Managing Container with Podman

Sonam Kumari Singh
5 min readAug 23, 2023
Podman.io

Podman Introduction

If you are completely new to containers, we recommend that you check out the Introduction.

Podman is a daemonless, containerization, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative(OCI -> open governance structure for the express purpose of creating open industry standards around container formats and runtimes ) Containers and Container Images. Podman provides a command line interface (CLI) familiar to anyone who has used the Docker Container Engine. It is similar in functionality to Docker but operates with a slightly different approach and focus. Most users can simply alias Docker to Podman (alias docker=podman) without any problems.

Containers under the control of Podman can either be run by root or by a non-privileged user. Podman (the POD Manager) is a tool for managing containers and images, volumes mounted into those containers, and pods made from groups of containers. Podman runs containers on Linux, but can also be used on Mac and Windows systems using a Podman-managed virtual machine. Podman is based on libpod, a library for container lifecycle management that is also contained in this repository. The libpod library provides APIs for managing containers, pods, container images, and volumes.Podman specializes in all of the commands and functions that help you to maintain and modify OCI container images, such as pulling and tagging. It allows you to create, run, and maintain those containers and container images in a production environment.

There is a RESTFul API to manage containers. We also have a remote Podman client that can interact with the RESTFul service. We currently support clients on Linux, Mac, and Windows. The RESTFul service is only supported on Linux.

Note

Daemonless operation

This is one of the more meaningful differences between podman and docker. Docker runs as a system service, as a child of init. Init is the first process that gets started in a linux system, and from which all other processes spawn. In most current linux distributions, SystemD is the init process, and every service it runs becomes one of its children.

Docker runs as a privileged service (in its default, and most functional install), it is run by init as root and has wide open access to the system.

Since docker runs as a service, the way users interact with it is by making requests to its API. The issue with this model is that it bypasses a lot of linux’s security into its own means of authentication: if you can talk to docker, you effectively now have full access to the underlying system, and if you perform privileged actions in the host via a container, you can completely hide the source of the operation.

The other problem of the daemon model is that it becomes a single point of failure, one process owns all your containers.

Enter podman and it’s daemon-less approach to running containers. A few of the more meaningful characteristics of this approach are:

Rootless

Podman is fully functional when used by a non-root user, and does not require privileged access (except for binding to privileged sockets). Also, by running in user space, you can take full advantage of user namespaces and isolate containers run by different users in the system.

Podman will map root inside a container to your UID, meaning all your containers will be owned by your user in the host process list eventhough the container is running “root” internally.

User specific configuration paths

Podman will use directories specific for each user running container separate from one another, storage and config configuration files are separate and provide individual customization to the operation of podman.

Pods are the new thing — thank you K8s

Another important difference between Docker and Podman is that podman can natively work with Pods.

Pods are multi container objects that share resources and must always be scheduled together and located together. Networking, storage and compute resources are available to all containers running inside it.

A new root-less ecosystem

Podman is part of a growing toolchain focused on enabling containerization without the downsides of root access requirements.

Among the various participants in this evolving ecosystem, you’ll find new tools for building and managing container images in user space:

Buildah: Allows you to build OCI container images without root access and without a daemon.

Skopeo: Allows you to copy, inspect, sign and manage container images, also with no daemon nor root access.

Managing Container with Podman

Containers, Images and Image registries need to be able to interact with each other.

Example :- You need to be able to build images and put them into image registries. You also need to be able to an image from image registry and build a container from that image.

Brief guide on managing container with podman :-

  1. Installing Podman: Ensure that Podman is installed on your system. You can usually install it using your system’s package manager or by downloading it directly from the official website.

2. Basic Container Management:

  • Running a Container: To run a container, use the podman run command followed by the image name. For example: podman run -d nginx starts an NGINX container in the background.
  • Viewing Running Containers: Use podman ps to see the list of running containers.
  • Stopping Containers: Stop a container using podman stop <container_ID>.

3. Pod Management:

  • Creating a Pod: To create a pod, use the podman pod create command. For example: podman pod create --name mypod.
  • Adding Containers to a Pod: Once a pod is created, you can add containers to it using the --pod flag when running containers. For example: podman run -d --pod mypod nginx.
  • Viewing Pods: List the pods with podman pod ps.

4. Managing Resources:

  • Resource Limits: Set resource limits (CPU, memory) for containers with the --cpus and --memory flags when running containers.
  • Resource Usage: Check resource usage of containers with podman stats.

5. Networking:

  • Creating Networks: You can create custom networks with podman network create.
  • Connecting Containers: Attach containers to specific networks using --network when running containers.

6. Storage and Volumes:

  • Creating Volumes: Create volumes with podman volume create
  • Mounting Volumes: Mount volumes to containers using the -v flag or --volume.

7. Logging and Inspection:

  • Logs: View container logs with podman logs <container_ID>.
  • Inspecting Containers: Get detailed information about a container with podman inspect <container_ID>.

8. Cleaning Up:

  • Stopping and Removing Containers: Stop and remove containers using podman rm <container_ID>.
  • Removing Pods: Remove pods using podman pod rm <pod_name>.

9. Executing Commands in Containers:

  • Running Commands: Execute commands within containers using podman exec -it <container_ID> <command>.
  • Starting a Shell Inside a Container:
podman exec -it my-container
  • Copying Files Between Host and Container:
podman cp file.txt my-container:/path/to/container/

Remember that Podman commands are very similar to Docker commands, making it easy for those familiar with Docker to transition to using Podman.

Thank You !!💕

--

--

Sonam Kumari Singh

SONAM here! Grateful for your connection! Tech enthusiast exploring new languages, deep into DevOps, with a spotlight on Linux. 😊🚀