Context

I recently got my hands on a Macbook Pro M1 Max, and I wanted to set up a local container environment for development purposes. I’m used to run containers natively on Linux, but on MacOS, I had to find an alternative solution. After some research, I decided to use Podman, which is a daemonless container engine that can run on MacOS using a virtual machine.

Installation

Podman installation instructions

I used brew to install Podman:

λ brew install podman

To start using it, you just need to:

λ podman machine init
λ podman machine start

And verify with

λ podman info

You can now add the docker alias if you have muscular memory. This heavily depends on your shell; in my case, I use fish shell so I added the following line to my ~/.config/fish/config.fish file:

alias docker podman

Custom SSL Certificates

Adding certificates to a Podman machine

There are special situations, like when you are working within a corporate environment with a VPN connection and custom SSL certificates, where you need to make sure that the container engine can access those certificates. In such cases, you can mount the directory containing the certificates into the Podman machine.

In my case, the certificates where located remotely, hence I did:

  1. Access your podman machine and become root:
λ podman machine ssh
λ sudo su -
  1. Fetch the certificates, placing them in the /etc/pki/ca-trust/source/anchors/ directory:
curl -o /etc/pki/ca-trust/source/anchors/corp.crt https://example.com/corp.crt
  1. Update the system trust store and exit the machine:
λ update-ca-trust
λ exit

This is probably not enough, as you might need to also add these certificates as a volume available when building the containers:

λ podman build --volume <path-to-local-certs>:/etc/ssl/certs:ro -t <image-name> .

Conatiner inspection with Dive

From time to time, need arises to take a closer look to a particular container. For such endeavour, I use dive tool, which allows to inspect the layers of a container image and see how they are built up.

λ brew install dive

For running dive against podman:

λ dive podman://<image-name>

Bonus: Azure Cloud & ACR

If you are using Azure Cloud and Azure Container Registry (ACR), you will probably need to authenticate (more often than not) to ACR to pull images.

The trick here is to set the DOCKER_COMMAND environment variable to podman before running the az acr login command. As you can imagine, I added this to my ~/.config/fish/config.fish file:

set -x DOCKER_COMMAND podman

This way, when you run az acr login, it will use podman instead of docker to authenticate to ACR, and you will be able to pull images from ACR using Podman without any issues.

Also helpful if you are using helm charts stored in such ACR with helm dependency update & helm dependency build!

Make sure your podman machine is running before executing the az acr login command, otherwise you might encounter authentication issues.

Bonus: Minikube

After setting up pdoman, minikube is the next logical step if you want to have a local Kubernetes cluster for development purposes.

λ brew install minikube

For custom SSL certificates, as before, you will need to copy the custom SSL certificates to the minikube VM: λ cp <path-to-local-certs> .minikube/certs/

Then start the minikube cluster using the podman driver:

λ minikube start --driver=podman --container-runtime=cri-o

This will start a local Kubernetes cluster using Podman as the container runtime, and you will be able to use kubectl to interact with the cluster as usual.