Book Image

Podman for DevOps

By : Alessandro Arrichiello, Gianni Salinetti
Book Image

Podman for DevOps

By: Alessandro Arrichiello, Gianni Salinetti

Overview of this book

As containers have become the new de facto standard for packaging applications and their dependencies, understanding how to implement, build, and manage them is now an essential skill for developers, system administrators, and SRE/operations teams. Podman and its companion tools Buildah and Skopeo make a great toolset to boost the development, execution, and management of containerized applications. Starting with the basic concepts of containerization and its underlying technology, this book will help you get your first container up and running with Podman. You'll explore the complete toolkit and go over the development of new containers, their lifecycle management, troubleshooting, and security aspects. Together with Podman, the book illustrates Buildah and Skopeo to complete the tools ecosystem and cover the complete workflow for building, releasing, and managing optimized container images. Podman for DevOps provides a comprehensive view of the full-stack container technology and its relationship with the operating system foundations, along with crucial topics such as networking, monitoring, and integration with systemd, docker-compose, and Kubernetes. By the end of this DevOps book, you'll have developed the skills needed to build and package your applications inside containers as well as to deploy, manage, and integrate them with system services.

Related Content you might be interested in

Current Title:

Small book image
Podman for DevOps
Alessandro Arrichiello | Gianni Salinetti
Apr, 2022 | 518 pages
Small book image
Learning Docker
Jeeva S Chelladhurai | Pethuru Raj | Vinod Singh
May, 2017 | 300 pages
Small book image
Oracle Linux Cookbook
Jonathan Spindel | Erik Benner | Erik B Thomsen
Jan, 2024 | 548 pages
Small book image
Docker Certified Associate (DCA): Exam Guide
Francisco Javier Ramiacuterez Urea
Sep, 2020 | 612 pages
Table of Contents (19 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: From Theory to Practice: Running Containers with Podman
Section 1: From Theory to Practice: Running Containers with Podman
Free Chapter
2
Chapter 1: Introduction to Container Technology
Chapter 1: Introduction to Container Technology
Technical requirements
Book conventions
What are containers?
Why do I need a container?
Where are containers used today?
Summary
Further reading
3
Chapter 2: Comparing Podman and Docker
Chapter 2: Comparing Podman and Docker
Technical requirements
Docker container daemon architecture
Podman daemonless architecture
The main differences between Docker and Podman
Summary
Further reading
4
Chapter 3: Running the First Container
Chapter 3: Running the First Container
Technical requirements
Choosing an operating system and installation method
Preparing your environment
Running your first container
Summary
Further reading
5
Chapter 4: Managing Running Containers
Chapter 4: Managing Running Containers
Technical requirements
Managing container images
Operations with running containers
Inspecting container information
Capturing logs from containers
Executing processes in a running container
Running containers in pods
Summary
6
Chapter 5: Implementing Storage for the Container's Data
Chapter 5: Implementing Storage for the Container's Data
Technical requirements
Why does storage matter for containers?
Containers' storage features
Copying files in and out of a container
Attaching host storage to a container
Summary
Further reading
7
Section 2: Building Containers from Scratch with Buildah
Section 2: Building Containers from Scratch with Buildah
8
Chapter 6: Meet Buildah – Building Containers from Scratch
Chapter 6: Meet Buildah – Building Containers from Scratch
Technical requirements
Basic image building with Podman
Meet Buildah, Podman's companion tool for builds
Preparing our environment
Choosing our build strategy
Building images from scratch
Building images from a Dockerfile
Summary
Further reading
9
Chapter 7: Integrating with Existing Application Build Processes
Chapter 7: Integrating with Existing Application Build Processes
Technical requirements
Multistage container builds
Running Buildah inside a container
Integrating Buildah in custom builders
Summary
Further readings
10
Chapter 8: Choosing the Container Base Image
Chapter 8: Choosing the Container Base Image
Technical requirements
The Open Container Initiative image format
Where do container images come from?
Trusted container image sources
Introducing Universal Base Image
Summary
Further reading
11
Chapter 9: Pushing Images to a Container Registry
Chapter 9: Pushing Images to a Container Registry
Technical requirements
What is a container registry?
Cloud-based and on-premise container registries
Managing container images with Skopeo
Running a local container registry
Summary
Further reading
12
Section 3: Managing and Integrating Containers Securely
Section 3: Managing and Integrating Containers Securely
13
Chapter 10: Troubleshooting and Monitoring Containers
Chapter 10: Troubleshooting and Monitoring Containers
Technical requirements
Troubleshooting running containers
Monitoring containers with health checks
Inspecting your container build results
Advanced troubleshooting with nsenter
Summary
Further reading
14
Chapter 11: Securing Containers
Chapter 11: Securing Containers
Technical requirements
Running rootless containers with Podman
Do not run containers with UID 0
Signing our container images
Customizing Linux kernel capabilities
SELinux interaction with containers
Summary
Further reading
15
Chapter 12: Implementing Container Networking Concepts
Chapter 12: Implementing Container Networking Concepts
Technical requirements
Container networking and Podman setup
Interconnecting two or more containers
Exposing containers outside our underlying host
Rootless container network behavior
Summary
Further reading
16
Chapter 13: Docker Migration Tips and Tricks
Chapter 13: Docker Migration Tips and Tricks
Technical requirements
Migrating existing images and playing with a command's alias
Podman commands versus Docker commands
Using Docker Compose with Podman
Summary
Further reading
17
Chapter 14: Interacting with systemd and Kubernetes
Chapter 14: Interacting with systemd and Kubernetes
Technical requirements
Setting up the prerequisites for the host operating system
Creating the systemd unit files
Managing container-based systemd services
Generating Kubernetes YAML resources
Running Kubernetes resource files in Podman
Testing the results in Kubernetes
Summary
Further reading
Why subscribe?
18
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Running rootless containers with Podman

As we briefly saw in Chapter 4, Managing Running Containers, it is possible for Podman to let standard users without administrative privileges run containers in a Linux host. These containers are often referred to as "rootless containers."

Rootless containers have many advantages, including the following:

  • They create an additional security layer that could block attackers trying to get root privileges on the host, even if the container engine, runtime, or orchestrator has been compromised.
  • They can allow many unprivileged users to run containers on the same host, making the most of high-performance computing environments.

Let's think about the approach that's used by any Linux system to handle traditional process services. Usually, the package maintainers tend to create a dedicated user for scheduling and running the target process. If we try to install an Apache web server on our favorite Linux distribution...

Previous Section
End of Section 3
Next Section