Improve the readability of crio.8.md

docs/crio.8.md

@@ -5,157 +5,126 @@
 crio - OCI Kubernetes Container Runtime daemon
 
 # SYNOPSIS
-**crio**
+```
-[**--apparmor-profile**=[*value*]]
+crio                               \
-[**--cgroup-manager**=[*value*]]
+[--apparmor-profile=[value]]       \
-[**--cni-config-dir**=[*value*]]
+[--cgroup-manager=[value]]         \
-[**--cni-plugin-dir**=[*value*]]
+[--cni-config-dir=[value]]         \
-[**--config**=[*value*]]
+[--cni-plugin-dir=[value]]         \
-[**--conmon**=[*value*]]
+[--config=[value]]                 \
-[**--cpu-profile**=[*value*]]
+[--conmon=[value]]                 \
-[**--default-transport**=[*value*]]
+[--cpu-profile=[value]]            \
-[**--help**|**-h**]
+[--default-transport=[value]]      \
-[**--insecure-registry**=[*value*]]
+[--help|-h]                        \
-[**--listen**=[*value*]]
+[--insecure-registry=[value]]      \
-[**--log**=[*value*]]
+[--listen=[value]]                 \
-[**--log-format value**]
+[--log=[value]]                    \
-[**--log-level value**]
+[--log-format value]               \
-[**--pause-command**=[*value*]]
+[--log-level value]                \
-[**--pause-image**=[*value*]]
+[--pause-command=[value]]          \
-[**--registry**=[*value*]]
+[--pause-image=[value]]            \
-[**--root**=[*value*]]
+[--registry=[value]]               \
-[**--runroot**=[*value*]]
+[--root=[value]]                   \
-[**--runtime**=[*value*]]
+[--runroot=[value]]                \
-[**--seccomp-profile**=[*value*]]
+[--runtime=[value]]                \
-[**--selinux**]
+[--seccomp-profile=[value]]        \
-[**--signature-policy**=[*value*]]
+[--selinux]                        \
-[**--storage-driver**=[*value*]]
+[--signature-policy=[value]]       \
-[**--storage-opt**=[*value*]]
+[--storage-driver=[value]]         \
-[**--version**|**-v**]
+[--storage-opt=[value]]            \
-
+[--version|-v]          
+```
 # DESCRIPTION
 OCI-based implementation of Kubernetes Container Runtime Interface Daemon
 
 crio is meant to provide an integration path between OCI conformant runtimes and the kubelet. Specifically, it implements the Kubelet Container Runtime Interface (CRI) using OCI conformant runtimes. The scope of crio is tied to the scope of the CRI.
 
-	* Support multiple image formats including the existing Docker image format
+- Support multiple image formats including the existing Docker image format
-	* Support for multiple means to download images including trust & image verification
+- Support for multiple means to download images including trust & image verification
-	* Container image management (managing image layers, overlay filesystems, etc)
+- Container image management (managing image layers, overlay filesystems, etc)
-	* Container process lifecycle management
+- Container process lifecycle management
-	* Monitoring and logging required to satisfy the CRI
+- Monitoring and logging required to satisfy the CRI
-	* Resource isolation as required by the CRI
+- Resource isolation as required by the CRI
-
-**crio [GLOBAL OPTIONS]**
-
-**crio [GLOBAL OPTIONS] config [OPTIONS]**
 
+Usage: 
+```
+crio [GLOBAL OPTIONS]
+crio [GLOBAL OPTIONS] config [OPTIONS]
+```
 # GLOBAL OPTIONS
 
-**--apparmor_profile**=""
+- **--apparmor_profile**="": Name of the apparmor profile to be used as the runtime's default (default: "crio-default")
-  Name of the apparmor profile to be used as the runtime's default (default: "crio-default")
 
-**--cgroup-manager**=""
+- **--cgroup-manager**="": cgroup manager (cgroupfs or systemd)
-  cgroup manager (cgroupfs or systemd)
 
-**--config**=""
+- **--config**="": path to configuration file
-  path to configuration file
 
-**--conmon**=""
+- **--conmon**="": path to the conmon executable (default: "/usr/local/libexec/crio/conmon")
-  path to the conmon executable (default: "/usr/local/libexec/crio/conmon")
 
-**--cpu-profile**=""
+- **--cpu-profile**="": set the CPU profile file path
-set the CPU profile file path
 
-**--default-transport**
+- **--default-transport**: A prefix to prepend to image names that can't be pulled as-is.
-  A prefix to prepend to image names that can't be pulled as-is.
 
-**--help, -h**
+- **--help, -h**: Print usage statement
-  Print usage statement
 
-**--insecure-registry=**
+- **--insecure-registry=**: Enable insecure registry  communication,  i.e.,  enable  un-encrypted
-  Enable insecure registry  communication,  i.e.,  enable  un-encrypted
   and/or untrusted communication.
+  > List  of  insecure registries can contain an element with CIDR notation
+  > to specify a whole  subnet.  Insecure  registries  accept  HTTP  and/or
+  > accept HTTPS with certificates from unknown CAs.
+  >
+  > Enabling  --insecure-registry  is useful when running a local registry.
+  > However, because its use creates  security  vulnerabilities  it  should
+  > ONLY  be  enabled  for testing purposes.  For increased security, users
+  > should add their CA to their system's list of trusted  CAs  instead  of
+  > using --insecure-registry.
 
-  List  of  insecure registries can contain an element with CIDR notation
+- **--image-volumes**="": Image volume handling ('mkdir', 'bind' or 'ignore') (default: "mkdir")
-  to specify a whole  subnet.  Insecure  registries  accept  HTTP  and/or
+  - mkdir: A directory is created inside the container root filesystem for the volumes.
-  accept HTTPS with certificates from unknown CAs.
+  - bind: A directory is created inside container state directory and bind mounted into the container for the volumes.
+  - ignore: All volumes are just ignored and no action is taken.
 
-  Enabling  --insecure-registry  is useful when running a local registry.
+- **--listen**="": Path to CRI-O socket (default: "/var/run/crio/crio.sock")
-  However, because its use creates  security  vulnerabilities  it  should
-  ONLY  be  enabled  for testing purposes.  For increased security, users
-  should add their CA to their system's list of trusted  CAs  instead  of
-  using --insecure-registry.
 
-**--image-volumes**=""
+- **--log**="": Set the log file path where internal debug information is written
-  Image volume handling ('mkdir', 'bind' or 'ignore') (default: "mkdir")
-  mkdir: A directory is created inside the container root filesystem for the volumes.
-  bind: A directory is created inside container state directory and bind mounted into
-  the container for the volumes.
-  ignore: All volumes are just ignored and no action is taken.
 
-**--listen**=""
+- **--log-format**="": Set the format used by logs ('text' (default), or 'json') (default: "text")
-  Path to CRI-O socket (default: "/var/run/crio/crio.sock")
 
-**--log**=""
+- **--log-level**="": log crio messages above specified level: debug, info (default), warn, error, fatal or panic
-  Set the log file path where internal debug information is written
 
-**--log-format**=""
+- **--log-size-max**="": Maximum log size in bytes for a container (default: -1 (no limit)). If it is positive, it must be >= 8192 (to match/exceed conmon read buffer).
-  Set the format used by logs ('text' (default), or 'json') (default: "text")
 
-**--log-level**=""
+- **--pause-command**="": Path to the pause executable in the pause image (default: "/pause")
-  log crio messages above specified level: debug, info (default), warn, error, fatal or panic
 
-**--log-size-max**=""
+- **--pause-image**="": Image which contains the pause executable (default: "kubernetes/pause")
-  Maximum log size in bytes for a container (default: -1 (no limit)).
-  If it is positive, it must be >= 8192 (to match/exceed conmon read buffer).
 
-**--pause-command**=""
+- **--pids-limit**="": Maximum number of processes allowed in a container (default: 1024)
-  Path to the pause executable in the pause image (default: "/pause")
 
-**--pause-image**=""
+- **--root**="": The crio root dir (default: "/var/lib/containers/storage")
-  Image which contains the pause executable (default: "kubernetes/pause")
 
-**--pids-limit**=""
+- **--registry**="": Registry host which will be prepended to unqualified images, can be specified multiple times
-  Maximum number of processes allowed in a container (default: 1024)
 
-**--root**=""
+- **--runroot**="": The crio state dir (default: "/var/run/containers/storage")
-  The crio root dir (default: "/var/lib/containers/storage")
 
-**--registry**=""
+- **--runtime**="": OCI runtime path (default: "/usr/bin/runc")
-  Registry host which will be prepended to unqualified images, can be specified multiple times
 
-**--runroot**=""
+- **--selinux**=**true**|**false**: Enable selinux support (default: false)
-  The crio state dir (default: "/var/run/containers/storage")
 
-**--runtime**=""
+- **--seccomp-profile**="": Path to the seccomp json profile to be used as the runtime's default (default: "/etc/crio/seccomp.json")
-  OCI runtime path (default: "/usr/bin/runc")
 
-**--selinux**=*true*|*false*
+- **--signature-policy**="": Path to the signature policy json file (default: "", to use the system-wide default)
-  Enable selinux support (default: false)
 
-**--seccomp-profile**=""
+- **--storage-driver**: OCI storage driver (default: "devicemapper")
-  Path to the seccomp json profile to be used as the runtime's default (default: "/etc/crio/seccomp.json")
 
-**--signature-policy**=""
+- **--storage-opt**: OCI storage driver option (no default)
-  Path to the signature policy json file (default: "", to use the system-wide default)
 
-**--storage-driver**
+- **--cni-config-dir**="": CNI configuration files directory (default: "/etc/cni/net.d/")
-  OCI storage driver (default: "devicemapper")
 
-**--storage-opt**
+- **--cni-plugin-dir**="": CNI plugin binaries directory (default: "/opt/cni/bin/")
-  OCI storage driver option (no default)
 
-**--cni-config-dir**=""
+- **--cpu-profile**: Set the CPU profile file path
-  CNI configuration files directory (default: "/etc/cni/net.d/")
 
-**--cni-plugin-dir**=""
+- **--version, -v**: Print the version
-  CNI plugin binaries directory (default: "/opt/cni/bin/")
-
-**--cpu-profile**
-  Set the CPU profile file path
-
-**--version, -v**
-  Print the version
 
 # COMMANDS
 CRI-O's default command is to start the daemon. However, it currently offers a