99 lines
1.6 KiB
Markdown
99 lines
1.6 KiB
Markdown
# Documentation
|
|
|
|
> This project is OCI container (podman)-first. Docker specific documentation is provided in docker/docker.md
|
|
|
|
# Container Quick Reference (Podman/OCI)
|
|
|
|
## Structure
|
|
|
|
```
|
|
assets/
|
|
├── Containerfile ← OCI production (~7MB)
|
|
└── Containerfile.alpine ← Development (~15MB)
|
|
|
|
docs/
|
|
├── container.md ← Main Podman guide ⭐
|
|
└── docker/ ← Docker specifics
|
|
```
|
|
|
|
## Quick Commands
|
|
|
|
```bash
|
|
# Build
|
|
podman build -t argparse-builder .
|
|
|
|
# Run rootless
|
|
podman run -d -p 8080:8080 argparse-builder
|
|
|
|
# With SELinux
|
|
podman run -d -p 8080:8080 --security-opt label=type:container_t argparse-builder
|
|
|
|
# Hardened
|
|
podman run -d -p 8080:8080 \
|
|
--read-only \
|
|
--cap-drop=ALL \
|
|
--security-opt=no-new-privileges \
|
|
--memory=128m \
|
|
argparse-builder
|
|
```
|
|
|
|
## SELinux Volumes
|
|
|
|
```bash
|
|
# Private label (recommended)
|
|
podman run -v ./data:/data:Z argparse-builder
|
|
|
|
# Shared label
|
|
podman run -v ./shared:/shared:z argparse-builder
|
|
```
|
|
|
|
## Systemd Integration
|
|
|
|
```bash
|
|
# Generate unit
|
|
podman generate systemd --new --name argparse-builder > ~/.config/systemd/user/argparse-builder.service
|
|
|
|
# Enable
|
|
systemctl --user enable --now argparse-builder
|
|
```
|
|
|
|
## Key Features
|
|
|
|
- ✅ Rootless by default
|
|
- ✅ SELinux native support
|
|
- ✅ Daemonless operation
|
|
- ✅ OCI compliant
|
|
- ✅ Systemd integration
|
|
- ✅ ~7MB image size
|
|
|
|
## Makefile
|
|
|
|
```bash
|
|
make container-build # Build image
|
|
make container-run # Run rootless
|
|
make container-run-hardened # Security hardened
|
|
make container-systemd # Generate systemd unit
|
|
```
|
|
|
|
See **docs/container.md** for complete guide.
|
|
|
|
```
|
|
|
|
```
|
|
|
|
```
|
|
|
|
```
|
|
|
|
```
|
|
|
|
```
|
|
|
|
```
|
|
|
|
```
|
|
|
|
```
|
|
|
|
```
|