book

Podman for DevOps

Name: Podman for DevOps
ISBN: 9781803248233

by Alessandro Arrichiello, Gianni Salinetti

April 2022

Intermediate to advanced

518 pages

10h 35m

English

Packt Publishing

Read now

Unlock full access

Podman for DevOps
ForewordContributorsAbout the authorsAbout the reviewers
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesDownload the color imagesConventions usedGet in touchShare Your Thoughts
Section 1: From Theory to Practice: Running Containers with Podman
Chapter 1: Introduction to Container Technology
Technical requirementsBook conventionsWhat are containers?Resource usage with cgroupsRunning isolated processesIsolating mountsContainer images to the rescueSecurity considerationsContainer engines and runtimesContainers versus virtual machinesWhy do I need a container?Open sourcePortabilityDevOps facilitatorsCloud readinessInfrastructure optimizationMicroservices Chroot and Unix v7FreeBSD jailsSolaris Containers (also known as Solaris Zones)Linux Containers (LXC)DockerrktOCI and CRI-OPodmanWhere are containers used today?SummaryFurther reading
Chapter 2: Comparing Podman and Docker
Technical requirementsDocker container daemon architectureThe Docker daemonInteracting with the Docker daemonThe Docker REST APIDocker client commandsDocker imagesDocker registriesWhat does a running Docker architecture look like?Containerd architecturePodman daemonless architecturePodman commands and REST APIPodman building blocksThe libpod libraryThe runc and crun OCI container runtimes ConmonRootless containersOCI imagesThe main differences between Docker and Podman Command-line interface comparisonRunning a containerSummaryFurther reading
Chapter 3: Running the First Container
Technical requirementsChoosing an operating system and installation methodChoosing between Linux distributions and another OSPreparing your environmentCustomizing the container registries search listOptional – enable socket-based servicesOptional – customize Podman’s behaviorRunning your first containerInteractive and pseudo-ttyDetaching from a running containerNetwork port publishingConfiguration and environment variablesSummaryFurther reading
Chapter 4: Managing Running Containers
Technical requirementsManaging container imagesSearching for imagesPulling and viewing imagesInspecting images' configurations and contentsDeleting imagesOperations with running containersViewing and handling container statusPausing and unpausing containersInspecting processes inside containersMonitoring container statsInspecting container informationCapturing logs from containersExecuting processes in a running containerRunning containers in podsSummary
Chapter 5: Implementing Storage for the Container's Data
Technical requirementsWhy does storage matter for containers? Containers' storage features Storage driverCopying files in and out of a containerInteracting with overlayfsAttaching host storage to a containerManaging and attaching bind mounts to a containerManaging and attaching volumes to a containerSELinux considerations for mountsAttaching other types of storage to a containerSummaryFurther reading
Section 2: Building Containers from Scratch with Buildah
Chapter 6: Meet Buildah – Building Containers from Scratch
Technical requirementsBasic image building with PodmanBuilds under the hoodDockerfile and Containerfile instructionsRunning builds with Podman Meet Buildah, Podman's companion tool for buildsPreparing our environmentVerifying the installationBuildah configuration filesChoosing our build strategyBuilding a container image starting from an existing base imageBuilding a container image starting from scratchBuilding a container image starting from a DockerfileBuilding images from scratchBuilding images from a DockerfileSummaryFurther reading

Chapter 7: Integrating with Existing Application Build Processes
Technical requirementsMultistage container buildsMultistage builds with DockerfilesMultistage builds with Buildah native commandsRunning Buildah inside a containerRunning rootless Buildah containers with volume storesRunning Buildah containers with bind-mounted storesRunning native Buildah commands inside containersIntegrating Buildah in custom buildersIncluding Buildah in our Go build toolQuarkus-native executables in containersA Buildah wrapper for the Rust languageSummaryFurther readings
Chapter 8: Choosing the Container Base Image
Technical requirementsThe Open Container Initiative image formatOCI Image ManifestWhere do container images come from?Docker Hub container registry serviceQuay container registry serviceRed Hat Ecosystem CatalogTrusted container image sourcesManaging trusted registriesIntroducing Universal Base ImageThe UBI Standard imageThe UBI Minimal image The UBI Micro imageThe UBI Init imageOther UBI-based imagesSummaryFurther reading
Chapter 9: Pushing Images to a Container Registry
Technical requirementsWhat is a container registry?Repository managementPushing container imagesTag managementPulling container imagesAuthentication managementCloud-based and on-premise container registriesOn-premise container registriesCloud-based container registriesManaging container images with SkopeoInstalling SkopeoVerifying the installationCopying images across locationsInspecting remote imagesSynchronizing registries and local directoriesDeleting images Running a local container registry Running a containerized registryCustomizing the registry configurationUsing a local registry to sync repositories Managing registry garbage collectionSummaryFurther reading
Section 3: Managing and Integrating Containers Securely
Chapter 10: Troubleshooting and Monitoring Containers
Technical requirementsTroubleshooting running containersPermission denied while using storage volumesIssues with the ping command in rootless containers Monitoring containers with health checksInspecting your container build resultsTroubleshooting builds from DockerfilesTroubleshooting builds with Buildah-native commandsAdvanced troubleshooting with nsenterTroubleshooting a database client with nsenterSummaryFurther reading
Chapter 11: Securing Containers
Technical requirementsRunning rootless containers with Podman The Podman Swiss Army knife – subuid and subgidDo not run containers with UID 0Signing our container imagesSigning images with GPG and PodmanConfiguring Podman to pull signed imagesTesting signature verification failuresManaging keys with Podman image trust commands Managing signatures with SkopeoCustomizing Linux kernel capabilities Capabilities quickstart guideCapabilities in containersCustomizing a container's capabilitiesSELinux interaction with containersIntroducing UdicaSummaryFurther reading
Chapter 12: Implementing Container Networking Concepts
Technical requirementsContainer networking and Podman setupCNI configuration quick startPodman CNI walkthroughNetavark configuration quick startPodman Netavark walkthroughManaging networks with PodmanInterconnecting two or more containersContainer DNS resolutionRunning containers inside a PodExposing containers outside our underlying hostPort PublishingAttaching a host networkHost firewall configurationRootless container network behaviorSummaryFurther reading
Chapter 13: Docker Migration Tips and Tricks
Technical requirementsMigrating existing images and playing with a command's aliasPodman commands versus Docker commandsBehavioral differences between Podman and DockerMissing commands in PodmanMissing commands in DockerUsing Docker Compose with PodmanDocker Compose quick startConfiguring Podman to interact with docker-composeRunning Compose workloads with Podman and docker-composeUsing podman-composeSummaryFurther reading
Chapter 14: Interacting with systemd and Kubernetes
Technical requirementsSetting up the prerequisites for the host operating systemCreating the systemd unit filesManaging container-based systemd servicesGenerating Kubernetes YAML resourcesGenerating basic Pod resources from running containersGenerating Pods and services from running containersGenerating a composite application in a single PodGenerating composite applications with multiple PodsRunning Kubernetes resource files in PodmanTesting the results in KubernetesSetting up minikubeStarting minikubeRunning generated resource files in KubernetesSummaryFurther reading
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts

Overview

Dive into the world of containerization with 'Podman for DevOps,' a comprehensive guide to using Podman, Buildah, and Skopeo in your development and deployment workflows. This book takes you from fundamental concepts to advanced techniques, empowering you to build, manage, and secure containerized applications effectively.

What this Book will help me do

Understand and leverage Podman's unique daemonless container runtime for improved security and flexibility.
Master tools like Buildah and Skopeo for creating and managing custom container images and OCI images.
Integrate containers with system services and orchestration platforms such as Kubernetes and systemd.
Enhance application performance and security through advanced troubleshooting and optimization techniques covered in the book.
Migrate from Docker to Podman with detailed comparisons and practical guidance provided in the book.

Author(s)

The authors of 'Podman for DevOps,' None Arrichiello and None Salinetti, are experienced professionals in the field of containerization and DevOps technologies. Their expertise lies in creating practical resources for developers and system administrators to excel in container usage and integration.

Who is it for?

This book is ideal for developers looking to modernize their application packaging workflows, and for system administrators aiming to optimize container management in their infrastructure. Whether you're new to containers or seeking alternatives to Docker, this guide serves your needs. Achieve seamless integration and management of containers with the help of this resource.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781803248233

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills