Podman

Libpod provides Container Pod concept, popularized by Kubernetes.]] Libpod also contains the Pod Manager tool -.

Unlike Docker, libpod is a daemonless container engine for interacting with OCI Containers. Optionally, a rootless operation mode is provided (see  USE flag).

Kernel
As of libpod 1.3.2 and runc 1.0.0_rc8, there is no built-in kernel config check included. However, the upstream provides a method of listing its required kernel configuration via check-config.sh script.

Rootless mode
User namespaces have to be enabled in order to use the rootless mode. Also, docker images make use of fuse and overlayfs, these should also be enabled:

Files

 * - Specifies which container registries should be searched for images.
 * - Defines policies for image validation.

Defaults are provided as and.

Rootless mode
Libpod requires the user running to have a range of UIDs listed in  and  files. These UIDs are used for mapping the container UIDs to the host UIDs via user namespaces.

It is possible to edit them manually, although the recommended way is using :

Usage
The tool aims to be a drop-in replacement for  client provided by Docker. For example, becomes  and  becomes.

All Container Pod-related actions are accessible via command.

Exposing containers to local network
By default, works in bridge mode with a separate cni-podman0 bridge, and then requests are translated to local network via NAT. It is possible to give pods/containers real ips on the local network using macvlan mode.

First enable and start the cni-dhcp daemon:

Add a new network config for to support macvlan networks.

Here it is assumed that there is an externally configured bridge already in existence. It might be possible to use an existing ethernet device, such as and attach to it.

Now it is possible to create a pod with this network:

Not enough namespaces
When running a container an error appears: error creating libpod runtime: there might not be enough IDs available in the namespace.

In this case, increase the number of user namespaces permanently via a kernel setting: