|
|
| (9 intermediate revisions by the same user not shown) |
| Line 30: |
Line 30: |
| {| class="wikitable" | | {| class="wikitable" |
| |- | | |- |
| | <code>~/.config/containers/systemd/*.{kube,container,volume,network,yml}</code> || build systemd services from these | | | <code>~/.config/containers/systemd/*</code> || generators for user systemd services (only for rootless podman) |
| |- | | |- |
| | <code>/usr/libexec/podman/quadlet</code> || quadlet executable (not on path) | | | <code>/etc/containers/systemd/*</code> || generators for system systemd services |
| | |- |
| | | <code>/usr/share/containers/systemd/*</code> || generators for system systemd services (installed by packages) |
| | |- |
| | | <code>/usr/lib/podman/quadlet</code> || quadlet executable (not on path) |
| |} | | |} |
| </blockquote><!-- Locations --> | | </blockquote><!-- Locations --> |
|
| |
|
| = Usage = | | = Notes = |
| <blockquote> | | <blockquote> |
| == Overview ==
| | {| class="wikitable" |
| <blockquote>
| | |- |
| While quadlet is technically an executable, it's designed to work with systemd commands directly.
| | | [[quadlet install]] |
| | | |- |
| After adding your files to <code>~/.config/containers/systemd/*.{kube,container,volume,network,yml}</code>,<br>
| | | [[quadlet usage]] |
| you can run daemon-reload and your generated systemd services will be made available.
| | |- |
| | | | [[quadlet syntax]] |
| Here's the TL;DR from the official tutorial:
| | |- |
| <syntaxhighlight lang="bash">
| | |} |
| mkdir -p $HOME/.config/containers/systemd/
| | </blockquote><!-- Notes --> |
| cp envoy-proxy-configmap.yml \
| |
| quadlet-demo.kube \
| |
| quadlet-demo-mysql.container \
| |
| quadlet-demo-mysql.volume \
| |
| quadlet-demo.network \
| |
| quadlet-demo.yml \
| |
| $HOME/.config/containers/systemd/
| |
| systemctl --user daemon-reload
| |
| systemctl --user start quadlet-demo.service
| |
| </syntaxhighlight>
| |
| | |
| You can debug the generated files using
| |
| <syntaxhighlight lang="bash">
| |
| /usr/libexec/podman/quadlet --dryrun
| |
| </syntaxhighlight>
| |
| </blockquote><!-- Overview --> | |
|
| |
|
| == Secrets == | | = Examples = |
| <blockquote> | | <blockquote> |
| It looks like these are primarily managed using kubernetes own utils from <code>kubectl create secret ${secret}</code>.
| | {| class="wikitable" |
| | | |- |
| {{ TODO |
| | | [[quadlet example: single container with volume]] |
| more research is needed here.
| | |- |
| }}
| | |} |
| </blockquote><!-- Secrets -->
| | </blockquote><!-- Examples --> |
| </blockquote><!-- Usage -->
| |
| | |
| = Syntax =
| |
| <blockquote>
| |
| == Overview ==
| |
| <blockquote>
| |
| <syntaxhighlight lang="yaml">
| |
| # systemd unitfile generator files
| |
| *.container: for a single container # podman run
| |
| *.kube: from kubernetes yaml files using # podman kube play
| |
| *.pod: for a single pod within kubernetes yaml files # ? is this correct?
| |
| *.yml: a kubernetes yaml file
| |
| | |
| # resources
| |
| *.image: ensures a docker image is pulled
| |
| *.network: create podman networks, referenced in '.container' or '.kube' files
| |
| *.volume: create podman volumes, referenced in '.container' files
| |
| </syntaxhighlight>
| |
| </blockquote><!-- Overview -->
| |
| | |
| == Standalone Containers ==
| |
| <blockquote>
| |
| === *.container ===
| |
| <blockquote>
| |
| <syntaxhighlight lang="dosini">
| |
| # ~/.config/containers/systemd/foo.container
| |
| | |
| [Install]
| |
| WantedBy=default.target
| |
| | |
| [Container]
| |
| Image=docker.io/library/mysql:5.6
| |
| ContainerName=foo
| |
| Volume=foo.volume:/var/lib/mysql
| |
| Network=foo.network
| |
| </syntaxhighlight>
| |
| </blockquote><!-- *.container -->
| |
| </blockquote><!-- Standalone Containers -->
| |
| | |
| == Kubernetes ==
| |
| <blockquote>
| |
| === *.yml ===
| |
| <blockquote>
| |
| A kubernetes yaml file.
| |
| | |
| {{ WARN |
| |
| this is the official example, haven't had to use this yet
| |
| }}
| |
| <syntaxhighlight lang="yaml">
| |
| # ~/.config/containers/systemd/foo.yml
| |
| ---
| |
| apiVersion: v1
| |
| kind: PersistentVolumeClaim
| |
| metadata:
| |
| name: wp-pv-claim
| |
| labels:
| |
| app: wordpress
| |
| spec:
| |
| accessModes:
| |
| - ReadWriteOnce
| |
| resources:
| |
| requests:
| |
| storage: 20Gi
| |
| ---
| |
| apiVersion: v1
| |
| kind: Pod
| |
| metadata:
| |
| name: quadlet-demo
| |
| spec:
| |
| containers:
| |
| - name: wordpress
| |
| image: docker.io/library/wordpress:4.8-apache
| |
| env:
| |
| - name: WORDPRESS_DB_HOST
| |
| value: quadlet-demo-mysql
| |
| - name: WORDPRESS_DB_PASSWORD
| |
| valueFrom:
| |
| secretKeyRef:
| |
| name: mysql-root-password-kube
| |
| key: password
| |
| volumeMounts:
| |
| - name: wordpress-persistent-storage
| |
| mountPath: /var/www/html
| |
| # ... etc ...
| |
| </syntaxhighlight>
| |
| </blockquote><!-- *.yml -->
| |
| | |
| === *.pod ===
| |
| <blockquote>
| |
| Abstraction of a systemd unit file for running specific kubernetes pods only.
| |
| | |
| {{ TODO |
| |
| is this understanding correct?
| |
| }}
| |
| </blockquote><!-- *.pod --> | |
| | |
| === *.kube ===
| |
| <blockquote>
| |
| Abstraction of a systemd unit file for running an entire kubernetes project
| |
| </blockquote><!-- *.kube -->
| |
| </blockquote><!-- Kubernetes -->
| |
| | |
| == Resources ==
| |
| <blockquote>
| |
| === *.network ===
| |
| <blockquote>
| |
| Define a network to share between multiple containers.
| |
| | |
| <syntaxhighlight lang="dosini">
| |
| # ~/.config/containers/systemd/foo.network
| |
| | |
| Subnet=192.168.30.0/24
| |
| Gateway=192.168.30.1
| |
| </syntaxhighlight>
| |
| | |
| would generate
| |
| <syntaxhighlight lang="yaml">
| |
| podman-network: systmd-foo # podman network create systemd-foo
| |
| systemd-unit: foo-network.service
| |
| </syntaxhighlight>
| |
| </blockquote><!-- .network -->
| |
| | |
| === *.volume ===
| |
| <blockquote>
| |
| Describe a volume to share between multiple containers.
| |
| </blockquote><!-- *.volume -->
| |
| | |
| === *.image ===
| |
| <blockquote>
| |
| Ensure a docker image is pulled.<br>
| |
| Generates a service that can be used as a dependency.
| |
| </blockquote><!-- *.image -->
| |
| </blockquote><!-- Resources -->
| |
| </blockquote><!-- Syntax -->
| |
