How to Enable Remote API in Podman

What is a Remote API

The Remote API helps us to be able to control and manage Podman from other machines. You can write Client Tools to manage Podman directly if we know the APIs. or you can connect it with Management Tools like Portainer. This is possible because Podman implements Docker-compatible API.

There are two type of Podman Remote API.

• Socket
• REST API (TCP)

Step

1. Check API version

podman info --debug

Your Podman will show in APIVersion: Section - you can use command with grep like below:
Note: The APIVersion use for test Socket / Rest API

podman info --debug | grep APIVersion:

#Result
  APIVersion: 4.6.1

2. Enable Socket

- Step for Rootful

#rootful 
sudo systemctl enable --now podman.socket

# enable start of system services, even if not logged in
sudo loginctl enable-linger $USER
export XDG_RUNTIME_DIR=/run/user/$UID/

- Step for Rootless

#rootless
systemctl --user enable --now podman.socket

# enable start of system services, even if not logged in
sudo loginctl enable-linger $USER
export XDG_RUNTIME_DIR=/run/user/$UID/

3. Testing Socket

• Pattern:

curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/[API VERSION]/libpod/info

• Sample:

curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/v4.6.1/libpod/info

4. Enable Podman TCP for REST API

You can start API Server for remote access by using podman-system-service command

• Pattern:
  --time=0 - zero 0 means no timeout
  tcp URL - specific endpoint and port
  Note: Don't forget to allow your IP Address in firewall

podman system service --time=0 tcp://[IP or DNS]:[PORT]

• Sample:

podman system service --time=0 tcp://128.1.0.181:18888

podman system service --time 60 tcp:[::]:12375

5 Testing Podman REST API

curl http://128.1.0.181:18888/v4.6.1/libpod/info

or call via web browser

or you can also use podman remote to access

• Pattern:

podman --remote --url tcp://[IP or DNS]:[PORT] [podmand commands]

• Test: Podman images (from 128.1.0.181:18888)

[invsbch@dev-test ~]$ podman --remote --url tcp://128.1.0.181:18888 images
REPOSITORY                     TAG       IMAGE ID      CREATED      SIZE
localhost/invs-app-service   8.8.16.5  833fcb933090  5 days ago   2.81 GB
localhost/invs-biz-service   8.8.16.3  6298d9ee5d9e  2 weeks ago  1.3 GB

• Test: Podman ps -a (from 128.1.0.181:18888)

[invsbch@dev-test ~]$ podman --remote --url tcp://128.1.0.181:18888 ps -a
CONTAINER ID  IMAGE                                   COMMAND               CREATED     STATUS         PORTS                     NAMES
2479f22abc92  localhost/invs-biz-service:8.8.16.3                           5 days ago  Up 5 days ago  0.0.0.0:10456->10456/tcp  invs-biz-service
533d8be2f168  localhost/invs-app-service:8.8.16.5     /bin/sh -c java -...  5 days ago  Up 5 days ago  0.0.0.0:10650->8080/tcp   invs-app-service
9011b98a3c9f  localhost/invs-app-service:8.8.16.5     /bin/sh -c java -...  5 days ago  Up 5 days ago                            invs-app-service-parallel

And finally, don't forget that I haven't written about Security in this blog yet. Therefore, anyone can access it directly. Before using it, you should take care of the Security properly, such as using HAProxy for authentication and forwarding requests to Podman or you can wait for my next blog post.

Reference

• proofnet - Podman API service listening on TCP can be used on websites
• How to setup podman API to be accessible from remote systems - Red Hat Customer Portal
• Portainer for Podman? : r/podman (reddit.com)
• Does podman have any software similar to portainer? : r/podman (reddit.com)
• How to enable Podman REST API Service? (shobhitsharma.net)