Power Up with Podman - Cloud Native + K8s Meetup
•Download as PPTX, PDF•
0 likes•15 views
Curious about containers beyond Docker? There’s a new generation of containers on the scene, Podman! Supporting secure, rootless containers for Kubernetes microservices, it was designed and built with the cloud in mind. Benefitting from the lessons learned out in the open from Docker, this next generation of containers will quickly become a trusted daily driver in your dev workflow. Covering what you need to know as an end-user from the UI to the backend, sharing a real world use case leveraging Podman for open source observability workshops https://o11y-workshops.gitlab.io. Paige will share how Podman and the adorable seal mascots Caitlín, Maighréad and Róisín have transformed her local development!
Recommended
More Related Content
Similar to Power Up with Podman - Cloud Native + K8s Meetup
Similar to Power Up with Podman - Cloud Native + K8s Meetup (20)
More from Eric D. Schabell
More from Eric D. Schabell (20)
Recently uploaded
Recently uploaded (20)
Power Up with Podman - Cloud Native + K8s Meetup
- 1. POWER UP WITH PODMAN Eric D. Schabell, Chronosphere Director Evangelism Cloud Native + Kubernetes Meetup - May 2024
- 2. # Experienced with Docker? # # This is all you need to know… # alias docker=’podman’
- 5. 2024 TIMELINE 2023 2022 2021 2020 2019 2018 First release of Podman v.0.3.5 (Apr 5) Podman v1.0.0 released Podman 4.5 released dockershim removed in K8s 1.24 Podman- desktop released v1.0,0 Podman 5.0
- 6. “ A daemonless container engine for developing, managing, and running OCI Containers on your Linux System
- 7. CONTAINER
- 9. DAEMONLESS
- 10. Open Container Initiative (OCI)
- 11. “ A daemonless container engine for developing, managing, and running OCI Containers on your Linux System
- 13. 2. Powering Up
- 15. 15
- 16. Bookmark the Troubleshooting Page
- 17. Podman Desktop
- 18. Import saved containers! 1. docker export $yourContainer > $yourContainer.tar 2. podman import $yourContainer.tar
- 19. Docker-compose & podman ?! (A) 1. Verify DOCKER_HOST variable points to podman socket 2. docker-compose up 3. docker-compose down
- 20. podman-compose* (B) 1. Install podman-compose 2. podman-compose up
- 21. kompose (C)
- 22. Create Pods incrementally ● podman pod create --name $POD-NAME ● podman run -d --pod $POD-NAME $IMAGE_1 ● podman run -d --pod $POD-NAME $IMAGE_2 ● podman generate kube $POD-NAME > $POD- NAME.yaml
- 23. Run Pods without Kubernetes podman play kube $pod-name.yaml - Pod - Deployment - PersistentVolumeClaim - ConfigMap
- 24. Run Pods locally with Kubernetes
- 28. “ No contribution is too small—from a spelling mistake in a man page up to a full-blown feature.
- 29. Report Issues
- 30. Communicate ○ IRC - https://web.libera.chat/#podman-desktop ○ Matrix - https://matrix.to/#/#podman:fedoraproject.org ○ Discord - https://discord.gg/vwpj7K6gW5 ○ Slack - https://slack.k8s.io/ #podman-desktop ○ Email - podman-join@lists.podman.io
- 32. “
- 33. “
- 34. THANKS! Eric D. Schabell, Chronosphere Director Evangelism @ericschabell{@foostodon.org}
Editor's Notes
- Curious about containers beyond Docker? There’s a new generation of containers on the scene, Podman! Supporting secure, rootless containers for Kubernetes microservices, it was designed and built with the cloud in mind. Benefitting from the lessons learned out in the open from Docker, this next generation of containers will quickly become a trusted daily driver in your dev workflow. Covering what you need to know as an end-user from the UI to the backend, sharing a real world use case leveraging Podman for open source observability workshops https://o11y-workshops.gitlab.io. Paige will share how Podman and the adorable seal mascots Caitlín, Maighréad and Róisín have transformed her local development!
- Experienced with Docker? This is all you need to know…. ;-)
- To be honest I spend so much of my brainspace deep in the world of OpenTelemetry and the tracing ecosystem I’ve kind of taken container tech for granted. Didn’t really have a need or interest to dive into what was happening to make the containers run I was more focused on what I was running and writing. And like with everything in tech the more you look under the covers the more you realize how many people and projects work together to make tech work So! Let’s set foundation
- I start by checking out the logo always! They reveal so much! The logo is three Selkies, a mythological Irish creature that can morph between human and seal, in the logo they’re shown in seal form…as a POD of seals which makes sense because Podman is short for Pod Manager Their names are Caitlín (Kat-leen), Maighréad (Mare-Gred),and Róisín (Ro-Sheen)
- For me, 2023 was the first I’d even heard of Podman, turns out the first release was 6 years ago back in 2018! A short year later and V1.0.0 landed on January 11, 2019 Bringing my fave feature podman play kube Then a lot of bug fixes, features, and development work charged on from 2020-2022 Noteworthy is Kubernetes 1.24 dropping support for dockershim in favor of runtimes that are CRI (container runtime interface) compliant 2023 brought Podman Desktop release v1.0.0 landed May 17 Finally you are here, 2024, bringing a rev of a MAJOR version, 5.0 which brings changes to the podman machine command, noting improved reliability and efficiency with shorter boot times! Win win win! Mac users rejoice Apple Hypervisor supported default. This was my one bugaboo with Podman and literally yesterday the blog post on 5 dropped.
- In one sentence, Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux system. This is what you see when you look up the official definition. Another container engine you may be familiar with is Docker. This talk delves into the differences between each project. We’re going to take this definition term by term
- We will come back to daemonless. Before we can answer “what is a container engine?” it’s important to quickly cover what a container even is A container is sort of like how terrarium is a miniature garden and fully functioning ecosystem encapsulated in a sealed glass container Except instead of plants, you’re containing everything needed for an application to run.
- Container engines perform containerization, that is turning an image (essentially tarball of all the deps) into a running processes which includes things like: Handling user input Pulling container images from a registry Expanding or compressing the container image Preparing mount points Managing metadata
- OK, so if the container engine, well containerizes then what’s the daemonless part mean? Daemons are continuously running background programs, and Docker runs a daemon to manage container engine duties like launching new containers. In Podman’s case, this means means it launches new containers and pods by forking and running separate child processes and managing them via systemd (replacement for daemon) This is nice because it’s one less thing to continuously run on your system and in this case important design decision avoids security vulnerabilities that come from running a rooful daemon.
- The Open Container Initiative (origin, June 2015) is an open governance structure for the express purpose of creating open industry standards around container formats and runtimes. the Runtime Specification (runtime-spec) the Image Specification (image-spec) the Distribution Specification (distribution-spec). OCI compliance is what powers the portability of containers, being able to portable to different platforms and environments
- What is Podman? Now we know a bit more about what that means. Note that obviously you can see I’ve got a Mac today so it’s not just about Linux systems!
- Unlike Docker which was delivered as an all-in-one solution Key to shoutout “friends” of Podman: Buildah which builds OCI compliant container images. Isn’t that what podman is supposed to be doing? A major difference is their concept of a container. Podman allows users to create "traditional containers" where the intent of these containers is to be long lived. While Buildah containers are really just created to allow content to be added back to the container image temporarily. An easy way to think of it is the buildah run command emulates the RUN command in a Dockerfile while the podman run command emulates the docker run command in functionality. Skopeo which works with remote image registries to retrieve info, images and signing content https://www.smarthomebeginner.com/podman-vs-docker/
- The first time you fire up Podman or really any new to you technology it’s important things go well and that if (not when) you run into issues you know where to go
- I say this not because podman is buggy, in fact it sounds like the team has been hard at work fixing the issues I’ve encountered. But more because it's a great resource. There was some social media post about how worth it is investing in supporting a game to run on Linux because those users ended up finding and flagging 80% of bug reports. And that culture of if you see something broken either fix it or provide a beautiful bug report makes for a great community! This shows in the docs, the open issues (not all of them but the qemu VM intermittent issues issue was almost a party). Do your part as an open source citizen
- My muscle memory is set for building and running containers via the command line however I found myself turning to Podman Desktop when things go awry as I get containers and pods up and running. The interface for viewing logs is so much nicer than scrolling through my console and you’re one click away from opening a terminal in the container to run any troubleshooting commands! Definitely worth checking out even if you’re a power user on the command line. Also allows you to list, view, and manage containers from multiple supported container engines* in a single unified view.Supported engines and orchestrators include Podman, Docker, Lima, kind, Red Hat OpenShift, Red Hat OpenShift Developer Sandbox
- You have 2 options for docker-compose neither of which I love. Yes if you’ve been running Docker odds are you’ve got some docker-compose YAML lying around The good news is that you can pass a docker-compose file to Podman to run containers.
- But here’s the thing. Podman Compose is a community project, not something steered by Podman maintainers not actively taking in as design direction not perfect because it implements a subset of the functionality of Docker Compose. While podman-compose supports the Compose spec, I ran into trouble using it and found I had a much better experience just converting what I had into Pods that’s the happy path with podman. Depending on how many of the advanced features of docker-compose you’re using I’d also recommend looking at translating them. But this option is available
- A kubernetes native tool for converting our docker compose files (YAML) to container orchestration on k8s. not perfect because it implements a subset of the functionality of Docker Compose. While podman-compose supports the Compose spec, I ran into trouble using it and found I had a much better experience just converting what I had into Pods that’s the happy path with podman. Depending on how many of the advanced features of docker-compose you’re using I’d also recommend looking at translating them. But this option is available
- Being able to create pods incrementally is nice especially as your developing to be able to build it up. One note is that you do need to expose all the ports you’ll need upfront, otherwise you’ll have to tear down and recreate the pod.
- According to the docs this is what objects are supported however I just skimmed a blog post that mentioned generating Services but that it defaulted to NodePorts, basically I try to go with what the docs officially say is supported but that’s just me! That does hint at the issue here, while working with pods locally is a vast improvement over docker-compose……it’s still not Kubernetes itself
- A big disconnect in development workflows with Docker and Kubernetes is often developers would run have docker-compose set ups locally, SRE translates that all into corresponding Kubernetes objects and YAML, possibly further templatizing and wrapping in a Helm chart And all of a sudden there’s a wall between how Operators run things and how Developers run things. Kind lets you run local Kubernetes clusters using Podman containers as “nodes”. Podman’s focus on pods and the integration with Kind address this pain point by bringing them closer together Another nice thing is there’s direct functionality to push images you build to these clusters
- Once you’ve gotten your start
- There are meeting agenda notes and meeting recordings if you miss one and want to catch up
- There are meeting agenda notes and meeting recordings if you miss one and want to catch up
- The most straightforward way to get involved is to use Podman and Podman Desktop and report issues when you notice them, that way maintainers know how severe or widespread a problem is or how important a new feature is Since, as mentioned, Podman relies on related projects to fulfill container engine duties, it is important to identify which component you’re having trouble with and skim through the currently open issues to see if this has already been identified https://podman.io/community I actually need to file an issue because I have seen now a couple times when Podman Desktop UI doesn’t show Pods or containers I’ve launched from the command line
- Explore all the adventures you see in this session, hands-on in our choose your own adventure observability workshop collection: https://o11y-workshops.gitlab.io
- I cannot recommend this book enough, delving into the deep technical details of implementation but written in an approachable and friendly manner. The best part is the explanations behind design decisions, something that I find lacking in other texts.
- How I Podman? Podman CLI in VSCode Podman Desktop to double check what’s running and a better interface for looking at logs