February 4, 2023


For computer aficionados

What is Podman? The container engine replacing Docker

Podman is a container engine—a device for acquiring, managing, and working containers and container visuals. Containers are standardized, self-contained software offers that maintain all the aspects needed to run any where with no the have to have for customization, like application code and supporting libraries. Container-primarily based apps have revolutionized computer software improvement about the past ten years, earning distributed and cloud-based mostly systems straightforward to deploy and retain.

Podman is a challenge from Red Hat that is open resource and totally free to down load. It is a relative newcomer to the containerization scene, with edition 1. becoming introduced in 2019. Podman has since manufactured good strides, and its rise has been compounded by the gradual drop of Docker, the job that in quite a few ways created the environment of containers as we know it these days.

Podman and Kubernetes

If you might be even a little bit common with container-centered improvement, you are going to know the name Kubernetes. As containerized applications grew extra complex, developers essential equipment that could coordinate containers that interacted with each individual other whilst functioning on diverse digital equipment, or even on distinctive bodily devices. These kinds of a instrument is named a container orchestration system, and Kubernetes is by far the most outstanding illustration. Kubernetes can function with any container that fulfills the Open up Container Initiative (OCI) picture specification, which Podman’s containers do.

A person of the important options of Kubernetes is the principle of a pod, an ephemeral grouping of 1 or additional containers that is the smallest unit of computing that Kubernetes can regulate. Podman is also centered on the idea of a pod, as its title implies. A Podman pod also involves 1 or additional containers, which are grouped with each other in a solitary namespace, community, and protection context. This similarity would make Podman and Kubernetes a organic in shape, and from the commencing a single of Purple Hat’s objectives was to have Podman end users orchestrate containers with Kubernetes.

Podman vs. Docker

The other significant name from the planet of containers that you’ve nearly unquestionably read is Docker. Docker was not the first container engine but in several strategies it has come to outline containerization. A lot of how Docker operates is the de facto standard for container-based development—enough so that quite a few folks use “Docker” as a shorthand for containers.

Although Docker and Podman occupy a related place in the container ecosystem, they are not the identical, and they have various philosophies and approaches as to how they perform. For instance, Docker is an all-in-just one system with instruments for particular tasks, while Podman collaborates with other tasks for sure purposes—for instance, it relies on Buildah to build container visuals.

There are also architectural distinctions: Docker has no indigenous principle of pods, for instance. A different vital difference is that Docker relies on a constantly managing history daemon method to make images and operate containers, whereas Podman launches containers and pods as individual child procedures. This element of Docker’s design and style has critical implications for security, which we’ll talk about soon.

Docker instructions on Podman

By design and requirement, Podman and Docker are total compatible. Element of that compatibility can be attributed to adherence to open up specifications. Because both engines perform with containers that conform to the OCI normal, you can produce a container with Docker and modify it in Podman, or vice versa, then deploy both container onto Kubernetes.

When Podman rolled out in 2019, Docker was so dominant that its command-line interface had become a element of quite a few developers’ programming routines and muscle mass memory. In purchase to make a likely go to Podman far more seamless, Podman’s creators created sure that its commands and syntax mirrored Docker’s as considerably as doable. They went so significantly as to make it feasible to set an alias that re-routes Docker commands to Podman.

Better safety with rootless containers

With Podman and Docker performing so likewise in so lots of means, why would you select just one more than the other? Effectively, 1 crucial rationale is security. Don’t forget how Docker relies on a daemon to do substantially of its ongoing do the job? That daemon operates as root, which can make it a probable entry issue for attackers. This is just not an insurmountable obstacle to safe computing, but it does suggest that you have to place some assumed into navigating Docker safety troubles.

In some circumstances, you can want to operate a container with root privileges on its host equipment, and Podman allows you do that. But if you would somewhat preserve your containers securely restricted to consumer area, you can do that as perfectly, by running what is identified as a rootless container. A rootless container has no additional privileges than the consumer that introduced it in the container, that consumer has root privileges. You can also use command-line flags to include privileges to your containers in a granular way.

What about functionality?

A person area wherever Docker has a leg up on Podman is performance, at the very least in accordance to some. When there is certainly tiny concrete information and facts on this topic, it can be not really hard to uncover discouraged builders on Hacker News, Stack Overflow, and Reddit complaining about Podman’s functionality, primarily when it truly is running rootless. Some Swedish university pupils ran a benchmark suite on a number of diverse container platforms and found Podman missing, nevertheless this was admittedly an older pre-1. model of Podman. When there is certainly not a great deal of technological information on this matter, anecdotally Podman receives dinged for its functionality.

Will Podman switch Docker?

From the dialogue so significantly, it may possibly not sound like any fantastic vibe change is in the works to change Docker with Podman. But a important adjust is coming that will displace Docker from a person of its longtime niches: Kubernetes by itself.

Kubernetes and Docker have for yrs been the twin giants of the container entire world. But their coexistence was generally considerably uneasy. The rise of Kubernetes came immediately after Docker was effectively proven in its niche—indeed, you could say that Kubernetes became popular in portion simply because Docker wasn’t up to the process of handling all the containers that necessary to be coordinated in a huge, distributed software.

Docker (the enterprise) designed its individual container orchestration platform in 2015, dubbed Swarm, that was developed to perform to Docker’s strengths. Swarm was launched with great fanfare, but by no means rather caught up to Kubernetes. Though Swarm even now has devotees, Kubernetes has turn into the de facto normal for container orchestration, just as Docker grew to become the de facto common for other aspects of the container ecosystem.

On top of that, Docker hardly ever rather performed great with Kubernetes in conditions of its container runtime, the very low-level element of the container engine that, among other duties, performs with the underlying operating system (OS) kernel and mounts particular person container photographs. Equally Docker and Kubernetes conform to the OCI image spec, which Kubernetes utilizes to coordinate illustrations or photos constructed to containers. But Kubernetes also depends on container runtimes compatible with a standardized plugin API termed the Container Runtime Interface (CRI), which Docker has never ever gotten close to to applying.

For a very long time, Docker’s recognition pressured Kubernetes to use Dockershim, a CRI-compliant layer that was an middleman in between Kubernetes and the Docker daemon. This was always one thing of a hack, nevertheless, and previously this calendar year, Kubernetes jettisoned assist for Dockershim. (Podman, by contrast, takes advantage of the appropriate CRI-O runtime from the Cloud Indigenous Computing Basis.)

This is component of a larger sized story about Docker hoping and failing to turn into an organization company. In limited, Docker was never entirely able to crack away from Kubernetes. Kubernetes, in the meantime, no for a longer time requirements Docker to the extent it when did.

Regardless of whether Podman will substitute Docker is unclear, but it will certainly be a single of the contenders. It aids that Podman is not a flagship products wanting to be monetized, but alternatively a solitary open up source technological innovation providing from a a great deal larger sized company. We can count on Podman and Kubernetes to remain intertwined for some time to appear.

Which container motor ought to you use?

Ideally, this discussion provides you a feeling of the aspects to assistance you opt for involving these two container engines. Podman is based mostly on a more protected architecture, even though Docker has a further record. Podman is native to Kubernetes, whereas Docker also works with Docker Swarm. Docker contains all the operation you need for quite a few container-related tasks. Podman is modular and allows you experiment with distinct applications for distinctive applications.

With that explained, the “Podman vs. Docker” concern is on some level a fake selection. Both equally platforms produce illustrations or photos that conform to the OCI spec, and both of those are pushed by several of the exact same commands, so you can shift seamlessly between the two. You may, for occasion, want to use Docker for regional enhancement, then use Podman to deploy the containers you constructed within Kubernetes.

Just one feature that sets Docker aside is that it will come with paid assistance. But even this has a flipside: as Docker (the organization) tries to monetize its flagship giving, it has begun charging for the Docker Desktop improvement natural environment. Pink Hat, on the other hand, looks written content to depart Podman no cost (as in beer) for now.

Jacqueline Primavera is a specialized writer and editor in Los Angeles.

Copyright © 2022 IDG Communications, Inc.