Podman Quadlets let systemd manage your containers natively — no daemon, no root, no Docker socket. Here's how to set it up.
Docker changed how we deploy software, but it comes with baggage: a root daemon, a Unix socket that's effectively a root backdoor, and a model where the container runtime is a single point of failure. If the Docker daemon crashes, all your containers stop.
Podman: containers without a daemon
Podman runs containers without a persistent daemon. Each container is a regular process, managed by systemd like any other service. No root required. No socket to protect. If the Podman binary crashes, your running containers keep running.
Quadlets: systemd-native containers
Quadlet is the bridge between Podman and systemd. Instead of writing a systemd unit file that calls `podman run`, you write a `.container` file that describes your container declaratively. Systemd generates the unit file automatically.
What you can configure
Each container deployment supports:
- Environment variables (with secrets stored securely)
- Port mappings (host:container)
- Volume mounts for persistent data
- Healthcheck commands and intervals
- CPU and memory resource limits
- Automatic restart policies
Stacks for multi-service applications
Real applications aren't single containers. A typical deployment might include a web app, a database, and a background worker. Stacks group related containers together with shared networks and coordinated deployment. Deploy the whole stack at once, roll back together if something breaks.