Estimated reading time: 6 minutes
Last updated on November 8th, 2024 at 05:47 pm
Attackers keep finding new vulnerabilities to exploit the application therefore you must keep your Podman container image updated. Keeping your Podman container image updated is essential to make your application secure and updated with the latest features.
Let’s explore the Why and How of “Podman container image update” followed by the best practices to keep container image updated and safe.
Table of Contents
Why Update Podman Container Image?
Do you know that 60% of hacking attacks and data breaches happened due to an unpatched software vulnerability? A survey by the Ponemon Institute.
From this, you have a basic idea of how important is to keep your Podman container image updated:
Enhanced Security:
Just because you’re running a container, not a full-fledge Virtual Machine (VM), doesn’t mean you are safe from security vulnerabilities. Container images are the same as the software update, keep them updated for the critical security patches.
Therefore, keep your Podman container image updated as a first step to enhancing security.
New Features Upgrades:
Updating the Podman container update makes it secure and provides new feature upgrades, performance enhancement, and stability. Keep them updated and make your containerized application efficient and robust.
Future Proof Compitabity:
Update all your container images in the deployment stack to make it future-proof and compatible with the latest features and standards. The software has a compatibility chart when working together keep them updated and compatible.
FREE Podman Cheat Sheet (Everything You Need, In One Place)
This is the last Podman Cheat Sheet you’ll ever need. Why?
Because it’s not just a list of commands—it’s a shortcut to make your work easier, faster, and more effective.
Stop wasting time digging through documentation. With this cheat sheet, you’ll get exactly what you need, right when you need it.
Manual Podman Container Image Update
Let’s start with how to update the Podman container image before that make sure you have Podman installed on your local machine.
You can follow the official Podman documentation for installation on your machine. If you want to build the Podman from the source I wrote the blog about that too:
Once installed you can verify the same with:
podman --version
I’m sure you already have an idea about the Docker and container image that makes it easy to understand the update process.
1. Inspect an Image:
Before you the Pdoman container image update, it’s best practice to check the current version of the container image. Understanding the container image version and updates with different versions helps to identify the change made and in case of any issue, you can always roll back.
You can use the podman image ls
and podman image history
command to see the version and image information. Another important command for Podman container image update is using the inspect command:
podman image inspect nginx
2. Updating an Image:
Podman provides a convenient command similar to the Docker CLI. You can use the Podman command podman pull
to fetch the container image.
You can always specify the version tag or use the latest
tag for newer version:
podman pull [options] IMAGE [IMAGE...]
# Pull the latest version of nginx
podman pull nginx:latest
# Pull the specific verssion of alpine linux
podman pull alpine:3
Now you can check the image with podman image ls
command to check the image information.
podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/nginx latest avbde450357c 1 weeks ago 148 MB
docker.io/library/alpine 3 cf4744513cf3 3 weeks ago 90 MB
Another super helpful command with the Podman is podman image history
to check what changes between the two versions:
podman image history nginx
ID CREATED CREATED BY SIZE COMMENT
faddfbb0c31b 1 weeks ago /bin/sh -c #(nop) CMD [nginx, '-g' ] 0 B
<missing> 2 weeks ago /bin/sh -c #(nop) EXPOSE 80 0 B
<missing> 2 weeks ago /bin/sh -c #(nop) COPY file:a462fw613g993v... 3.58 kB
You can check what will be changed when you update the version.
2. Restart the Container Using Updated Image:
Once you pull the latest or specific version of the Podman container image you need to restart before updating the same.
podman stop nginx
nginx
Once the container is stopped you can remove and recreate the the same container:
# Stop the container
podman rm -f nginx
# Restart the container with the image
podman run -d nginx:latest
Once you run the container, you will see Podman will use the new version of the image. you can verify the same with
podman ps
You can attach you terminal to the running container for additional verification about nginx verification:
podman attach nginx
root@nginx:/# nginx -v
1.25
FREE Podman Cheat Sheet (Everything You Need, In One Place)
This is the last Podman Cheat Sheet you’ll ever need. Why?
Because it’s not just a list of commands—it’s a shortcut to make your work easier, faster, and more effective.
Stop wasting time digging through documentation. With this cheat sheet, you’ll get exactly what you need, right when you need it.
Automating Podman Container Image Updates
Keeping your containers up-to-date is essential for managing the containerized application but doing it manually is a difficult task, as a DevOps Engineer approach is not optimal and efficient.
Is there a way to manage the Podman container image update automatically?
Yes, there are 2 ways you can make this automated
1. Podman Label Container for Auto-Update:
Podman supports the auto-update for the container image using the container label. When you create the container you can add a label with Podman to enable updates: io.containers.autoupdate=registry
2. Systemd Integration:
systemd
are the service units for managing the container lifecycle. This is important for managing the Podman container update after the image is pulled this will update the container and restart the same.
Running Update:
Once you configure either way you can check the Podan for Container image updates with podman auto-update
to see the update:
# Dry run the Podman container image update
podman auto-update --dry-run
# Perform the Podman update
podman auto-update
Best Practices: Podman Container Image Update
Let’s check some of the best practices for the Podman container image update:
1. Monitoring Update:
Keep track of your software update version and End of line support ( EOSL ) for security vulnerabilities and errors.
2. Schedule Update:
You can create the Jenkins CICD or other pipeline for scheduling the automated Podman container image updates. Another tip is to keep your updated schedule during the off-peak hours to minimize the user impact.
3. Version Control:
Keep the record of the container image used in production before the update, this makes it easy to roll back in case of some critical issue and error.
That’s the beauty of a containerized application you can run the new version within minutes and in case of a failure roll back quickly.
Conclusion: Benefits of Podman Container Images Update
In this blog, we learned about the Podman container image update and ways to automate the container update process.
Updating the Podman container has benefits such as enhanced security, improved performance due to image updates, and automated workflow for the starting up to date.
Start updating your Podman container image update today and stay secure!
FREE Podman Cheat Sheet (Everything You Need, In One Place)
This is the last Podman Cheat Sheet you’ll ever need. Why?
Because it’s not just a list of commands—it’s a shortcut to make your work easier, faster, and more effective.
Stop wasting time digging through documentation. With this cheat sheet, you’ll get exactly what you need, right when you need it.