Skip to content

Using Podman for Containerisation

Podman is a containerisation tool that works similarly to Docker. It's a more modern, user-friendly, and secure alternative to Docker.

Podman has been installed and configured across the whole eclean system. This guide will walk you through the basics of understanding and using Podman to manage containers on eclean's servers.

Prerequisites

  • Access to eclean's infrastructure
  • Basic knowledge of using the command line

ecleangg/container-stacks

The ecleangg/container-stacks repository contains the container configurations for all of eclean's infrastructure services.

It is recommended that you become acquainted with the repository and its contents before starting. All updates to the main branch will be automatically deployed in the production environment.

podman kube

podman kube is a tool that allows you to manage Kubernetes configurations using Podman. It lets you both create, run, and delete Podman containers from Kubernetes manifests.

All of eclean's infrastructure services are deployed using podman kube, and you can find the manifests in the ecleangg/container-stacks repository.

podman-kube-apply

We use podman kube apply to deploy various types of modifications to our infrastructure, most notably secrets in our case.

Simply execute podman kube apply -f <path/to/secret.yaml> to deploy the secret in your environment.

Learn more about podman-kube-apply

podman-kube-play

When you need to deploy a new service or update an existing one, utilize podman kube play.

Running podman kube play <path/to/service.yaml> reads the manifest and creates, updates, or deletes the service as needed. Depending on your needs, you may also need to include the --down or --replace flags to destroy the service before restoring it, or to replace the service if it exists.

If your service includes a Kubernetes configmap, run podman kube play <path/to/service.yaml> --configmap=<path/to/configmap.yaml> to deploy the configmap.

Learn more about podman-kube-play

Quadlets

Quadlets is Podman's systemd-based container management system. It lets you start, stop, and restart containers with regular systemd commands.

Quadlet files can only be placed in a limited number of directories, but Podman will recognize and manage them as long as they are properly titled and include the necessary information.

Enable lingering to keep containers running after logout and reboot

Systemd will terminate any running containers when the system reboots or you log out, unless lingering is enabled.

To enable lingering, run: sudo loginctl enable-linger <username>.

Learn more about Quadlets

Secrets with Podman

  • Add general information about how Podman handles secrets

Updating Podman Containers

  • Add reminders about how to properly propogate changes to infrastructure (e.g. updating a container image, updating a container's dependencies, etc.)

Deployment vs Pod

  • Add information about difference between "deployment" and "pod" and why we use deployments

Podman vs Kubernetes

  • Add information about how Podman is related to Kubernetes and how they work together, as well as where they are different