Podman is a container engine that is compatible with the OCI Containers specification. Podman is part of RedHat Linux, but can be installed on other distributions as well.
Because it is OCI compliant, Podman can be used as a replacement for the better known Docker runtime. Most Docker commands can be directly translated to Podman commands.
What is a run time?
For many people, a ‘container’ is still a ‘Docker container’. This is not an accurate representation of the current container ecosystem. Docker produces OCI container images, which can be used with other compatible runtimes. Kubernetes is one example, while Podman is another.
As a result, Podman and Docker have overlapping core functionality. Both produce images that the other can use to run containers. The two runtimes then add their own specialties on top of the basic containerization features.
How to install Podman
If you’re using RedHat Linux, Podman is in the
extras storage place. Use
subscription-manager to add the archive. You can then use
yum to install Podman.
su - subscription-manager repos --enable rhel-7-server-extras-beta-rpms yum -y install podman
Most other popular Linux distributions also include Podman in their default repositories. You can
apt install podman,
dnf install podman or
pacman -S podman to get it installed.
Working with containers and images
Podman’s CLI is deliberately aligned with Docker’s. That means you can use familiar Docker commands to interact with Podman containers:
podman pull my-image:latest podman run my-image:latest --name my-container podman ps podman rm my-container
Podman should be instantly known to Docker users. You could aliases
podman and notice no difference in daily use. Of course, not every feature is available: if you try to use Docker Swarm commands, you’ll get an error, because Podman doesn’t have anything equivalent to Swarm.
What’s different about Podman?
Although it is similar to Docker, Podman has a few distinguishing differences. The first and perhaps most significant is the architecture. Podman is daemon-less— there is no lengthy process to manage your containers.
When you’re a
podman command, you communicate directly with the process that starts your containers and retrieves your images. The Docker CLI relies on a connection to the Docker daemon. The CLI sends commands to the daemon and the daemon then acts on them to create containers.
Podman’s model helps address some of the concerns around Docker security. The lack of a daemon greatly reduces the attack surface of the container. If you need remote access, Podman provides a REST API that allows you to interact with all supported resource types.
Podman comes with unique features that Docker completely lacks. In Podman, containers can form “pods” that work together. It is similar to the Kubernetes Pod concept.
Use the to create a pod
pod create order:
podman pod create --name my-pod
Containers are added to Pods by the
--pod flag with
podman run --pod my-pod --name image-1 my-image:latest podman run --pod my-pod --name image-2 another-image:latest
Containers in the pod can be managed in total using
podman pod commands:
podman kill my-pod # Kill all containers podman restart my-pod # Restart all containers podman stop my-pod # Stop all containers
The Pod concept is powerful as it allows you to manage multiple containers at once. You can create app containers such as a frontend, a backend, and a database, add them to a pod, and manage them simultaneously.
The closest thing to Docker comes with Compose. If you’re using Compose, you’ll need a . to write
docker-compose.yml file and use the separate
docker-compose binary. Podman allows you to create pods with a single command without leaving the terminal.
When you need to export a pod definition, Podman produces a Kubernetes-compatible YAML manifest. You can take the manifest and apply it directly to a Kubernetes cluster. This narrows the gap between running a container in development and launching it on the production infrastructure.
podman generate kube
Podman supports rootless containers. This helps you shut down your security by preventing containers from running like the host’s
root user. Docker now supports rootless mode as a daemon configuration option. Podman had rootless for Docker and puts more emphasis on using it.
yum install slirp4netns
Next, configure some user-reachable network namespaces:
echo "user.max_user_namespaces=28633" > /etc/sysctl.d/userns.conf sysctl -p /etc/sysctl.d/userns.conf
This command allows the use of network namespaces without
Now you are ready to run a rootless container! Connect to the server as a regular user. Start a new container with
podman run. It is created with the UID of your user account instead of
In addition to completely rootless namespaces,
podman is targeted to the current user by default. Your images and containers are stored in your users
$HOME folder. when you run
podman ps or
podman images, you will only see your content rather than any source on the system.
Podman is an OCI compliant container runtime that works without a daemon. The CLI implements all core Docker commands. You can easily switch to Podman or use it alongside an existing Docker installation.
Unlike Docker, Podman offers top-notch support for managing multiple containers. The Pod model makes it easy to work with a stack of services. You can stop, restart, and delete all associated containers using pod-level commands.
Podman is also ready to help you make the transition to container orchestration services. The ability to export Kubernetes-compatible YAML makes Podman a better match with many containerized production environments. Developers and operators can use the same tool to manage their containers, enabling greater collaboration and flexibility.