Is it time to switch from Docker to Podman?
ฝัง
- เผยแพร่เมื่อ 18 พ.ค. 2024
- In this video, we will be exploring an alternative to Docker - Podman. With its claims of being faster, more secure, and compatible, it's time to see if Podman is a mature alternative to Docker. We'll also discuss its recently released Podman Desktop Application and its exciting features, as well as the possibility of switching from Docker to Podman.
References
- Podman: podman.io
- Podman Desktop: podman-desktop.io
________________
💜 Support me and become a Fan!
→ christianlempa.de/patreon
💬 Join our Community!
→ christianlempa.de/discord
________________
Read my Tech Documentation
christianlempa.de/docs
My Gear and Equipment-*
christianlempa.de/kit
________________
Timestamps:
00:00 Introduction
01:10 What is Podman?
04:39 Podman Desktop
07:28 Why Podman is so great
09:27 How to create Pods
12:28 Where Docker is still ahead
14:56 Final Thoughts
________________
All links with `*` are and/or include affiliate links. - วิทยาศาสตร์และเทคโนโลยี
![[LIVE] : ONE ลุมพินี 63 วันนี้!! คู่เอก "ยอดภูผา vs โซเนอร์"](http://i.ytimg.com/vi/RGVmBsegKEI/mqdefault.jpg)
I switched from Docker to Podman since few months, never looked back. Had some headaches to convert some containers but it is very reliable and compatible with kubernetes.
cool, I might try it too :)
What orchestration tool do you use?
Do We require to recreate the existing containers from docker to podman while shifting from docker to podman? Or we have something to migrate to those containers?
@@sridharkumar9462 you can recreate them keeping the config folder.
@@sridharkumar9462Podman 100% supports OCI compatible containers, so if you didn't create your container with something very Docker specific it will conform to the open container format and is then supported by Podman. No migration needed.
I've been using Podman for years now. I really appreciate that its user namespaced and doesn't require a daemon to run. Thanks for covering it! Hope to see more tech youtubers dropping "Docker" when talking about containers and just referring to them as containers. Docker's not the only game in town.
Sounds awesome! Yeah, maybe I should do more topics around podman :)
What's so great about not having a daemon running ? There are hundreds of processes running on your machine at any given time, why bother about one more ?
because they actually only used Docker...
Yes. Well, kindof. The thing is that the term container is a lot more used by other tools too, that are not compatible with Docker like containers (forgot the official name for them).
@@emptystuff1593 Because if the docker daemon crashes for whatever reason all the containers are going down with it. This is the same reason why updating docker is a pain. Podman doesn't have this type of single point of failure.
That is a bit of the finger to docker. I love that! Docker went the Oracle route, and tries to charge every corporation user with a docker desktop license. Portman looks super simple and never unterestimate the security aspect.
Podman is originally developed by Red Hat, and we all know what happened to the Red Hat drama.
Ups...that was a strong argument to stay away from this project? @@_vr
@@_vr that it was overblown and mostly FUD?
and Redhat went the corporate route as well
@@_vr what drama??
The big advantage Podman Desktop has over Docker Desktop is the licensing for enterprise use. PD is FOSS (Apache 2.0 license), where DD is only "free for small businesses (fewer than 250 employees AND less than $10 million in annual revenue), personal use, education, and non-commercial open source projects. Otherwise, it requires a paid subscription for professional use. Paid subscriptions are also required for government entities."
I have nothing against a company trying to make money off of their work, but the fact that it is a subscription-only really rubs me the wrong way. Let me buy a copy that is mine forever and leave me alone.
Switched to Podman 2 years ago now, never looked back! Thanks for the video.
Sounds awesome! :)
Finally. Been using some of your videos to implement with podman for the reasons you have mentioned. Never have had any issues with podman-compose btw. Keep up the superb work. Cheers.
Switched in April 23 when I moved to Fedora. Difference is it can be backup-ed and restored from tars and it needs dealing with effective user and group IDs and creating user session during system startup and there are some special commands to move files into and from volumes.
This is an excellent video! I’ve also been debating on trying Podman and I think this definitely helped. I will definitely be giving it a try for local container testing.
Glad it was helpful!
Thank you for pointing out this. I am pretty sure it helps the community! Best Regards!
I wanted to get into containers, but could not risk installing docker desktop on my work pc due to any license consequenses. Really happy with podman! Can do everything i see people doing with docker.
I used Podman last year at my then-employment. I see a lot of improvements. That is very much welcome. Nice app. A good replacement for Docker Desktop, which is what makes many companies not wanting to use Docker. Podman UI really is cleaner.
Thanks for the demo and info, have a great day
Thanks! you too :)
Great video, thanks, I'm going to try podman tomorrow at work and see how it also fares at building and pushing docker images :)
Thank you so much :)
I’m made to switch from docker to Podman about a year ago, I issue have most of the time is a hard coded docker deamon socket in some projects, making a symlink + activating the podman socket will do the trick most of the time. Running podman rootless by default and managing containers as systemd services is a great features
Yep, the systemd feature is nice! I will have a look at it.
Honestly, I never thought about changing from Docker to Podman, but this POD creation is really catching my attention, I had some experience building sidecars for containers and is a PITA to test it locally with docker. Awesome content.
Of course there is always nerdctl as the CLI and Rancher Desk as the GUI. Nerdctl can be run either rootful, or rootless and does more then Podman or Docker as an interface to containerd.
I’ve started to play around with Podman just to see what it’s like. I recently discovered that you can generate a Kubernetes v1 yaml file from an existing Podman pod or container. This is good because I can run my existing docker compose files on Podman to create the containers. I then use “podman kube generate” to build a Kubernetes yaml file from my existing container setup. Maybe my method is not very practical but to me it’s still pretty cool. 🙂
Awesome :D
This is great. It's just eat I need for a project I'm working on. Tnx
Brother's you always provide good content for us thanks for such type of informative content...
thank you so much :)
Very focused on Desktop usage on Win and Mac.
Migrating from Docker to Podman is a headache! Especially if you use docker compose!
I made the swich like two years ago, start to use inmutable linux distros and they comes with Podmam by default, using distrobox also has been a game changer for me.
About the Portainer and Podman Desktop thinks, i really dont use any of them
using podman exclusively since 3 years. Running rootless just rocks on our prod servers but also locally on my laptop.
Your head looks very smooth. Very nice.
Gae
You said 'rootless' and I immediately got confused with the older use of that term from X-Windows. Thanks for the flashback! 🙂
:D
I currently use Podman for all my containers. However, I found one things which is a tremendours headache with Podman: It doesn't play nice with NFS mounts. NFS assumes UIDs are synced between server and client, and the whole subuid things totally flies in the face of that. I just said "screw that" and just mounted my storage using iSCSI... but that comes with a whole set of new problems 😂
Exactly the same reason why I'm still using docker.
What do you use to theme your terminal? I would love to achieve something similar on Linux. The separators between commands really work well with my brain.
many network issue on windows. 1. port redirct not registered in firewall so the port cannot be accessed from other device 2. cannot access port on parent so it is the best to deploy basic service like redis, mysql etc on podman
Think I'll stick with Docker for now but pretty interested especially given the integration of docker-compose types of container deployments. Think i'll spin up a test VM and give Podman a try. Also.. Docker Scout video, Please and thank you!
Podman-compose is dead. Podman is 100% compatible with docker-compose. Been using it for a while now. Where I work, 95% of our servers are running RHEL. And podman is running in production without any issues. Start by enabling the podman socket:
systemctl enable --now podman.socket
Then export the following variable to make docker-compose communicate with podman instead of docker(put the export command in .bashrc or whichever shell you're using):
export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock
and that's it. You can use your regular compose files as usual with the docker-compose command.
thanks that's good feedback! :)
I've been using podman for distrobox
Podman is backed by Red Hat, and it also is known to step away from Kubernetes standards. Rancher Desktop is light years ahead, they support containerd instead of docker to be in line with Kubernetes baseline, it based on k3s/k3d, and somehow I trust SUSE more. And yes, it can also be a drop in replacement, and not just by way of mimicking Docker but actually using Docker CE with k3d instead of containerd/k3s for these who just develop apps and don’t care about 1:1 matching environment to real Kubernetes. And it comes with Compose and other plugins, yes.
I have a question about what security priority is appropriate for Linux vs Windows vs Mac OS
I like that podman can use quadlets, those are files under /etc/containers/systemd/ that look similar to compose. After systemctl daemon-reload, it will create a system service you can start and will auto start on the next reboot. Podman could always generate system services, but this way it regenerated with the latest systemd version and not onetime.
awesome! didn't know that
yea these things are awesome. My homeserver is solely based on quadlets(now called podman systemd units).
AFAIK, docker is also using namespace separation, main vulnerability is misconfiguration or providing excessive privileges for the container. I suppose the same happens in podman as well.
One key difference is Podman defaults to rootless with SELinux enabled, Docker defaults to rootful with SELinux disabled.
@@danielwalsh2363 Thanks, will take a closer look at Podman.
Great video, now I would like to try Podman XD
You should! :)
for mac silicon user, I switched from Docker to Orbstack for better performance since it use rosetta instread on qemu
Docker has an option to use rosetta as well. You just need to enable it in the settings
Ive been using podman instead of docker for a while now and its served its purpose excellently. The only annoyance i have wkth it is i csn't just set containers to restart: always and have them come up on the boot of the host. I know i can generate systemd files to do this or use quadlet to make simpler syatemd files but both of those require extra setup whereas under docker I could simply set the restart parameter and the containers would start on boot
If you set the restart policy on containers to always, then they should start automatically on boot. You might need to enable the restart services though.
/usr/lib/systemd/system/podman-restart.service
/usr/lib/systemd/user/podman-restart.service
@@danielwalsh2363 interesting. I had searched for how to do this and the only thing that came up was generating systemd unit files for every container which I didn't really want to do. I didn't know there was a restart service. I will have a look at that, thank you!
Hi Christian, thanks for great explanation. but, may i know how and what is the configuration of your terminal so the result are displayed on the bottom while the input is still in the top ? thanks
Warp
With docker desktop I need to be logged in to run my containers in Windows. With podman will it run more like service so I can reboot and expect pods to run straight away?
Are all problems with devcontainer from VSCode solved? Can you now use podman with devcontainers?
Thank you.
You're welcome!d
I've been interested in the security benefits of podman for a little while now, but I'm a bit worried about potential issues when trying to use podman to run a reverse proxy since you often see issues when you don't open ports 80 and 443 for them. I'd be curious to see a successful implementation of traefik in podman
Looking forward to a new series of Kubernetes video!!
Running a buch of docker containers on my servers, diden't hear about Podman before, gling to try it out.
A very interesting argument, I will look up to podman in the near future.
Another question: what terminal are you currently using?
It's warp terminal
so i should start learning podman as well?
I'm curious about the terminal application you use, is it Mac Exclusive?
same question.
OpenShift would be quite cool to see featured in a video, in particular it's open source version called OKD
I think I still need some time to understand openshift, but it would be nice, yes :D
OpenShift is a beast to setup, although it's constantly getting easier. It has a much harder day 1 experience than its competitors, but the day 2 operations of actually getting things deployed is much easier.
I love the video , I'm trying to use docker in freebsd but it is not officially supported and podman fits well for me can you please make a video on how to migrate docker container to podman it would be really helpful to actually consider giving it a shot.
Thank you! :)
the biggest upside to podman desktop over docker desktop is it's currently fully opensource and free use both at home and commercially where as docker desktop is no longer free for commercial uses. Where I say currently opensourse about podman given redhats recent actions I wouldn't be surprised if they monetised podman desktop. On a server level though docker is still ahead of podman due to it's swarm mode to allow for scaleable and high available clustering if you didn't want to run a k8s cluster on prem that is (still working on my employer with that 😀).
I'm not so interested in being fully open source or the licensing, TBH :/ The technical bits and pieces are, what makes it interesting for me.
I switched from Docker to Orbstack, some grails tests (from the language groovy) running through a docker desktop it takes 3 minutes and running through orbstack it takes 1 minute
sounds also nice
Yes, Docker Scout for SBOM please !!
It all come down to user choose or they can try two way while working on their projects. It nice to expand some skills.
true
Good video as usual. 👌
Appreciate that
Pretty cool stuff. I’m currently reading through Podman documentation from Red Hat learning how to use it.
Nice!
1:47 In keeping with its mascot, PodMan has seal-eye tools. 🥁📀 (I'll show myself out.)
Hi there, this is a very good video for me. Help me to understand a lot about docker and podman. But I am very curious about the screensaver on your Mac. Could you tell us how to get one of that?
thanks :) it's just "cmatrix" in the terminal
I did the reverse, I was using podman for a year or so but really never got into the advanced features due to having to fight with SELinux and stuff like that to get various software running and it was rootful anyway.
I know docker is a little bit less secure, though is there really a difference when comparing both used in root mode?
At the end of the day, a docker installation is just easier to maintain when there is a much bigger community around it
interesting!
Been using pod man in prod since 2020.
Hi, thanks for the video - what editor are you using to create the yml-file?
it looks like vscode to me, but most IDE's have some kind of yaml syntax highlighting
Vscode
Thanks ! And how did you enable the autocompletion when you type in your code is vscode ?
I'm still getting first-hand experience with containers. I'd like to learn to be proficient with Podman more than Docker, but I haven't been able to find a single homelab project I'd want to do whose guide for deploying a container was written for Podman, lol.
I wonder if podman can use the HyperKit or vz or whatever it's called on MacOS 13+ and perhaps Hyper-V on Windows? I currently am using colima on MacOS M1 Max (MacOS 14) and it works like a charm.
Also as a software engineer, I am always thrilled to try features if I need them - certainly not in a commercial project I develop for on my day-job, but certainly in private.
I might replace docker with podman on my custom NAS at home.
Podman supports native virtualization on Mac and Hyper-V on Windows. Will switch to default to Native Virt on Mac in Podman 5.0, currently it defaults to QEMU on Mac. 5.0 is due to be released end of February
Podman binary seems to be updated only for redhat distribution. Other distro the version is quite old. Latest version of podman is 4.9 as of today.
openSUSE stays on top with their package updates. The current version as of today is the latest Podman stable release 5.0.1
I looked at podman last year... I was intrigued by the rootless/serverless running, but was stopped by the inability to use low-numbered ports. How do you set up a webserver or email server?
use high numbered ports
Port forwarding, a reverse proxy, or just running podman as root. You can also change system settings to allow non-root access to these ports (in sysctl, net.ipv4.ip_unprivileged_port_start)
I ran podman in my homelab and added the line in sysctl to allow podman to use low numbered ports. Works well!
there are two solutions to this problem, you run a firewall/gateway in front of it that exposes web and mail ports and proxies it to the app server
or you can run it in root mode, choice is yours :D
The company I work at recently dropped Docker because of the license issue and it’s been a pain in the ass. I’ll take a look at this
Cool, let me know how it goes
Can podman use the Docker Images in The Docker hub?
I personally use Rancher desktop which also supports Kubernetes.
looks interesting, also
one thing I don't much like about your videos is that you always focus on GUIs which is good for local development but not really important for real environments and real work where CLI commands are mostly used, that said, thanks for the introduction about podman I will definitely try it and read more about it.
Really? I always aim to balance GUI with CLI
@@christianlempa IDK but the last 4 notifications I received from your channel were all about GUI, GUI for ansible, GUI for managing containers,.....etc which doesn't pick my interest because I never use GUI for those kins of tasks even om my local laptop, maybe that's just me maybe other people are liking that, just wanted to share my thoughts
@@bashardlaleh2110 thanks! I appreciate your feedback, and you're right. I think GUIs are always nice for beginners and Homelab people, that's why you see a lot of engagement on these videos. But don't worry, it won't become a beginner channel only, I still have some stuff coming up for CLI and terminal lovers :)
I need compose files and IDE Integrations. Therefore, docker is still my preferred solution.
13:15 are you having earthquake? :) Good video btw, thank you. That pod k8s functionality is what really made me consider trying podman.
lol, no it's because the camera is mounted to the desk, which is not ideal :D
I have one word. QUADLET. I've met the developer of Podman, and have attended a few of his seminars.
Nice video! Realy made me doubt now. Maby i'll run it beside docker te test fisrst,
Docker is stil a bit difficult
Especially bindmount propagation. Can you do a indept video about that?
What the heck is docker skout. sounds like a nice addition!
Again thanks for sharing :)
Thanks :) You should look at my docker course, it's gonna teach you everything! Hope to get part 3 out in the next 2 months
I love podman for using kube files directly instead of docker-compose
That's neat!
I'll try if CasaOS makes a podman version. 😅
Hey Christian, thanks. i run pod,an on a headless rhel server currently. Do you know if podman desktop can connect to a remote server?
I don't think so, but on a server you have plenty of options to manage it, with cli, automated or using a web ui
Podman supports the concept of connections over ssh, if you configure `podman system connection` to point at a remote server, you should be able to get Podman desktop to work with the remote server I believe. podman (--remote) at the CLI works fine with remote podman services over ssh.
Scout YES!❤
noted :D
My experience with Podman isn't as good as with Docker.
I feel like Podman is not fully finished, I have experienced some bugs with it.
Podman being daemonless can make some things more annoying.
You will have to create either cronjobs or systemd-timers to automatically start containers at boot, which Docker will do.
Also the Docker daemon is shared between users (which is probably why it's such a pain to do Docker rootless, though Docker can also do rootless containers AFAIK), Podman doesn't have such a synchronization.
This means, that every user will have to download or build their images anew, so if you switch between root (sudo) and your user, you may have to rebuild images more often than you thought.
And of course there's the gotchas you mentioned with ports etc, which can also make it painful to follow guides. I've also seen some subtle differences in how Podman build and Docker build interpret Docker images (such as the copy command, I beliefe the difference was how they treat directories with or without a following slash). Usually not to hard to work around, but difficult to spot, and can make it annoying if you want to distribute a containerfile to others that may have another engine, and are not super familiar with containers.
Why timers? A regular systemd unit works just fine to start containers at boot. Been doing that in SuSE's MicroOS for a while, works like a charm.
Was going to say, just use systemd units, or better yet the newer quadlets.
Unless something has changed recently, allowing access to the docker daemon is equivalent to root access (you can just run a privileged container and do whatever you want as root), so multiple users could just as well run podman with sudo to share images, or use the docker daemon emulation layer that provides a docker socket.
Most distros' podman package ships `podman-restart.service`. Enabling it is the easiest and laziest way to get your containers starting on boot.
If you want to do it "properly" though, use quadlets. You get all the benefits of a systemd-managed service with it too. Migrating is made easy thanks to the `podlet` project.
Unfortunately podman compose isn’t a replacement for docker compose and apparently not well maintained :( yes, it might support very very basic use cases, but if you have more than few lines of code in compose file most likely something won’t work (and good for you if you notice that because of an error, not silently ignoring fields from a file)
Pardon my ignorance, but what is the terminal app, shell, or config doing the isolated input and output 'frames'? And the gravy that is the IDE-like browsing of the command history.
it's called warp! new video is in the works :)
What auto complete tool were you using in VSCode at 10:30?
It's GitHub Copilot
I still need Docker 😢. I tried podman then use some image of bitnami, then I have to change ownership but podman cannot resolve as Docker, I always get permission denied :”(
Does PodMan offer NVIDIA CUDA support via WSL2?
I am currently using Windows Docker Desktop via WSL2 to run multiple containers to execute CUDA applications (Whisper + Piper + Llama2)
No idea :/ haven't tested it
@@christianlempa GPU (CUDA) support is great on WSL, but difficult to setup.
Struggled with podman networking vs docker. Docker simple to create a private bridge network that a few containers connect to. Podman pod networks expose all listening ports to public.
Did you open an issue on this? This could be a difference between rootless and rootful, Docker runs rootful by default and Podman rootless. You are more limited in networking in rootless mode.
Interesting argument!
Little curiosity: were we can get that awesome Matrix animated wallpaper?
it's just "cmatrix" in the terminal :)
random question : what shell are you using , it looks fantastic !
I'm using ZSH on Warp terminal :)
Hi Christian, are you running on an Apple Silicon machine? If so what steps did you take to get it installed? I've tried repeatedly to get it working on an Apple Mac Mini M1, but each time it is crashing because the `podman machine init` step insists on grabbing the x86_64 version of the VM rather than the aarch64 version.
Maybe try to contact support, it worked on my machine
@@christianlempa Thanks for the reply! Turns out I downloaded the Intel version of the CLI by mistake. I saw that the web page showed the Desktop app as a Universal app, and I assumed that applied to the CLI as well. In the words of a wise man, Doh! 😉
@@carlcaulkett3050 ahhh, glad you solved it ;)
Podman is better if u dont use in Windows whit wsl2. Since wsl2 has a bug where c mounted volume is painfull slow
We use Ubuntu at work and the only issue I have with podman right now is Ubuntu is stuck on Podman version 3.4.4.
Yeah, Ubuntu doesn't seem to be the best distro for running Podman, it's clearly the favorite in the RHEL space (because it's created by RHEL devs :D)
Yes bring on scout
good idea :D
Do a video about Jobs, Cron Jobs, Daily Schedules the best softwares to use in a homelab with web panels
Good idea, let's find a way it's gonna be attracting to people on YT :D
I am on Mac OSX Sonoma with M1
cool!
The kubernetes yaml is interesting, is docker desktop doing that?
no, it focuses on docker compose
you can also alias docker to podman so you don't even have to remember to type podman
I'm not a big fan of this, but sure, it's also possible :)
If you want to use a port lower that 1024 without running as root, then you can redirect traffic from a one port to another via a firewall rule.
Here is the example for iptables.
```sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -j REDIRECT --to-port 2121```
that's a nice trick! thanks for sharing :)
I would love to switch but podman networking still has some major issues - for me at least.
Please report these flaws? Have you tried Podman with the netavark back end?
@@danielwalsh2363The ticket(s) are open - they just don't seem considered high priority.
@@danielwalsh2363 netavark sounds interesting. You have experience with it? Would you run it in production?
Unfortunately does of us who manage thousands of docker container applications cannot simply abandon docker when a new challenger comes along: and there will be many appearing in the next decade.
Try compatibility mode in Podman Desktop. Most of my docker commands and tools still work fine.
But you can use kubernets yamls instead for docker compose files and podman does not run as root by default!
Good video.
Thanks!
🎉
Does anyone know which extension for VSCode Christian uses to help write Kubernetes configs? The one I'm currently using is not great and what I saw here looked promising
If you're talking about the auto-complete/suggestions, that's just Copilot.