Podman is an excellent alternative to Docker containers when you need increased security, unique identifier (UID) separation using namespaces, and integration with
systemd. In this article, I use real-world examples to show you how to install Podman, use its basic commands, and transition from the Docker command-line interface (CLI) to Podman. You'll also see how to run an existing image with Podman and how to set up port forwarding.
Podman is a daemonless, open-source, Linux-native tool designed to develop, manage, and run Open Container Initiative (OCI) containers and pods. Being daemonless means Podman does not use a long-running background process (a daemon) unlike Docker, which contributes to its increased security and lightweight design. It also has a similar structure to similar tools such as Buildah, Skopeo, and CRI-O.
If you are running Red Hat Enterprise Linux 9 (RHEL 9), enter the command:
$ yum -y install podman
If you are a Fedora user, replace
If Linux is unavailable, you can use Podman Desktop for Windows, Mac, and Linux.
Transition to the Podman CLI
One of Podman's greatest advantages is its CLI compatibility with Docker. In fact, when building Podman, Docker users can adapt without any significant changes. For example, you can use the
alias command to create a
docker alias for Podman:
$ alias docker=podman
You can run familiar commands, such as
tag, and more with Podman.
You can also use Podman to run secure, rootless containers. By joining a user namespace and setting root access inside, you can enable Podman to mount certain filesystems and set up the container with no escalation of privileges.
Run an existing image using Podman
For example, let's test the Funbox container, which combines terminal commands and ASCII art. To start, clone the repository in a local directory with the following
$ git clone https://github.com/wernight/docker-funbox.git
Once you download the necessary files, you can pull the base image and additional requirements to build and run a container:
$ podman run --rm -it wernight/funbox
In this case, we've used the following tags with the
podman run command:
--rmtag removes the container after it exits.
-ittag connects the container to the terminal so that you can interact with it.
We now have a container active and running (mine is running on top of Debian Jessie). Let's add an argument to view the Funbox in action:
$ podman run --rm -it wernight/funbox nyancat
Figure 1: Nyan Cat in terminal from running container
If you see a Nyan Cat displayed on your console screen, you are all set to deploy and interact with a container using Podman.
Port forwarding with Podman
Dozens of base images are available to download and use with Podman. For this example, let's set up a simple Apache HTTP Server 2.4 in a CentOS container. To begin, pull the base image you want to use from the Docker hub:
$ podman pull centos:latest
Once you've created the base image, use
podman images to check whether the container is ready to use. You should see output similar to what's shown in Figure 2:
Figure 2: The container is ready to use
To run the new container with your base image, use the
podman run command with specific tags (such as
-it) to attach it to the CLI. Use
--name to define a custom name. Finally, define the base image where the container should run:
$ podman run -it --name redhat-website centos:latest
When the container is running, automatically set root access inside to run all commands.
Create the Apache HTTP server
To create an Apache web server, we can install the httpd program with the default package installer. For CentOS, it's
$ yum install -y httpd
The following image shows the container running and installation of httpd.
Figure 3: Console output for the yum install command.
You can now serve content from your container to your server's public IP address.
Create a web page
Next, we will add text to an
index.html file in the container's
var/www/html directory. Feel free to customize your message, or add the default below:
$ echo 'Hello from Red Hat!' > /var/www/html/index.html
When you are finished, type
exit to shut down or power off the container.
podman commit to commit your changes. Use tags to define a name and a custom version for your customized container:
$ podman commit redhat-website redhat-website:v1
Finally, launch the container, then forward all requests made to your server's public IP address on port 8080 to port 80 on the container. Use the Podman tag
-p to port forward, and specify the container that you want to run. Ensure that
httpd is running as a foreground process:
$ podman run -p 8080:80 redhat-website:v1 /usr/sbin/httpd -D FOREGROUND
To view the web page from the host device, run a
curl command while specifying port 8080. You should see the screen shown in Figure 4.
Figure 4: A successful example of port forwarding using Podman.
How to stop and remove a container
You can use the
podman stop command to stop a specified container:
$ podman stop redhat-website
podman rm to remove the container:
$ podman rm redhat-website
Every command that I demonstrated in this article is compatible with the Docker CLI. Podman also has great integration features through
systemd. You can use it to run rootless containers, and it is a powerful tool for running OCI containers on RHEL 9.
You can continue to experiment with Podman by setting up this lab, which offers an interactive environment directly in your browser where you can containerize your application with Buildah and Podman.
If you want to keep learning about Podman, start with these articles on Red Hat Developer:
- Podman basics: Resources for beginners and experts (Red Hat Developer Editorial Team)
- What is Podman Desktop? A developer's introduction (Ian Lawson)
- Podman cheat sheet (Bob Reselman)
- Deploying containers using Container Tools, Lab (Red Hat Developer)