Containers
Comprehensive container lifecycle management, configuration, runtime options, and advanced container operations with Podman.
Container Lifecycle
Creating and Running Containers
# Basic container creation
podman run alpine echo "Hello World"
podman run -it alpine sh
podman run -d nginx
podman run --name mycontainer nginx
# Create without starting
podman create --name mycontainer nginx
podman start mycontainer
# Run with automatic removal
podman run --rm alpine echo "Hello World"
# Run with restart policy
podman run -d --restart=always nginx
podman run -d --restart=on-failure:3 nginx
podman run -d --restart=unless-stopped nginx
Container States and Control
# Start/stop containers
podman start container_name
podman stop container_name
podman restart container_name
podman kill container_name
podman kill -s SIGTERM container_name
# Pause/unpause containers
podman pause container_name
podman unpause container_name
# Wait for container to exit
podman wait container_name
# Check container status
podman ps
podman ps -a
podman ps --filter status=running
podman ps --filter status=exited
Container Management
# List containers
podman ps # Running containers
podman ps -a # All containers
podman ps -l # Latest container
podman ps -q # Container IDs only
podman ps --format table # Formatted output
podman ps --format json # JSON output
# Container information
podman inspect container_name
podman logs container_name
podman logs -f container_name # Follow logs
podman logs --tail 50 container_name # Last 50 lines
podman logs --since 2h container_name # Logs from last 2 hours
# Resource usage
podman stats container_name
podman stats --no-stream container_name
podman top container_name # Running processes
Container Configuration
Resource Limits
# Memory limits
podman run -m 512m nginx # 512MB memory limit
podman run --memory=1g nginx # 1GB memory limit
podman run --memory=512m --memory-swap=1g nginx # Memory + swap
# CPU limits
podman run --cpus=1.5 nginx # 1.5 CPU cores
podman run --cpu-shares=512 nginx # CPU weight
podman run --cpuset-cpus=0,1 nginx # Specific CPU cores
# Process limits
podman run --pids-limit=100 nginx # Max 100 processes
# Ulimits
podman run --ulimit nofile=1024:2048 nginx
podman run --ulimit nproc=100 nginx
Environment and Variables
# Environment variables
podman run -e VAR1=value1 nginx
podman run -e VAR1=value1 -e VAR2=value2 nginx
podman run --env-file .env nginx
# Example .env file
# DATABASE_URL=postgres://user:pass@host/db
# API_KEY=secret123
# DEBUG=true
# Read environment from file
echo "DEBUG=true" > env.txt
echo "PORT=3000" >> env.txt
podman run --env-file env.txt nginx
Working Directory and User
# Set working directory
podman run -w /app nginx pwd
# Set user
podman run -u 1000:1000 nginx id
podman run -u nginx nginx id
podman run --user=$(id -u):$(id -g) nginx id
# Set hostname
podman run -h myhost nginx hostname
podman run --hostname=custom-host nginx hostname
Networking Options
# Port publishing
podman run -p 8080:80 nginx # Host port 8080 -> container port 80
podman run -p 127.0.0.1:8080:80 nginx # Bind to localhost only
podman run -P nginx # Publish all exposed ports
# Network modes
podman run --network=host nginx # Use host networking
podman run --network=none nginx # No networking
podman run --network=container:other nginx # Share network with another container
# Custom networks
podman network create mynetwork
podman run --network=mynetwork nginx
Advanced Container Operations
Executing Commands
# Execute commands in running containers
podman exec container_name ls
podman exec -it container_name bash
podman exec -u root container_name id
# Execute with environment variables
podman exec -e VAR=value container_name env
# Execute with working directory
podman exec -w /app container_name pwd
# Execute as different user
podman exec -u 1000:1000 container_name id
File Operations
# Copy files between host and container
podman cp file.txt container_name:/path/
podman cp container_name:/path/file.txt ./
podman cp . container_name:/app/
# Archive operations
podman export container_name > container.tar
podman import container.tar new_image_name
# Create files in container
echo "content" | podman exec -i container_name tee /path/file.txt
Container Updates and Changes
# Update container configuration
podman update --memory=1g container_name
podman update --cpus=2 container_name
# Commit changes to new image
podman commit container_name new_image_name
podman commit -m "Added configuration" container_name new_image:v2
# Rename container
podman rename old_name new_name
Security and Isolation
Security Options
# Run with security options
podman run --security-opt no-new-privileges nginx
podman run --security-opt apparmor:unconfined nginx
podman run --security-opt label=level:s0:c123,c456 nginx
# Capabilities
podman run --cap-drop ALL nginx
podman run --cap-drop ALL --cap-add NET_BIND_SERVICE nginx
podman run --cap-add SYS_ADMIN nginx
# Privileged containers
podman run --privileged nginx # Full privileges (use carefully)
User Namespaces
# Run with user namespace mapping
podman run --userns=keep-id nginx
podman run --uidmap 0:1000:1000 --gidmap 0:1000:1000 nginx
# Rootless containers (default in Podman)
podman run nginx # Runs rootless by default
Read-only Filesystem
# Read-only root filesystem
podman run --read-only nginx
podman run --read-only --tmpfs /tmp nginx
podman run --read-only --tmpfs /tmp --tmpfs /var/run nginx
Container Monitoring
Logs and Events
# Container logs
podman logs container_name
podman logs -f container_name # Follow logs
podman logs --since 1h container_name # Last hour
podman logs --until 2021-01-01T00:00:00 container_name
# System events
podman events
podman events --filter container=mycontainer
podman events --filter event=start
podman events --filter type=container
Health Checks
# Run with health check
podman run -d \
--health-cmd="curl -f http://localhost:80 || exit 1" \
--health-interval=30s \
--health-timeout=10s \
--health-retries=3 \
--health-start-period=60s \
nginx
# Check health status
podman inspect container_name | grep -A 10 Health
podman ps --format "table {{.Names}}\t{{.Status}}\t{{.Healthcheck}}"
Resource Monitoring
# Real-time stats
podman stats
podman stats container_name
podman stats --no-stream # One-time stats
# System usage
podman system df
podman system info
Specialized Container Types
Init Containers
# Run with init system
podman run --init nginx
podman run --init -d nginx
# Custom init
podman run --init-path /usr/bin/tini nginx
Temporary Containers
# Ephemeral containers (removed on exit)
podman run --rm alpine echo "temporary"
podman run --rm -it alpine sh
# Temporary filesystem
podman run --tmpfs /tmp nginx
podman run --tmpfs /tmp:rw,size=100m nginx
Service Containers
# Run as system service
podman run -d \
--name web-service \
--restart=always \
-p 80:80 \
nginx
# Generate systemd service
podman generate systemd --new --name web-service > web-service.service
sudo cp web-service.service /etc/systemd/system/
sudo systemctl enable web-service
sudo systemctl start web-service
Container Cleanup
Removing Containers
# Remove specific container
podman rm container_name
podman rm -f container_name # Force remove running container
# Remove multiple containers
podman rm container1 container2
podman rm $(podman ps -aq) # Remove all containers
# Remove exited containers
podman container prune
podman container prune --filter "until=24h"
# Remove containers by pattern
podman ps -a --filter name=test* -q | xargs podman rm
Automated Cleanup
# Auto-remove on exit
podman run --rm alpine echo "cleanup"
# Cleanup script
#!/bin/bash
# Stop all containers
podman stop $(podman ps -q)
# Remove all containers
podman rm $(podman ps -aq)
# Remove unused images
podman image prune -a
Container Debugging
Troubleshooting
# Debug container startup
podman run --rm -it alpine sh
podman logs container_name
# Check container processes
podman top container_name
podman exec container_name ps aux
# Network debugging
podman exec container_name netstat -tulpn
podman exec container_name ping google.com
# File system debugging
podman exec container_name df -h
podman exec container_name mount
Container Inspection
# Detailed inspection
podman inspect container_name
podman inspect --format '{{.State.Status}}' container_name
podman inspect --format '{{.NetworkSettings.IPAddress}}' container_name
# Configuration diff
podman diff container_name # Show filesystem changes
Production Patterns
Multi-stage Deployments
# Blue-green deployment
podman stop web-green
podman run -d --name web-blue -p 80:80 myapp:v2
# Test blue deployment
podman stop web-blue
podman rm web-green
podman rename web-blue web-green
Container Orchestration
# Rolling update pattern
for i in {1..3}; do
podman stop web-$i
podman rm web-$i
podman run -d --name web-$i -p $((8080+i)):80 myapp:latest
sleep 10
done
Backup and Migration
# Create container backup
podman commit container_name backup_image:$(date +%Y%m%d)
podman save backup_image:$(date +%Y%m%d) > backup_$(date +%Y%m%d).tar
# Migrate container
podman export container_name > container_export.tar
# Transfer to new system
podman import container_export.tar new_image:latest
podman run -d new_image:latest
Quick Reference
Essential Container Commands
# Lifecycle
podman run -d nginx
podman stop container_name
podman start container_name
podman rm container_name
# Interaction
podman exec -it container_name bash
podman logs -f container_name
podman cp file.txt container_name:/path/
# Monitoring
podman ps
podman stats
podman top container_name
Common Options
-d, --detach: Run in background-it: Interactive with TTY-p, --publish: Publish ports-v, --volume: Mount volumes-e, --env: Environment variables--name: Container name--rm: Auto-remove on exit-u, --user: Run as user--restart: Restart policy-w, --workdir: Working directory