How to utilize Podman in place of Docker?

So we, as an organization need to utilize Podman’s rootless feature in place of Docker. I understand that Docker has something similar, but our client wants Podman specifically. So with that said, myself being very new to Rancher and the world of Kubenettes decided to find a simple hello world test.

My first goal was to actually get Rancher and its dependencies installed so I could use Rancher on a local machine. you can explore my exploits here, link @malcolmlewis1 was a huge help in getting me this far.

So to test out a simple nginx server I proceeded to do the following.

create a simple cluster file
image

bring the cluster up

rke up --config local-cluster.yml

export KUBECONFIG

export KUBECONFIG=$(pwd)/kube_config_local-cluster.yml

setup a quick nginx folder with docker file and build the image

mkdir nginx
cd nginx
echo “<h1>Hello World from NGINX!!” > index.html

vim Dockerfile
FROM nginx:alpine
COPY . /usr/share/nginx/html

docker build --tag nginx-helloworld:latest .

before deploying to kubernetes I verify that kubectl is looking at the cluster

kubectl get nodes

image

next to deploy

kubectl run hello-world --image=nginx-helloworld:latest --image-pull-policy=Never --port=80
kubectl port-forward pods/hello-world 8080:80

I verify that its working, at least I think I’ve verified it

I verified that the pod is present

kubectl get pods
image

I see the text that I’m expecting. when I access the port

curl localhost:8080
image

Now, based on what I’m seeing, nginx is running inside the cluster am I correct?

next, I need to replace the docker pod with Podman pods. This is fairly easy to create the image, I simply replace all the commands I’ve used for building the docker image with Podman. Sweet done. Well no. I now need to point Kubectl at the Podman images. I haven’t been able to find any reference as to how to do that. The local-cluster.rkestate has several references to Docker in it. So I’m assuming I might need to build the cluster itself knowing that it uses Podman. Can someone point me to a site that has any information on how to do that?

In advance, thank you for your time and help.

@mascenzi80 Hi, perhaps Podman Desktop would help? https://podman-desktop.io/blog/running-a-local-kubernetes-cluster-with-podman-desktop

I think you will have better success with k3s or RKE2 running containerd?

1 Like

@malcolmlewis1 let me talk about this from a different angle, or just give some more information.

In the grand scheme of things, we do not care that Rancher, rke, is utilizing Docker and is reliant on it. The important part of this is that the containers that are running within the cluster managed by rke are using containers that were generated with Podman.

My understanding is that Kubernetes can point to a local repository or a remote repository and it doesn’t care if the image was built utilizing Docker or Podman, only that it needs to know what image is to be used for the container.

For instance, I would like to build an image utilizing Podman and push that image to a locally managed repository we have. I was under the understanding that I could then create a manifest file that will look for the image I want my container built off of from that repository.

Does this make sense?

@mascenzi80 Ahh ok, something like this then: https://thenewstack.io/tutorial-host-a-local-podman-image-registry/

1 Like

@malcolmlewis1 Yes and no, yes we want to use our own repository eventually, and your link helps with that. but that’s not what I’m currently struggling with.

Currently, I have RKE up and running. Here are the steps I currently take to run a simple Hello World test

  • mkdir nginx
  • cd nginx
  • echo “<h1>Hello World from NGINX!!” > index.html
  • vim Dockerfile
      FROM nginx:alpine
      COPY . /usr/share/nginx/html
  • docker build --tag nginx-helloworld:latest .
  • kubectl run hello-world --image=nginx-helloworld:latest --image-pull-policy=Never --port=80
  • kubectl port-forward pods/hello-world 8080:80
  • curl localhost:8080

What I want to do is the following

  • mkdir nginx
  • cd nginx
  • echo “<h1>Hello World from NGINX!!” > index.html
  • vim Dockerfile
      FROM nginx:alpine
      COPY . /usr/share/nginx/html
  • podman build --tag nginx-helloworld:latest .
  • kubectl run hello-world --image=nginx-helloworld:latest --image-pull-policy=Never --port=80
  • kubectl port-forward pods/hello-world 8080:80
  • curl localhost:8080

This doesn’t work in its current configuration. As kubectl does not know how to pull from the local Podman repository.

Leaving RKE in its current installation, can I make changes to the local-cluster.yaml to point kubectl to the podman repo instead of Docker? So that when I run kubectl run hello-world --image=nginx-helloworld:latest it pulls from the Podman built images and not the Docker images.

As I mentioned, we don’t care of Rancher is using Docker, as long as the pods created within the cluster are Podman built images.

Or perhaps there is a way within a manifest file, when I use Kubectl apply?

@mascenzi80 you run with podman, then generate the yaml file with podman generate kube hello-world > hello-world.yaml, then kubectl create -f hello-world.yaml

For a kubernetes install you will not pull from the local image cache, instead you should set up a real private image registry (google for options…)

Then you tag the images with <your.registry>/image/path/in-repo
do a podman push <full-tag>
and reference the full-tag also in your container specs.

@malcolmlewis1 your suggestion of podman generate kube … is not a viable long-term solution. Obviously, the information you weren’t aware of, as I’m currently just attempting to get things working with a much simpler implementation, but we utilize build scripts based on different scenario files that get loaded at launch time. Part of the process is to build the images for the containers that will be needed based on different parameters associated with the config files. Building, running, then generating a manifest file from a running container, and then running a new container within the cluster would not be practical.

That appears to be what you have suggested. correct?

@KianaClover No not yet. I’m still attempting to figure it out. I have had to switch focus to another program, but I jump back to this issue as often as I can.

@bpedersen2 Thank you. @malcolmlewis1 suggested a link for setting up a private repo. I’m going to attempt to look at that today.

just to clarify the steps you’re suggesting.

  1. Create a private registry
  2. build a Podman image, but tag the image so that includes details associated with the private register
  3. push the image to the private registry
  4. when generating the manifest files, it should pull the image from the private registry

correct? Through my research, I’m finding a lot of links that suggest Podman was not designed to be used within Kubernetes. I can’t remember what the article said exactly. actually here is a link to a post I quickly found, link here. Granted these posts are a few years old. I don’t understand it, but I’ve also found references that the runtime engine isn’t compatible with Podman. I haven’t spent any time looking at it, but something about using CRI-O vs. Containerd, and even Docker was mentioned at some point.

is what I’m attempting to do Possible? Or is it one of those things that have a few years of learning and experience you can hack it together to work?

@mascenzi80 That suggestion was just to test, but it generates a basic yaml file, which in my tests didn’t work (I don’t use podman…) I do remember a year or so testing the pod creation and it did work.

I do note that RKE needs docker less than or equal to 23, what version are you running, perhaps a different version of docker may help?

@malcolmlewis1 I see. In either case, I couldn’t get it to work anyway. The build just sort of froze. After 30 min of waiting, I figured it wasn’t going to do anything. No errors, it just kept freezing.

my current version of Docker is 24.05. I see now that the support matrix shows 23 as a suggestion for docker. I’ll update that