I’ve studied and used them both and prefer podman for the reasons podman promotes:
- easy to manage containers via systemd, along with the other systems services I manage
- better security: rootless containers.
this post was submitted on 15 Jul 2023
61 points (93.0% liked)
Linux
45582 readers
598 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
I can't help but laugh at this.
"learn how to use podman" from someone who already knows docker is their happy path.
https://docs.podman.io/en/latest/index.html#what-is-podman
Most users can simply alias Docker to Podman (alias docker=podman) without any problems
Seriously, the only two problems i've had are:
- makefile doesn't honor the alias
- need to restart the VM occasionally
I would consider myself a very beginning docker user so I've a long way to go but I can see, given that I am a beginner, it might make sense to pivot now to Podman.
It might be easier to learn some docker first. That's what all the documentation is written for and I've found the "alias docker to podman and call it a day" approach to be overly optimistic.
conversely, switching now means he'll be learning domain specific knowledge for podman, the thing he wants to work in, and not building it in docker, the thing he's trying to move away from
That's certainly possible. I'm just saying it may be faster to learn docker and then learn the differences, given the abundance of docker documentation that exists.
I did need to install some additional stuff to get docker-compose working with podman, and I needed to make sure I ran those things as a user instead of as root to make sure that the containers created by docker-compose were running rootless. But I do have my Lemmy instance running with rootless containers using podman.
My next step is to convert it to a systemd service, but I just haven't got there yet.
That’s the claim but buildx is extremely limited on podman.
But is it really a drop-in replacement for docker? Networking seems fundamentally different.
I tried to use a docker compose file for Wordpress as an example, with nginx-proxy-manager in another compose file. They're linked together through an external network.
Podman works differently. You're expected to create 'pods'. I'm not super clear on this (just dipping my toes) but podman seems to be an alternative to k8s, not docker.
I use podman for almost everything. Especially since it's working rootless. BUT I am also clearly swimming against the tide there. Everyone else in the company uses docker and I typically can't just take their docker-compose setups 1:1 over to podman. First, because they often rely on having root and second, because they use docker specific hacks (like some internal hostname you can use to access the host from within docker). Since I am not a fan of docker-compose anyway, I don't care that much ... I would have built my own setup with docker as well.
On my server I have a lot less trouble with podman than I had with docker. I run quite a lot of services there, and the docker proxy (and sometime the daemon) always started to act up after a while, causing individual containers to no longer properly receive traffic and me no long being able to control them. With podman all of that just works. And I have systemd managing the container lifetimes instead of some blackbox.
This is why our org enforces Kubernetes and Helm
Compose is simpler, and has a much easier base use case, but we've found it more functional as a dev tool to get the service running before making a full deployment config, rather than as an effective production solution.
Yeah, compose for simple testing, then use podman convert it to k8s manifests and clean up from there for production, seems like a reasonable devx.
Developing against k8s would kill me. I want my services and debugger running locally and don't want to deploy shit first. In my current local setup it doesn't matter if I spin up a service as container (because I just need it doing its thing) or if I spin it up with debugger attached in the IDE because I am developing (or debuging) it. I can fully mix-and-match at nearly every layer of the system.
Our shared dev, stage and prod systems are also fully k8s. Not with helm though. For our own stuff we have an operator with CRD, so we can easily define our business services without much boilerplate and still be consistent across the teams. The different configs are built using kustomize as part of our CD pipeline.
Why do you dislike compose?
I want full control over which containers launch when. I also typically have a different requirement in which network a container runs and I want to re-use existing databases instead of spinning up a new one for each service. I want specific container names. And so on.
In short: I want full control and customization.
You can tell which service depends on which in compose, you can create, specify and set networks and add containers to them, you can keep a central database and just add the network of it to your new services, and you can also specify a container name.
As I see it (and for my compose usage), everything you mentioned works in compose.
Besides, what is your alternative? Do you just use the docker cli? I personally found that to be way less flexible than compose.
You can tell which service depends on which in compose, you can create, specify and set networks and add containers to them, you can keep a central database and just add the network of it to your new services, and you can also specify a container name.
The point is, if I get a compose file, all of that is already wired up with expectations of the maintainer. When I start heavily modifying it, I end up with an unmaintainable mess. So I rather look into what the service(s) actually require and build it for my use case.
Besides, what is your alternative?
The CLI, yes. And for my own server Ansible. But the semantics of the ansible module are identical to the CLI. Knowing the CLI by heart gets me much further than knowing docker-compose by heart. (Actually, I would have to look into the manual for docker-compose all the time, while I can simply do podman --help to see what parameters it needs, if I forgot something.)
Depending on what you're using it for. For companies it feels like the tide is shifting toward using k8s and not caring what actually runs your containers.
That's been the case for years now. No sane company runs production workloads on Docker or Docker compose. There's niche solutions like Hashicorps Nomad or Docker Swarm, but most will probably either use a Hyperscalers container offering and/or use Kubernetes.
They do, and then they write blog posts about how the complexity is killing their teams productivity.
That's for production, in dev Docker (or podman) is very much used.
I have to admit I like the concept of rootless containers very much.
I did too until I tried to use them. They lack several features that rooted containers have, and a lot of howtos take for granted. They're fine for very simple containers, but expect pain an suffering.
You can do that with docker too, not that it's flawless of course, networking is just awful. Same thing on Podman.
You don't NEED to, but its always a good idea to rely on a plan B in case something goes wrong.
Then again, podman is very KISS if you (ask whatever goes wrong) to duckduckgo, so eh.
If you are begining in Docker/Podman, you can try take some course from red hat like DO188, if you don't want fork money, Red Hat with Dan Walsh offer free books https://developers.redhat.com/e-books/podman-action
It will be beneficial for us, developer, and Dan Walsh, Brent Baude, are mostly replying in #podman libera.chat. Well you can ask here tho, I think it's okay.
I just hope /r/podman in reddit moved here, and being federated...
You don't need to touch podman directly.
Toolbox makes it easy.
Distrobox makes it even easier but also slower, I use toolbox.
Those work for interactive use, but hosting container services, I would use systemd.
Thank you for the recommendation. I am checking it out now.
You need less time to learn/read-doc podman than posting the question + waiting for answers. Its a basic tool, when you need it -> read doc
view more: next ›