如何在mac上安装podman

安装 Podman 在 macOS 上

在 macOS 上安装 Podman 需要使用 Podman 的桌面客户端工具 Podman Desktop 或通过 Homebrew 安装命令行工具。

使用 Homebrew 安装 Podman：

(base) ninjamac@ninjamacdeMacBook-Air shell % brew install podman
==> Auto-updating Homebrew...
Adjust how often this is run with HOMEBREW_AUTO_UPDATE_SECS or disable with
HOMEBREW_NO_AUTO_UPDATE. Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).
==> Auto-updated Homebrew!
Updated 3 taps (kong/deck, homebrew/core and homebrew/cask).
==> New Formulae
clang-include-graph             claude-squad                    kargo
==> New Casks
firezone                passepartout            simpledemviewer         slideshower

You have 46 outdated formulae installed.

==> Downloading https://ghcr.io/v2/homebrew/core/podman/manifests/5.5.0
######################################################################################## 100.0%
==> Fetching podman
==> Downloading https://ghcr.io/v2/homebrew/core/podman/blobs/sha256:8326e41b43e41f71fa6cf9c321
######################################################################################## 100.0%
==> Pouring podman--5.5.0.arm64_sequoia.bottle.tar.gz
==> Caveats
In order to run containers locally, podman depends on a Linux kernel.
One can be started manually using `podman machine` from this package.
To start a podman VM automatically at login, also install the cask
"podman-desktop".

zsh completions have been installed to:
  /opt/homebrew/share/zsh/site-functions
==> Summary
🍺  /opt/homebrew/Cellar/podman/5.5.0: 202 files, 79.3MB
==> Running `brew cleanup podman`...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`)

安装完成后初始化 Podman 虚拟机（由于 macOS 不支持 Linux 容器原生运行，Podman 会创建一个轻量级虚拟机来运行容器）：

(base) ninjamac@ninjamacdeMacBook-Air shell % podman machine init
Looking up Podman Machine image at quay.io/podman/machine-os:5.5 to create VM
Getting image source signatures
Copying blob d8d46037edd8 done   | 
Copying config 44136fa355 done   | 
Writing manifest to image destination
d8d46037edd878510cbcaabb4878e59e5d9eaa98d0c73eef883cd98491b08e96
Extracting compressed file: podman-machine-default-arm64.raw: done  
Machine init complete

启动 Podman 虚拟机：

(base) ninjamac@ninjamacdeMacBook-Air shell % podman machine start
Starting machine "podman-machine-default"

This machine is currently configured in rootless mode. If your containers
require root permissions (e.g. ports < 1024), or if you run into compatibility
issues with non-podman clients, you can switch using the following command:

	podman machine set --rootful

API forwarding listening on: /var/folders/_0/8glqp3v96vx0_rzhlqb8g3xr0000gn/T/podman/podman-machine-default-api.sock

The system helper service is not installed; the default Docker API socket
address can't be used by podman. If you would like to install it, run the following commands:

        sudo /opt/homebrew/Cellar/podman/5.5.0/bin/podman-mac-helper install
        podman machine stop; podman machine start

You can still connect Docker API clients by setting DOCKER_HOST using the
following command in your terminal session:

        export DOCKER_HOST='unix:///var/folders/_0/8glqp3v96vx0_rzhlqb8g3xr0000gn/T/podman/podman-machine-default-api.sock'

Machine "podman-machine-default" started successfully

验证 Podman 是否正确安装：

(base) ninjamac@ninjamacdeMacBook-Air shell % podman version
Client:        Podman Engine
Version:       5.5.0
API Version:   5.5.0
Go Version:    go1.24.3
Built:         Wed May 14 02:59:13 2025
Build Origin:  brew
OS/Arch:       darwin/arm64

Server:       Podman Engine
Version:      5.5.0
API Version:  5.5.0
Go Version:   go1.23.8
Git Commit:   0dbcb51477ee7ab8d3b47d30facf71fc38bb0c98
Built:        Tue May 13 08:00:00 2025
OS/Arch:      linux/arm64


(base) ninjamac@ninjamacdeMacBook-Air shell % podman info   
Client:
  APIVersion: 5.5.0
  BuildOrigin: brew
  Built: 1747162753
  BuiltTime: Wed May 14 02:59:13 2025
  GitCommit: ""
  GoVersion: go1.24.3
  Os: darwin
  OsArch: darwin/arm64
  Version: 5.5.0
host:
  arch: arm64
  buildahVersion: 1.40.0
  cgroupControllers:
  - cpu
  - io
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.12-3.fc41.aarch64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.12, commit: '
  cpuUtilization:
    idlePercent: 99.56
    systemPercent: 0.27
    userPercent: 0.17
  cpus: 4
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    variant: coreos
    version: "41"
  eventLogger: journald
  freeLocks: 2045
  hostname: localhost.localdomain
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 1000000
    uidmap:
    - container_id: 0
      host_id: 501
      size: 1
    - container_id: 1
      host_id: 100000
      size: 1000000
  kernel: 6.12.13-200.fc41.aarch64
  linkmode: dynamic
  logDriver: journald
  memFree: 1293139968
  memTotal: 2042273792
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.14.0-1.fc41.aarch64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.14.0
    package: netavark-1.14.0-1.fc41.aarch64
    path: /usr/libexec/podman/netavark
    version: netavark 1.14.0
  ociRuntime:
    name: crun
    package: crun-1.20-2.fc41.aarch64
    path: /usr/bin/crun
    version: |-
      crun version 1.20
      commit: 9c9a76ac11994701dd666c4f0b869ceffb599a66
      rundir: /run/user/501/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20250121.g4f2c8e7-2.fc41.aarch64
    version: |
      pasta 0^20250121.g4f2c8e7-2.fc41.aarch64-pasta
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: true
    path: unix:///run/user/501/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.3.1-1.fc41.aarch64
    version: |-
      slirp4netns version 1.3.1
      commit: e5e368c4f5db6ae75c2fce786e31eef9da6bf236
      libslirp: 4.8.0
      SLIRP_CONFIG_VERSION_MAX: 5
      libseccomp: 2.5.5
  swapFree: 0
  swapTotal: 0
  uptime: 0h 38m 35.00s
  variant: v8
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /var/home/core/.config/containers/storage.conf
  containerStore:
    number: 3
    paused: 0
    running: 1
    stopped: 2
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/home/core/.local/share/containers/storage
  graphRootAllocated: 106415992832
  graphRootUsed: 4448870400
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 1
  runRoot: /run/user/501/containers
  transientStore: false
  volumePath: /var/home/core/.local/share/containers/storage/volumes
version:
  APIVersion: 5.5.0
  BuildOrigin: 'Copr: packit/containers-podman-26126'
  Built: 1747094400
  BuiltTime: Tue May 13 08:00:00 2025
  GitCommit: 0dbcb51477ee7ab8d3b47d30facf71fc38bb0c98
  GoVersion: go1.23.8
  Os: linux
  OsArch: linux/arm64
  Version: 5.5.0

配置 Podman 环境

Podman 在 macOS 上运行需要依赖虚拟机，默认使用 QEMU 运行轻量级 Linux 环境。可以通过以下命令调整虚拟机配置：

调整虚拟机 CPU 和内存（可选）：

podman machine stop
podman machine set --cpus 4 --memory 8192
podman machine start

运行容器

运行一个简单的测试容器（例如 Nginx）：

podman run -d -p 8080:80 --name nginx docker.io/library/nginx

验证容器是否运行：

(base) ninjamac@ninjamacdeMacBook-Air shell % podman ps               
CONTAINER ID  IMAGE                           COMMAND               CREATED         STATUS         PORTS                 NAMES
88288e7b6232  docker.io/library/nginx:latest  nginx -g daemon o...  58 seconds ago  Up 58 seconds  0.0.0.0:8080->80/tcp  nginx

访问运行中的容器服务（在浏览器中打开 http://localhost:8080）。

管理容器和镜像

列出本地所有镜像：

podman images

从 Docker Hub 拉取镜像：

podman pull ubuntu:latest

进入运行中的容器：

(base) ninjamac@ninjamacdeMacBook-Air shell % podman exec -it nginx /bin/bash
root@88288e7b6232:/# 

停止和删除容器：

podman stop nginx
podman rm nginx

构建自定义镜像

创建一个简单的 Dockerfile：

FROM alpine:latest
RUN apk add --no-cache python3
CMD ["python3", "--version"]

使用 Podman 构建镜像：

(base) ninjamac@ninjamacdeMacBook-Air podman % podman build -t my-python-images .
STEP 1/3: FROM alpine:latest
Resolved "alpine" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob sha256:d69d4d41cfe2ee680d6972795e2a1eb9e4dc4ec3b3c5e0797c9ab43bb3726fa7
Copying config sha256:2abc5e83407155714f171c293f197e1310176959e106f8ad63ffa2e7e9635d4a
Writing manifest to image destination
STEP 2/3: RUN apk add --no-cache python3
fetch https://dl-cdn.alpinelinux.org/alpine/v3.22/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.22/community/aarch64/APKINDEX.tar.gz
(1/17) Installing libbz2 (1.0.8-r6)
(2/17) Installing libexpat (2.7.1-r0)
(3/17) Installing libffi (3.4.8-r0)
(4/17) Installing gdbm (1.24-r0)
(5/17) Installing xz-libs (5.8.1-r0)
(6/17) Installing libgcc (14.2.0-r6)
(7/17) Installing libstdc++ (14.2.0-r6)
(8/17) Installing mpdecimal (4.0.1-r0)
(9/17) Installing ncurses-terminfo-base (6.5_p20250503-r0)
(10/17) Installing libncursesw (6.5_p20250503-r0)
(11/17) Installing libpanelw (6.5_p20250503-r0)
(12/17) Installing readline (8.2.13-r1)
(13/17) Installing sqlite-libs (3.49.2-r0)
(14/17) Installing python3 (3.12.11-r0)
(15/17) Installing python3-pycache-pyc0 (3.12.11-r0)
(16/17) Installing pyc (3.12.11-r0)
(17/17) Installing python3-pyc (3.12.11-r0)
Executing busybox-1.37.0-r18.trigger
OK: 49 MiB in 33 packages
--> 48a838f69aa8
STEP 3/3: CMD ["python3", "--version"]
COMMIT my-python-images
--> daf80a07597c
Successfully tagged localhost/my-python-images:latest
daf80a07597cfe6a88325506732ce1fd95a10a3fe9c44b38f0ea7a512bc1d5c9
(base) ninjamac@ninjamacdeMacBook-Air podman % podman images
REPOSITORY                  TAG         IMAGE ID      CREATED        SIZE
localhost/my-python-images  latest      daf80a07597c  8 seconds ago  53.8 MB
docker.io/library/alpine    latest      2abc5e834071  4 days ago     8.81 MB
docker.io/library/nginx     latest      997e7f255061  6 weeks ago    202 MB

运行自定义镜像：

podman run --rm my-python-image

持久化存储和数据卷

创建一个数据卷并挂载到容器：

podman volume create my_volume
podman run -d -v my_volume:/data --name volume_test alpine tail -f /dev/null

进入容器验证数据卷：

podman exec -it volume_test /bin/sh

网络配置

创建一个自定义网络：

(base) ninjamac@192 xx % podman network create my_network
my_network

运行容器并使用自定义网络：

podman run -d --network my_network --name web nginx
podman run -it --network my_network --name client alpine ping web

调试和日志检查

查看容器日志：

podman logs nginx

检查容器详细配置：

podman inspect nginx

监控容器资源使用：

(base) ninjamac@192 xx % podman stats

ID            NAME         CPU %       MEM USAGE / LIMIT  MEM %       NET IO             BLOCK IO    PIDS        CPU TIME    AVG CPU %
b059483e17f4  volume_test  0.01%       53.25kB / 2.042GB  0.00%       3.006kB / 1.398kB  0B / 0B     1           1.564638s   0.01%