Tiberiu Rosca's projects

Podman

When I got to CIXI, podman was one of the first tools I learned.

What is podman ?

From podman's website
Podman is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative (OCI) Containers and Container Images.

It can also be seen as an open source alternative to docker, with slightly stronger security.

An image describing the difference between Virtual machines and Docker

Explained with more details, it is a tool which allows to create, build and manage linux containers with an app (or more) inside. These containers are virtualized, but are much closer to the host's manchine kernel than a virtual machine. As you can see in the image (podman and docker work the same way), a container is a lot closer to the host OS, and only adds linux libs and tools to just work. While a virtual machine, has a guest OS to support, and so adds more complexity and increases the load on the host machine.

Podman allows to pull and build images. These images can be hosted anywhere, however podman can still use docker's image repository. And this repository is would still be the most used to build, even our own images.

Why build images ?

why would we build images if they already exist on docker ? The answer is security and reliability.

Docker has 2 types of images :

Official Images
Community images

some community members can also be verified companies

Depending on the tool used, there can be no official or verified publisher image. For example GLPI.
All the images for GLPI are made by the community.

The issue with this, is the risk for the company's security and software reliability. Even if some of the projects are published online, they require verification. If we just deploy some random open source image, we still cannot know if the images are really the one published on Github, or if they have been tampered with.
Furthermore, they could be not adapted to the company.

Consequently, building an image starting from an official docker images, or some verified publisher iamges, can be better for security and flexibility.

How to build build images ?

Building images in podman (and docker) is done throuhg a dockerfile. A list of instruction executed in order from the first to the last.
These instructions can be get an initial image, run linux commands, copy files, and more...

The instructions start from a base image (like debian:12.7), then execute tasks, in oder to modify it, and then created an image, contained on the computer. The Image can also be pushed to a self hosted server or to the docker hub.

This image is like a shut down linux. When it start, services can start, or we can even start commands when running the image, or even defining in the dockerfile, an command to run at each start.