I wrote a blog on an exciting new feature of RamaLama to allow users to take their documents (pdf, docx, md, ...) and translate them into a RAG database in a container image and then use it with an AI Model. With only two simple commands.

Check it out.

One of my primary goals of RamaLama was to allow users to move AI Models into containers, so they can be stored in OCI Registries. I believe there is going to be a proliferation of "private" models, and eventually "private" RAG data. (Working heavily in RAG support in RamaLama now.

Once you have private models and RAG, I believe you will want to run these models and data on edge devices in in Kubernetes clusters. Getting the AI Models and data into OCI content. Would allow us to take advantage of content signing, trust, mirroring. And make running the AI in production easier.

Also allowing users to block access to outside "untrusted" AI Models stored in the internet. Allow companies to only use "trusted" AI.

Since Companies already have OCI registries, it makes sense to store your AI Models and content in the same location.

Bottom line we want to take advantage of the infrastructure created by Podman, Docker and Kubernetes.

Look for krunkit for GPU/Cuda Accelerator. Should be much better support in podman 5.2 out next month, I believe.

You can use it now if you grab it from brew.

Linux containers require a Linux kernel. Any tool on a MAC that is running containers locally is doing it in a VM.

Using bootc-image-builder (https://github.com/osbuild/bootc-image-builder) You can convert a bootc image into multiple different formats including vmdk, iso, raw, qcow2 ...

registry.redhat.io/rhel9/rhel-bootc registry.redhat.io/rhel9/rhel-bootc quay.io/centos-bootc/centos-bootc

Are currently available, but since this is an open source project, we look forward to other distros creating bootc images.

I meant registry.fedoraproject.org/fedora-bootc

There is also a fedora-bootc

registry.fedoraproject.org/fedora-bootc:latest

Administrators who want to share access to a system and part of its data but control what users are able to see on the system.

Think sharing special devices. Think sharing certain directory content that containers secret data, for the users eyes only.

I see some misunderstanding of the goal of Podmansh. The basic idea is certain users have secure systems where they want to allow limited access to the host system. For example you might have some secret data on a system, where a user can only see certain data depending on who they are, you also want to prevent said user from seeing other users or processes are running on the system. Podmansh makes setting up these types of shared systems easier.

People are correct in thinking podmansh is just a single command that `podman exec -ti podmansh` container, and they would be correct. But the interesting thing is through the user of quadlet and systemd, administrators can easily configure the podmansh container for all users or for specific users. The ease of customization and systemd managing the life cycle of the container based on users sessions is a really nice feature.

Many users will never use this, but certain users like Governement, Banking or other entities who are very concerned about security, this is a really nice feature.

Do you run with Docker daemon running in rootless mode? Does rancher default to rootless mode? I hear Docker can run in rootless mode but does anyone really run it that way. If I want to start a single container in my homedir, I need to start up multiple docker daemons (dockerd, containerd) to run and then they run forever even if I run in daemon mode. Or I can shut them down until I need to interact with the container again.

Have you tried running with Pods? Have you tried Quadlet? Have you tried to generate kube yaml from running pods and containers on your system? Have you used podman to generate pods and containers from existing kubernetes yaml files? Have you launched containers each in their own User Namespace with --userns=auto?