Improve the readability of crio.8.md

Signed-off-by: Liu Chang <liuchang@qiniu.com>
2017-11-20 16:32:34 +08:00 · 2017-11-20 16:32:34 +08:00 · bf515de94d
commit bf515de94d
parent 6c8ab88e9e
1 changed files with 77 additions and 115 deletions
--- a/docs/crio.8.md
+++ b/docs/crio.8.md
@ -5,160 +5,122 @@
 crio - OCI Kubernetes Container Runtime daemon
 # SYNOPSIS
-**crio**
+crio
-[**--apparmor-profile**=[*value*]]
+```
-[**--cgroup-manager**=[*value*]]
+[--apparmor-profile=[value]]
-[**--cni-config-dir**=[*value*]]
+[--cgroup-manager=[value]]
-[**--cni-plugin-dir**=[*value*]]
+[--cni-config-dir=[value]]
-[**--config**=[*value*]]
+[--cni-plugin-dir=[value]]
-[**--conmon**=[*value*]]
+[--config=[value]]
-[**--cpu-profile**=[*value*]]
+[--conmon=[value]]
-[**--default-transport**=[*value*]]
+[--cpu-profile=[value]]
-[**--help**|**-h**]
+[--default-transport=[value]]
-[**--insecure-registry**=[*value*]]
+[--help|-h]
-[**--listen**=[*value*]]
+[--insecure-registry=[value]]
-[**--log**=[*value*]]
+[--listen=[value]]
-[**--log-format value**]
+[--log=[value]]
-[**--log-level value**]
+[--log-format value]
-[**--pause-command**=[*value*]]
+[--log-level value]
-[**--pause-image**=[*value*]]
+[--pause-command=[value]]
-[**--registry**=[*value*]]
+[--pause-image=[value]]
-[**--root**=[*value*]]
+[--registry=[value]]
-[**--runroot**=[*value*]]
+[--root=[value]]
-[**--runtime**=[*value*]]
+[--runroot=[value]]
-[**--seccomp-profile**=[*value*]]
+[--runtime=[value]]
-[**--selinux**]
+[--seccomp-profile=[value]]
-[**--signature-policy**=[*value*]]
+[--selinux]
-[**--storage-driver**=[*value*]]
+[--signature-policy=[value]]
-[**--storage-opt**=[*value*]]
+[--storage-driver=[value]]
-[**--version**|**-v**]
+[--storage-opt=[value]]
-
+[--version|-v]
 ```
 # DESCRIPTION
 OCI-based implementation of Kubernetes Container Runtime Interface Daemon
 crio is meant to provide an integration path between OCI conformant runtimes and the kubelet. Specifically, it implements the Kubelet Container Runtime Interface (CRI) using OCI conformant runtimes. The scope of crio is tied to the scope of the CRI.
-	* Support multiple image formats including the existing Docker image format
+1. Support multiple image formats including the existing Docker image format.
-	* Support for multiple means to download images including trust & image verification
+2. Support for multiple means to download images including trust & image verification.
-	* Container image management (managing image layers, overlay filesystems, etc)
+3. Container image management (managing image layers, overlay filesystems, etc).
-	* Container process lifecycle management
+4. Container process lifecycle management.
-	* Monitoring and logging required to satisfy the CRI
+5. Monitoring and logging required to satisfy the CRI.
-	* Resource isolation as required by the CRI
+6. Resource isolation as required by the CRI.
 **crio [GLOBAL OPTIONS]**
 **crio [GLOBAL OPTIONS] config [OPTIONS]**
 **Usage**:
 ```
 crio [GLOBAL OPTIONS]
 crio [GLOBAL OPTIONS] config [OPTIONS]
 ```
 # GLOBAL OPTIONS
 **--apparmor_profile**="": Name of the apparmor profile to be used as the runtime's default (default: "crio-default")
-**--apparmor_profile**=""
+**--cgroup-manager**="": cgroup manager (cgroupfs or systemd)
  Name of the apparmor profile to be used as the runtime's default (default: "crio-default")
-**--cgroup-manager**=""
+**--config**="": path to configuration file
  cgroup manager (cgroupfs or systemd)
-**--config**=""
+**--conmon**="": path to the conmon executable (default: "/usr/local/libexec/crio/conmon")
  path to configuration file
-**--conmon**=""
+**--cpu-profile**="": set the CPU profile file path
  path to the conmon executable (default: "/usr/local/libexec/crio/conmon")
-**--cpu-profile**=""
+**--default-transport**: A prefix to prepend to image names that can't be pulled as-is.
 set the CPU profile file path
-**--default-transport**
+**--help, -h**: Print usage statement
  A prefix to prepend to image names that can't be pulled as-is.
-**--help, -h**
+**--insecure-registry=**: Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication.
  Print usage statement
-**--insecure-registry=**
+1. List of insecure registries can contain an element with CIDR notation to specify a whole subnet.
-  Enable insecure registry  communication,  i.e.,  enable  un-encrypted
+2. Insecure registries accept HTTP or accept HTTPS with certificates from unknown CAs.
-  and/or untrusted communication.
+3. Enabling `--insecure-registry`  is useful when running a local registry. However, because its use creates security vulnerabilities, **it should ONLY be enabled for testing purposes**. For increased security, users should add their CA to their system's list of trusted CAs instead of using `--insecure-registry`.
-  List  of  insecure registries can contain an element with CIDR notation
+**--image-volumes**="": Image volume handling ('mkdir', 'bind' or 'ignore') (default: "mkdir")
  to specify a whole  subnet.  Insecure  registries  accept  HTTP  and/or
  accept HTTPS with certificates from unknown CAs.
-  Enabling  --insecure-registry  is useful when running a local registry.
+1. mkdir: A directory is created inside the container root filesystem for the volumes.
-  However, because its use creates  security  vulnerabilities  it  should
+2. bind: A directory is created inside container state directory and bind mounted into the container for the volumes.
-  ONLY  be  enabled  for testing purposes.  For increased security, users
+3. ignore: All volumes are just ignored and no action is taken.
  should add their CA to their system's list of trusted  CAs  instead  of
  using --insecure-registry.
-**--image-volumes**=""
+**--listen**="": Path to CRI-O socket (default: "/var/run/crio/crio.sock")
  Image volume handling ('mkdir', 'bind' or 'ignore') (default: "mkdir")
  mkdir: A directory is created inside the container root filesystem for the volumes.
  bind: A directory is created inside container state directory and bind mounted into
  the container for the volumes.
  ignore: All volumes are just ignored and no action is taken.
-**--listen**=""
+**--log**="": Set the log file path where internal debug information is written
  Path to CRI-O socket (default: "/var/run/crio/crio.sock")
-**--log**=""
+**--log-format**="": Set the format used by logs ('text' (default), or 'json') (default: "text")
  Set the log file path where internal debug information is written
-**--log-format**=""
+**--log-level**="": log crio messages above specified level: debug, info (default), warn, error, fatal or panic
  Set the format used by logs ('text' (default), or 'json') (default: "text")
-**--log-level**=""
+**--log-size-max**="": Maximum log size in bytes for a container (default: -1 (no limit)). If it is positive, it must be >= 8192 (to match/exceed conmon read buffer).
  log crio messages above specified level: debug, info (default), warn, error, fatal or panic
-**--log-size-max**=""
+**--pause-command**="": Path to the pause executable in the pause image (default: "/pause")
  Maximum log size in bytes for a container (default: -1 (no limit)).
  If it is positive, it must be >= 8192 (to match/exceed conmon read buffer).
-**--pause-command**=""
+**--pause-image**="": Image which contains the pause executable (default: "kubernetes/pause")
  Path to the pause executable in the pause image (default: "/pause")
-**--pause-image**=""
+**--pids-limit**="": Maximum number of processes allowed in a container (default: 1024)
  Image which contains the pause executable (default: "kubernetes/pause")
-**--pids-limit**=""
+**--enable-shared-pid-namespace**="": Enable using a shared PID namespace for containers in a pod (default: false)
  Maximum number of processes allowed in a container (default: 1024)
-**--enable-shared-pid-namespace**=""
+**--root**="": The crio root dir (default: "/var/lib/containers/storage")
  Enable using a shared PID namespace for containers in a pod (default: false)
-**--root**=""
+**--registry**="": Registry host which will be prepended to unqualified images, can be specified multiple times
  The crio root dir (default: "/var/lib/containers/storage")
-**--registry**=""
+**--runroot**="": The crio state dir (default: "/var/run/containers/storage")
  Registry host which will be prepended to unqualified images, can be specified multiple times
-**--runroot**=""
+**--runtime**="": OCI runtime path (default: "/usr/bin/runc")
  The crio state dir (default: "/var/run/containers/storage")
-**--runtime**=""
+**--selinux**=**true**|**false**: Enable selinux support (default: false)
  OCI runtime path (default: "/usr/bin/runc")
-**--selinux**=*true*|*false*
+**--seccomp-profile**="": Path to the seccomp json profile to be used as the runtime's default (default: "/etc/crio/seccomp.json")
  Enable selinux support (default: false)
-**--seccomp-profile**=""
+**--signature-policy**="": Path to the signature policy json file (default: "", to use the system-wide default)
  Path to the seccomp json profile to be used as the runtime's default (default: "/etc/crio/seccomp.json")
-**--signature-policy**=""
+**--storage-driver**: OCI storage driver (default: "devicemapper")
  Path to the signature policy json file (default: "", to use the system-wide default)
-**--storage-driver**
+**--storage-opt**: OCI storage driver option (no default)
  OCI storage driver (default: "devicemapper")
-**--storage-opt**
+**--cni-config-dir**="": CNI configuration files directory (default: "/etc/cni/net.d/")
  OCI storage driver option (no default)
-**--cni-config-dir**=""
+**--cni-plugin-dir**="": CNI plugin binaries directory (default: "/opt/cni/bin/")
  CNI configuration files directory (default: "/etc/cni/net.d/")
-**--cni-plugin-dir**=""
+**--cpu-profile**: Set the CPU profile file path
  CNI plugin binaries directory (default: "/opt/cni/bin/")
-**--cpu-profile**
+**--version, -v**: Print the version
  Set the CPU profile file path
 **--version, -v**
  Print the version
 # COMMANDS
 CRI-O's default command is to start the daemon. However, it currently offers a