brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bde75601ef0f0ca1250a15c919d70dbce59cb4cd
oam/knowledge base/podman.md
Michele Cereda c131022a1b chore(podman): add warning about subordinate ids
2025-12-26 19:51:15 +01:00

3.1 KiB
Raw Blame History

Podman

Daemonless container engine for Linux.
Intended to be a drop-in replacement for Docker.

  1. TL;DR
  2. Further readings
    1. Sources

TL;DR

Important

Podman in rootless mode (the default) leverages subordinate user and group IDs to map containers' UID and GID to much higher numbers and avoid conflicts.
This means the IDs used inside containers will not be the same as the ones of the user running them, and it will probably raise permissions issues when trying to write or read from volumes.

Setup 
# Install.
apt install 'podman' 'podman-compose'
dnf install 'podman'
pacman -S 'podman'
zypper install 'podman'

# Add container registries to use.
echo 'unqualified-search-registries = ["docker.io"]' > "$HOME/.config/containers/registries.conf"
echo 'unqualified-search-registries = ["docker.io"]' | tee -a '/etc/containers/registries.conf.d/docker.io'

# Set aliases for container registries.
cat <<EOF | tee '/etc/containers/registries.conf.d/shortnames.conf'
[aliases]
  "orclinx" = "container-registry.oracle.com/os/oraclelinux"
EOF
Usage 
# Get the version.
podman --version

# Get help.
man podman
man 'containers-registries.conf'

# List local images.
podman image list
podman images

# Search for images.
podman search 'fedora'
podman search --format "{{.Name}}\t{{.Stars}}\t{{.Official}}" --limit 3 'alpine'
podman search --list-tags 'registry.access.redhat.com/ubi8' --limit 4

# Pull images.
podman pull 'docker.io/library/postgres'
podman pull 'docker.io/library/python:3.10'
podman-compose pull

# List volumes.
podman volume ls
podman volume list

# Get a shell in containers.
podman run --rm --name 'syncthing' --tty --interactive --entrypoint 'sh' 'syncthing/syncthing'
podman-compose run --rm --entrypoint 'sh' 'syncthing'

# Check running containers.
podman ps
podman ps --all

# Manage compositions.
podman-compose up
podman-compose up --detach
podman-compose ps
podman-compose down

# Execute commands in containers.
podman-compose exec 'syncthing' whoami

# Clean up.
podman system prune
podman system prune --all

Further readings

Sources