Dhrubajyoti Chakraborty

Podman: The Future of Containerization

Dhrubajyoti Chakraborty's photo
Dhrubajyoti Chakraborty
·

7 min read

Podman: The Future of Containerization

Table of contents

Containerization is a crucial technology in modern software development. Docker has been the popular choice for managing containers for a long time. However, there's a new tool in space called Podman. It offers several benefits over Docker and has caught the eye of developers and businesses. Podman is changing the game, simplifying the management and deployment of containers but what exactly is Podman?

Podman is a containerization tool/container engine developed by Red Hat that allows you to create, manage, and run containers on Linux-based systems. If you thought about Docker when reading container engine, you are on the right track.

Podman potentially is an alternative to the well-known container Docker engine, but you may wonder: What does RedHat offer through Podman? Why should a developer switch to Podman? Let's try to understand all of it in this article.

What is Podman?

Podman is an open-source, Linux-native tool designed to develop, manage, and run containers and pods under the Open Container Initiative (OCI) standards.
Presented as a user-friendly container orchestrator developed by Red Hat, it's the default container engine in RedHat 8 and CentOS 8. It is one of a set of command-line tools designed to handle different tasks of the containerization process, that can work as a modular framework.

This set includes Buildah for building containers, Skopeo for checking them out, and runc for running and making features for podman and buildah. And if you want more control, there's crun too.

The cool part here's that you can use these tools with Docker too! So, if you already know Docker and want to try out Podman, it's like having the best of both worlds.

Now, Podman has its own way of doing things. It creates these things called "pods," where you can put different containers together and manage them as a team. Kind of like how in a game, you have a squad working together to achieve something.

This lets developers share resources and have different containers for different parts of an app inside one pod. So you could have a container for the front-end, one for the back-end, and even a database, all working together seamlessly. You could also take this pod definitions and use them with k8s.

It doesn't need a background program running all the time (daemon). Instead, it just launches containers and pods as child processes.

You may be asking "Why should I use Podman?" Well it has unique advantages as a development and management tool that makes it a viable and interesting alternative to Docker in the appropriate context. Or a powerful complement to work side by side with Docker since it supports a Docker-compatible CLI interface.

Podman vs Docker

If we look at Google Trends, both Docker and Podman have been going up and down in popularity over the past five years, but Docker has consistently been more popular. But right now both the tools have reached their peak visibility and adoption.

Podman and Docker have a lot in common, but they do have some important differences. Neither one is better than the other, but these differences might help you decide which one to use for your particular use case.

Architecture

Docker uses this ongoing program called a daemon in the background to create and run containers. But Podman doesn't need a daemon. It runs containers directly under the user who starts them.

Root privileges

Podman doesn't have a daemon managing everything, so it doesn't need root privileges for its containers. Docker recently added a rootless mode, but Podman had this feature first and promoted it as something really important. And it is, because it makes things safer. Rootless containers are considered safer than those with root privileges. In Docker, the daemons have root access, which makes them a target for attackers. But in Podman, containers don't have root access by default, adding a nice security layer. Of course, you can still run both root and rootless containers in Podman.

Systemd

Since Podman doesn't have a daemon, it needs another tool to manage services and run containers in the background. That's where systemd comes in. It creates control units for existing containers or generates new ones. Podman can work with systemd, so you can run containers with systemd enabled by default without any trouble.

Building images

When it comes to building images, Docker can handle it all by itself. But Podman needs the help of another tool called Buildah for building containers. So, Docker is more self-sufficient in this regard.

Docker Swarm

Podman doesn't support Docker Swarm. So, if your project relies on Docker Swarm, you might have to stick with Docker. But recently, Podman added support for Docker Compose, making it Swarm compliant, which is a good move on their part.

To summarize docker is like an all-in-one package, a powerful tool that can handle everything related to containerization. On the other hand, Podman takes a more modular approach. It uses specialized tools for specific tasks.

Will Podman replace Docker?

Here's the deal: Docker and Kubernetes have been like the big players in the container space for a while. But they haven't always been the best of buddies.
k8s started gaining popularity when Docker was already doing its thing with containers, but it couldn't handle the management of a huge number of containers in a large, distributed application.

Docker, trying to stay strong, created its own thing called Swarm in 2015. It was supposed to be an orchestration platform that played to Docker's strengths. But despite the hype, it couldn't catch up with Kubernetes, which eventually became the go-to standard for container orchestration.

One issue between Docker and Kubernetes was the way they handled container runtimes—the low-level stuff that deals with the underlying operating system and mounts container images. While they both agreed on the OCI image spec, Kubernetes also needed a standardized plugin API called the Container Runtime Interface (CRI), which Docker never bothered to implement.

For a while, Kubernetes had to make do with a CRI-compliant layer called Dockershim to communicate with the Docker daemon. But it was always a bit of a hack, and earlier this year, Kubernetes decided to drop support for Dockershim. Instead, they turned to Podman, which uses the compatible CRI-O runtime from the Cloud Native Computing Foundation.

Now, Docker has been struggling to become a big enterprise company. It couldn't fully break free from Kubernetes, and the truth is, Kubernetes doesn't rely on Docker as much as it used to.

So, the future is a bit uncertain. We can't say for sure if Podman will totally replace Docker, but it's definitely one of the contenders. Podman has an advantage because it's not trying to be a flagship product for profit. It's just a cool open-source technology from a much bigger company.

Bottom line: Podman and k8s will probably keep playing together for quite some time.

Which container engine should you choose?

Well when you're trying to figure out which container engine to choose, here are some things to consider.

  • Podman is built to be more secure, while Docker has been around for a longer time.

  • If you're into Kubernetes, Podman plays nice with it, while Docker works with Docker Swarm too.

  • Docker has got you covered with pretty much all the stuff you need for containers. On the other hand, Podman is more flexible, letting you play around with different tools for different tasks.

But honestly, the whole "Podman vs. Docker" thing is kind of misleading. Both can make images that follow the same standard, and they use similar commands. So, you can switch between them without much hassle. For instance, you might want to use Docker for your local development and then switch to Podman to deploy the containers in Kubernetes.

One cool thing about Docker is that it offers paid support if you need it. But there's a downside too, as they've started charging for the Docker Desktop development environment. On the other hand, Red Hat is currently keeping Podman free.

Conclusion

When it comes to picking the right option for your project you can either choose to use one or another, or a combination of both,. The important thing is to know the differences and similarities between them. That way, you can make the smartest call that suits your project's requirements. So take some time and experiment around to figure out what works best for you, and you'll be all set!

Checkout the Podman documentation here: docs.podman.io/en/latest

Subscribe to the newsletter here: blog.codewdhruv.com/newsletter

Did you find this article valuable?

Support Dhrubajyoti Chakraborty by becoming a sponsor. Any amount is appreciated!

podmanDockerKubernetescontainersDevops