Since its release as an open source platform in 2013, Docker has gained a steady user following to create, deploy and manage containers. But as container technology and markets evolve, Docker alternatives such as Podman continue to emerge.
Podman is similar to Docker in many respects: Both container engines support Open Container Initiative (OCI) runtimes and Docker images, provide a simple command-line interface, and map commands to create and manage containers.
But Podman offers benefits that Docker doesn't -- and it is these features that make Podman a worthy alternative, according to author Daniel Walsh, consulting engineer at Red Hat, in his book Podman in Action: The Next Generation of Container Engines.
Many people wonder why Podman needs to exist when Docker is around; one reason is because open source is all about choice. Walsh said he wrote this book to introduce developers, IT admins and engineers to Podman. This book is meant to explain Podman's features and why, according to Walsh, it is a better way to work with containers.
Walsh suggests in the book that Podman has an advantage over Docker because it was created later. With Docker as a reference, Podman developers were able to improve and build on Docker's design with a fresh perspective.
For example, Podman runs in rootless mode by default, whereas Docker requires IT admins to enable it. It also enables IT admins to create customizable registries and defaults, whereas Docker only stores images locally.
In addition, features such as the lack of a daemon make Podman a more secure container engine option, according to the book. A daemon is a persistent background process that controls the container management duties on the host. Docker requires multiple daemons with root access to perform and communicate functions across the container. These root privileges make Docker a target for potential attacks.
Podman works best for the majority of single-node projects, but it doesn't solve every container issue. Walsh explains in the book that Podman is not a container orchestrator, and users looking to run containers on multiple machines must turn to another tool. For orchestration, Walsh recommends Kubernetes.
Pods within Podman
Podman stands for pod manager and was created to enable IT admins to experiment with pods. Pods can be a single container or make up a group of related containers that share storage and networking resources. They are the smallest deployable application building blocks within a Kubernetes cluster.
Pods enable IT admins to group multiple services together to create one larger service to manage. Walsh suggests in the book that Podman is meant to run pods and containers on a single host, while Kubernetes takes pods and containers, and runs them on multiple machines.
Podman provides commands to generate Kubernetes YAML files from existing containers and pods. It also has a command to deploy Kubernetes YAML files and generate containers and pods on the host. Podman in Action teaches readers how to create a pod, add a container to a pod, start a pod, and stop and remove a pod.
Working through 'Podman in Action'
Podman in Action is broken down into four parts: Foundations, Design, Advanced Topics and Container Security. It also includes six appendixes that cover Podman-related container tools, OCI runtimes, contributing to Podman, and how to install and use Podman on Windows and macOS.
These sections walk readers through how to build and run containers in rootless mode, as well as how to manage and automate the application lifecycle with Podman. This includes detailed steps on how to launch a container, modify it, create an image and launch it to a registry.