Building Containers With Podman

For someone who is been working with containers, Docker & Podman would sound familiar. But there are many folks who are still reluctant to migrate entirely on Podman from Docker. So why such less participation? Are there any downsides of using this tool over Docker? Let’s try to answer these questions in this post.

First, we will see how does the Docker actually works. As we know in Docker, the Docker daemon runs as a service on the host operating system. And this Docker daemon calls all the REST APIs in order to create, pull, push images, create or remove containers. And the Docker CLI interacts with the Docker daemon to do all of this on our behalf. But let’s see some major problems with this existing setup of Docker daemon,

• A single process might become a single point of failure
• And this process is the owner of all the child processes or the containers running
• Building containers could lead to security vulnerabilities
• And the best part: all Docker plays had to be conducted by the user with full root authority

Podman handles above mentioned problems by directly interacting with the image registry, container, storage of images and with Linux kernel through runC container runtime process. Which means it effectively eliminates the daemon. Now if someone is planning to migrate to Podman from Docker, one more interesting fact: the commands which we have used in Docker works similar for Podman as well. Also, Docker and Podman images are compatible with each other. A detailed explanation is here on the security features of Podman over Docker.

Enough talking, let’s get to using these tools which we discussed above. I’ll be running podman over my centos linux box and to install it the very basic command:

$ yum install podman

Also, I’ll be using more of Docker commands to show how compatible commands of Podman are with that of Docker. The commands are similar to- build, run, pull, push, tag commit in that of Docker. Below are some of the very basic commands:

As seen in above images, podman commands are similar to Docker commands.

Podman’s usage becomes quite interesting as well when we want to club it with the famous Kubernetes. Podman comes with excellent support to generate Kubernetes configuration and resource specifications in YAML format. podman generate kube command can be used to generate YAML files for Kubernetes resources. More can be read about this feature here

There are other features of Podman which can definitely help in clearing the clouds over migration from Docker. It allows admins to not only build containers and images with same command as that of Docker but also lets developers use the same tools for building cool features. In next post, I’ll be covering about one great companion of Podman - Buildah. Until then, ciao!

References:

• https://podman.io/
• https://developers.redhat.com/blog/2019/02/21/podman-and-buildah-for-docker-users/
• https://developers.redhat.com/blog/2019/01/29/podman-kubernetes-yaml/