Using Podman

What is Podman?

Podman is a container management tool that is compliant with the Open Container Initiative spec.

Basic usage of Podman

Podmans basic usage emulates the Docker CLI:

podman run -dt -p 8080:80/tcp docker.io/library/httpd

Podman as a Docker replacement

The podman-docker package can setup Podman to emulate the Docker api and socket.

Podman desktop is a replacement for Docker desktop

SELinux & Podman

  • SELinux is a kernel security module that implements for more in-depth access control mechanisms.

  • SELinux adds adittional contexts to files / folders that can cause permission issues for containers.

    • To "just make it work" with podman, add :z to the end of volume mounts

Podman and systemd

  • systemd can manage automatically starting and stopping containers using systemd unit files.

    • This can be a desireable way to manage starting different containers when specfic events happen, such as system power on, or another container starting.

  • Quadlets are files that are used to generate systemd services from a Podman container.

Quadlet example

~/.config/containers/systemd/sleep.container

[Unit]
# Description for the unit file
Description=The sleep container
# Dependencies before container can be ran
After=local-fs.target

[Container]
# Image
Image=registry.access.redhat.com/ubi9-minimal:latest
# Command
Exec=sleep 1000

[Install]
# Start by default on boot
WantedBy=multi-user.target default.target

Demo!

note:

OCI compliance means it can run docker containers and emulates the same UI.

Podman is developed by redhat

There are many configuration options, including for creating volumes, networks, containers, pods, and kube files