AgentSkillsCN

podman

使用 Podman 管理容器、构建镜像、配置 Pod 与网络。适用于运行容器、编写 Containerfile、将服务分组至 Pod 中,或对容器资源进行管理的场景。

SKILL.md
--- frontmatter
name: podman
description: Manages containers, builds images, configures pods and networks with Podman. Use when running containers, creating Containerfiles, grouping services in pods, or managing container resources.

Podman

Rootless container management compatible with Docker commands.

Container Management

Basic Lifecycle

bash
# Run a container (detached)
podman run -d --name my-app alpine sleep 1000

# List running containers
podman ps

# List all containers (including stopped ones)
podman ps -a

# Stop and remove a container
podman stop my-app
podman rm my-app

# Inspect container details
podman inspect my-app

Logs and Execution

bash
# View container logs (non-interactive)
podman logs my-app

# Execute a command in a running container
podman exec my-app ls /app

Image Management

bash
# Pull an image
podman pull alpine:latest

# List local images
podman images

# Build an image from a Containerfile (or Dockerfile)
podman build -t my-custom-image .

# Remove an image
podman rmi my-custom-image

Pods (Unique to Podman)

Pods allow grouping multiple containers together so they share the same network namespace (localhost).

bash
# Create a pod
podman pod create --name my-stack -p 8080:80

# Run a container inside a pod
podman run -d --pod my-stack --name nginx nginx

# List pods
podman pod ps

Maintenance and Cleanup

bash
# Remove all stopped containers, unused networks, and dangling images
podman system prune -f

# Show disk usage by containers/images
podman system df

Headless / Non-Interactive Tips

  • Force Flag: Use -f or --force with rm, rmi, and prune to avoid confirmation prompts.
  • Detached Mode: Always use -d for long-running services to prevent the command from hanging. For interactive sessions, use: tmux new -d 'podman run -it --name my-app alpine sh'
  • Rootless: Podman runs in rootless mode by default for the current user. Ensure subuid/subgid are configured if running complex workloads.
  • Docker Compatibility: Most docker commands can be prefixed with podman instead.

Networking

bash
# Create a network
podman network create my-network

# Run container on a network
podman run --network my-network --name web nginx

# Connect existing container to network
podman network connect my-network web

# List networks
podman network ls

# Inspect network
podman network inspect my-network

Secrets Management

bash
# Create a secret
echo "my-secret-value" | podman secret create my-secret -

# List secrets
podman secret ls

# Use secret in container
podman run --secret my-secret,type=env,target=MY_SECRET alpine env

Health Checks

bash
# Run container with health check
podman run -d --health-cmd "curl -f http://localhost/ || exit 1" \
  --health-interval 30s --health-retries 3 \
  --name web nginx

# Check health status
podman inspect web | grep -A 10 "Health"

Auto Updates

bash
# Run container with auto-update policy
podman run -d --label "io.containers.autoupdate=registry" \
  --name web nginx

# Check for updates
podman auto-update

# Apply updates
podman auto-update --dry-run=false

Systemd Integration (Quadlet)

Podman can generate systemd service files for containers:

bash
# Create a .container file
cat > ~/.config/containers/systemd/my-app.container << EOF
[Container]
Image=nginx:latest
PublishPort=8080:80
EOF

# Generate systemd service
podman generate systemd --new --files --name my-app

# Enable and start
systemctl --user enable --now container-my-app.service

Docker Compose Compatibility

bash
# Native podman compose support
podman compose up -d
podman compose down
podman compose logs

# Or use podman-compose (third-party tool)
pip install podman-compose
podman-compose up -d

Kubernetes Integration

bash
# Generate Kubernetes YAML from container/pod
podman generate kube my-pod > pod.yaml

# Play Kubernetes YAML
podman kube play pod.yaml

# Stop and remove Kubernetes resources
podman kube down pod.yaml

Remote Builds (Farm)

bash
# Farm out builds to remote machines
podman farm build -t myimage .

# List configured farms
podman farm list

Artifact Management

bash
# Push OCI artifacts
podman artifact push myartifact.tar oci://registry.example.com/artifact

# Pull OCI artifacts
podman artifact pull oci://registry.example.com/artifact

Related Skills

  • tmux: Run containers in background sessions
  • nix: Alternative reproducible environments