Jumping into Podman

After a (very brief) try of Docker, I immeditely jumped into Podman. A fully open-source alternative which is interoperable with Docker images.

Get going quickly

First up, we install Podman on our machine in MacOS:

brew install podman

Easy peasy stuff. Once podman is installed, we need to create a Podman environment to run our 'Pods':

podman machine init

This command will download and run the Redhat machine environment which Podman runs containers inside. Podman uses Fedora CoreOS, which is made and maintained by Redhat. You can think of this step as analogous to running Docker locally.

Once downloaded, you fire up the Podman machine like this:

podman machine start
Starting machine "podman-machine-default"
Waiting for VM ...
Mounting volume... /Users/thomas:/Users/thomas

Note the line Mounting volume... /Users/thomas:/Users/thomas. Here, Podman is allowing access into my host home directory and mounting it at /Users/Thomas in the Podman machine. This is so when Podman starts containers, it can copy any files from the host machine into the container stipulated at run time.

Our Podman machine is now running. The Podman machine runs in the background by default. We can SSH into the running Podman machine (Fedora CoreOS instance) like this:

podman machine ssh

You'll then get a command line where you can poke around the Podman machine. Let's cd into the /Users/ folder referenced above to see our own host filesystem.

cd cd /Users/thomas/
ls
Applications  Desktop      Documents  Library  Music     Public
Audiobooks    Development  Downloads  Movies   Pictures

You can see the contents of your home directory (on the host machine) listed above.

We can now start running our images. A quick note on two concepts unique to Podman - root and rootless.

Root and Rootlness

Podman can run it's machine environment allowing images to run as root or not-root. The default is not-root. Redhat has a good section why Root and Rootless. It's a security constraint.

TLDR on Root/Rootless.

• Root = The Podman container runs as root on your host machine.
• Rootless = The Podman container runs as as normal user, so doesn't have the same access permissions as root.

There are different implications between Root and Rootless, you'll find there are certain things your containers can and cannot do depending on whether you run rootless or root.

Running a container

Since both Docker and Podman use Container files that conform to the OCI standard, you can use Dockerfiles with Podman and set the runtime requirements.

podman run busybox -t

That line will download a Linux image and run a bash shell. The -t flag tells podman to give us an interactive terminal/teletype.

That's it! The Dockerhub container registry contains plenty of container files you can browse to run all manner of different images.

Thomas - 31-12-2022