Podman for DevOps: Containerization reimagined with Podman and its companion tools
- Length: 518 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2022-04-28
- ISBN-10: 1803248238
- ISBN-13: 9781803248233
- Sales Rank: #1371842 (See Top 100 Books)
Build, deploy, and manage containers with the next-generation engine and tools
Key Features
- Discover key differences between Docker and Podman
- Build brand new container images with Buildah, the Podman companion
- Learn how to manage and integrate containers securely in your existing infrastructure
Book Description
As containers have become the new de facto standard for packaging applications and their dependencies, understanding how to implement, build, and manage them is now an essential skill for developers, system administrators, and SRE/operations teams. Podman and its companion tools Buildah and Skopeo make a great toolset to boost the development, execution, and management of containerized applications.
Starting with the basic concepts of containerization and its underlying technology, this book will help you get your first container up and running with Podman. You’ll explore the complete toolkit and go over the development of new containers, their lifecycle management, troubleshooting, and security aspects. Together with Podman, the book illustrates Buildah and Skopeo to complete the tools ecosystem and cover the complete workflow for building, releasing, and managing optimized container images. Podman for DevOps provides a comprehensive view of the full-stack container technology and its relationship with the operating system foundations, along with crucial topics such as networking, monitoring, and integration with systemd, docker-compose, and Kubernetes.
By the end of this DevOps book, you’ll have developed the skills needed to build and package your applications inside containers as well as to deploy, manage, and integrate them with system services.
What you will learn
- Understand Podman’s daemonless approach as a container engine
- Run, manage, and secure containers with Podman
- Discover the strategies, concepts, and command-line options for using Buildah to build containers from scratch
- Manage OCI images with Skopeo
- Troubleshoot runtime, build, and isolation issues
- Integrate Podman containers with existing networking and system services
Who this book is for
The book is for cloud developers looking to learn how to build and package applications inside containers and system administrators who want to deploy, manage, and integrate them with system services and orchestration solutions. This book provides a detailed comparison between Docker and Podman to aid you in learning Podman quickly.
Podman for DevOps
Foreword
Contributors
About the authors
About the reviewers
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share Your Thoughts
Section 1: From Theory to Practice: Running Containers with Podman
Chapter 1: Introduction to Container Technology
Technical requirements
Book conventions
What are containers?
Resource usage with cgroups
Running isolated processes
Isolating mounts
Container images to the rescue
Security considerations
Container engines and runtimes
Containers versus virtual machines
Why do I need a container?
Open source
Portability
DevOps facilitators
Cloud readiness
Infrastructure optimization
Microservices
Chroot and Unix v7
FreeBSD jails
Solaris Containers (also known as Solaris Zones)
Linux Containers (LXC)
Docker
rkt
OCI and CRI-O
Podman
Where are containers used today?
Summary
Further reading
Chapter 2: Comparing Podman and Docker
Technical requirements
Docker container daemon architecture
The Docker daemon
Interacting with the Docker daemon
The Docker REST API
Docker client commands
Docker images
Docker registries
What does a running Docker architecture look like?
Containerd architecture
Podman daemonless architecture
Podman commands and REST API
Podman building blocks
The libpod library
The runc and crun OCI container runtimes
Conmon
Rootless containers
OCI images
The main differences between Docker and Podman
Command-line interface comparison
Running a container
Summary
Further reading
Chapter 3: Running the First Container
Technical requirements
Choosing an operating system and installation method
Choosing between Linux distributions and another OS
Preparing your environment
Customizing the container registries search list
Optional – enable socket-based services
Optional – customize Podman’s behavior
Running your first container
Interactive and pseudo-tty
Detaching from a running container
Network port publishing
Configuration and environment variables
Summary
Further reading
Chapter 4: Managing Running Containers
Technical requirements
Managing container images
Searching for images
Pulling and viewing images
Inspecting images' configurations and contents
Deleting images
Operations with running containers
Viewing and handling container status
Pausing and unpausing containers
Inspecting processes inside containers
Monitoring container stats
Inspecting container information
Capturing logs from containers
Executing processes in a running container
Running containers in pods
Summary
Chapter 5: Implementing Storage for the Container's Data
Technical requirements
Why does storage matter for containers?
Containers' storage features
Storage driver
Copying files in and out of a container
Interacting with overlayfs
Attaching host storage to a container
Managing and attaching bind mounts to a container
Managing and attaching volumes to a container
SELinux considerations for mounts
Attaching other types of storage to a container
Summary
Further reading
Section 2: Building Containers from Scratch with Buildah
Chapter 6: Meet Buildah – Building Containers from Scratch
Technical requirements
Basic image building with Podman
Builds under the hood
Dockerfile and Containerfile instructions
Running builds with Podman
Meet Buildah, Podman's companion tool for builds
Preparing our environment
Verifying the installation
Buildah configuration files
Choosing our build strategy
Building a container image starting from an existing base image
Building a container image starting from scratch
Building a container image starting from a Dockerfile
Building images from scratch
Building images from a Dockerfile
Summary
Further reading
Chapter 7: Integrating with Existing Application Build Processes
Technical requirements
Multistage container builds
Multistage builds with Dockerfiles
Multistage builds with Buildah native commands
Running Buildah inside a container
Running rootless Buildah containers with volume stores
Running Buildah containers with bind-mounted stores
Running native Buildah commands inside containers
Integrating Buildah in custom builders
Including Buildah in our Go build tool
Quarkus-native executables in containers
A Buildah wrapper for the Rust language
Summary
Further readings
Chapter 8: Choosing the Container Base Image
Technical requirements
The Open Container Initiative image format
OCI Image Manifest
Where do container images come from?
Docker Hub container registry service
Quay container registry service
Red Hat Ecosystem Catalog
Trusted container image sources
Managing trusted registries
Introducing Universal Base Image
The UBI Standard image
The UBI Minimal image
The UBI Micro image
The UBI Init image
Other UBI-based images
Summary
Further reading
Chapter 9: Pushing Images to a Container Registry
Technical requirements
What is a container registry?
Repository management
Pushing container images
Tag management
Pulling container images
Authentication management
Cloud-based and on-premise container registries
On-premise container registries
Cloud-based container registries
Managing container images with Skopeo
Installing Skopeo
Verifying the installation
Copying images across locations
Inspecting remote images
Synchronizing registries and local directories
Deleting images
Running a local container registry
Running a containerized registry
Customizing the registry configuration
Using a local registry to sync repositories
Managing registry garbage collection
Summary
Further reading
Section 3: Managing and Integrating Containers Securely
Chapter 10: Troubleshooting and Monitoring Containers
Technical requirements
Troubleshooting running containers
Permission denied while using storage volumes
Issues with the ping command in rootless containers
Monitoring containers with health checks
Inspecting your container build results
Troubleshooting builds from Dockerfiles
Troubleshooting builds with Buildah-native commands
Advanced troubleshooting with nsenter
Troubleshooting a database client with nsenter
Summary
Further reading
Chapter 11: Securing Containers
Technical requirements
Running rootless containers with Podman
The Podman Swiss Army knife – subuid and subgid
Do not run containers with UID 0
Signing our container images
Signing images with GPG and Podman
Configuring Podman to pull signed images
Testing signature verification failures
Managing keys with Podman image trust commands
Managing signatures with Skopeo
Customizing Linux kernel capabilities
Capabilities quickstart guide
Capabilities in containers
Customizing a container's capabilities
SELinux interaction with containers
Introducing Udica
Summary
Further reading
Chapter 12: Implementing Container Networking Concepts
Technical requirements
Container networking and Podman setup
CNI configuration quick start
Podman CNI walkthrough
Netavark configuration quick start
Podman Netavark walkthrough
Managing networks with Podman
Interconnecting two or more containers
Container DNS resolution
Running containers inside a Pod
Exposing containers outside our underlying host
Port Publishing
Attaching a host network
Host firewall configuration
Rootless container network behavior
Summary
Further reading
Chapter 13: Docker Migration Tips and Tricks
Technical requirements
Migrating existing images and playing with a command's alias
Podman commands versus Docker commands
Behavioral differences between Podman and Docker
Missing commands in Podman
Missing commands in Docker
Using Docker Compose with Podman
Docker Compose quick start
Configuring Podman to interact with docker-compose
Running Compose workloads with Podman and docker-compose
Using podman-compose
Summary
Further reading
Chapter 14: Interacting with systemd and Kubernetes
Technical requirements
Setting up the prerequisites for the host operating system
Creating the systemd unit files
Managing container-based systemd services
Generating Kubernetes YAML resources
Generating basic Pod resources from running containers
Generating Pods and services from running containers
Generating a composite application in a single Pod
Generating composite applications with multiple Pods
Running Kubernetes resource files in Podman
Testing the results in Kubernetes
Setting up minikube
Starting minikube
Running generated resource files in Kubernetes
Summary
Further reading
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
To access the Link, solve the captcha.
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Podman for DevOps: Containerization reimagined with Podman and its companion tools, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.
Debian Security Essentials
2024-10-23
