Podman

Posted on | Edited on | In

Podman is a pod manager tool, a daemonless container engine for developing, managing, and running OCI Containers on your Linux System. Containers can either be run as root or in rootless mode. Simply put: alias docker=podman.

实际使用中发现podman commit命令和docker格式有不同,且commit后的image使用上有不正常的地方,比如HOSTNAME不见了。

Container tool guide, it shows the difference between buildha and podman:

Both Buildah and Podman are command line tools that work on OCI images and containers. The two projects differentiate in their specialization.

Buildah specializes in building OCI images. Buildah’s commands replicate all of the commands that are found in a Dockerfile. Buildah’s goal is also to provide a lower level coreutils interface to build images, allowing people to build containers without requiring a Dockerfile. The intent with Buildah is to allow other scripting languages to build container images, without requiring a daemon.

Podman specializes in all of the commands and functions that help you to maintain and modify OCI images, such as pulling and tagging. It also allows you to create, run, and maintain containers created from those images.

A major difference between Podman and Buildah is their concept of a container. Podman allows users to create “traditional containers” where the intent of these containers is to be long lived. While Buildah containers are really just created to allow content to be added back to the container image. An easy way to think of it is the buildah run command emulates the RUN command in a Dockerfile while the podman run command emulates the docker run command in functionality. Because of this you cannot see Podman containers from within Buildah or vice versa.

so buildah mainly is used to build images (to build images you need to run containers before commit updates), podman is used to run container in production environment.

In short Buildah is an efficient way to create OCI images while Podman allows you to manage and maintain those images and containers in a production environment using familiar container cli commands.

Some commands overlaps between the projecs

Let’s see some example when I was working on deploy ds assembly on portworx:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
## install podman in redhat/centos
yum install podman -y

## the same as docker login
podman login -u <user name> -p <password> docker.io

## the same as docker pull/tag/push
podman pull k8s.gcr.io/pause:3.1
podman tag k8s.gcr.io/pause:3.1 <regisrty path>/pause:3.1

## --tls-verify=false 
## disable HTTPS and verify certificates when contacting registry
## you may also need is when login
podman push <registry path>/pause:3.1 --tls-verify=false
0%