Last year, I had a chance to explore podman
as an alternative to Docker. Here are some of my thoughts.
Note that some of the content of this post may be outdated.
-
docker-ce
is not officially supported in Redhat.-
docker-ee
is supported but the pricing is expensive.
-
One alternative is to install
centos
repo for docker. But the support would not be available from Redhat.Another alternative would be to use Podman for running and building containers.
Podman is a
daemonless
container engine for developing, managing, and running OCI Containers on your Linux System.Containers under the control of Podman can either be run by root or by a non-privileged user.
Podman provides a Docker-compatible command-line front end that can simply alias the Docker CLI,
alias docker=podman
.Podman is a replacement for the Docker CLI, not the Docker engine API. They do have podman varlink for a remote API, but it does not follow the Docker API.
Podman does not support docker-compose, which needs to communicate with the docker socket.
-
Ansible provides
docker_container
anddocker_image
modules.- You can start docker containers in the remote host using an Ansible script.
- This also requires the docker socket and does not work with Podman.
-
Podman provides an interesting feature called
pod
. It is similar to a Kubernetes pod.- Basically, a pod is a group of containers that run on a single machine and share network, ports etc.
- All pods have a container caller infra container, which exposes the ports for the pod and sleeps.
- Containers can be added to a pod and container from a pod can be stopped and restarted once the pod is created as long as the infra container is running.
- Containers added to a pod cannot expose any ports, since these are exposed by the infra container. If you need to expose any additional ports, you need to remove and recreate a pod.
-
Podman provides a podman play command, which allows you to play containers and pods bases on structured text input (yaml file)
- The
podman play kube
subcommand allows running pods and containers using a kubernetes yaml.
- The
Kompose is a tool that allows generating kubernetes yaml through a docker-compose file.
Unfortunately, podman only allows playing kubernetes yaml generated by podman.
-
Podman provides a
podman generate kube
command that generates the kubernetes yaml from running pods.- One can translate docker-compose to a set of docker run commands to start the containers manually, providing all environment variables.
- If you are running them from inside a pod, then you don’t need to specify ports. In fact, the container won’t start if you try to expose a port from a container inside a pod.
- Then once all containers are started, one can generate the kubernetes yaml to play it on any machine.
-
An interesting feature of docker-compose is that it sets up a single network for your app.
- What this means is that each container is in the same network and can be referenced by other containers using a hostname set to the container name.
-
For a similar behavior using docker run commands, you can create a docker network.
- This allows containers in the same network to be able to reference each other in a similar fashion.
-
Unfortunately, the
docker network
commands are not supported by Podman yet. Although, there is a feature request for it.- For a similar feature in podman, you can give each container a static IP using
--ip
in podman run. And then use--add-host
to provide a hostname to another container. - Another alternative is to add all containers to a single pod. Then you will be able to reference all containers using localhost. Although --add-host might still work if you need it.
- For a similar feature in podman, you can give each container a static IP using
References:
https://developers.redhat.com/blog/2019/02/21/podman-and-buildah-for-docker-users/
https://opensource.com/article/18/10/podman-more-secure-way-run-containers
https://www.redhat.com/en/blog/why-red-hat-investing-cri-o-and-podman
https://developers.redhat.com/blog/2019/01/15/podman-managing-containers-pods/
Top comments (2)
Take a look at Singularity with a Docker image running inside. I like Singularity’s sort of glass bottom allowing access to the /mnt/ but still running an image with the benefit of rapid application bundling etc.
Interesting, thx for the write-up!
I never had the time to do a comparison of both tools, so your effort is much appreciated!
To me it looks like podman can't completely replace docker as of yet.
I'm excited to see where podman goes with RedHats/IBMs backing.