Skip to content

FreeBSD Podman

pkg install podman

=====
Message from conmon-2.1.12_4:

--
To properly support Podman's container restart policy, conmon needs fdescfs(5)
to be mounted on /dev/fd.

If /dev/fd is not already mounted:

        mount -t fdescfs fdesc /dev/fd

To make it permanent, add the following line to /etc/fstab:

        fdesc   /dev/fd         fdescfs         rw      0       0
=====
Message from containernetworking-plugins-0.5_10:

--
Container networking relies on NAT to allow container network packets
out to the host's network. This requires a PF firewall to perform the
translation. A simple example is included - to use it:

# cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf
...
Edit /etc/pf.conf and set v4egress_if, v6egress_if to your network interface(s)
...
# sysrc pf_enable=YES
# service pf start

The sample PF configuration includes support for port redirections. These are
implemented as redirect rules in anchors nested under cni-rdr.

Support for redirecting connections from the container host to services running
inside a container is included for FreeBSD 13.3 and later. To enable this, first
load the pf kernel module, by adding pf_load="YES" to /boot/loader.conf and
enable PF support for these redirections using sysctl:

# kldload pf
# sysctl net.pf.filter_local=1
# service pf restart

Redirect rules will work if the destination address is localhost (e.g. 127.0.0.1
or ::1) - to enable this, the following line must be included in your
/etc/pf.conf:

nat-anchor "cni-rdr/*"

if upgrading from an older version, this needs to be added to /etc/pf.conf.

For example if host port 1234 is redirected to an http service running in a
container, you could connect to it using:

# fetch -o- http://$(hostname):1234

or

# fetch -o- http://localhost:1234
=====
Message from containers-common-0.60.4_1:

--
Container images and related state is stored in /var/db/containers. It
is recommended to use ZFS for this:

# zfs create -o mountpoint=/var/db/containers zroot/containers

If your system cannot use ZFS, change storage.conf to use the vfs
storage driver:

# sed -I .bak -e 's/driver = "zfs"/driver = "vfs"/' /usr/local/etc/containers/storage.conf
=====
Message from podman-5.2.5_2:

--
The FreeBSD port of the Podman container engine is experimental and should be
used for evaluation and testing purposes only.

$ sudo podman run --rm docker.io/dougrabson/hello

Podman can restart containers after a host is rebooted. To enable this, use:

$ sudo sysrc podman_enable=YES

and start the container with a restart policy:

$ sudo podman run -d --restart=always myimage

It is possible to run many Linux container images using FreeBSD's Linux emulation:

$ sudo sysrc linux_enable=YES
$ sudo service linux start
$ sudo podman run --rm --os=linux alpine cat /etc/os-release | head -1
NAME="Alpine Linux"

Error: plugin type="bridge" failed (add): cni plugin bridge failed: The pf kernel module must be loaded to support ipMasq networks

启动PF

# 启用PF防火墙(编辑/etc/rc.conf)
echo 'pf_enable="YES"' | sudo tee -a /etc/rc.conf

touch /etc/pf.conf

# 启动PF服务
sudo service pf start

启用IP转发功能

允许系统转发IPv4数据包:

Bash

# 临时生效 
sudo sysctl net.inet.ip.forwarding=1

# 永久生效(编辑/etc/sysctl.conf)
echo 'net.inet.ip.forwarding=1' | sudo tee -a /etc/sysctl.conf