Check out my blog for guides on podman, fedora core os, SELinux in containers and more: https://blog.nerdon.eu/tag/containers-virtualization/
This guide will help you get started with Podman and Quadlet in a simple, non-technical way. Scroll down for TEMPLATES for .container, .network and .env . 🚀
Did you know? You can use Cockpit or Portainer with podman
Quadlet is a way to run and manage containers in Podman using systemd services. You write .container files, and systemd takes care of running and managing the container.
Rootless means you don't need admin (root) permissions to run containers. If something malicious break out of the container, it won't do so much damage.
-
Set up the directories 📂:
mkdir -p ~/.config/containers/systemd/Later, put your
.container,.network, and.envfiles in this directory. -
Create or modify a .container file 🛠️:
nano ~/.config/containers/systemd/myapp.containerThis is where you define your container. Example template below.
-
Reload systemd 🔄:
systemctl --user daemon-reload -
Prepare persistent storage 🗂️ (important): Before starting the container, create the directories for persistent storage.
mkdir -p /path/to/storage/containerfolder -
Start the container
▶️ :systemctl --user start myapp.service -
Troubleshooting ❗: If something goes wrong, you can try to use this command to check logs:
journalctl --user -u myapp.service --no-pager -n 50
In rootful mode, you need admin (root) permissions.
- Use sudo 🛑: Prefix every command with
sudo. - Change directory for container files 📁: Put your
.containerfiles in/etc/containers/systemd/. - Run commands:
- Same as rootless, but without the
--userflag:sudo systemctl start myapp.service
- Same as rootless, but without the
To automatically update your containers:
- Add the line
AutoUpdate=registryin your.containerfile. - Enable the Podman auto-update service:
systemctl --user enable podman-auto-update
- Pull the latest image:
podman pull docker.io/my-image:latest - Restart the container:
systemctl --user restart myapp.service
[Unit]
Description= # (Optional) A brief description of the service
Wants= # (Optional) Services you want to run with this one
After= # (Optional) Services that need to start before this one
[Container]
ContainerName= # (Mandatory) The container's name
Image= # (Mandatory) The container image to use (e.g., docker.io/library/alpine)
EnvironmentFile= # (Optional) Path to an .env file
Environment= # (Optional) Key=value pairs for environment variables
Volume= # (Optional) Persistent storage paths (host:container)
Network= # (Optional) Custom network for the container
PublishPort= # (Optional) Ports to expose (host:container)
Exec= # (Optional) Custom command to run in the container
PodmanArgs= # (Optional) Additional Podman arguments
AddCapability= # (Optional) Extra capabilities to add to the container
AddDevice= # (Optional) Add host devices to the container
SecurityLabelDisable= # (Optional) Disable SELinux labels
User= # (Optional) Run as a specific user inside the container
Label= # (Optional) Add metadata labels to the container
UIDMap= # (Optional) User ID mapping. Example: 0:10000:10 (Inside:Outside:Range)
GIDMap= # (Optional) Group ID mapping Example: 0:10000:10 (Inside:Outside:Range)
[Service]
Restart= # (Optional) Set to 'always' or 'on-failure' to restart on failure
TimeoutStartSec= # (Optional) Time to wait before considering a failure
[Install]
WantedBy= # (Optional) Target to start with (default: multi-user.target). For graphical user interface systems default.target
For setting up custom container networks:
[Network]
Subnet=192.168.99.0/24 # (Mandatory) Subnet for the network
Gateway=192.168.99.1 # (Mandatory) Gateway IP address
Label # (Optional) Custom label for the network
Define environment variables:
ENVIROMENT_FIELD=your_secret_value # Add your custom variables here. Such as PGID=200
That's it! You're ready to manage containers with Quadlet. 😊