Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Set up core tooling for container work

Red Hat build of Podman Desktop 0.9

Explore how you can set up core tooling to perform your container tasks.

Red Hat Customer Content Services

Abstract

Setting up core tooling helps you configure all the necessary resources to start working on your containerized applications.

Preface
Copy link

As a developer, you can set up core tooling to start creating your containerized applications. The options are available to do the following:

  • Create a default or custom Podman machine to control resources, such as CPU, memory, and disk, and set rootful or rootless connections.
  • Add custom certificates from a local Certificate Authority (CA) or third-party vendor directly to the Podman machine via Secure SHell (SSH) and the update-ca-trust command. This certificate installation process is crucial for enabling secure communication and authenticating images with internal or private container registries.

Several configuration options are available to customize the Podman execution environment to meet your workload requirements. Find a complete list of configuration options available when creating a Podman machine below:

1.1. Required configuration options
Copy link

Expand
Table 1.1. machine configuration
OptionDescription

Name

Enter a name for the Podman machine, such as podman-machine-default.

CPU(s)

Select the number of CPUs to allocate to the machine.

Memory

Select the memory size to allocate to the machine.

Disk size

Select the disk size to allocate to the machine.

1.2. Optional configuration options
Copy link

Expand
Table 1.2. Boot Image
OptionDescription

Image Path

Select an image from your local machine, such as podman-machine.aarch64.applehv.raw.zst.

Image URL or image reference

Enter an image URL or a registry path. You can use an image URL from the Podman releases page or use a valid registry path in the format registry/repo/image:version.

Expand
Table 1.3. Connection Type
OptionDescription

Machine with root privileges

Enable to use the rootful connection by default.

1.3. Windows-specific options
Copy link

Expand
Table 1.4. Networking and provider type
OptionDescription

User mode networking (traffic relayed by a user process)

Enable to route the traffic through the network connection from your Windows session. This setting is required to access resources behind your VPN connection.

Provider Type

The setting is visible only to administrators, and its default value is wsl.

1.4. macOS-specific options
Copy link

Expand
Table 1.5. Provider Type
PlatformDefault ProviderAlternative Provider

macOS ARM64

GPU enabled (LibKrun)

Apple HyperVisor (can be switched when needed)

macOS AMD64

Apple HyperVisor

GPU enabled (LibKrun) (not available)

Chapter 2. Configure a Podman machine
Copy link

While a default Podman machine is created automatically upon installation, you can create a custom machine that allows you to manually define specific configurations:

  • Allocating resources (CPUs, memory, and disk size).
  • Using a custom boot image
  • Setting the machine to use a rootful connection by default
  • On Windows: Enabling user mode networking to route traffic through the host’s network session

Prerequisites

  • You have installed Red Hat build of Podman Desktop and Podman on your machine.
Note

For details about configuration options available for Podman machine creation, refer to the Customize the Podman execution environment section.

Procedure

  1. Go to the Settings > Resources page from the left navigation pane.
  2. In the Podman tile, click Create new. The Create a Podman machine screen opens.

  3. Enter or customize the following details:

    • Name: Enter a descriptive name, such as podman-machine-custom.
    • CPU(s): Select the number of CPUs (recommended: 2-4).
    • Memory: Select memory size in GB (recommended: 4-8 GB).
    • Disk size: Select disk size in GB (recommended: 20-50 GB).
  4. Optional: Provide a bootable image by using the Image Path or Image URL or image reference option.
  5. Customize the Machine with root privileges option to use the rootful or rootless connection.

  6. Additional settings based on your operating system:

    • On Windows: Set the value of the User mode networking and Provider Type configuration options.
    • On macOS: Set the value of the Provider Type configuration option.
  7. Click Create.
  8. After the machine is successfully created, click Go back to resources.

Verification

  • Check that the Podman machine is running in the Podman tile.

You can add certificates from your local certificate authority (CA) or from a third-party vendor into a Podman machine. After adding these certificates, you can use them in your images to:

  • Secure the communication channel between the running applications in your container and the external host system.
  • Validate the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) certificates provided by external services for authentication.

Podman stores certificates in the machine at /etc/pki/ca-trust/source/anchors/, and you can obtain them in various formats:

  • Privacy-Enhanced Mail format (.pem)
  • Certificate file format (.crt)
  • Certificate file format (.cer)
Note

On Windows, the Podman commands use the CAs from the certificate store. For example, if you are unable to log in to an internal registry because the added certificate was not trusted by Podman, you can add it to the Windows certificate store. This will enable Podman commands to trust the certificate and help you log in to that registry.

3.1. Add certificates to a Podman machine
Copy link

You can add certificates from a local CA or third-party vendor directly to a running Podman machine. After adding a certificate, a reboot of the Podman machine is required to ensure the changes take effect.

Prerequisites

  • You have a running Podman machine.
  • You have obtained the required certificates for installation, such as certificate.pem or certificate.crt.

Procedure

  1. Start an interactive session with the default Podman machine: 

    $ podman machine ssh <machine_name>

  2. Optional: If Podman runs in the default rootless mode, switch to a root shell: 

    $ sudo su -

  3. Change to the directory where the certificates must be placed: 

    $ cd /etc/pki/ca-trust/source/anchors

  4. Perform one of the following steps to obtain the certificate:

    • Use the curl command to download a certificate: 

      $ curl [-k] -o <my-certificate> https://<my-server.com/my-certificate>

    • Use any editor, such as Notepad or Vim to create a certificate file with .crt, .cer, or .pem extension.

      Note

      You can convert a certificate file to a text file and copy its content to the editor.

  5. Add the certificate to the list of trusted certificates: 

    $ update-ca-trust

  6. Optional: To exit the root shell, run the following command: 

    $ exit
  7. Run the exit command to exit the Podman machine.

  8. To apply your changes, reboot the Podman machine: 

    $ podman machine stop <machine_name>
$ podman machine start <machine_name>

Legal Notice
Copy link

Copyright © Red Hat.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top