{{ BRANDINGLOGO }}    ![Dockerlogo](Pictures/podman-logo.png)  

# What is Podman?

As described by the Podman website itself it is:

    Podman is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative (OCI) Containers and Container Images. Podman provides a command line interface (CLI) familiar to anyone who has used the Docker Container Engine. Most users can simply alias Docker to Podman (alias docker=podman) without any problems. Similar to other common Container Engines (Docker, CRI-O, containerd), Podman relies on an OCI compliant Container Runtime (runc, crun, runv, etc) to interface with the operating system and create the running containers. This makes the running containers created by Podman nearly indistinguishable from those created by any other common container engine.

With simple words it's a container engine that is so similar to Docker that you can just use an alias and run docker-like commands. This brings to mind an obvious question, if it's so similar to Docker why would you use Podman instead? The answer is security.
The previous paragraph starts describing Podman as a "daemonless" container engine and that's the main difference with Docker. Later in this workshop we'll explain security features in Podman, for the moment just keep in mind that as Podman doesn't have a daemon it doesn't need to use the root user for anything, therefore the execution of containers is secured by design.

This is explained differently in Podman website:

    Containers under the control of Podman can either be run by root or by a non-privileged user. Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Podman specializes in all of the commands and functions that help you to maintain and modify OCI container images, such as pulling and tagging. It allows you to create, run, and maintain those containers and container images in a production environment.

# Why Podman?

Many think of Podman to be a replacement for Docker (if they have heard of Podman at all). But, this is not the case, as Podman is another option that provides better security and developer features. Podman is a cloud-native, daemonless tool that helps developers manage their Linux containers. Podman is all about security, but also minimizing the friction between your local development environment and production.

Podman uses a microservices approach, creating a network with many other cloud-native products, such as Buildah and Skopeo, to build and push containers. This makes Podman a lighter and faster application than Docker, allowing for customization and changes.

# Podman basic functionality: managing container images

Just like any other container engine, Podman has the ability to manage and execute container images. A container image is a static image that contains an applications with all it's dependencies. Because the dependencies are included within the container image we can expect the same application behaviour if it's executed in different hosts, solving one of the most widespread problems for developers: "it worked in my environment".

Container images are stored in container registries, by default Podman will look for container images in quay.io, registry.redhat.io and docker.io. You can configure additional registries by modifying the file /etc/containers/registries.conf, we'll not cover this advanced configuration during this workshop.

The way Podman works with container images is it locally downloads (or pulls) images from registry. Hence, first thing we want to do is checking if we have any image downloaded locally:

In [None]:
podman images

You should get have no images locally. Download your first image, the podman hello-world image, by running the following command:

In [None]:
podman pull hello-world

Now check if your images was pulled correctly by running again the podman images command:

In [None]:
podman images

You should find the hello-world image is locally downloaded in your system. This only means that we have a static image that contains our application and its dependancies locally sync'ed. Next thing we would like to do is to execute that static image:

In [None]:
podman run hello-world

# Executing containerized applications

During last exercise we downloaded a container image and executed it. With the following command Podman will show the containers that are being executed right now:

In [None]:
podman ps

As you can see, the output is empty. This is because the container that we executed runs a process that ends after printing in the screen the "Hello Podman World" message and once the main process of a container is finished the container itself will stop being executed.
But no worries, Podman got us covered, if we want to see all the containers that are being executed and those whose execution finished some time ago we just need to add the "-a" to the previous command.

In [None]:
podman ps -a

There you can see the container we executed before with a status of "Exited".

Lets see what happens if we execute a container whose process don't finish unless specified:

In [None]:
podman run nginx

If you run the "podman ps" command you will see your nginx container with a status of "Up".

In [None]:
podman ps

You can stop all running containers by running the following:

In [None]:
podman stop --all

Before jumping in what is the first
Docker has four main tools that it provides to accomplish tasks:

    Docker Engine
    Docker Compose
    Docker Machine
    Docker Swarm
    
## Docker Engine

    It is Docker's “powerful open source containerization technology combined with a work flow for building and containerizing your applications.” — Docker, About Docker Engine

The Docker Engine is what realizes Docker's "build, ship, run" mantra. That engine is a daemon responding to REST API requests to perform the operations asked of it. When someone uses a Docker command through the Docker CLI, it talks to this daemon/engine. Docker provides 2 major concepts: the Docker image and the Docker container.

- The Docker image is the content of what is built, generally using a receipt stored in the Dockerfile. It is read-only, and has to be rebuilt with each software modification.
- The Docker container is the application run in a sandbox. It is read-write and can be instantiated as many times as you want from a given Docker image.


## Docker Compose

    It “is a tool for defining and running multi-container Docker applications” — Docker, Overview of Docker Compose

This is what you use when you have an application made up of multiple microservices or software components. The `docker-compose.yml` file allows you to configure all those services in one place and start them all with a single command. We’ll cover Docker Compose in much greater detail in the follow up Workshop. This is like the Makefile of Docker to build and launch a complete set of images and containers with all their required parameters (volume storage, network attachments, ports to open, ...). And of course, you'll manage it under your configuration management tool, such as Git, to keep track of your modifications.

## Docker Machine

In years past, Docker Machine was more popular than it is now.

    “Docker Machine is a tool that lets you install Docker Engine on virtual hosts, and manage the hosts with docker-machine commands.” — Docker, Docker Machine Overview

It’s fallen by the wayside a bit as Docker images have become more stable on their native platforms, but earlier in Docker’s history it was very helpful. That’s about all you need to know about Docker Machine for now.

## Docker Swarm

The final tool, Docker Swarm, will be covered in a later workshop. But for now, know that it helps to

    “create a swarm of Docker Engines where you can deploy application services. You don’t need additional orchestration software to create or manage a swarm” — Docker, Swarm Mode Overview

More recently, Kubernetes has taken a more dominant role as a containers orchestrator than Docker Swarm. Docker still supports both natively.

These are the tools you’ll become familiar with, and now, we can talk about the Dockerfile.
The Dockerfile — where it all begins

## Dockerfiles

Docker is a powerful tool, but its power is harnessed through the use of things called Dockerfiles.

    A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. Using "docker build" users can create an automated build that executes several command-line instructions in succession.- Docker, Dockerfile Reference

A Docker image consists of read-only layers, each of which represents a line in the Dockerfile. The layers are stacked and each one is a delta of the changes from the previous layer.

This is what I was talking about above. When a Docker container starts up, it needs to be told what to do. It has nothing installed. It knows how to do nothing. Truly nothing.

The first thing the Dockerfile needs is a base image. A base image tells the initial environment the container will start from typically a minimal OS image — Alpine, Ubuntu, RHEL, SuSE, or a more advanced image where an initial application is provided, such as Node JS, Java, PostgreSQL, Apache, etc.

Next, you’ll provide setup instructions. These are all the things the Docker image needs to know to be built: environment variables, dependencies to install, where files live, data to use, etc.

And finally, you have to tell the image what to do. Typically it will be run with specific instructions, once installed with the previous setup instructions. We’ll give a quick overview of the most common Dockerfile commands [next](2-WKSHP-Using-Docker.ipynb) and then show some examples to help it make sense.

<br><br>

## <i class="fas fa-2x fa-map-marker-alt" style="color:#551199;"></i>&nbsp;&nbsp;Next Steps

# Lab 2 : Using Docker

<h2>Next LAB&nbsp;&nbsp;&nbsp;&nbsp;<a href="2-WKSHP-Using-Docker.ipynb" target="New" title="Next LAB: Using Docker"><i class="fas fa-chevron-circle-right" style="color:#551199;"></i></a></h2>

</br>
 <a href="0-ReadMeFirst.ipynb" target="New" title="Back: ReadMeFirst"><button type="submit"  class="btn btn-lg btn-block" style="background-color:#551199;color:#fff;position:relative;width:10%; height: 30px;float: left;"><b>Back</b></button></a>
 <a href="2-WKSHP-Using-Docker.ipynb" target="New" title="Next:Using Docker"><button type="submit"  class="btn btn-lg btn-block" style="background-color:#551199;color:#fff;position:relative;width:10%; height: 30px;float: right;"><b>Next</b></button></a>


: 

: 