I keep reading about podman, yet it doesm’t FEEL as mature to me as docker for a normal user like me. What’s your opinion? Did you already switch or do you keep waiting for … for what? When will you switch?
You must log in or register to comment.
Podman didnt silently rewrite my firewall rules upon install
10/10 would recommend
I do not even want to know how many databases are openly available because of that shit.
Firewall rules shouldn’t be your only line of defense
Who the hell runs Docker on an edge device?
Technically I do, maybe? My home server is running ProxMox which virtualizes PFSense. My docker install is on a separate VM, but same physical device. Not sure if that counts lol
That doesn’t count. You’re still externally firewalling it, which is good procedure.
Everyone who runs it on a root server that is not part of some larger private network at that hoster?
Podman is solid, just don’t use podman-compose but rather utilize the Systemd integration for container management.
With very few exceptions, it works just as well as Docker these days.
Podman is CLI and API compatible with Docker (except where differences in implementation doesn’t allow it)
Running Podman as root is 99.9% the same as running Docker.
I have been running my homelab with Podman for several years and it is absolutely mature enough for a regular user.
Also, the docs are really good.
deleted by creator
You technically can bind ports <1024 to unprivileged containers.
echo 'net.ipv4.ip_unprivileged_port_start=0' | sudo tee /etc/sysctl.d/50-unprivileged-ports.conf; sudo sysctl --system. Though this will allow any user to bind ports below 1024, so it’s not very clean.Another workaround is to redirect port 80 to 8080 (or other) through iptables and have your proxy listen on this port.
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080. Same thing for 443.As far as I know granting the
CAP_NET_BIND_SERVICEcapability to/usr/bin/podmandoes not work.Also podman-compose implementation is still incomplete, and I prefer using systemd units to start and manage containers. Check
man podman-generate-systemdYou shouldn’t need root to bind to privileged ports. I use k8s but I assume you can set sys capabilities for containers in a similar way I do for pods.
I only tried running rootless when i set them up several years ago and i was completely green, so it was probably me who was the problem.
Regarding podman-compose, Fedora repos has a a package that aliases podman -> docker and the regular docker-compose package, which i used before migrating to podman+systemd. It worked flawlessly unless i did networking shenanigans because Podman and Docker differs (/differed?) in so some thing simply couldn’t be brought over.
Edit: i found the docker-compose and Podman alias thingies in a Fedora Magazine post.
However, unless you use docker-compose a lot for other stuff, learning to use Podmans systemd integration (also called quadlet) is very much worth it. They’re just a really powerful combo and systemd has a ton of nice features for making stuff run and keep running.
For what it’s worth, I just wrote up a
compose.yamlfile as I’d write it for Docker Compose and it just worked. See the bottom of my comment on this GitHub issue for an example. I think the team’s intention is for it to transparently support whatever you’d write for a standard Compose file but of course we don’t have things like the brand new Dockerwatch. They do point to the Compose spec in the Podman Compose README. Bind mounts are good enough for me, thus far.
Docker ever felt mature to you?
I’ve been using podman instead of Docker for a couple years now. I’m not a heavy user, but it doesn’t ever break for me and I appreciate the pods and ease of turning pod config into a kubernetes deployment.
Explain your feelings on the matter please. I think podman is very good, and just the fact that it doesn’t need to run as root OOTB is enough for me to switch. Yes, Docker can do that, but I’m ideologically on Podman’s side now. No coming back AFAIK
It took your comment for me to understand that ‘podman’ is not some podcast manager, but a docker competitor.
Tried switching some time back, didn’t take long to go back to docker. Podman does not have the polish that docker has taken years to perfect and as much as I love systemd, managing containers in docker is 10x better.
I tried switching a while back, but I found a bunch of stuff didn’t work properly, and wasn’t considered supported. I don’t remember what it was exactly.
I might try it again once there’s been a bit more development and community use. Docker isn’t ideal, but at least it works and there’s a lot of community support.
I switched a year ago to podman and had some trouble to get everything running. But it is possible. I’m not running anything rootful and everything works.
Read the docs, use podman-compose (this sadly has no good docs, but works quit well when you got it) and get ready to play around with permissions and file ownership.
Switched a long time ago - it’s just soooo much easier and I never have any problems
My only serious complaint with docker is the quality of their updates. They keep breaking stuff. If podman supported all docker functionality including compose based stacks, I’d consider switching, but last time I looked it didn’t.
There is a wrapper for podman supporting compose.
But maybe it’s time to use kubernetes deployments or pods instead of compose files…
Yeah, the constant Docker breakage was one of the main reasons I switched to Podman. FYI you can use Docker Compose directly with Podman.
If you’re only on Linux and don’t ever touch containers on Windows or Mac, podman can work fairly well. You need to be comfortable with orchestration tools like k8s to replace compose (or just do a ton of containers) and you can’t use a lot of COTS that has hardcoded dockerisms (localstack, for example, does not work well with podman).
If you have to use Windows or Mac, podman makes life really difficult because you’re running through a VM and it’s just not worth it yet.
Docker on Windows and Mac also runs containers through a VM though. (It’s more obvious on Windows, where you need WSL (powered by a VM) and Hyper-V (a way to run VMs on Windows). But on a Mac, VMs to run Linux are also used to run Docker containers inside the VM.)
Podman Desktop helps to abstract VMs away on Windows and macOS: https://podman-desktop.io/
For the command line, there’s “podman machine” to abstract away the VM. https://podman.io/docs/installation (installing on macOS is mentioned on that page and Windows has a link to more docs which also uses the podman machine command.)
As for Docker compose, you can use it directly with Podman too: https://www.redhat.com/sysadmin/podman-docker-compose (there’s also podman-compose as well). The only thing Docker compose doesn’t support with Podman is swarm functionality.
Docker compose can even work with rootless Podman containers on a user account. It requires an environment variable. https://major.io/p/rootless-container-management-with-docker-compose-and-podman/ (it’s basically enabling the socket for podman and using the environment variable to point at the user podman socket)
I switched to podman half a year ago and it was a mess, I had a lot of compatibility and permission issues also, it’s hard to support red hat after the drama
It should be harder to support Docker, which hasn’t released a new open source product since before Docker Desktop, which is also proprietary. Podman Desktop? OSS. It’d be hard to name a product Red Hat supports that isn’t OSS.
That’s also true, my bad
well I’ve been using both for quite a while. If you just want something that works, stick with docker. There is nothing wrong with docker in the homelab scenario and podman has rough edges that cringes you. If you are a control freak like me who wants to control every aspect of container running, then podman is a great tool that forces you into the habbit of learning and tinkering. It helped me understand a hell lot of things.
Why not try docker rootless? Been using it for 2 years and does everything docker does.
