Podman学习笔记

又开始折腾了，真的是忍不住

介绍

• 官网：https://podman.io/
• Github：
• Podman Compose:

安装

先决条件

由于 Podman 使用 WSL，因此需要最新版本的 Windows 10 或 Windows 11。在 x64 上，WSL 需要内部版本 18362 或更高版本，以及 19041 或 ARM64 系统需要 later。在内部，WSL 使用 虚拟化，因此您的系统必须支持并具有硬件 已启用虚拟化。如果在 VM 上运行 Windows，则必须 具有支持嵌套虚拟化的 VM。

WSL 版本需要 >= 1.2.5，执行 wsl --version 查看当前版本号，如果版本过低，请先升级 WSL。

我的电脑在执行 wsl --version 命令后，提示如下信息：

wsl --version
命令行选项无效: --version
版权所有(c) Microsoft Corporation。保留所有权利。

说明我电脑上的wsl版本太旧了，直接进行更新即可

 Desktop  wsl --update
正在安装: 适用于 Linux 的 Windows 子系统
已安装 适用于 Linux 的 Windows 子系统。
 Desktop  wsl --version
WSL 版本： 2.1.5.0
内核版本： 5.15.146.1-2
WSLg 版本： 1.0.60
MSRDC 版本： 1.2.5105
Direct3D 版本： 1.611.1-81528511
DXCore 版本： 10.0.25131.1002-220531-1700.rs-onecore-base2-hyp
Windows 版本： 10.0.22631.3447

还建议安装现代的“Windows Terminal”， 它为标准 PowerShell 提供了卓越的用户体验，并且 CMD 提示以及 WSL 提示（如果需要）。

您可以通过搜索 Windows 应用商店或运行 winget 命令：

winget install Microsoft.WindowsTerminal

安装 Podman

安装 Windows Podman 客户端首先要下载 Podman Windows 安装程序。Windows 安装程序是与每个 Podman 一起构建的 版本，可以从官方 GitHub 版本下载 页面 。请务必下载 4.1 或更高版本的 本指南中讨论的功能。

安装 Podman Compose

官方手册

进入桌面端： Settings > Resources.
在 Compose 标题, 点击 Setup, 这时Podman就会去下载 Podman Compose 安装程序，这个过程持续时长视网络情况而定，安装成功后界面会提示进行下一步，然后跟着提示操作即可.

配置镜像

https://podman-desktop.io/docs/containers/registries#setting-up-a-registry-with-an-insecure-certificate

默认配置文件在 podman machine 内部，执行命令：

podman machine ssh --username root
vi /etc/containers/registries.conf

贴出示例文件，说明都在注释里面，看不懂的翻译一下即可

# For more information on this configuration file, see containers-registries.conf(5).
#
# NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES
# We recommend always using fully qualified image names including the registry
# server (full dns name), namespace, image name, and tag
# (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,
# quay.io/repository/name@digest) further eliminates the ambiguity of tags.
# When using short names, there is always an inherent risk that the image being
# pulled could be spoofed. For example, a user wants to pull an image named
# `foobar` from a registry and expects it to come from myregistry.com. If
# myregistry.com is not first in the search list, an attacker could place a
# different `foobar` image at a registry earlier in the search list. The user
# would accidentally pull and run the attacker's image and code rather than the
# intended content. We recommend only adding registries which are completely
# trusted (i.e., registries which don't allow unknown or anonymous users to
# create accounts with arbitrary names). This will prevent an image from being
# spoofed, squatted or otherwise made insecure.  If it is necessary to use one
# of these registries, it should be added at the end of the list.
#
# # An array of host[:port] registries to try when pulling an unqualified image, in order.
unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io", "quay.io"]
#
[[registry]]
# # The "prefix" field is used to choose the relevant [[registry]] TOML table;
# # (only) the TOML table with the longest match for the input image name
# # (taking into account namespace/repo/tag/digest separators) is used.
# #
# # The prefix can also be of the form: *.example.com for wildcard subdomain
# # matching.
# #
# # If the prefix field is missing, it defaults to be the same as the "location" field.
# prefix = "example.com/foo"
prefix = "*.ustc.edu.cn"
#
# # If true, unencrypted HTTP as well as TLS connections with untrusted
# # certificates are allowed.
# insecure = false
#
# # If true, pulling images with matching names is forbidden.
# blocked = false
#
# # The physical location of the "prefix"-rooted namespace.
# #
# # By default, this is equal to "prefix" (in which case "prefix" can be omitted
# # and the [[registry]] TOML table can only specify "location").
# #
# # Example: Given
# #   prefix = "example.com/foo"
# #   location = "internal-registry-for-example.com/bar"
# # requests for the image example.com/foo/myimage:latest will actually work with the
# # internal-registry-for-example.com/bar/myimage:latest image.
#
# # The location can be empty if prefix is in a
# # wildcarded format: "*.example.com". In this case, the input reference will
# # be used as-is without any rewrite.
# location = internal-registry-for-example.com/bar"
#
# # (Possibly-partial) mirrors for the "prefix"-rooted namespace.
# #
# # The mirrors are attempted in the specified order; the first one that can be
# # contacted and contains the image will be used (and if none of the mirrors contains the image,
# # the primary location specified by the "registry.location" field, or using the unmodified
# # user-specified reference, is tried last).
# #
# # Each TOML table in the "mirror" array can contain the following fields, with the same semantics
# # as if specified in the [[registry]] TOML table directly:
# # - location
# # - insecure

[[registry.mirror]]
location = "docker.mirrors.ustc.edu.cn"

# location = "example-mirror-0.local/mirror-for-foo"
# [[registry.mirror]]
# location = "example-mirror-1.local/mirrors/foo"
# insecure = true
# # Given the above, a pull of example.com/foo/image:latest will try:
# # 1. example-mirror-0.local/mirror-for-foo/image:latest
# # 2. example-mirror-1.local/mirrors/foo/image:latest
# # 3. internal-registry-for-example.com/bar/image:latest
# # in order, and use the first one that exists.

short-name-mode="enforcing"

其他相关工具

Kind

• 官网：https://kind.sigs.k8s.io/
• Github：

kind 是使用 Docker 容器“节点”运行本地 Kubernetes 集群的工具。

kind 主要用于测试 Kubernetes 本身，但也可用于本地开发或 CI。

如果您已经 安装了 go 1.16+ 和 docker 、 podman 或 nerdctl go install sigs.k8s.io/kind@v0.22.0 && kind create cluster 就是你所需要的！

K3s

• 官网：https://k3s.io/
• Github：

K3s 是轻量级的 Kubernetes。K3s 易于安装，仅需要 Kubernetes 内存的一半，所有组件都在一个小于 100 MB 的二进制文件中。

它适用于：

• Edge
• IoT
• CI
• Development
• ARM
• 嵌入 K8s
• 不去学习那么多的 Kubernetes 高深知识也能上手使用

K3d

• 官网：https://k3d.io/
• Github：

k3d 是一个轻量级的包装器，用于 在 docker 中运行 k3s （Rancher Lab 的最小 Kubernetes 发行版）。

k3d 使得在 docker 中创建单节点和多节点 k3s 集群变得非常容易，例如用于 Kubernetes 上的本地开发。

注意： k3d 是一个 社区驱动的项目 ，但它不是 Rancher （SUSE） 的官方产品。 赞助 ：为了花费大量时间改进 k3d，我们依靠赞助