Podman — A Dockerless Container Engine — Part I
Few IT decision makers want to remove their dependency on Docker. It is evident and happening.
Docker is the monopoly in the Container Market and the Docker CE tool does not have a commercial support model. Therefore, companies such as Red Hat encourage Buildah, Podman and Skopeo for Container Management with Kubernetes (Red Hat OpenShift).
A Docker environment has the following challenges;
- Docker daemon runs on a logical port and it’s a single point of failure.
- It owns all the child processes (the running containers). The docker host will kill every container when the daemon fails.
- All Docker operations had to be conducted by a user (or users) with the same full root authority.
- Securing the Docker daemon port inside the corporate network is an overhead.
The industry needs a Container engine that is daemonless and rootless. Here’s the Podman;
Podmn.io defines ‘Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System. Containers can either be run as root or in rootless mode.’.
Features;
- Daemonless.
- rootless or root.
- Direct interaction with Container Registry, Containers, Image Storage, and runc.
- OCI compliant.
In this article, I provide a run book for how to install Podman and operate Containers at CentOS 8.
Login as root
Check Docker
See, there is no Docker.
Install Podman and Slirp4netns
Increase user namespaces
Configure subuid and subgid values
Update registries
The default registries.conf under /etc/container has entries to access few registries including docker.io (Public Docker Hub). I edit this file to use Public Docker Hub.
Login in as rootless user (kuberiter)
Log in directly as the rootless user ‘kuberiter’ (Don’t use su or su — to become that user because that doesn’t set the correct environment variables).
Check rootless configuration
To check that your rootless configuration is set up properly, you can run commands with the podman unshare command.
Pull an Image
List Images
Start the Container
Display running Containers
Information about a Container
Stop the Container
Remove the Container
Container Storage — rootless user
Podman stores containers under the home directory of the rootless user.
Limitations of Podman
- Linux based.
- No support for Windows OS based Containers.
- No equivalent of Docker-Compose component.
- New product with bugs and minimum features.
- Compatibility issues with root Containers.
- No clear definition for Buildah and Podman Container build features.
Watch the Podman demo Video here.
In the next article, I will write about Buildah and Skopeo.
Lawrence Manickam is the Founder of Kuberiter Inc, a Seattle based Start-up that provide Enterprise/SaaS DevOps Services (Kubernetes, Docker, Helm, Istio and CyberArk Conjur) for MultiCloud.
Please subscribe at www.kuberiter.com to try our DevOps SaaS Services.
