Rootless container management compatible with Docker commands.
Run a container (detached)
运行容器(后台模式)
podman run -d --name my-app alpine sleep 1000
podman run -d --name my-app alpine sleep 1000
List running containers
列出运行中的容器
List all containers (including stopped ones)
列出所有容器(包括已停止的)
Stop and remove a container
停止并删除容器
podman stop my-app
podman rm my-app
podman stop my-app
podman rm my-app
Inspect container details
查看容器详细信息
Logs and Execution
日志与命令执行
View container logs (non-interactive)
查看容器日志(非交互模式)
Execute a command in a running container
在运行中的容器内执行命令
podman exec my-app ls /app
podman exec my-app ls /app
podman pull alpine:latest
podman pull alpine:latest
Build an image from a Containerfile (or Dockerfile)
从Containerfile(或Dockerfile)构建镜像
podman build -t my-custom-image .
podman build -t my-custom-image .
podman rmi my-custom-image
podman rmi my-custom-image
Pods (Unique to Podman)
Pod(Podman独有功能)
Pods allow grouping multiple containers together so they share the same network namespace (localhost).
Pod可以将多个容器分组在一起,使它们共享同一个网络命名空间(localhost)。
podman pod create --name my-stack -p 8080:80
podman pod create --name my-stack -p 8080:80
Run a container inside a pod
在Pod内运行容器
podman run -d --pod my-stack --name nginx nginx
podman run -d --pod my-stack --name nginx nginx
Maintenance and Cleanup
维护与清理
Remove all stopped containers, unused networks, and dangling images
删除所有已停止的容器、未使用的网络和悬空镜像
Show disk usage by containers/images
查看容器/镜像的磁盘占用
Headless / Non-Interactive Tips
无头/非交互模式技巧
- Force Flag: Use or with , , and to avoid confirmation prompts.
- Detached Mode: Always use for long-running services to prevent the command from hanging. For interactive sessions, use:
tmux new -d 'podman run -it --name my-app alpine sh'
- Rootless: Podman runs in rootless mode by default for the current user. Ensure subuid/subgid are configured if running complex workloads.
- Docker Compatibility: Most commands can be prefixed with instead.
- 强制标志:在、和命令中使用或参数,跳过确认提示。
- 后台模式:对于长期运行的服务,始终使用参数避免命令挂起。如需交互式会话,可使用:
tmux new -d 'podman run -it --name my-app alpine sh'
- 无根模式:Podman默认以当前用户的无根模式运行。如果运行复杂工作负载,请确保已配置subuid/subgid。
- Docker兼容性:大多数命令只需将前缀替换为即可使用。
podman network create my-network
podman network create my-network
Run container on a network
在指定网络上运行容器
podman run --network my-network --name web nginx
podman run --network my-network --name web nginx
Connect existing container to network
将现有容器连接到网络
podman network connect my-network web
podman network connect my-network web
podman network inspect my-network
podman network inspect my-network
echo "my-secret-value" | podman secret create my-secret -
echo "my-secret-value" | podman secret create my-secret -
Use secret in container
在容器中使用密钥
podman run --secret my-secret,type=env,target=MY_SECRET alpine env
podman run --secret my-secret,type=env,target=MY_SECRET alpine env
Run container with health check
运行带健康检查的容器
podman run -d --health-cmd "curl -f
http://localhost/ || exit 1"
--health-interval 30s --health-retries 3
--name web nginx
podman run -d --health-cmd "curl -f
http://localhost/ || exit 1"
--health-interval 30s --health-retries 3
--name web nginx
Check health status
检查健康状态
podman inspect web | grep -A 10 "Health"
podman inspect web | grep -A 10 "Health"
Run container with auto-update policy
运行带自动更新策略的容器
podman run -d --label "io.containers.autoupdate=registry"
--name web nginx
podman run -d --label "io.containers.autoupdate=registry"
--name web nginx
podman auto-update --dry-run=false
podman auto-update --dry-run=false
Systemd Integration (Quadlet)
Systemd集成(Quadlet)
Podman can generate systemd service files for containers:
Podman可以为容器生成systemd服务文件:
Create a .container file
创建.container文件
cat > ~/.config/containers/systemd/my-app.container << EOF
[Container]
Image=nginx:latest
PublishPort=8080:80
EOF
cat > ~/.config/containers/systemd/my-app.container << EOF
[Container]
Image=nginx:latest
PublishPort=8080:80
EOF
Generate systemd service
生成systemd服务
podman generate systemd --new --files --name my-app
podman generate systemd --new --files --name my-app
systemctl --user enable --now container-my-app.service
systemctl --user enable --now container-my-app.service
Docker Compose Compatibility
Docker Compose兼容
Native podman compose support
Podman原生支持compose
podman compose up -d
podman compose down
podman compose logs
podman compose up -d
podman compose down
podman compose logs
Or use podman-compose (third-party tool)
或使用第三方工具podman-compose
pip install podman-compose
podman-compose up -d
pip install podman-compose
podman-compose up -d
Kubernetes Integration
Kubernetes集成
Generate Kubernetes YAML from container/pod
从容器/Pod生成Kubernetes YAML文件
podman generate kube my-pod > pod.yaml
podman generate kube my-pod > pod.yaml
Play Kubernetes YAML
运行Kubernetes YAML
podman kube play pod.yaml
podman kube play pod.yaml
Stop and remove Kubernetes resources
停止并移除Kubernetes资源
podman kube down pod.yaml
podman kube down pod.yaml
Remote Builds (Farm)
远程构建(Farm)
Farm out builds to remote machines
将构建任务分发到远程机器
podman farm build -t myimage .
podman farm build -t myimage .
List configured farms
列出已配置的Farm
Push OCI artifacts
推送OCI制品
podman artifact push myartifact.tar oci://registry.example.com/artifact
podman artifact push myartifact.tar oci://registry.example.com/artifact
Pull OCI artifacts
拉取OCI制品
podman artifact pull oci://registry.example.com/artifact
podman artifact pull oci://registry.example.com/artifact
- tmux: Run containers in background sessions
- nix: Alternative reproducible environments
- tmux:在后台会话中运行容器
- nix:可替代的可复现环境