podman
Podman
Rootless, daemonless container engine. Commands mirror Docker — substitute podman for docker.
Running Containers
podman run -d --name my-app alpine sleep 1000 # Detached container
podman ps -a # List all containers (including stopped)
podman logs my-app # View logs
podman exec my-app ls /app # Run command inside container
podman stop my-app && podman rm my-app # Stop and remove
For long-running services, use -d. For interactive sessions in headless environments: tmux new -d 'podman run -it --name my-app alpine sh'. Use -f with rm/rmi/prune to skip prompts.
Building Images
podman build -t my-image . # Reads Containerfile (or Dockerfile)
podman images # List local images
podman rmi my-image # Remove image
Prefer Containerfile over Dockerfile — it's the OCI convention.
Pods — Shared Network Namespace
Pods group containers so they communicate over localhost without network configuration:
podman pod create --name my-stack -p 8080:80
podman run -d --pod my-stack --name web nginx
podman run -d --pod my-stack --name api my-api-image
# web and api share localhost — api reaches nginx at localhost:80
Networking & Secrets
# Custom network
podman network create my-network
podman run -d --network my-network --name web nginx
# Secrets as environment variables
echo "my-secret" | podman secret create my-secret -
podman run --secret my-secret,type=env,target=MY_SECRET alpine env
Health Checks
podman run -d \
--health-cmd "curl -f http://localhost/ || exit 1" \
--health-interval 30s \
--name web nginx
podman inspect web --format '{{.State.Health.Status}}'
Compose & Kubernetes
podman compose up -d # Docker Compose compatibility
podman generate kube my-pod > pod.yaml # Generate K8s manifest
podman kube play pod.yaml # Run K8s manifest
Cleanup
podman system prune -f # Remove stopped containers, unused images
podman system df # Show disk usage
Constraints
- Rootless by default — binding to ports < 1024 requires subuid/subgid or
--userns=keep-id - No background daemon — containers are direct child processes
- Use
Containerfileas the default build file name
More from knoopx/pi
jujutsu
Manages version control with Jujutsu (jj), including rebasing, conflict resolution, and Git interop. Use when tracking changes, navigating history, squashing/splitting commits, or pushing to Git remotes.
117nix-flakes
Creates reproducible builds, manages flake inputs, defines devShells, and builds packages with flake.nix. Use when initializing Nix projects, locking dependencies, or running nix build/develop commands.
54scraping
Fetches web pages, parses HTML with CSS selectors, calls REST APIs, and scrapes dynamic content. Use when extracting data from websites, querying JSON APIs, or automating browser interactions.
48jscpd
Finds duplicate code blocks and analyzes duplication metrics across files. Use when identifying copy-pasted code, measuring technical debt, or preparing for refactoring.
45yt-dlp
Downloads videos from YouTube and other sites using yt-dlp. Use when downloading videos, extracting metadata, or batch downloading multiple files.
42nix
Runs packages temporarily, creates isolated shell environments, and evaluates Nix expressions. Use when executing tools without installing, debugging derivations, or working with nixpkgs.
42