Rocky Mountains, Maple Ridge BC — Lawrence Manickam

Podman — A Dockerless Container Engine — Part I

Few IT decision makers want to remove their dependency on Docker. It is evident and happening.

Docker is the monopoly in the Container Market and the Docker CE tool does not have a commercial support model. Therefore, companies such as Red Hat encourage Buildah, Podman and Skopeo for Container Management with Kubernetes (Red Hat OpenShift).

A Docker environment has the following challenges;

  • Docker daemon runs on a logical port and it’s a single point of failure.
  • It owns all the child processes (the running containers). The docker host will kill every container when the daemon fails.
  • All Docker operations had to be conducted by a user (or users) with the same full root authority.
  • Securing the Docker daemon port inside the corporate network is an overhead.

The industry needs a Container engine that is daemonless and rootless. Here’s the Podman;

Podmn.io defines ‘Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System. Containers can either be run as root or in rootless mode.’.

Features;

  • Daemonless.
  • rootless or root.
  • Direct interaction with Container Registry, Containers, Image Storage, and runc.
  • OCI compliant.

In this article, I provide a run book for how to install Podman and operate Containers at CentOS 8.

Login as root

Check Docker

See, there is no Docker.

Install Podman and Slirp4netns

Increase user namespaces

Configure subuid and subgid values

Update registries

The default registries.conf under /etc/container has entries to access few registries including docker.io (Public Docker Hub). I edit this file to use Public Docker Hub.

Login in as rootless user (kuberiter)

Log in directly as the rootless user ‘kuberiter’ (Don’t use su or su — to become that user because that doesn’t set the correct environment variables).

Check rootless configuration

To check that your rootless configuration is set up properly, you can run commands with the podman unshare command.

Pull an Image

List Images

Start the Container

Display running Containers

Information about a Container

Stop the Container

Remove the Container

Container Storage — rootless user

Podman stores containers under the home directory of the rootless user.

Limitations of Podman

  • Linux based.
  • No support for Windows OS based Containers.
  • No equivalent of Docker-Compose component.
  • New product with bugs and minimum features.
  • Compatibility issues with root Containers.
  • No clear definition for Buildah and Podman Container build features.

Watch the Podman demo Video here.

In the next article, I will write about Buildah and Skopeo.

Lawrence Manickam is the Founder of Kuberiter Inc, a Seattle based Start-up that provide Enterprise/SaaS DevOps Services (Kubernetes, Docker, Helm, Istio and CyberArk Conjur) for MultiCloud.

Please subscribe at www.kuberiter.com to try our DevOps SaaS Services.

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

GSoC’21: Coding Phase Sixth Week

Project Panorama v1.6.2 — WordPress Project Management Plugin

Cloudflare with ubuntu nginx SSL setup

How I got into Web Development

What is Pandas in Python? Here’s all you should know

Simplify the Topic management with Topic Operator on IBM Event Streams

IBM Event Streams operator architecture

The Verification Process: Explosive Edition

How I solve coding challenges using The “Start small grow big” and “Think twice,code once” method

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Lawrence Manickam

Lawrence Manickam

More from Medium

Secure image signing with Cosign and AWS KMS

Docker vs. Containerd

Enterprises Easily Integrate Kubernetes… Neglecting Security

Rancher Desktop for running Kubernetes & Container management on Desktop