Learning Library

← Back to Library

Docker vs Podman: Choosing the Right Engine

6m • Unknown Channel • devops • tutorial • intermediate • Watch on YouTube ↗

Key Points

Docker popularized containerization, using Dockerfiles to build OCI‑compatible images that are run by the Docker Engine’s background daemon (the Docker daemon).
The Docker daemon operates with root privileges, which can be a security risk and may require elevated access in many organizations.
Podman provides a daemon‑less container engine that runs containers without needing root, emphasizing improved security and user‑level operation.
Like Docker, Podman works with OCI‑standard images and containers, but it also adds native support for Kubernetes‑style pods, enabling multiple containers to be managed as a single unit.
Both tools share similar concepts (images, containers, registries), yet the key distinction lies in Docker’s client‑server model with a central daemon versus Podman’s rootless, daemon‑free architecture.

Sections

00:00:00 Docker vs. Podman Overview - Cedric Clyburn, a Red Hat developer advocate, introduces Docker’s core components and concepts as a prelude to comparing it with Podman.

Full Transcript

# Docker vs Podman: Choosing the Right Engine **Source:** [https://www.youtube.com/watch?v=Xx588nbshlM](https://www.youtube.com/watch?v=Xx588nbshlM) **Duration:** 00:06:28 ## Summary - Docker popularized containerization, using Dockerfiles to build OCI‑compatible images that are run by the Docker Engine’s background daemon (the Docker daemon). - The Docker daemon operates with root privileges, which can be a security risk and may require elevated access in many organizations. - Podman provides a daemon‑less container engine that runs containers without needing root, emphasizing improved security and user‑level operation. - Like Docker, Podman works with OCI‑standard images and containers, but it also adds native support for Kubernetes‑style pods, enabling multiple containers to be managed as a single unit. - Both tools share similar concepts (images, containers, registries), yet the key distinction lies in Docker’s client‑server model with a central daemon versus Podman’s rootless, daemon‑free architecture. ## Sections - [00:00:00](https://www.youtube.com/watch?v=Xx588nbshlM&t=0s) **Docker vs. Podman Overview** - Cedric Clyburn, a Red Hat developer advocate, introduces Docker’s core components and concepts as a prelude to comparing it with Podman. ## Full Transcript

0:00today I'm thrilled to discuss a 0:02particularly Hot Topic Docker versus 0:04podman which one should you choose you 0:07know what are the differences well today 0:09I'm going to help you make that decision 0:11my name is Cedric Clyburn I'm a 0:13developer Advocate at red hat and let's 0:15just jump right in and start talking 0:16about Docker now Docker it's a name 0:19synonymous with containers Docker helped 0:22Pioneer containerization technology to 0:25what it is today and has made containers 0:27one of the most important and most 0:29popular developer tools that we have 0:31today so containers can help us to take 0:35and package together our code our 0:37libraries our runtime 0:40All in One Singular unit that we can 0:43then deploy in a variety of different 0:46environments but essentially making our 0:48life easier and fundamentally changing 0:50the way that we deploy and manage 0:52applications so thanks Docker now Docker 0:55is made up of several different 0:57components you might have heard of some 0:58before such as the docker file which is 1:02a set of instructions in order to build 1:04images of course we've got the images 1:06which then contain everything that we 1:08need to run a container 1:10now the container is run by a special 1:14part of Docker called the docker engine 1:18now the docker engine is what's running 1:20in the background when you're using 1:22Docker so you can think about the 1:24architecture like this here we have our 1:26CLI our Docker desktop application that 1:29we're using by chance and when we're 1:31doing different actions like Building 1:33images or pushing them or running 1:35containers what's actually happening in 1:37the background is we're using a 1:39background Daemon process now what is 1:41this this is a process that's doing all 1:43the heavy lifting for us for Docker so 1:46it's running the containers it's working 1:48with Registries it's pulling down images 1:51it's doing all the heavy lifting this is 1:54what's known as a client server approach 1:57now there are some limitations for the 1:59docker Daemon in the background because 2:01it is running on your system on root so 2:04that means if you're in an organization 2:06and you don't have root access or pseudo 2:08access you'll have to ask for that in 2:10order to be able to run uh Docker 2:12commands Additionally the docker Daemon 2:14running on your system uh with root can 2:17be a security loophole however that's 2:19where podman comes in podman is also a 2:22container engine for working with 2:24containers and containerized 2:25applications however it has a focus on 2:28security and what's unique about it is 2:30it doesn't have this Central Daemon so 2:33we'll talk about this here in a second 2:34but podman is comprised of the same 2:37components so we've got images 2:40we've got containers 2:43and keep in mind these are all based 2:45around something called the oci this is 2:46the open container initiative which 2:48essentially just defines how containers 2:51and containerization Technologies should 2:52work in addition to images containers 2:55and everything else that Docker has we 2:57also have the addition of PODS just like 3:00the name so pods is a kubernetes concept 3:03that essentially allows us to have 3:05multiple containers in one coupled unit 3:08where they're sharing tightly the same 3:10volume and network so maybe this is a 3:13proxy and this is our actual JavaScript 3:15application now we can take this and put 3:18it into a pod so podman allows us to 3:21extract these uh manifest these yaml 3:24files and actually deploy them into our 3:27kubernetes cluster so it makes the 3:29transition to kubernetes a lot easier in 3:31addition just like Docker we've got the 3:33podman engine 3:35but as mentioned before it works a 3:38little differently so instead of having 3:40this Central Daemon process and 3:41connecting to it from our client we're 3:43using the client directly and when we're 3:45working with new containers what's 3:47happening is podman is forking itself 3:49and this new child process then becomes 3:52the container so it works with a 3:54daeminist architecture which allows it 3:57to run by default in a rootless fashion 3:59now you'll notice again that these 4:01components are very similar based on the 4:03oci standards this makes it very easy to 4:05go from Docker to podman and podman to 4:08Docker or to learn both so what would be 4:11a Docker push a Docker pool would just 4:13be a podman push or a podman pool so 4:16this makes it very easy when working 4:17with both of these now let's take a look 4:19at actually the differences in between 4:22podman and Docker so if you're looking 4:25for a Daemon list container engine 4:27podman is right for you but Docker is 4:30still using the Daemon in the background 4:32now this also allows for rootless by 4:34default however docker here doesn't do 4:37this by default but it can with some 4:39limitations now if you want Docker 4:41specific features such as swarm well 4:43Docker is here for that which helps you 4:45do container orchestration now if you're 4:48looking for multi-container applications 4:50with compose both Docker has Docker 4:52compose and podman has podman compose so 4:56both of them support it now if you're 4:57looking at running this container engine 5:00on whether it be Mac windows or your 5:02favorite distribution of Linux both 5:04Docker has the docker desktop and the 5:06docker CLI and podman has the podman 5:09desktop and podman CLI so it doesn't 5:11matter if you're a visual person or you 5:13like the command line both container 5:15engines could be the right pick for you 5:16but how do we really determine which one 5:19that we should use well let's start off 5:21with Docker Docker as mentioned before 5:23is the Pioneer and the industry standard 5:26for containerization now that means they 5:29have more documentation a larger user 5:32group and more guides out there if 5:34you're getting started with docker 5:35additionally there are some features 5:37that are just native to Docker such as 5:40Docker swarm that podman simply doesn't 5:42have now podman can make it super easy 5:45to get started without needing a Daemon 5:48and get set up moving not only just 5:50container images but also moving to 5:53kubernetes so if you're looking to get 5:55started with kubernetes or move your 5:57workload to kubernetes as an 5:58orchestrator podman might be the right 6:00choice for you in addition for running 6:03containers in a rootless fashion and not 6:05having a Daemon it's more focused on 6:07security so both Docker and podman are 6:11fantastic container engines so now you 6:13know the differences between Docker and 6:15podman now I have a question for you are 6:17you team Docker or team podman let us 6:19know down in the comments 6:22hey thanks for watching this video as 6:24always don't forget to like And 6:25subscribe and we'll see you in the next 6:26one