Last year I transitioned all of my personal projects to use podman. The biggest surface area was converting CI to use podman to build my docker files, but also changed out tooling to use it (like having kind use it instead of docker).
For the most part this worked without issue. The only snag I ran into was my CI provider can't use oci formatted images. Podman lets you select the format of image to build, so I was able to work around this using the `--format=docker` flag.
Has Podman become more user friendly in recent years? I gave it a go about three or four years ago now when Docker began their commercial push (which I don't have an issue with).
This was for some hobby project, so I didn't spend a ton of time, but it definitely wasn't as set-and-forget as Docker was. I believe I had to set up a separate VM or something? This was on Linux as the host OS too. It's been a while, so apologies for the hazy memory.
Or it's very possible that I botched the entire setup. In my perfect world, it's a quick install and then `podman run`. Maybe it's time to give it another go.
The only snag I hit regularly is me forgetting to set :z or :Z on my podman volumes to make it play well with SELinux.
I used to use docker compose, but migrated to podman quadlets. The only thing I miss is being able to define every container I run in a pod in the .pod file itself. Having it integrate with systemd is great.
I've found it very straight forward to work with. I run the cli on macOS to spin up ephemeral containers all the time for testing and simple tasks. Never had an issue.
In the spirit of the OP, I also run podman rootless on a home server running the usual home lab suspects with great success. I've taken to using the 'kube play' command to deploy the apps from kubernetes yaml and been pleased with the results.
The biggest difference in my (admittedly limited) experience, is that you need to start a "podman machine" before you can start running containers. This is architecturally different from Docker's use of a daemon, in ways I'm not qualified to explain in more detail.
It's an extra step, but not a painful one -- the default podman machine configuration seems to work pretty well out of the box for most things.
Honestly, for my use-case (running Subabase stack locally), it was seamless enough to switch that I'm a little surprised a bash script like this is necessary. On my Mac, I think it was simply `brew install podman` followed by `podman machine start` and then I got back to work as if I were still using docker.
By far the most tedious part of the switch was fully uninstalling Docker, and all its various startup programs & background processes.
Podman only requires `podman machine` if you're using a non-Linux system; this sets up a Linux VM in the background that all the actual containers run on. Docker does the same thing, though I think it sets it up for you automatically.
It's almost a perfect drop-in replacement for Docker so I don't see why it would be any less "set-and-forget".
I only ever found one thing that didn't work with it at all - I think it was Gitlab's test docker images because they set up some VMs with Vagrant or something. Pretty niche anyway.
The one edge case I know of (and have run into) is that podman push doesn't support the --all-tags flag. They have also said they do not plan to implement it. It's annoying because that flag is useful for CI scripts (we give multiple tags to the same build), but not the end of the world either.
I could not get LocalStack to work on Podman, to my chagrin. And no, doing the "sudo touch /etc/containers/nodocker" thing didn't solve it.
In fact, there is even a package "podman-docker" that will alias podman to docker so most of your commands will usually work without modification. (of course, there are always the edge cases)
On NixOS it was as trivial as `podman.enable = true;`. IIRC on Arch it was just a matter of installing the package.
It's all daemonless, rootless and runs directly with your host kernel so it should be as simple as it an application of this kind gets. Probably you followed some instructions somewhere that involved whatever the podman equivalent for docker-machine is?
This is mostly solved I think. I run Podman Desktop on macOS and just aliased Docker to Podman in zshrc and it just works for me. I don’t do any local k8s or anything crazy, but it works with my compose files. I’m going to guess there’s still rough edges if you want GPU passthrough or something with complex networking, but for a server and a database running together it matches Docker itself.
It is not user-friendly, but it works flawlessly once you get used to it.
I stayed away from docker all these years and tried podman from scratch last year after docker failed to work for a project I was experimenting with.
Took an hour to read various articles and get things working.
One thing I liked was it does not need sudo privileges or screw with the networking.
My container using is admittedly pretty simplistic (CRUD app with some REST services), but after initial setup I've found it to be extremely reliable and simple to use. They strive for 1:1 docker compat so I think it should be pretty easy to migrate.
Podman looks cool, is there any equivalent of Watchtower (https://containrrr.dev/watchtower/) for Podman?
GitHub issue for podman support, here: https://github.com/containrrr/watchtower/issues/1060
Podman is interesting as well because it can run Kubernetes yamls (to a small extent) which can be handy.
To mirror some of the other comments here: I've had decent success in using podman for my local dev setup (postgres, redis, ...).
I did run into one issue though. Rootless mode isn't supported (or at least easy to setup) when the user account is a member of an active directory (or whatever Linux equivalent my work laptop is running).
Though root mode works, I can't use podman desktop and I have to sudo every command.
just a pro tip "if it aint broken dont fix it" if you have a working docker file(s) do not migrate unless there is a ground breaking need
Security might be such a need, but that depends on how important that is for you. On top, docker auto-fiddles with your firewall.
Does Podman have a swarm counterpart, or does running services still effectively require configuring systemd and then switching to kubernetes for multi-machine?
Last I checked there's no native swarm equivalent in podman. Your best bet is nomad (much simpler than k8s if you want to spin some local setups) or kubernetes.
kubernetes
Podman can work with local pods, using the same yaml as for K8s. Not quite docker swarm, but useful for local testing IME when k8s is the eventual target.
Eh, starting with k8s just because I might want kubernetes in five years is a hard sell, given how easy swarm is to setup. devops that does not fulfill an immediate business need should be delayed because that labor is hella expensive.
No to the first, yes to the second. Podman has a daemon mode that works like like the Docker daemon, no systemd necessary.
> Podman has a daemon mode ...
Can you provide any documentation about that?
They're probably referring to the podman.socket, which isn't quite like a daemon-mode but means it can emulate it pretty well. Unless there is some daemon mode I missed that got added, but I'd be rather surprised at that.
Yep!
https://docs.podman.io/en/latest/markdown/podman-system-serv...
In places where you're doing a `dnf install podman` all you typically need to do is start the service and then point either the podman cli or docker cli directly at it. In Fedora for example it's podman.service.
I honestly prefer using the official docker cli when talking to podman.
What if I'm using docker-compose?
Or just use docker compose with podman. There's a section in arch's doc about that https://wiki.archlinux.org/title/Podman
There are options, but my experience has not exactly been positive.
I never tried Podman. I guess the benefit is that it runs on demand and not as a always on demon?
How does one install podman on Debian and how does one get a Debian image to run inside podman?
Runs on demand, doesn't require root, can be nested, usually uses newer and simpler primitives (e.g. a few nftables rules in Podman vs iptables spaghetti in Docker). In my experience it is ~90% compatible with Docker. The author explains the practical differences in the blog post https://www.edu4rdshl.dev/posts/from-docker-to-podman-full-m...
It is usually easier to install - most distros ship relatively recent version of Podman, while Docker is split between docker.io (ancient), docker-ce (free but non in repos) and docker-ee.
Not everything is rosy, some tools expect to be talking to real Docker and don't get fooled by `ln -s docker podman`. But it is almost there.
Regarding Debian, just `sudo apt install podman && podman run -it debian` - see https://wiki.debian.org/Podman
Careful, the version in Debian 12 is old and apparently just barely predates the "good" versions.
I had so many problems that I went back to Docker, because current Podman didn't seem to be trivially installable on Debian 12.
In general, if one is happy to run very old versions of software Debian can be your driver. If not, you are in for pain in my experience. (That is also why Ubuntu as default Linux is a tragedy, old bugs and missing features mean that it is not really attractive to officially support Linux for vendors.)
What’s the point of using a distribution if you need to find back ports or build your own? Distros are, after all, mostly collections of installable software.
I did not have this same experience, all my VPS successfully run Debian’s podman package with zero issue running containers.
Glad to hear. When I brought it up somewhere I got exact the "oh you're running 4.x - we also had that problem, but 5 works fine".
1) Podman is available in default debian repos. https://packages.debian.org/bookworm/podman
2) `podman run --entrypoint="" --rm -it debian:stable /bin/bash`
in most instances you can just alias docker to podman and carry on. It uses OCI formatted images just like docker and uses the same registry infrastructure that docker uses.
Where does it pull the Debian image from?
I would think the Docker infrastructure is financed by Docker Inc as a marketing tool for their paid services? Are they ok when other software utilizes it?
Installing `podman-docker` will do the aliasing for you.
And you can use systemd to be their supervisor via quadlet: https://www.redhat.com/en/blog/quadlet-podman
> I guess the benefit is that it runs on demand and not as a always on demon?
Podman has much better systemd integration: https://www.redhat.com/en/blog/quadlet-podman
apt install podman
podman run -it debian bash
Just read the source code.
Script does almost all of the things required for the "existing docker containers", migrating networks, blocks, restart mech,etc, that leaves out just one thing migrating any other third party script utilizing docker to podman based instructions. This would highly improve the experience. Goodluck
If you are using docker in this carefully assembled stateful way - you are doing it wrong. You should be using docker via scripts and IaaS tooling that will assert your desired setup from some kind of configuration. Meaning, you should be able to easily blow all of that away and recreate it with a single script. Likewise, a transition to podman should involve adjusting your scripts to re-assert that plan against podman instead of docker.
This is a cool tool for the decrepit hand-configured server with no documentation that has been running since 2017 untouched and needs an update... but I would encourage you to not fall into this trap to begin with.
Yeah in theory. In practice that never happens for anything other than a vercel app.
Why do people consistently like to make their lives harder in software engineering?
programmers ("developers," if you prefer) have trouble with "second order" thinking. we integrate X technology in Y way, maybe with some Z optimization, and that'll solve the problem.
okay, but, like... will it?
is there new maintenance stuff you've completely ignored? (I've noticed this is more common when maintenance is someone else's job.) is it completely new and none of us know about so we get blindsided unless everything goes exactly right every time? do we get visibility into what it's doing? can we fix it when (not if, when) it breaks? can everyone work on it or is it impossible for anyone but the person who set it up? they're good at thinking up things that should fix the problem but less good at things that will.
I'm a fan of cross-functional feature teams because others in the software engineering ecosystem like QA, systems people, ops, etc. tend not to have this problem. programmers are accountable to the other stakeholders up front, bad ideas are handled in real time, and- this is the most important part- everyone learns. (I won't say all systems people are cantankerous bastards... but the mistakes they've harangued me for are usually the mistakes I don't make twice.)
Same here. I migrated maybe 5-6 projects from docker to buildah and podman about 2 years ago and never looked back.
Unlike other posts I've seen around I haven't really encountered issues with CI or local handling of images - though I am using the most bare bones of CI, SourceHut. And I actually feel better about using shell scripts for building the images to a Dockerfile.
Oh hey! I have used your activity pub library, it's very nice :)
That's a pretty cool migration story! I've been meaning to give podman a more serious look. The OCI image format issue is good to know about – hadn't considered that compatibility angle. I'm curious, did you notice any performance differences in your CI builds after switching?
Its been a while, so all my telemetry has since expired, but there was no meaningful difference in time.
I was prepared to roll it all back, but I never ended up running into problems with it. It's just something that happens in the background that I don't have to think about.