Podman and CRI-O in RHEL 8 and OpenShift 4

What This is a quick article to pull together the entire picture of Podman and CRI-O with the releases of RHEL 8 and OpenShift Container Platform 4. In a nutshell, you get Podman with RHEL in a single node use case (orchestrate yourself) and CRI-O as part of the highly automated OpenShift 4 software stack.

Why I Believe in Tools Like Kubernetes and Podman So Strongly

Why I Believe in Tools Like Kubernetes and Podman So Strongly

History Lesson on PaaS People often rewrite history in their minds. They see the way the landscape looks today, forget the chronological order of events, and reconstruct a false model of cause and effect. I am guilty of doing this from time to time. One such history is that of PaaS. The year was 2012,

Part II: Why Is There No Docker in OpenShift 4 and RHEL 8?

Part II: Why Is There No Docker in OpenShift 4 and RHEL 8?

In Part I: Is Docker Supported in OpenShift 4 and RHEL 8? I explained that the the Docker daemon will not be supported in new Red Hat products, but that Docker images will be. The next question people always ask me is, “Why? I thought you guys love Docker? I’m confused.” There are many reasons

Part I: Is Docker Supported in OpenShift 4 and RHEL 8?

Part I: Is Docker Supported in OpenShift 4 and RHEL 8?

TL;DR: Docker container images are supported in OpenShift 4 and RHEL 8, but the Docker daemon and client are not. Instead, containers will be run with CRI-O in OpenShift 4, and Podman in RHEL 8 – the same images can be used anywhere because of container standards. Cool, if that’s enough information for you and

Testing With Podman – Complete Uninstall/Reinstall

Testing With Podman – Complete Uninstall/Reinstall

Background Sometimes it’s necessary to uninstall completely, and reinstall when testing software. This is something I have been doing with podman on RHEL 7.6 since about 6AM today 🙂 I figured it was worth capturing the instructions I have developed while testing user namespaces and rootless containers. This could make your life easier too. Complete

Hacker’s Guide to Installing OpenShift Container Platform 3.11

Hacker’s Guide to Installing OpenShift Container Platform 3.11

Background My problem, like most technologists, is that I only have a slice of my time to dedicate toward acquiring and maintaining knowledge about any given technology, product, project, tool, platform, etc. Split that with the fact that almost every CIO is preaching that we, as technologists, need to be closer to the business, and

Rootless Podman on PowerPC (That’s a Mouthful)

Rootless Podman on PowerPC (That’s a Mouthful)

Background I was thinking about naming this article the POWER of Podman, or Podman on Power or Power Man or…but I digress. Confession, it’s been a long time since I played with a POWER system. The last time I did it, it was difficult to get Linux booted up. Now days, with Red Hat Virtualization,

So, What Does a Container Engine Really Do Anyway?

So, What Does a Container Engine Really Do Anyway?

It only takes a couple of quick google searches to realize that people have no idea what a container engine is. That’s understandable because It was a completely new concept back in 2013. Plenty of good people have tried and failed – see WTF is a Container (not deep enough) or What is Docker and why

What is CRICTL and Why Should You Care?

What is CRICTL and Why Should You Care?

Container Engines are like wheel bearings, you should be able to replace them when they stop working. Also, you shouldn’t have to care about what brand they are. That’s what the Kubernetes Container Runtime Interface (CRI) aims to solve. CRI defines the API used to talk to container engines and all the major container engines

What is sVirt and How Does it Isolate Linux Containers?

What is sVirt and How Does it Isolate Linux Containers?

Background What is sVirt and, why does it matter for your containers? The short answer is, because sVirt is another layer of security and defense in depth is a good approach to security. The longer answer is, sVirt dynamically generates an SELinux label for every single one of your containers, which makes them less likely