Cheat sheet

Podman

Daemonless, rootless container management — containers, pods, Kubernetes integration, and systemd.

Containers

# Run a container (rootless by default)
podman run -d --name web -p 8080:80 nginx:alpine

# Run interactively
podman run -it --rm ubuntu:24.04 bash

# List running containers
podman ps

# List all (including stopped)
podman ps -a

# Stop / remove
podman stop web
podman rm web

# Exec into a running container
podman exec -it web /bin/sh

Images

# Pull an image
podman pull docker.io/library/alpine:3.20

# List local images
podman images

# Build from Dockerfile
podman build -t my-app:v1 .

# Tag and push
podman tag my-app:v1 registry.example.com/my-app:v1
podman push registry.example.com/my-app:v1

# Remove unused images
podman image prune

Pods (multi-container)

# Create a pod
podman pod create --name mypod -p 8080:80

# Add containers to the pod
podman run -d --pod mypod --name web nginx:alpine
podman run -d --pod mypod --name sidecar alpine sleep 3600

# List pods
podman pod list

# Inspect pod
podman pod inspect mypod

# Stop / remove pod (and all its containers)
podman pod stop mypod
podman pod rm mypod

Kubernetes integration

# Generate K8s Pod YAML from a running pod
podman kube generate mypod > mypod.yaml

# Generate from individual container
podman kube generate web > web.yaml

# Run a K8s YAML locally (no cluster needed)
podman kube play mypod.yaml

# Tear down resources created by kube play
podman kube play --down mypod.yaml

# Note: podman generate kube and podman play kube
# were renamed in Podman v5 — use kube generate / kube play

Rootless & user namespaces

# Check if running rootless
podman info | grep rootless

# Map host UIDs for bind mounts
podman run --userns=keep-id \
  -v $HOME/data:/data:Z my-app

# Run as a specific user inside the container
podman run --user 1001:1001 my-app

# View user namespace mapping
podman unshare cat /proc/self/uid_map

Volumes & bind mounts

# Named volume
podman volume create mydata
podman run -v mydata:/data my-app

# Bind mount (add :Z for SELinux relabelling)
podman run -v /host/path:/container/path:Z my-app

# List volumes
podman volume ls

# Remove unused volumes
podman volume prune

Systemd integration

# Generate a systemd unit for a container
podman generate systemd --new --name web \
  > ~/.config/systemd/user/container-web.service

# Enable and start
systemctl --user enable container-web
systemctl --user start container-web

# Enable Podman socket (for Docker-compatible API)
systemctl --user enable --now podman.socket
export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock

Docker compatibility

# Podman is CLI-compatible — most docker commands work as-is
alias docker=podman

# Enable Podman socket for tools that use Docker socket
systemctl --user start podman.socket

# Docker Compose via podman-compose
pip install podman-compose
podman-compose up -d

# Or point docker compose at Podman socket
DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock \
  docker compose up -d

# Run a container (rootless by default) podman run -d --name web -p 8080:80 nginx:alpine # Run interactively podman run -it --rm ubuntu:24.04 bash # List running containers podman ps # List all (including stopped) podman ps -a # Stop / remove podman stop web podman rm web # Exec into a running container podman exec -it web /bin/sh

# Pull an image podman pull docker.io/library/alpine:3.20 # List local images podman images # Build from Dockerfile podman build -t my-app:v1 . # Tag and push podman tag my-app:v1 registry.example.com/my-app:v1 podman push registry.example.com/my-app:v1 # Remove unused images podman image prune

# Create a pod podman pod create --name mypod -p 8080:80 # Add containers to the pod podman run -d --pod mypod --name web nginx:alpine podman run -d --pod mypod --name sidecar alpine sleep 3600 # List pods podman pod list # Inspect pod podman pod inspect mypod # Stop / remove pod (and all its containers) podman pod stop mypod podman pod rm mypod

# Generate K8s Pod YAML from a running pod podman kube generate mypod > mypod.yaml # Generate from individual container podman kube generate web > web.yaml # Run a K8s YAML locally (no cluster needed) podman kube play mypod.yaml # Tear down resources created by kube play podman kube play --down mypod.yaml # Note: podman generate kube and podman play kube # were renamed in Podman v5 — use kube generate / kube play

# Check if running rootless podman info | grep rootless # Map host UIDs for bind mounts podman run --userns=keep-id \ -v $HOME/data:/data:Z my-app # Run as a specific user inside the container podman run --user 1001:1001 my-app # View user namespace mapping podman unshare cat /proc/self/uid_map

# Named volume podman volume create mydata podman run -v mydata:/data my-app # Bind mount (add :Z for SELinux relabelling) podman run -v /host/path:/container/path:Z my-app # List volumes podman volume ls # Remove unused volumes podman volume prune

# Generate a systemd unit for a container podman generate systemd --new --name web \ > ~/.config/systemd/user/container-web.service # Enable and start systemctl --user enable container-web systemctl --user start container-web # Enable Podman socket (for Docker-compatible API) systemctl --user enable --now podman.socket export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock

# Podman is CLI-compatible — most docker commands work as-is alias docker=podman # Enable Podman socket for tools that use Docker socket systemctl --user start podman.socket # Docker Compose via podman-compose pip install podman-compose podman-compose up -d # Or point docker compose at Podman socket DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock \ docker compose up -d