Podman

Rootless container management compatible with Docker commands.

Container Management

Basic Lifecycle

# Run a container (detached)
podman run -d --name my-app alpine sleep 1000

# List running containers
podman ps

# List all containers (including stopped ones)
podman ps -a

# Stop and remove a container
podman stop my-app
podman rm my-app

# Inspect container details
podman inspect my-app

Logs and Execution

# View container logs (non-interactive)
podman logs my-app

# Execute a command in a running container
podman exec my-app ls /app

Image Management

# Pull an image
podman pull alpine:latest

# List local images
podman images

# Build an image from a Containerfile (or Dockerfile)
podman build -t my-custom-image .

# Remove an image
podman rmi my-custom-image

Pods (Unique to Podman)

Pods allow grouping multiple containers together so they share the same network namespace (localhost).

# Create a pod
podman pod create --name my-stack -p 8080:80

# Run a container inside a pod
podman run -d --pod my-stack --name nginx nginx

# List pods
podman pod ps

Maintenance and Cleanup

# Remove all stopped containers, unused networks, and dangling images
podman system prune -f

# Show disk usage by containers/images
podman system df

Headless / Non-Interactive Tips

• Force Flag: Use -f or --force with rm, rmi, and prune to avoid confirmation prompts.
• Detached Mode: Always use -d for long-running services to prevent the command from hanging. For interactive sessions, use: tmux new -d 'podman run -it --name my-app alpine sh'
• Rootless: Podman runs in rootless mode by default for the current user. Ensure subuid/subgid are configured if running complex workloads.
• Docker Compatibility: Most docker commands can be prefixed with podman instead.

Networking

# Create a network
podman network create my-network

# Run container on a network
podman run --network my-network --name web nginx

# Connect existing container to network
podman network connect my-network web

# List networks
podman network ls

# Inspect network
podman network inspect my-network

Secrets Management

# Create a secret
echo "my-secret-value" | podman secret create my-secret -

# List secrets
podman secret ls

# Use secret in container
podman run --secret my-secret,type=env,target=MY_SECRET alpine env

Health Checks

# Run container with health check
podman run -d --health-cmd "curl -f http://localhost/ || exit 1" \
  --health-interval 30s --health-retries 3 \
  --name web nginx

# Check health status
podman inspect web | grep -A 10 "Health"

Auto Updates

# Run container with auto-update policy
podman run -d --label "io.containers.autoupdate=registry" \
  --name web nginx

# Check for updates
podman auto-update

# Apply updates
podman auto-update --dry-run=false

Systemd Integration (Quadlet)

Podman can generate systemd service files for containers:

# Create a .container file
cat > ~/.config/containers/systemd/my-app.container << EOF
[Container]
Image=nginx:latest
PublishPort=8080:80
EOF

# Generate systemd service
podman generate systemd --new --files --name my-app

# Enable and start
systemctl --user enable --now container-my-app.service

Docker Compose Compatibility

# Native podman compose support
podman compose up -d
podman compose down
podman compose logs

# Or use podman-compose (third-party tool)
pip install podman-compose
podman-compose up -d

Kubernetes Integration

# Generate Kubernetes YAML from container/pod
podman generate kube my-pod > pod.yaml

# Play Kubernetes YAML
podman kube play pod.yaml

# Stop and remove Kubernetes resources
podman kube down pod.yaml

Remote Builds (Farm)

# Farm out builds to remote machines
podman farm build -t myimage .

# List configured farms
podman farm list

Artifact Management

# Push OCI artifacts
podman artifact push myartifact.tar oci://registry.example.com/artifact

# Pull OCI artifacts
podman artifact pull oci://registry.example.com/artifact

Related Skills

• tmux: Run containers in background sessions
• nix: Alternative reproducible environments