cheatsheets/podman-cheatsheet.md

Podman Cheatsheet

Podman is a daemonless container engine for running OCI containers on Linux. It is compatible with Docker commands but runs rootless by default, enhancing security.

Installation

• Install on Debian/Ubuntu: sudo apt update && sudo apt install podman
• Verify: podman --version

Basic Commands

• System info: podman info
• Version: podman version
• Help: podman --help or podman <command> --help

Images

• Search for images: podman search <term> (e.g., podman search nginx)
• Pull an image: podman pull <image>:<tag> (e.g., podman pull docker.io/library/nginx:latest)
• List local images: podman images or podman image ls
• Inspect image: podman inspect <image>
• Remove image: podman rmi <image-id or name>
• Build image from Containerfile/Dockerfile: podman build -t <name>:<tag> .
• Save image to tar: podman save -o <file.tar> <image>
• Load image from tar: podman load -i <file.tar>

Containers

• Run a container: podman run -d --name <name> -p <host-port>:<container-port> <image> (detached, named, port mapping)
• Run interactive: podman run -it <image> /bin/sh
• List running containers: podman ps
• List all containers (including stopped): podman ps -a
• Inspect container: podman inspect <container>
• View logs: podman logs <container> or podman logs -f <container> (follow)
• Exec into running container: podman exec -it <container> <command> (e.g., /bin/bash)
• Stop container: podman stop <container>
• Start stopped container: podman start <container>
• Restart container: podman restart <container>
• Remove container: podman rm <container> (add -f to force)
• Copy files to container: podman cp <local-path> <container>:<container-path>
• Copy files from container: podman cp <container>:<container-path> <local-path>

Volumes

• Create volume: podman volume create <name>
• List volumes: podman volume ls
• Inspect volume: podman volume inspect <name>
• Remove volume: podman volume rm <name>
• Run with volume: podman run -v <volume-name>:<mount-path> <image>
• Run with bind mount: podman run -v <host-path>:<container-path> <image>

Pods (Multi-Container Applications)

• Create pod: podman pod create --name <pod-name> -p <port>
• List pods: podman pod ls
• Inspect pod: podman pod inspect <pod>
• Run container in pod: podman run -d --pod <pod-name> <image>
• Stop pod: podman pod stop <pod>
• Remove pod: podman pod rm <pod>

Networks

• Create network: podman network create <name>
• List networks: podman network ls
• Inspect network: podman network inspect <name>
• Remove network: podman network rm <name>
• Run with network: podman run --network <name> <image>

Kubernetes Compatibility

• Generate Kubernetes YAML from pod/container: podman generate kube <pod/container> > pod.yaml
• Play Kubernetes YAML: podman play kube <yaml-file>
• Stop and remove from YAML: podman play kube --down <yaml-file>

Cleanup

• Remove all stopped containers: podman rm $(podman ps -q -a)
• Remove unused images: podman rmi $(podman images -q -f dangling=true)
• Prune everything: podman system prune -f

Security Best Practices

• Run rootless: Podman defaults to rootless mode for non-root users, reducing attack surface.
• Use --privileged only when necessary; prefer specific capabilities with --cap-add.
• Secure images: Pull from trusted registries, scan with tools like Trivy.
• Least privilege: Use --security-opt label=disable if needed, but avoid.
• Secrets: Use podman secret create and --secret for sensitive data, never hardcode.

Advanced

• Auto-update containers: podman auto-update
• Remote access: podman --remote <command> (setup with podman system connection)
• Machine (for macOS/Windows): podman machine init, podman machine start

For more details, refer to official docs: https://podman.io/docs

Podman Compose (requires podman-compose installed)

• Install: pip install podman-compose
• Up: podman-compose up -d
• Down: podman-compose down

This cheatsheet is compiled from official Podman documentation and reliable sources like Red Hat Developer (https://developers.redhat.com/cheat-sheets/podman-cheat-sheet)."