Podman

鲁永福
2023-12-01

Podman

简介

Podman是一个无守护进程的开源 Linux 原生工具,旨在使用开放容器倡议 ( OCI )容器容器映像轻松查找、运行、构建、共享和部署应用程序。Podman 提供了任何使用过 Docker容器引擎的人都熟悉的命令行界面 (CLI) 。大多数用户可以简单地将 Docker 别名为 Podman(别名 docker=podman),没有任何问题。与其他常见的容器引擎(Docker、CRI-O、containerd)类似,Podman 依赖于符合 OCI 的容器运行时(runc、crun、runv 等)与操作系统交互并创建正在运行的容器。这使得 Podman 创建的运行容器与任何其他常见容器引擎创建的容器几乎没有区别。

Podman 控制下的容器可以由 root 或非特权用户运行。Podman 使用libpod库管理整个容器生态系统,包括 pod、容器、容器镜像和容器卷。Podman 专注于帮助您维护和修改 OCI 容器映像的所有命令和功能,例如拉取和标记。它允许您在生产环境中创建、运行和维护这些容器和容器映像。

Podman 服务仅运行在 Linux 平台上,但 Podman 远程 REST API 客户端存在于 Mac 和 Windows 平台上,并且可以通过 ssh 与运行在 Linux 机器或 VM 上的 Podman 服务进行通信。

docker是一个容器引擎,podman也是一个容器引擎

Podman安装

[root@localhost ~]# dnf -y install podman
CentOS Stream 8 - Extras                                                                                                                                      11 kB/s |  16 kB     00:01    
依赖关系解决。
=============================================================================================================================================================================================
 软件包                                               架构                           版本                                                            仓库                               大小
=============================================================================================================================================================================================
安装:
 podman                                               x86_64                         1:3.4.1-3.module_el8.6.0+954+963caf36                           appstream                          12 M
·····省略部分·····
已升级:
  libsemanage-2.9-6.el8.x86_64                                                               policycoreutils-2.9-17.el8.x86_64                                                              

已安装:
  checkpolicy-2.9-1.el8.x86_64                                                               conmon-2:2.0.30-1.module_el8.6.0+944+d413f95e.x86_64                                            
  container-selinux-2:2.170.0-1.module_el8.6.0+954+963caf36.noarch                           containernetworking-plugins-1.0.1-1.module_el8.6.0+944+d413f95e.x86_64                                                        
  python3-libsemanage-2.9-6.el8.x86_64                                                       python3-policycoreutils-2.9-17.el8.noarch                                                       
  python3-setools-4.3.0-3.el8.x86_64                                                         runc-1.0.2-1.module_el8.6.0+926+8bef8ae7.x86_64                                                 
  slirp4netns-1.1.8-1.module_el8.6.0+926+8bef8ae7.x86_64                                    

完毕!
[root@localhost ~]# which  podman
/usr/bin/podman

普通用户使用podman的方式

在允许没有root特权的用户运行podman之前,管理员必须需要安装或构件podman并完成以下配置

cgroup V2Linux内核功能允许用户限制普通用户容器可以使用的资源,如果使用cgroup V2启用了运行Podman的Linux发行版,则可能需要更改默认的OCI运行时。某些较旧的版本runc不适用于cgroup V2,必须切换到备用OCI运行时crun。

[root@localhost ~]# yum -y install crun
[root@localhost ~]# rpm -qa|grep crun
crun-1.2-1.module_el8.6.0+954+963caf36.x86_64

可以使用–runtime选项在命令行中打开对cgroup V2的替代OCI运行时支持或者修改containers.conf文件

podman --runtime crun

修改containers.conf文件

[root@localhost ~]# vim /usr/share/containers/containers.conf
# Default OCI runtime
#
#runtime = "crun"
runtime = "crun"

安装slirp4netns

slirp4nets包为普通用户提供一种网络模式,在普通用户环境中使用Podman时,建议使用fuse-overlayfs而不是VFS文件系统,至少需要版本0.7.6以上的才能使用

[root@localhost ~]# dnf -y install slirp4netns fuse-overlayfs    ##安装slirp4netns
[root@localhost ~]# rpm -qa|grep slirp4netns  
slirp4netns-1.1.8-1.module_el8.6.0+926+8bef8ae7.x86_64
[root@localhost ~]# rpm -qa|grep  fuse-overlayfs
fuse-overlayfs-1.7.1-1.module_el8.6.0+926+8bef8ae7.x86_64

配置storage.conf文件

[root@localhost ~]# vim /etc/containers/storage.conf
····省略部分···
# Default Storage Driver, Must be set for proper operation.
driver = "overlay"

····省略部分···
# Path to an helper program to use for mounting the file system instead of mounting it
# directly.
mount_program = "/usr/bin/fuse-overlayfs"    #取消注释
····省略部分···

用户的配置文件

三个主要的配置文件是container.conf,storage.conf和registries.conf。用户可以根据需要修改这些文件。

container.conf

Podman读取时,按照循序来了,当前面一位找不到时,就去找下一个

1./usr/share/containers/containers.conf
2./etc/containers/containers.conf
3.$HOME/.config/containers/containers.conf

storage.conf

对于storge.conf则是

1./etc/containers/storage.conf
2.$HOME/.config/containers/storage.conf

在普通用户中/etc/containers/storage.conf的一些字段将被忽略

graphroot=``""`` ``container storage graph ``dir` `(default: ``"/var/lib/containers/storage"``)`` ``Default directory to store all writable content created by container storage programs.` `runroot=``""`` ``container storage run ``dir` `(default: ``"/run/containers/storage"``)`` ``Default directory to store all temporary writable content created by container storage programs.

在普通用户中这些字段默认

graphroot=``"$HOME/.local/share/containers/storage"``runroot=``"$XDG_RUNTIME_DIR/containers"

registries.conf

配置按此顺序读入,这些文件不是默认创建的,可以从/usr/share/containers或复制文件/etc/containers并进行修改。

1./etc/containers/registries.conf
2./etc/containers/registries.d/*
3.HOME/.config/containers/registries.conf

授权文件

podman login 登录,默认授权文件位于中/run/user/0//containers/auth.json

[root@localhost ~]# podman login docker.io
Username: best2001
Password: 
Login Succeeded!
[root@localhost ~]# cat /run/user/0/containers/auth.json 
{
        "auths": {
                "docker.io": {
                        "auth": "YmVzdDIwMDE6bGl1cWlhbmcyMDAxNzI="
                }
        }
}

启用用户命名空间

文件中指定了系统上允许的用户名称空间的数量/proc/sys/user/max_user_namespaces。在大多数Linux平台上,这是默认设置的,无需调整。然而,在RHEL7机,具有根特权的用户可能需要通过使用该命令,为了设置为合理值:Ⅰsysctl

/etc/subuid和/etc/subgid配置

podman要求运行它的用户在/etc/subuid和/etc/subgid文件中列出一系列UID,shadow-utils或newuid包需要提供这些文件

[root@localhost ~]# rpm -qa| grep shadow-util
shadow-utils-4.6-12.el8.x86_64

对于将被允许创建容器,更新每一个用户/etc/subuid,并/etc/subgid 与看起来像以下字段用户。请注意,每个用户的值必须是唯一的。如果存在重叠,用户就有可能使用另一个用户的命名空间,并且他们可能会破坏它。

[root@localhost ~]# useradd test
[root@localhost ~]# cat /etc/subuid
test:100000:65536
[root@localhost ~]# cat /etc/subgid
test:100000:65536

该文件的格式为USERNAME:UID:RANGE

  • 在/etc/passwd或个体pwent中列出用户名
  • 为用户分配的初始UID
  • 为用户分配的UID范围的大小

Podman常用命令

镜像命令

podman pull 镜像名称 (下载镜像)
[root@localhost ~]# podman pull nginx
✔ docker.io/library/nginx:latest
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob e5ae68f74026 skipped: already exists  
Copying blob 44be98c0fab6 done  
Copying blob ed835de16acd done  
Copying blob 881ff011f1c9 done  
Copying blob 21e0df283cd6 done  
Copying blob 77700c52c969 done  
Copying config f652ca386e done  
Writing manifest to image destination
Storing signatures
f652ca386ed135a4cbe356333e08ef0816f81b2ac8d0619af01e2b256837ed3e
podman images (查看本名所存在的镜像)
[root@localhost ~]# podman images
REPOSITORY               TAG         IMAGE ID      CREATED      SIZE
docker.io/library/nginx  latest      f652ca386ed1  11 days ago  146 MB

# 解释
REPOSITORY  镜像的仓库源
TAG         镜像的标签
IMAGE ID    镜像的id
CREATED     镜像的创建时间

# 可选项
	-a, --all      # 列出所有的镜像
	-q, --quiet    # 只显示镜像的id
podman search 镜像名称 (搜索镜像)
[root@localhost ~]# podman search nginx
INDEX              NAME                                                          DESCRIPTION              
                        STARS       OFFICIAL    AUTOMATED
fedoraproject.org  registry.fedoraproject.org/f29/nginx                                                   
                        0                       
fedoraproject.org  registry.fedoraproject.org/f29/origin-nginx-router                                     
                        0                       
redhat.com         registry.access.redhat.com/ubi8/nginx-118                     Platform for running ngin
x 1.18 or building ...  0                       
redhat.com         registry.access.redhat.com/ubi8/nginx-120                     Platform for running ngin
x 1.20 or building ...  0                       
redhat.com         registry.access.redhat.com/rhscl/nginx-18-rhel7               Nginx 1.8 server and a re
verse proxy server      0                       

## 可选项
--filter , -f		根据所提供的条件过滤输出


# 选择starts 大于等于10000的镜像源
[root@localhost ~]# podman search nginx -f=stars=10000
INDEX       NAME                     DESCRIPTION               STARS       OFFICIAL    AUTOMATED
docker.io   docker.io/library/nginx  Official build of Nginx.  15928       [OK] 
podman rmi 镜像名称 (删除镜像)
[root@localhost ~]# podman images
REPOSITORY               TAG         IMAGE ID      CREATED      SIZE
docker.io/library/nginx  latest      f652ca386ed1  11 days ago  146 MB
[root@localhost ~]# podman rmi f652ca386ed1
Untagged: docker.io/library/nginx:latest
Deleted: f652ca386ed135a4cbe356333e08ef0816f81b2ac8d0619af01e2b256837ed3e
[root@localhost ~]# podman images
REPOSITORY  TAG         IMAGE ID    CREATED     SIZE

容器命令

podman run (运行容器)
[root@localhost ~]# podman images
REPOSITORY               TAG         IMAGE ID      CREATED      SIZE
docker.io/library/nginx  latest      f652ca386ed1  11 days ago  146 MB
[root@localhost ~]# podman run -d --name nginx docker.io/library/nginx 
da75a09a0ad6567f563173d0425f39e7aad52e1e559f3d32a67c5d4578146131
[root@localhost ~]# podman ps 
CONTAINER ID  IMAGE                           COMMAND               CREATED        STATUS            PORTS       NAMES
da75a09a0ad6  docker.io/library/nginx:latest  nginx -g daemon o...  3 seconds ago  Up 3 seconds ago              nginx


# 参数说明
--name = "Name"    容器名字  tomcat01,tomcat02,用来区分容器
-d                 后台方式运行
-it                使用交互方式运行,进入容器查看区分
-p                 指定容器的端口 -p 8080:8080
-P                 随机指定端口
podman rm 容器名称或容器id (删除容器)
[root@localhost ~]# podman ps 
CONTAINER ID  IMAGE                           COMMAND               CREATED        STATUS            PORTS       NAMES
da75a09a0ad6  docker.io/library/nginx:latest  nginx -g daemon o...  3 seconds ago  Up 3 seconds ago              nginx

[root@localhost ~]# podman rm nginx 
da75a09a0ad6567f563173d0425f39e7aad52e1e559f3d32a67c5d4578146131

[root@localhost ~]# podman ps
CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES
[root@localhost ~]# 
启动和停止容器
[root@localhost ~]# podman ps
CONTAINER ID  IMAGE                           COMMAND               CREATED         STATUS             PORTS       NAMES
4a3232d5c200  docker.io/library/nginx:latest  nginx -g daemon o...  11 seconds ago  Up 11 seconds ago              nginx
[root@localhost ~]# podman stop nginx   ##停止容器
nginx
[root@localhost ~]# podman ps
CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES

[root@localhost ~]# podman start nginx   ##启动容器
nginx
[root@localhost ~]# podman ps
CONTAINER ID  IMAGE                           COMMAND               CREATED         STATUS            PORTS       NAMES
4a3232d5c200  docker.io/library/nginx:latest  nginx -g daemon o...  29 seconds ago  Up 2 seconds ago              nginx

[root@localhost ~]# podman restart nginx    ##重启容器
4a3232d5c200c4fe5333a1ed08dfaeb48df8dea5090cf67756fa130eca1ea8f6
podman logs 容器id或容器名称 (查看日志)
[root@localhost ~]# podman logs 4a3232d5c200
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/12/14 08:46:20 [notice] 1#1: using the "epoll" event method
2021/12/14 08:46:20 [notice] 1#1: nginx/1.21.4
2021/12/14 08:46:20 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 
2021/12/14 08:46:20 [notice] 1#1: OS: Linux 4.18.0-257.el8.x86_64

[root@localhost ~]# podman logs --tail 3 4a3232d5c200   ##显示最新三条日志信息
2021/12/14 08:47:27 [notice] 1#1: start worker process 20
2021/12/14 08:47:27 [notice] 1#1: start worker process 21
2021/12/14 08:47:27 [notice] 1#1: start worker process 22
10.88.0.1 - - [14/Dec/2021:08:56:48 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.61.1" "-"
podman inspect 容器id或容器名称 (查看容器详情数据)
[root@localhost ~]# podman inspect nginx
[
    {
        "Id": "4a3232d5c200c4fe5333a1ed08dfaeb48df8dea5090cf67756fa130eca1ea8f6",
        "Created": "2021-12-14T03:46:19.950375769-05:00",
        "Path": "/docker-entrypoint.sh",
        "Args": [
            "nginx",
            "-g",
            "daemon off;"
····省略部分·····
podman exec -it 容器id或容器名称 (进入容器)
[root@localhost ~]# podman ps
CONTAINER ID  IMAGE                           COMMAND               CREATED         STATUS             PORTS       NAMES
4a3232d5c200  docker.io/library/nginx:latest  nginx -g daemon o...  24 minutes ago  Up 23 minutes ago              nginx
[root@localhost ~]# podman exec -it nginx /bin/sh
# ls
bin   dev                  docker-entrypoint.sh  home  lib64  mnt  proc  run   srv  tmp  var
boot  docker-entrypoint.d  etc                   lib   media  opt  root  sbin  sys  usr
podman inspect -l (查看最新的容器信息)
[root@localhost ~]# podman inspect -l
[
    {
        "Id": "dadf17c00466a872422a869ea1f4b34ce20da8597963dd5afe56d0cea4a491aa",
        "Created": "2021-12-14T03:53:34.088900291-05:00",
        "Path": "/bin/bash",
        "Args": [
            "/bin/bash"
        ],
        "State": {
            "OciVersion": "1.0.2-dev",
            "Status": "exited",
            "Running": false,
            "Paused": false,
            "Restarting": false,
·····省略部分······

podman容器开机自启(root用户与普通用户)

root用户

运行容器
[root@localhost ~]# podman run -d -p 80:80 --name nginx f652ca386ed1
b444383f36708ac37dd818cf1d37f3e7268194cf13c30322a75bb773f0a15d61
[root@localhost ~]# podman ps
CONTAINER ID  IMAGE                           COMMAND               CREATED        STATUS            PORTS               NAMES
b444383f3670  docker.io/library/nginx:latest  nginx -g daemon o...  6 seconds ago  Up 6 seconds ago  0.0.0.0:80->80/tcp  nginx
配置启动文件
[root@localhost bin]# vim /etc/systemd/system/nginx_conteainer.service
[root@localhost bin]# cat /etc/systemd/system/nginx_conteainer.service
[Unit]
Description=Podman Nginx Service
After=network.target
After=network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/podman start -a nginx
ExecStop=/usr/bin/podman stop -t 10 nginx
Restart=always

[Install]
WantedBy=multi-user.target
重新加载并启动查看
[root@localhost bin]# systemctl daemon-reload 
[root@localhost bin]# systemctl enable --now nginx_conteainer.service 
Created symlink /etc/systemd/system/multi-user.target.wants/nginx_conteainer.service → /etc/systemd/system/nginx_conteainer.service.
[root@localhost bin]# systemctl status nginx_conteainer.service 
● nginx_conteainer.service - Podman Nginx Service
   Loaded: loaded (/etc/systemd/system/nginx_conteainer.service; enabled; vendor >
   Active: active (running) since Wed 2021-12-15 02:53:26 EST; 9s ago
 Main PID: 38185 (podman)
    Tasks: 9 (limit: 4743)
   Memory: 41.2M
   CGroup: /system.slice/nginx_conteainer.service
           └─38185 /usr/bin/podman start -a nginx

12月 15 02:53:26 localhost.localdomain systemd[1]: Started Podman Nginx Service.

普通用户

切换用户
[root@localhost ~]# id test
uid=1000(test) gid=1000(test) 组=1000(test)
[root@localhost ~]# su - test
上一次登录:三 12月 15 02:58:37 EST 2021pts/0 上
启动容器
[test@localhost ~]$ podman images
REPOSITORY               TAG         IMAGE ID      CREATED      SIZE
docker.io/library/nginx  latest      f652ca386ed1  12 days ago  146 MB
[test@localhost ~]$ podman run -d --name nginx f652ca386ed1
4ceeb68d0e986bc604dc5d649d631703a82a8017102f19f80bb04dff4bb0bfd7
[test@localhost ~]$ podman ps
CONTAINER ID  IMAGE                           COMMAND               CREATED        STATUS            PORTS       NAMES
4ceeb68d0e98  docker.io/library/nginx:latest  nginx -g daemon o...  9 seconds ago  Up 9 seconds ago              nginx
生成启动配置文件
[test@localhost ~]$ mkdir -p .config/systemd/user
[test@localhost ~]$ cd .config/systemd/user/
[test@localhost user]$ podman generate  systemd --files --name nginx
/home/test/.config/systemd/user/container-nginx.service
[test@localhost user]$ cat /home/test/.config/systemd/user/container-nginx.service
# container-nginx.service
# autogenerated by Podman 3.4.1-dev
# Wed Dec 15 03:02:57 EST 2021

[Unit]
Description=Podman container-nginx.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=/tmp/podman-run-1000/containers

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start nginx
ExecStop=/usr/bin/podman stop -t 10 nginx
ExecStopPost=/usr/bin/podman stop -t 10 nginx
PIDFile=/tmp/podman-run-1000/containers/overlay-containers/4ceeb68d0e986bc604dc5d649d631703a82a8017102f19f80bb04dff4bb0bfd7/userdata/conmon.pid
Type=forking

[Install]
WantedBy=multi-user.target default.target
远程连接test用户
[root@localhost ~]# ssh test@localhost
test@localhost's password: 
Last login: Wed Dec 15 03:07:58 2021 from ::1
设置开机自启
[test@localhost ~]$ systemctl --user enable --now container-nginx.service 
Created symlink /home/test/.config/systemd/user/multi-user.target.wants/container-nginx.service → /home/test/.config/systemd/user/container-nginx.service.
Created symlink /home/test/.config/systemd/user/default.target.wants/container-nginx.service → /home/test/.config/systemd/user/container-nginx.service.

[test@localhost ~]$ systemctl --user status container-nginx.service
● container-nginx.service - Podman container-nginx.service
   Loaded: loaded (/home/test/.config/systemd/user/container-nginx.service; enabl>
   Active: active (running) since Wed 2021-12-15 03:12:33 EST; 33s ago
     Docs: man:podman-generate-systemd(1)
  Process: 4785 ExecStart=/usr/bin/podman start nginx (code=exited, status=0/SUCC>
 Main PID: 4896 (conmon)
   CGroup: /user.slice/user-1000.slice/user@1000.service/container-nginx.service
           ├─4888 /usr/bin/slirp4netns --disable-host-loopback --mtu=65520 --enab>
           ├─4889 /usr/bin/fuse-overlayfs -o ,lowerdir=/home/test/.local/share/co>
           ├─4896 /usr/bin/conmon --api-version 1 -c 4ceeb68d0e986bc604dc5d649d63>
           ├─4899 nginx: master process nginx -g daemon off;
           ├─4955 nginx: worker process
           ├─4956 nginx: worker process
           ├─4957 nginx: worker process
           └─4958 nginx: worker process

podman网络

指定网络运行容器

创建podman网络
# 创建cni-podman2网络
[root@localhost ~]# podman network create cni-podman2
/etc/cni/net.d/cni-podman2.conflist

# --subnet指定subnet创建网络
## podman network create --sunet 网段 创建的网络名
[root@localhost ~]# podman network create --subnet 192.6.0.0/16 newnet
/etc/cni/net.d/newnet.conflist

# --gateway 指定网关
## podman network create --subnet 网段 --gateway 网关地址 newnet1
[root@localhost ~]# podman network create --subnet 192.168.33.0/24 --gateway 192.168.33.3 newnet1 
/etc/cni/net.d/newnet1.conflist

# --ip-range 指定ip起始地址
[root@localhost ~]# podman network create --subnet 192.168.55.0/24 --ip-range 192.168.55.128/25 newnet2
/etc/cni/net.d/newnet2.conflist

#查看网络
[root@localhost ~]# podman network ls
NETWORK ID    NAME         VERSION     PLUGINS
2f259bab93aa  podman       0.4.0       bridge,portmap,firewall,tuning
603e960751dc  cni-podman2  0.4.0       bridge,portmap,firewall,tuning
884e74728f04  newnet       0.4.0       bridge,portmap,firewall,tuning
45b3499a170b  newnet1      0.4.0       bridge,portmap,firewall,tuning
31213d4efd11  newnet2      0.4.0       bridge,portmap,firewall,tuning
使用创建的网络运行容器
# podman run --name 容器名 --network 网络名称 镜像名
[root@localhost ~]# podman run -d --name nginx --network cni-podman2 nginx:latest 
c69f0c65dace38250b5b244d7f2650a78cf93446ae3383afd959312db5f6df82
查看该容器的网络IP
[root@localhost ~]# podman ps
CONTAINER ID  IMAGE                           COMMAND               CREATED             STATUS                 PORTS       NAMES
[root@localhost ~]# podman inspect nginx |grep  IP    
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
                    "IPAddress": "10.89.0.5",
                    "IPPrefixLen": 24,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "IPAMConfig": null,

podman网络管理

启动一个容器后,会出现cni-poman0网卡,容器启动时,默认会连接podman网络

[root@localhost ~]# ip a show cni-podman0
3: cni-podman0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether de:ad:ca:93:bd:4c brd ff:ff:ff:ff:ff:ff
    inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
       valid_lft forever preferred_lft forever
    inet6 fe80::dcad:caff:fe93:bd4c/64 scope link 
       valid_lft forever preferred_lft forever
ls 查看容器网路
[root@localhost ~]# podman network ls
NETWORK ID    NAME         VERSION     PLUGINS
2f259bab93aa  podman       0.4.0       bridge,portmap,firewall,tuning
603e960751dc  cni-podman2  0.4.0       bridge,portmap,firewall,tuning
disconnect 断开网络
[root@localhost ~]# podman network disconnect cni-podman2 nginx
reload 重启容器网络
[root@localhost ~]# podman network reload  nginx2
e922ba3fc8bfade7f9f40d9650d83630bbf43ad5b58cca0dd395e4e58ab122e5
rm 删除podman网络
[root@localhost ~]# podman network ls
NETWORK ID    NAME         VERSION     PLUGINS
2f259bab93aa  podman       0.4.0       bridge,portmap,firewall,tuning
603e960751dc  cni-podman2  0.4.0       bridge,portmap,firewall,tuning
884e74728f04  newnet       0.4.0       bridge,portmap,firewall,tuning
45b3499a170b  newnet1      0.4.0       bridge,portmap,firewall,tuning
31213d4efd11  newnet2      0.4.0       bridge,portmap,firewall,tuning
[root@localhost ~]# podman network rm newnet2
newnet2
[root@localhost ~]# podman network ls
NETWORK ID    NAME         VERSION     PLUGINS
2f259bab93aa  podman       0.4.0       bridge,portmap,firewall,tuning
603e960751dc  cni-podman2  0.4.0       bridge,portmap,firewall,tuning
884e74728f04  newnet       0.4.0       bridge,portmap,firewall,tuning
45b3499a170b  newnet1      0.4.0       bridge,portmap,firewall,tuning

 类似资料: