I would love to hear everyone’s opinion.
If you don’t have strong opinions one way or the other, then docker is the easy answer. Way, way more widespread, which generally tends to mean better docs, more guides and examples, more tooling and open-source support…
I use podman with the podman-docker compatibility layer and native docker-compose. Podman + podman-docker is a drop-in replacement for actual docker. You can run all the regular docker commands and it will work. If you run it as rootful, it behaves in exactly the same way. Docker-compose will work right on top of it.
I prefer this over native Docker because I get the best of both worlds. All the tutorials and guides for Docker work just fine, but at the same time I can explore Podman’s rootless containers. Plus I enjoy it’s integration with Cockpit.
I would say Docker. There is no substantial benefit in running podman, while docker is a widely adopted tool (which means more tooling in the ecosystem, easier to find answers to questions etc.). The difference is not huge tbh, and some time ago the biggest advantage for podman was being able to run rootless, while docker was stuck with a root daemon. This is not the case anymore (docker can run rootless), so I would say unless you have some specific argument to use podman, stick with docker.
I like podman because rootless and daemonless are built-in and default. Yes, it can be done on docker, but you have to do a bunch of shit to get it set up.
You could create the alias
alias docker="podman"and 99% of the time, you won’t even be able to tell the difference since podman is a docker drop in replacement. All the docker documentation applies to podman as well. But since docker runs as root by default, some edge cases might not work out of the box (like binding to a port on the host less than 1000).Podman comes with some neat tools like being able to create systemd service files to start and stop containers as services.
To use docker-compose, you’ll need some additional packages. That’s probably the biggest drawback to podman imo. Podman wants to use pods instead of docker-compose, but I think they gotta take their heads out of their asses and just support the more popular format on that one. Not to mention docker-compose is just plain better imo. Easier to define, easier to understand, easier to modify. The list goes on and on.
You could create the alias alias docker=“podman”
There’s even an official Debian package that takes care of this for you: https://packages.debian.org/bookworm/podman-docker
That package actually does a bit more than that! If you don’t need all the extras, then I say just add the alias and be done with it.
It depends on what you want. Do you want containers that don’t blow away your firewall? Podman is nice, but docker can be configured a little to avoid this. Want things that autostart and don’t have issues with entry points that attempt to play with permissions/users? Docker or podman as root is necessary. Want reasonable compose support? Podman now needs a daemon/socket. Want to make build containers and not deal with permission/user remapping at all? Podman is really nice.
Do not attempt to use podman-compose. That app is dead.
Unfortunately if you want to make tools that will be used by other people then you must add docker support. It just owns too much of the market.
I like podman more because people told me it was better and it just worked for me :P
I use Docker and it works for what I use it so I have no need to change it, maybe if in the future I have the need to use podman I would consider to change. But right now I’m not interested.
Whichever one you want.
Piggybacking on this… what’s the quickest way to deploy a docker container in Kubernetes short of having to hand create the deployment yaml? Or is that it, having to create one from scratch.
You have a bunch of options:
kubectl run $NAME --image=$IMAGEthis just creates a pod running the specific image. If you kill the pod, or it terminates, it won’t be run again. In general though, you probably want to do some customization before running (maybe you need volumes, secrets, env, ports, labels, securityContext, etc.) and for that you can simply let kubectl generate the boilerplate YAML and then simply make some edit:
kubectl run $NAME --image=$IMAGE --dry-run=client -o yaml > mypod.yaml # edit mypod.yaml kubectl create -f mypod.yamlYou can do the same with a
deploymentorstatefulset:kubectl create deployment $NAME -n $NAMESPACE [...] --dry-run=client -o yaml > deployment.yamlIn case you don’t need anything fancy, the
kubectl createsubcommand allows you to create simple workload, so probably that’s the answer to your question.You rock! Yeah I just wanted to run the image first before building out the whole framework around it. This is what I was looking for.
They both kind of suck in their own way.
If you want to things to run at startup and you’re not on systemd, rootless docker is probably easier.
Otherwise podman is mostly fine but be careful of native overlay if you’re not on BTRFS, this causes some pretty long build times.
Docker is a great choice with lots of good tutorials. I personally use podman since all my servers are now running Fedora server and podman is installed by default.
No love for kubernetes?
I think k8s is a different beast, that requires way more domain specific knowledge besides server/Linux basic administration. I do run it, but it’s an evolution of a need, specifically when you want to manage a fleet of machines running containers.
Can be ott yeah. I set mine up to understand how it all works and just kept things going.
Kubernetes? I’ve never even seen her netes.
What no love for Incus round these parts?
Because the lxc way is inherently different from the docker/podman way. It’s aimed at running full systems, rather than mono process containers. It has it’s use cases, but they are not as common IMHO.
Real men use Incus NixOS containers for reproducible builds instead of wimpy dockerfiles 😤😤
/s – for real though, I hope someday you finally remove the stick from where the sun doesn’t shine ;)
Did it sound cold? Because I didn’t mean that, I just meant to actually answer the question from my PoV. Just for the record, I also did not down vote you.
So yeah, use whatever footgun you prefer, I don’t judge :)
I would say podman by default. It has a better security architecture as it can run rootless.
However there are small differences from Docker so you may need use Docker if you are trying to run third-party services that rely on these differences.
Docker can run rootless too, see https://docs.docker.com/engine/security/rootless/
I use Docker exclusively. Podman is the NIH syndrome response to an industry standard. It has its benefits but Docker just works.
Podman wasn’t built due to NIH. Docker has real problems (though many have been fixed), and Podman was built to fix those.
Docker Engine is open source. They could’ve easily contributed patches to it which just further proves that it is a NIH syndrome response.
The Podman developers did contribute to Docker for a while before starting the project. Docker kept introducing issues and had some fundamentally bad design decisions that they didn’t want to change.
At least try to look into the history of these things before making broad and easily falsifiable statements.
