podman build Containerfile . podman build Dockerfile .

// podman build uses code sourced from the buildah project to build container images.

// Edit "/etc/containers/registries.conf" file to update the registries that podman should look for :

[registries.search] registries = ['container-registry.oracle.com', 'docker.io', 'registry.access.redhat.com', 'registry.redhat.io']

// Why not docker?

Docker runs on a client-server that is meditated by the daemon that leverages REST APIs to request to perform container-related operations.

How Docker works?

Here Docker Daemon provides all the functionality needed to:

• push and pull images from a registry
• ask kernel to run containers
• copy images to local container storage etc...

Docker CLI asks the daemon to work with registries, images, containers and kernel.

Why using a Docker Daemon is a bad idea?

• a single point of failure
• Daemon process owns all the child processes - i.e running containers
• if the daemon fails then there will be orphaned processes
• Docker containers are designed to be accessed as root users to execute commands that non-root users can't execute

Docker Local Repository: /var/lib/docker

How Podman works?

• Podman directly interacts with image registry, container and image local storage and linux kernel (via runC container runtime process - not a daemon)
• Podman is rootless and daemonless
• Podman supports two modes of operation: rootful, in which case the container runs as root on the host system, and rootless, where the container runs under a standard Unix user account.

Podman Local Repository (root) : /var/lib/containers (based on Open OCI (Open Container Initiative) standards) Podman Local Repository (rootless user) : ~/.local/share/containers (in user home directory)

Extra features in Podman that is not there in Docker:

podman generate kube <image_ID> (to generate kubernetes YAML file)

Example:

[opc@control ~]$ podman generate kube 94afd17b052a

apiVersion: v1 kind: Pod metadata: creationTimestamp: "2023-12-13T03:31:17Z" labels: app: new3pod name: new3_pod spec: containers:

• image: localhost/hello_from_puneeth:latest name: new3 securityContext: capabilities: drop: - CAP_MKNOD - CAP_AUDIT_WRITE

podman top <running_container_ID> is equal to running 'ps -ef' inside a container

podman build --pull=never . podman build --pull=always . podman build --pull=missing .

Create a pod podman pod create --name=test_pod podman run -dt --pod test_pod quay.io/libpod/alpine_nginx

podman ps --pod podman pod list

Reset everything

Example: [opc@control ~]$ podman system reset WARNING! This will remove: - all containers - all pods - all images - all networks - all build cache Are you sure you want to continue? [y/N] y

Generate kubernetes yaml file

podman run -dt -p 8000:80 --name demo quay.io/libpod/alpine_nginx:latest podman generate kube demo