diff --git a/README.md b/README.md
index 390e558209..349accc93f 100644
--- a/README.md
+++ b/README.md
@@ -76,8 +76,9 @@ distro specific commands (e.g.: `debootstrap` for Debian or `yum` for CentOS).
 The `dracut` build method uses the distro-agnostic tool `dracut` to obtain the same goal.
 
 By default components are run on the host system. However, some components
-offer the ability to run from within Docker (for ease of setup) by setting the
-`USE_DOCKER=true` variable.
+offer the ability to run from within a container (for ease of setup) by setting the
+`USE_DOCKER=true` or `USE_PODMAN=true` variable. If both are set, `USE_DOCKER=true`
+takes precedence over `USE_PODMAN=true`.
 
 For more detailed information, consult the documentation for a particular component.
 
diff --git a/image-builder/Dockerfile b/image-builder/Dockerfile
index 457070f656..c327922587 100644
--- a/image-builder/Dockerfile
+++ b/image-builder/Dockerfile
@@ -3,7 +3,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-From fedora:latest
+From docker.io/fedora:latest
 
 RUN [ -n "$http_proxy" ] && sed -i '$ a proxy='$http_proxy /etc/dnf/dnf.conf ; true
 
diff --git a/image-builder/image_builder.sh b/image-builder/image_builder.sh
index 7d7178dc68..73f20f88ae 100755
--- a/image-builder/image_builder.sh
+++ b/image-builder/image_builder.sh
@@ -88,6 +88,8 @@ Extra environment variables:
 	AGENT_INIT: Use kata agent as init process
 	FS_TYPE:    Filesystem type to use. Only xfs and ext4 are supported.
 	USE_DOCKER: If set will build image in a Docker Container (requries docker)
+		    DEFAULT: not set
+	USE_PODMAN: If set and USE_DOCKER not set, will build image in a Podman Container (requries podman)
 	            DEFAULT: not set
 
 
@@ -117,8 +119,8 @@ EOT
 }
 
 
-# build the image using docker
-build_with_docker() {
+# build the image using container engine
+build_with_container() {
 	local rootfs="$1"
 	local image="$2"
 	local fs_type="$3"
@@ -126,16 +128,16 @@ build_with_docker() {
 	local root_free_space="$5"
 	local agent_bin="$6"
 	local agent_init="$7"
-	local docker_image_name="image-builder-osbuilder"
+	local container_image_name="image-builder-osbuilder"
 	local shared_files=""
 
 	image_dir=$(readlink -f "$(dirname "${image}")")
 	image_name=$(basename "${image}")
 
-	docker build  \
+	"${container_engine}" build  \
 		   --build-arg http_proxy="${http_proxy}" \
 		   --build-arg https_proxy="${https_proxy}" \
-		   -t "${docker_image_name}" "${script_dir}"
+		   -t "${container_image_name}" "${script_dir}"
 
 	readonly mke2fs_conf="/etc/mke2fs.conf"
 	if [ -f "${mke2fs_conf}" ]; then
@@ -145,7 +147,7 @@ build_with_docker() {
 	#Make sure we use a compatible runtime to build rootfs
 	# In case Clear Containers Runtime is installed we dont want to hit issue:
 	#https://github.com/clearcontainers/runtime/issues/828
-	docker run  \
+	"${container_engine}" run  \
 		   --rm \
 		   --runtime runc  \
 		   --privileged \
@@ -161,7 +163,7 @@ build_with_docker() {
 		   -v "${rootfs}":"/rootfs" \
 		   -v "${image_dir}":"/image" \
 		   ${shared_files} \
-		   ${docker_image_name} \
+		   ${container_image_name} \
 		   bash "/osbuilder/${script_name}" -o "/image/${image_name}" /rootfs
 }
 
@@ -466,9 +468,15 @@ main() {
 		exit 0
 	fi
 
-	if [ -n "${USE_DOCKER}" ] ; then
-		build_with_docker "${rootfs}" "${image}" "${fs_type}" "${block_size}" \
-						  "${root_free_space}" "${agent_bin}" "${agent_init}"
+	if [ -n "${USE_DOCKER}" ]; then
+		container_engine="docker"
+	elif [ -n "${USE_PODMAN}" ]; then
+		container_engine="podman"
+	fi
+
+	if [ -n "$container_engine" ]; then
+		build_with_container "${rootfs}" "${image}" "${fs_type}" "${block_size}" \
+						  "${root_free_space}" "${agent_bin}" "${agent_init}" "${container_engine}"
 		exit $?
 	fi
 
diff --git a/rootfs-builder/alpine/Dockerfile.in b/rootfs-builder/alpine/Dockerfile.in
index 94752399bf..24fb8610c7 100644
--- a/rootfs-builder/alpine/Dockerfile.in
+++ b/rootfs-builder/alpine/Dockerfile.in
@@ -3,7 +3,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-From golang:@GO_VERSION@-alpine
+From docker.io/golang:@GO_VERSION@-alpine
 
 RUN apk update && apk add \
     git \
diff --git a/rootfs-builder/centos/Dockerfile.in b/rootfs-builder/centos/Dockerfile.in
index 26026374f9..3b027afb0a 100644
--- a/rootfs-builder/centos/Dockerfile.in
+++ b/rootfs-builder/centos/Dockerfile.in
@@ -3,7 +3,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-From centos:@OS_VERSION@
+From docker.io/centos:@OS_VERSION@
 
 @SET_PROXY@
 
diff --git a/rootfs-builder/clearlinux/Dockerfile.in b/rootfs-builder/clearlinux/Dockerfile.in
index 5acfe27140..5ed047bba0 100644
--- a/rootfs-builder/clearlinux/Dockerfile.in
+++ b/rootfs-builder/clearlinux/Dockerfile.in
@@ -3,7 +3,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-From fedora:30
+From docker.io/fedora:30
 
 @SET_PROXY@
 
diff --git a/rootfs-builder/debian/Dockerfile.in b/rootfs-builder/debian/Dockerfile.in
index 493df64307..b524d5005c 100644
--- a/rootfs-builder/debian/Dockerfile.in
+++ b/rootfs-builder/debian/Dockerfile.in
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 # NOTE: OS_VERSION is set according to config.sh
-from debian:@OS_VERSION@
+from docker.io/debian:@OS_VERSION@
 
 # RUN commands
 RUN apt-get update && apt-get install -y curl wget systemd debootstrap git build-essential chrony
diff --git a/rootfs-builder/euleros/Dockerfile.in b/rootfs-builder/euleros/Dockerfile.in
index 285d66293f..3868b2b26f 100644
--- a/rootfs-builder/euleros/Dockerfile.in
+++ b/rootfs-builder/euleros/Dockerfile.in
@@ -3,7 +3,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-FROM euleros:@OS_VERSION@
+FROM docker.io/euleros:@OS_VERSION@
 
 @SET_PROXY@
 
diff --git a/rootfs-builder/fedora/Dockerfile.in b/rootfs-builder/fedora/Dockerfile.in
index 20eca11b4a..3aa3d6e441 100644
--- a/rootfs-builder/fedora/Dockerfile.in
+++ b/rootfs-builder/fedora/Dockerfile.in
@@ -3,7 +3,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-From fedora:@OS_VERSION@
+From docker.io/fedora:@OS_VERSION@
 
 @SET_PROXY@
 
diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh
index ab6a95701a..f2d283e6de 100755
--- a/rootfs-builder/rootfs.sh
+++ b/rootfs-builder/rootfs.sh
@@ -126,6 +126,10 @@ USE_DOCKER          If set, build the rootfs inside a container (requires
                     Docker).
                     Default value: <not set>
 
+USE_PODMAN          If set and USE_DOCKER not set, then build the rootfs inside
+                    a podman container (requires podman).
+                    Default value: <not set>
+
 DOCKER_RUNTIME      Docker runtime to use when USE_DOCKER is set.
                     Default value: runc
 
@@ -177,7 +181,7 @@ docker_extra_args()
 		args+=" --cap-add SYS_ADMIN"
 		# When AppArmor is enabled, mounting inside a container is blocked with docker-default profile.
 		# See https://github.com/moby/moby/issues/16429
-		args+=" --security-opt apparmor:unconfined"
+		args+=" --security-opt apparmor=unconfined"
 		;;
 	*)
 		;;
@@ -308,17 +312,23 @@ build_rootfs_distro()
 
 	echo "Required Go version: $GO_VERSION"
 
-	if [ -z "${USE_DOCKER}" ] ; then
+	if [ -z "${USE_DOCKER}" ] && [ -z "${USE_PODMAN}" ]; then
 		#Generate an error if the local Go version is too old
 		foundVersion=$(go version | sed -E "s/^.+([0-9]+\.[0-9]+\.[0-9]+).*$/\1/g")
 
 		compare_versions "$GO_VERSION" $foundVersion || \
 			die "Your Go version $foundVersion is older than the minimum expected Go version $GO_VERSION"
 	else
+		if [ -n "${USE_DOCKER}" ]; then
+			container_engine="docker"
+		elif [ -n "${USE_PODMAN}" ]; then
+			container_engine="podman"
+		fi
+
 		image_name="${distro}-rootfs-osbuilder"
 
 		generate_dockerfile "${distro_config_dir}"
-		docker build  \
+		"$container_engine" build  \
 			--build-arg http_proxy="${http_proxy}" \
 			--build-arg https_proxy="${https_proxy}" \
 			-t "${image_name}" "${distro_config_dir}"
@@ -353,7 +363,7 @@ build_rootfs_distro()
 		#Make sure we use a compatible runtime to build rootfs
 		# In case Clear Containers Runtime is installed we dont want to hit issue:
 		#https://github.com/clearcontainers/runtime/issues/828
-		docker run  \
+		"$container_engine" run  \
 			--env https_proxy="${https_proxy}" \
 			--env http_proxy="${http_proxy}" \
 			--env AGENT_VERSION="${AGENT_VERSION}" \
diff --git a/rootfs-builder/suse/Dockerfile.in b/rootfs-builder/suse/Dockerfile.in
index 7aaed2a8b8..72d4c7b44c 100644
--- a/rootfs-builder/suse/Dockerfile.in
+++ b/rootfs-builder/suse/Dockerfile.in
@@ -5,7 +5,7 @@
 
 #suse: docker image to be used to create a rootfs
 #@OS_VERSION@: Docker image version to build this dockerfile
-from opensuse/leap
+from docker.io/opensuse/leap
 
 # This dockerfile needs to provide all the componets need to build a rootfs
 # Install any package need to create a rootfs (package manager, extra tools)
diff --git a/rootfs-builder/ubuntu/Dockerfile.in b/rootfs-builder/ubuntu/Dockerfile.in
index d4b10490b2..2b3f3f4365 100644
--- a/rootfs-builder/ubuntu/Dockerfile.in
+++ b/rootfs-builder/ubuntu/Dockerfile.in
@@ -5,7 +5,7 @@
 
 #ubuntu: docker image to be used to create a rootfs
 #@OS_VERSION@: Docker image version to build this dockerfile
-from ubuntu:@OS_VERSION@
+from docker.io/ubuntu:@OS_VERSION@
 
 # This dockerfile needs to provide all the componets need to build a rootfs
 # Install any package need to create a rootfs (package manager, extra tools)