How to Enable Remote API in Podman

What is a Remote API

The Remote API helps us to be able to control and manage Podman from other machines. If we know the APIs, you can write a Client Tools to manage Podman directly. or you connect it with Management Tools like Portainer. This is possible because Podman implement Docker-compatible API.

There are two type of Podman Remote API.

  • Socket
  • REST API (TCP)

Step

1. Check API version

podman info --debug

Your Podman will show in APIVersion: Section - you can use command with grep like below:
Note: The APIVersion use for test Socket / Rest API

podman info --debug | grep APIVersion:

#Result
  APIVersion: 4.6.1

2. Enable Socket

- Step for Rootful
#rootful 
sudo systemctl enable --now podman.socket

# enable start of system services, even if not logged in
sudo loginctl enable-linger $USER
export XDG_RUNTIME_DIR=/run/user/$UID/
- Step for Rootless
#rootless
systemctl --user enable --now podman.socket

# enable start of system services, even if not logged in
sudo loginctl enable-linger $USER
export XDG_RUNTIME_DIR=/run/user/$UID/

3. Testing Socket

  • Pattern:
curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/[API VERSION]/libpod/info
  • Sample:
curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/v4.6.1/libpod/info

4. Enable Podman TCP for REST API

You can start API Server for remote access by using podman-system-service command

  • Pattern:
    --time=0 - zero 0 means no timeout
    tcp URL - specific endpoint and port
    Note: Don't forget to allow your IP Address in firewall
podman system service --time=0 tcp://[IP or DNS]:[PORT]
  • Sample: 
podman system service --time=0 tcp://128.1.0.181:18888

podman system service --time 60 tcp:[::]:12375

5 Testing Podman REST API

curl http://128.1.0.181:18888/v4.6.1/libpod/info

or call via web browser

or you can also use podman remote to access

  • Pattern:
podman --remote --url tcp://[IP or DNS]:[PORT] [podmand commands]
  • Test: Podman images (from 128.1.0.181:18888)
[invsbch@dev-test ~]$ podman --remote --url tcp://128.1.0.181:18888 images
REPOSITORY                     TAG       IMAGE ID      CREATED      SIZE
localhost/invs-app-service   8.8.16.5  833fcb933090  5 days ago   2.81 GB
localhost/invs-biz-service   8.8.16.3  6298d9ee5d9e  2 weeks ago  1.3 GB
  • Test: Podman ps -a (from 128.1.0.181:18888)
[invsbch@dev-test ~]$ podman --remote --url tcp://128.1.0.181:18888 ps -a
CONTAINER ID  IMAGE                                   COMMAND               CREATED     STATUS         PORTS                     NAMES
2479f22abc92  localhost/invs-biz-service:8.8.16.3                           5 days ago  Up 5 days ago  0.0.0.0:10456->10456/tcp  invs-biz-service
533d8be2f168  localhost/invs-app-service:8.8.16.5     /bin/sh -c java -...  5 days ago  Up 5 days ago  0.0.0.0:10650->8080/tcp   invs-app-service
9011b98a3c9f  localhost/invs-app-service:8.8.16.5     /bin/sh -c java -...  5 days ago  Up 5 days ago                            invs-app-service-parallel

And finally, don't forget that in this blog, I haven't written about Security yet. Therefore, anyone can access it directly. Before using it, you should take care of the Security properly, such as using HAProxy for authentication and forwarding requests to Podman or you can wait for the my next blog post.

Reference

Discover more from naiwaen@DebuggingSoft

Subscribe to get the latest posts sent to your email.

Tags

Related Posts