Getting started with Podman

Containers are an application distribution method used to ensure the application runtime can be redistributed across multiple environments. This is useful for portability, scalability, and broader platform compatibility.

Podman is a container runtime. Podman is an alternative to Docker that includes the ability to run unprivileged containers (non-root) and has tight integration with Systemd to start and monitor processes.

If you are using Fedora, podman comes pre-installed. If you are using an alternative OS, you can first install it via your package manager.

Let's get to it!

As our first example, we are going to deploy a container and immediately enter the bash console of that terminal:

$ podman run --rm -it fedora-minimal bash

Let's break down this command:

• podman run = used to create AND start a new container
• --rm = this means delete the container after we exit
• -i = enable interactive stdin/stout even if container is not attatched
• -t = allocate a pseudo-TTY
• fedora-minimal = name of the image we are using for our container
• bash = we are passing the bash command into the container to gain immediate access to a console

After entering the command, you will be inside the container. This container is tiny Fedora image that includes only the basic tools. Additionally, DNF has been replaced with microdnf. The image is useful as a template to create additional container images that you can use to ship your own applications.

While you are inside this container, your actions will not affect the host OS. Feel free to install a couple packages to explore the container. You can then exit the container by typing "exit". Since we used the "--rm" option, the container will be immediately removed upon exit.

Building container images with Buildah

The power of containers is that you can confidently build an application and ship it on an identical platform across all environments. To demonstrate this we are going to create our first container image. Images are commonly written as Dockerfiles or using Buildah. Buildah is better if your in a development workflow since it is more script-able, so we will use Buildhah.

Create the following sample shell script by pasting this text into your terminal (copy/paste all text after "$" as a single block of text):

$ cat >> sample.sh << EOF
#!/bin/bash
echo "Starting tutorial example"

for (( i=1; i<=10; i++ ))
do
echo "Container tutorial: looped $i times"
sleep 5s
done

EOF

Next, let's make sure our script is executable:

$ chmod 760 sample.sh

To get started with Buildah, let's create a container image using fedora-minimal as a base image:

$ cont=$(buildah from fedora-minimal)

You can verify it was created with the following command:

$ echo $cont

Next, let's copy our shell script into the container image at /usr/bin so it already exists in an executable path.

$ buildah copy $cont ./sample.sh /usr/bin

Next, we are adding an entry command that points to our shell script. This is what will run when the image is deployed:

$ buildah config --cmd /usr/bin/sample.sh $cont

Next, lets commit these working changes into a container ready image:

$ buildah commit $cont tutorial

View all images available in your local registry with the following:

$ buildah images

Start your new container with the following options to see it run across command line:

$ podman run -it --rm tutorial

Next, let's run the container again, but in "detached" mode, meaning in the background. Again, when the container finishes running, it will delete itself:

$ podman run -d --rm tutorial

While the container is running, type the following:

$ podman ps

This command list all containers running under your user account. Add the "-a" option to include both running and stopped containers.

Extras...

Outside of this quick introductory, here are a couple other commands that are useful for reference.

Below is an example of adding a package inside your container image using buildah. The command below will add a "run" command to the container image. Anything after "--" is what is applied inside the container:

$ buildah run $cont -- microdnf -y install wireguard-tools

All done! Have fun!