Do we really need kubernetes when you will see what is below…
It’s nice to run everything on k8s but as Yaakov was underling it in his blog
My personal experience on Azure Kubernetes Service was that I immediately lose a massive chunk of RAM to their Kubernetes implementation, and it uses about 7-10% idle CPU on worker nodes. Even with single-instance Microk8s on a small VPS I had an idle CPU load hovering around 12% on a 2x vCPU x86_64 box, and K3S which is supposed to be leaner is at about 6% constant CPU consumption on a 2x vCPU Ampere A1 machine.
Yaakov Blog Feb 04, 2024
Podman bring the big advantage to be rootless which allow it to be transform as systemd service. Doing so, we are able to launch it as a normal service.
Instead of running containers manually, we let systemd:
- Start containers at boot
- Restart them on failure
- Stop them cleanly
- Track logs and status
Podman come with some nice feature like:
- Auto-update with
--label "io.containers.autoupdate=registry"
How to do it ?
Basic example
Here, we run a container then init the systemd config file from it:
- Let’s start a container normally:
1podman run -d \
2 --name my-nginx \
3 -p 8080:80 \
4 nginx:latest
- Podman can generate a systemd unit automatically:
1podman generate systemd my-nginx
Here more a less what you should get…
1[Unit]
2Description=Podman container-my-nginx.service
3After=network.target
4
5[Service]
6Restart=on-failure
7ExecStart=/usr/bin/podman start my-nginx
8ExecStop=/usr/bin/podman stop -t 10 my-nginx
9ExecStopPost=/usr/bin/podman rm -f my-nginx
10
11[Install]
12WantedBy=multi-user.target
- Check it:
1systemctl --user status container-my-nginx
2systemctl --user restart container-my-nginx
3journalctl --user -u container-my-nginx
Interesting example… Gitea
podman with your user, take the rootless container.In this example
docker.io/gitea/gitea:1-rootlessHere, we launch directly systemd which will download and run the container for us:
1# Create gitea systemd unit
2$ sudo vi /etc/systemd/system/container-gitea-app.service
1# container-gitea-app.service
2[Unit]
3Description=Podman container-gitea-app.service
4
5Wants=network.target
6After=network-online.target
7RequiresMountsFor=/var/lib/containers/storage /var/run/containers/storage
8
9[Service]
10Environment=PODMAN_SYSTEMD_UNIT=%n
11Restart=on-failure
12TimeoutStopSec=70
13PIDFile=%t/container-gitea-app.pid
14Type=forking
15
16ExecStartPre=/bin/rm -f %t/container-gitea-app.pid %t/container-gitea-app.ctr-id
17ExecStart=/usr/bin/podman container run \
18 --conmon-pidfile %t/container-gitea-app.pid \
19 --cidfile %t/container-gitea-app.ctr-id \
20 --cgroups=no-conmon \
21 --replace \
22 --detach \
23 --tty \
24 --env DB_TYPE=mysql \
25 --env DB_HOST=gitea-db:3306 \
26 --env DB_NAME=gitea \
27 --env DB_USER=gitea \
28 --env DB_PASSWD=password \
29 --volume gitea-data-volume:/var/lib/gitea:Z \
30 --volume gitea-config-volume:/etc/gitea:Z \
31 --network gitea-net \
32 --publish 2222:2222 \
33 --publish 3000:3000 \
34 --label "io.containers.autoupdate=registry" \
35 --name gitea-app \
36 docker.io/gitea/gitea:1-rootless
37
38ExecStop=/usr/bin/podman container stop \
39 --ignore \
40 --cidfile %t/container-gitea-app.ctr-id \
41 -t 10
42
43ExecStopPost=/usr/bin/podman container rm \
44 --ignore \
45 -f \
46 --cidfile %t/container-gitea-app.ctr-id
47
48[Install]
49WantedBy=multi-user.target default.target
The data and config will be store in /var/lib/containers/storage/volumes/ as persisted volumes gitea-config-volume and gitea-data-volume.
- Run the container:
1# Re-read systemd service file
2$ sudo systemctl daemon-reload
3
4# Enable and start the service
5$ sudo systemctl enable --now container-gitea-app
6
7# Check the service
8$ sudo systemctl status container-gitea-app
9
10# Check the container
11$ sudo podman ps
