opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-17 15:18:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

add new artifact mount type

Browse Source 
Add a new option to allow for mounting artifacts in the container, the
syntax is added to the existing --mount option:
type=artifact,src=$artifactName,dest=/path[,digest=x][,title=x]

This works very similar to image mounts. The name is passed down into
the container config and then on each start we lookup the artifact and
the figure out which blobs to mount. There is no protaction against a
user removing the artifact while still being used in a container. When
the container is running the bind mounted files will stay there (as the
kernel keeps the mounts active even if the bind source was deleted).
On the next start it will fail to start as if it does not find the
artifact. The good thing is that this technically allows someone to
update the artifact with the new file by creating a new artifact with
the same name.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit is contained in:
Paul Holzinger
2025-02-20 18:37:34 +01:00
parent f6e2d94409
commit 9e94dc53b2
13 changed files with 490 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
docs/source/markdown/options/mount.md
View File

@ -6,12 +6,12 @@
Attach a filesystem mount to the container
Current supported mount TYPEs are **bind**, **devpts**, **glob**, **image**, **ramfs**, **tmpfs** and **volume**.
Current supported mount TYPEs are **artifact**, **bind**, **devpts**, **glob**, **image**, **ramfs**, **tmpfs** and **volume**.
Options common to all mount types:
- *src*, *source*: mount source spec for **bind**, **glob**, and **volume**.
Mandatory for **bind** and **glob**.
Mandatory for **artifact**, **bind**, **glob**, **image** and **volume**.
- *dst*, *destination*, *target*: mount destination spec.
@ -24,6 +24,25 @@ on the destination directory are mounted. The option
to mount host files matching /foo* to the /tmp/bar/
directory in the container.
Options specific to type=**artifact**:
- *digest*: If the artifact source contains multiple blobs a digest can be
specified to only mount the one specific blob with the digest.
- *title*: If the artifact source contains multiple blobs a title can be set
which is compared against `org.opencontainers.image.title` annotation.
The *src* argument contains the name of the artifact, it must already exist locally.
The *dst* argument contains the target path, if the path in the container is a
directory or does not exist the blob title (`org.opencontainers.image.title`
annotation) will be used as filename and joined to the path. If the annotation
does not exist the digest will be used as filename instead. This results in all blobs
of the artifact mounted into the container at the given path.
However if the *dst* path is a existing file in the container then the blob will be
mounted directly on it. This only works when the artifact contains of a single blob
or when either *digest* or *title* are specified.
Options specific to type=**volume**:
- *ro*, *readonly*: *true* or *false* (default if unspecified: *false*).
@ -104,4 +123,6 @@ Examples:
- `type=tmpfs,destination=/path/in/container,noswap`
- `type=volume,source=vol1,destination=/path/in/container,ro=true`
- `type=artifact,src=quay.io/libpod/testartifact:20250206-single,dst=/data`
- `type=artifact,src=quay.io/libpod/testartifact:20250206-multi,dst=/data,title=test1`