安装
apt update
# 安装 Podman
apt install -y curl gpg gnupg2
# 查看 Debian版本
lsb_release -a
# Debian 13
# 添加 Kubic 项目的 Debian_Testing 软件源
echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_Testing/ /' | sudo tee /etc/apt/sources.list.d/kubic.list
# 下载并添加对应的 GPG 密钥
curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_Testing/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/kubic.gpg > /dev/null
# 更新软件包列表并安装 Podman
apt update
apt install -y podman
# 验证安装
podman version
# 安装 podman-compose
apt install -y pipx
pipx ensurepath
pipx install podman-compose
podman-compose version
# iptables必须安装,否则netavark无法运行
apt install -y iptables
# 防火墙一定要加这条,否则容器之间的名称解析无法工作
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
# 测试podman是否安装成功
podman run --rm hello-world
配置
# 配置国内镜像源
sed -E -i.bak \
-e 's/^# (unqualified-search-registries = ).+$/\1["docker.io"]/' \
-e 's/^# (\[\[registry\]\])$/\1/' \
-e 's/^# (prefix = ).+"$/\1"docker.io"/' \
-e '0,\/^# (location = ).+"$/s//\1"docker.1ms.run"/' \
-e '0,\/^# (\[\[registry.mirror\]\])$/s//\1/' \
-e '0,\/^# (location = ).*"$/s//\1"registry.cn-hangzhou.aliyuncs.com"/' \
/etc/containers/registries.conf
# nano /etc/containers/registries.conf
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "docker.1ms.run"
[[registry.mirror]]
location = "registry.cn-hangzhou.aliyuncs.com" # 可选备用
其实命令与Docker一致,非常方便好用。
在CT虚拟机下安装
修改特权容器
nano /etc/pve/lxc/<CTID>.conf
- 删除或注释掉 unprivileged: 1 这一行。
- 确保没有 lxc.idmap 相关的UID/GID映射配置(如有则删除)。
CT虚拟机必须是特权容器,但创建CT虚拟机时,默认为非特权容器,要特别注意!!!