Docker vs Podman
2 min readDec 14, 2023
How does Docker work?
- Docker CLI asks the daemon to work with registries, images, containers and kernel.
- Here Docker Daemon provides all the functionality needed to:
- push and pull images from a registry
- ask the kernel to run containers
- copy images to local container storage etc… - Why using a Docker Daemon is not a great option?
- a single point of failure
- Daemon process owns all the child processes — i.e running containers
- if the daemon fails then there will be orphaned processes
- Docker containers are designed to be accessed as root users to execute commands that non-root users can’t execute - Docker Local Repository: /var/lib/docker
How does Podman work?
- Podman directly interacts with image registry, container and image local storage and linux kernel (via runC container runtime process — not a daemon)
- Podman is rootless and daemonless
- Podman supports two modes of operation: rootful, in which case the container runs as root on the host system, and rootless, where the container runs under a standard Unix user account. - Podman Local Repository (root) : /var/lib/containers (based on Open OCI (Open Container Initiative) standards)
- Podman Local Repository (rootless user) : ~/.local/share/containers (in user home directory)
- One of the Extra features in Podman that is not there in Docker:
podman generate kube <cont_ID> //to generate kubernetes YAML fileExample:
[opc@control ~]$ podman generate kube 94afd17b052a
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-4.0.2
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: “2023–12–13T03:31:17Z”
labels:
app: new3pod
name: new3_pod
spec:
containers:
— image: localhost/hello_from_puneeth:latest
name: new3
securityContext:
capabilities:
drop:
— CAP_MKNOD
— CAP_AUDIT_WRITE- You can create pods using Podman:
podman pod create — name=test_pod
podman run -dt — pod test_pod quay.io/libpod/alpine_nginx
podman ps — pod
podman pod list