Try Podman, Buildah, and Skopeo instead of Docker

Docker is not the only tool to work with containers

Docker vs. Podman+Buidah+Skopeo
Docker vs. Podman+Buidah+Skopeo —Image by Chairat Onyaem (Par)

Why not Docker

Docker has been around for quite a while and it is a good tool. It is one of the very first thing I always tell junior developers to study when they start their first job from school.

Container Engines

podman logo
podman logo
Podman logo — from https://podman.io/
  • The most prominent competitor to Docker is Podman, developed by Red Hat.
  • Podman doesn’t need daemon to run and also doesn’t need root privileges which has been long-standing concern with Docker.
  • Podman can also run pods which make it easier to later migrate the workloads to Kubernetes.
  • Podman provides the exact same CLI commands as Docker as they are implemented using the same standard defined by the Open Container Initiatives (OCI).
  • There are other Container Engines but can be considered as dead-end e.g. LXD, CRI-O, rkt (rocket)

Image Builder

buildah logo
buildah logo
Buildah logo — from https://github.com/containers/buildah
  • Buildah is daemonless and rootless and produces OCI compliant images so it’s guaranteed that your images will run the same way as the ones built with Docker.
  • Buildah is also able to build images from Dockerfile .
  • Buildah are user specific, so you will be able to list only images you built yourself.
  • buildah CLI is superset of commands included in podman build . Learn more about the differences between Podman and Buildah from this article.
  • Another tools for building images are Google’s Kaniko, Docker’s buildkit, OpenShift’s Source-To-Image (S2I), Jib, and Bazel.

Container Runtime

containerd logo
containerd logo
Containerd logo — from https://containerd.io/
  • runc is the most popular container runtime created based on OCI container runtime specification. It’s used by Docker (through containerd), Podman, and CRI-O (default for OpenShift cluster).
  • Alternative to runc is crun which is a tool developed by Red Hat and fully written in C (runc is written in Go). Considering that it’s Red Hat product, we might eventually see as default for Podman or CRI-O.
  • Last one to mention is containerd which is a CNCF graduating project and acts as an API facade for various container runtimes. It’s used by Docker Engine, Google Kubernetes Engine (GKE), IBM Kubernetes Service (IKS).

Image Inspection and Distribution

skopeo logo
skopeo logo
Skopeo logo — from https://www.redhat.com
  • Skopeo is also able to copy images using skopeo copy which allows you to mirror images between remote registries without first pulling them to local registry.
  • Dive is another tool for inspecting, exploring, and analyzing images. It’s little more user friendly and provides more readable output.

Install podman, buildah, and skopeo

Now, it’s time for hands-on. Let’s install these three tools from Red Hat. Please note that here I tried on Ubuntu 18.04 so the steps may be different on other distros.

Testing podman

Run a new httpd container and forward port 8080 to host.

Fedora test page
Fedora test page
Fedora Test Page — image by Chairat Onyaem (Par)

Testing buildah

Clone repository https://github.com/pacroy/flask-app and use buildah to build the image from the Dockerfile.

Simple Flask app (Cat GIF of the day)
Simple Flask app (Cat GIF of the day)
Simple Flask app (Cat GIF of the day) — image by Chairat Onyaem (Par)

Testing skopeo

You can inspect properties or configuration of an image on a remote repository using skopeo.