I'm glad they have podman desktop. Personally though, once I realized that I can use the command line version without it (unlike docker in my experience) I uninstalled it as I don't really need the UI / KIND, etc. For me the command line is fine and having something where I don't have to first shell into wsl is great (it just runs it itself behind the scenes). Of course, Linux is generally better for development imo but this is a nice compromise on Windows.
`docker machine` was deprecated in favor of Docker Desktop in order to funnel people towards paid licenses. But there's no real reason Docker on non-Linux should need a GUI.
Hi, I'm the founder of Docker. The decision to launch Docker Desktop, and deprecate Docker Machine, had nothing to do with revenue. Desktop was free when we launched it in 2016, and it remained free until 2021. By then Docker had a new CEO, a new board, and I was gone. So the two events (launch and monetization) could not be more disconnected.
The reason we launched Docker Desktop (initially known as "Docker for Mac") was to make the user experience better: easier to install, better integrated with the system (virtualization APIs, keychain, VPNs, etc), and better support for host volumes.
I do so wish we could have those features without needed a desktop app for them. There’s never a case where I’d want to run Docker Desktop for anything GUI.
You can't get around packaging it as a desktop app - that's how you get the seamless "drag into Applications folder, double-click" install experience. I agree you don't necessarily need a full-blown desktop GUI. The original version shipped with the whale menu bar icon, a basic settings page, and that's it.
I do think it makes sense to add more GUI features over time, to make Docker more approachable - not everyone is a CLI wizard. But, it shouldn't make the app slower or annoying to use for those who don't need it.
In my experience, Docker Desktop was needed in order to use the CLI in Windows. It seemed fairly heavyweight as well. Maybe that has all changed now, not sure. In any case with podman on Windows, no UI is needed and you don't have to shell into WSL to use it.
You can run the regular Docker engine inside WSL2 and run the regular Docker client on Windows with DOCKER_HOST set. This has been true since 2016 when we originally got WSL2, with the exception that we used to have to enable systemd (but no longer do).
- Create an ssh key pair on the Windows side using ssh-keygen.
In Ubuntu:
- Install Docker engine using Docker's apt-get instructions for Ubuntu.
- Add the ssh public key to ~/.ssh/authorized_keys.
In Windows:
- Run "wsl hostname -I" to get your WSL2 hostname.
- Test "ssh user@wsl-host", using the WSL2 hostname. It should work without prompting for a password.
- Unzip docker.exe somewhere.
- In your user environment variables, set PATH to include the directory with docker.exe, and set DOCKER_HOST to "ssh://user@wsl-host", using the WSL2 hostname.
That should be it; you should now be able to run docker normally from your Windows user, using file context from the Windows side.
Thanks for the information. I think for some use cases this is perfectly fine but for others, a kind of one-stop-shopping approach is nice as well. For instance with podman (not desktop, just the cli), you only have to run: "winget install -e --id RedHat.Podman" and you are good to go. This is nice, particularly on bigger teams when you want to reduce friction to a bare minimum.
Since they mention Windows, I believe this is a reference to the fact that you cannot (easily) install the Docker CLI without Docker Desktop. Podman does not have this issue.
Docker publishes the Docker CLI for Windows directly, the same as every other platform. You just download it and run it; it does not even require installation. With DOCKER_HOST set, you can access the Docker engine in WSL2 from the Windows side. You don't need to shell into WSL2 to interact with Docker and it can use your Windows files. https://download.docker.com/win/static/stable/x86_64 -- unzip, grab self-contained docker.exe. Docker Desktop and Podman Desktop automate this a bit, but it's not a big lift to set this up with regular Docker yourself.
Yes, of course that works, but then you have to start up and shell into WSL. With podman, you can run all commands directly in Windows which is more seamless. Plus, getting it working is just a matter of running "winget install -e --id RedHat.Podman". This is particularly helpful when trying to roll things out for larger teams as they don't have to know anything about WSL and everything integrates in their environment seamlessly. Of course, just using Linux is preferable for development if you can get away with it.
> You absolutely can run docker on the CLI in WSL2.
But again, they're talking about Windows, not Linux-in-Windows or virtualized Linux on Windows. Just because you can do something in WSL2 doesn't mean you "can do it on Windows", as much as you "can run systemd and Wayland on Windows" because you could run it inside a Linux VM...
Yes. For some the distinction between the two is almost nothing as WSL is pretty seamless. However, using Podman directly in your normal Windows shell opens up more use cases. Podman is of course running everything behind the scenes using WSL.
> For some the distinction between the two is almost nothing as WSL is pretty seamless
WSL1 yes, but not WSL2, which the parent explicitly mentioned. WSL2 is just virtualization with a fancier name, might as well use VirtualBox and similar at that point.
Your posts in this thread seem to be focused on the inability to use Docker from the Windows shell, but it's not true: you just need to set DOCKER_HOST. Then the Windows client can connect to a Linux engine in WSL2. Docker engine in WSL2 runs as a systemd unit and doesn't need to be manually started. Podman/Docker Desktop are doing far less work here than you might be expecting. They are just automating this setup for you. I run this setup and it is genuinely a one-time nothingburger. If you have a bunch of Windows machines, you can have them all share one Linux Docker engine if you want, by pointing DOCKER_HOST at the same host.
For mac, wouldn't it be just easier to use lima from cli? How does Podman compare to that? Docker unless on Linux has always being a bloat.
Or are there any lightweight hypervisor on top of firecracker alternative? At this point with the way systemd is going, we should just switch back to VM? Everything is just more mature on native OS install. Docker to Linux, just feels kinda like SPA reinventing the html parsing on top of a rendering engine.
Havn't tried Colima, but podman is very simple to use and smells like docker cli.
On Apple Silicon machines however, latest podman version uses VM images which Rosetta doesn't work with, and hence it will use qemu for running amd64 containers. You can fix this by either installing podman 5.5 or create the VM from and older image [1]. My only complaint here is that the stock machine images are pretty large (~1G )
If you use containers to run tools that create files in your host (i.e. build tools), then you can use your host username as the default in the VM (machine init --username $(id -un)), and then run containers with --userns=keep-id. That way the the container command starts with the same username and uid as you host user - this is pretty tricky to get working with docker, from my experience.
We use Bazel as our build tool and we create a lot of images based on shared layers. Bazel produces oci layout directories that contain descriptors and symlinks to the actual layer tars. Podman can start a container "directly" from these directories[2], which speeds up image testing considerably, since it can detect known layers immediately. With docker you have to stream a tarball with all the layers and descriptors to the docker daemon, only for it to discover that it already knows most of the layers.
I used colima cli on M1-M2 Mac. A few memory related settings were required as some of old apps were huge. But apart from that it worked great. Nothing bad podman, just preferred colima.
I tried colima once and couldn't get it to do what I wanted. Maybe just a missing shim, maybe our setup with docker-compose for integration tests. (I'm usually on linux, so maybe my lack of mac experience also played a role)
I'm the same. I just use Docker/Podman from the terminal. I know some people really like the GUI but I've never been able to find a workflow better than the cli with some scripts or compose.
After hearing about it for years I finally said ok sure I’ll try it. Swapped it out. CPU went to 100%. kill -9. Maybe next year. I don’t have time unfortunately to unravel stuff like this, it has to just work.
I used matterbridge to bridge local ircd to Slack and a bot to do a 2 way sync. Now people are free to use slack but I don’t have to look at it, and I can freely integrate my tools etc without Slack’s bullshit and easily move/integrate/point it somewhere else down the line.
Figma is so slow on my 3-4 year old x64 mbp I couldn’t possibly use it.
It almost is, the first change you'd see is understanding that each container is a separate process and thus for it to auto start you'd need to generate systemd service files. podman has an autogenerator for this, so it is 'just' two extra commands on the terminal but something easy to miss when you are starting out.
Docker compose can work with a podman backend, however if you want a more podman native solution the term you should be looking for is quadlet which is basically systemd files that run the containers.
I use podman desktop on Windows for common development stuff as drop in replacement. I switched due to licensing as I guess universities do not fall under the licencing exceptions. I actually also use the docker CLI, particularly docker compose. I was motivated to do the same on one of our Debian vms, because I could more install podmap via standard apt sources, i hoped that it doesn't mess to that much with the IP stack and it is a bit closer to K8s which I still deemed as overkill. However, trying to install e.g. komo.do via podman compose was a total fail. Even after fixing socket locations, etc, I would see weird behavior. So yes, it is a clear 'almost'. However, the critical cases can become easily very frustrating. Again, on my windows laptop with WSL2 it works like a charm, but there I also do not run server deployments that need to work reliably out of the box.
Mostly valid. There are a few gotchas but for most use cases it is drop-in.
I think I've run into issues with the podman socket, and there were some permissions problems I had getting games-on-whales setup in userspace.
I had a brief period of setup pain and then have never looked back, though have occasionally wished that feature parity came a little quicker. Podman is in many ways a delight, simpler in what it does in the general case and yet as powerful as docker or more.
Podman has good systemd integration, in the form of quadlets.
It lets you define a systemd job with some custom syntax and run it as a systemd service, and even stretches to allow some form of kubernetes YAML to be run as local (single node, rootless) containers!
I mean, if you have one container service only and everything else is ran by systemd, then it makes sense to keep it easy. But other than that, why? Systemd's syntax and docs aren't particularly friendly or easy, so it's not like you gain in simplicity vs just running docker/podman-compose, or even a lightweight orchestrator like Nomad.
- seamless container logs (journalctl), no weird separate logger
- service start/stop/enable-at-boot no weird separate command
- integration with system/user slices, triggers, cronjobs (timers), exposing containers as first class commands overall!
Basically it's worth seeing container services work with non-container services.
If you don't like systemd, or have no stake in it, sure, have fun without it, but it's definitely added value when you're running services, and want to start containerizing some of them without abandoning all the good tools you are using in favour of docker logs docker run etc.
I use it over docker because it has a better license, more easily installed with system package managers (installing docker is a pain, IIRC), is rootless by default, and has a pretty transparent remote API that I can use over SSH to control containers on other machines.
You're pointing out something important. I think it's feasible for the crowd who dislikes the overall direction Docker has been heading and need a simple drop-in replacement
my interaction with docker is limited to a make file that has a `docker-compose up` command, would podman work if the rest of my team is still on docker ?
It works but it's not a real drop-in replacement in my experience. I have issues such as [1] where Podman compose seems to leave containers in a dirty state and subsequent `podman compose up` generate odd errors like:
> Error: creating container storage: the container name "..." is already in use by [hash]. You have to remove that container to be able to reuse that name: that name is already in use, or use --replace to instruct Podman to do so.
And then you try to run `podman compose up --replace` except that's not a recognized argument, so eventually you figure out that you have to run `podman compose down` to clean whatever state is causing issues. I find that I have to do that every time I CTRL+C quit out of `podman compose up` (even though I always let it clean up and then exit on its own), which is a hassle.
I'm considering going back to using Docker Engine.
yes "Podman v3.0 and later versions introduced a compatible RESTful API that emulates the Docker API. This allows the standard docker-compose command-line tool to interact with a Podman backend instead of a Docker daemon."
That's funny. To me one of the whole point of containers is that it's not systemd that's PID1.
Combine that with a distro like Talos, an immutable Linux distro that contains less than ten executables and where none of them is systemd and...
At long last containers and stuff like Talos show a path leading to, in a not-so-distant future, a world where we can be systemd and [ini]/microsoft config files (from a microsoft employee btw) free again.
It's not about running systemd in the container (practically nothing does that, though I myself considered it for a multi-user ssh shell system), but making containers manageable under systemd alongside other units.
With Docker, I found rootless setup to be a PITA, despite having experience with unprivileged LXC containers. The manager daemon constantly consumed system resources even when no containers were running. Docker upgrades sometimes refused to run my containers until I chased down whatever storage driver problem they introduced in the latest version.
When the most recent upgrade broke my containers yet again, I decided to give Podman a try. Setup was a breeze. There is no management daemon wasting resources. My containers just worked. Even the little cron script I wrote to query Docker for pending image updates just worked with Podman tools.
I think Podman also makes it easy to map host uids to non-root container uids, which ought to help me reduce attack surface. (I haven't actually tried this feature yet.) Last time I checked, Docker did not.
> Even the little cron script I wrote to query Docker for pending image updates just worked with Podman tools
Podman comes with an auto-update flag you can set for containers that uses systemd to do this for you. Takes a bit of reading to get it right but its smooth sailing mostly.
Good to know, but my script is for a different workflow: It checks for updates to remote dependencies of my running custom containers. (For example, when alpine:latest points to something new.) It then prints a message for cron to email to me, noting that it's time to rebuild my custom stuff.
It's got a more modern design while having a drop-in CLI interface to docker (and also if needed a near-drop-in replacement for the docker socket API). This makes it the preferred backend for tools like distrobox.
Is that a question or a statement? I'm running Kubernetes on Docker Desktop. But every few months Docker Desktop either outright craps out and forces me to wipe everything and rebuild my containers or the latest annoyance is that it keeps giving me popups saying something something couldn't start Ubuntu.... but then seems to work perfectly fine after skipping it 10 times.
Congrats to the small but mighty team behind Podman Desktop. This is an example of Red Hat planting a tiny seed that grows into something great.
( They have a pretty good ratio of seeds that grows into vs seeds that don’t. They also make minimal investment until the project is viable. This does not seem to be a common approach. )
I'm glad they have podman desktop. Personally though, once I realized that I can use the command line version without it (unlike docker in my experience) I uninstalled it as I don't really need the UI / KIND, etc. For me the command line is fine and having something where I don't have to first shell into wsl is great (it just runs it itself behind the scenes). Of course, Linux is generally better for development imo but this is a nice compromise on Windows.
I prefer to use podman/docker/rancher on windows because then the VM runs on HyperV.
Whereas when I install Docker in WSL it runs inside of my WSL VM.
These days Docker Desktop on Windows uses WSL as its backend by default.
> unlike docker in my experience
You have piqued my curiosity. What does Docker Desktop do that the CLI cannot?
`docker machine` was deprecated in favor of Docker Desktop in order to funnel people towards paid licenses. But there's no real reason Docker on non-Linux should need a GUI.
Hi, I'm the founder of Docker. The decision to launch Docker Desktop, and deprecate Docker Machine, had nothing to do with revenue. Desktop was free when we launched it in 2016, and it remained free until 2021. By then Docker had a new CEO, a new board, and I was gone. So the two events (launch and monetization) could not be more disconnected.
The reason we launched Docker Desktop (initially known as "Docker for Mac") was to make the user experience better: easier to install, better integrated with the system (virtualization APIs, keychain, VPNs, etc), and better support for host volumes.
I do so wish we could have those features without needed a desktop app for them. There’s never a case where I’d want to run Docker Desktop for anything GUI.
You can't get around packaging it as a desktop app - that's how you get the seamless "drag into Applications folder, double-click" install experience. I agree you don't necessarily need a full-blown desktop GUI. The original version shipped with the whale menu bar icon, a basic settings page, and that's it.
I do think it makes sense to add more GUI features over time, to make Docker more approachable - not everyone is a CLI wizard. But, it shouldn't make the app slower or annoying to use for those who don't need it.
In my experience, Docker Desktop was needed in order to use the CLI in Windows. It seemed fairly heavyweight as well. Maybe that has all changed now, not sure. In any case with podman on Windows, no UI is needed and you don't have to shell into WSL to use it.
You can run the regular Docker engine inside WSL2 and run the regular Docker client on Windows with DOCKER_HOST set. This has been true since 2016 when we originally got WSL2, with the exception that we used to have to enable systemd (but no longer do).
Good to know. What are the steps to get this working assuming you already have WSL enabled on your machine, but don't have any distros yet?
It should be along these lines:
- Install Ubuntu distro in WSL2.
- Create an ssh key pair on the Windows side using ssh-keygen.
In Ubuntu:
- Install Docker engine using Docker's apt-get instructions for Ubuntu.
- Add the ssh public key to ~/.ssh/authorized_keys.
In Windows:
- Run "wsl hostname -I" to get your WSL2 hostname.
- Test "ssh user@wsl-host", using the WSL2 hostname. It should work without prompting for a password.
- Unzip docker.exe somewhere.
- In your user environment variables, set PATH to include the directory with docker.exe, and set DOCKER_HOST to "ssh://user@wsl-host", using the WSL2 hostname.
That should be it; you should now be able to run docker normally from your Windows user, using file context from the Windows side.
Thanks for the information. I think for some use cases this is perfectly fine but for others, a kind of one-stop-shopping approach is nice as well. For instance with podman (not desktop, just the cli), you only have to run: "winget install -e --id RedHat.Podman" and you are good to go. This is nice, particularly on bigger teams when you want to reduce friction to a bare minimum.
Since they mention Windows, I believe this is a reference to the fact that you cannot (easily) install the Docker CLI without Docker Desktop. Podman does not have this issue.
Docker publishes the Docker CLI for Windows directly, the same as every other platform. You just download it and run it; it does not even require installation. With DOCKER_HOST set, you can access the Docker engine in WSL2 from the Windows side. You don't need to shell into WSL2 to interact with Docker and it can use your Windows files. https://download.docker.com/win/static/stable/x86_64 -- unzip, grab self-contained docker.exe. Docker Desktop and Podman Desktop automate this a bit, but it's not a big lift to set this up with regular Docker yourself.
You absolutely can run docker on the CLI in WSL2. The only requirement is you have systemd running in your WSL distro, which is fully supported.
Yes, of course that works, but then you have to start up and shell into WSL. With podman, you can run all commands directly in Windows which is more seamless. Plus, getting it working is just a matter of running "winget install -e --id RedHat.Podman". This is particularly helpful when trying to roll things out for larger teams as they don't have to know anything about WSL and everything integrates in their environment seamlessly. Of course, just using Linux is preferable for development if you can get away with it.
> You absolutely can run docker on the CLI in WSL2.
But again, they're talking about Windows, not Linux-in-Windows or virtualized Linux on Windows. Just because you can do something in WSL2 doesn't mean you "can do it on Windows", as much as you "can run systemd and Wayland on Windows" because you could run it inside a Linux VM...
Yes. For some the distinction between the two is almost nothing as WSL is pretty seamless. However, using Podman directly in your normal Windows shell opens up more use cases. Podman is of course running everything behind the scenes using WSL.
> For some the distinction between the two is almost nothing as WSL is pretty seamless
WSL1 yes, but not WSL2, which the parent explicitly mentioned. WSL2 is just virtualization with a fancier name, might as well use VirtualBox and similar at that point.
While it is fundamentally a VM, it is far more seamless than running a regular VirtualBox.
Your posts in this thread seem to be focused on the inability to use Docker from the Windows shell, but it's not true: you just need to set DOCKER_HOST. Then the Windows client can connect to a Linux engine in WSL2. Docker engine in WSL2 runs as a systemd unit and doesn't need to be manually started. Podman/Docker Desktop are doing far less work here than you might be expecting. They are just automating this setup for you. I run this setup and it is genuinely a one-time nothingburger. If you have a bunch of Windows machines, you can have them all share one Linux Docker engine if you want, by pointing DOCKER_HOST at the same host.
For mac, wouldn't it be just easier to use lima from cli? How does Podman compare to that? Docker unless on Linux has always being a bloat.
Or are there any lightweight hypervisor on top of firecracker alternative? At this point with the way systemd is going, we should just switch back to VM? Everything is just more mature on native OS install. Docker to Linux, just feels kinda like SPA reinventing the html parsing on top of a rendering engine.
Havn't tried Colima, but podman is very simple to use and smells like docker cli.
On Apple Silicon machines however, latest podman version uses VM images which Rosetta doesn't work with, and hence it will use qemu for running amd64 containers. You can fix this by either installing podman 5.5 or create the VM from and older image [1]. My only complaint here is that the stock machine images are pretty large (~1G )
If you use containers to run tools that create files in your host (i.e. build tools), then you can use your host username as the default in the VM (machine init --username $(id -un)), and then run containers with --userns=keep-id. That way the the container command starts with the same username and uid as you host user - this is pretty tricky to get working with docker, from my experience.
We use Bazel as our build tool and we create a lot of images based on shared layers. Bazel produces oci layout directories that contain descriptors and symlinks to the actual layer tars. Podman can start a container "directly" from these directories[2], which speeds up image testing considerably, since it can detect known layers immediately. With docker you have to stream a tarball with all the layers and descriptors to the docker daemon, only for it to discover that it already knows most of the layers.
[1] https://docs.podman.io/en/latest/markdown/podman-machine-ini... - machine images https://quay.io/repository/podman/machine-os
[2] podman run oci://<path to oci-layout-dir>
I used colima cli on M1-M2 Mac. A few memory related settings were required as some of old apps were huge. But apart from that it worked great. Nothing bad podman, just preferred colima.
I tried colima once and couldn't get it to do what I wanted. Maybe just a missing shim, maybe our setup with docker-compose for integration tests. (I'm usually on linux, so maybe my lack of mac experience also played a role)
Zero problems with Podman Desktop.
Brew install podman? CLI only, no lima/colima or gui required.
I'm the same. I just use Docker/Podman from the terminal. I know some people really like the GUI but I've never been able to find a workflow better than the cli with some scripts or compose.
Cool for Podman Desktop though.
After hearing about it for years I finally said ok sure I’ll try it. Swapped it out. CPU went to 100%. kill -9. Maybe next year. I don’t have time unfortunately to unravel stuff like this, it has to just work.
My experience was exact opposite.
$ brew install podman-desktop
… play a little …
$ brew remove —zap docker-desktop
Have been happy ever since. No more smells of enshittification. Now if I could just zap slack and figma…
I used matterbridge to bridge local ircd to Slack and a bot to do a 2 way sync. Now people are free to use slack but I don’t have to look at it, and I can freely integrate my tools etc without Slack’s bullshit and easily move/integrate/point it somewhere else down the line.
Figma is so slow on my 3-4 year old x64 mbp I couldn’t possibly use it.
The fact that many companies nowadays forbid to use Docker Desktop, because they refuse to pay for developer tools also helped with those downloads.
Likewise, I am contributing to Rancher Desktop downloads with such kind of customers.
I've seen podman advertised as a dropin docker replacement. how valid is that assertion?
It almost is, the first change you'd see is understanding that each container is a separate process and thus for it to auto start you'd need to generate systemd service files. podman has an autogenerator for this, so it is 'just' two extra commands on the terminal but something easy to miss when you are starting out.
What would you do for a Docker Compose stack with Podman? For example, a self hosted app where the actual service, Postgres, Redis live?
Docker compose can work with a podman backend, however if you want a more podman native solution the term you should be looking for is quadlet which is basically systemd files that run the containers.
I wasted my time trying podman and switched to colima. It's the only usable free alternative that's a true drop-in replacement for docker.
colima is great. I've also had good luck with rancher-desktop too.
RD is colima + some other stuff. I prefer vanilla colima (also works on Linux!)
I use podman desktop on Windows for common development stuff as drop in replacement. I switched due to licensing as I guess universities do not fall under the licencing exceptions. I actually also use the docker CLI, particularly docker compose. I was motivated to do the same on one of our Debian vms, because I could more install podmap via standard apt sources, i hoped that it doesn't mess to that much with the IP stack and it is a bit closer to K8s which I still deemed as overkill. However, trying to install e.g. komo.do via podman compose was a total fail. Even after fixing socket locations, etc, I would see weird behavior. So yes, it is a clear 'almost'. However, the critical cases can become easily very frustrating. Again, on my windows laptop with WSL2 it works like a charm, but there I also do not run server deployments that need to work reliably out of the box.
I almost never notice the difference. I know there are some edge cases that will get you, but I've never run into them.
Worked for me for a long time until I found the samba-ad image won't run on podman. Worked fine on the same machine with docker.
Everything else has been working as a drop-in replacement.
Mostly valid. There are a few gotchas but for most use cases it is drop-in. I think I've run into issues with the podman socket, and there were some permissions problems I had getting games-on-whales setup in userspace.
I had a brief period of setup pain and then have never looked back, though have occasionally wished that feature parity came a little quicker. Podman is in many ways a delight, simpler in what it does in the general case and yet as powerful as docker or more.
Does anyone actually use Podman on its own merit?
The only use case I encountered is people who want to run Docker without root or admin permissions and use Podman just as a drop-in replacement.
Podman has good systemd integration, in the form of quadlets.
It lets you define a systemd job with some custom syntax and run it as a systemd service, and even stretches to allow some form of kubernetes YAML to be run as local (single node, rootless) containers!
Real nice.
See previous presentation on HN: https://news.ycombinator.com/item?id=43456934
All I can think of with this is...
_But why?_
I mean, if you have one container service only and everything else is ran by systemd, then it makes sense to keep it easy. But other than that, why? Systemd's syntax and docs aren't particularly friendly or easy, so it's not like you gain in simplicity vs just running docker/podman-compose, or even a lightweight orchestrator like Nomad.
I enjoy:
- seamless container logs (journalctl), no weird separate logger
- service start/stop/enable-at-boot no weird separate command
- integration with system/user slices, triggers, cronjobs (timers), exposing containers as first class commands overall!
Basically it's worth seeing container services work with non-container services.
If you don't like systemd, or have no stake in it, sure, have fun without it, but it's definitely added value when you're running services, and want to start containerizing some of them without abandoning all the good tools you are using in favour of docker logs docker run etc.
I use it over docker because it has a better license, more easily installed with system package managers (installing docker is a pain, IIRC), is rootless by default, and has a pretty transparent remote API that I can use over SSH to control containers on other machines.
You're pointing out something important. I think it's feasible for the crowd who dislikes the overall direction Docker has been heading and need a simple drop-in replacement
The licence is better. That's enough for me.
Are you using Docker on it's own merit or because it's familiar and first?
I set an "alias docker=podman" and use it as I would use Docker, just without a root or admin account.
[dead]
my interaction with docker is limited to a make file that has a `docker-compose up` command, would podman work if the rest of my team is still on docker ?
It works but it's not a real drop-in replacement in my experience. I have issues such as [1] where Podman compose seems to leave containers in a dirty state and subsequent `podman compose up` generate odd errors like:
> Error: creating container storage: the container name "..." is already in use by [hash]. You have to remove that container to be able to reuse that name: that name is already in use, or use --replace to instruct Podman to do so.
And then you try to run `podman compose up --replace` except that's not a recognized argument, so eventually you figure out that you have to run `podman compose down` to clean whatever state is causing issues. I find that I have to do that every time I CTRL+C quit out of `podman compose up` (even though I always let it clean up and then exit on its own), which is a hassle.
I'm considering going back to using Docker Engine.
[1] https://github.com/containers/podman-compose/issues/1072
yes "Podman v3.0 and later versions introduced a compatible RESTful API that emulates the Docker API. This allows the standard docker-compose command-line tool to interact with a Podman backend instead of a Docker daemon."
Congratulations to the podman team!
Why podman and not Docker?
It's free? Can run rootless?
Better integration with systemd
That's funny. To me one of the whole point of containers is that it's not systemd that's PID1.
Combine that with a distro like Talos, an immutable Linux distro that contains less than ten executables and where none of them is systemd and...
At long last containers and stuff like Talos show a path leading to, in a not-so-distant future, a world where we can be systemd and [ini]/microsoft config files (from a microsoft employee btw) free again.
It's not about running systemd in the container (practically nothing does that, though I myself considered it for a multi-user ssh shell system), but making containers manageable under systemd alongside other units.
I run rootless containers on a low-power system.
With Docker, I found rootless setup to be a PITA, despite having experience with unprivileged LXC containers. The manager daemon constantly consumed system resources even when no containers were running. Docker upgrades sometimes refused to run my containers until I chased down whatever storage driver problem they introduced in the latest version.
When the most recent upgrade broke my containers yet again, I decided to give Podman a try. Setup was a breeze. There is no management daemon wasting resources. My containers just worked. Even the little cron script I wrote to query Docker for pending image updates just worked with Podman tools.
I think Podman also makes it easy to map host uids to non-root container uids, which ought to help me reduce attack surface. (I haven't actually tried this feature yet.) Last time I checked, Docker did not.
So far, I couldn't be happier.
> Even the little cron script I wrote to query Docker for pending image updates just worked with Podman tools
Podman comes with an auto-update flag you can set for containers that uses systemd to do this for you. Takes a bit of reading to get it right but its smooth sailing mostly.
Good to know, but my script is for a different workflow: It checks for updates to remote dependencies of my running custom containers. (For example, when alpine:latest points to something new.) It then prints a message for cron to email to me, noting that it's time to rebuild my custom stuff.
docker desktop licensing changes in 2021
It's got a more modern design while having a drop-in CLI interface to docker (and also if needed a near-drop-in replacement for the docker socket API). This makes it the preferred backend for tools like distrobox.
On Snapdragon / ARM Windows, it is the only game in town -- and it works great too!
It comes preinstalled on RHEL8 and I can't be bothered to swap them.
It supports Kubernetes *.yaml manifests?
Is that a question or a statement? I'm running Kubernetes on Docker Desktop. But every few months Docker Desktop either outright craps out and forces me to wipe everything and rebuild my containers or the latest annoyance is that it keeps giving me popups saying something something couldn't start Ubuntu.... but then seems to work perfectly fine after skipping it 10 times.
Podman directly supports kubernetes manifest files without running a kubernetes instance. You can do:
I'm not familiar with Docker Desktop so maybe that just works there too.Docker took too long to support cgroups v2
Congratulations IBM!
Congrats to the small but mighty team behind Podman Desktop. This is an example of Red Hat planting a tiny seed that grows into something great.
( They have a pretty good ratio of seeds that grows into vs seeds that don’t. They also make minimal investment until the project is viable. This does not seem to be a common approach. )