I've been using Podman for years now. I really appreciate that its user namespaced and doesn't require a daemon to run. Thanks for covering it! Hope to see more tech youtubers dropping "Docker" when talking about containers and just referring to them as containers. Docker's not the only game in town.
What's so great about not having a daemon running ? There are hundreds of processes running on your machine at any given time, why bother about one more ?
Yes. Well, kindof. The thing is that the term container is a lot more used by other tools too, that are not compatible with Docker like containers (forgot the official name for them).
@@emptystuff1593 Because if the docker daemon crashes for whatever reason all the containers are going down with it. This is the same reason why updating docker is a pain. Podman doesn't have this type of single point of failure.
I switched from Docker to Podman since few months, never looked back. Had some headaches to convert some containers but it is very reliable and compatible with kubernetes.
Do We require to recreate the existing containers from docker to podman while shifting from docker to podman? Or we have something to migrate to those containers?
@@sridharkumar9462Podman 100% supports OCI compatible containers, so if you didn't create your container with something very Docker specific it will conform to the open container format and is then supported by Podman. No migration needed.
That is a bit of the finger to docker. I love that! Docker went the Oracle route, and tries to charge every corporation user with a docker desktop license. Portman looks super simple and never unterestimate the security aspect.
The big advantage Podman Desktop has over Docker Desktop is the licensing for enterprise use. PD is FOSS (Apache 2.0 license), where DD is only "free for small businesses (fewer than 250 employees AND less than $10 million in annual revenue), personal use, education, and non-commercial open source projects. Otherwise, it requires a paid subscription for professional use. Paid subscriptions are also required for government entities."
I have nothing against a company trying to make money off of their work, but the fact that it is a subscription-only really rubs me the wrong way. Let me buy a copy that is mine forever and leave me alone.
Honestly, I never thought about changing from Docker to Podman, but this POD creation is really catching my attention, I had some experience building sidecars for containers and is a PITA to test it locally with docker. Awesome content.
I used Podman last year at my then-employment. I see a lot of improvements. That is very much welcome. Nice app. A good replacement for Docker Desktop, which is what makes many companies not wanting to use Docker. Podman UI really is cleaner.
I’ve started to play around with Podman just to see what it’s like. I recently discovered that you can generate a Kubernetes v1 yaml file from an existing Podman pod or container. This is good because I can run my existing docker compose files on Podman to create the containers. I then use “podman kube generate” to build a Kubernetes yaml file from my existing container setup. Maybe my method is not very practical but to me it’s still pretty cool. 🙂
I wanted to get into containers, but could not risk installing docker desktop on my work pc due to any license consequenses. Really happy with podman! Can do everything i see people doing with docker.
Switched in April 23 when I moved to Fedora. Difference is it can be backup-ed and restored from tars and it needs dealing with effective user and group IDs and creating user session during system startup and there are some special commands to move files into and from volumes.
I was going to switch to Podman, but then I was overtaken by a compatibility problem with the devcontainer in vscode, which is why the migration plans had to be postponed on my work PC. But among the newer solutions, I’m currently trying finch from AWS, which uses lima, nerdctl internally. I recommend you try it. Thank you for the video.
Finally. Been using some of your videos to implement with podman for the reasons you have mentioned. Never have had any issues with podman-compose btw. Keep up the superb work. Cheers.
Think I'll stick with Docker for now but pretty interested especially given the integration of docker-compose types of container deployments. Think i'll spin up a test VM and give Podman a try. Also.. Docker Scout video, Please and thank you!
Podman-compose is dead. Podman is 100% compatible with docker-compose. Been using it for a while now. Where I work, 95% of our servers are running RHEL. And podman is running in production without any issues. Start by enabling the podman socket: systemctl enable --now podman.socket Then export the following variable to make docker-compose communicate with podman instead of docker(put the export command in .bashrc or whichever shell you're using): export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock and that's it. You can use your regular compose files as usual with the docker-compose command.
I’m made to switch from docker to Podman about a year ago, I issue have most of the time is a hard coded docker deamon socket in some projects, making a symlink + activating the podman socket will do the trick most of the time. Running podman rootless by default and managing containers as systemd services is a great features
This is an excellent video! I’ve also been debating on trying Podman and I think this definitely helped. I will definitely be giving it a try for local container testing.
I like that podman can use quadlets, those are files under /etc/containers/systemd/ that look similar to compose. After systemctl daemon-reload, it will create a system service you can start and will auto start on the next reboot. Podman could always generate system services, but this way it regenerated with the latest systemd version and not onetime.
I just had the task to setup gohabor on Ubuntu and this was unstable under Docker (crash of containers after 1-2 days, usually during system updates). Then I noticed Ubuntu does not support the Quadlets of Podman because of the missing systemd-generate tool. You can generate the system services for systemd with catatonit but not from quadlets, at least I couldn't figure it out on 22.04 or 24.04. The tool podlet is really cool and lets you generate quadlet files from docker-compose or running containers. I ended up using Podman-Compose on a slightly adjusted docker-compose.yml file and this runs more stable than under Docker.
I currently use Podman for all my containers. However, I found one things which is a tremendours headache with Podman: It doesn't play nice with NFS mounts. NFS assumes UIDs are synced between server and client, and the whole subuid things totally flies in the face of that. I just said "screw that" and just mounted my storage using iSCSI... but that comes with a whole set of new problems 😂
Podman is backed by Red Hat, and it also is known to step away from Kubernetes standards. Rancher Desktop is light years ahead, they support containerd instead of docker to be in line with Kubernetes baseline, it based on k3s/k3d, and somehow I trust SUSE more. And yes, it can also be a drop in replacement, and not just by way of mimicking Docker but actually using Docker CE with k3d instead of containerd/k3s for these who just develop apps and don’t care about 1:1 matching environment to real Kubernetes. And it comes with Compose and other plugins, yes.
OpenShift is a beast to setup, although it's constantly getting easier. It has a much harder day 1 experience than its competitors, but the day 2 operations of actually getting things deployed is much easier.
Of course there is always nerdctl as the CLI and Rancher Desk as the GUI. Nerdctl can be run either rootful, or rootless and does more then Podman or Docker as an interface to containerd.
I've been using Jenkins running under Docker for a few years with Dind such the build tools (Like Java and Maven) themselves run as Docker containers. I've started using the Kubernetes Jenkins plugin so that those same containerized build tools are now running as Kubernetes pods. Well the problem is that in order to support multi-arch container builds I'm using the Jenkins Docker Pipeline plugin and docker buildx to build the multi-arch images and that seems problematic for running under Kubernetes. So now I'm working on using a containerized install of Podman which I'll be able to invoke as a Jenkins Inbound Agent to be able to do my multi-arch container builds as Kubernetes pods. Once all that is accomplished I'll end up moving Jenkins from Docker to Kubernetes.
the biggest upside to podman desktop over docker desktop is it's currently fully opensource and free use both at home and commercially where as docker desktop is no longer free for commercial uses. Where I say currently opensourse about podman given redhats recent actions I wouldn't be surprised if they monetised podman desktop. On a server level though docker is still ahead of podman due to it's swarm mode to allow for scaleable and high available clustering if you didn't want to run a k8s cluster on prem that is (still working on my employer with that 😀).
one thing I don't much like about your videos is that you always focus on GUIs which is good for local development but not really important for real environments and real work where CLI commands are mostly used, that said, thanks for the introduction about podman I will definitely try it and read more about it.
@@christianlempa IDK but the last 4 notifications I received from your channel were all about GUI, GUI for ansible, GUI for managing containers,.....etc which doesn't pick my interest because I never use GUI for those kins of tasks even om my local laptop, maybe that's just me maybe other people are liking that, just wanted to share my thoughts
@@bashardlaleh2110 thanks! I appreciate your feedback, and you're right. I think GUIs are always nice for beginners and Homelab people, that's why you see a lot of engagement on these videos. But don't worry, it won't become a beginner channel only, I still have some stuff coming up for CLI and terminal lovers :)
I'm still getting first-hand experience with containers. I'd like to learn to be proficient with Podman more than Docker, but I haven't been able to find a single homelab project I'd want to do whose guide for deploying a container was written for Podman, lol.
4:36 For me lack of proper support of compose files was the only reason which stopped me from using podman some time ago. I don't like imperative docker, i like to use compose files much more, even for simple apps. When i tried podman it still had some issues with some yaml sections about resources limits and so on (don't remember exactly) and also with .override files. But it was few years ago, maybe it's time to give it another chance
I switched from Docker to Orbstack, some grails tests (from the language groovy) running through a docker desktop it takes 3 minutes and running through orbstack it takes 1 minute
many network issue on windows. 1. port redirct not registered in firewall so the port cannot be accessed from other device 2. cannot access port on parent so it is the best to deploy basic service like redis, mysql etc on podman
AFAIK, docker is also using namespace separation, main vulnerability is misconfiguration or providing excessive privileges for the container. I suppose the same happens in podman as well.
I've been interested in the security benefits of podman for a little while now, but I'm a bit worried about potential issues when trying to use podman to run a reverse proxy since you often see issues when you don't open ports 80 and 443 for them. I'd be curious to see a successful implementation of traefik in podman
Ive been using podman instead of docker for a while now and its served its purpose excellently. The only annoyance i have wkth it is i csn't just set containers to restart: always and have them come up on the boot of the host. I know i can generate systemd files to do this or use quadlet to make simpler syatemd files but both of those require extra setup whereas under docker I could simply set the restart parameter and the containers would start on boot
If you set the restart policy on containers to always, then they should start automatically on boot. You might need to enable the restart services though. /usr/lib/systemd/system/podman-restart.service /usr/lib/systemd/user/podman-restart.service
@@danielwalsh2363 interesting. I had searched for how to do this and the only thing that came up was generating systemd unit files for every container which I didn't really want to do. I didn't know there was a restart service. I will have a look at that, thank you!
Unfortunately podman compose isn’t a replacement for docker compose and apparently not well maintained :( yes, it might support very very basic use cases, but if you have more than few lines of code in compose file most likely something won’t work (and good for you if you notice that because of an error, not silently ignoring fields from a file)
Unfortunately does of us who manage thousands of docker container applications cannot simply abandon docker when a new challenger comes along: and there will be many appearing in the next decade.
What do you use to theme your terminal? I would love to achieve something similar on Linux. The separators between commands really work well with my brain.
Podman being daemonless can make some things more annoying. You will have to create either cronjobs or systemd-timers to automatically start containers at boot, which Docker will do. Also the Docker daemon is shared between users (which is probably why it's such a pain to do Docker rootless, though Docker can also do rootless containers AFAIK), Podman doesn't have such a synchronization. This means, that every user will have to download or build their images anew, so if you switch between root (sudo) and your user, you may have to rebuild images more often than you thought. And of course there's the gotchas you mentioned with ports etc, which can also make it painful to follow guides. I've also seen some subtle differences in how Podman build and Docker build interpret Docker images (such as the copy command, I beliefe the difference was how they treat directories with or without a following slash). Usually not to hard to work around, but difficult to spot, and can make it annoying if you want to distribute a containerfile to others that may have another engine, and are not super familiar with containers.
Unless something has changed recently, allowing access to the docker daemon is equivalent to root access (you can just run a privileged container and do whatever you want as root), so multiple users could just as well run podman with sudo to share images, or use the docker daemon emulation layer that provides a docker socket.
Most distros' podman package ships `podman-restart.service`. Enabling it is the easiest and laziest way to get your containers starting on boot. If you want to do it "properly" though, use quadlets. You get all the benefits of a systemd-managed service with it too. Migrating is made easy thanks to the `podlet` project.
I made the swich like two years ago, start to use inmutable linux distros and they comes with Podmam by default, using distrobox also has been a game changer for me. About the Portainer and Podman Desktop thinks, i really dont use any of them
If you want to use a port lower that 1024 without running as root, then you can redirect traffic from a one port to another via a firewall rule. Here is the example for iptables. ```sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -j REDIRECT --to-port 2121```
I love the video , I'm trying to use docker in freebsd but it is not officially supported and podman fits well for me can you please make a video on how to migrate docker container to podman it would be really helpful to actually consider giving it a shot.
If you run single containers as services - Podman is great. If you spin up applications as integrated services there is no better solution than docker compose
You can run docker-compose files in podman. I've been able to deploy stacks from portainer with podman. The compose files were originally designed for docker and most of them required no changes. The only change I had to make to some of them was point it at the podman sock instead of the docker sock
Hi Christian, thanks for great explanation. but, may i know how and what is the configuration of your terminal so the result are displayed on the bottom while the input is still in the top ? thanks
Podman doesn’t work with the :Z option on OSX which makes it incompatible with Ansible-navigator There is a known issue that won’t be fixed. If you need Ansible on OSX then you need docker not podman
Docker must have SELinux disabled, you can disable SELinux separation for Podman as well, so you can use it. Please point to the issue you are talking about not working on OSX?
I did the reverse, I was using podman for a year or so but really never got into the advanced features due to having to fight with SELinux and stuff like that to get various software running and it was rootful anyway. I know docker is a little bit less secure, though is there really a difference when comparing both used in root mode? At the end of the day, a docker installation is just easier to maintain when there is a much bigger community around it
Nice video! Realy made me doubt now. Maby i'll run it beside docker te test fisrst, Docker is stil a bit difficult Especially bindmount propagation. Can you do a indept video about that? What the heck is docker skout. sounds like a nice addition! Again thanks for sharing :)
Hi there, this is a very good video for me. Help me to understand a lot about docker and podman. But I am very curious about the screensaver on your Mac. Could you tell us how to get one of that?
I've been using Podman for years now. I really appreciate that its user namespaced and doesn't require a daemon to run. Thanks for covering it! Hope to see more tech youtubers dropping "Docker" when talking about containers and just referring to them as containers. Docker's not the only game in town.
Sounds awesome! Yeah, maybe I should do more topics around podman :)
What's so great about not having a daemon running ? There are hundreds of processes running on your machine at any given time, why bother about one more ?
because they actually only used Docker...
Yes. Well, kindof. The thing is that the term container is a lot more used by other tools too, that are not compatible with Docker like containers (forgot the official name for them).
@@emptystuff1593 Because if the docker daemon crashes for whatever reason all the containers are going down with it. This is the same reason why updating docker is a pain. Podman doesn't have this type of single point of failure.
I switched from Docker to Podman since few months, never looked back. Had some headaches to convert some containers but it is very reliable and compatible with kubernetes.
cool, I might try it too :)
What orchestration tool do you use?
Do We require to recreate the existing containers from docker to podman while shifting from docker to podman? Or we have something to migrate to those containers?
@@sridharkumar9462 you can recreate them keeping the config folder.
@@sridharkumar9462Podman 100% supports OCI compatible containers, so if you didn't create your container with something very Docker specific it will conform to the open container format and is then supported by Podman. No migration needed.
That is a bit of the finger to docker. I love that! Docker went the Oracle route, and tries to charge every corporation user with a docker desktop license. Portman looks super simple and never unterestimate the security aspect.
Podman is originally developed by Red Hat, and we all know what happened to the Red Hat drama.
Ups...that was a strong argument to stay away from this project? @@_vr
@@_vr that it was overblown and mostly FUD?
and Redhat went the corporate route as well
@@_vr what drama??
Switched to Podman 2 years ago now, never looked back! Thanks for the video.
Sounds awesome! :)
The big advantage Podman Desktop has over Docker Desktop is the licensing for enterprise use. PD is FOSS (Apache 2.0 license), where DD is only "free for small businesses (fewer than 250 employees AND less than $10 million in annual revenue), personal use, education, and non-commercial open source projects. Otherwise, it requires a paid subscription for professional use. Paid subscriptions are also required for government entities."
I have nothing against a company trying to make money off of their work, but the fact that it is a subscription-only really rubs me the wrong way. Let me buy a copy that is mine forever and leave me alone.
Honestly, I never thought about changing from Docker to Podman, but this POD creation is really catching my attention, I had some experience building sidecars for containers and is a PITA to test it locally with docker. Awesome content.
I used Podman last year at my then-employment. I see a lot of improvements. That is very much welcome. Nice app. A good replacement for Docker Desktop, which is what makes many companies not wanting to use Docker. Podman UI really is cleaner.
I’ve started to play around with Podman just to see what it’s like. I recently discovered that you can generate a Kubernetes v1 yaml file from an existing Podman pod or container. This is good because I can run my existing docker compose files on Podman to create the containers. I then use “podman kube generate” to build a Kubernetes yaml file from my existing container setup. Maybe my method is not very practical but to me it’s still pretty cool. 🙂
Awesome :D
This is great. It's just eat I need for a project I'm working on. Tnx
I wanted to get into containers, but could not risk installing docker desktop on my work pc due to any license consequenses. Really happy with podman! Can do everything i see people doing with docker.
Switched in April 23 when I moved to Fedora. Difference is it can be backup-ed and restored from tars and it needs dealing with effective user and group IDs and creating user session during system startup and there are some special commands to move files into and from volumes.
Thank you for pointing out this. I am pretty sure it helps the community! Best Regards!
I was going to switch to Podman, but then I was overtaken by a compatibility problem with the devcontainer in vscode, which is why the migration plans had to be postponed on my work PC. But among the newer solutions, I’m currently trying finch from AWS, which uses lima, nerdctl internally. I recommend you try it. Thank you for the video.
You said 'rootless' and I immediately got confused with the older use of that term from X-Windows. Thanks for the flashback! 🙂
:D
I admire what you do Christian. keep it up Lempa
Your head looks very smooth. Very nice.
Gae
Great video, thanks, I'm going to try podman tomorrow at work and see how it also fares at building and pushing docker images :)
Thank you so much :)
Finally. Been using some of your videos to implement with podman for the reasons you have mentioned. Never have had any issues with podman-compose btw. Keep up the superb work. Cheers.
Think I'll stick with Docker for now but pretty interested especially given the integration of docker-compose types of container deployments. Think i'll spin up a test VM and give Podman a try. Also.. Docker Scout video, Please and thank you!
Podman-compose is dead. Podman is 100% compatible with docker-compose. Been using it for a while now. Where I work, 95% of our servers are running RHEL. And podman is running in production without any issues. Start by enabling the podman socket:
systemctl enable --now podman.socket
Then export the following variable to make docker-compose communicate with podman instead of docker(put the export command in .bashrc or whichever shell you're using):
export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock
and that's it. You can use your regular compose files as usual with the docker-compose command.
thanks that's good feedback! :)
I’m made to switch from docker to Podman about a year ago, I issue have most of the time is a hard coded docker deamon socket in some projects, making a symlink + activating the podman socket will do the trick most of the time. Running podman rootless by default and managing containers as systemd services is a great features
Yep, the systemd feature is nice! I will have a look at it.
This is an excellent video! I’ve also been debating on trying Podman and I think this definitely helped. I will definitely be giving it a try for local container testing.
Glad it was helpful!
I like that podman can use quadlets, those are files under /etc/containers/systemd/ that look similar to compose. After systemctl daemon-reload, it will create a system service you can start and will auto start on the next reboot. Podman could always generate system services, but this way it regenerated with the latest systemd version and not onetime.
awesome! didn't know that
yea these things are awesome. My homeserver is solely based on quadlets(now called podman systemd units).
I just had the task to setup gohabor on Ubuntu and this was unstable under Docker (crash of containers after 1-2 days, usually during system updates). Then I noticed Ubuntu does not support the Quadlets of Podman because of the missing systemd-generate tool. You can generate the system services for systemd with catatonit but not from quadlets, at least I couldn't figure it out on 22.04 or 24.04. The tool podlet is really cool and lets you generate quadlet files from docker-compose or running containers.
I ended up using Podman-Compose on a slightly adjusted docker-compose.yml file and this runs more stable than under Docker.
Yes, I would definitely like to learn about Docker Scout.
Thanks for the demo and info, have a great day
Thanks! you too :)
Migrating from Docker to Podman is a headache! Especially if you use docker compose!
Where exactly?
Very focused on Desktop usage on Win and Mac.
Tried podman a while ago, hated it so much i stopped after 40h. Bad documentation, not everything was supported, problems with setting multiple ports.
I currently use Podman for all my containers. However, I found one things which is a tremendours headache with Podman: It doesn't play nice with NFS mounts. NFS assumes UIDs are synced between server and client, and the whole subuid things totally flies in the face of that. I just said "screw that" and just mounted my storage using iSCSI... but that comes with a whole set of new problems 😂
Exactly the same reason why I'm still using docker.
Podman is backed by Red Hat, and it also is known to step away from Kubernetes standards. Rancher Desktop is light years ahead, they support containerd instead of docker to be in line with Kubernetes baseline, it based on k3s/k3d, and somehow I trust SUSE more. And yes, it can also be a drop in replacement, and not just by way of mimicking Docker but actually using Docker CE with k3d instead of containerd/k3s for these who just develop apps and don’t care about 1:1 matching environment to real Kubernetes. And it comes with Compose and other plugins, yes.
OpenShift would be quite cool to see featured in a video, in particular it's open source version called OKD
I think I still need some time to understand openshift, but it would be nice, yes :D
OpenShift is a beast to setup, although it's constantly getting easier. It has a much harder day 1 experience than its competitors, but the day 2 operations of actually getting things deployed is much easier.
Of course there is always nerdctl as the CLI and Rancher Desk as the GUI. Nerdctl can be run either rootful, or rootless and does more then Podman or Docker as an interface to containerd.
Brother's you always provide good content for us thanks for such type of informative content...
thank you so much :)
1:47 In keeping with its mascot, PodMan has seal-eye tools. 🥁📀 (I'll show myself out.)
Pretty cool stuff. I’m currently reading through Podman documentation from Red Hat learning how to use it.
Nice!
Great video, now I would like to try Podman XD
You should! :)
I have one word. QUADLET. I've met the developer of Podman, and have attended a few of his seminars.
I'm curious about the terminal application you use, is it Mac Exclusive?
same question.
I've been using Jenkins running under Docker for a few years with Dind such the build tools (Like Java and Maven) themselves run as Docker containers. I've started using the Kubernetes Jenkins plugin so that those same containerized build tools are now running as Kubernetes pods. Well the problem is that in order to support multi-arch container builds I'm using the Jenkins Docker Pipeline plugin and docker buildx to build the multi-arch images and that seems problematic for running under Kubernetes. So now I'm working on using a containerized install of Podman which I'll be able to invoke as a Jenkins Inbound Agent to be able to do my multi-arch container builds as Kubernetes pods. Once all that is accomplished I'll end up moving Jenkins from Docker to Kubernetes.
the biggest upside to podman desktop over docker desktop is it's currently fully opensource and free use both at home and commercially where as docker desktop is no longer free for commercial uses. Where I say currently opensourse about podman given redhats recent actions I wouldn't be surprised if they monetised podman desktop. On a server level though docker is still ahead of podman due to it's swarm mode to allow for scaleable and high available clustering if you didn't want to run a k8s cluster on prem that is (still working on my employer with that 😀).
I'm not so interested in being fully open source or the licensing, TBH :/ The technical bits and pieces are, what makes it interesting for me.
one thing I don't much like about your videos is that you always focus on GUIs which is good for local development but not really important for real environments and real work where CLI commands are mostly used, that said, thanks for the introduction about podman I will definitely try it and read more about it.
Really? I always aim to balance GUI with CLI
@@christianlempa IDK but the last 4 notifications I received from your channel were all about GUI, GUI for ansible, GUI for managing containers,.....etc which doesn't pick my interest because I never use GUI for those kins of tasks even om my local laptop, maybe that's just me maybe other people are liking that, just wanted to share my thoughts
@@bashardlaleh2110 thanks! I appreciate your feedback, and you're right. I think GUIs are always nice for beginners and Homelab people, that's why you see a lot of engagement on these videos. But don't worry, it won't become a beginner channel only, I still have some stuff coming up for CLI and terminal lovers :)
using podman exclusively since 3 years. Running rootless just rocks on our prod servers but also locally on my laptop.
The company I work at recently dropped Docker because of the license issue and it’s been a pain in the ass. I’ll take a look at this
Cool, let me know how it goes
I'm still getting first-hand experience with containers. I'd like to learn to be proficient with Podman more than Docker, but I haven't been able to find a single homelab project I'd want to do whose guide for deploying a container was written for Podman, lol.
Where can one locate the VSCode extension that you're using to craft a Pod manifest? Love the video and I'll definitely give Podman a go.
4:36 For me lack of proper support of compose files was the only reason which stopped me from using podman some time ago. I don't like imperative docker, i like to use compose files much more, even for simple apps. When i tried podman it still had some issues with some yaml sections about resources limits and so on (don't remember exactly) and also with .override files. But it was few years ago, maybe it's time to give it another chance
I love podman for using kube files directly instead of docker-compose
That's neat!
for mac silicon user, I switched from Docker to Orbstack for better performance since it use rosetta instread on qemu
Docker has an option to use rosetta as well. You just need to enable it in the settings
13:15 are you having earthquake? :) Good video btw, thank you. That pod k8s functionality is what really made me consider trying podman.
lol, no it's because the camera is mounted to the desk, which is not ideal :D
Sorry, I know this is not relevant, but I’m captivated by your Terminal. What terminal are you using?
I switched from Docker to Orbstack, some grails tests (from the language groovy) running through a docker desktop it takes 3 minutes and running through orbstack it takes 1 minute
sounds also nice
many network issue on windows. 1. port redirct not registered in firewall so the port cannot be accessed from other device 2. cannot access port on parent so it is the best to deploy basic service like redis, mysql etc on podman
At 07:40 You've convinced me to transition :)
AFAIK, docker is also using namespace separation, main vulnerability is misconfiguration or providing excessive privileges for the container. I suppose the same happens in podman as well.
One key difference is Podman defaults to rootless with SELinux enabled, Docker defaults to rootful with SELinux disabled.
@@danielwalsh2363 Thanks, will take a closer look at Podman.
I've been interested in the security benefits of podman for a little while now, but I'm a bit worried about potential issues when trying to use podman to run a reverse proxy since you often see issues when you don't open ports 80 and 443 for them. I'd be curious to see a successful implementation of traefik in podman
Thank you.
You're welcome!d
so i should start learning podman as well?
Running a buch of docker containers on my servers, diden't hear about Podman before, gling to try it out.
I need compose files and IDE Integrations. Therefore, docker is still my preferred solution.
Ive been using podman instead of docker for a while now and its served its purpose excellently. The only annoyance i have wkth it is i csn't just set containers to restart: always and have them come up on the boot of the host. I know i can generate systemd files to do this or use quadlet to make simpler syatemd files but both of those require extra setup whereas under docker I could simply set the restart parameter and the containers would start on boot
If you set the restart policy on containers to always, then they should start automatically on boot. You might need to enable the restart services though.
/usr/lib/systemd/system/podman-restart.service
/usr/lib/systemd/user/podman-restart.service
@@danielwalsh2363 interesting. I had searched for how to do this and the only thing that came up was generating systemd unit files for every container which I didn't really want to do. I didn't know there was a restart service. I will have a look at that, thank you!
Podman binary seems to be updated only for redhat distribution. Other distro the version is quite old. Latest version of podman is 4.9 as of today.
openSUSE stays on top with their package updates. The current version as of today is the latest Podman stable release 5.0.1
I personally use Rancher desktop which also supports Kubernetes.
looks interesting, also
Are all problems with devcontainer from VSCode solved? Can you now use podman with devcontainers?
I don't understand why podman desktop isn't available as a webui like portainer
Podman is rhel product. Cockpit has full support for podman.
Unfortunately podman compose isn’t a replacement for docker compose and apparently not well maintained :( yes, it might support very very basic use cases, but if you have more than few lines of code in compose file most likely something won’t work (and good for you if you notice that because of an error, not silently ignoring fields from a file)
Unfortunately does of us who manage thousands of docker container applications cannot simply abandon docker when a new challenger comes along: and there will be many appearing in the next decade.
Try compatibility mode in Podman Desktop. Most of my docker commands and tools still work fine.
Do a video about Jobs, Cron Jobs, Daily Schedules the best softwares to use in a homelab with web panels
Good idea, let's find a way it's gonna be attracting to people on YT :D
I've been using podman for distrobox
Looking forward to a new series of Kubernetes video!!
My experience with Podman isn't as good as with Docker.
I feel like Podman is not fully finished, I have experienced some bugs with it.
What do you use to theme your terminal? I would love to achieve something similar on Linux. The separators between commands really work well with my brain.
Podman being daemonless can make some things more annoying.
You will have to create either cronjobs or systemd-timers to automatically start containers at boot, which Docker will do.
Also the Docker daemon is shared between users (which is probably why it's such a pain to do Docker rootless, though Docker can also do rootless containers AFAIK), Podman doesn't have such a synchronization.
This means, that every user will have to download or build their images anew, so if you switch between root (sudo) and your user, you may have to rebuild images more often than you thought.
And of course there's the gotchas you mentioned with ports etc, which can also make it painful to follow guides. I've also seen some subtle differences in how Podman build and Docker build interpret Docker images (such as the copy command, I beliefe the difference was how they treat directories with or without a following slash). Usually not to hard to work around, but difficult to spot, and can make it annoying if you want to distribute a containerfile to others that may have another engine, and are not super familiar with containers.
Why timers? A regular systemd unit works just fine to start containers at boot. Been doing that in SuSE's MicroOS for a while, works like a charm.
Was going to say, just use systemd units, or better yet the newer quadlets.
Unless something has changed recently, allowing access to the docker daemon is equivalent to root access (you can just run a privileged container and do whatever you want as root), so multiple users could just as well run podman with sudo to share images, or use the docker daemon emulation layer that provides a docker socket.
Most distros' podman package ships `podman-restart.service`. Enabling it is the easiest and laziest way to get your containers starting on boot.
If you want to do it "properly" though, use quadlets. You get all the benefits of a systemd-managed service with it too. Migrating is made easy thanks to the `podlet` project.
The developer urge to make new, faster, better, safer applications/frameworks instead of helping improving the existing ones
A very interesting argument, I will look up to podman in the near future.
Another question: what terminal are you currently using?
It's warp terminal
I made the swich like two years ago, start to use inmutable linux distros and they comes with Podmam by default, using distrobox also has been a game changer for me.
About the Portainer and Podman Desktop thinks, i really dont use any of them
Scout YES!❤
noted :D
No idea why, because the CLI is essentially the same, I find Podman easier to understand than Docker.
If you want to use a port lower that 1024 without running as root, then you can redirect traffic from a one port to another via a firewall rule.
Here is the example for iptables.
```sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -j REDIRECT --to-port 2121```
that's a nice trick! thanks for sharing :)
Yes, Docker Scout for SBOM please !!
It all come down to user choose or they can try two way while working on their projects. It nice to expand some skills.
true
many dev tools still prefer docker and just not work in podman, so i save the headache since to just using docker
I love the video , I'm trying to use docker in freebsd but it is not officially supported and podman fits well for me can you please make a video on how to migrate docker container to podman it would be really helpful to actually consider giving it a shot.
Thank you! :)
Been using pod man in prod since 2020.
If you run single containers as services - Podman is great. If you spin up applications as integrated services there is no better solution than docker compose
You can run docker-compose files in podman. I've been able to deploy stacks from portainer with podman. The compose files were originally designed for docker and most of them required no changes. The only change I had to make to some of them was point it at the podman sock instead of the docker sock
Hi Christian, thanks for great explanation. but, may i know how and what is the configuration of your terminal so the result are displayed on the bottom while the input is still in the top ? thanks
Warp
Podman doesn’t work with the :Z option on OSX which makes it incompatible with Ansible-navigator
There is a known issue that won’t be fixed. If you need Ansible on OSX then you need docker not podman
Docker must have SELinux disabled, you can disable SELinux separation for Podman as well, so you can use it. Please point to the issue you are talking about not working on OSX?
you can also alias docker to podman so you don't even have to remember to type podman
I'm not a big fan of this, but sure, it's also possible :)
The only thing preventing me from migrating to Podman is incompatibility with dev containers features.
I have a question about what security priority is appropriate for Linux vs Windows vs Mac OS
Good video as usual. 👌
Appreciate that
the compose is very bad in podman
Hmmmm. Lack of "compose" style files... that might be a deal killer for me.
but how do i seach for images in podman like i do in docker desktop .......
Interesting argument!
Little curiosity: were we can get that awesome Matrix animated wallpaper?
it's just "cmatrix" in the terminal :)
I would love to switch but podman networking still has some major issues - for me at least.
Please report these flaws? Have you tried Podman with the netavark back end?
@@danielwalsh2363The ticket(s) are open - they just don't seem considered high priority.
@@danielwalsh2363 netavark sounds interesting. You have experience with it? Would you run it in production?
I’m big fan of Podman, but haven’t found many tutorials on how to use it.
Actually, you can watch my docker tutorials and just replace docker with podman :D
I'll try if CasaOS makes a podman version. 😅
I did the reverse, I was using podman for a year or so but really never got into the advanced features due to having to fight with SELinux and stuff like that to get various software running and it was rootful anyway.
I know docker is a little bit less secure, though is there really a difference when comparing both used in root mode?
At the end of the day, a docker installation is just easier to maintain when there is a much bigger community around it
interesting!
Nice video! Realy made me doubt now. Maby i'll run it beside docker te test fisrst,
Docker is stil a bit difficult
Especially bindmount propagation. Can you do a indept video about that?
What the heck is docker skout. sounds like a nice addition!
Again thanks for sharing :)
Thanks :) You should look at my docker course, it's gonna teach you everything! Hope to get part 3 out in the next 2 months
I didn't finish the video and I have already uninstalled docker! Let's see how this goes
hope it goes fine :D
Hi there, this is a very good video for me. Help me to understand a lot about docker and podman. But I am very curious about the screensaver on your Mac. Could you tell us how to get one of that?
thanks :) it's just "cmatrix" in the terminal
i wonder why no one uses podman for supabase