this post was submitted on 07 Sep 2023
137 points (98.6% liked)

Programming

17430 readers
75 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]



founded 1 year ago
MODERATORS
 

Podman is a lot like Docker: a tool for running OCI containers. While it maintains backwards compatibility with Dockerfile and docker-compose syntax, it offers a lot of other benefits:

  • daemonless: it can run containers without a daemon process running in the background.
  • Rootless: can run containers without root privileges
  • pods: can group containers into secluded pods, which share resources and network namespace

Podman has other features I haven't explored yet, like compatibility with Kubernetes yaml file, and being able to run containers as systemd units.

Have you used podman before? What are your thoughts on it?

all 32 comments
sorted by: hot top controversial new old
[–] sbstp 32 points 1 year ago (2 children)

I tried replacing some components of my NAS server that were on docker/docker-compose with podman but unfortunately it was not a 100% drop-in replacement. I had networking issues in podman that I did not have in docker.

The network stack is implemented quite differently in podman than in docker, once you start using more advanced features the backward compatibility disappears.

Since it came second, I think it has a lot of technical advantages, avoiding docker's mistakes and what not. In the long term I'll probably switch to it, unless Redhat keeps shooting itself in the foot...

[–] [email protected] 9 points 1 year ago (1 children)

I personally liked podman's networking a lot more, but my issue is that it is not well documented. I hope that improves.

May I ask which networking issues you had?

[–] sbstp 4 points 1 year ago* (last edited 1 year ago) (1 children)

I think one of the issues I had was trying to run pihole with podman on a raspberry pi. I could not get DNS requests to work by just mapping the right ports. I ended up just running with --net=host and it worked, I didn't feel like debugging further.

I had other issues on my NAS but I don't remember what it was, I have a lot of services on it, qBittorrent, Wireguard, Jellyfin, Jackett, netdata, prometheus, samba, syncthing, pihole (redundant), wsdd all in docker.

[–] [email protected] 7 points 1 year ago

I ran into that same DNS issue with pi-hole but in a docker container, and the (bandaid) solution was to put the container in host network mode too. But turns out it's not an issue but a feature. By default pi-hole only responds to DNS queries from within its local network. The host machine's LAN is an external network to the containers, unless you set the container's network mode to host. Pi-hole does have a setting to make it respond to DNS queries from other networks as well, though. What I'm saying is, that might not have been a podman issue.

[–] [email protected] 4 points 1 year ago

You know they're going to

[–] [email protected] 24 points 1 year ago (1 children)

I was scrolling through and this caught my eye but I totally misread it on first glance, I thought you typed "Pokemon is a demon" and I had to stop and scroll back cuz I was like oh shit this is going to be a good thread.

[–] [email protected] 4 points 1 year ago (1 children)

You're about 20 years late for that particular shitshow, but here's a fun video retrospective on the war on Pokemon if that's your thing.

[–] [email protected] 3 points 1 year ago

Here is an alternative Piped link(s): https://piped.video/watch?v=JdBLtEoZRRc

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source, check me out at GitHub.

[–] [email protected] 15 points 1 year ago

I exclusively use podman instead of docker at work and at home and haven't encountered any unsolvable problems.

[–] [email protected] 15 points 1 year ago

I tried a couple of times to get Docker running rootlessly on my local machine, without just granting root-like permissions to the user. Spent a few hours reading just the worst documentation that tells you to do things with absolutely no explanation of why, feeling like an idiot.

Then I installed Podman. It worked more-or-less out of the box, and I got on with the rest of my project.

[–] [email protected] 11 points 1 year ago (2 children)

Docker has rootless containers, too, although I think Podman has slightly better options for unprivileged uid management.

Daemonless is appealing, especially for low-powered servers. Getting rid of Docker's background resource usage is the main reason Podman is on my to-do list.

I imagine pods could be handy to reduce network configuration for related services.

I like that the tools exist to make Podman a drop-in replacement for Docker, including the building of containers.

I have no interest in systemd; I hope it's optional.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Docker has rootless containers, too, although I think Podman has slightly better options for unprivileged uid management.

I have not used Docker rootless, but I imagine podman has much better and more flexible network configuration as well?

On systemd, I actually do not use systemd either, hence why I said I never tried those features. It is not a hard requirement at all. Though I have not tried to use any integrations with OpenRC and podman

[–] [email protected] 1 points 1 year ago

In kubernetes, I often use multiple containers in a pod only to have init containers check certain status of other servers before running the main container. For example, making sure a database is online and I can query data from it. You can just add this to your main container's start script though. Docker has a way to do this sort of thing too but it feels clunky.

[–] [email protected] 9 points 1 year ago

I generally prefer podman to docker at this point for the reasons you stated. However, podman is not 100% compatible with docker, and I have run in to issues with a few tools, that were admittedly poorly written. Mostly around how they deal with file permission when move files in and out of containers.

[–] [email protected] 5 points 1 year ago

Works great. You can even make it pretend to be Docker so you can use the Docker commands.

[–] [email protected] 4 points 1 year ago

Ive been using podman on my nas, and i like it.
It has its issues, but knowing your containers dont run as root just makes me feel more at ease. I dont really understand why a docker should run as root, if the software in the container often run as their own user...

[–] [email protected] 2 points 1 year ago

It's pretty cool. I yeeted docker and now use podman instead.

[–] [email protected] 2 points 1 year ago (2 children)

We are trying to use podman as a way to run Testcontainers and build images on a kubernetes cluster using Gitlab CI. Building works, but running Testcontainers doesn't so far :(

[–] [email protected] 2 points 1 year ago (1 children)

Have you looked into kaniko?

[–] [email protected] 1 points 1 year ago (1 children)

Yes but imo it's easier and nicer to integrate Podman into an existing build, for example with maven

[–] [email protected] 1 points 1 year ago (1 children)

You typically don't use podman to build images and you would instead use something like buildah.

[–] [email protected] 1 points 1 year ago (1 children)

Doesn't podman use buildah under the hood?

[–] [email protected] 2 points 1 year ago

Somewhat, but just a few pieces of it. Podman build is mainly a way to be backwards compatible with the docker cli. Buildah has some more flexibility and the way it builds the images are slightly different. You can use podman to build, but it's probably better to move to buildah for the build step as time permits.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Using it on multiple servers and in small scale prod deployment. Works like a charm.

podman-compose is also usable although noticeably unfinished.