Podman/Docker (OCI - Open Container Initiative)
conmon
conmon is a monitoring tool for OCI containers. It is used by Podman and CRI-O to monitor the state of containers.
podman run -d nginx
ps -ef | grep conmon
runc list
kaniko
kaniko vs buildah
Get Help
Inline help
podman --help
Man pages are available for each command. For example:
man podman-run
man podman-build
Basic command examples
Run = Create + Start
podman create ...
podman run ...
podman start ...
podman stopsendsSIGTERMto the container and waits 10 sec, then sendSIGKILL
podman stop $(podman ps -aq)
podman killsendsSIGKILLto stop the container immediately
podman kill containerID
podman pause/unpuasesendsSIGSTOP/SIGCONTto the container to all processes in the container. it requires cgroups v2, it's not enabled on RHEL8 by default.
podman pause 4f2038c05b8c
# -i - interactive, -t - tty
podman exec -it <ContainerId> /bin/sh
podman ps -a
podman logs containerID
podman inspect --format='{{.State.Running}}' containerID
podman pull
podman image ls
podman rm $(podman ps -aq)
# remove all stopped containers
podman rm --all
# build
podman build -t localhost/my-container -f Containerfile.my-container
Network
podman network --help
Network specific commands
podman network create example-net
podman network ls
podman network inspect example-net
# port mapping
podman port example-net
# Containers can be connected to multiple networks by specifying network names in a comma-separated list
podman run -d --name double-connector --net postgres-net,redis-net container-image:latest
# If the a container is already running, the following command connects it to the example-net network
podman network connect example-net my-container
# Removes any networks that are not currently in use by any containers
podman network prune
DNS
DNS is disabled in the default podman network. To enable DNS resolution between containers, create a Podman network and connect your containers to that network.
Port-Forwarding
-p or --publish option of the podman run command forwards a port HOST_PORT:CONTAINER_PORT
podman run -p 8075:80 my-app
podman run -p 127.0.0.1:8075:80 my-app
# List port mappings
podman port my-app
# --all option lists port mappings for all containers
podman port --all
podman inspect my-app -f '{{.NetworkSettings.Networks.apps.IPAddress}}'
Storage
Storage commands
podman inspect volumeID
podman volume prune
podman volume create volumeNAME
podman volume ls --format="{{.Name}}\t{{.Mountpoint}}"
diff - display the changes made to a container's filesystem since it was started
podman diff elastic_maxwell
cp - copy files/folders between a container and the local filesystem
podman cp index.html elastic_maxwell:/var/wwww/index.html
Volumes and Bind mounts
Volumes - managed by Podman
podman volume create http-data
podman volume inspect http-data
for rootless containers, Podman stores volume in the $HOME/.local/share/containers/storage/volumes directory.
Bind mounts - can exist anywhere on the host filesystem
Both volumes and bind mounts can use --volume or -v parameter
# --volume /path/on/host:/path/in/container:OPTIONS
# Bind mounts with the read-only option
podman run --volume /www:/var/www/html:ro ubi8/httpd-24:latest
# Volume mount into a container
podman run --volume http-data:/var/www/html ubi8/httpd-24:latest
## Because Podman manages the volume, you do not need to configure SELinux permissions.
Alternatively, you can use the --mount parameter
--mount type=TYPE,source=/path/on/host,destination=/path/in/container,options=OPTIONS
# type= bind | volume | tmpfs
# options=ro | rw | z | Z
Some application cannot use the default COW file system in a specific directory for performance reasons, but do not need persistence or data sharing. In this case, you can use the tmpfs mount type, which means that the data in mount is ephemeral but does not use the COW file system.
podman run -e POSTGRESQL_ADMIN_PASSWORD=redhat --network lab-net \
--mount type=tmpfs,tmpfs-size=512M,destination=/var/lib/pgsql/data \
registry.redhat.io/rhel9/postgresql-13:1
Import/export volumes
podman volume export http_data --output web_data.tar.gz
podman volume import web_data.tar.gz