Podman for DevOps

Podman for DevOps

by Alessandro Arrichiello, Gianni Salinetti
Released April 2022
Publisher(s): Packt Publishing
ISBN: 9781803248233

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Build, deploy, and manage containers with the next-generation engine and tools

Key Features

  • Discover key differences between Docker and Podman
  • Build brand new container images with Buildah, the Podman companion
  • Learn how to manage and integrate containers securely in your existing infrastructure

Book Description

As containers have become the new de facto standard for packaging applications and their dependencies, understanding how to implement, build, and manage them is now an essential skill for developers, system administrators, and SRE/operations teams. Podman and its companion tools Buildah and Skopeo make a great toolset to boost the development, execution, and management of containerized applications.

Starting with the basic concepts of containerization and its underlying technology, this book will help you get your first container up and running with Podman. You'll explore the complete toolkit and go over the development of new containers, their lifecycle management, troubleshooting, and security aspects. Together with Podman, the book illustrates Buildah and Skopeo to complete the tools ecosystem and cover the complete workflow for building, releasing, and managing optimized container images. Podman for DevOps provides a comprehensive view of the full-stack container technology and its relationship with the operating system foundations, along with crucial topics such as networking, monitoring, and integration with systemd, docker-compose, and Kubernetes.

By the end of this DevOps book, you'll have developed the skills needed to build and package your applications inside containers as well as to deploy, manage, and integrate them with system services.

What you will learn

  • Understand Podman’s daemonless approach as a container engine
  • Run, manage, and secure containers with Podman
  • Discover the strategies, concepts, and command-line options for using Buildah to build containers from scratch
  • Manage OCI images with Skopeo
  • Troubleshoot runtime, build, and isolation issues
  • Integrate Podman containers with existing networking and system services

Who this book is for

The book is for cloud developers looking to learn how to build and package applications inside containers and system administrators who want to deploy, manage, and integrate them with system services and orchestration solutions. This book provides a detailed comparison between Docker and Podman to aid you in learning Podman quickly.

Table of contents

  1. Podman for DevOps
  2. Foreword
  3. Contributors
  4. About the authors
  5. About the reviewers
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the example code files
    5. Download the color images
    6. Conventions used
    7. Get in touch
    8. Share Your Thoughts
  7. Section 1: From Theory to Practice: Running Containers with Podman
  8. Chapter 1: Introduction to Container Technology
    1. Technical requirements
    2. Book conventions
    3. What are containers?
      1. Resource usage with cgroups
      2. Running isolated processes
      3. Isolating mounts
      4. Container images to the rescue
      5. Security considerations
      6. Container engines and runtimes
      7. Containers versus virtual machines
    4. Why do I need a container?
      1. Open source
      2. Portability
      3. DevOps facilitators
      4. Cloud readiness
      5. Infrastructure optimization
      6. Microservices
      7. Chroot and Unix v7
      8. FreeBSD jails
      9. Solaris Containers (also known as Solaris Zones)
      10. Linux Containers (LXC)
      11. Docker
      12. rkt
      13. OCI and CRI-O
      14. Podman
    5. Where are containers used today?
    6. Summary
    7. Further reading
  9. Chapter 2: Comparing Podman and Docker
    1. Technical requirements
    2. Docker container daemon architecture
      1. The Docker daemon
      2. Interacting with the Docker daemon
      3. The Docker REST API
      4. Docker client commands
      5. Docker images
      6. Docker registries
      7. What does a running Docker architecture look like?
      8. Containerd architecture
    3. Podman daemonless architecture
      1. Podman commands and REST API
      2. Podman building blocks
      3. The libpod library
      4. The runc and crun OCI container runtimes
      5. Conmon
      6. Rootless containers
      7. OCI images
    4. The main differences between Docker and Podman
      1. Command-line interface comparison
      2. Running a container
    5. Summary
    6. Further reading
  10. Chapter 3: Running the First Container
    1. Technical requirements
    2. Choosing an operating system and installation method
      1. Choosing between Linux distributions and another OS
    3. Preparing your environment
      1. Customizing the container registries search list
      2. Optional – enable socket-based services
      3. Optional – customize Podman’s behavior
    4. Running your first container
      1. Interactive and pseudo-tty
      2. Detaching from a running container
      3. Network port publishing
      4. Configuration and environment variables
    5. Summary
    6. Further reading
  11. Chapter 4: Managing Running Containers
    1. Technical requirements
    2. Managing container images
      1. Searching for images
      2. Pulling and viewing images
      3. Inspecting images' configurations and contents
      4. Deleting images
    3. Operations with running containers
      1. Viewing and handling container status
      2. Pausing and unpausing containers
      3. Inspecting processes inside containers
      4. Monitoring container stats
    4. Inspecting container information
    5. Capturing logs from containers
    6. Executing processes in a running container
    7. Running containers in pods
    8. Summary
  12. Chapter 5: Implementing Storage for the Container's Data
    1. Technical requirements
    2. Why does storage matter for containers?
    3. Containers' storage features
      1. Storage driver
    4. Copying files in and out of a container
      1. Interacting with overlayfs
    5. Attaching host storage to a container
      1. Managing and attaching bind mounts to a container
      2. Managing and attaching volumes to a container
      3. SELinux considerations for mounts
      4. Attaching other types of storage to a container
    6. Summary
    7. Further reading
  13. Section 2: Building Containers from Scratch with Buildah
  14. Chapter 6: Meet Buildah – Building Containers from Scratch
    1. Technical requirements
    2. Basic image building with Podman
      1. Builds under the hood
      2. Dockerfile and Containerfile instructions
      3. Running builds with Podman
    3. Meet Buildah, Podman's companion tool for builds
    4. Preparing our environment
      1. Verifying the installation
      2. Buildah configuration files
    5. Choosing our build strategy
      1. Building a container image starting from an existing base image
      2. Building a container image starting from scratch
      3. Building a container image starting from a Dockerfile
    6. Building images from scratch
    7. Building images from a Dockerfile
    8. Summary
    9. Further reading
  15. Chapter 7: Integrating with Existing Application Build Processes
    1. Technical requirements
    2. Multistage container builds
      1. Multistage builds with Dockerfiles
      2. Multistage builds with Buildah native commands
    3. Running Buildah inside a container
      1. Running rootless Buildah containers with volume stores
      2. Running Buildah containers with bind-mounted stores
      3. Running native Buildah commands inside containers
    4. Integrating Buildah in custom builders
      1. Including Buildah in our Go build tool
      2. Quarkus-native executables in containers
      3. A Buildah wrapper for the Rust language
    5. Summary
    6. Further readings
  16. Chapter 8: Choosing the Container Base Image
    1. Technical requirements
    2. The Open Container Initiative image format
      1. OCI Image Manifest
    3. Where do container images come from?
      1. Docker Hub container registry service
      2. Quay container registry service
      3. Red Hat Ecosystem Catalog
    4. Trusted container image sources
      1. Managing trusted registries
    5. Introducing Universal Base Image
      1. The UBI Standard image
      2. The UBI Minimal image
      3. The UBI Micro image
      4. The UBI Init image
      5. Other UBI-based images
    6. Summary
    7. Further reading
  17. Chapter 9: Pushing Images to a Container Registry
    1. Technical requirements
    2. What is a container registry?
      1. Repository management
      2. Pushing container images
      3. Tag management
      4. Pulling container images
      5. Authentication management
    3. Cloud-based and on-premise container registries
      1. On-premise container registries
      2. Cloud-based container registries
    4. Managing container images with Skopeo
      1. Installing Skopeo
      2. Verifying the installation
      3. Copying images across locations
      4. Inspecting remote images
      5. Synchronizing registries and local directories
      6. Deleting images
    5. Running a local container registry
      1. Running a containerized registry
      2. Customizing the registry configuration
      3. Using a local registry to sync repositories
      4. Managing registry garbage collection
    6. Summary
    7. Further reading
  18. Section 3: Managing and Integrating Containers Securely
  19. Chapter 10: Troubleshooting and Monitoring Containers
    1. Technical requirements
    2. Troubleshooting running containers
      1. Permission denied while using storage volumes
      2. Issues with the ping command in rootless containers
    3. Monitoring containers with health checks
    4. Inspecting your container build results
      1. Troubleshooting builds from Dockerfiles
      2. Troubleshooting builds with Buildah-native commands
    5. Advanced troubleshooting with nsenter
      1. Troubleshooting a database client with nsenter
    6. Summary
    7. Further reading
  20. Chapter 11: Securing Containers
    1. Technical requirements
    2. Running rootless containers with Podman
      1. The Podman Swiss Army knife – subuid and subgid
    3. Do not run containers with UID 0
    4. Signing our container images
      1. Signing images with GPG and Podman
      2. Configuring Podman to pull signed images
      3. Testing signature verification failures
      4. Managing keys with Podman image trust commands
      5. Managing signatures with Skopeo
    5. Customizing Linux kernel capabilities
      1. Capabilities quickstart guide
      2. Capabilities in containers
      3. Customizing a container's capabilities
    6. SELinux interaction with containers
      1. Introducing Udica
    7. Summary
    8. Further reading
  21. Chapter 12: Implementing Container Networking Concepts
    1. Technical requirements
    2. Container networking and Podman setup
      1. CNI configuration quick start
      2. Podman CNI walkthrough
      3. Netavark configuration quick start
      4. Podman Netavark walkthrough
      5. Managing networks with Podman
    3. Interconnecting two or more containers
      1. Container DNS resolution
      2. Running containers inside a Pod
    4. Exposing containers outside our underlying host
      1. Port Publishing
      2. Attaching a host network
      3. Host firewall configuration
    5. Rootless container network behavior
    6. Summary
    7. Further reading
  22. Chapter 13: Docker Migration Tips and Tricks
    1. Technical requirements
    2. Migrating existing images and playing with a command's alias
    3. Podman commands versus Docker commands
      1. Behavioral differences between Podman and Docker
      2. Missing commands in Podman
      3. Missing commands in Docker
    4. Using Docker Compose with Podman
      1. Docker Compose quick start
      2. Configuring Podman to interact with docker-compose
      3. Running Compose workloads with Podman and docker-compose
      4. Using podman-compose
    5. Summary
    6. Further reading
  23. Chapter 14: Interacting with systemd and Kubernetes
    1. Technical requirements
    2. Setting up the prerequisites for the host operating system
    3. Creating the systemd unit files
    4. Managing container-based systemd services
    5. Generating Kubernetes YAML resources
      1. Generating basic Pod resources from running containers
      2. Generating Pods and services from running containers
      3. Generating a composite application in a single Pod
      4. Generating composite applications with multiple Pods
    6. Running Kubernetes resource files in Podman
    7. Testing the results in Kubernetes
      1. Setting up minikube
      2. Starting minikube
      3. Running generated resource files in Kubernetes
    8. Summary
    9. Further reading
    10. Why subscribe?
  24. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts

Product information

  • Title: Podman for DevOps
  • Author(s): Alessandro Arrichiello, Gianni Salinetti
  • Release date: April 2022
  • Publisher(s): Packt Publishing
  • ISBN: 9781803248233