apiVersion: v1
kind: Pod
metadata:
name: sonarr
labels:
app: sonarr
spec:
restartPolicy: Always
containers:
- name: sonarr
image: lscr.io/linuxserver/sonarr:latest
ports:
- hostPort: 8989
containerPort: 8989
env:
- name: PUID
value: '1000'
- name: PGID
value: '1000'
- name: TZ
value: Europe/Vienna
volumeMounts:
- name: vol-0
mountPath: /config
- name: vol-1
mountPath: /tv
- name: vol-2
mountPath: /downloads
volumes:
- name: vol-0
persistentVolumeClaim:
claimName: sonarr-config
- name: vol-1
hostPath:
path: /tv
type: Directory
- name: vol-2
hostPath:
path: /downloads
type: Directory
Prerequisites once as root
0. Install Podman
apt update && apt install -y podman
1. Create user (if not existing)
useradd -m -s /bin/bash sonarr passwd sonarr
2. Enable linger (service runs after reboot without login)
loginctl enable-linger sonarr
Save the YAML file
mkdir -p ~/.config/containers/ # Copy the YAML above to: nano ~/.config/containers/sonarr.yaml
Test the pod (without autostart)
podman play kube ~/.config/containers/sonarr.yaml # Check status: podman pod ps && podman ps # Stop: podman play kube --down ~/.config/containers/sonarr.yaml
Create Quadlet .kube file
Place it at ~/.config/containers/systemd/sonarr.kube
mkdir -p ~/.config/containers/systemd/ cat > ~/.config/containers/systemd/sonarr.kube << 'EOF' [Unit] Description=sonarr Pod [Kube] Yaml=%h/.config/containers/sonarr.yaml [Install] WantedBy=default.target EOF
Enable systemd service
systemctl --user daemon-reload systemctl --user enable --now sonarr-pod.service
Status & Logs
systemctl --user status sonarr-pod.service journalctl --user -u sonarr-pod.service -f podman pod ps podman ps
Apply image updates
Pull new image versions and restart the pod:
podman pull docker.io/<image>:<tag> podman play kube --replace ~/.config/containers/sonarr.yaml # or via systemd: systemctl --user restart sonarr-pod.service
Ports < 1024 (e.g. 80, 443)
Rootless cannot open privileged ports. Solution:
sysctl net.ipv4.ip_unprivileged_port_start=80
Make persistent in /etc/sysctl.d/99-podman.conf.
Containers communicate via localhost
All containers in the pod share the same network namespace. Always use localhost, not container names.
# Correct (e.g. app → db): localhost:5432 # Wrong (doesn't work in a pod): db-container:5432
List open ports
Which ports is the running pod listening on?
podman port sonarr-pod
Custom DNS for the pod
Set a custom DNS server (e.g. local Pi-hole):
# In YAML under spec.dnsConfig:
spec:
dnsConfig:
nameservers:
- 192.168.1.x
Set volume ownership
Fix permission errors by adjusting UID/GID in the user namespace:
podman unshare chown 1000:1000 /path/to/volume
SELinux volume labels
On SELinux systems (RHEL, Fedora) set the volume suffix:
/host/path:/container/path:Z # private /host/path:/container/path:z # shared
List all volumes
podman volume ls podman volume inspect <volume-name>
Volume backup
Back up data from a named volume:
podman run --rm \ -v <volume-name>:/data:ro \ -v $(pwd):/backup \ busybox tar czf /backup/backup.tar.gz /data
Cleanup
Remove unused images, containers and volumes:
podman system prune -f # containers + images podman image prune -f # untagged images only podman volume prune -f # unused volumes
Automatic image updates (podman-auto-update)
Podman can automatically update images and restart the pod. Enable once:
systemctl --user start podman.socket systemctl --user daemon-reload systemctl --user enable --now podman-auto-update.timer systemctl --user status podman-auto-update.timer
Test without actually updating:
podman auto-update --dry-run
Manual update
Pull a new image version and restart the pod:
podman pull <image>:<tag> podman play kube --replace \ ~/.config/containers/sonarr.yaml
Find outdated images
Check local images against the registry:
podman images --filter dangling=false podman pull --all-tags <image>
Shell into a running container
podman exec -it sonarr-<container> /bin/sh # or bash: podman exec -it sonarr-<container> /bin/bash
Follow live logs
# All containers in the pod: podman pod logs -f sonarr-pod # Single container: podman logs -f sonarr-<container>
Pod info & resource usage
podman pod inspect sonarr-pod podman stats sonarr-pod
Restart pod without data loss
podman pod restart sonarr-pod # or via systemd: systemctl --user restart sonarr-pod.service