Book Image

Podman for DevOps

By : Alessandro Arrichiello, Gianni Salinetti
Book Image

Podman for DevOps

By: Alessandro Arrichiello, Gianni Salinetti

Overview of this book

As containers have become the new de facto standard for packaging applications and their dependencies, understanding how to implement, build, and manage them is now an essential skill for developers, system administrators, and SRE/operations teams. Podman and its companion tools Buildah and Skopeo make a great toolset to boost the development, execution, and management of containerized applications. Starting with the basic concepts of containerization and its underlying technology, this book will help you get your first container up and running with Podman. You'll explore the complete toolkit and go over the development of new containers, their lifecycle management, troubleshooting, and security aspects. Together with Podman, the book illustrates Buildah and Skopeo to complete the tools ecosystem and cover the complete workflow for building, releasing, and managing optimized container images. Podman for DevOps provides a comprehensive view of the full-stack container technology and its relationship with the operating system foundations, along with crucial topics such as networking, monitoring, and integration with systemd, docker-compose, and Kubernetes. By the end of this DevOps book, you'll have developed the skills needed to build and package your applications inside containers as well as to deploy, manage, and integrate them with system services.
Table of Contents (19 chapters)
1
Section 1: From Theory to Practice: Running Containers with Podman
7
Section 2: Building Containers from Scratch with Buildah
12
Section 3: Managing and Integrating Containers Securely

Attaching host storage to a container

We have already talked about the immutable nature of containers. Starting from pre-built images, when we run a container, we instance a read/write layer on top of a stack of read-only layers using a copy-on-write approach.

Containers are ephemeral objects based on a stateful image. This implies that containers are not meant to store data inside them – if a container crashes or is removed, all the data would be lost. We need a way to store data in a separate location that is mounted inside the running container, preserved when the container is removed, and ready to be reused by a new container.

There is another important caveat that should not be forgotten – secrets and config files. When we build an image, we can pass all the files and folders we need inside it. However, sealing secrets like certificates or keys inside a build is not a good practice. If we need, for example, to rotate a certificate, we must rebuild the whole...