Podman Cheat Sheet
Podman is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative (OCI) Containers and Container Images.
Key Differences from Dockerā
- Daemonless architecture: Podman interacts directly with Linux container components instead of relying on a continuously running daemon
- Rootless by default: Reduces security risks by not requiring root privileges
- Independent containers: Containers are not spawned as child processes, making them durable and independent
- systemd integration: Better integration with systemd for service management
Most Podman commands are compatible with Docker commands. You can often alias docker to podman for a seamless transition.
Quick Navigationā
- Working with Image Repositories
- Building Images
- Working with Containers
- Container Processes and Resources
- Working with Container Filesystem
- Miscellaneous Commands
- Quick Reference
Working with Image Repositoriesā
List Local Imagesā
Lists all container images stored on your local machine.
podman images [options]
Example:
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/ansible/ansible-runner latest 697a4af2d624 16 hours ago 738 MB
docker.io/library/mysql latest 6126b4587b1b 18 hours ago 525 MB
docker.io/library/redis latest f1b6973564e9 4 weeks ago 116 MB
docker.io/library/nginx latest c316d5a335a5 4 weeks ago 146 MB
Pull an Imageā
Downloads a container image from a remote registry.
podman pull [options] <remote_registry_url>/<username>/<image>:<tag>
Example:
$ podman pull quay.io/ansible/ansible-runner:latest
Push an Imageā
Uploads a container image to a remote registry.
podman push <registry_url>/<username>/<image>:<tag>
Example:
$ podman build -t quay.io/myrepo/customer_container:v1 .
Successfully tagged quay.io/myrepo/customer_container:v1
$ podman push quay.io/myrepo/customer_container:v1
Search for Imagesā
Searches container image registries defined in /etc/containers/registries.conf.
podman search [options] <search_string>
Example:
$ podman search pinger
INDEX NAME STARS OFFICIAL
quay.io quay.io/giantswarm/calico-ipip-pinger 0
docker.io docker.io/hosterping/pinger 0
docker.io docker.io/reselbob/pinger 1
Remove an Imageā
Removes a local image from the local cache. Use -f to force removal.
podman rmi [-f] <image>:<tag>
Example:
$ podman rmi c316d5a335a5
This only removes the image from your local system, not from the remote registry.
Image Historyā
Displays historical information about a container image.
podman history [options] <image>:<tag>
Example:
$ podman history quay.io/openzipkin/zipkin:latest
ID CREATED CREATED BY SIZE
b9fb334d7cd1 2 years ago /busybox/sh -c #(nop) ENTRYPOINT ["/busyb... 0 B
<missing> 2 years ago /busybox/sh -c #(nop) EXPOSE 9410 9411 0 B
<missing> 2 years ago /busybox/sh -c #(nop) USER zipkin 0 B
Registry Loginā
Logs into a remote container image registry.
podman login [options] <image_registry_url>
Example:
$ podman login quay.io
Username: cooluser
Password:
Login Succeeded!
Registry Logoutā
Logs out of the current container registry.
podman logout [options]
Example:
$ podman logout quay.io
Removed login credentials for quay.io
Building Imagesā
Build an Imageā
Builds and tags an image using instructions in a Dockerfile.
podman build [options] <image>:<tag> [-f <Dockerfile>]
Examples:
Using the default Dockerfile in the current directory:
$ podman build -t mynode:v1 .
STEP 1/3: FROM node:latest
STEP 2/3: CMD ["-v"]
STEP 3/3: ENTRYPOINT ["node"]
Successfully tagged localhost/mynode:v1
Using a custom Dockerfile:
$ podman build -t othernode:v1 -f Otherdockerfile
STEP 1/2: FROM node:latest
STEP 2/2: RUN echo "The latest version of Node is installed"
Successfully tagged localhost/othernode:v1
The -f option specifies the Dockerfile location. If omitted, Podman looks for a Dockerfile in the current directory.
Tag an Imageā
Creates a new tag for an existing container image.
podman tag <image>:<tag> <image>:<new_tag>
podman tag <image_uuid> <image>:<new_tag>
Example:
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/mynode v1 a6b028f25b45 14 minutes ago 1.02 GB
$ podman tag a6b028f25b45 mynode:best
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/mynode v1 a6b028f25b45 15 minutes ago 1.02 GB
localhost/mynode best a6b028f25b45 15 minutes ago 1.02 GB
Working with Containersā
Run a Containerā
Runs a container based on a given image. If the image doesn't exist locally, Podman attempts to pull it from the specified remote repository.
podman run [options] <repo>/<image>:<tag>
Common Options:
-d: Run container in detached mode (background)--name: Assign a name to the container-it: Interactive mode with terminal--rm: Automatically remove container when it exits-p: Publish container ports to the host
Examples:
Run in background:
$ podman run -d quay.io/openzipkin/zipkin
ea35aa9eda875dd0c3ea34beb6216cf1148725272f28829ea1d3ba262f9f2ada
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
ea35aa9eda87 quay.io/openzipkin/zipkin:latest 3 min ago Up 3 min laughing_mahavira
Run with custom name:
$ podman run -d --name mywebserver nginx:latest
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
90ac3eb5f5a6 nginx:latest nginx -gā¦ 4 sec ago Up 4 sec mywebserver
Run with auto-removal:
$ podman run --rm quay.io/centos7/nodejs-14-centos7:latest
Run with port mapping:
$ podman run --name mynginx -d -p 8181:80 docker.io/library/nginx
a4b59499314f7c4c6819340ec8e15732cb93c21c131fbd709e09370972fda1b7
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a4b59499314f nginx:latest nginx -gā¦ 8 sec ago Up 7 sec 0.0.0.0:8181->80/tcp mynginx
Run interactively:
$ podman run -it nginx:latest
$ podman run nginx:latest pwd
/
List Containersā
Lists containers on the local system.
podman ps [options]
Example:
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
a4b59499314f docker.io/library/nginx:latest nginx -gā¦ 23 hrs ago Up 22 mins mynginx
569ddc895737 quay.io/openzipkin/zipkin:latest 38 secs ago Exited (143) myzipkin
Use -a flag to show all containers, including stopped ones.
Create a Containerā
Creates a container from an image but does not start it.
podman create [options] <repo/image:tag>
Example:
$ podman create --name myredis quay.io/quay/redis
dcc2491a3d16809c5c7b939e48aa99ded40779cb79140b1b9ae8702561901952
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
dcc2491a3d16 quay.io/quay/redis conf/redis.conf 3 secs ago Created myredis
Start a Containerā
Starts an existing container.
podman start [options] <container>
Example:
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
90ac3eb5f5a6 nginx:latest nginx -gā¦ 21 mins ago Exited (0) 3 seconds ago mywebserver
$ podman start mywebserver
mywebserver
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
90ac3eb5f5a6 nginx:latest nginx -gā¦ 27 mins ago Up 31 seconds ago mywebserver
Stop a Containerā
Gracefully stops a running container.
podman stop [options] <container>
Example:
$ podman stop mywebserver
mywebserver
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
90ac3eb5f5a6 nginx:latest nginx -gā¦ 21 mins ago Exited (0) 3 seconds ago mywebserver
Restart a Containerā
Restarts an existing container.
podman restart [options] <container>
Example:
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
dcc2491a3d16 quay.io/quay/redis conf/redis.conf 22 hrs ago Created myredis
$ podman restart myredis
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
dcc2491a3d16 quay.io/quay/redis conf/redis.conf 22 hrs ago Up 8 seconds ago myredis
Remove a Containerā
Removes a container from the host computer.
podman rm [options] <container>
Example:
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
dcc2491a3d16 quay.io/quay/redis conf/redis.conf 22 hrs ago Up 8 seconds ago myredis
$ podman rm -f myredis
dcc2491a3d16809c5c7b939e48aa99ded40779cb79140b1b9ae8702561901952
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
Use the -f flag to force removal of running containers.
Container Processes and Resourcesā
Inspect a Containerā
Returns metadata describing a running container in JSON format.
podman inspect [options] <container>
Example:
$ podman inspect mynginx | more -10
[
{
"Id": "a4b59499314f7c4c6819340ec8e15732cb93c21c131fbd709e09370972fda1b7",
"Created": "2022-02-24T11:17:00.499462518-08:00",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
--More--
View Container Logsā
Displays the logs of a container.
podman logs [options] <container>
Example:
$ podman logs -t mynginx
2022-02-25T09:37:46.090921000-08:00 /docker-entrypoint.sh: Configuration complete
2022-02-25T09:37:46.361178000-08:00 2022/02/25 17:37:46 [notice] 1#1: nginx/1.21.6
2022-02-25T09:37:46.361434000-08:00 2022/02/25 17:37:46 [notice] 1#1: start worker processes
Use the -t option to display timestamps for each log entry.
View Running Processesā
Displays the running processes of a container.
podman top <container>
Example:
$ podman top mynginx
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.000 29m55.560928305s ? 0s nginx: master process
nginx 23 1 0.000 29m54.561101763s ? 0s nginx: worker process
Execute Commands in Containerā
Executes a command in a running container.
podman exec <container> <command>
Example:
$ podman exec -it myzipkin sh
~ $ ls
BOOT-INF META-INF classpath org run.sh
Use -it flags to open an interactive terminal inside the container.
Attach to a Containerā
Attaches to a running container and views its output or controls it.
podman attach [options] <container>
Example:
$ podman attach myzipkin
Use Ctrl+p followed by Ctrl+q to detach from the container while leaving it running.
View Container Statsā
Displays a live stream of container resource usage statistics.
podman stats [options] [<container>]
Example:
$ sudo podman stats
ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS
153aa53a52b9 rootnginx -- 2.044MB / 8.148GB 0.03% 698B / 2.574kB 8.192kB / 62.46kB 2
f7ac2c719ff7 myredis 0.19% 7.631MB / 8.148GB 0.09% 978B / 7.474kB -- / -- 5
This command must be executed as root and shows only containers running with root privileges.
Pause and Unpause Containersā
Pauses all processes in a specified container.
podman pause [options] [<container>]
Unpauses all processes in a specified container.
podman unpause [options] [<container>]
Example:
$ sudo podman pause rootnginx
153aa53a52b93a480deab0f781d4a2b851ab8559d72c033c875f534af5e282f8
$ sudo podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
153aa53a52b9 quay.io/bitnami/nginx nginx -gā¦ 30 mins ago paused rootnginx
$ sudo podman unpause rootnginx
153aa53a52b93a480deab0f781d4a2b851ab8559d72c033c875f534af5e282f8
These commands can only be run against containers with root privileges.
Wait for Containerā
Waits for a specified container to meet a condition (default: stopped).
podman wait [options] <container>
Example:
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
569ddc895737 quay.io/openzipkin/zipkin:latest 46 mins ago Up 44 mins myzipkin
$ podman wait 569ddc895737
View Port Mappingsā
Lists the port mappings from a container to localhost.
podman port [options] <container>
Example:
$ podman port mynginx
80/tcp -> 0.0.0.0:8181
Commit Container Changesā
Creates a new container image based on the current state of a running container.
podman commit [options] <container> <new_image>:<tag>
Example:
$ podman commit myzipkin yourzipkin:test
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/yourzipkin test 179d9b389a21 21 seconds ago 156 MB
Working with Container Filesystemā
View Filesystem Changesā
Displays all changes caused by a container to the filesystem.
podman diff [options] <container>
Example:
$ podman diff mynginx
C /etc
C /etc/nginx
C /etc/nginx/conf.d
C /etc/nginx/conf.d/default.conf
A /run/nginx.pid
C /var
C /var/cache
C /var/cache/nginx
A /var/cache/nginx/client_temp
Cindicates a changed file or directoryAindicates an added file or directory
Mount Container Filesystemā
Mounts and reports the location of a container's filesystem on the host computer.
podman mount [options] <container>
Example:
$ sudo podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
f7ac2c719ff7 docker.io/library/redis redis-server 3 days ago Created myredis
$ sudo podman mount myredis
/var/lib/containers/storage/overlay/b4f1aaed89bc.../merged
$ sudo ls /var/lib/containers/storage/overlay/b4f1aaed89bc.../merged
bin boot data dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
This is useful for inspecting a container's filesystem without using podman exec -it.
Unmount Container Filesystemā
Unmounts a container's root filesystem.
podman umount [options] <container>
Example:
$ sudo podman umount myredis
myredis
Export Container Filesystemā
Exports a container's filesystem to a tar file.
podman export -o <output_filename> <container>
Example:
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
a4b59499314f nginx:latest nginx -gā¦ 3 days ago Up 50 min mynginx
$ podman export mynginx > mynginx.tar
$ ls -lh
total 138M
-rw-rw-r--. 1 guest guest 138M Feb 28 09:44 mynginx.tar
Import Filesystem as Imageā
Imports a tar file and saves it as a filesystem image.
podman import <tar_filename>
Example:
$ podman import mynginx.tar new-nginx:v1
Getting image source signatures
Copying blob 51ae4d2a0ffb done
Copying config 8d555a4dac done
Writing manifest to image destination
Storing signatures
sha256:8d555a4dac4bdeb2840ca21a1540e4e736c5c5ee65d1b3e18f3dd81a913b133d
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/new-nginx v1 ad3620ffa74c 41 minutes ago 144 MB
Miscellaneous Commandsā
View Podman Versionā
Reports information about the installed version of Podman.
podman version
Example:
$ podman version
Version: 3.4.2
API Version: 3.4.2
Go Version: go1.16.7
Built: Thu Jan 13 02:15:49 2022
OS/Arch: linux/amd64
View Podman Infoā
Displays information about the Podman installation on the local computer.
podman info
Example:
$ podman info | more -10
host:
arch: amd64
buildahVersion: 1.23.1
cgroupControllers: []
cgroupManager: cgroupfs
cgroupVersion: v1
conmon:
package: conmon-2.0.32-1.module+el8.5.0+13852+150547f7.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.0.32'
--More--
Quick Referenceā
Common Command Patternsā
| Action | Command |
|---|---|
| List images | podman images |
| List containers | podman ps -a |
| Run container | podman run -d --name myapp image:tag |
| Stop container | podman stop myapp |
| Remove container | podman rm myapp |
| Remove image | podman rmi image:tag |
| View logs | podman logs myapp |
| Execute command | podman exec -it myapp /bin/bash |
| Build image | podman build -t myimage:tag . |
| Push image | podman push registry/myimage:tag |
Useful Optionsā
-d, --detach: Run container in background-it, --interactive --tty: Interactive mode with terminal-p, --publish: Publish container ports to host-v, --volume: Mount volumes--name: Assign a name to container--rm: Automatically remove container when it exits-f, --force: Force operation
Source: Based on Red Hat Developer's Podman Basics Cheat Sheet