Podman is a lot like Docker: a tool for running OCI containers. While it maintains backwards compatibility with Dockerfile and docker-compose syntax, it offers a lot of other benefits:
- daemonless: it can run containers without a daemon process running in the background.
- Rootless: can run containers without root privileges
- pods: can group containers into secluded pods, which share resources and network namespace
Podman has other features I haven’t explored yet, like compatibility with Kubernetes yaml file, and being able to run containers as systemd units.
Have you used podman before? What are your thoughts on it?
I was scrolling through and this caught my eye but I totally misread it on first glance, I thought you typed “Pokemon is a demon” and I had to stop and scroll back cuz I was like oh shit this is going to be a good thread.
You’re about 20 years late for that particular shitshow, but here’s a fun video retrospective on the war on Pokemon if that’s your thing.
Here is an alternative Piped link(s): https://piped.video/watch?v=JdBLtEoZRRc
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
I tried replacing some components of my NAS server that were on docker/docker-compose with podman but unfortunately it was not a 100% drop-in replacement. I had networking issues in podman that I did not have in docker.
The network stack is implemented quite differently in podman than in docker, once you start using more advanced features the backward compatibility disappears.
Since it came second, I think it has a lot of technical advantages, avoiding docker’s mistakes and what not. In the long term I’ll probably switch to it, unless Redhat keeps shooting itself in the foot…
I exclusively use podman instead of docker at work and at home and haven’t encountered any unsolvable problems.
I tried a couple of times to get Docker running rootlessly on my local machine, without just granting root-like permissions to the user. Spent a few hours reading just the worst documentation that tells you to do things with absolutely no explanation of why, feeling like an idiot.
Then I installed Podman. It worked more-or-less out of the box, and I got on with the rest of my project.
It’s pretty cool. I yeeted docker and now use podman instead.
We are trying to use podman as a way to run Testcontainers and build images on a kubernetes cluster using Gitlab CI. Building works, but running Testcontainers doesn’t so far :(
Have you looked into kaniko?
Yes but imo it’s easier and nicer to integrate Podman into an existing build, for example with maven
You typically don’t use podman to build images and you would instead use something like buildah.
Doesn’t podman use buildah under the hood?
Somewhat, but just a few pieces of it. Podman build is mainly a way to be backwards compatible with the docker cli. Buildah has some more flexibility and the way it builds the images are slightly different. You can use podman to build, but it’s probably better to move to buildah for the build step as time permits.
deleted by creator
We are using the kubernetes executor. You can add additional sidecar services for your jobs, and we’re using that mechanic to run podman as a daemon. There are some gotchas I had to solve if I remember, but now it works nicely for us. Except for Testcontainers, which throws an exception when your Testcontainer is exposing ports
deleted by creator
I got it all working on self hosted kubernetes and crossplatform builds with buildah. What’s your problem exactly? For TC you need to use some env vars to configure ports in .gitlabci
Do you have a working snippet somewhere I could take a look at?
I’ll try to find it tomorrow
I’m very interested in a solution. Our current setup, where we use an external docker host for Testcontainers and Podman to build images is quite painful
I have this on my to-do list, but sorry, can’t promise when I’ll make a working demo. afair the trick was to use something like “podman in-podman”, like dind works in GitLab runners and then some env-vars manipulation so TC thinks it runs in docker, something like
DOCKER_HOST=unix:///run/user/1000/podman/podman.sockand I use alpine as gitlab-ci helper image:image = "docker.io/alpine:3.17.2" helper_image_flavor = "alpine"not sure if that matters, but i had lots of strange problems running with Ubuntu helper images, most were DNS propagation issues
Docker has rootless containers, too, although I think Podman has slightly better options for unprivileged uid management.
Daemonless is appealing, especially for low-powered servers. Getting rid of Docker’s background resource usage is the main reason Podman is on my to-do list.
I imagine pods could be handy to reduce network configuration for related services.
I like that the tools exist to make Podman a drop-in replacement for Docker, including the building of containers.
I have no interest in systemd; I hope it’s optional.
I generally prefer podman to docker at this point for the reasons you stated. However, podman is not 100% compatible with docker, and I have run in to issues with a few tools, that were admittedly poorly written. Mostly around how they deal with file permission when move files in and out of containers.
