diff --git a/podman-cheatsheet.md b/podman-cheatsheet.md new file mode 100644 index 0000000..2249d0a --- /dev/null +++ b/podman-cheatsheet.md @@ -0,0 +1,91 @@ +# Podman Cheatsheet + +Podman is a daemonless container engine for running OCI containers on Linux. +It is compatible with Docker commands but runs rootless by default, enhancing +security. + +## Installation + +- Install on Debian/Ubuntu: `sudo apt update && sudo apt install podman` +- Verify: `podman --version` + +## Basic Commands + +- System info: `podman info` +- Version: `podman version` +- Help: `podman --help` or `podman --help` + +## Images +- Search for images: `podman search ` (e.g., `podman search nginx`) +- Pull an image: `podman pull :` (e.g., `podman pull docker.io/library/nginx:latest`) +- List local images: `podman images` or `podman image ls` +- Inspect image: `podman inspect ` +- Remove image: `podman rmi ` +- Build image from Containerfile/Dockerfile: `podman build -t : .` +- Save image to tar: `podman save -o ` +- Load image from tar: `podman load -i ` + +## Containers +- Run a container: `podman run -d --name -p : + ` (detached, named, port mapping) +- Run interactive: `podman run -it /bin/sh` +- List running containers: `podman ps` +- List all containers (including stopped): `podman ps -a` +- Inspect container: `podman inspect ` +- View logs: `podman logs ` or `podman logs -f ` (follow) +- Exec into running container: `podman exec -it ` (e.g., `/bin/bash`) +- Stop container: `podman stop ` +- Start stopped container: `podman start ` +- Restart container: `podman restart ` +- Remove container: `podman rm ` (add `-f` to force) +- Copy files to container: `podman cp :` +- Copy files from container: `podman cp : ` + +## Volumes +- Create volume: `podman volume create ` +- List volumes: `podman volume ls` +- Inspect volume: `podman volume inspect ` +- Remove volume: `podman volume rm ` +- Run with volume: `podman run -v : ` +- Run with bind mount: `podman run -v : ` + +## Pods (Multi-Container Applications) +- Create pod: `podman pod create --name -p ` +- List pods: `podman pod ls` +- Inspect pod: `podman pod inspect ` +- Run container in pod: `podman run -d --pod ` +- Stop pod: `podman pod stop ` +- Remove pod: `podman pod rm ` + +## Networks +- Create network: `podman network create ` +- List networks: `podman network ls` +- Inspect network: `podman network inspect ` +- Remove network: `podman network rm ` +- Run with network: `podman run --network ` + +## Kubernetes Compatibility +- Generate Kubernetes YAML from pod/container: `podman generate kube > pod.yaml` +- Play Kubernetes YAML: `podman play kube ` +- Stop and remove from YAML: `podman play kube --down ` + +## Cleanup +- Remove all stopped containers: `podman rm $(podman ps -q -a)` +- Remove unused images: `podman rmi $(podman images -q -f dangling=true)` +- Prune everything: `podman system prune -f` + +## Security Best Practices +- Run rootless: Podman defaults to rootless mode for non-root users, reducing attack surface. +- Use --privileged only when necessary; prefer specific capabilities with --cap-add. +- Secure images: Pull from trusted registries, scan with tools like Trivy. +- Least privilege: Use --security-opt label=disable if needed, but avoid. +- Secrets: Use podman secret create and --secret for sensitive data, never hardcode. + +## Advanced +- Auto-update containers: `podman auto-update` +- Remote access: `podman --remote ` (setup with podman system connection) +- Machine (for macOS/Windows): `podman machine init`, `podman machine start` + +For more details, refer to official docs: https://podman.io/docs + +This cheatsheet is compiled from official Podman documentation and reliable sources like Red Hat Developer. \ No newline at end of file