Podman and CRI-O, the new duo of containerization versus Docker ?
In today’s technology landscape, it’s common to hear Docker associated with containers, but there are other options.
These two open source projects are behind a revolution in the container world: the Docker replacement …..😢 And there, first surprise: why replace Docker ? 🤔 Although Docker Inc. has revived the container model. Docker is an all-in-one component, the docker binary contains instructions to build container images, what to run them and even what to set up a swarm cluster. And today it is a point of contention and SPOF because all containers depend on a single daemon.
A monolithic process in a world of microservices is stuck ….😬
Podman and CRI-O come to replace the functionalities of docker while keeping a compatibility not to upset everything.
One of the advantages of podman is that there is no more daemon. All containers are launched by runC without depending on a single process. Second, Podman was designed with to work hand in hand with Kubernetes. Podman can use the YAML manifests of Kubernetes. Both to launch Pods or generate manifests from an existing Pod. Podman is not capable of building container images. You will need other programs such as Buildah to create container images. This is an intentional choice by the Podman team, who did not design Podman as a monolithic application
Podman replaces the docker command line. The compatibility is such that you can create an alias so that you don’t have to change your habits or even your scripts.
#:> alias docker=podmanCRI-O replaces the docker daemon as an application engine.Lighter, CRI-O is not an all-purpose client/server tool. It does only one thing and does it well…More safely, CRI-O triggers one instance of runC per pod. All pods are not linked to a single daemon which is an SPOF. That’s why Kubernetes does not support Docker runtime since vesion 1.22 in favor of one of the other compliant container runtime engines, such as CRI-O or containerd.
Next
It’s coming soon ….. Getting start with Podman
Conclusion
If you focus on security. Podman’s architecture is inherently more secure than Docker’s. And if you’re considering moving to Kubernetes in the future. Podman introduces the concept of a pod, which makes it a good starting point for Kubernetes.
Since both Docker and Podman are OCI compliant, it’s also possible to use them side by side. For example, the robustness of Docker can be used on development machines, while development-integration and production environments can benefit from the increased security of Podman.
RedHat OpenShift using Podman and openSUSE are contributors to these projects and use them in their SLES 15.x and CaaSP 4.x distribution.
