Skip to content

Instantly share code, notes, and snippets.

@snambi

snambi/podman-setup.md

Last active July 9, 2023 18:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save snambi/3f1a22bbf9b030f2b1745ae61e4474b3 to your computer and use it in GitHub Desktop.
Save snambi/3f1a22bbf9b030f2b1745ae61e4474b3 to your computer and use it in GitHub Desktop.
Download ZIP
Podman Volume setup
Raw
podman-setup.md

Podman

Rootless Podman setup with volume.

create podman machine

❯ podman machine init --cpus=4 --memory=4096 -v /Users/snambi/.secrets:/mnt/secrets
Downloading VM image: fedora-coreos-38.20230514.2.0-qemu.aarch64.qcow2.xz: done
Extracting compressed file
Image resized.
Machine init complete
To start your machine run:

	podman machine start

start podman machine

❯ podman machine start
Starting machine "podman-machine-default"
Waiting for VM ...
Mounting volume... /Users/snambi/.secrets:/mnt/secrets

This machine is currently configured in rootless mode. If your containers
require root permissions (e.g. ports < 1024), or if you run into compatibility
issues with non-podman clients, you can switch using the following command:

	podman machine set --rootful

API forwarding listening on: /var/run/docker.sock
Docker API clients default to this address. You do not need to set DOCKER_HOST.

Machine "podman-machine-default" started successfully

Configure MongoDB to accept connections from the container

In Mac OS X, do the following,

❯ cat /opt/homebrew/etc/mongod.conf
systemLog:
  destination: file
  path: /opt/homebrew/var/log/mongodb/mongo.log
  logAppend: true
storage:
  dbPath: /opt/homebrew/var/mongodb
net:
  bindIp: 127.0.0.1, ::1
  ipv6: true

# change the bindId to accept connections from all interfaces.
# After change it should look like below
❯ cat /opt/homebrew/etc/mongod.conf
systemLog:
  destination: file
  path: /opt/homebrew/var/log/mongodb/mongo.log
  logAppend: true
storage:
  dbPath: /opt/homebrew/var/mongodb
net:
  bindIp: 0.0.0.0, ::1
  ipv6: true
  
 # restart mongodo
 brew services restart mongodb-community

Open firewall on the Host

This is optional

Run the container

## First get the host ipaddress
$ifconfig en0 inet
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
	inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255

## Run the container using the inet address	
podman run -it  --volume /mnt/secrets:/run/secrets  --add-host=host:10.0.0.24  -e SPRING_PROFILES_ACTIVE=podman -p 8080:8080  lucidmotors.com/cpq/shortcode-svc:1.0

The above commands will do the following,

  • Mount the secrets from user's laptop to the podman host
  • Then, mount the secrets from podman host to the container
  • Add the host ip address to container /etc/hosts, so that the app can connect to host services
  • Config mongo to accept remote connections from all interfactes
  • expose container port 8080 to the host port 8080
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment