Containers and pods (a collection of containers in the same namespace) enables easy and secure management of hosted applications. In this case `podman` has been chosen to configure the pods and containers as it makes it possible to perform this task without root. Furthermore, the management of these pods which consists of automatic backups of the volumes and databases and automatically starting and updating at reboots will be performed by `runsvdir`.
## Podman
Install `podman` with
```
# apk add podman
```
Rootless `podman` needs `cgroups` to operate
```
# rc-update add cgroups default
```
Set up the network namespace configuration for the user
```
# modprobe tun
# echo tun >> /etc/modules
# for i in subuid subgid; do
> echo <username>:100000:65536 >> /etc/$i
> done
```
Run the following container to verify if everything works
```
$ podman run --rm hello-world
```
### Management of containers
To run a single container create `~/.config/sv/<container-name>/run`
To run a pod configured with `~/.config/pods/<pod-name>/<pod-name>.yml`, see [alpine-server](https://git.bijl.us/luc/alpine-server) for examples, create `~/.config/sv/<pod-name>/conf`
While it would be more optimal to run a reverse proxy in a container and link the network namespaces to this container, this is unfortunately not [yet](https://git.bijl.us/lnorg/documentation/issues/65) possible with `pasta` user network namespaces. Therefore, the reverse proxy should be run in front of the containers and thus on the system.