Podman is an excellent alternative to Docker containers when you need increased security, unique identifier (UID) separation using namespaces, and integration with
systemd. In this article, I use real-world examples to show you how to install Podman, use its basic commands, and transition from the Docker command-line interface (CLI) to Podman. You'll also see how to run an existing image with Podman and how to set up port forwarding.
Podman is a daemonless, open source, Linux-native tool designed to develop, manage, and run Open Container Initiative (OCI) containers and pods. It has a similar directory structure to Buildah, Skopeo, and CRI-O. Podman doesn't require an active container engine for its commands to work.
If you are running Red Hat Enterprise Linux 8 (RHEL 8), enter the command:
$ yum -y install podman
If you are a Fedora user, replace
If Linux is not available, you can use Podman online with Katacoda.
Transition to the Podman CLI
One of Podman's greatest advantages is its complete CLI compatibility with Docker. In fact, when building Podman, Docker users can adapt without any significant changes. For example, you can use the
alias command to create a
docker alias for Podman:
$ alias docker=podman
You can run familiar commands such as
tag, and more with Podman.
You can also use Podman to run secure, rootless containers. By joining a user namespace and setting root access inside, you can enable Podman to mount certain filesystems and set up the container with no escalation of privileges.
Run an existing image using Podman
For example, let's test the Funbox container, which combines terminal commands and ASCII art. To start, clone the repository in a local directory with the following
$ git clone https://github.com/wernight/docker-funbox.git
Once you download the necessary files, you can pull the base image and additional requirements to build and run a container:
$ docker run --rm -it wernight/funbox
In this case, we've used the following tags with the
docker run command:
--rmtag removes the container after it exits.
-ittag connects the container to the terminal so that you can interact with it.
We now have a container active and running (mine is running on top of Debian Jessie). Let's add an argument to view the Funbox in action:
$ docker run --rm -it wernight/funbox nyancat
If you see a Nyan Cat displayed on your console screen, you are all set to deploy and interact with a container using Podman.
Port forwarding with Podman
Dozens of containers are available to download and use with Podman. For this example, let's set up a simple Apache HTTP Server 2.4 in a CentOS container. To begin, pull the base image you want to use from the Docker hub:
$ podman pull centos:latest
Once you've created the base image, use
podman images to check whether the container is ready to use. You should see output similar to what's shown in Figure 2:
To run the new container with your base image, use the
podman run command with specific tags (such as
-it) to attach it to the CLI. Use
--name to define a custom name. Finally, define the base image where the container should run:
$ podman run -it --name redhat-website centos:latest
When the container is running, automatically set root access inside to run all commands.
Create the Apache HTTP server
To create an Apache web server, we can install the httpd program with the default package installer. For CentOS, it's
$ yum install -y httpd
Figure 3 shows the console output for this command.
You can now serve content from your container to your server's public IP address.
Create a web page
Next, we will add text to an
index.html file in the container's
var/www/html directory. Feel free to customize your message, or add the default below:
$ echo 'Hello from Red Hat!' > /var/www/html/index.html
When you are finished, type
exit to shut down or power off the container.
podman commit to commit your changes. Use tags to define a name and a custom version for your customized container:
$ podman commit redhat-website redhat-website:v1
Finally, launch the container, then forward all requests made to your server's public IP address on port 8080 to port 80 on the container. Use the Podman tag
-p to port forward, and specify the container that you want to run. Ensure that
httpd is running as a foreground process:
$ podman run -p 8080:80 redhat-website:v1 /usr/sbin/httpd -D FOREGROUND
To view the web page from the host device, run a
curl command while specifying port 8080. You should see the screen shown in Figure 4.
How to stop and remove a container
You can use the
podman stop command to stop a specified container:
$ podman stop redhat-website
podman rm to remove the container:
$ podman rm redhat-website
Every command that I demonstrated in this article is compatible with the Docker CLI. Podman has great integration features through
systemd. You can use it to run rootless containers, and it is a powerful container image for running OCI containers on RHEL 8.
You can continue to experiment with Podman by setting up this Katacoda scenario, which offers an interactive environment directly in your browser.
For more interactive demonstrations, watch the video that accompanies this article.
If you want to keep learning about Podman, start with these articles on Red Hat Developer:
- Rootless containers with Podman: The basics (Prakhar Sethi, 2020)
- Podman and Buildah for Docker users (William Henry, 2019)
- Podman basics cheat sheet (Doug Tidwell, 2019)
- Intro to Podman (Red Hat Enterprise Linux 7.6 Beta) (Alessandro Arrichiello, 2018)