brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ab53bfb44efd0beca0fc5a2f89a02f2c84bfd7b9
oam/knowledge base/podman.md
Michele Cereda c131022a1b chore(podman): add warning about subordinate ids
2025-12-26 19:51:15 +01:00

128 lines
3.1 KiB
Markdown
Raw Blame History

# Podman
Daemonless container engine for Linux.<br/>
Intended to be a drop-in replacement for [Docker].
1. [TL;DR](#tldr)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
> [!important]
> Podman in rootless mode (the default) leverages [subordinate user and group IDs][subordinate ids] to map containers'
> UID and GID to much higher numbers and avoid conflicts.<br/>
> This means the IDs used _inside_ containers will **not** be the same as the ones of the user running them, and it
> will probably raise permissions issues when trying to write or read from volumes.
<details>
<summary>Setup</summary>
```sh
# Install.
apt install 'podman' 'podman-compose'
dnf install 'podman'
pacman -S 'podman'
zypper install 'podman'
# Add container registries to use.
echo 'unqualified-search-registries = ["docker.io"]' > "$HOME/.config/containers/registries.conf"
echo 'unqualified-search-registries = ["docker.io"]' | tee -a '/etc/containers/registries.conf.d/docker.io'
# Set aliases for container registries.
cat <<EOF | tee '/etc/containers/registries.conf.d/shortnames.conf'
[aliases]
"orclinx" = "container-registry.oracle.com/os/oraclelinux"
EOF
```
</details>
<details>
<summary>Usage</summary>
```sh
# Get the version.
podman --version
# Get help.
man podman
man 'containers-registries.conf'
# List local images.
podman image list
podman images
# Search for images.
podman search 'fedora'
podman search --format "{{.Name}}\t{{.Stars}}\t{{.Official}}" --limit 3 'alpine'
podman search --list-tags 'registry.access.redhat.com/ubi8' --limit 4
# Pull images.
podman pull 'docker.io/library/postgres'
podman pull 'docker.io/library/python:3.10'
podman-compose pull
# List volumes.
podman volume ls
podman volume list
# Get a shell in containers.
podman run --rm --name 'syncthing' --tty --interactive --entrypoint 'sh' 'syncthing/syncthing'
podman-compose run --rm --entrypoint 'sh' 'syncthing'
# Check running containers.
podman ps
podman ps --all
# Manage compositions.
podman-compose up
podman-compose up --detach
podman-compose ps
podman-compose down
# Execute commands in containers.
podman-compose exec 'syncthing' whoami
# Clean up.
podman system prune
podman system prune --all
```
</details>
## Further readings
- [Website]
- [Documentation]
- [Docker]
- [Containerd]
- [Kaniko]
- [Volumes and rootless Podman]
- [Subordinate IDs]
### Sources
- [Pull Official Images From Docker Hub Using Podman]
- [User IDs and (rootless) containers with Podman]
<!--
Reference
═╬═Time══
-->
<!-- Knowledge base -->
[Containerd]: containerd.md
[Docker]: docker.md
[Kaniko]: kaniko.md
[Subordinate IDs]: linux/subordinate%20ids.md
<!-- Upstream -->
[Documentation]: https://docs.podman.io/en/stable/
[Website]: https://podman.io/
<!-- Others -->
[Pull Official Images From Docker Hub Using Podman]: https://www.baeldung.com/ops/podman-pull-image-docker-hub
[User IDs and (rootless) containers with Podman]: https://blog.christophersmart.com/2021/01/26/user-ids-and-rootless-containers-with-podman/
[Volumes and rootless Podman]: https://blog.christophersmart.com/2021/01/31/volumes-and-rootless-podman/
Reference in New Issue View Git Blame Copy Permalink