# Podman Cheatsheet

Podman is a daemonless container engine for running OCI containers on Linux. 
It is compatible with Docker commands but runs rootless by default, enhancing 
security.

## Installation

- Install on Debian/Ubuntu: `sudo apt update && sudo apt install podman`
- Verify: `podman --version`

## Basic Commands

- System info: `podman info`
- Version: `podman version`
- Help: `podman --help` or `podman <command> --help`

## Images
- Search for images: `podman search <term>` (e.g., `podman search nginx`)
- Pull an image: `podman pull <image>:<tag>` (e.g., `podman pull docker.io/library/nginx:latest`)
- List local images: `podman images` or `podman image ls`
- Inspect image: `podman inspect <image>`
- Remove image: `podman rmi <image-id or name>`
- Build image from Containerfile/Dockerfile: `podman build -t <name>:<tag> .`
- Save image to tar: `podman save -o <file.tar> <image>`
- Load image from tar: `podman load -i <file.tar>`

## Containers
- Run a container: `podman run -d --name <name> -p <host-port>:<container-port> 
  <image>` (detached, named, port mapping)
- Run interactive: `podman run -it <image> /bin/sh`
- List running containers: `podman ps`
- List all containers (including stopped): `podman ps -a`
- Inspect container: `podman inspect <container>`
- View logs: `podman logs <container>` or `podman logs -f <container>` (follow)
- Exec into running container: `podman exec -it <container> <command>` (e.g., `/bin/bash`)
- Stop container: `podman stop <container>`
- Start stopped container: `podman start <container>`
- Restart container: `podman restart <container>`
- Remove container: `podman rm <container>` (add `-f` to force)
- Copy files to container: `podman cp <local-path> <container>:<container-path>`
- Copy files from container: `podman cp <container>:<container-path> <local-path>`

## Volumes
- Create volume: `podman volume create <name>`
- List volumes: `podman volume ls`
- Inspect volume: `podman volume inspect <name>`
- Remove volume: `podman volume rm <name>`
- Run with volume: `podman run -v <volume-name>:<mount-path> <image>`
- Run with bind mount: `podman run -v <host-path>:<container-path> <image>`

## Pods (Multi-Container Applications)
- Create pod: `podman pod create --name <pod-name> -p <port>`
- List pods: `podman pod ls`
- Inspect pod: `podman pod inspect <pod>`
- Run container in pod: `podman run -d --pod <pod-name> <image>`
- Stop pod: `podman pod stop <pod>`
- Remove pod: `podman pod rm <pod>`

## Networks
- Create network: `podman network create <name>`
- List networks: `podman network ls`
- Inspect network: `podman network inspect <name>`
- Remove network: `podman network rm <name>`
- Run with network: `podman run --network <name> <image>`

## Kubernetes Compatibility
- Generate Kubernetes YAML from pod/container: `podman generate kube <pod/container> > pod.yaml`
- Play Kubernetes YAML: `podman play kube <yaml-file>`
- Stop and remove from YAML: `podman play kube --down <yaml-file>`

## Cleanup
- Remove all stopped containers: `podman rm $(podman ps -q -a)`
- Remove unused images: `podman rmi $(podman images -q -f dangling=true)`
- Prune everything: `podman system prune -f`

## Security Best Practices
- Run rootless: Podman defaults to rootless mode for non-root users, reducing attack surface.
- Use --privileged only when necessary; prefer specific capabilities with --cap-add.
- Secure images: Pull from trusted registries, scan with tools like Trivy.
- Least privilege: Use --security-opt label=disable if needed, but avoid.
- Secrets: Use podman secret create and --secret for sensitive data, never hardcode.

## Advanced
- Auto-update containers: `podman auto-update`
- Remote access: `podman --remote <command>` (setup with podman system connection)
- Machine (for macOS/Windows): `podman machine init`, `podman machine start`

For more details, refer to official docs: https://podman.io/docs

## Podman Compose (requires podman-compose installed)
- Install: `pip install podman-compose`
- Up: `podman-compose up -d`
- Down: `podman-compose down`

This cheatsheet is compiled from official Podman documentation and reliable sources like Red Hat Developer (https://developers.redhat.com/cheat-sheets/podman-cheat-sheet)."