I liked podman for what I was working on with it. The only hangup I found was th...

gvalkov · on Feb 11, 2021

Quite a lot is possible with CNI [1]. For example, we use this setup to give real IPs to containers:

  # /etc/cni/net.d/testnet.conflist
  {
    "cniVersion": "0.4.0",
    "name": "testnet",
    "plugins": [
      {
        "type": "bridge",
        "bridge": "br0",  # main host interface is part of this bridge
        "ipam": {
          "type": "host-local",
          "subnet": "10.0.0.0/16",
          "gateway": "10.0.0.1",
          "routes": [{ "dst": "0.0.0.0/0"}]
        }
      }
    ]
  }

You can then start a container and operate on its network namespace for added flexibility:

  podman run -it --net testnet --ip 10.0.0.2 ...

  ns=$(basename $(podman inspect $id | jq -r '.[0] .NetworkSettings .SandboxKey'))
  ip netns exec $ns ip route add ...

[1]: https://github.com/containernetworking/cni

dathinab · on Feb 11, 2021

As far as I know it can do so but not when running rootless, I also don't thing it's currently possible to be done rootless.

You still can run podman as root without damon.

Or you can run a podman deamon (through systemd) which is even compatible with docker-compose but has most of the drawbacks of running docker.