目录
podman的使用与docker有什么区别?
podman的定位也是与docker兼容,因此在使用上面尽量靠近docker。在使用方面,可以分成两个方面来说,一是系统构建者的角度,二是使用者的角度。
在系统构建者方面,用podman的默认软件,与docker的区别不大,只是在进程模型、进程关系方面有所区别。如果习惯了docker几个关联进程的调试方法,在podman中则需要适应。可以通过pstree命令查看进程的树状结构。总体来看,podman比docker要简单。由于podman比docker少了一层daemon,因此重启的机制也就不同了。
在使用者方面,podman与docker的命令基本兼容,都包括容器运行时(run/start/kill/ps/inspect),本地镜像(images/rmi/build)、镜像仓库(login/pull/push)等几个方面。因此podman的命令行工具与docker类似,比如构建镜像、启停容器等。甚至可以通过alias
docker=podman可以进行替换。因此,即便使用了podman,仍然可以使用docker.io作为镜像仓库,这也是兼容性最关键的部分。
下图表示docker、podman的二级命令,它们相当接近。
podman简介
Podman是一个开源项目,可在大多数Linux平台上使用并开源在GitHub上。Podman是一个无守护进程的容器引擎,用于在Linux系统上开发,管理和运行Open Container Initiative(OCI)容器和容器镜像。Podman提供了一个与Docker兼容的命令行前端,它可以简单地作为Docker cli,简单地说你可以直接添加别名:alias docker = podman来使用podman。
Podman控制下的容器可以由root用户运行,也可以由非特权用户运行。Podman管理整个容器的生态系统,其包括pod,容器,容器镜像,和使用libpod library的容器卷。Podman专注于帮助您维护和修改OCI容器镜像的所有命令和功能,例如拉取和标记。它允许您在生产环境中创建,运行和维护从这些映像创建的容器。
podman的安装
[root@localhost ~]# yum -y install podman-docker
[root@localhost ~]# which podman
/usr/bin/podman
[root@localhost ~]# which docker
/usr/bin/docker
podman常用命令
帮助命令
podman version # 显示podman的版本信息
podman info # 显示podman的系统信息,包括镜像和容器的数量
podman 命令xxx --help # 帮助命令
podman rm 删除容器
podman rm 容器id # 删除指定容器,不能删除正在运行的容器,如果要强制删除 rm -f
podman rm -f $(docker ps -aq) # 删除所有的容器
podman ps -aq|xargs docker rm # 删除所有的容器
[root@localhost ~]# podman run -it docker.io/library/busybox /bin/sh
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 3cb635b06aa2 done
Copying config ffe9d497c3 done
Writing manifest to image destination
Storing signatures
/ #
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c47c56483104 docker.io/library/busybox:latest /bin/sh 6 minutes ago Up 6 minutes ago elated_mahavira
//拉取镜像
[root@localhost ~]# podman pull nginx
✔ docker.io/library/nginx:latest
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob ed835de16acd done
Copying blob 77700c52c969 done
Copying blob 21e0df283cd6 done
Copying blob e5ae68f74026 done
Copying blob 44be98c0fab6 done
Copying blob 881ff011f1c9 done
Copying config f652ca386e done
Writing manifest to image destination
Storing signatures
f652ca386ed135a4cbe356333e08ef0816f81b2ac8d0619af01e2b256837ed3e
// 查看镜像
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest ffe9d497c324 5 days ago 1.46 MB
docker.io/library/nginx latest f652ca386ed1 11 days ago 146 MB
//运行容器
[root@localhost ~]# podman run -d --name t1 -p 80 docker.io/library/nginx
3e7f3828192dd3f9ab51ef584cc4cd7a3b08f49fcec703a6c4102a6bf6cb162a
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c47c56483104 docker.io/library/busybox:latest /bin/sh 16 minutes ago Up 16 minutes ago elated_mahavira
3e7f3828192d docker.io/library/nginx:latest nginx -g daemon o... 17 seconds ago Up 16 seconds ago 0.0.0.0:40457->80/tcp t1
// -l 查看最新的容器信息
[root@localhost ~]# podman inspect -l
··············
"SandboxKey": "/run/netns/cni-8a3bddd1-a3c2-4bd6-c7b9-bc71989e6a7c",
"Networks": {
"podman": {
"EndpointID": "",
"Gateway": "10.88.0.1",
"IPAddress": "10.88.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
··················
[root@localhost ~]# curl 10.88.0.3
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
··················
//查看容器日志
[root@localhost ~]# podman logs -l //这里-l是最新的意思,不然需要指定一个容器
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/12/13 11:08:21 [notice] 1#1: using the "epoll" event method
2021/12/13 11:08:21 [notice] 1#1: nginx/1.21.4
2021/12/13 11:08:21 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2021/12/13 11:08:21 [notice] 1#1: OS: Linux 4.18.0-257.el8.x86_64
//查看容器PID
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3e7f3828192d docker.io/library/nginx:latest nginx -g daemon o... 10 minutes ago Up 10 minutes ago 0.0.0.0:40457->80/tcp t1
[root@localhost ~]# podman top t1
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.000 11m9.772675994s ? 0s nginx: master process nginx -g daemon off;
nginx 31 1 0.000 11m8.772811194s ? 0s nginx: worker process
nginx 32 1 0.000 11m8.772890615s ? 0s nginx: worker process
//上传镜像
[root@localhost ~]# podman login docker.io
Username: weixiaoya
Password:
Login Succeeded!
[root@localhost ~]# podman tag docker.io/library/nginx:latest weixiaoya/test:nginx
[root@localhost ~]# podman push weixiaoya/test:nginx
Getting image source signatures
Copying blob b85734705991 done
Copying blob 988d9a3509bb done
Copying blob e3135447ca3e done
Copying blob 59b01b87c9e7 done
Copying blob 7c0b223167b9 done
Copying blob 814bff734324 done
Copying config 08b152afcf done
Writing manifest to image destination
Storing signatures
查看子命令的用法
[root@localhost ~]# man podman-attach
EXAMPLES
Attach to a container called "foobar".
$ podman attach foobar
Attach to the latest created container.
$ podman attach --latest
Attach to a container that start with the ID "1234".
$ podman attach 1234
Attach to a container without attaching STDIN.
$ podman attach --no-stdin foobar
//指定镜像做的历史
[root@localhost ~]# podman history docker.io/library/busybox
ID CREATED CREATED BY SIZE COMMENT
ffe9d497c324 6 days ago /bin/sh -c #(nop) CMD ["sh"] 0 B
<missing> 6 days ago /bin/sh -c #(nop) ADD file:e2d2d9591696b14... 1.46 MB
//使用iamge管理镜像,使用images看镜像
[root@localhost ~]# podman image --help
Manage images
Description:
Manage images
Usage:
podman image [command]
Available Commands:
build Build an image using instructions from Containerfiles
diff Inspect changes to the image's file systems
exists Check if an image exists in local storage
history Show history of a specified image
import Import a tarball to create a filesystem image
inspect Display the configuration of an image
list List images in local storage
load Load image(s) from a tar archive
mount Mount an image's root filesystem
prune Remove unused images
pull Pull an image from a registry
push Push an image to a specified destination
rm Removes one or more images from local storage
save Save image(s) to an archive
scp securely copy images
search Search registry for image
sign Sign an image
tag Add an additional name to a local image
tree Prints layer hierarchy of an image in a tree format
trust Manage container image trust policy
unmount Unmount an image's root filesystem
untag Remove a name from a local image
//查看镜像有几层
[root@localhost ~]# podman image tree docker.io/my922/nginx
Image ID: c69af231e7f6
Tags: [localhost/nginx:latest docker.io/my922/nginx:latest]
Size: 565.4MB
Image Layers
├── ID: 74ddd0ec08fa Size: 238.6MB Top Layer of: [docker.io/library/centos:latest]
├── ID: d253d66bdbee Size: 6.723MB
└── ID: 60c95eeded28 Size: 320.1MB Top Layer of: [localhost/nginx:latest docker.io/my922/nginx:latest]
//查看详细信息
[root@localhost ~]# podman info
host:
arch: amd64
buildahVersion: 1.23.1
cgroupControllers:
- cpuset
- cpu
- cpuacct
- blkio
- memory
- devices
- freezer
- net_cls
- perf_event
- net_prio
- hugetlb
- pids
- rdma
cgroupManager: systemd
cgroupVersion: v1
conmon:
package: conmon-2.0.30-1.module_el8.6.0+944+d413f95e.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.0.30, commit: e28f6ed9f4a6f18e27f3efdab92de483806e6b9c'
普通用户使用podman的方式
在允许没有root特权的用户运行Podman之前,管理员必须安装或构建Podman并完成以下配置
cgroup V2Linux内核功能允许用户限制普通用户容器可以使用的资源,如果使用cgroup V2启用了运行Podman的Linux发行版,则可能需要更改默认的OCI运行时。某些较旧的版本runc不适用于cgroup V2,必须切换到备用OCI运行时crun。
[root@localhost ~]# yum -y install crun //centos8系统自带
[root@localhost ~]# vi /usr/share/containers/containers.conf
446 # Default OCI runtime
447 #
448 runtime = "crun" //取消注释并将值改为crun
[root@localhost ~]# podman run -d --name t2 -p 80 docker.io/library/nginx
d869cc283561d6a4a07267ac2f71e4b09c0799f22bfe5c27516cccb7272fab4d
[root@localhost ~]# podman inspect t2 | grep crun
"OCIRuntime": "crun",
"crun",
slirp4netns
slirp4netns包为普通用户提供一种网络模式
[root@localhost ~]# yum -y install slirp4netns
安装fuse-overlayfs
在普通用户环境中使用Podman时,建议使用fuse-overlayfs而不是VFS文件系统,至少需要版本0.7.6。现在新版本默认就是了。
[root@localhost ~]# yum -y install fuse-overlayfs
[root@localhost ~]# vi /etc/containers/storage.conf
77 mount_program = "/usr/bin/fuse-overlayfs" //取消注释
/etc/subuid和/etc/subgid配置
Podman要求运行它的用户在/etc/subuid和/etc/subgid文件中列出一系列UID,shadow-utils或newuid包提供这些文件。
[root@localhost ~]# yum -y install shadow-utils\
#可以在/etc/subuid和/etc/subgid查看,每个用户的值必须唯一且没有任何重叠。
[root@localhost ~]# podman exec -it t2 /bin/bash
root@d869cc283561:/# id
uid=0(root) gid=0(root) groups=0(root)
root@d869cc283561:/# useradd yaya
root@d869cc283561:/# cat /etc/subuid
yaya:100000:65536
root@d869cc283561:/# useradd hh
root@d869cc283561:/# cat /etc/subuid
yaya:100000:65536
hh:165536:65536
该文件的格式为USERNAME:UID:RANGE
- 在/ etc / passwd或getpwent中列出的用户名。
- 为用户分配的初始uid。
- 为用户分配的UID范围的大小
用户的配置文件
三个主要的配置文件是container.conf,storage.conf和registries.conf。用户可以根据需要修改这些文件。
container.conf
Podman读取时,按照循序来了,当前面一位找不到时,就去找下一个
1./usr/share/containers/containers.conf
2./etc/containers/containers.conf
3.$HOME/.config/containers/containers.conf
storage.conf
对于storge.conf则是
1./etc/containers/storage.conf
2.$HOME/.config/containers/storage.conf
在普通用户中/etc/containers/storage.conf的一些字段将被忽略
graphroot=``""`` ``container storage graph ``dir` `(default: ``"/var/lib/containers/storage"``)`` ``Default directory to store all writable content created by container storage programs.` `runroot=``""`` ``container storage run ``dir` `(default: ``"/run/containers/storage"``)`` ``Default directory to store all temporary writable content created by container storage programs.
在普通用户中这些字段默认
graphroot=``"$HOME/.local/share/containers/storage"``runroot=``"$XDG_RUNTIME_DIR/containers"
registries.conf
配置按此顺序读入,这些文件不是默认创建的,可以从/usr/share/containers或复制文件/etc/containers并进行修改。
1./etc/containers/registries.conf
2./etc/containers/registries.d/*
3.HOME/.config/containers/registries.conf
授权文件
podman login 登录,默认授权文件位于中${XDG_RUNTIME_DIR}/containers/auth.json
[root@localhost ~]# cat /run/user/0/containers/auth.json
{
"auths": {
"docker.io": {
"auth": "**********************="
}
}
}
podman的开机自启
由于 Podman 不再使用守护进程管理服务,所以不能通过守护进程去实现自动重启容器的功能。那如果要实现开机自动重启容器,又该如何实现呢?
其实方法很简单,现在大多数系统都已经采用 Systemd 作为守护进程管理工具。这里我们就可以使用 Systemd 来实现 Podman 开机重启容器,这里我们以启动一个 Nginx 容器为例子。
首先,运行一个 Nginx 容器
[root@localhost ~]# podman run -d -p 80:80 --name nginx nginx:latest
068c0bf145840cd2895dadfeed3dad7c0cf0d24bb17d63a51698bd9e025085f5
然后,在本机创建一个systemd服务配置文件
[root@localhost ~]# vi /etc/systemd/system/nginx_container.service
[root@localhost ~]# cat /etc/systemd/system/nginx_container.service
[Unit]
Description=Podman Nginx Service
After=network.target
After=network-online.target
[Service]
Type=simple
ExecStart=/usr/bin/podman start -a nginx
ExecStop=/usr/bin/podman stop -t 10 nginx
Restart=always
[Install]
WantedBy=multi-user.target
启用这个systemd服务
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl enable --now nginx_container.service
Created symlink /etc/systemd/system/multi-user.target.wants/nginx_container.service → /etc/systemd/system/nginx_container.service.
服务启用成功后,我们可以通过systemctl status命令查看到这个服务的运行状况
[root@localhost ~]# systemctl status nginx_container.service
● nginx_container.service - Podman Nginx Service
Loaded: loaded (/etc/systemd/system/nginx_container.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2021-12-14 23:46:37 CST; 41s ago
Main PID: 1550778 (podman)
Tasks: 8 (limit: 11201)
Memory: 26.3M
CGroup: /system.slice/nginx_container.service
└─1550778 /usr/bin/podman start -a nginx
12月 14 23:46:37 localhost.localdomain systemd[1]: Started Podman Nginx Service.
之后每次系统重启后 Systemd 都会自动启动这个服务所对应的容器
使用普通用户设置开机自启
[root@localhost ~]# su - yaya
[yaya@localhost ~]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[yaya@localhost ~]$ podman run --name web -d nginx
✔ docker.io/library/nginx:latest
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob 881ff011f1c9 done
Copying blob e5ae68f74026 done
Copying blob 21e0df283cd6 done
Copying blob ed835de16acd done
Copying blob 77700c52c969 done
Copying blob 44be98c0fab6 done
Copying config f652ca386e done
Writing manifest to image destination
Storing signatures
7e3747d4ebd5bcb6da1034bdd44e6163aef158d603143a550707fc481eac01a1
[yaya@localhost ~]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7e3747d4ebd5 docker.io/library/nginx:latest nginx -g daemon o... 50 seconds ago Up 49 seconds ago web
[yaya@localhost ~]$ cd .config/
[yaya@localhost .config]$ ls
cni
[yaya@localhost .config]$ mkdir systemd/user -p
[yaya@localhost .config]$ tree
.
├── cni
│ └── net.d
│ └── 87-podman.conflist
└── systemd
└── user
[yaya@localhost user]$ pwd
/home/yaya/.config/systemd/user
[yaya@localhost user]$ podman generate systemd --files --name web
/home/yaya/.config/systemd/user/container-web.service
//停掉容器
[yaya@localhost user]$ podman stop web
web
[yaya@localhost user]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7e3747d4ebd5 docker.io/library/nginx:latest nginx -g daemon o... 3 minutes ago Exited (0) 9 seconds ago web
//加载
[yaya@localhost user]$ systemctl daemon-reload
==== AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon ====
Authentication is required to reload the systemd state.
Authenticating as: root
Password:
==== AUTHENTICATION COMPLETE ====
[yaya@localhost user]$
podman网络
port
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3e7f3828192d docker.io/library/nginx:latest nginx -g daemon o... 24 hours ago Up 24 hours ago 0.0.0.0:40457->80/tcp t1
[root@localhost ~]# podman port 3e7f3828192d
80/tcp -> 0.0.0.0:40457
共享网络
[root@localhost ~]# podman run -it docker.io/library/busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether c2:8b:3d:6e:63:23 brd ff:ff:ff:ff:ff:ff
inet 10.88.0.5/16 brd 10.88.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::c08b:3dff:fe6e:6323/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# podman run -it docker.io/library/busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether de:a4:e6:16:b0:81 brd ff:ff:ff:ff:ff:ff
inet 10.88.0.6/16 brd 10.88.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::dca4:e6ff:fe16:b081/64 scope link
valid_lft forever preferred_lft forever
/ #
/ # ping 10.88.0.5
PING 10.88.0.5 (10.88.0.5): 56 data bytes
64 bytes from 10.88.0.5: seq=0 ttl=64 time=0.292 ms
64 bytes from 10.88.0.5: seq=1 ttl=64 time=0.314 ms
64 bytes from 10.88.0.5: seq=2 ttl=64 time=0.102 ms
//容器启动时会生成网卡,容器退出后网卡也会没有,但cni网卡依然存在
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:f9:6a brd ff:ff:ff:ff:ff:ff
inet 192.168.235.172/24 brd 192.168.235.255 scope global dynamic noprefixroute ens33
valid_lft 1426sec preferred_lft 1426sec
inet6 fe80::f0c5:7dad:6ced:2d9d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: cni-podman0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ce:11:42:df:0a:42 brd ff:ff:ff:ff:ff:ff
inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
valid_lft forever preferred_lft forever
inet6 fe80::cc11:42ff:fedf:a42/64 scope link
valid_lft forever preferred_lft forever
5: veth8a3f2b0f@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master cni-podman0 state UP group default
link/ether 16:18:a7:89:7f:cb brd ff:ff:ff:ff:ff:ff link-netns cni-8a3bddd1-a3c2-4bd6-c7b9-bc71989e6a7c
inet6 fe80::1418:a7ff:fe89:7fcb/64 scope link
valid_lft forever preferred_lft forever
6: veth7cd3a65b@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master cni-podman0 state UP group default
link/ether 5a:6c:a3:d6:c6:48 brd ff:ff:ff:ff:ff:ff link-netns cni-d108a91a-e92e-4e2b-15ca-2dffbe9dda23
inet6 fe80::586c:a3ff:fed6:c648/64 scope link
valid_lft forever preferred_lft forever
7: vethf4c05de2@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master cni-podman0 state UP group default
link/ether 0a:d6:e1:11:8d:49 brd ff:ff:ff:ff:ff:ff link-netns cni-1a06e4be-46ba-3041-1eec-317296bf9fb4
inet6 fe80::8d6:e1ff:fe11:8d49/64 scope link
valid_lft forever preferred_lft forever
8: veth5612c73f@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master cni-podman0 state UP group default
link/ether 2a:20:70:31:cc:fc brd ff:ff:ff:ff:ff:ff link-netns cni-986ccddb-0439-de53-0d14-a934bb47b19e
inet6 fe80::2820:70ff:fe31:ccfc/64 scope link
valid_lft forever preferred_lft forever
//退出两个容器
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:f9:6a brd ff:ff:ff:ff:ff:ff
inet 192.168.235.172/24 brd 192.168.235.255 scope global dynamic noprefixroute ens33
valid_lft 1376sec preferred_lft 1376sec
inet6 fe80::f0c5:7dad:6ced:2d9d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: cni-podman0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ce:11:42:df:0a:42 brd ff:ff:ff:ff:ff:ff
inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
valid_lft forever preferred_lft forever
inet6 fe80::cc11:42ff:fedf:a42/64 scope link
valid_lft forever preferred_lft forever
5: veth8a3f2b0f@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master cni-podman0 state UP group default
link/ether 16:18:a7:89:7f:cb brd ff:ff:ff:ff:ff:ff link-netns cni-8a3bddd1-a3c2-4bd6-c7b9-bc71989e6a7c
inet6 fe80::1418:a7ff:fe89:7fcb/64 scope link
valid_lft forever preferred_lft forever
6: veth7cd3a65b@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master cni-podman0 state UP group default
link/ether 5a:6c:a3:d6:c6:48 brd ff:ff:ff:ff:ff:ff link-netns cni-d108a91a-e92e-4e2b-15ca-2dffbe9dda23
inet6 fe80::586c:a3ff:fed6:c648/64 scope link
valid_lft forever preferred_lft forever
创建新网络
[root@localhost ~]# docker network create mynetwork
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
/etc/cni/net.d/mynetwork.conflist
[root@localhost ~]# docker network ls
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
NETWORK ID NAME VERSION PLUGINS
2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuning
6d1b23123e26 mynetwork 0.4.0 bridge,portmap,firewall,tuning