Saturday, April 18, 2026

Podman Essentials: Containers, Commands & Container Orchestration

🐳 Podman Essentials

Master Container Management with Podman, Kubernetes & OpenShift

📚 Based on: Red Hat DO188 Course ⏱️ Read Time: 8-10 minutes 🎯 Skill Level: Intermediate

Containers have revolutionized application development and deployment. This comprehensive guide summarizes the essential concepts and commands from the Red Hat OpenShift Development I course, focusing on Podman—the powerful daemonless container engine that's transforming how developers build and manage containerized applications.

Understanding Containers

A container is an encapsulated process that bundles an application with its required runtime dependencies. Unlike virtual machines, containers only include what's necessary for the application to run, making them lightweight and fast.

Key Container Concepts

Container Images vs. Instances

Container Image: An immutable blueprint containing your application and its libraries. Think of it as a class in object-oriented programming.

Container Instance: An executable version of the image with runtime references to networking, storage, and other resources. Think of it as an object instantiated from a class.

Containers vs. Virtual Machines

Aspect Virtual Machines Containers
Management Hypervisor (KVM, VMware, Xen) Container Engine (Podman, Docker)
Footprint Gigabytes Megabytes
Start Time Minutes Seconds
Portability Hypervisor-specific Any OCI-compliant engine
Use Case Full OS environment needed Microservices, rapid scaling

Underlying Technologies

Containers leverage Linux kernel features:

  • Namespaces: Isolate processes from each other and the host system
  • Control Groups (cgroups): Manage resource allocation (CPU, memory)
  • Union File Systems: Merge immutable image layers with a writable runtime layer
  • OCI Standards: Ensure portability across container engines

Podman: The Daemonless Container Engine

Podman is an open-source container engine that manages containers without requiring a daemon process. This daemonless architecture eliminates single points of failure and security concerns associated with privileged daemon processes.

Why Podman?

  • Daemonless: No background process monopolizing resources
  • Secure: Can run containers as unprivileged users (rootless Podman)
  • OCI-Compliant: Portable across container engines
  • Multi-Interface: CLI, RESTful API, and Podman Desktop GUI
  • Familiar Syntax: Compatible with Docker commands

Essential Podman Commands

Check Podman Version podman -v

Verify your Podman installation and version.

Pull Container Images podman pull registry.redhat.io/rhel7/rhel:7.9

Download container images from registries. Images are stored locally after pulling.

List Local Images podman images

Display all container images available on your system with repository, tag, ID, and size.

Run a Container podman run [options] image:tag [command]

Execute commands inside a container. Most fundamental Podman command.

List Running Containers podman ps

Show active containers. Use --all to include stopped containers.

Remove Containers Automatically podman run --rm image:tag command

Container is automatically deleted when it exits. Useful for short-lived operations.

Assign Container Names podman run --name my-container image:tag

Give meaningful names to containers for easier identification and management.

Run Containers in Background podman run -d image:tag

Detached mode—container runs in the background without blocking your terminal.

Expose Ports podman run -p 8080:8080 image:tag

Map local ports to container ports. Syntax: -p [host-port]:[container-port]

Set Environment Variables podman run -e NAME='Value' image:tag

Inject configuration through environment variables without rebuilding images.

Practical Example: Running an HTTP Server

$ podman run -d -p 8080:8080 \ registry.access.redhat.com/ubi8/httpd-24:latest # Access at: http://localhost:8080

Container Networking Essentials

Containers communicate through networks. Podman provides flexible networking options to isolate and connect containers as needed by your applications.

Default vs. Custom Networks

Default Network Limitation

The default podman network uses slirp4netns mode and does not support DNS resolution between containers. For multi-container applications, create custom networks with DNS enabled.

Network Management Commands

Create a Network podman network create example-net

Creates a new bridge network with DNS resolution enabled.

List Networks podman network ls

Display all Podman networks with brief summaries.

Inspect Network Details podman network inspect example-net

Get detailed JSON configuration for a specific network.

Connect Container to Network podman run --net example-net --name container-name image:tag

Attach containers to custom networks during creation.

Connect Multiple Networks podman run --net net1,net2 --name container-name image:tag

Containers can participate in multiple networks simultaneously.

Connect Running Container to Network podman network connect example-net my-container

Add a running container to an existing network.

Remove Network podman network rm example-net

Delete a network (must have no attached containers).

DNS Resolution & Service Discovery

When containers share a custom network, they can communicate using hostnames:

# Container 'database' on 'app-net' receives requests from 'api' container: curl http://database:5432

The hostname resolves to the container's current IP address, enabling dynamic service discovery.

Network Architecture Example

Modern multi-tier applications isolate communication:

  • ui-network: Connects UI and API containers
  • api-network: Connects API and database containers
  • UI container cannot directly reach database (enforced isolation)

Managing Container Lifecycle

Containers have distinct states: created, running, paused, stopped, and removed. Proper lifecycle management is essential for resource efficiency and application stability.

Container States

  • Created: Container exists but hasn't started
  • Running: Container process is executing
  • Paused: Container process is suspended
  • Stopped/Exited: Container has finished but data remains
  • Removed: Container and its data deleted permanently

Lifecycle Commands

Create Container podman run image:tag

Creates and starts a container in one command.

Stop Running Container podman stop container-id

Gracefully shut down a container (SIGTERM).

Kill Container podman kill container-id

Force-terminate a container (SIGKILL).

Start Stopped Container podman start container-id

Restart a previously stopped container with its data intact.

Pause Container podman pause container-id

Suspend execution without stopping (preserves state).

Resume Paused Container podman unpause container-id

Resume execution of a paused container.

Remove Container podman rm container-id

Permanently delete a stopped container and its data.

⚠️ Important Distinction

Stopping ≠ Removing: A stopped container still exists on your system and can be restarted. Removing a container permanently deletes it. Use podman rm to free up disk space.

From Containers to Orchestration: Kubernetes & OpenShift

While Podman manages containers on individual hosts, Kubernetes and Red Hat OpenShift orchestrate containers across multiple machines at scale.

Kubernetes Overview

Kubernetes is an orchestration platform that automates deployment, scaling, and management of containerized applications across clusters.

Key Kubernetes Features:

  • Service Discovery & Load Balancing: Automatic DNS resolution and traffic distribution
  • Horizontal Scaling: Automatically scale applications up or down
  • Self-Healing: Restart failed containers and reschedule pods
  • Automated Rollouts: Gradual updates with automatic rollback on failure
  • Secrets Management: Securely manage configurations and credentials
  • Operators: Custom resources for complex application lifecycle management

Red Hat OpenShift Container Platform (RHOCP)

OpenShift is a Kubernetes distribution that adds enterprise features for production environments.

OpenShift Additions to Kubernetes:

  • Developer Workflow: Integrated container registry, CI/CD pipelines, Source-to-Image (S2I)
  • Routes: Simplified ingress and external service exposure
  • Built-in Metrics & Logging: Self-analyzing metrics and aggregated logging
  • Unified UI: Single interface for all platform capabilities
  • Security & Multi-tenancy: Advanced RBAC and isolation

The Pod: Smallest Kubernetes Unit

What's a Pod?

A pod is Kubernetes' smallest deployable unit. It can contain:

  • One container (most common)
  • Multiple tightly-coupled containers sharing networking and storage
  • A shared IP address and hostname
  • Shared storage volumes

Application Lifecycle in OpenShift

  1. Define pods and their containers
  2. OpenShift assigns pods to healthy cluster nodes
  3. Pods run until containers exit or are manually stopped
  4. Pods are removed (or retained for log access) based on exit codes and policies

Why Containers Transform Development

Stability & Consistency

Container images lock in specific library versions, eliminating "works on my machine" problems. The same image runs identically in development, staging, and production.

Rapid Testing & Deployment

Containers enable:

  • Local testing before cloud deployment
  • CI/CD pipeline automation
  • Microservices architecture with independent scaling
  • Zero-downtime deployments

Resource Efficiency

Containers use dramatically fewer resources than VMs:

  • Megabytes vs. gigabytes of disk space
  • Seconds vs. minutes to start
  • Dozens or hundreds per host vs. handful of VMs

Multi-Container Applications

Modern applications distribute logic across containers:

  • API server container
  • Database container
  • Cache (Redis) container
  • Message queue container

Each scales independently while Kubernetes manages orchestration and high availability.

Key Takeaways

🎯 Containers Are Lightweight, Fast, and Portable

Bundles applications with dependencies for consistency across environments.

🛠️ Podman Is the Developer's Container Engine

Daemonless, secure, and compatible with Docker—perfect for local development.

🌐 Networks Enable Container Communication

Custom networks with DNS provide service discovery and isolation for multi-container apps.

📊 Kubernetes & OpenShift Handle Scale

Orchestration platforms automate deployment, scaling, and lifecycle management at enterprise scale.

🔄 Immutable Images = Stable Development

Container images ensure consistency between development and production environments.

Quick Reference: Essential Commands


# IMAGE MANAGEMENT
podman pull registry.com/image:tag # Download image
podman images # List local images
podman rm image-id # Delete image

# CONTAINER OPERATIONS
podman run [options] image:tag # Create & run container
podman ps # List running containers
podman ps --all # List all containers
podman stop container-id # Graceful shutdown
podman rm container-id # Delete container

# COMMON OPTIONS
-d # Detached (background)
-p host:container # Port mapping
-e KEY=VALUE # Environment variable
--name container-name # Assign name
--rm # Auto-remove on exit
--net network-name # Connect to network

# NETWORKING
podman network create net-name # Create network
podman network ls # List networks
podman network inspect net-name # View network details
podman network connect net container # Attach container to network
Posted by at No comments:
Subscribe to: Comments (Atom)