قالب وردپرس درنا توس
Home / Tips and Tricks / What is Podman and how is it different from Docker? – CloudSavvy IT

What is Podman and how is it different from Docker? – CloudSavvy IT



Image with the Podman logo

Podman is a container engine that is compatible with the OCI Containers specification. Podman is part of RedHat Linux, but can be installed on other distributions as well.

Because it is OCI compliant, Podman can be used as a replacement for the better known Docker runtime. Most Docker commands can be directly translated to Podman commands.

Here̵

7;s a look at how the two runtimes stack up.

What is a run time?

For many people, a ‘container’ is still a ‘Docker container’. This is not an accurate representation of the current container ecosystem. Docker produces OCI container images, which can be used with other compatible runtimes. Kubernetes is one example, while Podman is another.

As a result, Podman and Docker have overlapping core functionality. Both produce images that the other can use to run containers. The two runtimes then add their own specialties on top of the basic containerization features.

How to install Podman

If you’re using RedHat Linux, Podman is in the extras storage place. Use subscription-manager to add the archive. You can then use yum to install Podman.

su -
subscription-manager repos --enable rhel-7-server-extras-beta-rpms
yum -y install podman

Most other popular Linux distributions also include Podman in their default repositories. You can apt install podman, dnf install podman or pacman -S podman to get it installed.

Working with containers and images

Podman’s CLI is deliberately aligned with Docker’s. That means you can use familiar Docker commands to interact with Podman containers:

podman pull my-image:latest

podman run my-image:latest --name my-container

podman ps

podman rm my-container

Podman should be instantly known to Docker users. You could aliases docker to podman and notice no difference in daily use. Of course, not every feature is available: if you try to use Docker Swarm commands, you’ll get an error, because Podman doesn’t have anything equivalent to Swarm.

What’s different about Podman?

Although it is similar to Docker, Podman has a few distinguishing differences. The first and perhaps most significant is the architecture. Podman is daemon-less— there is no lengthy process to manage your containers.

When you’re a podman command, you communicate directly with the process that starts your containers and retrieves your images. The Docker CLI relies on a connection to the Docker daemon. The CLI sends commands to the daemon and the daemon then acts on them to create containers.

Podman’s model helps address some of the concerns around Docker security. The lack of a daemon greatly reduces the attack surface of the container. If you need remote access, Podman provides a REST API that allows you to interact with all supported resource types.

Pods

Podman comes with unique features that Docker completely lacks. In Podman, containers can form “pods” that work together. It is similar to the Kubernetes Pod concept.

Use the to create a pod pod create order:

podman pod create --name my-pod

Containers are added to Pods by the --pod flag with podman run:

podman run --pod my-pod --name image-1 my-image:latest
podman run --pod my-pod --name image-2 another-image:latest

Containers in the pod can be managed in total using podman pod commands:

podman kill my-pod      # Kill all containers
podman restart my-pod   # Restart all containers
podman stop my-pod      # Stop all containers

The Pod concept is powerful as it allows you to manage multiple containers at once. You can create app containers such as a frontend, a backend, and a database, add them to a pod, and manage them simultaneously.

The closest thing to Docker comes with Compose. If you’re using Compose, you’ll need a . to write docker-compose.yml file and use the separate docker-compose binary. Podman allows you to create pods with a single command without leaving the terminal.

When you need to export a pod definition, Podman produces a Kubernetes-compatible YAML manifest. You can take the manifest and apply it directly to a Kubernetes cluster. This narrows the gap between running a container in development and launching it on the production infrastructure.

podman generate kube

Rootless Containers

Podman supports rootless containers. This helps you shut down your security by preventing containers from running like the host’s root user. Docker now supports rootless mode as a daemon configuration option. Podman had rootless for Docker and puts more emphasis on using it.

Install first slirp4netns:

yum install slirp4netns

Next, configure some user-reachable network namespaces:

echo "user.max_user_namespaces=28633" > /etc/sysctl.d/userns.conf
sysctl -p /etc/sysctl.d/userns.conf

This command allows the use of network namespaces without root.

Now you are ready to run a rootless container! Connect to the server as a regular user. Start a new container with podman run. It is created with the UID of your user account instead of root.

In addition to completely rootless namespaces, podman is targeted to the current user by default. Your images and containers are stored in your users $HOME folder. when you run podman ps or podman images, you will only see your content rather than any source on the system.

Conclusion

Podman is an OCI compliant container runtime that works without a daemon. The CLI implements all core Docker commands. You can easily switch to Podman or use it alongside an existing Docker installation.

Unlike Docker, Podman offers top-notch support for managing multiple containers. The Pod model makes it easy to work with a stack of services. You can stop, restart, and delete all associated containers using pod-level commands.

Podman is also ready to help you make the transition to container orchestration services. The ability to export Kubernetes-compatible YAML makes Podman a better match with many containerized production environments. Developers and operators can use the same tool to manage their containers, enabling greater collaboration and flexibility.


Source link