Open woshikid opened 1 year ago
sudo apt install podman sudo yum install podman
Podman的命令行与Docker高度兼容 可直接替换
alias docker=podman
或安装podman-docker
sudo apt install podman-docker sudo yum install podman-docker
其本质为/usr/bin/docker或/bin/docker
/usr/bin/docker
/bin/docker
#!/bin/sh [ -f /etc/containers/nodocker ] || \ echo "Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg." >&2 exec /usr/bin/podman "$@"
如出现WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers 可使用以下命令
WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers
sudo mount --make-rshared /
配置文件优先级
配置镜像源 sudo vi /etc/containers/registries.conf
unqualified-search-registries = ["docker.io", "quay.io"]
配置镜像别名 sudo vi /etc/containers/registries.conf.d/shortnames.conf
#short-name-mode = "enforcing" # 别名不存在时,提示用户选择镜像源,非交互式时报错 #short-name-mode = "permissive" # 默认,别名不存在时,提示用户选择镜像源,非交互式时自动轮询镜像源 short-name-mode = "disabled" # 别名不存在时,自动轮询镜像源 [aliases] "hello-world" = "quay.io/podman/hello"
配置私服 sudo vi /etc/containers/registries.conf
[[registry]] #prefix = "example.com:5000" # 私服前缀 location = "example.com:5000" # 私服地址 insecure = true # 使用未加密或自签名registry
配置镜像源mirror sudo vi /etc/containers/registries.conf
[[registry]] #prefix = "docker.io" # 镜像源前缀 location = "docker.io" # 镜像源地址 [[registry.mirror]] location = "example.com:5000" # mirror地址 insecure = true # 使用未加密或自签名mirror
登录/退出
podman login [--tls-verify=false] example.com:5000 podman logout [-a]
搜索镜像
podman search [--tls-verify=false] example.com:5000/ podman search [--list-tags] ubuntu
便利语法
podman inspect -l podman top -l podman exec -itl bash podman start -al podman kill -l
手动检测健康
podman healthcheck run 2a448b1b1554
挂载文件系统
#podman unshare podman mount 2a448b1b1554 podman unmount 2a448b1b1554
移除镜像标签
podman untag 2a448b1b1554
显示调试信息
podman --log-level=debug run hello-world
Troubleshooting https://github.com/containers/podman/blob/main/troubleshooting.md
podman run hello-world # rootless sudo podman run hello-world # root
注意:rootless与root的镜像、容器、网络、卷等完全独立
rootless容器默认不能ping 可使用以下命令(宿主机)
sudo sysctl -w "net.ipv4.ping_group_range=0 2147483647" # 临时 echo "net.ipv4.ping_group_range=0 2147483647" | sudo tee -a /etc/sysctl.conf # 永久
如遇到bash: /usr/bin/ping: Operation not permitted错误 可使用以下命令(容器内)
bash: /usr/bin/ping: Operation not permitted
setcap cap_net_raw+p /usr/bin/ping
启用监听
systemctl --user enable --now podman.socket # server sudo loginctl enable-linger $USER # server #podman --remote info # 测试监听 # server
启用sshd
sudo systemctl enable --now sshd # server
生成ssh密钥
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 # client
复制ssh密钥
# cat id_ed25519.pub >> ~/.ssh/authorized_keys # server ssh-copy-id -i ~/.ssh/id_ed25519.pub user@server # client
创建远程context
podman system connection add test-server [--identity ~/.ssh/id_ed25519] [ssh://]user@server[/run/user/1000/podman/podman.sock] # client #podman context create test-server --docker user@server:22/run/user/1000/podman/podman.sock # client
查看context
podman system connection ls #podman context ls
设置默认context
podman system connection default test-server #podman context use test-server
连接远程Podman
podman --remote [-c test-server] version
安装Podman
Podman的命令行与Docker高度兼容 可直接替换
或安装podman-docker
其本质为
/usr/bin/docker或/bin/docker如出现
WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers可使用以下命令使用Podman
配置文件优先级
配置镜像源 sudo vi /etc/containers/registries.conf
配置镜像别名 sudo vi /etc/containers/registries.conf.d/shortnames.conf
配置私服 sudo vi /etc/containers/registries.conf
配置镜像源mirror sudo vi /etc/containers/registries.conf
登录/退出
搜索镜像
便利语法
手动检测健康
挂载文件系统
移除镜像标签
显示调试信息
Troubleshooting https://github.com/containers/podman/blob/main/troubleshooting.md
Rootless
注意:rootless与root的镜像、容器、网络、卷等完全独立
rootless容器默认不能ping 可使用以下命令(宿主机)
如遇到
bash: /usr/bin/ping: Operation not permitted错误 可使用以下命令(容器内)连接远程Podman
启用监听
启用sshd
生成ssh密钥
复制ssh密钥
创建远程context
查看context
设置默认context
连接远程Podman