2.1 KiB
2.1 KiB
Podman
Podman! On FreeBSD!
Install
pkg install podman-suite
or
Repeat the messages:
pkg info -D containers-common podman podman-suite
Follow the instructions for creating the zfs mount point, enabling podman and Linux.
Then PF:
cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf
Edit it. I added my own rules too:
v4egress_if = "em0"
v6egress_if = "em0"
nat on $v4egress_if inet from <cni-nat> to any -> ($v4egress_if)
nat on $v6egress_if inet6 from <cni-nat> to !ff00::/8 -> ($v6egress_if)
rdr-anchor "cni-rdr/*"
nat-anchor "cni-rdr/*"
table <cni-nat>
# My rules
block in all
ext_if="em0"
pass in on $ext_if proto tcp to ($ext_if) port 22
pass in on $ext_if proto tcp to ($ext_if) port 80
pass in on $ext_if proto tcp to ($ext_if) port 443
tailscale_if="tailscale0"
pass in on $tailscale_if proto tcp to any port 22
pass out all keep state
Run
Run a Freebsd container:
podman run --rm quay.io/dougrabson/hello
Run a Linux container. Note that when you want to run something from docker you qualify it with docker.io
podman run --rm --os=linux docker.io/alpine cat /etc/os-release | head -1
Networking
If you run a container, it will use the default network podman which has a subnet of 10.88.0.0/16, for example:
podman run --rm --os=linux docker.io/httpd
Will give you
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.8. Set the 'ServerName' directive globally to suppress this message
This message actually comes from the Apache Web Server, so that's useful. You can only access it from the same machine though:
curl 10.88.0.8
If you want to expose it externally, like we do on our Linux box, you need to attach it to the host network:
podman run --rm --os=linux --network=host docker.io/httpd
Then Apache complains:
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
I can now access the website on the host machine: