Hello Everyone
Welcome to your AKVAverse, I’m Abhishek Veeramalla, aka the AKVAman, your guide for Cloud, DevOps, and AI.
Today we will be talking about Docker and Podman, especially on what is Podman, why we should use Podman, how Podman differs from Docker, and should we really consider moving from Docker to Podman.
You will have a question, okay, Abhishek, why are we talking about Podman when we already have Docker? The answer is very simple: the problem that Podman solves.
Problems with Docker?
There are two main problems of running Containers in Docker
The Docker Daemon is running as a root user, If you know Docker Daemon is the primary part of Docker, and this is the one that runs your container, so what I mean to say is that if the Daemon runs as a root user and if one of your container is compromised by a hacker, since the Docker Daemon runs as a root user and this won’t just compromise a single container as the hacker can use the root privileges of the Docker Daemon and can reach any of your containers and technically your entire infrastructure is compromised.
The hacker can run a container with the highest privileges and the command below can be used to plant a back door to your Linux Instance.
docker run -v /:/ host -it ubuntu chroot /hostSingle Point of Failure of Docker Daemon: This problem that Podman is trying to solve is also related to Docker Daemon; the Docker Daemon acts as a single point of failure for your entire instance. Whether you are running 10 containers or hundreds of containers on this instance, if the Daemon fails, it will lead to making all of your microservices down, which will result in a bad customer experience.
How Podman Fixes This
The above are the two problems that Podman solves, the first one is the root privilege for the Daemon and the second one is the single point of failure of Docker Daemon. Podman solves this problem by going daemonless; as a result both the problem of Docker is solved by Podman.
The Default behavior of Podman is that it doesn’t run containers as a root user, and even if one of your containers gets compromised, the rest will be safe, and even the node on which that compromised container is running is not compromised.
3 Standout Features of Podman
Daemonless
Unlike Docker, Podman runs containers daemonless, which means there is no root privilege and there is no single point of failure for the containers. Podman’s design eliminates the daemon entirely. Each container is started and managed directly by the user’s command, not via a background service
Enhanced Security
Daemons typically run with root privileges that we already discussed, which can lead to hacker to run breach your system easily and is a major security vulnerability. If a daemon is compromised, the attacker may gain system-wide access. Podman’s daemonless and rootless approach ensures containers only have the privileges of the invoking user,and thus improves security.
Resource Efficiency and Reliability
Without running a background process like Docker, Podman uses the resources more efficiently, allowing for faster container startup and no failure by the Daemon.
Should You Really Migrate from Docker to Podman?
Not necessarily, at least not today. Docker has addressed many of the issues that Podman initially solved, and by also considering the following enhancements.
Rootless Mode: Docker now supports running the Docker daemon and containers as a non-root user, reducing security risks similar to Podman’s rootless design.
Daemon Stability: With proper observability and resource allocation, Docker’s daemon rarely crashes and stays stable in production, adding an observability layer for your Daemon.
Strong Community: Docker’s large ecosystem and active community provide better tooling, integrations, and ongoing innovation in comparison to Podman.
A detailed Video
A Thought to Leave You With
Container technology keeps evolving fast, and with it, the tools we rely on every day. Whether you choose Docker or Podman, the key is understanding their architectures and security implications.
Start small, stay curious, and get hands-on.
Until next time, keep building, keep experimenting, and keep exploring your AKVAverse. 💙
Thanks Augment Code, for collaborating on this deep dive.
Abhishek Veeramalla, aka the AKVAman
Information here is wonderful 😍
Thanks Abhishek, well informative content