What is Podman?
What is Podman? In summary, Podman is a container engine developed by RedHat, and yes, when we read container engine, Docker immediately came to mind.
You may wonder: what does RedHat offer through Podman to compete with the well-known Docker engine? Is there a reason to switch to Podman? Podman replaces Docker or is it just another competitor? We answered “what’s Podman?” just now. We cannot answer all these questions in this article; however, we can point out an element of Podman’s wildcards for possible dethronement of the current king of containers.
A user-friendly interface
My research for this article led me to a RedHat engineer Dan Walsh presentation, which outlined a process for replacing Docker with Podman and outline some steps for performing this migration.
The first is to run:
dnf install -y podman
Finally, he said, “Are there any questions?””
Although it was a joke, the idea was to demonstrate that switching to Podman is very simple since RedHat engineers have taken special care to use the same nomenclature for Podman commands. You are already familiar with most of Podman’s commands if you use Docker. In fact, it is as simple as running podman run instead of docker run, and the result will be the same.
An engineer at RedHat used Dan’s “migration method” using the two commands above, and after a couple of months, completely forgot about it since he kept using the same commands he had used in Docker for years.
Podman: Pods or Containers?
“What is Podman?” is the first question we ask. It may be noted that the name of this unit is very descriptive, and yes, we refer to it as Pods when we refer to Kubernetes.
Podman can run containers the same way Docker does, but it can also run pods.
To those who are unfamiliar with Kubernetes, let me first emphasize that Pods are the minimum measurement unit in Kubernetes. The main difference is that a Pod may contain more than one container.
In this case, the main container is used, along with one or more sidecar containers, to “assist” the main container in its task.
Pods are essentially containers that can contain either one or more containers, so keep that in mind for now. These concepts will be explored.
The Podman logo looks like a container, so imagine that each seal is a pod.
For OCI-type image inspection and management, Podman uses a tool based on scopio.
With Podman, you can scan OCI images without downloading them, and even better, you can move elements from one repository to another directly without having to download the whole image since you will not need to download it in order to view or use its components.
Redhat’s team offers buildah as an alternative to Podman, which provides images very similar to Docker with the Podman build command.
Buildah is a tool for managing images that are closely tied to Podman. In addition to its features, it can manipulate an image or a running container to create new images, build the root directory of a container for its handling, and create new images in traditional or OCI formats. You can learn more about Buildah by visiting its official repository.
Podman is rootless (Podman security)
With Podman, containers don’t have to be run as root because of their modular architecture. The advantage of this is that since you can run your containers with different users who have different privileges and Without running containers as root users and wreaking havoc on your servers, someone could have access to the container service.
Podman creates a directory in the user’s home directory and stores all the information about the images and containers this user has when run as a non-root user. As an example, if you do a Podman image with your non-root user, only the images that this user has created or downloaded will appear.
Another advantage of Podman
Podman is also capable of using UID separation via namespaces, which provides an additional level of isolation when running containers.
In terms of security, Docker service leaks are even riskier than obtaining root (sudo) access.
When you gain administrative rights (sudo) and do something on the system, it is always recorded in the system audit log, and there is always a trace to follow. If you access the Docker service from a container with privileges and then remove the container it is virtually impossible to know what you have done. There are no logs or records of your actions. A tool that is safer than Podman.
Integration with Systemd
Podman lets us run containers without any modifications that have Systemd enabled by default.
Because of this, we can activate a socket and use the systemd API to talk to Podman remotely. Python libraries have been developed to facilitate integrations and communication with the Podman remote API.
Pypodman, developed in Python, runs everything Podman runs locally, but remotely, interacting with a remote API, which opens up a world of possibilities.
In the end, it is not clear if Podman will succeed in replacing Docker or if it will dethrone the container king.
In comparison to Podman, Docker has several advantages: firstly, its wide distribution and widespread acceptance, as well as tools such as Docker Swarm, docker-compose, etc. If you want to orchestrate containers in Podman, you have two choices: Kubernetes, or, what I prefer: RedHat, Openshift using cri-or, which is the runtime that Podman uses.
RedHat is taking a chance on the cloud world with the acquisition of CoreOS and the development of Podman, which is RedHat 8’s and CentOS 8’s default container engine.
Thanks, once again for reading our blog. If you have any queries then you can mail us to email@example.com
You can follow us on