Podman in action : secure, rootless containers for Kubernetes, microservices, and more

Podman in action secure, rootless containers for Kubernetes, microservices, and more

It's time to upgrade your container engine! The Podman container manager delivers flexible image layer control, seamless Kubernetes compatibility, and rootless containers that can be created, run, and managed by users without admin rights. Plus, its OCI-compliant support for the Cocker API le...

Descripción completa

Detalles Bibliográficos
Otros Autores: Walsh, Daniel, author (author)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Shelter Island, New York : Manning Publications Co [2023]
Materias:
Application software > Development.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009724836806719
Tabla de Contenidos:
  • Intro
  • Inside front cover
  • Podman in Action
  • Copyright
  • dedication
  • brief contents
  • contents
  • front matter
  • preface
  • acknowledgments
  • about this book
  • Who should read this book?
  • How this book is organized: A roadmap
  • liveBook discussion forum
  • Author online
  • about the author
  • about the cover illustration
  • Part 1. Foundations
  • 1 Podman: A next-generation container engine
  • 1.1 About all these terms
  • 1.2 A brief overview of containers
  • 1.2.1 Container images: A new way to ship software
  • 1.2.2 Container images lead to microservices
  • 1.2.3 Container image format
  • 1.2.4 Container standards
  • 1.3 Why use Podman when you have Docker?
  • 1.3.1 Why have only one way to run containers?
  • 1.3.2 Rootless containers
  • 1.3.3 Fork/exec model
  • 1.3.4 Podman is daemonless
  • 1.3.5 User-friendly command line
  • 1.3.6 Support for REST API
  • 1.3.7 Integration with systemd
  • 1.3.8 Pods
  • 1.3.9 Customizable registries
  • 1.3.10 Multiple transports
  • 1.3.11 Complete customizability
  • 1.3.12 User-namespace support
  • 1.4 When not to use Podman
  • Summary
  • 2 Command line
  • 2.1 Working with containers
  • 2.1.1 Exploring containers
  • 2.1.2 Running the containerized application
  • 2.1.3 Stopping containers
  • 2.1.4 Starting containers
  • 2.1.5 Listing containers
  • 2.1.6 Inspecting containers
  • 2.1.7 Removing containers
  • 2.1.8 exec-ing into a container
  • 2.1.9 Creating an image from a container
  • 2.2 Working with container images
  • 2.2.1 Differences between a container and an image
  • 2.2.2 Listing images
  • 2.2.3 Inspecting images
  • 2.2.4 Pushing images
  • 2.2.5 podman login: Logging into a container registry
  • 2.2.6 Tagging images
  • 2.2.7 Removing images
  • 2.2.8 Pulling images
  • 2.2.9 Searching for images
  • 2.2.10 Mounting images
  • 2.3 Building images
  • 2.3.1 Format of a Containerfile or Dockerfile.
  • 2.3.2 Automating the building of our application
  • Summary
  • 3 Volumes
  • 3.1 Using volumes with containers
  • 3.1.1 Named volumes
  • 3.1.2 Volume mount options
  • 3.1.3 podman run - -mount command option
  • Summary
  • 4 Pods
  • 4.1 Running pods
  • 4.2 Creating a pod
  • 4.3 Adding a container to a pod
  • 4.4 Starting a pod
  • 4.5 Stopping a pod
  • 4.6 Listing pods
  • 4.7 Removing pods
  • Summary
  • Part 2. Design
  • 5 Customization and configuration files
  • 5.1 Configuration files for storage
  • 5.1.1 Storage location
  • 5.1.2 Storage drivers
  • 5.2 Configuration files for registries
  • 5.2.1 registries.conf
  • 5.3 Configuration files for engines
  • 5.4 System configuration files
  • Summary
  • 6 Rootless containers
  • 6.1 How does rootless Podman work?
  • 6.1.1 Images contain content owned by multiple user identifiers (UIDs)
  • 6.2 Rootless Podman under the covers
  • 6.2.1 Pulling the image
  • 6.2.2 Creating a container
  • 6.2.3 Setting up the network
  • 6.2.4 Starting the container monitor: conmon
  • 6.2.5 Launching the OCI runtime
  • 6.2.6 The containerized application runs until completion
  • Summary
  • Part 3. Advanced topics
  • 7 Integration with systemd
  • 7.1 Running systemd within a container
  • 7.1.1 Containerized systemd requirements
  • 7.1.2 Podman container in systemd mode
  • 7.1.3 Running an Apache service within a systemd container
  • 7.2 Journald for logging and events
  • 7.2.1 Log driver
  • 7.2.2 Events
  • 7.3 Starting containers at boot
  • 7.3.1 Restarting containers
  • 7.3.2 Podman containers as systemd services
  • 7.3.3 Distributing systemd unit files to manage Podman containers
  • 7.3.4 Automatically updating Podman containers
  • 7.4 Running containers in notify unit files
  • 7.5 Rolling back failed containers after update
  • 7.6 Socket-activated Podman containers
  • Summary
  • 8 Working with Kubernetes.
  • 8.1 Kubernetes YAML files
  • 8.2 Generating Kubernetes YAML files with Podman
  • 8.3 Generating Podman pods and containers from Kubernetes YAML
  • 8.3.1 Shutting down pods and containers based on a Kubernetes YAML file
  • 8.3.2 Building images using Podman and Kubernetes YAML files
  • 8.4 Running Podman within a container
  • 8.4.1 Running Podman within a Podman container
  • 8.4.2 Running Podman within a Kubernetes pod
  • Summary
  • 9 Podman as a service
  • 9.1 Introducing the Podman service
  • 9.1.1 Systemd services
  • 9.2 Podman-supported APIs
  • 9.3 Python libraries for interacting with Podman
  • 9.3.1 Using docker-py with the Podman API
  • 9.3.2 Using podman-py with the Podman API
  • 9.3.3 Which Python library should you use?
  • 9.4 Using docker-compose with the Podman service
  • 9.5 podman - -remote
  • 9.5.1 Local connections
  • 9.5.2 Remote connections
  • 9.5.3 Setting up SSH on the client machine
  • 9.5.4 Configuring a connection
  • Summary
  • Part 4. Container security
  • 10 Security container isolation
  • 10.1 Read-only Linux kernel pseudo filesystems
  • 10.1.1 Unmasking the masked paths
  • 10.1.2 Masking additional paths
  • 10.2 Linux capabilities
  • 10.2.1 Dropped Linux capabilities
  • 10.2.2 Dropped CAP_SYS_ADMIN
  • 10.2.3 Dropping capabilities
  • 10.2.4 Adding capabilities
  • 10.2.5 No new privileges
  • 10.2.6 Root with no capabilities is still dangerous
  • 10.3 UID isolation: User namespace
  • 10.3.1 Isolating containers using the - -userns=auto flag
  • 10.3.2 User-namespaced Linux capabilities
  • 10.3.3 Rootless Podman with the - -userns=auto flag
  • 10.3.4 User volumes with the - -userns=auto flag
  • 10.4 Process isolation: PID namespace
  • 10.5 Network isolation: Network namespace
  • 10.6 IPC isolation: IPC namespace
  • 10.7 Filesystem isolation: Mount namespace
  • 10.8 Filesystem isolation: SELinux
  • 10.8.1 SELinux type enforcement.
  • 10.8.2 SELinux Multi-Category Security separation
  • 10.9. System call isolation seccomp
  • 10.10 Virtual machine isolation
  • Summary
  • 11 Additional security considerations
  • 11.1 Daemon versus the fork/exec model
  • 11.1.1 Access to the docker.sock
  • 11.1.2 Auditing and logging
  • 11.2 Podman secret handling
  • 11.3 Podman image trust
  • 11.3.1 Podman image signing
  • 11.4 Podman image scanning
  • 11.5.1 Read-only containers
  • 11.5 Security in depth
  • 11.5.1 Podman uses all security mechanisms simultaneously
  • 11.5.2 Where should you run your containers?
  • Summary
  • Appendix A. Podman-related container tools
  • A.1 Skopeo
  • A.2 Buildah
  • A.2.1 Creating a working container from a base image
  • A.2.2 Adding data to a working container
  • A.2.3 Running commands in a working container
  • A.2.4 Adding content to a working container directly from the host
  • A.2.5 Configuring a working container
  • A.2.6 Creating an image from a working container
  • A.2.7 Pushing an image to a container registry
  • A.2.8 Building an image from Containerfiles
  • A.2.9 Buildah as a library
  • A.3 CRI-O: Container Runtime Interface for OCI containers
  • Appendix B. OCI runtimes
  • B.1 runc
  • B.2 crun
  • B.3 Kata
  • B.4 gVisor
  • Appendix C. Getting Podman
  • C.1 Installing Podman
  • C.1.1 macOS
  • C.1.2 Windows
  • C.1.3 Arch Linux and Manjaro Linux
  • C.1.4 CentOS
  • C.1.5 Debian
  • C.1.6 Fedora
  • C.1.7 Fedora-CoreOS, Fedora Silverblue
  • C.1.8 Gentoo
  • C.1.9 OpenEmbedded
  • C.1.10 openSUSE
  • C.1.11 openSUSE Kubic
  • C.1.12 Raspberry Pi OS arm64
  • C.1.13 Red Hat Enterprise Linux
  • C.1.14 Ubuntu
  • C.2 Building from source code
  • C.3 Podman Desktop
  • Summary
  • Appendix D. Contributing to Podman
  • D.1 Joining the community
  • D.2 Podman on github.com
  • Appendix E. Podman on macOS
  • E.1 Using podman machine
  • E.1.1 podman machine init.
  • E.1.2 Podman machine SSH configuration
  • E.1.3 Starting the VM
  • E.1.4 Stopping the VM
  • Summary
  • Appendix F. Podman on Windows
  • F.1 First steps
  • F.1.1 Prerequisites
  • F.1.2 Installing Podman
  • F.2 Using podman machine
  • F.2.1 podman machine init
  • F.2.2 Podman machine SSH configuration
  • F.2.3 Starting the WSL 2 instance
  • F.2.4 Using podman machine commands
  • Summary
  • index.

Ejemplares similares