Rootless Podman setup with volume.
❯ podman machine init --cpus=4 --memory=4096 -v /Users/snambi/.secrets:/mnt/secrets
Downloading VM image: fedora-coreos-38.20230514.2.0-qemu.aarch64.qcow2.xz: done
Extracting compressed file
Image resized.
Machine init complete
To start your machine run:
podman machine start
❯ podman machine start
Starting machine "podman-machine-default"
Waiting for VM ...
Mounting volume... /Users/snambi/.secrets:/mnt/secrets
This machine is currently configured in rootless mode. If your containers
require root permissions (e.g. ports < 1024), or if you run into compatibility
issues with non-podman clients, you can switch using the following command:
podman machine set --rootful
API forwarding listening on: /var/run/docker.sock
Docker API clients default to this address. You do not need to set DOCKER_HOST.
Machine "podman-machine-default" started successfully
In Mac OS X, do the following,
❯ cat /opt/homebrew/etc/mongod.conf
systemLog:
destination: file
path: /opt/homebrew/var/log/mongodb/mongo.log
logAppend: true
storage:
dbPath: /opt/homebrew/var/mongodb
net:
bindIp: 127.0.0.1, ::1
ipv6: true
# change the bindId to accept connections from all interfaces.
# After change it should look like below
❯ cat /opt/homebrew/etc/mongod.conf
systemLog:
destination: file
path: /opt/homebrew/var/log/mongodb/mongo.log
logAppend: true
storage:
dbPath: /opt/homebrew/var/mongodb
net:
bindIp: 0.0.0.0, ::1
ipv6: true
# restart mongodo
brew services restart mongodb-community
This is optional
## First get the host ipaddress
$ifconfig en0 inet
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255
## Run the container using the inet address
podman run -it --volume /mnt/secrets:/run/secrets --add-host=host:10.0.0.24 -e SPRING_PROFILES_ACTIVE=podman -p 8080:8080 lucidmotors.com/cpq/shortcode-svc:1.0
The above commands will do the following,
- Mount the secrets from user's laptop to the podman host
- Then, mount the secrets from podman host to the container
- Add the host ip address to container /etc/hosts, so that the app can connect to host services
- Config mongo to accept remote connections from all interfactes
- expose container port 8080 to the host port 8080