I wrote a blog on an exciting new feature of RamaLama to allow users to take their documents (pdf, docx, md, ...) and translate them into a RAG database in a container image and then use it with an AI Model. With only two simple commands.
One of my primary goals of RamaLama was to allow users to move AI Models into containers, so they can be stored in OCI Registries. I believe there is going to be a proliferation of "private" models, and eventually "private" RAG data. (Working heavily in RAG support in RamaLama now.
Once you have private models and RAG, I believe you will want to run these models and data on edge devices in in Kubernetes clusters. Getting the AI Models and data into OCI content. Would allow us to take advantage of content signing, trust, mirroring. And make running the AI in production easier.
Also allowing users to block access to outside "untrusted" AI Models stored in the internet. Allow companies to only use "trusted" AI.
Since Companies already have OCI registries, it makes sense to store your AI Models and content in the same location.
I see some misunderstanding of the goal of Podmansh. The basic idea is certain users have secure systems where they want to allow limited access to the host system.
For example you might have some secret data on a system, where a user can only see certain data depending on who they are, you also want to prevent said user from seeing other users or processes are running on the system. Podmansh makes setting up these types of shared systems easier.
People are correct in thinking podmansh is just a single command that `podman exec -ti podmansh` container, and they would be correct. But the interesting thing is through the user of quadlet and systemd, administrators can easily configure the podmansh container for all users or for specific users. The ease of customization and systemd managing the life cycle of the container based on users sessions is a really nice feature.
Many users will never use this, but certain users like Governement, Banking or other entities who are very concerned about security, this is a really nice feature.
Do you run with Docker daemon running in rootless mode? Does rancher default to rootless mode? I hear Docker can run in rootless mode but does anyone really run it that way. If I want to start a single container in my homedir, I need to start up multiple docker daemons (dockerd, containerd) to run and then they run forever even if I run in daemon mode. Or I can shut them down until I need to interact with the container again.
Have you tried running with Pods?
Have you tried Quadlet?
Have you tried to generate kube yaml from running pods and containers on your system?
Have you used podman to generate pods and containers from existing kubernetes yaml files?
Have you launched containers each in their own User Namespace with --userns=auto?
Podman is a community project. Anyone can setup repos to update any distribution. Many distributions are managing versions of Podman. OpenSuse, Fedora, Centos, RHEL, Debian, Arch all supply updates. There is also the Kubic project in which community members are providing versions for Ubuntu.
Red Hat developers primary work in the upstream. There are also Red Hat engineers that work on packaging for Fedora, RHEL and Centos Stream, as well as Clients for Windows and Mac. We work with Fedora to provide CoreOS images for Windows and Mac.
Red Hat engineers work with the community for support of the other distributions, but they don't guarantee or support for all other distributions or versions of distributions.
It works in the home directory. Just place the quadlet file in $HOME/.config/containers/systemd
$ systemctl --user daemon-reload
$ systemctl --user start QUADLETNAME.service
If you want this to work at boot, you need to do
loginctl enable-linger $USERNAME
Sure but to me, and I am obviously biased, if I want to run a container on my system I don't want to fire up multiple daemons in my homedir and then have them sitting out there using resources, when all I want to do is run a containerized application.
One beautiful thing about Podman is it can fire up, pull the image from the container registry, start the container and then go away. Leaving you with only the containerized application running in rootless mode.
To do this with Docker, you fire up the entire Docker infrastructure, then launch the docker client, once the application is up and running, you still need to shut down the docker infrastructure.
Even if you run with podman socket activated server, the podman service will not be running until someone connects to the service, once the connection to the service goes away, the podman service shuts down no longer using system resources.
This is also related to the Client Server model supported by Docker versus the Fork/Exec Model supported by Podman.
Podman works closely with the HPC (High Performance Computing) world. Checkout the article about how the fastest computers in the world in the most secure facilities in the world are using Podman.
BTW Podman now supports pasta as well as slirp4netns. I am told pasta gives you better network performance in rootless mode, although I have never tried it.
Agree, I believe that the world should move to using Kubernetes YAML for running multiple container workloads. Whether you are running on a single node or in a kubernetes cluster. Docker-Compose while supported by Podman, does not allow you to easily migrate your applications to Kubernetes.
Check it out.