As I contemplate moving my “thing” into production, I’m anticipating aspects of the application that need maintenance and how this can be automated. I’d been negligent in the maintenance of some of my container images. I’m using mostly Go and some Rust as the basis of static(ally-compiled) binaries that run in these containers but not every container has a base image of scratch. scratch is the only base image that doesn’t change and thus the only base image that doesn’t require that container images buit FROM it, be maintained.

I’ve read about Podman and been intrigued by it but never taken the time to install it and play around. This morning, walking with my dog, I listened to the almost-always-interesting Kubernetes Podcast and two of the principals behind Podman were on the show to discuss it. I decided to install it and use it in this week’s project. Here’s a working Podman deployment for gcp-oidc-token-proxy ACCOUNT="..." ENDPOINT="..." # Can't match container name i.