Why?
Not all workloads require kubernetes clusters and whatnot, but using pods to manage group of containers nevertheless comes quite nice. Especially when integrated with cockpit.
How?
There are two files that go into /etc/containers/systemd, one is configuration for podman (.yaml) and the other is for systemd (.kube).
vaultwarden.kube
[Unit]
Description=The sleep container
After=network.target
[Kube]
Yaml=vaultwarden.yaml
Network=systemd-traefik
[Install]
WantedBy=multi-user.target default.target
vaultwarden.yaml
Note: sample configuration is written to be reverse-proxied by traefik.
apiVersion: v1
kind: Pod
metadata:
annotations:
bind-mount-options: /var/run/podman/podman.sock:z
creationTimestamp: "2024-02-18T16:02:00Z"
labels:
app: vaultwarden
traefik.enable: true
traefik.http.routers.vaultwarden.entrypoints: websecure
traefik.http.routers.vaultwarden.rule: "Host(`vaultwarden.flippityflopp.com`)"
traefik.http.routers.vaultwarden.service: vaultwarden
traefik.http.routers.vaultwarden.tls: true
traefik.http.routers.vaultwarden.tls.certresolver: lets-encr-porkbun
traefik.http.services.vaultwarden.loadbalancer.server.port: 80
name: vaultwarden-pod
spec:
containers:
- args:
image: docker.io/vaultwarden/server:latest
name: vaultwarden
volumeMounts:
- mountPath: /data:z
name: data-vaultwarden
readOnly: false
restartPolicy: Always
volumes:
- hostPath:
path: /data/vaultwarden
type: Directory
name: data-vaultwarden
systemd unit start
Then those files need to be converted into (transient?) systemd-unit files.
We can set it up with:
systemd daemon-reload
systemctl enable --now podman
Bonus
There can also be a .network type file, which is different config compared to systemd-networkd configuration. If we need a separate network, like i wanted it with ipv6.
Note: even if the network unit is simply called traefik, start has to be done based on convention traefik-network as seen below.
traefik.network
[Network]
IPv6=true
systemd-unit start/enable
systemd daemon-reload
systemctl enable traefik-network
systemctl enable --now podman