#默认在debian11 上安装 podman version 3.0.1 没有启用cni-dhcp 以下方法可启用 /usr/lib/cni
systemctl enable cni-dhcp.socket && systemctl start cni-dhcp.socket
debian11 安装最新版的 编译安装 podman
#安装依赖
apt install \
btrfs-progs \
curl \
crun \
git \
go-md2man \
iptables \
libassuan-dev \
libbtrfs-dev \
libc6-dev \
libdevmapper-dev \
libglib2.0-dev \
libgpgme-dev \
libgpg-error-dev \
libprotobuf-dev \
libprotobuf-c-dev \
libseccomp-dev \
libselinux1-dev \
libsystemd-dev \
pkg-config \
make \
gcc \
uidmap
#安装 golang 1.20.2 (编辑时的最新版本)
cd /tmp && \
case $(uname -m) in aarch64) arch=arm64 ;;x86_64) arch=amd64 ;;*) arch=other ;;esac && \
go_latest_version=$(wget -qO- https://golang.org/VERSION?m=text | sed ‘s/go//’) && \
wget -O go$go_latest_version.linux-$arch.tar.gz https://go.dev/dl/go$go_latest_version.linux-$arch.tar.gz && \
rm -rf /usr/local/go && \
tar -C /usr/local -xzf go$go_latest_version.linux-$arch.tar.gz&& \
echo ‘export PATH=$PATH:/usr/local/go/bin;’ > /etc/profile.d/golang.sh && \
. /etc/profile.d/golang.sh && \
rm go$go_latest_version.linux-$arch.tar.gz && \
go version
#安装conmon
git clone https://github.com/containers/conmon
cd conmon
export GOCACHE=”$(mktemp -d)”
make
make podman
#安装 CNI Plugins
case $(uname -m) in aarch64) arch=arm64 ;;x86_64) arch=amd64 ;;*) arch=other ;;esac && \
cd /tmp && \
wget -O cni-plugins.tar.gz \
$(curl -s https://api.github.com/repos/containernetworking/plugins/releases/latest | sed -nE ‘s/.*”browser_download_url”:\s*”([^”]+cni-plugins-linux-‘”$arch”‘-v[^”]+\.tgz)”.*/\1/p’) && \
mkdir /usr/local/libexec/cni -p && \
tar zxvf cni-plugins.tar.gz -C /usr/local/libexec/cni && \
rm cni-plugins.tar.gz
#编译 Podman
git clone https://github.com/containers/podman.git && \
cd podman && \
git checkout $(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep ‘”tag_name”:’ | sed -E ‘s/.*”([^”]+)”.*/\1/’)
#以下为推荐的构建参数,更多选项参见编译文档:
make BUILDTAGS=”selinux seccomp”
#如果没有错误,执行以下命令安装:
make install PREFIX=/usr
#添配镜像
mkdir -p /etc/containers
touch /etc/containers/registries.conf
cat >>/etc/containers/registries.conf<<EOF
unqualified-search-registries=[“docker.io”]
[[registry]]
prefix = “docker.io”
location = “docker.io”
EOF
#签名验证策略文件用于指定策略,例如, 可信密钥,在决定是否接受图像或该图像的单个签名时适用,有效。
wget -O /etc/containers/policy.json https://src.fedoraproject.org/rpms/containers-common/raw/main/f/default-policy.json
增加podman内置 dns功能
apt install dnsmasq && \
git clone https://github.com/containers/dnsname && \
cd dnsname && \
make&&\
make install PREFIX=/usr
#开启Bash 自动补全
podman completion -f /etc/bash_completion.d/podman bash
#删除无用的包(可选),如果磁盘空间紧张或者短时间内不会再次编译,可以酌情删除以下依赖:
apt autoremove libbtrfs-dev \
libc6-dev \
libdevmapper-dev \
libglib2.0-dev \
libprotobuf-dev \
libprotobuf-c-dev \
libseccomp-dev \
libselinux1-dev