Podman is an excellent alternative to Docker containers when you need increased security, unique identifier (UID) separation using namespaces, and integration with systemd. In this article, I use real-world examples to show you how to install Podman, use its basic commands, and transition from the Docker command-line interface (CLI) to Podman. You'll also see how to run an existing image with Podman and how to set up port forwarding.
What is Podman?
Podman is a daemonless, open source, Linux-native tool designed to develop, manage, and run Open Container Initiative (OCI) containers and pods. Being daemonless means Podman does not use a long-running background process (a daemon) unlike Docker, which contributes to its increased security and lightweight design. It also has a similar structure to similar tools such as Buildah, Skopeo, and CRI-O.
Install Podman
Head to the official documentation to learn how to install Podman for your machine. For example, if you are running Red Hat Enterprise Linux 9 (RHEL 9), enter the command:
$ dnf -y install podman
You may be using yum, if so replace yum with dnf. If Linux is unavailable, you can use Podman Desktop for Windows, Mac, and Linux.
Using the Podman CLI
One of Podman's greatest advantages is its CLI compatibility with Docker. In fact, when building Podman, Docker users can adapt without any significant changes. For example, you can use the alias command to create a docker alias for Podman:
$ alias docker=podman
You can run familiar commands, such as pull, push, build, commit, tag, and more with Podman.
You can also use Podman to run secure, rootless containers. By joining a user namespace and setting root access inside, you can enable Podman to mount certain filesystems and set up the container with no escalation of privileges.
Run an existing image using Podman
Fortunately, images created by Docker and Podman are compatible with the OCI standard. This means that Podman can push and pull from container registries such as the Docker Hub and Quay.io.
For example, let's test the Funbox container, which combines terminal commands and ASCII art. To start, clone the repository in a local directory with the following git commands:
$ git clone https://github.com/wernight/docker-funbox.git
Once you download the necessary files, you can pull the base image and additional requirements to build and run a container:
$ podman run --rm -it wernight/funbox
In this case, we've used the following tags with the podman run command:
- The
--rmtag removes the container after it exits. - The
-ittag connects the container to the terminal so that you can interact with it.
We now have a container active and running (mine is running on top of Debian Jessie). Let's add an argument to view the Funbox in action:
$ podman run --rm -it wernight/funbox nyancat
Figure 1: Nyan Cat in terminal from running container.
If you see a Nyan Cat displayed on your console screen, you are all set to deploy and interact with a container using Podman.
Running and setting up a container with Podman
Dozens of base images are available to download and use with Podman. For this example, let's set up a simple Apache HTTP Server 2.4 in a CentOS container. To begin, pull the base image you want to use from the Docker Hub:
$ podman pull centos:latest
Once you've created the base image, use podman images to check whether the container is ready to use. You should see output similar to what's shown in Figure 2:
Figure 2: The container is ready to use
To run the new container with your base image, use the podman run command with specific tags (such as -it) to attach it to the CLI. Use --name to define a custom name. Finally, define the base image where the container should run:
$ podman run -it --name redhat-website centos:latest
When the container is running, automatically set root access inside to run all commands.
Create the Apache HTTP server
To create an Apache web server, we can install the httpd program with the default package installer. For CentOS, it's yum:
$ yum install -y httpd
The following image shows the container running and installation of httpd.
Figure 3: Console output for the yum install command.
You can now serve content from your container to your server's public IP address.
Create a web page
Next, we will add text to an index.html file in the container's var/www/html directory. Feel free to customize your message, or add the default below:
$ echo 'Hello from Red Hat!' > /var/www/html/index.html
When you are finished, type exit to shut down or power off the container.
Use podman commit to commit your changes. Use tags to define a name and a custom version for your customized container:
$ podman commit redhat-website redhat-website:v1
Finally, launch the container, then forward all requests made to your server's public IP address on port 8080 to port 80 on the container. Use the Podman tag -p to port forward, and specify the container that you want to run. Ensure that httpd is running as a foreground process:
$ podman run -p 8080:80 redhat-website:v1 /usr/sbin/httpd -D FOREGROUND
To view the web page from the host device, run a curl command while specifying port 8080. You should see the screen shown in Figure 4.
Figure 4: A successful example of port forwarding using Podman.
How to stop and remove a container
You can use the podman stop command to stop a specified container:
$ podman stop redhat-website
Use podman rm to remove the container:
$ podman rm redhat-website
Conclusion
Every command that I demonstrated in this article is compatible with the Docker CLI. Podman also has great integration features through systemd. You can use it to run rootless containers, and it is a powerful tool for running OCI containers on RHEL, and whatever your system may be.
You can continue to experiment with Podman by setting up this lab, which offers an interactive environment directly in your browser where you can containerize your application with Buildah and Podman.
If you need container orchestration, you can use Podman with Kubernetes or Red Hat OpenShift. To get started with these platforms, see kubernetesbyexample.com and developers.redhat.com/learn.
Resources
If you want to keep learning about Podman, start with these articles on Red Hat Developer:
- Podman basics: Resources for beginners and experts (Red Hat Developer Editorial Team)
- What is Podman Desktop? A developer's introduction (Ian Lawson)
- Podman cheat sheet (Bob Reselman)
- Deploying containers using Container Tools, Lab (Red Hat Developer)
