87 lines
1.5 KiB
Markdown
87 lines
1.5 KiB
Markdown
# Docker-Specific Guide
|
|
|
|
## Docker vs Podman
|
|
|
|
This project prioritizes **Podman** (OCI-compliant, rootless, daemonless). For Docker, convert commands:
|
|
|
|
```bash
|
|
# Podman → Docker
|
|
podman build -t name . → docker build -t name .
|
|
podman run -d name → docker run -d name
|
|
```
|
|
|
|
## Key Differences
|
|
|
|
### SELinux
|
|
|
|
**Podman**: Native support, use `:Z` or `:z` for volumes
|
|
|
|
```bash
|
|
podman run -v ./data:/data:Z name
|
|
```
|
|
|
|
**Docker**: Requires `selinux` mount option
|
|
|
|
```bash
|
|
docker run -v ./data:/data:Z name # May not work
|
|
docker run --security-opt label=type:container_t name
|
|
```
|
|
|
|
### Rootless
|
|
|
|
**Podman**: Default rootless operation
|
|
|
|
```bash
|
|
podman run -d -p 8080:8080 name # Works as user
|
|
```
|
|
|
|
**Docker**: Requires rootless daemon setup
|
|
|
|
```bash
|
|
dockerd-rootless-setuptool.sh install
|
|
```
|
|
|
|
### Systemd
|
|
|
|
**Podman**: Native integration
|
|
|
|
```bash
|
|
podman generate systemd --new name
|
|
```
|
|
|
|
**Docker**: Use third-party solutions
|
|
|
|
## Docker Files
|
|
|
|
Use `Dockerfile` instead of `Containerfile`:
|
|
|
|
```bash
|
|
docker build -f assets/Dockerfile.alpine -t argparse-builder .
|
|
```
|
|
|
|
## Docker Compose
|
|
|
|
Standard `docker-compose.yml` works, but note SELinux limitations:
|
|
|
|
```yaml
|
|
services:
|
|
app:
|
|
volumes:
|
|
- ./data:/data # No :Z support in Docker Compose
|
|
```
|
|
|
|
Workaround:
|
|
|
|
```bash
|
|
chcon -Rt container_file_t ./data # Pre-label directory
|
|
```
|
|
|
|
## Migration to Podman
|
|
|
|
1. Replace `docker` with `podman` in commands
|
|
2. Add `:Z` to volume mounts for SELinux
|
|
3. Use rootless by default
|
|
4. Generate systemd units with Podman
|
|
|
|
See `docs/container.md` for full Podman guide.
|