Containerization has become one of the most popular technology in the last few years. Today companies focus on designing cloud-native applications that can be run within containers as microservices. It improves the scalability of the applications to run on any platform irrespective of the underlying system. One of the commonly used container engines is Docker which is preferred to run Kubernetes to orchestrate their applications.
A whole new revolution of containerization started with Docker containers ,where the daemon process manages the whole bunch of things and soon it became one of the most popular and widely used container management systems.
But recently Podman has emerged as a strong competitor for Docker. With Docker, you depend on daemons while with Podman you can run directly using runC runtime containers. There is more to Podman which we will discuss below.
What is Podman?
Podman is a daemon-less container engine for developing, managing, and running OCI Containers on your Linux machines. Containers can either be run as root or in rootless mode.
Podman was developed by Red Hat in 2018. Podman is an open-source container management tool that allows you to build, manage, and to run OCI containers. Podman is also a containerization engine that works on a completely different approach than Docker. Podman does not depend on daemon to work, unlike Docker that uses both Docker CLI and Docker Daemon to work with images and registries. The main drawback of Docker using daemon is that it has to depend on a single process, which also leads to a single point of failure creating all the dependent child processes that will also get failed or orphaned. This failure limits Docker’s flexibility as a containerization engine.
Podman is designed according to OCI standards that allow Podman to interact directly with the kernel, containers, and images. Podman is more secure than Docker as it does not require root access.
Features of Podman
- Podman images are created according to OCI standards so that they can be easily pushed to other container management tools and registries.
- You can run Podman without having the root access and privileges.
- Podman allows you to manage one or more containers to operate them together and perform various actions on pods.
- Currently, Podman is available for Linux-based systems only and does not have a wrapper available for Windows and MacOS.
- Unlike Docker compose, the feature for Podman is under progress due to which Podman will not be able to manage multiple containers locally.
- Podman is mature enough to deploy applications and microservices in containers.
- To manage images and builds for your podman instance you can use Buildah.
- Podman ensures security in a holistic way making the entire ecosystem safe.
- Podman allows you to access resources that will create a highly available network for your application provided by CNI which is great for developers.
- With the help of Podman, you can easily scan OCI images without downloading them. Also, you can move them from one repository to another.
- It uses the Buildah tool to manipulate or create images within a running container.
- Podman runs containers with Systemd enabled by default.
- Podman uses UID separation using namespaces that adds up an extra isolation layer while running the containers.
The Podman approach is simply to directly interact with the image registry, with the container and image storage, and with the Linux kernel through the runC container runtime process (not a daemon)
Podman vs Docker
Below are some differences mentioned between Podman and Docker.
- The main and the topmost difference is the Daemonless feature of Podman. On one hand, Docker runs each task using
- Docker daemon while on the other hand, Podman is light-weight and does not require a continuous running instance to run the containers.
- The other main difference is that Podman is rootless which means Podman can run either as a root or non-root. In whatever way you run the Podman containers it will be compliant without compromising the security.
- Podman supports running pods which means a collection of containers that can be run close to each other. Podman supports running multiple containers together.
- Podman allows you to store images and containers in different places while Docker stores images locally.
- Podman works on the traditional fork-exec model while Docker works on the client-server architecture of the containers.
Now without a daemon to worry about, you can easily create and manage complex containers while maintaining security and keeping the ecosystem efficient with the help of Podman as your containerization engine.
That being said Podman is still a new technology which is evolving and it might be better to be in a
wait and watch situation, before we start seeing community adoption for Podman and it becomes a more matured and stable tool. You can definitely try it on your local machines and explore it more, but taking it to your production environment might still need some time.
What are your thoughts on Podman and this post, please do share with us in comments.
PS: this post was originally published at : https://devopscurry.com/looking-for-an-alternative-to-docker-podman-could-be-your-solution/