ContainersTigerOps agent

Podman Integration

Monitor Podman containers and pods including rootless environments, systemd-managed services, and pod lifecycle events. Full observability without a daemon.

Monitor Podman Book a Demo

Setup

How It Works

Enable Podman Socket

Enable the Podman REST API socket via systemctl --user enable podman.socket. TigerOps connects to this socket to enumerate containers, pods, and resource statistics without requiring root access.

Deploy the TigerOps Agent

Install the TigerOps agent and point it at the Podman socket path. For rootless environments, the agent runs as the same user and uses the XDG_RUNTIME_DIR socket location automatically.

Configure Pod & Container Scraping

Set label selectors and namespace filters in the agent config to scope which pods and containers are monitored. Systemd-managed Podman services are auto-discovered via the podman-auto-update service.

Set Resource & Restart Alerts

Define thresholds for container memory usage, CPU throttling, and restart counts. TigerOps maps Podman container IDs back to their systemd units so alerts link directly to the service definition.

Capabilities

What You Get Out of the Box

Rootless Container Resource Metrics

CPU, memory, and network I/O metrics for rootless Podman containers using the user-space cgroup hierarchy. No privileged access required — TigerOps reads user cgroups directly.

Pod Lifecycle Monitoring

Track Podman pod create, start, stop, and remove events. Monitor infra-container health, pod restart counts, and pod-level resource aggregation for multi-container pod groups.

Systemd Service Integration

Correlate Podman container restarts with systemd unit state transitions. Monitor ExecStop failures, watchdog timeouts, and auto-update outcomes for containers managed via Quadlet or generate-systemd.

Image & Registry Metrics

Track image pull duration per registry, layer download failures, and local image store growth. Alert when registries are unreachable or when pulls consistently exceed latency thresholds.

Network & Volume Stats

Per-container network receive/transmit bytes, packet drops, and CNI plugin call latency. Volume mount health and overlay filesystem utilization for containers using named volumes.

AI Anomaly Detection for Rootless Workloads

TigerOps builds per-container baselines for CPU, memory, and restart frequency in rootless environments. Deviations from baseline automatically trigger alerts with contextual root cause hints.

Configuration

TigerOps Agent Config for Podman

Configure the TigerOps agent to connect to the Podman socket and collect container and pod metrics.

tigerops-podman.yaml

# TigerOps Agent — Podman integration config
# Supports rootless (user socket) and rootful (system socket)

podman:
  enabled: true
  # Rootless: use user socket (auto-detected from XDG_RUNTIME_DIR)
  socket: "unix:///run/user/1000/podman/podman.sock"
  # Rootful alternative:
  # socket: "unix:///run/podman/podman.sock"

  scrapeInterval: 15s

  # Pod-level metric aggregation
  pods:
    enabled: true
    aggregateMetrics: true

  # Systemd integration for Quadlet/generate-systemd units
  systemd:
    enabled: true
    dbusAddress: "unix:path=/run/user/1000/bus"

  # Label-based container selection
  labelSelector:
    environment: production

# cgroup user-space path for rootless containers
cgroups:
  enabled: true
  userSlice: true   # read from user.slice for rootless
  scrapeInterval: 15s

remoteWrite:
  endpoint: https://ingest.atatus.net/api/v1/write
  bearerToken: "${TIGEROPS_API_KEY}"

alerts:
  containerRestartCount: 3
  memoryUsagePct: 85
  imagePullFailures: 1
  podInfraContainerDead: true

FAQ

Common Questions

Does TigerOps support Podman in rootless mode without any elevated privileges?

Yes. The TigerOps agent can run as an unprivileged user alongside Podman in rootless mode. It accesses the user Podman socket at $XDG_RUNTIME_DIR/podman/podman.sock and reads user-space cgroups under /sys/fs/cgroup/user.slice without needing root.

Can TigerOps monitor Podman pods as a unit rather than individual containers?

Yes. TigerOps aggregates metrics at the pod level using Podman pod IDs, displaying aggregate CPU, memory, and network usage per pod alongside per-container breakdowns. Pod lifecycle events are tracked as a single entity.

How does TigerOps handle Podman containers managed by systemd Quadlet units?

TigerOps auto-discovers Quadlet-managed containers by cross-referencing the Podman socket with systemd unit files. Container metrics are enriched with unit name, activation state, and restart count from the systemd D-Bus interface.

Is Podman Desktop supported for local development monitoring?

Yes. TigerOps supports Podman Desktop on macOS and Windows by connecting to the Podman Machine socket via the forwarded socket path. This enables the same monitoring experience for local development environments.

How does Podman monitoring differ from Docker monitoring in TigerOps?

The metric collection is functionally equivalent — both use their respective REST APIs and cgroup hierarchies. The key difference is TigerOps handles the user-space cgroup path for rootless Podman and enriches metrics with Podman-specific concepts like infra containers and pod groups.

Get Started

Observability for Daemonless, Rootless Container Environments

Pod metrics, systemd integration, and rootless cgroup visibility — no privileged access required. Up and running in minutes.

Start Free Talk to an Engineer