Podman Container Image Update: Secure them in Seconds!

Estimated reading time: 6 minutes

Last updated on November 8th, 2024 at 05:47 pm

Attackers keep finding new vulnerabilities to exploit the application therefore you must keep your Podman container image updated. Keeping your Podman container image updated is essential to make your application secure and updated with the latest features.

Let’s explore the Why and How of “Podman container image update” followed by the best practices to keep container image updated and safe.

Why Update Podman Container Image?

Do you know that 60% of hacking attacks and data breaches happened due to an unpatched software vulnerability? A survey by the Ponemon Institute.

Why Update Podman Container Image
Why Update Podman Container Image

From this, you have a basic idea of how important is to keep your Podman container image updated:

Enhanced Security:

Just because you’re running a container, not a full-fledge Virtual Machine (VM), doesn’t mean you are safe from security vulnerabilities. Container images are the same as the software update, keep them updated for the critical security patches.

Therefore, keep your Podman container image updated as a first step to enhancing security.

New Features Upgrades:

Updating the Podman container update makes it secure and provides new feature upgrades, performance enhancement, and stability. Keep them updated and make your containerized application efficient and robust.

Future Proof Compitabity:

Update all your container images in the deployment stack to make it future-proof and compatible with the latest features and standards. The software has a compatibility chart when working together keep them updated and compatible.

Podman Cheat Sheet

FREE Podman Cheat Sheet (Everything You Need, In One Place)

This is the last Podman Cheat Sheet you’ll ever need. Why?
Because it’s not just a list of commands—it’s a shortcut to make your work easier, faster, and more effective.

Stop wasting time digging through documentation. With this cheat sheet, you’ll get exactly what you need, right when you need it.

Manual Podman Container Image Update

Let’s start with how to update the Podman container image before that make sure you have Podman installed on your local machine.

You can follow the official Podman documentation for installation on your machine. If you want to build the Podman from the source I wrote the blog about that too:

Build Podman from Source: 5 Easy Steps

Once installed you can verify the same with:

Bash
podman --version

I’m sure you already have an idea about the Docker and container image that makes it easy to understand the update process.

Podman Pull Docker Image: Easier Than You Think!

1. Inspect an Image:

Before you the Pdoman container image update, it’s best practice to check the current version of the container image. Understanding the container image version and updates with different versions helps to identify the change made and in case of any issue, you can always roll back.

You can use the podman image ls and podman image history command to see the version and image information. Another important command for Podman container image update is using the inspect command:

Bash
podman image inspect nginx

2. Updating an Image:

Podman provides a convenient command similar to the Docker CLI. You can use the Podman command podman pull to fetch the container image.

You can always specify the version tag or use the latest tag for newer version:

Bash
podman pull [options] IMAGE [IMAGE...]
Bash
# Pull the latest version of nginx
podman pull nginx:latest

# Pull the specific verssion of alpine linux
podman pull alpine:3

Now you can check the image with podman image ls command to check the image information.

Bash
podman image ls

REPOSITORY                   TAG         IMAGE ID      CREATED        SIZE
docker.io/library/nginx      latest      avbde450357c  1 weeks ago    148 MB
docker.io/library/alpine     3           cf4744513cf3  3 weeks ago    90  MB

Another super helpful command with the Podman is podman image history to check what changes between the two versions:

Bash
podman image history nginx

ID            CREATED      CREATED BY                                     SIZE              COMMENT
faddfbb0c31b  1 weeks ago  /bin/sh -c #(nop)  CMD [nginx, '-g'       ]    0 B
<missing>     2 weeks ago  /bin/sh -c #(nop)  EXPOSE 80                   0 B    
<missing>     2 weeks ago  /bin/sh -c #(nop) COPY file:a462fw613g993v...  3.58 kB

You can check what will be changed when you update the version.

2. Restart the Container Using Updated Image:

Once you pull the latest or specific version of the Podman container image you need to restart before updating the same.

Bash
podman stop nginx
nginx

Once the container is stopped you can remove and recreate the the same container:

Bash
# Stop the container
podman rm -f nginx

# Restart the container with the image
podman run -d nginx:latest

Once you run the container, you will see Podman will use the new version of the image. you can verify the same with

Bash
podman ps

You can attach you terminal to the running container for additional verification about nginx verification:

Bash
podman attach nginx

root@nginx:/# nginx -v
1.25
Podman Cheat Sheet

FREE Podman Cheat Sheet (Everything You Need, In One Place)

This is the last Podman Cheat Sheet you’ll ever need. Why?
Because it’s not just a list of commands—it’s a shortcut to make your work easier, faster, and more effective.

Stop wasting time digging through documentation. With this cheat sheet, you’ll get exactly what you need, right when you need it.

Automating Podman Container Image Updates

Keeping your containers up-to-date is essential for managing the containerized application but doing it manually is a difficult task, as a DevOps Engineer approach is not optimal and efficient.

Is there a way to manage the Podman container image update automatically?

Yes, there are 2 ways you can make this automated

1. Podman Label Container for Auto-Update:

Podman supports the auto-update for the container image using the container label. When you create the container you can add a label with Podman to enable updates: io.containers.autoupdate=registry

2. Systemd Integration:

systemd are the service units for managing the container lifecycle. This is important for managing the Podman container update after the image is pulled this will update the container and restart the same.

Running Update:

Once you configure either way you can check the Podan for Container image updates with podman auto-update to see the update:

Bash
# Dry run the Podman container image update
podman auto-update --dry-run

# Perform the Podman update
podman auto-update

Best Practices: Podman Container Image Update

Let’s check some of the best practices for the Podman container image update:

1. Monitoring Update:

Keep track of your software update version and End of line support ( EOSL ) for security vulnerabilities and errors.

2. Schedule Update:

You can create the Jenkins CICD or other pipeline for scheduling the automated Podman container image updates. Another tip is to keep your updated schedule during the off-peak hours to minimize the user impact.

3. Version Control:

Keep the record of the container image used in production before the update, this makes it easy to roll back in case of some critical issue and error.

That’s the beauty of a containerized application you can run the new version within minutes and in case of a failure roll back quickly.

Conclusion: Benefits of Podman Container Images Update

In this blog, we learned about the Podman container image update and ways to automate the container update process.

Updating the Podman container has benefits such as enhanced security, improved performance due to image updates, and automated workflow for the starting up to date.

Start updating your Podman container image update today and stay secure!

Podman Cheat Sheet

FREE Podman Cheat Sheet (Everything You Need, In One Place)

This is the last Podman Cheat Sheet you’ll ever need. Why?
Because it’s not just a list of commands—it’s a shortcut to make your work easier, faster, and more effective.

Stop wasting time digging through documentation. With this cheat sheet, you’ll get exactly what you need, right when you need it.

Kashyap Merai

Kashyap Merai

Kashyap Merai, a Certified Solution Architect and Public Cloud Specialist with over 7 years in IT. He helped startups in Real Estate, Media Streaming, and On-Demand industries launch successful public cloud projects.

Passionate about Space, Science, and Computers, He also mentors aspiring cloud engineers, shaping the industry's future.

Connect with him on LinkedIn to stay updated on cloud innovations.