Podman Tutorial: Getting started with the container engine without daemon
Container virtualization has gained importance in recent years. Popularized in particular by Docker, released in 2013, the technology is now a fundamental component of various tools for controlling virtual namespaces. One of the most exciting solutions is Podman: Originally conceived as a debugging tool for CRI-O intended to make working with Kubernetes clusters easier, the software has quickly developed into an independent, comprehensive engine for managing containers.
What makes Podman unique and how Podman can be used for your purposes are explained below.
What is Podman?
Podman (short for Pod Manager) is a container engine first released in February 2018. The developer is the American software company Red Hat, primarily known for its robust enterprise solutions for various open-source projects such as Red Hat Enterprise Linux (RHEL) or OpenStack. Building on Docker’s experience, however, Podman was initially not planned as a standalone engine but as a simple debugging tool for CRI-O — a quickly scrapped plan. The container software is similar to Docker in many respects and, for example, uses the same command-line interpreter as the industry standard. This even makes it possible to use typical Docker commands in Podman — all that needs to be done is to set the alias docker=podman. Accordingly, switching from Docker to Podman is relatively straightforward in most cases. The key innovation that Podman brings is the elimination of a central daemon as a control instance for the individual containers. This gives you the ability to access the various virtualized applications without root privileges.
In Unix, a daemon is defined as a program that runs in the background and provides certain services and processes
Podman runs on standard Linux distributions like Ubuntu, Fedora, CentOS, Debian, RHEL, and Raspbian (Raspberry Pi operating system). In most cases, the engine can be installed directly via the package management of the respective system.
Structure of Podman
In addition to not having a central daemon, Podman’s key differentiators include the so-called pods. These pods, which are modeled on the concept of Kubernetes pods, are associations of several containers within a common Linux namespace that share specific resources. In this way, a wide variety of virtualized applications can be flexibly combined.
As mentioned before, the individual containers can be executed on the host as an ordinary user without root rights — only within a container do the processes run under root control. Podman uses the user namespaces of the Linux kernel to make this possible, which assign special rights and user IDs to the operations. However, the fact that the containers are run as administrators gives the virtualized Podman environment a high level of security.
The core of a pod is formed by so-called infra containers, which are exclusively responsible for the functionality of the federation and, for this purpose, manage and guarantee the individual resources such as namespaces, network ports, CPU, RAM, etc. The pods are also controlled by the monitoring tool Conmon. Furthermore, Podman relies on the Conmon monitoring tool, written in C, for pod management, which monitors the individual virtualized components and saves logs. In addition, the device acts as an interface to the terminal of the respective container. Finally, as a runtime for the containers, Podman uses the runC software, also used in many other solutions such as Docker or rkt.
Install Podman on Ubuntu / Debian
Podman is software for running Linux containers. On Linux distributions like CentOS, Ubuntu, Debian, and Co., the tool is installed as easily as quickly: In most cases, the installation packages can be found directly in the package management of the respective system software and installed using the system-typical terminal commands.
sudo apt-get update -qq
sudo apt-get -qq -y install podman
Install Podman on Windows and macOS
Podman is at home in Linux environments. However, you can also use the container engine on devices that use Windows or macOS as their operating system. The prerequisite for this is that you have access from these devices to a Linux installation that runs inside a virtual machine on the host or is accessible via the network.
If you have such access, all you need is a Podman remote client that you can use to establish an SSH connection to the Podman back end.
How container image management works with Podman
Podman is primarily based on Docker in terms of features and syntax, so you can use the large pool of ready-to-use Docker images, also known as Docker Hub, to set up the desired containers. Using the pull command, you can download any application images from there, such as the latest version of Ubuntu:
podman pull hub.docker.com/_/ubuntu:latest
The official storage path for the individual images is the local path
Each user has its namespace so that the own container setup is separated from the root setup. You can get an overview of the locally stored images with the following command:
For a listing of the root images, the Linux-typical command “sudo” is to be prefixed:
sudo podman images
I hope this article helps you by setting up and understanding the core of Podman.