The original link: fuckcloudnative. IO/posts/use – p…

Podman is a daemon free, Docker compliant next generation Linux container tool. The project is led by RedHat. See the Podman user guide for more details.

Podman has always run only on Linux, and macOS and Windows can manage containers only by remotely connecting to Podman’s API through the CLI. In fact, Docker does not support macOS and Windows, but Docker has launched a special client for Windows and macOS, which integrates virtualizations related Settings and supports Docker by nesting a layer of virtualization. For Podman, the only way to run on macOS is through virtualization, and there are a number of solutions available online, mostly through Virtualbox, that aren’t very elegant. This article presents a more elegant solution, which is not perfect, but as close as I can get.

HyperKit introduction

HyperKit is a lightweight virtualization tool set with Hyperisor capabilities, including a complete Hypervisor based on Xhyve (The BSD Hypervisor). HyperKit is designed as an interface to upper-layer components such as VPNKit and DataKit. Xhyve is a Mac OS X port based on Bhyve, which is a virtualization technology under FreeBSD…

As we know, Docker on Linux uses the container method of Linux native support to achieve the isolation of resources and environment, directly using the host kernel, performance close to native. However, virtualization is still required on macOS. Early Docker simply built virtual machines in open source VirtualBox, which had low performance. The late Docker is based on HyperKit, a lightweight virtualization framework, and is said to have greatly improved performance.

This article shows you how to use Podman with HyperKit. The method is simple: first create a lightweight VIRTUAL machine using Hyperkit, then install Podman in the VIRTUAL machine and enable remote API, and finally connect to Podman in the virtual machine using CLI locally. This works the same way as Docker in macOS, except that Podman has no daemons and saves a lot of resources compared to Docker.

2. Install HyperKit

You can download the source code to build HyperKit yourself, but I do not recommend doing so, as different Versions of macOS will encounter various errors. Here are two super easy ways to do it:

  1. Directly through the installation of Docker to obtain HyperKit, because Docker Desktop on Mac is based on HyperKit implementation, so installation of Docker Desktop on Mac will be able to obtain a complete HyperKit operating environment. The whole process will be very smooth and simple. After installing Docker, you can never open Docker and use HyperKit directly. Or you can uninstall Docker directly, before uninstalling the hyperKit binary backup, because uninstalling Docker will also delete the HyperKit binary.

  2. Obtain HyperKit directly by installing Multipass. Multipass is a workstation developed by Canonical (Ubuntu) based on a native Hypervisor implementation built into different operating systems. Because Windows(Hyper-V), macOS (HyperKit), and Linux (KVM) all support hypervisor-natively, it is possible to create and run An Ubuntu VM in a shell using the multipass shell command. On macOS, the default back end is HyperKit, which requires macOS Yosemite (10.10.3) or higher and Mac devices that were installed after 2010. The installation method is simple:

    $ brew cask install multipass
    Copy the code

    After installed in the/Library/Application Support/com. Canonical. Multipass find hyperkit binary files/bin/directory.

3. Create a VM

You can create virtual machines directly through HyperKit, but the parameters are more complex, interested in your own research. I recommend using multipass directly. The command is very simple:

$ multipass launch -c 2 -d 10G -m 2G -n podman
Copy the code
  • -n: specifies the name of the startup instance
  • -c: Indicates the number of cpus to be allocated
  • -d: Sets the disk capacity
  • -m: Sets the memory capacity

When starting a VIRTUAL machine for the first time, the image will be pulled out, and the domestic network speed may be slow.

View VMS that have been started:

$multipass list Name State IPv4 Image Podman Running 192.168.64.2 Ubuntu 20.04 LTSCopy the code

Enter the VM:

$multipass shell Podman Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-52-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Sun Nov 8 19:30:29 CST 2020 System load: 0.0 the Processes: 119 Usage of /: 13.4% of 11.46GB Users loggedin:         0
  Memory usage: 11%                IPv4 address forEnp0s2:192.168.64.2 Swap usage: 0% 0 updates can be installed immediately. 0 of these updates are security updates. Last login: Sun Nov 8 17:38:31 2020 from 192.168.64.1 ubuntu@podman:~$Copy the code

4. Install Podman

To install Podman in a virtual machine:

ubuntu@podman:~$ . /etc/os-release
ubuntu@podman:~$ echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /" | ubuntu@podman:~$ sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
ubuntu@podman:~$ curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key | sudo apt-key add -
ubuntu@podman:~$ sudo apt-get update
ubuntu@podman:~$ sudo apt-get -y upgrade
ubuntu@podman:~$ sudo apt-get -y install podman
Copy the code

5. Set up the Podman Socket

Podman relies on Systemd’s socket activation feature. If Daemon B is dependent on Daemon A, it must wait until Daemon A finishes starting. The idea of socket activation is that when A Daemon B starts, it does not need A Daemon A to start. It only needs the socket A has created to be in Listen state. This socket is not created by Daemon A, but by Systemd at system initialization. When Daemon B starts A connection, SystemD starts Daemon A, and when Daemon A starts, returns the socket to Daemon A.

Socket: /run/ Podman /podman. socket: /run/ Podman /podman. socket: /run/ Podman/Podman. Podman. service to take over the socket. Socket = podman.socket = podman.service

ubuntu@podman:~$ sudo systemctl cat podman.socket
# /lib/systemd/system/podman.socket[Unit] Description=Podman API Socket Documentation=man:podman-system-service(1) [Socket] ListenStream=%t/podman/podman.sock SocketMode=0660 [Install] WantedBy=sockets.target ubuntu@podman:~$ sudo systemctl cat  podman.service# /lib/systemd/system/podman.service
[Unit]
Description=Podman API Service
Requires=podman.socket
After=podman.socket
Documentation=man:podman-system-service(1)
StartLimitIntervalSec=0

[Service]
Type=notify
KillMode=process
ExecStart=/usr/bin/podman system service
Copy the code

Set podman.socket to boot immediately:

ubuntu@podman:~$ sudo systemctl enable podman.socket --now
Copy the code

Verify that the socket is listening:

ubuntu@podman:~$podman --remote info host: arch: amd64 buildahVersion: 1.16.1 cgroupManager: Systemd cgroupVersion: v1 conmon: package:'conmon: /usr/libexec/podman/conmon'
    path: /usr/libexec/podman/conmon
    version: 'conmon version 2.0.20, commit: '
  cpus: 2
  ...
Copy the code

3. Set the CLI on the client

All subsequent Settings, unless otherwise specified, are performed on the macOS local terminal.

Podman remote connection depends on SSH, so you need to set up a secret login, and create a secret key file:

$ ssh-keygen -t rsa   # All the way back to the end
Copy the code

Add the local public key ~/.ssh/id_rsa.pub to the /root/.ssh/authorized_keys file on the VM.

Install Podman CLI:

$ brew install podman
Copy the code

Adding a remote connection:

$podman system connection add ubuntu - identity ~ /. SSH/id_rsa SSH: / / [email protected] / run/podman/podman. The sockCopy the code

To view established connections:

$ podman system connection list Name Identity URI podman* /Users/Ryan/.ssh/id_rsa SSH: / / [email protected]:22 / run/podman/podman. The sockCopy the code

Since this is the first connection, it is set directly as the default connection (podman adds an * after it).

Test whether remote connection is available:

$ podman ps
CONTAINER ID  IMAGE   COMMAND  CREATED  STATUS  PORTS   NAMES

$ podman pull nginx:alpine
Trying to pull docker.io/library/nginx:alpine...
Getting image sourcesignatures Copying blob sha256:188c0c94c7c576fff0792aca7ec73d67a2f7f4cb3a6e53a84559337260b36964 Copying blob sha256:9dd8e8e549988a3e2c521f27f805b7a03d909d185bb01cdb4a4029e5a6702919 Copying blob sha256:85defa007a8b33f817a5113210cca4aca6681b721d4b44dc94928c265959d7d5 Copying blob sha256:f2dc206a393cd74df3fea6d4c1d3cefe209979e8dbcceb4893ec9eadcc10bc14 Copying blob sha256:0ca72de6f95718a4bd36e45f03fffa98e53819be7e75cb8cd1bcb0705b845939 Copying config sha256:e5dcd7aa4b5e5d2df8152b9e58aba32a05edd9b269816f5d8b7ced535743d16c Writing manifest to image destination Storing signatures e5dcd7aa4b5e5d2df8152b9e58aba32a05edd9b269816f5d8b7ced535743d16c $ podman image ls REPOSITORY TAG IMAGE ID CREATED SIZE Docker. IO/Library/Nginx Alpine e5dcd7aa4b5e 2 days ago 23.3 MBCopy the code

Now we can have fun with podman right here!

If you have more than one connection, you can specify the remote connection using the –connection parameter, or use podman System Connection default

to set the default remote connection.

Finally, let’s look at hyperKit’s memory footprint:

Physical memory only takes up 921MB. If you think this is a lot of memory, compare it to the Memory usage of Docker Desktop.

conclusion

This article introduces how to use Podman in macOS. Create an Ubuntu VIRTUAL machine to run Podman through HyperKit and set up the Podman Socket. Then the client connects to the server Socket through SSH. To manage containers over remote connections.