Red Hat Advances Container Technology With Podman 1.0 | eWeek

Red Hat Advances Container Technology With Podman 1.0

Podman
Jan 18, 2019
4 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Red Hat announced the 1.0 release of its open-source Podman project on Jan. 17, which provides a fully featured container engine.

In Podman 1.0, Red Hat has integrated multiple core security capabilities in an effort to enable organizations run containers securely. Among the security features are rootless containers and enhanced user namespace support for better container isolation.

Containers provide a way for organizations to run applications in a virtualized approach on top of an existing operating system. With the 1.0 release, Red Hat is now also positioning Podman as an alternative to the Docker Engine technology for application container deployment.


“We felt the sum total of its features, as well as the project’s performance, security and stability, made it reasonable to move to 1.0,” Scott McCarty, product manager of containers at Red Hat, told eWEEK. “Since Podman is set to be the default container engine for the single-node use case in Red Hat Enterprise Linux 8, we wanted to make some pledges about its supportability.”

McCarty explained that for clusters of container nodes, the CRI-O technology within the Red Hat OpenShift Container Platform will be the default. The OpenShift Container Platform is Red Hat’s distribution of the Kubernetes container orchestration platform.

Red Hat already integrated a pre-1.0 version of Podman in its commercially supported Red Hat Enterprise Linux (RHEL) 7.6 release in October 2018. McCarty said that both RHEL 7 and RHEL 8 will be updated to include Podman 1.0. RHEL 8 is currently in private beta.

OpenShift

CRI-O is a Kubernetes container runtime and is at the core of Red Hat’s OpenShift. CRI-O reached its 1.0 milestone in October 2017. McCarty said Podman was originally designed to be used on OpenShift Nodes to help manage containers/storage under CRI-O, but it has grown into so much more. 

“First and foremost, Podman is designed to be used by humans—it’s easy to use and has a very intuitive command-line experience,” McCarty said.

A user interacts with Podman at the node level—this includes finding, running, building and sharing containers on a single node. Even in clusters of thousands of container hosts, McCarty said it’s useful to have a feature rich tool like Podman available to troubleshoot and to tinker with individual nodes.

“One main challenge to adopting Kubernetes is the learning curve on the Kubernetes YAML, which defines running containers,” McCarty said.

Kubernetes YAML provides configuration information to get containers running. To help onramp users to Red Hat OpenShift, McCarty said Podman has the “podman generate kube” command. With that feature, a Podman user can interactively create a pod on the host, which Podman can then create and export as Kubernetes-compatible YAML. 

“This YAML can then be used by OpenShift to create the same pod or container inside of Kubernetes, in any cluster or even multiple times within the same cluster, stamping out many copies anywhere the application is needed,” McCarty explained. “The user doesn’t even have to know how to write Kubernetes YAML, which is a big help for people new to the container orchestration engine.”

Security

One of the key attributes of Podman is the improved security. A challenge with some container deployments is that they are deployed with root access privileges, which can lead to risk.

On Jan. 14, security vendor CyberArk reported one such privileged container risk on the Play-with-Docker community site that could have potentially enabled an attacker to gain access to the underlying host. With containers, the basic idea is that the running containers are supposed to be isolated, but if a user has root privileges, that isolation can potentially be bypassed.

Podman has the concept of rootless containers that do not require elevated privileges to run. McCarty said that to use rootless containers, the user doesn’t need to do anything special. 

Another key concept with Podman is that it does not require a new system daemon to run. Dan Walsh, consulting software engineer at Red Hat, explained that if a user is going to run a single service as a container, then having to set up another service to just run the container is a big overhead. 

“Forcing all of your containers to run through a single daemon forces you to have a least common denominator for default security for your containers,” Walsh told eWEEK. “By separating out the containers engines into separate tools like CRI-O, Buildah and Podman, we can give the proper level of security for each engine.”

Walsh added that Podman also enables users to run each container in a separate user namespace, providing further isolation. From a security auditing perspective, he noted that the “Podman top” command can be used to actually reveal security information about content running within the container.

Podman Usage

Red Hat is seeing a lot of usage for Podman as a replacement for the Docker Engine for running containers in services on hosts, according to McCarty. 

The Fedora and openSUSE communities seem to be taking the lead on adopting Podman, McCarty said, but Red Hat also seen it packaged and used in many other distributions, including Ubuntu, Debian, Arch and Gentoo, to name a few.

“Podman essentially operates at native Linux speeds, since there is no daemon getting in the way of handling client/server requests,” he said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.