 MB. Use 0 MB for unlimited memory.
+
+.. cfgcmd:: set container name device source
+.. cfgcmd:: set container name device destination
+
+ Add a host device to the container.
+
+.. cfgcmd:: container name cap-add
+
+ Set container capabilities or permissions.
+
+ - **net-admin**: Network operations (interface, firewall, routing tables)
+ - **net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)
+ - **net-raw**: Permission to create raw network sockets
+ - **setpcap**: Capability sets (from bounded or inherited set)
+ - **sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)
+ - **sys-time**: Permission to set system clock
+
+.. cfgcmd:: set container name disable
+
+ Disable a container.
+
+.. cfgcmd:: set container network
+
+ Creates a named container network
+
+.. cfgcmd:: set container registry
+
+ Adds registry to list of unqualified-search-registries. By default, for any
+ image that does not include the registry in the image name, Vyos will use
+ docker.io as the container registry.
+
+
+******************
+Operation Commands
+******************
+
+.. opcmd:: add container image
+
+ Pull a new image for container
+
+.. opcmd:: show container
+
+ Show the list of all active containers.
+
+.. opcmd:: show container image
+
+ Show the local container images.
+
+.. opcmd:: show container log
+
+ Show logs from a given container
+
+.. opcmd:: show container network
+
+ Show a list available container networks
+
+.. opcmd:: restart container
+
+ Restart a given container
+
+.. opcmd:: update container image
+
+ Update container image
+
+
+
*********************
Example Configuration
*********************