Lmst

Podman Desktop is just so awesome. I'm going to create a bootable container disk image for AlmaLinux 9.5, which I will upload to netcup and install it on a VPS.

#Podman #bootc #FOSS #AlmaLinux

Screenshot of the Podman Desktop application, showing the bootable containers disk image builder.

Goddammit, #Hashicorp: why you telling me I need to install #Docker on my EL10 VM rather than letting me use #PodMan???

@romadiz Qué te parece #podman.

@ikkeT Migrated one machine, running this gotosocial instane among others, back from k3s to Podman. Looks like during the k3s exodus Podman vas updated to v5 with Pasta rootless networking on EL9.

Decided to try NGINX in a rootless pod instead of on the host like before. That was a difficult ride... The only way I could figure out how to have IPv6 and have real src IPs (in the NGINX pod):

- NGINX in the host network ns
- A separate IPv6-enabled container network for app pods
- All app pods still expose ports on the host
- NGINX proxy_pass to "localhost:port"

Any idea if the host ports for app pods could be avoided? It was late, so I may have missed something obvious.

#podman #pods #passt #rootlesscontainers #rootless

Interessant, wenn man mit #podman ein Image auf den #RaspberryPi runterladen will und die Fehlermeldung "choosing an image from manifest list [..]: no image found in image index for architecture arm64, variant "v8", OS linux" erhält, muss man noch `--platform=linux/amd64` an den pull-Befehl hängen.

My #podman #container management journey continues...
I started with individual containers via podman run.
Then I started managing them through #pods.
Now I'm managing the pods through #Quadlet
...So what's next?

#homelab #selfhost #containerization #docker

Good blog post, basically sums up my current thoughts about the home lab. Kubernetes is nice, but overkill, and Podman+systemd and even further Quadlet can replace k8s really well on a single person scale.

Wish there was a good NGINX-based solution to mimic what ingress-nginx and cert-manager can do on k8s, not that it's that much work to handle a couple domains manually.

https://blog.yaakov.online/replacing-kubernetes-with-systemd/

#podman #systemd #quadlet #k8s

Latest #podman adventure: I've got a type=exec service that's run by a timer. I tried to use a .kube quadlet with a Pod (like my other servers) that does `restartPolicy: Never` but for some reason it was killed immediately when started as a service. `podman kube apply`-ing it worked. I figured it might be easier to switch to a .container quadlet and that's working.

🛡️ Building a Segmented, Secure Multi-Container Application with Podman #Podman #RootlessContainers #ContainerSecurity #DevSecOps #ZeroTrust #LinuxSecurity #NGINX #MariaDB #Passbolt #CyberSecurity #SegmentAndSecure #DeadSwitch #TheCyberGhost #SilentOps #InfrastructureHardening

http://tomsitcafe.com/2025/05/02/%f0%9f%9b%a1%ef%b8%8f-building-a-segmented-secure-multi-container-application-with-podman/

Error running rootless podman containers inside Incus system container #lxd #container #podman

https://askubuntu.com/q/1546923/612

Oh joy. Podman (might only be Ubuntu's 4.9.x; I need to check with latest 5.4.2) doesn't consider $TARGETPLATFORM when deciding whether two images are the same, so it happily merges their tags together, and you end up with only one platform in your multi-platform manifest.

The workaround seems to be to put (an otherwise unused) ARG TARGETPLATFORM in the Containerfile, so that there's _some_ difference between them.

#podman

tl;dr: docker always uses the target platform for FROM; podman uses whatever you last pulled.

https://blog.differentpla.net/blog/2025/05/01/multiarch-containers-podman-docker-3/

#podman #docker

I wish I had more time for personal projects. I really need a tool like ddev that runs on podman (I'm on an immutable Linux), but I have little time to work on my replacement tool.

Once summer comes, school will be out and all my PTO stuff will be on hold. Then I can get to it.

#PHP #podman #dev

I've gone through the exercise of spinning up multiple #podman rootless containers, and I've had to use `--userns` for several containers in which a host directory is mounted as a volume.

Say I've created a `postgres` user that runs the rootless postgres container, and its id is `1004`. The postgres container user id is `1001`. Unless the ids are mapped using `--userns=keep-id:uid=1001,gid=1001`, the container will exit when trying to write to the mounted directory.

https://docs.podman.io/en/latest/markdown/podman-run.1.html#userns-mode

@AliveDevil

#Podman Quadlets keep improving with each release. For example on Ubuntu 24.04 Quadlet still doesn't support Systemd templates that are very useful.

Probably by the time Trixie is released there will be some other new feature missing.

I stopped worrying and just moved to Fedora on workstations and CentOS on servers. There I always have the latest Podman version.

Debian/Ubuntu policy for packages updates is anachronistic and doesn't provide more stability in the DevOps and CI era.

Bite the bullet, and deploy #Ubuntu 24 for #Podman 4.4+ which includes #Quadlet?
They are so good.
Or wait for #Debian Trixie to release … some day … and use podman generate systemd for the time being.