| Open Source | First Release | Last Release | Stars | Test | Issues (open/closed) | Link | |
|---|---|---|---|---|---|---|---|
| Docker | Yes | Jan. 2013 | Mar. 2020 | 312 | Ok | - / - | https://github.com/docker/docker-ce |
| Podman | Yes | Nov. 2017 | Apr. 2020 | 4.3k | Ok | 166 / 1808 | https://github.com/containers/libpod |
| Singularity | Yes | Oct. 2015 | Feb. 2020 | 1.6k | Ok | 370 / 2250 | https://github.com/sylabs/singularity |
Podman is a daemonless container engine for developing, managing, and running OCI Containers. Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Podman specializes in all of the commands and functions that help you to maintain and modify OCI container images, such as pulling and tagging. It allows you to create, run, and maintain those containers created from those images in a production environment.
At a high level, the scope of libpod and Podman is the following:
- Support multiple image formats including the OCI and Docker image formats.
- Support for multiple means to securely download images including trust & image verification.
- Container image management (managing image layers, overlay filesystems, etc).
- Full management of container lifecycle.
- Support for pods to manage groups of containers together.
- Resource isolation of containers and pods.
- runc as container runtime
- dir
- docker
- docker-daemon
- oci-archive
When run without root, Podman containers use user namespaces to set root in the container to the user running Podman. Rootless Podman runs locked-down containers with no privileges that the user running the container does not have.
- Runtime: runc (or any OCI compliant runtime) and OCI runtime tools to generate the spec
- Images: Image management using containers/image
- Storage: Container and image storage is managed by containers/storage
- Networking: Networking support through use of CNI
- Builds: Builds are supported via Buildah.
- Conmon: Conmon is a tool for monitoring OCI runtimes.
In the next chapter