— Tutorial, Podman, Docker, OpenShift, Containers, Kubernetes, K8s — 1 min read
These are my notes for my exam prep and may not contain all the important aspects.
I am keeping notes for the areas that I find important and worthwile remembering
A container runs as a process in the host system, under a host O/S user and group ID
So the host directory needs to be configured with the ownership and permissions allowing access to the container.
In RHEL, the host directory needs to be configured with the appropriate SELinux context
The SELinux context is container_file_t
in RHEL.
Podman uses `container_file_t1 SELinux context restricts the containers access to host files
The purpose is to avoid leakage between the container and host
One way to set up host directory is
1$ sudo mkdir /var/dbfiles 23# If the host machine does not have the exactly the same user defined, the permission should be defined with the numeric userID from the container.4# For instance in the case of Red Hat provided MySQL service, the UID is 27 56$ sudo chown -R 27:27 /var/dbfiles7# the output is: changed ownership of 'var/dbfiles' from root:root to 27:27 89# then apply container_file_t context to the directory to allow containers to access to all of its contents 1011$ sudo semanage fcontext -a -t container_file_t '/vardbfiles(/.*)?'1213# apply SELinux container policy that you set up in the first step to the newly created dir 1415$ sudo restorecon -Rv /var/dbfiles 1617# now you are ready to mount the /vard/dbfiles to the container
CNCF sponsors the Container Networking Interface open project.
Podman uses CNI project to implement SDN (software defined network) for containers
Podman attaches each container to a virtual bridge and assign each container a private IP
Container configuration is at /etc/cni/net.d/87-podman-bridge.conflist
In RHEL, the podman configuration is in /etc/containers/registries.conf file
If you are using the latest RHEL, just uncomment the line to include docker.io, quay.io under [registries.search] section
1# to save a container as .tar file 2$ podman save -o [filename.tar] [sourceImage:tag]34# to load a tar into images 5$ podman load -i [filename.tar]