Jun 21, 2019· 4 mins to read

Replacing Docker with Podman - Power of Podman


Replacing Docker with Podman - Power of Podman

Yeah, you read it right… while Docker is a buzzword in the tech industry now. we will see the consequences of using it and how we can solve the problem with Podman. Replacing Docker with Podman - Power of Podman

Recent Article on Podman,

https://cloudnweb.dev/2019/10/heres-why-podman-is-more-secured-than-docker-devsecops/

Before going into the article, we will see what Docker it and How Docker works.

What is Docker ?

Docker is a containerization platform where we can package our application with its libraries and dependencies inside the container. Docker Container is a somewhat like a virtual machine.

Unlike a virtual machine, Docker container shares the same Linux kernel as the system.

screenshot

How Docker works ?

Let us first understand how docker works and we will see how we can overcome the problem of it using podman.

docker flow

building blocks of docker are Docker CLI and Docker Daemon.

Docker CLI sends the commands to Docker Daemon where Docker Daemon push/pull the image from the registry.

Daemon makes the copy of images in the local container and maintains it. Essentially the Docker daemon does all the work with registries, images, containers, and the kernel.  The Docker command-line interface (CLI) asks the daemon to do this on your behalf.

you can ask me, what is the problem with it. Actually there are few,

  • A single process could be a single point of failure.
  • This process owned all the child processes (the running containers).
  • If there is any failure in the docker daemon, then every child processes are lost its track.
  • Building containers led to security vulnerabilities.
  • All Docker operations had to be conducted by a user (or users) with the same full root authority.

Here comes the role of podman which solves most of the problem. What is podman anyway?

BTW, What is Podman ?

Most importantly, there is no concept called daemon in podman. podman directly interact with Image registry, containers and image storage. with Linux kernel through the runC container runtime process (not a daemon) .

podman flow

you can ask me, what is a runC Container runtime process ? .

Above all, runC is a lightweight, portable container runtime. Docker is built on top of runC runtime container. Instead of using a daemon in podman, we directly use the runC runtime container.

Below is the diagram to explain how Docker works on top of runC container runtime.

docker internals

Migrating from Docker to Podman

Firstly , migrating from Docker to Podman is very easy.

  • You need to install Podman instead of Docker. You do not need to start or manage a daemon process like the Docker daemon.
  • The commands that you use with Docker will be the same for Podman.
  • Images of Docker is compatible with Podman.
  • Podman stores its containers and images in a different place than Docker.

Let’s see the Podman implementation with an node.js application. you can learn how to containerize a node.js application with docker here

Containerizing a node.js application with Podman

Before building the container image. Install podman in your local machine.make sure you installed podman correctly by running the following command.

$ podman --version

Complete Source code for the application can be found in this repo

Once, you clone the repository in the local machine. Run the following command

$ podman build -t podmandemo .

Note: If you face any error such as No Registries is found. Do the following steps.(Only if you face this error)

$ cd /etc/containers/
$ sudo nano registries.conf

Add docker.io in the [registries.search] and save the file

screenshot

Now, run the build command again

screenshot

Once Image built Successfully, run the image with the following command.

screenshot

After that, visit the url http://localhost:3333. you will see something like

screenshot

That’s it. Podman runs the image without any daemon process.

https://cloudnweb.dev/2019/10/heres-why-podman-is-more-secured-than-docker-devsecops/

screenshot

Copyright © Cloudnweb. All rights reserved.