Podman and CRI-O: Building, Running, and Managing Containers

Podman is daemonless, open-source, and natively runs on Linux. Podman makes it easy to identify, execute, develop, share, and deploy applications using Open Containers Initiative (OCI) containers and container images. Podman has a command-line interface that is well-known to everyone who uses the Docker Container Engine.

What is CRI-O?

CRI-O is an open-source, community-driven container engine focusing on replacing the Docker service as the container engine for Kubernetes implementations such as the OpenShift Container Platform. This means the runtimes provided by the CRI-O container engine, container runtime/OCI compliant are stable, secure, and perform better than the current runtimes. Any runtimes can be utilized by the CRI-O container engine that is OCI compliant. This encompasses runs, for example, and is the default OCI runtime.

Step-by-Step Guide To Podman and CRI-O: Building, Running, and Managing Containers

Step 1: Install Podman

First, you need to install podman, to install this you can follow the below command.

sudo dnf install podman -y

Output:

Step 2: Install CRI-O

Add the desired Kubernetes version's CRI-O repository, then update the version as necessary.

sudo systemctl enable crio --now

Output:

Step 3: Build Containers

Podman builds images using commands that are compatible with Docker.

podman build -t my-alpine-image 

Output:

Step 4: Run the Containers

You can run the container after it has been built.

# Running a container
podman run --name mycontainer -d my-alpine-image

Output:

Step 5: Manage Containers

Many Docker-like management commands are available in Podman.

podman ps -a  

Output:

Step 6: Handle Networking

Podman supports different network modes by default.

podman network create mynetwork

Output:

Step 7: Container Storage Management

Podman and Docker both use storage in comparable ways.

podman volume ls

Output:

Step 8: Monitoring and Logging

Podman:

With Podman, you may view the logs for any stopped or running containers.

podman logs mycontainer

Output:

CRI-O:

To check logs with CRI-O, use crictl or Kubernetes tools like kubectl.

crictl logs container-id

Output:

How to start the CRI-O service

Step 1: Enable CRI-O to start on boot

This command makes sure that whenever your computer restarts, CRI-O launches automatically.

sudo systemctl enable crio

Output:

Step 2: Start and Check the status of the CRI-O service

This command helps in determining if CRI-O is operating properly.

sudo systemctl status crio

Output:

Running Containers on Kubernetes with CRI-O

Step 1: Verify Kubernetes

Check whether Kubernetes nodes are utilizing CRI-O: to verify correct integration of the CRI-O runtime.

kubectl get nodes -o wide

Output:

Step 2: Run a Pod using CRI-O

The next stage is managing and deploying Kubernetes pods using CRI-O as a runtime.

kubectl run nginx --image=nginx

Output:

Monitoring CRI-O Containers

Step 1: Check running containers

To list the active containers within CRI-O follow the below command.

sudo crictl ps

Output:

Step 2: Get container logs

Get logs from a container that is currently operating.

sudo crictl logs <container-id>

Output:

Step 3: Check pod status

Lastly, you can check kubernetes pod status.

kubectl get pods

Output:

Best Practices of Podman and CRI-O: Building, Running, and Managing Containers

• Image Management: With local registries, the pull of images in your infrastructure will be faster and less reliant on external dependencies.
• Tag your images: Suppose with useful captions on photographs, for example, build numbers, version numbers, or commit hashes; it becomes extremely traceable and retrievable.
• Use Minimal Base Images: Minimal base images are very lightweight images that involve only necessary packages. Such minimalizing the whole image size and attack surface enhances performance and security.
• Privilege Limitation of the Container: Containers are often given more permissions than they need. The fewer the privileges on a container, the lower your attack surface is.

Conclusion

Both Podman and CRI-O offer ways to build, run, and manage containers very powerfully, efficiently, and securely, especially in Kubernetes deployments. It is only through the amalgamation of Podman's rootless architecture combined with CRI-O's Kubernetes-native approach that offers flexibility with security.