podman basic

install

https://podman.io/getting-started/installation

ubuntu

    . /etc/os-release
    echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
    curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key | sudo apt-key add -

    sudo apt-get update
    sudo apt-get -y upgrade
    sudo apt-get -y install podman

archlinux

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
pacman -S podman
podman version
podman info --debug

podman ps
podman ps -f  name=zookeeper
podman ps -a --format "{{.ID}} {{.Names}}"
podman ps -a
podman inspect -l

podman top <container_id>
podman container checkpoint <container_id>
podman container restore <container_id>

podman stop --latest
podman rm --latest
podman --log-level=debug pull dockerhub.azk8s.cn/library/golang

logs

podman logs --since 1m -f conter_id_0
podman logs --latest

registry config, mirror

/etc/containers/registries.conf

1
2
3
4
5
6
7
8
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "******.mirror.aliyuncs.com"

[[registry-insecure]]
prefix = "docker.io"
location = "docker-registries.wiloon.com"

另外一种配置文件

unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "xxxxxx.mirror.aliyuncs.com"

run

1
2
3
4
5
6
7
podman run \
-d \
--name name0 \
-p 2000:80/tcp \
-v /etc/localtime:/etc/localtime:ro \
image0_name

systemd script

1
2
    export service_name=foo
    podman generate systemd $service_name > /usr/lib/systemd/system/$service_name.service

network

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
podman network create --driver bridge net0
podman network create --driver bridge \
--subnet 172.22.16.0/24 \
--gateway 172.22.16.1 net0

podman network ls
podman network inspect net0

podman run -it --network=net0 busybox
# 指定ip
podman run -it --network=net0 --ip 172.22.16.8 busybox

centos 8 install podman

Install EPEL Repository on RHEL / CentOS 8

1
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

Ensure PowerTools repo is enabled as well – CentOS 8 only

1
sudo dnf config-manager --set-enabled PowerTools

Install Podman

1
2
3
4
5
6
sudo dnf -y update
sudo systemctl reboot

sudo dnf module list | grep container-tools
sudo dnf install -y @container-tools
podman version

volume

1
2
3
podman volume ls
podman volume create volume0
podman volume rm volume0

pod

podman pod create -n pod_name_0 -p 8086:8086 -p 3000:3000 -p 8888:8888
# 使用pod, 端口映射要配置到pod上，pod内的容器不配端口

创建容器并加入pod

podman run -d --pod pod_name_0 influxdb

https://www.hangge.com/blog/cache/detail_2475.html

https://www.mankier.com/1/podman-unshare

https://opensource.com/article/19/2/how-does-rootless-podman-work

https://www.mankier.com/1/podman-generate-systemd https://computingforgeeks.com/how-to-install-epel-repository-on-rhel-8-centos-8/" https://computingforgeeks.com/how-to-install-epel-repository-on-rhel-8-centos-8/embed/#?secret=Vw63QL1LVb" https://computingforgeeks.com/how-to-install-and-use-podman-on-centos-rhel/" https://computingforgeeks.com/how-to-install-and-use-podman-on-centos-rhel/embed/#?secret=kP3lpS51yS"

podman pod

podman pod --help
podman pod create --help
podman pod ps

rootless

1
2
3
4
5
6
7
8
9
pacman  -S crun
usr/share/containers/libpod.conf -- runtime="crun"

sudo touch /etc/subuid
sudo touch /etc/subgid
sudo usermod --add-subuids 10000-65536 user0
sudo usermod --add-subgids 10000-65536 user0
getcap /usr/bin/newuidmap
getcap /usr/bin/newgidmap

macvlan

https://ctimbai.github.io/2019/04/14/tech/docker-macvlan/

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# docker network create -d macvlan --subnet=172.16.10.0/24 --gateway=172.16.10.1 -o parent=enp0s8 mac1
podman network create \
--subnet=192.168.50.0/24 \
--gateway=192.168.50.1 \
--macvlan=enp1s0 mac1

-d 指定 Docker 网络 driver
--subnet 指定 macvlan 网络所在的网络
--gateway 指定网关
-o parent 指定用来分配 macvlan 网络的物理网卡
 cat /etc/cni/net.d/mac1.conflist

在 host1 运行容器 c1，并指定使用 macvlan 网络：

1
podman run -itd --name c1 --ip=192.168.50.99 --network mac1 busybox

https://stackoverflow.com/questions/59515026/how-do-i-replicate-a-docker-macvlan-network-with-podman

podman

http://docs.podman.io/en/latest/

VFS , fuse-overlayfs

Our first recommendation in these cases is usually to avoid using VFS, and instead use fuse-overlayfs.

image, images

podman images -a
podman image prune
podman image rm image-id-0

https://github.com/containernetworking/plugins

other

podman unshare cat /proc/self/uid_map
unshare -U

Contents