tags : Containers, Docker, OCI Ecosystem
Alternative to Docker and hence does not use containerd
Creates containers without daemon, hence plays nice w systemd.
So you can create host systemd unit files for container runs nicely :) - See podman-generate-systemd — Podman documentation
Additionally, allows init systems inside the container by design. Unlike docker where the philosophy is not to have an init system.
Will not work as a container engine for Kubernetes, instead suggest using CRI-O. As mentioned in OCI Ecosystem
Difference with Docker
Processes behind the scenes
What’s happening behind the scenes for this command is quite interesting. There’s a couple of processes being used to manage our ubuntu container. A slirp4netns process is running. This is a tool which helps networking work in unprivileged containers.
There’s also a conmon process running, which is another helper process.
These two processes are used for every container, so if you run 10 containers, you’ll get 20 supporting processes.
Comparing this to Docker, conmon seems to be the equivalent of the containerd-shim process that runs with every container and there’s no slirp4netns equivalent needed as Docker is running with root privileges.