Releases: containers/podman
v4.4.1
Changes
- Added the
podman-systemd.unit
man page, which can also be displayed usingman quadlet
(#17349). - Documented journald identifiers used in the journald backend for the
podman events
command. - Dropped the CAP_CHROOT, CAP_AUDIT_WRITE, CAP_MKNOD, CAP_MKNOD default capabilities.
Bugfixes
- Fixed a bug where the default handling of pids-limit was incorrect.
- Fixed a bug where parallel calls to
make docs
crashed (#17322). - Fixed a regression in the
podman kube play
command where existing resources got mistakenly removed.
v4.4.0
Features
- Introduce Quadlet, a new systemd-generator that easily writes and maintains systemd services using Podman.
- The
podman kube play
command now supports hostPID in the pod.spec (#17157). - The
podman build
command now supports the--group-add
option. - A new command,
podman network update
has been added, which updates networks for containers and pods. - The
podman network create
command now supports a new option,--network-dns-server
, which sets the DNS servers that this network will use. - The
podman kube play
command now accepts the--publish
option, which sets or overrides port publishing. - The
podman inspect
command now returns an error field (#13729). - The
podman update
command now accepts the--pids-limit
option, which sets the PIDs limit for a container (#16543). - Podman now supports container names beginning with a
/
to match Docker behaviour (#16663). - The
podman events
command now supportsdie
as a value (mapping todied
) to the--filter
option, for better Docker compatibility (#16857). - The
podman system df
command’s--format "{{ json . }}"
option now outputs human-readable format to improve Docker compatibility - The
podman rm -f
command now also terminates containers in "stopping" state. - Rootless privileged containers will now mount all tty devices, except for the virtual-console related tty devices (/dev/tty[0-9]+) (#16925).
- The
podman play kube
command now supports subpaths when using configmap and hostpath volume types (#16828). - All commands with the
--no-heading
option now include a short option,-n
. - The
podman push
command no longer ignores the hidden--signature-policy
flag. - The
podman wait
command now supports the--ignore
option. - The
podman network create
command now supports the--ignore
option to instruct Podman to not fail when trying to create an already existing network. - The
podman kube play
command now supports volume subpaths when using named volumes (#12929). - The
podman kube play
command now supports container startup probes. - A new command,
podman buildx version
, has been added, which shows the buildah version (#16793). - Remote usage of the
podman build
command now supports the--volume
option (#16694). - The
--opt parent=...
option is now accepted with the ipvlan network driver in thepodman network create
command (#16621). - The
--init-ctr
option for thepodman container create
command now supports shell completion. - The
podman kube play
command run with a readOnlyTmpfs Flag in the kube YAML can now write to tmpfs inside of the container. - The
podman run
command has been extended with support for checkpoint images. - When the new
event_audit_container_create
option is enabled in containers.conf, the verbosity of the container-create event is increased by adding the inspect data of the container to the event. - Containers can now have startup healthchecks, allowing a command to be run to ensure the container is fully started before the regular healthcheck is activated.
- CDI devices can now be specified in containers.conf (#16232).
- The
podman push
command features two new options,--encryption-key
and--encrypt-layer
, for encrypting an image while pushing it to a registry (#15163). - The
podman pull
andpodman run
commands feature a new option,--decryption-key
, which decrypts the image while pulling it from a registry (#15163). - Remote usage of the
podman manifest annotate
command is now supported. - The
SSL_CERT_FILE
andSSL_CERT_DIR
environment variables are now propagated into Podman machine VMs (#16041). - A new environment variable,
CONTAINER_PROXY
, can be used to specify TCP proxies when using remote Podman. - The runtime automatically detects and switches to crun-wasm if the image is a webassembly image.
- The
podman machine init
command now supports the--quiet
option, as well a new option,--no-info
which suppresses informational tips (#15525). - The
podman volume create
command now includes the-d
short option for the--driver
option. - The
podman events
command has a new alias,podman system events
, for better Docker compatibility. - The
--restart-sec
option forpodman generate systemd
now generatesRestartSec=
for both pod service files and container service files (#16419). - The
podman manifest push
command now accepts--purge
,-p
options as aliases for--rm
, for Docker compatibility. - The
--network
option topodman pod create
now supports using an existing network namespace vians:[netns-path]
(#16208). - The
podman pod rm
andpodman container rm
commands now removes container/pod ID files along with the container/pod (#16387). - The
podman manifest inspect
command now accepts a new option,--insecure
as an alias to--tls-verify=false
, improving Docker compatibility (#14917). - A new command,
podman kube apply
, has been added, which deploys the generated yaml to a k8s cluster. - The
--userns=keep-id
option in rootlesspodman create
,podman run
,podman kube play
,podman pod create
, andpodman pod clone
now can be used when only one ID is available. - The
podman play kube
command now supports thevolume.podman.io/import-source
annotation to import the contents of tarballs. - The
podman volume create
command now accepts the--ignore
option, which ignores the create request if the named volume already exists. - The
--filter
option forpodman ps
now supports regex (#16180). - The
podman system df
command now accepts--format json
and autocompletes for the--format
option (#16204). - The
podman kube down
command accepts a new option,--force
, which removes volumes (#16348). - The
podman create
,podman run
, andpodman pod create
commands now support a new networking mode, pasta, which can be enabled with the--net=pasta
option (#14425, #13229).
Changes
- CNI is being deprecated from Podman and support will be dropped at a future date. Netavark is now advised and is the default network backend for Podman.
- The network name
pasta
is deprecated and support for it will be removed in the next major release. - The
podman network create
command no longer acceptsdefault
as valid name. It is impossible to use this network name in thepodman run/create
command because it is parsed as a network mode instead (#17169). - The
podman kube generate
command will no longer generate built-in annotations, as reserved annotations are used internally by Podman and would have no effect when run with Kubernetes. - The
podman kube play
command now limits the replica count to 1 when deploying from kubernetes YAML (#16765). - When a container that runs with the
--pid=host
option is terminated, Podman now sends a SIGKILL to all the active exec sessions - The journald driver for both
podman events
andpodman logs
is now more efficient when the--since
option is used, as it will now seek directly to the correct time instead of reading all entries from the journal (#16950). - When the
--service-container
option is set for thepodman kube play
command, the default log-driver to is now set topassthrough
(#16592). - The
podman container inspect
andpodman kube generate
commands will no longer list default annotations set to false. - Podman no longer reports errors on short-lived init containers in pods.
- Healthchecks are now automatically disabled if on non-systemd systems. If Podman is compiled without the systemd build tag, healthcheck will be disabled at build time (#16644).
- Improved atomicity of VM state persistence on Windows now better tolerates FS corruption in cases of power loss or system failure (#16550).
- A user namespace is now always created when running with EUID != 0. This is necessary to work in a Kubernetes environment where the POD is "privileged" but it is still running with a non-root user.
- Old healthcheck states are now cleaned up during container restart.
- The
CONTAINER_HOST
environment variable defaults to port 22 for SSH style URLs for remote connections, when set (#16509). - The
podman kube play
command now reuses existing PersistentVolumeClaims instead of erroring.
-...
v4.4.0-RC3
Features
- Introduce Quadlet, a new systemd-generator that easily writes and maintains systemd services using Podman.
- The
podman kube play
command now supports hostPID in the pod.spec (#17157). - The
podman build
command now supports the--group-add
option. - A new command,
podman network update
has been added, which updates networks for containers and pods. - The
podman network create
command now supports a new option,--network-dns-server
sets the DNS servers that this network will use. - The
podman kube play
command now accepts the--publish
option, in order to set or override port publishing. - The
podman inspect
command now returns an error field (#13729). - The
podman update
command now accepts the--pids-limit
option, which adds the functionality to update the PIDs limit for a container (#16543). - Podman now supports container names beginning with a '/' to match Docker behaviour (#16663).
- The
podman events
command now supports "die" as a value (mapping to "died") to the--filter
option, for better Docker compatibility (#16857). - The
podman system df
command’s--format "{{ json . }}"
option now outputs human-readable format to improve Docker compatibility - The
podman rm -f
command now also terminates containers in "stopping" state. - Rootless privileged containers will now mount all tty devices, except for the virtual-console ones (/dev/tty[0-9]+) (#16925).
- The
podman play kube
command now supports subpaths when using configmap and hostpath volume types (#16828). - A user namespace is now always created when running with EUID != 0. This is necessary to work in a Kubernetes environment where the POD is "privileged" but it is still running with a non-root user.
- All commands with the
--no-heading
option now include a short option,-n
. - The
podman push
command no longer ignores the hidden--signature-policy
flag. - The
podman wait
command now supports the--ignore
option. - The
podman network create
command now supports the--ignore
option to instruct Podman to not fail when trying to create an already existing network. - The
podman kube play
command now supports volume subpaths when using named volumes (#12929). - The
podman kube play
command now supports container startup probes. - A new command,
podman buildx version
, has been added, which shows the buildah version (#16793). - Remote usage of the
podman build
command now supports the--volume
option (#16694). - The
--opt parent=...
option is now accepted with the ipvlan network driver in thepodman network create
command (#16621). - The
--init-ctr
option for thepodman container create
command now supports shell completion. - The
podman kube play
command run with a readOnlyTmpfs Flag in the kube YAML can now write to tmpfs inside of the container. - The
podman run
command has been extended with support for checkpoint images. - When the new
event_audit_container_create
option is enabled in containers.conf, increase the verbosity of the container-create event by adding the inspect data of the container to the event. - Containers can now have startup healthchecks, allowing a command to be run to ensure the container is fully started before the regular healthcheck is activated.
- CDI devices can now be specified in containers.conf (#16232).
- The
podman push
command features two new options,--encryption-key
and--encrypt-layer
, for encrypting an image while pushing it to a registry (#15163). - The
podman pull
andpodman run
commands feature a new option,--decryption-key
, which decrypts the image while pulling it from a registry (#15163). - The
podman manifest annotate
command is now supported for podman-remote. - The
SSL_CERT_FILE
andSSL_CERT_DIR
environment variables are now propagated into podman machine VM’s (#16041). - A new environment variable,
CONTAINER_PROXY
, can be used to specify TCP proxies when using podman-remote. - The runtime automatically detects and switches to crun-wasm if the image is a webassembly image.
- The
podman machine init
command now supports the--quiet
option, as well a new option,--no-info
which suppresses informational tips (#15525). - The
podman volume create
command now includes the-d
short option for the--driver
option. - The
podman events
command has a new alias,podman system events
, for better Docker compatibility. - The
--restart-sec
option forpodman generate systemd
now generatesRestartSec=
for both pod service files and container service files (#16419). - The
podman manifest push
command now accepts--purge
,-p
options as aliases for--rm
, for Docker compatibility. - The
--network
option topodman pod create
now supports using an existing network namespace vians:[netns-path]
(#16208). - The
podman pod rm
andpodman container rm
commands now removes container/pod ID files along with the container/pod (#16387). - The
podman manifest inspect
command now accepts a new option,--insecure
(identical to --tls-verify=false), improving Docker compatibility. (#14917). - A new command,
podman kube apply
, has been added, which deploys the generated yaml to a k8s cluster. - The
--userns=keep-id
option in rootlesspodman create
,podman run
,podman kube play
,podman pod create
, andpodman pod clone
now can be used when only one ID is available. - The
podman play kube
command now supports thevolume.podman.io/import-source
annotation to import the contents of tarballs. - The
podman volume create
command now accepts the--ignore
option, which ignores the create request if the named volume already exists. - The
--filter
option forpodman ps
now supports regex (#16180). - The
podman system df
command now accepts--format json
and autocompletes for the--format
option (#16204).
Changes
- CNI is being deprecated from Podman and support will be dropped at a future date. Netavark is now advised and is the default network backend for Podman.
- The network name
pasta
is deprecated and support for it will be removed in the next major release. - The
podman network create
command no longer acceptsdefault
as valid name. It is impossible to use this network name in thepodman run/create
command because it is parsed as a network mode instead (#17169). - The
podman kube generate
command will no longer generate built-in annotations, as reserved annotations are used internally by Podman and would have no effect when run with Kubernetes. - The
podman kube play
command now limits the replica count to 1 when deploying from kubernetes YAML (#16765). - When a container that runs with the
--pid=host
option is terminated, Podman now sends a SIGKILL to all the active exec sessions - The journald driver for both
podman events
andpodman logs
is now more efficient when the--since
option is used, as it will now seek directly to the correct time instead of reading all entries from the journal (#16950). - When the
--service-container
option is set for thepodman kube play
command, the default log-driver to is now set to passthrough (#16592). - The
podman container inspect
andpodman kube generate
commands will no longer list default annotations set to false. - Podman no longer reports errors on short-lived init containers in pods.
- Healthchecks are now automatically disabled if on non-systemd systems. If Podman is compiled without the systemd build tag, healthcheck will be disabled at build time (#16644).
- Improved atomicity of VM state persistence on Windows to better tolerate FS corruption in cases of power loss or system failure (#16550).
- Old healthcheck states are now cleaned up during container restart.
- The
CONTAINER_HOST
environment variable defaults to port 22 for SSH style URLs for remote connections, when set. (#16509). - The
podman kube play
command now reuses existing PersistentVolumeClaims instead of erroring.
Thepodman kube down
command accepts a new option,--force
, which removes volumes (#16348). - The
podman create
,podman run
, andpodman pod create
commands now support a new networking mode, pasta, which can be enabled with the--net=pasta
option (#14425), ([#13229](#1...
v4.4.0-RC2
This is the second release candidate of Podman v4.4.0. Full release notes are not available, but will be compiled for the next RC.
v4.4.0-RC1
This is the first release candidate of Podman v4.4.0. Full release notes are not available, but will be compiled for the next RC.
v4.3.1
Bugfixes
- Fixed a deadlock between the
podman ps
andpodman container inspect
commands
Misc
- Updated the containers/image library to v5.23.1
v4.3.0
Features
- A new command,
podman generate spec
, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers. - A new command,
podman update
, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted (#15067). - A new command,
podman kube down
, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical topodman kube play --down
, but it now has its own command). - The
podman kube play
command now supports Kubernetes secrets using Podman's secrets backend. - Systemd-managed pods created by the
podman kube play
command now integrate with sd-notify, using theio.containers.sdnotify
annotation (orio.containers.sdnotify/$name
for specific containers). - Systemd-managed pods created by
podman kube play
can now be auto-updated, using theio.containers.auto-update
annotation (orio.containers.auto-update/$name
for specific containers). - The
podman kube play
command can now read YAML from URLs, e.g.podman kube play https://example.com/demo.yml
(#14955). - The
podman kube play
command now supports theemptyDir
volume type (#13309). - The
podman kube play
command now supports theHostUsers
field in the pod spec. - The
podman play kube
command now supportsbinaryData
in ConfigMaps. - The
podman pod create
command can now set additional resource limits for pods using the new--memory-swap
,--cpuset-mems
,--device-read-bps
,--device-write-bps
,--blkio-weight
,--blkio-weight-device
, and--cpu-shares
options. - The
podman machine init
command now supports a new option,--username
, to set the username that will be used to connect to the VM as a non-root user (#15402). - The
podman volume create
command's-o timeout=
option can now set a timeout of 0, indicating volume plugin operations will never time out. - Added support for a new volume driver,
image
, which allows volumes to be created that are backed by images. - The
podman run
andpodman create
commands support a new option,--env-merge
, allowing environment variables to be specified relative to other environment variables in the image (e.g.podman run --env-merge "PATH=$PATH:/my/app" ...
) (#15288). - The
podman run
andpodman create
commands support a new option,--on-failure
, to allow action to be taken when a container fails health checks, with the following supported actions:none
(take no action, the default),kill
(kill the container),restart
(restart the container), andstop
(stop the container). - The
--keep-id
option topodman create
andpodman run
now supports new options,uid
andgid
, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g.--userns=keep-id:uid=11
will made the user running Podman to UID 11 in the container) (#15294). - The
podman generate systemd
command now supports a new option,--env
/-e
, to set environment variables in the generated unit file (#15523). - The
podman pause
andpodman unpause
commands now support the--latest
,--cidfile
, and--filter
options. - The
podman restart
command now supports the--cidfile
and--filter
options. - The
podman rm
command now supports the--filter
option to select which containers will be removed. - The
podman rmi
command now supports a new option,--no-prune
, to prevent the removal of dangling parents of removed images. - The
--dns-opt
option topodman create
,podman run
, andpodman pod create
has received a new alias,--dns-option
, to improve Docker compatibility. - The
podman
command now features a new global flag,--debug
/-D
, which enables debug-level logging (identical to--log-level=debug
), improving Docker compatibility. - The
podman
command now features a new global flag,--config
. This flag is ignored, and is only included for Docker compatibility (#14767). - The
podman manifest create
command now accepts a new option,--amend
/-a
. - The
podman manifest create
,podman manifest add
andpodman manifest push
commands now accept a new option,--insecure
(identical to--tls-verify=false
), improving Docker compatibility. - The
podman secret create
command's--driver
and--format
options now have new aliases,-d
for--driver
and-f
for--format
. - The
podman secret create
command now supports a new option,--label
/-l
, to add labels to created secrets. - The
podman secret ls
command now accepts the--quiet
/-q
option. - The
podman secret inspect
command now accepts a new option,--pretty
, to print output in human-readable format. - The
podman stats
command now accepts the--no-trunc
option. - The
podman save
command now accepts the--signature-policy
option (#15869). - The
podman pod inspect
command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods (#15674). - A series of new hidden commands have been added under
podman context
as aliases to existingpodman system connection
commands, to improve Docker compatibility. - The remote Podman client now supports proxying signals for attach sessions when the
--sig-proxy
option is set (#14707).
Changes
- Duplicate volume mounts are now allowed with the
-v
option topodman run
,podman create
, andpodman pod create
, so long as source, destination, and options all match (#4217). - The
podman generate kube
andpodman play kube
commands have been renamed topodman kube generate
andpodman kube play
to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function. - A number of Podman commands (
podman init
,podman container checkpoint
,podman container restore
,podman container cleanup
) now print the user-inputted name of the container, instead of its full ID, on success. - When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.
- The installer for the Windows Podman client has been improved.
- The
--cpu-rt-period
and--cpu-rt-runtime
options topodman run
andpodman create
now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) (#15666). - Privileged containers running systemd will no longer mount
/dev/tty*
devices other than/dev/tty
itself into the container (#15878). - Events for containers that are part of a pod now include the ID of the pod in the event.
- SSH functionality for
podman machine
commands has seen a thorough rework, addressing many issues about authentication. - The
--network
option topodman kube play
now allows passinghost
to set the pod to use host networking, even if the YAML does not request this. - The
podman inspect
command on containers now includes the digest of the image used to create the container. - Pods created by
podman play kube
are now, by default, placed into a network namedpodman-kube
. If thepodman-kube
network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.
Bugfixes
- Fixed a bug where the
podman network prune
andpodman container prune
commands did not properly support the--filter label!=
option (#14182). - Fixed a bug where the
podman kube generate
command added an unnecessarySecret: null
line to generated YAML (#15156). - Fixed a bug where the
podman kube generate
command did not setenableServiceLinks
andautomountServiceAccountToken
to false in generated YAML (#15478 and #15243). - Fixed a bug where the
podman kube play
command did not properly handle CPU limits (#15726). - Fixed a bug where the
podman kube play
command did not respect default values for liveness probes (#15855). - Fixed a bug where the
podman kube play
command did not bind ports ifhostPort
was not specified butcontainerPort
was (#15942). - Fixed a bug where the
podman kube play
command sometimes did not create directories on the host forhostPath
volumes. - Fixed a bug where the remote Podman client's
podman manifest push
command did not display progress. - Fixed a bug where the
--filter "{{.Config.Healthcheck}}"
option topodman image inspect
did not print the image's configured healthcheck (#14661). - Fixed a bug where the
podman volume create -o timeout=
option could be specified even when no volume plugin was in use. - Fixed a bug where the
podman rmi
command did not emituntag
events when removing ta...
v4.3.0-RC1
This is the first release candidate for Podman v4.3.0. Full release notes are not available, and will be compiled as part of the release.
v4.2.1
Features
- Added support for Sigstore signatures (
sigstoreSigned
) to thepodman image trust set
andpodman image trust show
commands.` - The
podman image trust show
command now recognizes newlookaside
field names. - The
podman image trust show
command now recognizeskeyPaths
insignedBy
entries.
Changes
- BREAKING CHANGE:
podman image trust show
may now show multiple entries for the same scope, to better represent separate requirements. GPG IDs on a single row now always represent alternative keys, only one of which is required; if multiple sets of keys are required, each is re
presented by a single line. - The
podman generate kube
command no longer adds thebind-mount-options
annotation to generated Service YAML (#15208).
Bugfixes
- Fixed a bug where Podman could deadlock when using
podman kill
to send signals to containers (#15492). - Fixed a bug where the
podman image trust set
command would silently discard unknown fields. - Fixed a bug where the
podman image trust show
command would not show signature enforcement configuration for the default scope. - Fixed a bug where the
podman image trust show
command would silently ignore multiple kinds of requirements in a single scope. - Fixed a bug where a typo in the
podman-kube@.service
unit file would cause warnings when runningsystemctl status
on the unit. - Fixed a bug where the
--compress
option topodman image save
was incorrectly allowed with theoci-dir
format. - Fixed a bug where the
podman container clone
command did not properly clone environment variables (#15242). - Fixed a bug where Podman would not accept environment variables with whitespace in their keys (#15251).
- Fixed a bug where Podman would not accept file paths containing the
:
character, preventing some commands from being used withpodman machine
on Windows (#15247). - Fixed a bug where the
podman top
command would report new capabilities as unknown. - Fixed a bug where running Podman in a container could cause fatal errors about an inability to create cgroups (#15498).
- Fixed a bug where the
podman generate kube
command could generate incorrect YAML when thebind-mount-options
was used (#15170). - Fixed a bug where generated container names were deterministic, instead of random (#15569).
- Fixed a bug where the
podman events
command would not work with custom--format
specifiers (#15648).
API
- Fixed a bug where the Compat List endpoint for Containers did not sort the
HostConfig.Binds
field as Docker does. - Fixed a bug where the Compat List endpoint for Containers send the name (instead of ID) of the image the container was based on.
- Fixed a bug where the Compat Connect endpoint for Networks would return an error (instead of 200) when attempting to connect a container to a network it was already connected to (#15499).
- Fixed a bug where the Compat Events endpoint set an incorrect status for image removal events (
remove
instead ofdelete
) (#15485).
v4.2.0
Podman Desktop
As part of our work to better integrate Podman into MacOS and Windows, we have also been working on a new project, Podman Desktop, which provides a GUI to help developers interact with Podman. Podman Desktop is still in its early days, but already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies).
Features
- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
- A new command has been added,
podman pod clone
, to create a copy of an existing pod. It supports several options, including--start
to start the new pod,--destroy
to remove the original pod, and--name
to change the name of the new pod (#12843). - A new command has been added,
podman volume reload
, to sync changes in state between Podman's database and any configured volume plugins (#14207). - A new command has been added,
podman machine info
, which displays information about the host and the versions of various machine components. - Pods created by
podman play kube
can now be managed by systemd unit files. This can be done via a new systemd service,podman-kube@.service
- e.g.systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service
will run the Kubernetes pod or deployment contained inmy.yaml
under systemd. - The
podman play kube
command now honors theRunAsUser
,RunAsGroup
, andSupplementalGroups
setting from the Kubernetes pod's security context. - The
podman play kube
command now supports volumes with theBlockDevice
andCharDevice
types (#13951). - The
podman play kube
command now features a new flag,--userns
, to set the user namespace of created pods. Two values are allowed at present:host
andauto
(#7504). - The
podman play kube
command now supports setting the type of created init containers via theio.podman.annotations.init.container.type
annotation. - Pods now have include an exit policy (configurable via the
--exit-policy
option topodman pod create
), which determines what will happen to the pod's infra container when the entire pod stops. The default,continue
, acts as Podman currently does, while a new option,stop
, stops the infra container after the last container in the pod stops, and is used by default for pods frompodman play kube
(#13464). - The
podman pod create
command now allows the pod's name to be specified as an argument, instead of using the--name
option - for example,podman pod create mypod
instead of the priorpodman pod create --name mypod
. Please note that the--name
option is not deprecated and will continue to work. - The
podman pod create
command's--share
option now supports adding namespaces to the set by prefacing them with+
(as opposed to specifying all namespaces that should be shared) (#13422). - The
podman pod create
command has a new option,--shm-size
, to specify the size of the/dev/shm
mount that will be shared if the pod shares its UTS namespace (#14609). - The
podman pod create
command has a new option,--uts
, to configure the UTS namespace that will be shared by containers in the pod. - The
podman pod create
command now supports setting pod-level resource limits via the--cpus
,--cpuset-cpus
, and--memory
options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release! - The
podman create
andpodman run
commands now include the-c
short option for the--cpu-shares
option. - The
podman create
andpodman run
commands can now create containers from a manifest list (and not an image) as long as the--platform
option is specified (#14773). - The
podman build
command now supports a new option,--cpp-flag
, to specify options for the C preprocessor when usingContainerfile.in
files that require preprocessing. - The
podman build
command now supports a new option,--build-context
, allowing the user to specify an additional build context. - The
podman machine inspect
command now prints the location of the VM's Podman API socket on the host (#14231). - The
podman machine init
command on Windows now fetches an image with packages pre-installed (#14698). - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
- The default for the
--image-volume
option topodman run
andpodman create
can now have its default set through theimage_volume_mode
setting incontainers.conf
(#14230). - Overlay volumes now support two new options,
workdir
andupperdir
, to allow multiple overlay volumes from different containers to reuse the sameworkdir
orupperdir
(#14427). - The
podman volume create
command now supports two new options,copy
andnocopy
, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up). - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the
--opt o=timeout=
option topodman volume create
(BZ 2080458). - The
podman volume ls
command's--filter name=
option now supports regular expression matching for volume names (#14583). - When used with a
podman machine
VM, volumes now support specification of the 9p security model using thesecurity_model
option topodman create -v
andpodman run -v
. - The remote Podman client's
podman push
command now supports the--remove-signatures
option (#14558). - The remote Podman client now supports the
podman image scp
command. - The
podman image scp
command now supports tagging the transferred image with a new name. - The
podman network ls
command supports a new filter,--filter dangling=
, to list networks not presently used by any containers (#14595). - The
--condition
option topodman wait
can now be specified multiple times to wait on any one of multiple conditions. - The
podman events
command now includes the-f
short option for the--filter
option. - The
podman pull
command now includes the-a
short option for the--all-tags
option. - The
podman stop
command now includes a new flag,--filter
, to filter which containers will be stopped (e.g.podman stop --all --filter label=COM.MY.APP
). - The Podman global option
--url
now has two aliases:-H
and--host
. - The
podman network create
command now supports a new option with the defaultbridge
driver,--opt isolate=
, which isolates the network by blocking any traffic from it to any other network with theisolate
option enabled. This option is enabled by default for networks created using the Docker-compatible API. - Added the ability to create sigstore signatures in
podman push
andpodman manifest push
. - Added an option to read image signing passphrase from a file.
Changes
- Paused containers can now be killed with the
podman kill
command. - The
podman system prune
command now removes unused networks. - The
--userns=keep-id
and--userns=nomap
options to thepodman run
andpodman create
commands are no longer allowed (instead of simply being ignored) with root Podman. - If the
/run
directory for a container is part of a volume, Podman will not create the/run/.containerenv
file (#14577). - The
podman machine stop
command on macOS now waits for the machine to be completely stopped to exit (#14148). - All
podman machine
commands now only support being run as rootless, given that VMs only functioned when run rootless. - The
podman unpause --all
command will now only attempt to unpause containers that are paused, not all containers. - Init containers created with
podman play kube
now default to theonce
type (#14877). - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
- The
podman create
,podman run
, andpodman cp
commands can now autocomplete paths in the image or container via the shell completion. - The
libpod/common
package has been removed as it's not used anywhere. - The
--userns
option topodman create
andpodman run
is no longer accepted when an explicit UID or GID mapping is specified (#15233).
Bugfixes
- Fixed a bug where bind-mounting
/dev
into a container which used the--init
flag would cause the container to fail to start ([#14251...