====== Notes ======

  * Podman containers can run without root privileges.
  * Containers can be built with Buildah and Skopeo.
  * Pod: One ore more containers sharing a namespace and cgroups.
  * Podman can be used as an alias for Docker (''%%alias docker=podman%%''), but has more capabilities.
  * Podman runs containers on single Linux nodes together with systemd.
  * Containers can be started/managed over a REST API.
  * Podman runs OCI (Open Container Initiative) containers.
  * Podman containers can run systemd.
  * A podman container is a child process of the podman command.
  * Podman completely separates user namespaces.
  * Podman does not need a daemon to run. (The docker daemon is a single point of failure.)
  * Podman supports Pods (like Kubernetes) and runs Kubernetes YAML.
  * The ''%%docker%%'' group virtually has root rights; not so with Podman.

Ressources:

  * [[https://podman.io/|podman.io]]
  * [[https://www.redhat.com/en/topics/containers/what-is-podman|What is Podman?]]
  * [[https://www.manning.com/books/podman-in-action|Podman in Action]]

====== Setup ======

Install Podman (on Arch Linux):

<code>
# pacman -S podman buildah skopeo fuse-overlayfs slirp4netns
</code>

Allow unprivileged users to run containers:

<code>
# sysctl kernel.unprivileged_userns_clone=1
</code>

Set ''%%subuid%%'' and ''%%subgid%%'' for user to run containers (e.g. ''%%patrick%%''):

<code>
# touch /etc/subuid /etc/subgid
# chmod 644 /etc/subuid /etc/subgid
# usermod --add-subuids 100000-165535 --add-subgids 100000-165535 patrick
</code>

Propagate changes to Podman:

<code>
$ podman system migrate
</code>

===== Command Line Usage =====

Test using the alpine container:

<code>
$ podman run -it docker.io/alpine
</code>

Build an image:

<code>
$ podman build . -t whatever
</code>

Run a container (which exposes port ''%%8080%%''):

<code>
$ podman run -p 8080:8080 --name whatever whatever
</code>

==== systemd Integration ====

Generate a systemd unit:

<code>
$ podman generate systemd --name whatever
</code>

Save the output as a unit file:

<code>
$ podman generate systemd --name whatever --new --files
./container-whatever.service
</code>

Copy the unit file to user’s systemd config folder:

<code>
$ mv container-whatever.service ~/.config/systemd/user/
</code>

Reload the daemon, and start container using systemd unit:

<code>
$ systemctl --user daemon-reload
$ systemctl --user enable --now container-whatever.service
$ systemctl --user restart container-whatever.service
</code>

====== Networking ======

Figure out the standard gateway of a network:

<code>
podman network inspect [network] --format '{{ (index .Subnets 0).Gateway }}'
</code>