11. 02. 2025 Mattia Codato Development, Events, NetEye

Podman Quadlet: Simplifying Container Management with systemd

Also this year, we had the great opportunity to attend FOSDEM, the most important open-source conference in Europe. This year was no exception, and among the many exciting talks, one that particularly caught my attention was Alex Stefanini’s presentation on Podman Quadlet.

From Podman 4.4, Quadlet has emerged as a powerful new tool that simplifies container management with systemd. This feature is especially useful for NetEye users, for example, as it allows running containers in a declarative and automated way, without manually handling complex systemd service files.

What is Quadlet?

The original Quadlet repository describes Quadlet this way:

What do you get if you squash a Kubernetes kubelet?
A quadlet

Quadlet is a feature in Podman that optimizes how containers run under systemd. Traditionally, running a Podman container as a systemd service required writing a full systemd unit file. Quadlet removes this complexity by automatically generating systemd service files from simple declarative configurations.

Instead of manually managing service definitions, you can now create a .container file, place it in /usr/share/containers/systemd/, and systemd will handle the rest.

Example: Easy Integration with systemd

A key advantage of Quadlet is its seamless integration with systemd. Let’s say you want to run any container (a dummy container for this example) as a systemd service. Instead of writing a complex unit file, you simply create a Quadlet configuration:

[Unit]
Description=The sleep container
After=local-fs.target

[Container]
Image=registry.access.redhat.com/ubi9-minimal:latest
Exec=sleep 1000

[Install]
WantedBy=multi-user.target default.target

Save this file as /usr/share/containers/systemd/mysleep.container, then reload systemd:

[root@neteye ~]# systemctl daemon-reload
[root@neteye ~]# systemctl start mysleep
[root@neteye ~]# systemctl status mysleep
● mysleep.service - The sleep container
   Loaded: loaded (/usr/share/containers/systemd/mysleep.container; generated)
   Active: active (running) since Sat 2025-02-08 16:39:43 UTC; 748ms ago
 Main PID: 337060 (conmon)
    Tasks: 2 (limit: 48994)
   Memory: 2.3M
   CGroup: /system.slice/mysleep.service
           ├─libpod-payload-5872e13ea14f858a50b5c9a2ac1e03e4454fab39a4a596ac83c19714520fc963
           │ └─337071 /usr/bin/coreutils --coreutils-prog-shebang=sleep /usr/bin/sleep 1000
           └─runtime
             └─337060 /usr/bin/conmon --api-version 1 -c 5872e23ea14f858a50b5c9a3ac0e03e4454fab39a4a596ac83c19714420fc963 -u 5872e23ea14f858a50b5c9a3ac0e03e4454fab39a4a596ac83c19714420fc963 -r /usr/bin/runc -b /var/lib/containers/storage>

Feb 08 16:39:43 neteye systemd[1]: Starting The sleep container...
Feb 08 16:39:43 neteye systemd[1]: Started The sleep container.
Feb 08 16:39:43 neteye mysleep[336998]: 5872e23ea14f858a50b5c9a3ac0e03e4454fab39a4a596ac83c19714420fc963

That’s it! Systemd automatically translates the Quadlet file into a proper systemd service, making container management much simpler.

Summary: Empowering NetEye with Containerization

With Quadlet, NetEye users can now run containerized applications easily, without affecting the underlying OS. Thanks to its systemd integration, Quadlet offers a structured, automated, and reliable way to manage Podman containers.

Attending FOSDEM is always incredibly motivating, as it allows us to explore new technologies and ideas that we can bring back home to further improve NetEye. Podman Quadlet is a game-changer, and we encourage everyone to give it a try!