Arafet Ben KilaniWhile docker has undoubtedly revolutionized the way we develop, deploy, and run applications, it's worth exploring what sets Podman (Pod Manager) apart and why you may want to start using it instead.
In this article, we'll dive into the core features of podman assuming that everyone is already familiar with Docker.
Let's Start!
What is Podman?
In simple words, Podman is an open-source container and pod manager.
Similar to docker, it allows you to create, start, stop, and delete OCI containers, as well as manage container images but also supports pods as part of its feature set wich means you can create and manage pods just like you would with Kubernetes.
But wait OCI Containers ?
OCI (Open Container Initiative) : is an industry-standard organization that aims to create set of rules (specifications and standards) that ensure containers work consistently across different platforms.
So what does this mean ?
It means that Podman's images/containers are fully compatible with docker's or any containerization technology that relies on an OCI compliant container runtime.
Great so now we know that podman is fully compatible with docker but wait it's more interesting.
Most docker users can simply alias Docker to Podman (alias docker=podman) without any problems.
This means that all docker's commands stay the same with the exception of docker swarm.
Your probably wondering what does Podman bring to the table.
Let's dive deeper!
Architecture
Can you spot the difference ?
Podman's architecture is daemonless.
Wow what is that and why are we trying to get rid of the good old docker daemon ?
Daemons are processes that run in the background of the system, they typically run continuously in the background, waiting for certain events or requests to occur.
Back to containers, Think of the docker daemon as the intermediary communicating between the user and the container itself.
Problems ?
There are few problems with using a daemon to manage containers :
Single point of failure
Once the daemon crashes, all containers do.
Requires root privileges
This makes the docker daemon an ideal target for hackers who want to gain control of your containers and infiltrate the host system.
Podman addresses the mentioned challenges by directly interacting with container registries, containers, and image storage without the need for a daemon hence the daemonless architecture.
By going rootless (not requiring root privileges), users can create, run, and manage containers without requiring processes with admin privileges reducing the security risks
The buildah utility takes the place of docker build as a container image building tool. Similarly, skopeo replaces docker push and enables the movement of container images between registries. These tools provide efficient and direct interactions with the necessary components, eliminating the need for a separate daemon in the process.
Should I re-write every dockerfile and docker-compose file to be able to use podman with my existing projects ?
Answer : Absolutley Not
Podman aims to provide a familiar developer experience by offering compatibility with docker's containerfile syntax.
Additionally, Podman introduces a similar tool called pod compose as an alternative to docker compose.
Pod compose utilizes the same syntax allowing you to define and manage multi-container applications using the same approach or even using existing "docker-compose.yml" files.
As for Docker desktop, Podman also comes with Podman desktop offering enhanced features that make it more powerful and streamlined. It offers compatibility with Docker and Kubernetes, amplifying its capabilities and delivering a smoother experience.
You can find Podman's installation guide and documentation in their official website podman.io
Conclusion
Given Podman's daemonless architecture, comparable developer experience to Docker, and the fact that both are open-source projects with thriving communities, there are no significant advantages to sticking with Docker over Podman.
