this post was submitted on 13 Mar 2024
56 points (93.8% liked)

Selfhosted

40341 readers
888 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I would love to hear everyone's opinion.

top 50 comments
sorted by: hot top controversial new old
[–] Ledivin 47 points 8 months ago

If you don't have strong opinions one way or the other, then docker is the easy answer. Way, way more widespread, which generally tends to mean better docs, more guides and examples, more tooling and open-source support...

[–] Molecular0079 24 points 8 months ago

I use podman with the podman-docker compatibility layer and native docker-compose. Podman + podman-docker is a drop-in replacement for actual docker. You can run all the regular docker commands and it will work. If you run it as rootful, it behaves in exactly the same way. Docker-compose will work right on top of it.

I prefer this over native Docker because I get the best of both worlds. All the tutorials and guides for Docker work just fine, but at the same time I can explore Podman's rootless containers. Plus I enjoy it's integration with Cockpit.

[–] sudneo 17 points 8 months ago

I would say Docker. There is no substantial benefit in running podman, while docker is a widely adopted tool (which means more tooling in the ecosystem, easier to find answers to questions etc.). The difference is not huge tbh, and some time ago the biggest advantage for podman was being able to run rootless, while docker was stuck with a root daemon. This is not the case anymore (docker can run rootless), so I would say unless you have some specific argument to use podman, stick with docker.

[–] [email protected] 15 points 8 months ago

Podman is slightly better, but most tutorials are for docker.

So, podman if you're comfortable looking through docs, man-pages, scarce Internet resources, and trial and error for finding things out. Especially if you care about having better security with rootless mode.

Podman also has a different way for managing many containers at once, and the interaction between them.

[–] [email protected] 15 points 8 months ago* (last edited 8 months ago)

I personally prefer podman, due to its rootless mode being "more default" than in docker (rootless docker works, but it's basically an afterthought).

That being said: there's just so many tutorials, tools and other resources that assume docker by default that starting with docker is definitely the less cumbersome approach. It's not that podman is signficantly harder or has many big differences, but all the tutorials are basically written with docker as the first target in mind.

In my homelab the progression was docker -> rootless docker -> podman and the last step isn't fully done yet, so I'm currently running a mix of rootless docker and podman.

[–] [email protected] 14 points 8 months ago

Podman is significantly better if you want to leverage the Systemd integration it has out of the box.

But if you just want to run existing docker-compose scripts then Docker is easier.

[–] [email protected] 10 points 8 months ago (1 children)

If docker works for you, then don’t change what’s not broken. If there are things you don’t like about docker (root access etc for example) then venture out and try others. At the end of the day, they’re just tools to get to the more interesting stuff — actually running applications and playing with them.

[–] [email protected] 2 points 8 months ago (1 children)

Just pointing out your response may be dated. Docker can run rootless: https://docs.docker.com/engine/security/rootless/

[–] [email protected] 3 points 8 months ago (1 children)

Cool. Thanks! One less reason for me to even consider Porman on the radar. Personally, I really don’t care for the tool itself, and am way more interested in the apps that I can run and play with :)

[–] [email protected] 4 points 8 months ago* (last edited 8 months ago) (1 children)

Agreed. Honesly I use docker like snap these days. Need a specific version of node?

alias node="docker run --rm -ti -v '${PWD}:${PWD}' -w '${PWD}' node:16-alpine"

alias npm="docker run --rm -ti -v '${PWD}:${PWD}' -w '${PWD}' node:16-alpine npm"

Pretty much every CLI tool that isn't super basic to install I do this with.

[–] [email protected] 1 points 8 months ago (1 children)

Wow, that's really clever. And dead simple at the same time.

[–] [email protected] 1 points 8 months ago

Yea, I contribute to a bunch of own source projects, so it makes it easy to jump around without conflicts. Also great for random stuff like youtube-dl, or esphome, etc, that you use once in a while. Just slap the aliases in my bashrc.

[–] Static_Rocket 10 points 8 months ago* (last edited 8 months ago) (1 children)

It depends on what you want. Do you want containers that don't blow away your firewall? Podman is nice, but docker can be configured a little to avoid this. Want things that autostart and don't have issues with entry points that attempt to play with permissions/users? Docker or podman as root is necessary. Want reasonable compose support? Podman now needs a daemon/socket. Want to make build containers and not deal with permission/user remapping at all? Podman is really nice.

Do not attempt to use podman-compose. That app is dead.

Unfortunately if you want to make tools that will be used by other people then you must add docker support. It just owns too much of the market.

[–] [email protected] 5 points 8 months ago (1 children)

is podman-compose really dead? Their github page looks active at a glance. The tooling is so similar, I use podman for local testing, and deploy to docker, but I've also done the reverse. As long as your not using really exotic parameters its really just a drop in replacement, I've even used GPU passthrough for AI project no problem in both docker and podman. At the end of the day, they're just slightly different frontends for the same backend.

As far as docker support, its often as simple as just providing a Dockerfile, which is basically the same thing as your build scripts. These days I've often used the Dockerfile INSTEAD of the readme to find help compiling some projects.

[–] Static_Rocket 4 points 8 months ago* (last edited 8 months ago)

It was dead however long ago when I submitted a PR. Still unmerged with no activity on the request so I just never went back to check.

It's good to hear that they are working on it again though, if that is the case.

[–] [email protected] 9 points 8 months ago (1 children)

I like podman because rootless and daemonless are built-in and default. Yes, it can be done on docker, but you have to do a bunch of shit to get it set up.

You could create the alias alias docker="podman" and 99% of the time, you won't even be able to tell the difference since podman is a docker drop in replacement. All the docker documentation applies to podman as well. But since docker runs as root by default, some edge cases might not work out of the box (like binding to a port on the host less than 1000).

Podman comes with some neat tools like being able to create systemd service files to start and stop containers as services.

To use docker-compose, you'll need some additional packages. That's probably the biggest drawback to podman imo. Podman wants to use pods instead of docker-compose, but I think they gotta take their heads out of their asses and just support the more popular format on that one. Not to mention docker-compose is just plain better imo. Easier to define, easier to understand, easier to modify. The list goes on and on.

[–] vegetaaaaaaa 1 points 8 months ago (1 children)

You could create the alias alias docker="podman"

There's even an official Debian package that takes care of this for you: https://packages.debian.org/bookworm/podman-docker

[–] [email protected] 1 points 8 months ago

That package actually does a bit more than that! If you don't need all the extras, then I say just add the alias and be done with it.

[–] [email protected] 6 points 8 months ago

Podman rootless, using quadlets for systemd services. :D

[–] [email protected] 6 points 8 months ago

I like podman more because people told me it was better and it just worked for me :P

[–] [email protected] 5 points 8 months ago

Honestly I use docker because by now I know docker and basically everything has support for it...

[–] [email protected] 5 points 8 months ago (1 children)

If you're just starting out and have never used containers before start with regular (rootful) docker. It's a much simpler mechanism to understand for a beginner and has more widespread support and documentation.

Once you understand containers and have used them for a few months you can start going down the rabbit hole, there's no shortage of technologies to explore.

Or, if you're only interested in self-hosting as a hobby and docker does what you need, you can also stop there. Not everybody needs a deep dive into technology.

[–] [email protected] 1 points 8 months ago

I learned podman as a beginner. This isn't to say that what you're saying is wrong. It was much more difficult doing so. I am only commenting to say that its possible but needs patience.

[–] [email protected] 5 points 8 months ago

Definitely podman + podman compose.

Its fully open source (docker isn't) and its secure by design (security has been added to docker as an after fought).

Also podman is rootless by design, docker takes a bit of effort to run root less.

[–] [email protected] 4 points 8 months ago* (last edited 8 months ago) (1 children)

I like the idea behind Podman, but it's not a suitable drop in replacement for Docker yet. Especially since it requires manual setup to auto-start stacks at boot, and can't import docker compose files easily.

Docker is easier to use, has many more examples and tutorials out there, and every project generally provides a docker compose file ready to go for quick setup.

[–] [email protected] 2 points 8 months ago

There is now podman compose that can read and use docker-compose files. As for importing, I cannot tell.

[–] [email protected] 4 points 8 months ago (2 children)

Piggybacking on this… what’s the quickest way to deploy a docker container in Kubernetes short of having to hand create the deployment yaml? Or is that it, having to create one from scratch.

[–] sudneo 6 points 8 months ago (1 children)

You have a bunch of options:

kubectl run $NAME --image=$IMAGE

this just creates a pod running the specific image. If you kill the pod, or it terminates, it won't be run again. In general though, you probably want to do some customization before running (maybe you need volumes, secrets, env, ports, labels, securityContext, etc.) and for that you can simply let kubectl generate the boilerplate YAML and then simply make some edit:

kubectl run $NAME --image=$IMAGE --dry-run=client -o yaml > mypod.yaml
# edit mypod.yaml
kubectl create -f mypod.yaml

You can do the same with a deployment or statefulset:

kubectl create deployment $NAME -n $NAMESPACE [...] --dry-run=client -o yaml > deployment.yaml

In case you don't need anything fancy, the kubectl create subcommand allows you to create simple workload, so probably that's the answer to your question.

[–] [email protected] 2 points 8 months ago

You rock! Yeah I just wanted to run the image first before building out the whole framework around it. This is what I was looking for.

[–] [email protected] 4 points 8 months ago

If you run it in podman, podman can export into a kubernete file, but its been a long time since I've tried it though. podman kube generate $CONTAINERNAME

[–] [email protected] 4 points 8 months ago

Whichever one you want.

[–] PoliticallyIncorrect 3 points 8 months ago* (last edited 8 months ago)

I use Docker and it works for what I use it so I have no need to change it, maybe if in the future I have the need to use podman I would consider to change. But right now I'm not interested.

[–] [email protected] 3 points 8 months ago

Podman. This is the way.

[–] [email protected] 2 points 8 months ago (1 children)

I would say podman by default. It has a better security architecture as it can run rootless.

However there are small differences from Docker so you may need use Docker if you are trying to run third-party services that rely on these differences.

[–] sudneo 5 points 8 months ago
[–] [email protected] 1 points 8 months ago

Docker is a great choice with lots of good tutorials. I personally use podman since all my servers are now running Fedora server and podman is installed by default.

[–] genie 0 points 8 months ago (1 children)

What no love for Incus round these parts?

[–] sudneo 2 points 8 months ago (2 children)

Because the lxc way is inherently different from the docker/podman way. It's aimed at running full systems, rather than mono process containers. It has it's use cases, but they are not as common IMHO.

load more comments (2 replies)
[–] [email protected] 0 points 8 months ago (1 children)

They both kind of suck in their own way.

If you want to things to run at startup and you’re not on systemd, rootless docker is probably easier.

Otherwise podman is mostly fine but be careful of native overlay if you’re not on BTRFS, this causes some pretty long build times.

[–] [email protected] 1 points 8 months ago

Takes 1 minute to write a non systemd startup script, come on.

I understand systemd "spoiled" people, but not having a potentially insecure always running daemon for no purpose at all (docker) beat the alternative for me.

[–] AustralianSimon 0 points 8 months ago (2 children)
[–] sudneo 2 points 8 months ago (2 children)

I think k8s is a different beast, that requires way more domain specific knowledge besides server/Linux basic administration. I do run it, but it's an evolution of a need, specifically when you want to manage a fleet of machines running containers.

[–] AustralianSimon 1 points 8 months ago

Can be ott yeah. I set mine up to understand how it all works and just kept things going.

[–] [email protected] 0 points 8 months ago (2 children)

Even then, there's dockerswarm.rocks (linking directly to tutorial to show how easy it is!)

[–] [email protected] 1 points 8 months ago

This website is deprecated.

It's kept around mainly for historical reasons.

I've tried Docker Swarm because Kubernetes seemed like an overkill for a cluster of 4 small-ish servers. There have been several issues (networking for example) that took me two days to solve - by reinstalling the machine completely.

There are some hoops and hurdles along the way, some command will just literally brick your cluster without any notice whatsoever (like removing the second manager, leaving only one and cluster stops responding, but you get no warning that's gonna happen).

Also secrets, where there is no simple way to manage them, or replace them. You can't just replace a secret, you have to remove and recreate it. Which means turning off the service or creating a new secret with a different name and do a rolling update, which is just annoying to do every time unless you can afford a robust CI CD pipeline code that does it automatically.

[–] sudneo 1 points 8 months ago

I really thought swarm was dead :)

To be honest, some kubernetes distributions make the cluster operations minimal (I use k0s managed via ansible)!

Either way, the moment you go from N containers on one box to N containers on M boxes you need to start considering how to handle stateful applications, load balancing, etc. And that in general requires knowledge on a domain which is different from having simply applications wrapped in containers locally.

load more comments (1 replies)
[–] CriticalMiss -1 points 8 months ago (1 children)

I use Docker exclusively. Podman is the NIH syndrome response to an industry standard. It has its benefits but Docker just works.

[–] FooBarrington 6 points 8 months ago (2 children)

Podman wasn't built due to NIH. Docker has real problems (though many have been fixed), and Podman was built to fix those.

load more comments (2 replies)
load more comments
view more: next ›