Microcks is a cloud-native API mocking and testing tool. It helps you cover your API's full lifecycle by taking your OpenAPI specifications and generating live mocks from them. It can also assert that your API implementation conforms to your OpenAPI specifications. You can deploy Microcks in a wide variety of cloud-native platforms, such as Kubernetes and Red Hat OpenShift. Developers who do not have corporate access to a cloud-native platform have used Docker Compose. Although Docker is still the most popular container option for software packaging and installation, Podman is gaining traction.
Podman was advertised as a drop-in replacement for Docker. Advocates gave the impression that you could issue alias docker=podman and you would be good to go. The reality is more nuanced, and the community had to work to get proper docker-compose support in Microcks for Podman.
This article discusses the barriers to getting Microcks to work with Podman and the design decisions we made to get around them. It includes a brief example of using Podman in rootless mode with Microcks.
Supporting Podman in Microcks
Podman presented a few design barriers, which the Microcks community had to work around. We'll discuss the barriers and how we worked around them, and what those decisions mean for developers using Podman with Microcks.
Rootfull or rootless?
Docker requires running a daemon as root, which observers have long criticized as insecure. Podman adopted a very different architecture: It involves no daemon at all and can run as root (rootfull mode) or as a regular user (rootless mode). Microcks supports Podman in either rootfull or rootless mode.
Although rootless mode looks very appealing, it does not come without cost. Drawbacks include:
- Containers have no IP address and no DNS aliases.
- Port redirection is done in userspace, whereas rootfull mode uses iptables, which is faster.
- The overlay storage is done in userspace with FUSE, which is slower than the traditional overlayFS mount.
Still, unless you need high performance or a specific network setup, you can use rootless mode.
DNS aliases: Still in the way
Microcks needs proper DNS aliases in place to work properly. The main reason is that Microcks uses the OpenID Connect protocol for user authentication, which involves both user-facing interactions and server-to-server interactions.
Combined with the quirks and limitations of the other software in the stack (Keycloak, Docker, Podman), this requirement explains why it has always been challenging to get Microcks running without tinkering with the Docker Compose configuration.
To work around this issue, the community created a shell script that discovers the current machine IP address and hardcodes that address in the podman-compose file.
To get DNS aliases working, you need to enable the dnsname plugin in the default podman network.
Networking
With the rootfull mode in Podman came another challenge: By default, containers can refer to other containers only by their IP addresses. This command re-creates the default podman network and enables the dnsname plugin:
$ sudo podman network rm podman $ sudo podman network create --subnet 10.88.0.0/16 podman
Using Podman Compose with Microcks
Podman support might not look glorious as presented here, but the benefits of using Podman are worth the effort!
The rootless mode is the easiest and safest way to get Microcks working with Podman Compose:
$ git clone https://github.com/microcks/microcks.git
$ cd microcks/install/podman-compose
$ ./run-microcks.sh
Running rootless containers...
Discovered host IP address: 192.168.3.102
Starting Microcks using podman-compose ...
------------------------------------------
Stop it with: podman-compose -f microcks.yml --transform_policy=identity stop
Re-launch it with: podman-compose -f microcks.yml --transform_policy=identity start
Clean everything with: podman-compose -f microcks.yml --transform_policy=identity down
------------------------------------------
Go to https://localhost:8080 - first login with admin/123
Having issues? Check you have changed microcks.yml to your platform
using podman version: podman version 2.1.1
podman run [...]
Rootfull mode requires that you enable the dnsname plugin on the default podman network, as described earlier. Then, you would just run this script with sudo.
Conclusion
Getting Microcks to work with Podman was not particularly difficult. We hope this support will help you get started with using Microcks in corporate environments. Read the announcement on microcks.io for more details.
Last updated: October 14, 2022