Last active
February 18, 2022 13:33
-
-
Save werediver/782c4b07baa69ecebb3b2569e5395f38 to your computer and use it in GitHub Desktop.
Lima/Podman configuration allowing connections to ports 80, 443 through non-loopback interfaces
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Based on https://github.com/lima-vm/lima/blob/943c90b13e38be32777b8f25be17c2491bb1421f/examples/podman.yaml | |
| # | |
| # Allows connections to ports 80, 443 through non-loopback interfaces. | |
| # Example to use Podman instead of containerd & nerdctl | |
| # $ limactl start ./podman.yaml | |
| # $ limactl shell podman podman run -it -v $HOME:$HOME --rm docker.io/library/alpine | |
| # To run `podman` on the host (assumes podman-remote is installed): | |
| # $ export CONTAINER_HOST=$(limactl list podman --format 'unix://{{.Dir}}/sock/podman.sock') | |
| # $ podman --remote ... | |
| # To run `docker` on the host (assumes docker-cli is installed): | |
| # $ export DOCKER_HOST=$(limactl list podman --format 'unix://{{.Dir}}/sock/podman.sock') | |
| # $ docker ... | |
| # This example requires Lima v0.8.0 or later | |
| images: | |
| # Hint: run `limactl prune` to invalidate the "current" cache | |
| - location: "https://cloud-images.ubuntu.com/impish/current/impish-server-cloudimg-amd64.img" | |
| arch: "x86_64" | |
| - location: "https://cloud-images.ubuntu.com/impish/current/impish-server-cloudimg-arm64.img" | |
| arch: "aarch64" | |
| mounts: | |
| - location: "~" | |
| - location: "/tmp/lima" | |
| writable: true | |
| containerd: | |
| system: false | |
| user: false | |
| provision: | |
| - mode: system | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| command -v podman >/dev/null 2>&1 && exit 0 | |
| export DEBIAN_FRONTEND=noninteractive | |
| apt-get update | |
| apt-get install -y podman crun | |
| - mode: user | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| systemctl --user enable --now podman.socket | |
| probes: | |
| - script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| if ! timeout 30s bash -c "until command -v podman >/dev/null 2>&1; do sleep 3; done"; then | |
| echo >&2 "podman is not installed yet" | |
| exit 1 | |
| fi | |
| hint: See "/var/log/cloud-init-output.log". in the guest | |
| portForwards: | |
| - guestSocket: "/run/user/{{.UID}}/podman/podman.sock" | |
| hostSocket: "{{.Dir}}/sock/podman.sock" | |
| - guestPort: 80 | |
| hostIP: 0.0.0.0 # Allow non-loopback connections | |
| - guestPort: 443 | |
| hostIP: 0.0.0.0 # Allow non-loopback connections | |
| # - guestPortRange: [1, 65535] | |
| # hostIP: 0.0.0.0 # Allow non-loopback connections | |
| message: | | |
| To run `podman` on the host (assumes podman-remote is installed), run the following commands: | |
| ------ | |
| podman system connection add lima "unix://{{.Dir}}/sock/podman.sock" | |
| podman system connection default lima | |
| podman{{if eq .HostOS "linux"}} --remote{{end}} run quay.io/podman/hello | |
| ------ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment