What is Podman?
Containerization is undoubtedly a game-changing technology. Today companies often prefer cloud-native applications running within containers with microservices. Docker has been the dominant player in the market since 2013. Yet, the strong alternatives continue to emerge. Podman is a daemon-less container engine. It allows you to develop, manage, and run Open Container Initiative (OCI) containers and container images on your Linux System. Put simply, OCI is an open governance project (initiated by Docker in 2015) to establish open-source industry standards on container formats and runtime. Podman manages not only containers but also the entire container ecosystem, including container images, container volumes, and even pods through libpod library. A tiny tip: Podman’s full name is “pod manager tool”, which comes from pods in Kubernetes.
Podmans vs. Docker
To understand Podman and its innovations, we need the terminology of Docker, which is commonly known in the market. The most important innovation brought by Podman is working with runC container runtime processes in Linux kernel without daemon process. While this architecture makes Podman a more light-weighted container engine, it also eliminates several security risks. The daemon process of Docker may lead to a single-point-of-failure, which means termination of the entire system in case of an error.
Security vulnerabilities might also occur during the creation of containers. Root privilege is required when the client and daemon process is communicating. Thus, mounting it to a container means giving that container root privileges on the host. On the other hand, Podman has a command set similar to Docker CLI, and it can perform all these operations effectively as rootless, using the power of being daemon-less and user namespaces, together with image build processes.
Let’s briefly touch on other differences between Podman and Docker.
- Docker stores images locally, while Podman allows you to store images and containers in different platforms
- Docker works on the client-server architecture of the containers, whereas Podman on the traditional fork-exec model
- One extra feature of Podman is that you can quickly move the images you create to the Kubernetes environment
- In addition to Private registries, Podman can pull images from repositories such as Docker Hub and Quay.io
Getting Started with Podman
Podman is a tool for running Linux containers. However, you can use it on both macOS and Windows desktops as long as you have access to a virtual machine on the host or a Linux box available on the network. You need to install the remote client and then set the ssh connection information. Podman can also run in the Windows Subsystem for Linux system (WSL) with small configurations.
When it comes to Linux, you can easily install Podman on numerous Linux distros. I want to briefly show you how to install it on an Amazon EC2 instance. The commands required to install Podman are as follows.
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_7/devel:kubic:libcontainers:stable.repo sudo yum -y install yum-plugin-copr sudo yum -y copr enable lsm5/container-selinux sudo yum -y install podman
To verify if podman is installed successfully, you can check the version of the Podman CLI.