podman的部署和應用 podman官方網站(https://podman.io/) 什麼是podman Podman是一個無守護進程的容器引擎,用於在Linux系統上開發、管理和運行OCI容器。容器可以作為根運行,也可以以無根模式運行。簡單地說:別名docker=podman 它是一款集合了命令 ...
podman的部署和應用
目錄
podman官方網站(https://podman.io/)
什麼是Podman
Podman是一個無守護進程的容器引擎,用於在Linux系統上開發、管理和運行OCI容器。容器可以作為根運行,也可以以無根模式運行。簡單地說:別名docker=podman
-
它是一款集合了命令集的工具,設計初衷是為了處理容器化進程的不同任務,可以作為一個模塊化框架工作。它的工具集包括:
Podman:Pod和容器鏡像管理器
Buildah:容器鏡像生成器
Skopeo:容器鏡像檢查管理器
Runc:容器運行器和特性構建器,並傳遞給Podman和Buildah
Crun:可選運行時,為Rootless容器提供更大的靈活性、控制和安全性 -
這些工具還可以與任何OCI相容的容器引擎(如Docker)一起工作,使其易於轉換到Podman或與現有的Docker安裝一起使用。Kubernetes可以使用Podman嗎?答案是:是的。事實上,Kubernetes和Podman在某些方面是相似的。
-
Podman是一個無守護進程的開源Linux本地工具,旨在使用開放容器倡議(open Containers Initiative, OCI)容器和容器映像輕鬆查找、運行、構建、共用和部署應用程式。Podman提供了一個命令行介面(CLI),任何使用過Docker容器引擎的人都很熟悉。大多數用戶可以簡單地將Docker別名為Podman(別名Docker = Podman),沒有任何問題。與其他常見的容器引擎(Docker, CRI-O, containerd)類似,Podman依賴於一個相容OCI的容器運行時(runc, crun, runv等)與操作系統介面,並創建運行的容器。這使得Podman創建的運行中的容器與其他任何普通容器引擎創建的容器幾乎沒有區別
-
Podman控制下的容器可以由root或非特權用戶運行。Podman使用libpod庫管理整個容器生態系統,包括pods、容器、容器映像和容器捲。Podman擅長於幫助維護和修改OCI容器映像的所有命令和功能,例如拉取和標記。它允許您在生產環境中創建、運行和維護這些容器和容器映像。
有一個用於管理容器的RESTFul API。我們還有一個可以與RESTFul服務交互的遠程Podman客戶端。我們目前支持Linux、Mac和Windows上的客戶端。rest式服務僅支持Linux操作系統。
什麼是Docker
-
Docker是標準的容器管理技術。Docker在行業中舉足輕重,以至於大多數人一想到容器,就會想到Docker。
-
Docker是容器編排世界的一把瑞士軍刀,在其他替代方案出現之前就已經提供了諸多特性。隨著容器管理複雜度的增加,它也必須成長為一個獨立的、自給自足的工具,以便能提供開發人員的所有需求。
-
Docker也在很短的時間內,就成為All-in-one解決方案的關鍵工具之一。其中一款就是Docker Swarm,這是一款由Docker原生的,可以讓你組建群集和調度Docker引擎,以及用來創建和管理容器群的解決方案。
-
Docker的諸多輔助工具處理所有與容器編排相關的任務,從負載均衡到網路,使其成為行業的首選,不光是作為行業技術參考。
-
儘管Docker是一個強大的系統,但這種自給自足的模式也有它的缺點。雖然可以在開發的所有階段創建和運行容器,但其他工具在與Docker集成交互時或多或少存在些困難。
-
近年來,隨著許多其他用於特定任務的專用工具的出現,Docker成為許多開發人員的起點,隨之,他們將一些任務分配給其他更輕量級的平臺和工具。
Podman的使用與Docker有什麼區別
Podman和Docker有許多共同的特性,但也有一些根本的區別。技術不分好壞,只是著重於哪個更適用於某些特定的場景。
Podman與Linux內核交互,通過runC容器運行時進程而不是Daemon來管理容器。Buildah實用程式用於替代Docker build作為容器鏡像構建工具,Docker push被Skopeo替代,用於在註冊表和容器引擎之間移動容器鏡像。
架構
Docker使用守護進程,一個正在後臺運行的程式,來創建鏡像和運行容器。Podman是無守護進程的架構,這意味著它可以在啟動容器的用戶下運行容器。Docker有一個由守護進程引導的客戶端——伺服器邏輯架構;但Podman不需要此類守護進程。
Root特權
由於Podman沒有守護進程來管理其活動,也無需為其容器分配Root特權。Docker最近在其守護進程配置中添加了Rootless模式,但Podman首先使用了這種方法,並將其作為基本特性進行了推廣。原因如下。
安全
Podman比Docker安全嗎?Podman允許容器使用Rootless特權。Rootless容器被認為比Root特權的容器更安全。在Docker中,守護進程擁有Root許可權,這使得它們易成為攻擊者的首選入侵點。
Podman中的容器預設情況下不具有Root訪問許可權,這在Root級別和Rootless級別之間添加了一個自然屏障,提高了安全性。不過,Podman可以同時運行Root容器和Rootless容器。
Systemd
如果沒有守護進程,Podman需要另一個工具來管理服務並支持後臺運行的容器。Systemd為現有容器創建控制單元或用來生成新容器。Systemd還可以與Podman集成,允許它在預設情況下運行啟用了Systemd的容器,從而無需進行任何修改。
通過使用Systemd,供應商可以將他們的應用程式封裝為容器用來安裝、運行和管理,因為現在大多數應用程式都是通過這種方式打包和交付的。
構建鏡像
作為一款自給自足的工具,Docker可以自己構建容器鏡像。Podman則需要另一種名為Buildah的工具的輔助,該工具充分體現了它的特殊性:它是為構建鏡像而設計的,而不是為構建容器而生。
Docker Swarm
Podman不支持Docker Swarm,這可能會在某些項目中被刨除在外,因為使用Docker Swarm命令會產生一個錯誤。然而,Podman最近增加了對Docker Compose的支持,使其與Swarm相容,從而剋服了這個限制。當然,Docker由於其原生的特性,與Swarm當然融合得很好。
All in one vs 模塊化
也許這就是這兩種技術的關鍵區別:Docker是一個獨立的、強大的工具,在整個迴圈中處理所有的容器化任務,有優點也有缺點。Podman採用模塊化的方法,依靠專門的工具來完成特定的任務。
Podman vs Docker:他們能合作嗎?
作為最好的、最易應用於Docker的替代方案——用戶可以將Docker別名設置為Podman(alias docker=podman),且不會出現任何問題,正如上面圖中中所示——Podman是一個非常強大的容器化任務工具。
Podman會是Docker的替代品嗎?
如果你要從頭開始一個項目,Podman可以是一個首要的容器化技術選項。如果項目正在進行,並且已經在使用Docker,這還需要具體情況具體分析,實際情況並不一定值得去改。而且作為一款Linux原生的應用,它要求相關開發人員具備Linux的相關技能。
開發人員可以在開發階段依賴Docker,然後在運行時環境中將項目推向Podman,從而結合使用這兩種工具,並受益於Podman所提供的更安全性。由於它們都是OCI相容的,因此,相容性不是個問題。
Docker和Podman能共存嗎?
是的,而且會很好。許多開發人員一直在合用Docker和Podman來創建更安全、更高效、更敏捷的框架。它們有很多共同之處,無論是從Docker到Podman的轉變,亦或是二者合併使用,都可以做到無縫銜接。
部署Podman
[root@localhost ~]# ls /etc/yum.repos.d/
CentOS-Base.repo
//此處我配置的是阿裡源,可以直接去官網上面找
[root@localhost ~]# dnf list|grep podman
Failed to set locale, defaulting to C.UTF-8
cockpit-podman.noarch 33-1.module_el8.5.0+890+6b136101 AppStream
pcp-pmda-podman.x86_64 5.3.1-5.el8 AppStream
podman.x86_64 3.3.1-9.module_el8.5.0+988+b1f0b741 AppStream
podman-catatonit.x86_64 3.3.1-9.module_el8.5.0+988+b1f0b741 AppStream
podman-docker.noarch 3.3.1-9.module_el8.5.0+988+b1f0b741 AppStream
podman-gvproxy.x86_64 3.3.1-9.module_el8.5.0+988+b1f0b741 AppStream
podman-plugins.x86_64 3.3.1-9.module_el8.5.0+988+b1f0b741 AppStream
podman-remote.x86_64 3.3.1-9.module_el8.5.0+988+b1f0b741 AppStream
podman-tests.x86_64 3.3.1-9.module_el8.5.0+988+b1f0b741 AppStream
python3-podman.noarch 3.2.0-2.module_el8.5.0+890+6b136101 AppStream
//列出系統中的podman,我們需要的是podman.x86_64,podman-docker.noarch,可以直接安裝podman-docker.noarch
[root@localhost ~]# which podman
/usr/bin/which: no podman in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
//查看系統中是否有podman命令
[root@localhost ~]# dnf -y install podman-docker
//安裝podman
[root@localhost ~]# which podman
/usr/bin/podman //現在可以查看到有podman命令
[root@localhost ~]# which docker
/usr/bin/docker //雖然顯示有docker命令但是是沒有的
[root@localhost ~]# dnf list|grep docker //可以查看到沒有安裝docker
Failed to set locale, defaulting to C.UTF-8
podman-docker.noarch 3.3.1-9.module_el8.5.0+988+b1f0b741 @AppStream
pcp-pmda-docker.x86_64 5.3.1-5.el8 AppStream
[root@localhost ~]# ll /usr/bin/docker
-rwxr-xr-x. 1 root root 163 Nov 10 2021 /usr/bin/docker
//查看docker的程式
[root@localhost ~]# ll /usr/bin/podman
-rwxr-xr-x. 1 root root 49688376 Nov 10 2021 /usr/bin/podman
//查看podman的程式
[root@localhost ~]# file /usr/bin/docker
/usr/bin/docker: POSIX shell script, ASCII text executable
//可以查看到docker是一個腳本
[root@localhost ~]# file /usr/bin/podman
/usr/bin/podman: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=53954cc47243d7854d8d1bf5d09e919c728e4384, stripped
//podman是一個程式
[root@localhost ~]# less /usr/bin/docker
#!/bin/sh
[ -f /etc/containers/nodocker ] || \
echo "Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg." >&2
exec /usr/bin/podman "$@"
//可以查看到名字是docker但是執行的是podman
[root@localhost ~]# podman pull busybox
Resolved "busybox" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 50783e0dfb64 done
Copying config 7a80323521 done
Writing manifest to image destination
Storing signatures
7a80323521ccd4c2b4b423fa6e38e5cea156600f40cd855e464cc52a321a24dd
//安裝好了podman不用啟動可以直接拉取鏡像,此處可以看見是/etc/containers/registries.conf.d/000-shortnames.conf這個倉庫配置文件裡面然後在docker.io官方倉庫hub.harbor.com裡面拉取下來了
[root@localhost ~]# vim /etc/containers/registries.conf.d/000-shortnames.conf
//可以查看到這裡全部是一些別名
因為我們不知道它會從哪個倉庫裡面去查找我們所需要東西,所以我們可以進行自定義倉庫
[root@localhost ~]# cd /etc/containers/
[root@localhost containers]# ls
certs.d oci policy.json registries.conf registries.conf.d registries.d storage.conf
//在registries.conf.d 這個裡面進行設置
[root@localhost containers]# vim registries.conf
unqualified-search-registries = ["docker.io"]
#unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]
//可以把原來的配置複製一下再註釋,上面的就只保留docker.io
[[registry]]
prefix = "docker.io"
location = "docker.mirrors.ustc.edu.cn"
//配置加速器,此處是清華大學的(https://docker.mirrors.ustc.edu.cn/)
[root@localhost containers]# podman info
host:
arch: amd64
buildahVersion: 1.22.3
cgroupControllers:
- cpuset
- cpu
- cpuacct
- blkio
- memory
- devices
- freezer
- net_cls
- perf_event
- net_prio
- hugetlb
- pids
- rdma
cgroupManager: systemd
cgroupVersion: v1
conmon:
package: conmon-2.0.29-1.module_el8.5.0+890+6b136101.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.0.29, commit: 84384406047fae626269133e1951c4b92eed7603'
cpus: 4
distribution:
distribution: '"centos"'
version: "8"
eventLogger: file
hostname: localhost
idMappings:
gidmap: null
uidmap: null
kernel: 4.18.0-257.el8.x86_64
linkmode: dynamic
memFree: 1109696512
memTotal: 2043572224
ociRuntime:
name: runc
package: runc-1.0.2-1.module_el8.5.0+911+f19012f9.x86_64
path: /usr/bin/runc
version: |-
runc version 1.0.2
spec: 1.0.2-dev
go: go1.16.7
libseccomp: 2.4.3
os: linux
remoteSocket:
path: /run/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.1.8-1.module_el8.5.0+890+6b136101.x86_64
version: |-
slirp4netns version 1.1.8
commit: d361001f495417b880f20329121e3aa431a8f90f
libslirp: 4.4.0
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.4.3
swapFree: 2181033984
swapTotal: 2181033984
uptime: 48m 30.51s
registries:
docker.io:
Blocked: false
Insecure: false
Location: docker.mirrors.ustc.edu.cn
MirrorByDigestOnly: false
Mirrors: null
Prefix: docker.io
search:
- docker.io
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions:
overlay.mountopt: nodev,metacopy=on
graphRoot: /var/lib/containers/storage
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "false"
Supports d_type: "true"
Using metacopy: "true"
imageStore:
number: 1
runRoot: /run/containers/storage
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 3.3.1
Built: 1636493036
BuiltTime: Wed Nov 10 05:23:56 2021
GitCommit: ""
GoVersion: go1.16.7
OsArch: linux/amd64
Version: 3.3.1
//查看podman的信息
[root@localhost ~]# podman pull centos
Resolved "centos" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull quay.io/centos/centos:latest...
Getting image source signatures
Copying blob 7a0437f04f83 done
Copying config 300e315adb done
Writing manifest to image destination
Storing signatures
300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55
//拉取鏡像嘗試一下,可以看見是直接去官方網站裡面拉取鏡像的
Podman的應用
podman的常用命令:
podman create #創建容器
podman run #創建並啟動容器
podman start #啟動容器
podman ps #查看容器
podman stop #終止容器
podman restart #重啟容器
podman attach #進入容器
podman exec #進入容器
podman export #導出容器
podman import #導入容器快照
podman rm #刪除容器
podman logs #查看日誌
podman search #檢索鏡像
podman pull #獲取鏡像
podman images #列出鏡像
podman image Is #列出鏡像
podman rmi #刪除鏡像
podman image rm #刪除鏡像
podman save #導出鏡像
podman load #導入鏡像
podmanfile #定製鏡像(三個)
podman build #構建鏡像
podman diff #檢查容器文件系統上的更改
podman events # 顯示事件
podmanfile #常用指令(四個)
copy/cp #複製文件
add #高級複製
cmd #容器啟動命令
env #環境變數
expose #暴露埠
healthcheck #檢查運行管理的狀態
podman inspect #顯示鏡像的配置
copy/cp
複製文件
[root@localhost ~]# podman ps //查看正在運行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# podman images //列出鏡像
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
[root@localhost ~]# podman run -it centos //創建並運行這個容器
[root@a44e23e8b983 /]# ls
bin etc lib lost+found mnt proc run srv tmp var
dev home lib64 media opt root sbin sys usr
再打開一個終端:
[root@localhost ~]# podman ps //查看正在運行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a44e23e8b983 quay.io/centos/centos:latest /bin/bash 8 minutes ago Up 8 minutes ago adoring_davinci
[root@localhost ~]# podman cp anaconda-ks.cfg a44e23e8b983:/
//將這個外面的文件複製到容器裡面的根目錄下麵
回到之前的終端查看
[root@a44e23e8b983 /]# ls
anaconda-ks.cfg dev home lib64 media opt root sbin sys usr
bin etc lib lost+found mnt proc run srv tmp var
//在容器裡面查看
start/stop
開啟/停止容器
[root@localhost ~]# podman start a44e23e8b983
a44e23e8b983
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a44e23e8b983 quay.io/centos/centos:latest /bin/bash 49 minutes ago Up 23 seconds ago adoring_davinci
[root@localhost ~]# podman stop a44e23e8b983
a44e23e8b983
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
run/create
創建容器
[root@localhost ~]# podman run -it centos //創建並運行這個容器
[root@localhost ~]# podman ps //查看正在運行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a44e23e8b983 quay.io/centos/centos:latest /bin/bash 8 minutes ago Up 8 minutes ago adoring_davinci
[root@localhost ~]# podman pull httpd
Resolving "httpd" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/httpd:latest...
Getting image source signatures
Copying blob dcc4698797c8 done
Copying blob a2abf6c4d29d done
Copying blob 41c22baa66ec done
Copying blob d982c879c57e done
Copying blob 67283bbdd4a0 done
Copying config dabbfbe0c5 done
Writing manifest to image destination
Storing signatures
dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34
//拉取鏡像
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
//列出鏡像
[root@localhost ~]# podman create --name web httpd //此命令只是創建容器但是沒有啟動,一般不建議使用
f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a44e23e8b983 quay.io/centos/centos:latest /bin/bash 53 minutes ago Exited (0) 3 minutes ago adoring_davinci
f7e53678f186 docker.io/library/httpd:latest httpd-foreground 8 seconds ago Created web
diff
檢查容器文件系統上的更改
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f7e53678f186 docker.io/library/httpd:latest httpd-foreground 5 minutes ago Up 4 seconds ago web
[root@localhost ~]# podman diff f7e53678f186
C /usr
C /usr/local
C /usr/local/apache2
C /usr/local/apache2/logs
A /usr/local/apache2/logs/httpd.pid
C /etc
exec
進入正在運行的容器
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f7e53678f186 docker.io/library/httpd:latest httpd-foreground 8 minutes ago Up 3 minutes ago web
[root@localhost ~]# podman exec -it f7e53678f186 /bin/sh
# ls
bin build cgi-bin conf error htdocs icons include logs modules
healthcheck
檢查運行管理的狀態
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f7e53678f186 docker.io/library/httpd:latest httpd-foreground 11 minutes ago Up 5 minutes ago web
[root@localhost ~]# podman healthcheck run web
Error: container f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a has no defined healthcheck
inspect
顯示鏡像的配置
[root@localhost ~]# podman inspect web
[
{
"Id": "f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a",
"Created": "2022-08-15T13:28:43.182514247+08:00",
"Path": "httpd-foreground",
"Args": [
"httpd-foreground"
],
"State": {
"OciVersion": "1.0.2-dev",
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 327830,
"ConmonPid": 327818,
"ExitCode": 0,
"Error": "",
"StartedAt": "2022-08-15T13:33:45.480354789+08:00",
"FinishedAt": "2022-08-15T13:33:36.646016512+08:00",
"Healthcheck": {
"Status": "",
"FailingStreak": 0,
"Log": null
}
},
"Image": "dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34",
"ImageName": "docker.io/library/httpd:latest",
"Rootfs": "",
"Pod": "",
"ResolvConfPath": "/run/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata/resolv.conf",
"HostnamePath": "/run/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata/hostname",
"HostsPath": "/run/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata/hosts",
"StaticDir": "/var/lib/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata",
"OCIConfigPath": "/var/lib/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata/config.json",
"OCIRuntime": "runc",
"ConmonPidFile": "/run/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata/conmon.pid",
"PidFile": "/run/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata/pidfile",
"Name": "web",
"RestartCount": 0,
"Driver": "overlay",
"MountLabel": "system_u:object_r:container_file_t:s0:c556,c843",
"ProcessLabel": "system_u:system_r:container_t:s0:c556,c843",
"AppArmorProfile": "",
"EffectiveCaps": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_NET_RAW",
"CAP_SETFCAP",
"CAP_SETGID",
"CAP_SETPCAP",
"CAP_SETUID",
"CAP_SYS_CHROOT"
],
"BoundingCaps": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_NET_RAW",
"CAP_SETFCAP",
"CAP_SETGID",
"CAP_SETPCAP",
"CAP_SETUID",
"CAP_SYS_CHROOT"
],
"ExecIDs": [],
"GraphDriver": {
"Name": "overlay",
"Data": {
"LowerDir": "/var/lib/containers/storage/overlay/f1aca06344b90a296c3935de55948a2e384af058b8026eff8d70367d9ba65eb4/diff:/var/lib/containers/storage/overlay/fbe4081f229c9bfb37ed4b0df548f053005c7268f32cce47ac3a5530b75565f5/diff:/var/lib/containers/storage/overlay/1e878596d57304e7f3aa17328742283948d033f9110501481771061e41cc34f2/diff:/var/lib/containers/storage/overlay/03f787f87707a04d0c7bc9a113e84d4618c1694280a63581dddd652d2084ad47/diff:/var/lib/containers/storage/overlay/2edcec3590a4ec7f40cf0743c15d78fb39d8326bc029073b41ef9727da6c851f/diff",
"MergedDir": "/var/lib/containers/storage/overlay/db189872505617ea513a30152e77e54fe27a4acf555f34762646e5ecd1f7abcc/merged",
"UpperDir": "/var/lib/containers/storage/overlay/db189872505617ea513a30152e77e54fe27a4acf555f34762646e5ecd1f7abcc/diff",
"WorkDir": "/var/lib/containers/storage/overlay/db189872505617ea513a30152e77e54fe27a4acf555f34762646e5ecd1f7abcc/work"
}
},
"Mounts": [],
"Dependencies": [],
"NetworkSettings": {
"EndpointID": "",
"Gateway": "10.88.0.1",
"IPAddress": "10.88.0.5",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "26:5d:42:f0:25:33",
"Bridge": "",
"SandboxID": "",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/run/netns/cni-7d73fe83-e440-4ebe-6434-44b1f9ff7777",
"Networks": {
"podman": {
"EndpointID": "",
"Gateway": "10.88.0.1",
"IPAddress": "10.88.0.5",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "26:5d:42:f0:25:33",
"NetworkID": "podman",
"DriverOpts": null,
"IPAMConfig": null,
"Links": null
}
}
},
"ExitCommand": [
"/usr/bin/podman",
"--root",
"/var/lib/containers/storage",
"--runroot",
"/run/containers/storage",
"--log-level",
"warning",
"--cgroup-manager",
"systemd",
"--tmpdir",
"/run/libpod",
"--runtime",
"runc",
"--storage-driver",
"overlay",
"--storage-opt",
"overlay.mountopt=nodev,metacopy=on",
"--events-backend",
"file",
"container",
"cleanup",
"f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a"
],
"Namespace": "",
"IsInfra": false,
"Config": {
"Hostname": "f7e53678f186",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/apache2/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm",
"container=podman",
"HTTPD_VERSION=2.4.52",
"HTTPD_SHA256=0127f7dc497e9983e9c51474bed75e45607f2f870a7675a86dc90af6d572f5c9",
"HTTPD_PATCHES=",
"HTTPD_PREFIX=/usr/local/apache2",
"HOME=/root",
"HOSTNAME=f7e53678f186"
],
"Cmd": [ //容器啟動命令
"httpd-foreground"
],
"Image": "docker.io/library/httpd:latest",
"Volumes": null,
"WorkingDir": "/usr/local/apache2",
"Entrypoint": "",
"OnBuild": null,
"Labels": null,
"Annotations": {
"io.container.manager": "libpod",
"io.kubernetes.cri-o.Created": "2022-08-15T13:28:43.182514247+08:00",
"io.kubernetes.cri-o.TTY": "false",
"io.podman.annotations.autoremove": "FALSE",
"io.podman.annotations.init": "FALSE",
"io.podman.annotations.privileged": "FALSE",
"io.podman.annotations.publish-all": "FALSE",
"org.opencontainers.image.stopSignal": "28"
},
"StopSignal": 28,
"CreateCommand": [
"podman",
"create",
"--name",
"web",
"httpd"
],
"Umask": "0022",
"Timeout": 0,
"StopTimeout": 10
},
"HostConfig": {
"Binds": [],
"CgroupManager": "systemd",
"CgroupMode": "host",
"ContainerIDFile": "",
"LogConfig": {
"Type": "k8s-file",
"Config": null,
"Path": "/var/lib/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata/ctr.log",
"Tag": "",
"Size": "0B"
},
"NetworkMode": "bridge",
"PortBindings": {},
"RestartPolicy": {
"Name": "",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": [],
"CapDrop": [
"CAP_AUDIT_WRITE",
"CAP_MKNOD"
],
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": [],
"GroupAdd": [],
"IpcMode": "private",
"Cgroup": "",
"Cgroups": "default",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "private",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": [],
"Tmpfs": {},
"UTSMode": "private",
"UsernsMode": "",
"ShmSize": 65536000,
"Runtime": "oci",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": 0,
"OomKillDisable": false,
"PidsLimit": 2048,
"Ulimits": [
{
"Name": "RLIMIT_NOFILE",
"Soft": 1048576,
"Hard": 1048576
},
{
"Name": "RLIMIT_NPROC",
"Soft": 4194304,
"Hard": 4194304
}
],
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"CgroupConf": null
}
}
]
image rm
刪除鏡像
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
[root@localhost ~]# podman image rm busybox
Untagged: docker.io/library/busybox:latest
Deleted: 7a80323521ccd4c2b4b423fa6e38e5cea156600f40cd855e464cc52a321a24dd
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
[root@localhost ~]# podman rm $(podman ps -qa)
a44e23e8b9833af02f0ba614eb09ec61c567dce27ca1eb878941854cd8e2a4f9
961220f07452f14df4439a089123a08172216b5b92659fee345f778fab2edc13
//podman ps -qa 取出容器的id號
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
podman rm $(podman ps -qa)刪除所有容器
login/logout
登錄和登出docker.io私有倉庫
[root@localhost ~]# podman login docker.io
Username: lvnanhai66
Password:
Login Succeeded!
[root@localhost ~]# podman logout
Removed login credentials for docker.io
history
顯示指定鏡像的歷史記錄
[root@localhost ~]# podman image history httpd
ID CREATED CREATED BY SIZE COMMENT
dabbfbe0c57b 7 months ago /bin/sh -c #(nop) CMD ["httpd-foreground"] 0 B
<missing> 7 months ago /bin/sh -c #(nop) EXPOSE 80 0 B
<missing> 7 months ago /bin/sh -c #(nop) COPY file:c432ff61c4993e... 3.58 kB
<missing> 7 months ago /bin/sh -c #(nop) STOPSIGNAL SIGWINCH 0 B
<missing> 7 months ago /bin/sh -c set -eux; savedAptMark="$(apt... 61.1 MB
<missing> 7 months ago /bin/sh -c #(nop) ENV HTTPD_PATCHES= 0 B
<missing> 7 months ago /bin/sh -c #(nop) ENV HTTPD_SHA256=0127f7... 0 B
<missing> 7 months ago /bin/sh -c #(nop) ENV HTTPD_VERSION=2.4.52 0 B
<missing> 7 months ago /bin/sh -c set -eux; apt-get update; apt... 2.72 MB
<missing> 7 months ago /bin/sh -c #(nop) WORKDIR /usr/local/apache2 0 B
<missing> 7 months ago /bin/sh -c mkdir -p "$HTTPD_PREFIX" && ch... 3.07 kB
<missing> 7 months ago /bin/sh -c #(nop) ENV PATH=/usr/local/apa... 0 B
<missing> 7 months ago /bin/sh -c #(nop) ENV HTTPD_PREFIX=/usr/l... 0 B
<missing> 7 months ago /bin/sh -c #(nop) CMD ["bash"] 0 B
<missing> 7 months ago /bin/sh -c #(nop) ADD file:09675d11695f65c... 83.9 MB
list/ls/images
列出本地存儲鏡像
[root@localhost ~]# podman image list
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
[root@localhost ~]# podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
save
將鏡像保存到本地
[root@localhost ~]# podman image save httpd > httpd.tar
[root@localhost ~]# ls
anaconda-ks.cfg httpd.tar
tag
對鏡像進行修改標簽
[root@localhost ~]# podman tag httpd dabbfbe0c57b/httpd:v1.0
[root@localhost ~]# podman image list
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
localhost/dabbfbe0c57b/httpd v1.0 dabbfbe0c57b 7 months ago 148 MB
quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
