Configuring Registries in Podman
- To configure registries for the podman command, we need to update the /etc/containers/registries.conf file.
- Edit the registries entry in the [registries.search] section, adding an entry to the values list.
[registries.search]
registries = ["registry.access.redhat.com", "quay.io"]
- Secure connections to a registry require a trusted certificate.
- To support insecure connections, add the registry name to the registries entry in [registries.insecure] section of /etc/containers/registries.conf file:
[registries.insecure]
registries = ['localhost:5000']
Accessing Registries
Searching for images in Registries
The podman search command finds images by image name, user name, or description from all the registries listed in the /etc/containers/registries.conf configuration file.
$ sudo podman search [OPTIONS] <term>
Option: --limit <number>
Description: Limits the number of listed images per registry.
Option: --filter <filter=value>
Description: Filter output based on conditions provided.
Supported filters are:
•stars=<number>:Show only images with at least this number of Stars.
•is-automated=<true|false>: Show only images automatically built.
•is-official=<true|false>: Show only images flagged as official.
Option: --tls-verify <true|false>
Description: Enables or disables HTTPS certificate validation for all used registries. true
Registry Authentication
$ sudo podman login -u username -p password registry.access.redhat.com
Login Succeeded!
Pulling images
To pull container images from a registry, use the podman pull command
$ sudo podman pull [OPTIONS] [REGISTRY[:PORT]/]NAME[:TAG]
$ sudo podman pull rhscl/mysql-57-rhel7:5.7
By default, Podman stores container images in the /var/lib/containers/storage/overlay-images directory.
To list all the container images stored locally.
$ sudo podman images
To start a new container based on the rhscl/mysql-57-rhel7:5.7 image, use the following
command:
$ sudo podman run rhscl/mysql-57-rhel7:5.7
Saving and Loading Images
Existing images from the Podman local storage can be saved to a .tar file using the podman save command.
The generated file is not a regular TAR archive; it contains image metadata and preserves the original image layers.
Using this file, Podman can recreate the original image exactly as it was.
$ sudo podman save [-o FILE_NAME] IMAGE_NAME[:TAG]
The following example saves the previously downloaded MySQL container image from the
Red Hat Container Catalog to the mysql.tar file:
$ sudo podman save \
> -o mysql.tar registry.access.redhat.com/rhscl/mysql-57-rhel7:5.7
- Use the .tar files generated by the save subcommand for backup purposes.
- To restore the container image, use the podman load command.
$ sudo podman load [-i FILE_NAME]
$ sudo podman load -i mysql.tar
To save disk space, compress the file generated by the save subcommand with Gzip using the --compress parameter.
The load subcommand uses the gunzip command before importing the file to the local storage.
Deleting Images
To delete an image from the local storage, run the podman rmi command.
$ sudo podman rmi [OPTIONS] IMAGE [IMAGE...]
Any updates to images in a registry are not automatically updated.
The image must be removed and then pulled again to guarantee that the local storage has the latest version of an image.
Deleting all Images
To delete all images that are not used by any container
$ sudo podman rmi -a
The rmi subcommand has the --force option.
This option forces the removal of an image even if that the image is used by several containers or these containers are running.
Modifying Images
podman commit command is the most straightforward approach to creating new images, it is not recommended because of the image size (commit keeps logs and process ID files in the captured layers), and the lack of change traceability.
sudo podman commit [OPTIONS] CONTAINER \
> [REPOSITORY[:PORT]/]IMAGE_NAME[:TAG]
Option Description
--author "" Identifies who created the container image.
--message "" Includes a commit message to the registry.
--format Selects the format of the image. Valid options are oci and docker.
To find the ID of a running container in Podman
$ sudo podman ps
Eventually, administrators might customize the image and set the container to the desired state.
To identify which files were changed, created, or deleted since the container was started, use the diff subcommand.
This subcommand only requires the container name or container ID
$ sudo podman diff mysql-basic
To retrieve the list of mounted files and directories for a running container, use the podman inspect command
$ sudo podman inspect \
> -f "{{range .Mounts}}{{println .Destination}}{{end}}" CONTAINER_NAME/ID
To commit the changes to another image, run the following command:
$ sudo podman commit mysql-basic mysql-custom
Tagging Images
$ sudo podman tag [OPTIONS] IMAGE[:TAG] \
> [REGISTRYHOST/][USERNAME/]NAME[:TAG]
$ sudo podman tag mysql-custom devops/mysql
$ sudo podman tag mysql-custom devops/mysql:snapshot
Removing Tags from Images
A single image can have multiple tags assigned using the podman tag command. To remove them, use the podman rmi command, as mentioned earlier:
$ sudo podman rmi devops/mysql:snapshot
Publishing Images to a Registry
$ sudo podman push [OPTIONS] IMAGE [DESTINATION]
For example to push the bitnami/nginx image to its repository
$ sudo podman push quay.io/bitnami/nginx
References
