These are my notes for my exam prep and may not contain all the important aspects.

I am keeping notes for the areas that I find important and worthwile remembering

Attaching Persistent Storage to Containers

A container runs as a process in the host system, under a host O/S user and group ID

So the host directory needs to be configured with the ownership and permissions allowing access to the container.

In RHEL, the host directory needs to be configured with the appropriate SELinux context

The SELinux context is container_file_t in RHEL.

Podman uses `container_file_t1 SELinux context restricts the containers access to host files

The purpose is to avoid leakage between the container and host

One way to set up host directory is

Copycopy code to clipboard
1$ sudo mkdir /var/dbfiles 
2
3# If the host machine does not have the exactly the same user defined, the permission should be defined with the numeric userID from the container.
4# For instance in the case of Red Hat provided MySQL service, the UID is 27 
5
6$ sudo chown -R 27:27 /var/dbfiles
7# the output is: changed ownership of 'var/dbfiles' from root:root to 27:27 
8
9# then apply container_file_t context to the directory to allow containers to access to all of its contents 
10
11$ sudo semanage fcontext -a -t container_file_t '/vardbfiles(/.*)?'
12
13# apply SELinux container policy that you set up in the first step to the newly created dir 
14
15$ sudo restorecon -Rv /var/dbfiles 
16
17# now you are ready to mount the /vard/dbfiles to the container

Accessing containers

CNCF sponsors the Container Networking Interface open project.

Podman uses CNI project to implement SDN (software defined network) for containers

Podman attaches each container to a virtual bridge and assign each container a private IP

Container configuration is at /etc/cni/net.d/87-podman-bridge.conflist

Configuring Registries

In RHEL, the podman configuration is in /etc/containers/registries.conf file

If you are using the latest RHEL, just uncomment the line to include docker.io, quay.io under [registries.search] section

Manipulating Container Images

Copycopy code to clipboard
1# to save a container as .tar file 
2$ podman save -o [filename.tar] [sourceImage:tag]
3
4# to load a tar into images 
5$ podman load -i [filename.tar]