Using podman container with port-mapping networking

[gilgameshfreedom]

Hi all.

I have a following case - I'd like to use in my CI pipelines testcontainers. To be able to use it a container engine (Docker, Podman, etc) must be running somewhere (locally or over a network) and testcontainers uses the DOCKER_HOST env to communicate to the container engine. Because I use Kubernetes for executing CI build I'd like to run two containers in the same pod: the first one is podman (like quay.io/containers/podman:v5.3.1) which exposes its API by running podman system service --time=0 tcp://0.0.0.0:2375 and the second one is a container which uses testcontainers and DOCKER_HOST references to tcp://127.0.0.1:2375

The problem is that this approach works perfectly with Docker running as a container engine, but doesn't work with Podman. As a test I've used an example with Postgresql.

>>> from testcontainers.postgres import PostgresContainer
>>> import sqlalchemy

>>> with PostgresContainer("postgres:16") as postgres:
...     engine = sqlalchemy.create_engine(postgres.get_connection_url())
...     with engine.begin() as connection:
...         result = connection.execute(sqlalchemy.text("select version()"))
...         version, = result.fetchone()
>>> version
'PostgreSQL 16...'

Here is an example of a Pod's manifest how it works with Docker - https://pastebin.com/raw/QrJhq9rb
Here is an example of a Pod's manifest how it doesn't work with Podman -
https://pastebin.com/raw/wNtLDaqa

In both cases I do the following (for example, with Podman - with Docker it's the same):

1. Create a pod - kubectl apply -f https://pastebin.com/raw/wNtLDaqa
2. Connect to the container with python - kubectl exec -it pods/podman-test -c testconainers -- bash
3. pip3 install sqlalchemy testcontainers[postgres] psycopg2-binary
4. wget -O pg.py https://pastebin.com/raw/hRPXiTEq
5. python3 pg.py

The output of the last command is

using host tcp://127.0.0.1:2375
using host tcp://127.0.0.1:2375
Pulling image testcontainers/ryuk:0.8.1
Container started: 15d46c004a8a
Traceback (most recent call last):
  File "//pg.py", line 4, in <module>
    with PostgresContainer("postgres:16") as postgres:
         ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/testcontainers/core/container.py", line 134, in __enter__
    return self.start()
           ~~~~~~~~~~^^
  File "/usr/local/lib/python3.13/site-packages/testcontainers/core/generic.py", line 74, in start
    super().start()
    ~~~~~~~~~~~~~^^
  File "/usr/local/lib/python3.13/site-packages/testcontainers/core/container.py", line 97, in start
    Reaper.get_instance()
    ~~~~~~~~~~~~~~~~~~~^^
  File "/usr/local/lib/python3.13/site-packages/testcontainers/core/container.py", line 200, in get_instance
    Reaper._instance = Reaper._create_instance()
                       ~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/local/lib/python3.13/site-packages/testcontainers/core/container.py", line 231, in _create_instance
    wait_for_logs(Reaper._container, r".* Started!", timeout=20, raise_on_exit=True)
    ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/testcontainers/core/waiting_utils.py", line 129, in wait_for_logs
    raise RuntimeError("Container exited before emitting logs satisfying predicate")
RuntimeError: Container exited before emitting logs satisfying predicate

If we have a look at the podman container we can see an error

kubectl logs pods/podman-test podman             
time="2025-01-09T19:07:36Z" level=warning msg="Using the Podman API service with TCP sockets is not recommended, please see `podman system service` manpage for details"
Trying to pull docker.io/testcontainers/ryuk:0.8.1...
Getting image source signatures
Copying blob sha256:a234a0d5e3d97ce9b4ff5b4c8dd672285de8ad2135976c5e1b15d00e2fc793f7
Copying blob sha256:490310d1a79bffc2d70a73d071215541789c2f6a03c3b747dd2c30f09c468584
Copying blob sha256:b84a74cde5af5c5199bfc2ce2a8c8951a29a7716d17327e923f1a14c870a858b
Copying config sha256:e1c72b0438b5e617d269397a7d6e8be66c9cc4c1ed01d4e480f20234eb09b507
Writing manifest to image destination
Port mappings have been discarded as one of the Host, Container, Pod, and None network modes are in use

It looks like the difference is that the docker (dind) container can allocate per nested containers IP-addresses and use port-mapping while Podman can't. Is any workaround for Podman to use it with testcontainers?

[Luap99]

This is because the podman image defaults to host namesapces for most things to enable it to better work in restricted envs, i.e. where we cannot configure networking.
https://github.com/containers/image_build/blob/main/podman/containers.conf

You can remove the default from there in the container.

[gilgameshfreedom]

Thanks for the answer. I've changed to private and it helped.