Podman

Podman¹ is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System. Containers can either be run as root or in rootless mode. Simply put: alias docker=podman. The Open Container Initiative (OCI)² is an open governance structure to create open industry standards around container formats and runtimes, which Podman follows. Podman can also create container pods that work together, resembling Kubernetes pods, which it can also make a compatible export for.

Podman uses Buildah³ as underlying container builder, which is a CLI tool that facilitates building both Docker and OCI container images interactively or automatically. Furthermore, the daemonless feature is facilitated by a Fork/Exec model using runc⁴ or crun⁵, which removes the need to give developers full privileges to work on the deployment containers. Since this is the preferred gateway for attackers on a system running a Docker Daemon, Podman makes a safer directly interchangeable alternative. ⁶

About group 96

We are a group of students who are interested in containerization and learning the Go language. We will write four essays on Podman and work on contributing to a set of open issues. Listed below are the logistics of our work process:

Meetings

Retrospective and Planning meeting - Tuesday @ 15:45 - 18:00 CET (online/offline/hybrid)
Lab and open collaboration meeting - Friday @ 13:45 - 17:00 CET (online/offline/hybrid)

Forms of communication

Mattermost - general communication
Teams - draft document storage and video conferencing

References

Podman. (2022, February 14). https://podman.io ↩︎
Open Container Initiative. (2022, February 14). https://opencontainers.org ↩︎
Buildah. (2022, February 14). https://buildah.io ↩︎
runc container runner and feature builder to podman and buildah. (2022, February 14). https://github.com/opencontainers/runc ↩︎
crun optional runtime that allows greater flexibility, control and secutiry for rootless conttainers. (2022, February 14). https://github.com/containers/crun ↩︎
Walsh, D. 2018. Replacing Docker with Podman. Simple tool for runnings pods and containers. (2022, February 14). https://media.ccc.de/v/ASG2018-177-replacing_docker_with_podman#t=1837 ↩︎

Project Site | Project Source

Authors

Calin Georgescu

Computer Science MSc. student with interests in computational intelligence and software engineering.

Xueyuan Chen

1st year Computer Science master student at TU Delft interested in software engineering and distributed systems.

Rover van der Noort

Second year Master Software Technology student with enthousiasm for software engineering and programming languages.

Krzysztof Baran

MSc Computer Science: Software Technology student at Delft University of Technology with interest in software engineering and deep learning

Podman - how does it scale?

Essay 4: Scalability When any software project is growing, scalability challenges inevitably arise. Podman does not inherently have a direct scalability problem since it tackles local container orchestration. Many of the obstacles for scalability presented by Hull (2013)1 do not apply to Podman, but we identified some indirect issues. What happens if you start up thousands of containers at once? What is the difference between Docker and Podman in terms of power usage?

Podman

March 22, 2022

Podman - how good is it?

Essay 3: Quality and Evolution If you have any experience with a container orchestration tool, you know it can be challenging at first, using a daemon or configuring Containerfiles, but the added benefit outweighs the development costs. In the previous essays, we gave a contextual overview and architectural analysis of the Podman project. In this essay, we question the satisfaction of the system’s key quality attributes and how they are safeguarded over time.

Podman

March 20, 2022

Podman - under the hood

Essay 2: the system’s architecture In our earlier essay, we gave an overview of the product vision and the context in which Podman is used. This essay dives deeper into the system’s architecture and its design choices. We investigate what these decisions mean for the project based on various system views12 and evaluate the insights where improvement could be achieved. For readers who are unfamiliar with the world of containers, our first essay contains a list of key definitions.

Podman

March 7, 2022

Podman – a daemonless container experience

Essay 1: Context and Product Vision If you are new to Docker, containers, daemons and/or Kubernetes, please follow the links to familiarise yourself with these concepts before reading. Very basic introduction videos can be also found here for Docker and Kubernetes. Containers play a crucial role nowadays in simplifying the production, distribution, discoverability, and usage of applications with their dependencies and default configuration files. There is nothing worse than struggling with dependency or configuration bugs only to explain to yourself that ‘it works on my machine’.

Podman

February 21, 2022

Add colors to logs

containers/podman

Adds a new feature: the ability to display the logs of different containers within the same pods in different colors for easier readibility. Toggled through the new --colored flag.

merged

Open PR

Add configuration for ExitCommandDelay

containers/common

Adds the configuration option for ExitCommandDelay in the common configuration library and sets the default to 5 minutes.

merged

Open PR

Add negation to image filters

containers/common

Adds the option to use negation for image filters, like label!=version=0.1. This helps users that maintain many containers at once to properly filter images.

merged

Open PR