Podman
Rootless container management compatible with Docker commands.
Container Management
Basic Lifecycle
# Run a container (detached)
podman run -d --name my-app alpine sleep 1000
# List running containers
podman ps
# List all containers (including stopped ones)
podman ps -a
# Stop and remove a container
podman stop my-app
podman rm my-app
# Inspect container details
podman inspect my-app
Logs and Execution
# View container logs (non-interactive)
podman logs my-app
# Execute a command in a running container
podman exec my-app ls /app
Image Management
# Pull an image
podman pull alpine:latest
# List local images
podman images
# Build an image from a Containerfile (or Dockerfile)
podman build -t my-custom-image .
# Remove an image
podman rmi my-custom-image
Pods (Unique to Podman)
Pods allow grouping multiple containers together so they share the same network namespace (localhost).
# Create a pod
podman pod create --name my-stack -p 8080:80
# Run a container inside a pod
podman run -d --pod my-stack --name nginx nginx
# List pods
podman pod ps
Maintenance and Cleanup
# Remove all stopped containers, unused networks, and dangling images
podman system prune -f
# Show disk usage by containers/images
podman system df
Headless / Non-Interactive Tips
- Force Flag: Use
-for--forcewithrm,rmi, andpruneto avoid confirmation prompts. - Detached Mode: Always use
-dfor long-running services to prevent the command from hanging. For interactive sessions, use:tmux new -d 'podman run -it --name my-app alpine sh' - Rootless: Podman runs in rootless mode by default for the current user. Ensure subuid/subgid are configured if running complex workloads.
- Docker Compatibility: Most
dockercommands can be prefixed withpodmaninstead.
Networking
# Create a network
podman network create my-network
# Run container on a network
podman run --network my-network --name web nginx
# Connect existing container to network
podman network connect my-network web
# List networks
podman network ls
# Inspect network
podman network inspect my-network
Secrets Management
# Create a secret
echo "my-secret-value" | podman secret create my-secret -
# List secrets
podman secret ls
# Use secret in container
podman run --secret my-secret,type=env,target=MY_SECRET alpine env
Health Checks
# Run container with health check
podman run -d --health-cmd "curl -f http://localhost/ || exit 1" \
--health-interval 30s --health-retries 3 \
--name web nginx
# Check health status
podman inspect web | grep -A 10 "Health"
Auto Updates
# Run container with auto-update policy
podman run -d --label "io.containers.autoupdate=registry" \
--name web nginx
# Check for updates
podman auto-update
# Apply updates
podman auto-update --dry-run=false
Systemd Integration (Quadlet)
Podman can generate systemd service files for containers:
# Create a .container file
cat > ~/.config/containers/systemd/my-app.container << EOF
[Container]
Image=nginx:latest
PublishPort=8080:80
EOF
# Generate systemd service
podman generate systemd --new --files --name my-app
# Enable and start
systemctl --user enable --now container-my-app.service
Docker Compose Compatibility
# Native podman compose support
podman compose up -d
podman compose down
podman compose logs
# Or use podman-compose (third-party tool)
pip install podman-compose
podman-compose up -d
Kubernetes Integration
# Generate Kubernetes YAML from container/pod
podman generate kube my-pod > pod.yaml
# Play Kubernetes YAML
podman kube play pod.yaml
# Stop and remove Kubernetes resources
podman kube down pod.yaml
Remote Builds (Farm)
# Farm out builds to remote machines
podman farm build -t myimage .
# List configured farms
podman farm list
Artifact Management
# Push OCI artifacts
podman artifact push myartifact.tar oci://registry.example.com/artifact
# Pull OCI artifacts
podman artifact pull oci://registry.example.com/artifact
Related Skills
- tmux: Run containers in background sessions
- nix: Alternative reproducible environments