I switched from Docker to Podman since few months, never looked back. Had some headaches to convert some containers but it is very reliable and compatible with kubernetes.
Do We require to recreate the existing containers from docker to podman while shifting from docker to podman? Or we have something to migrate to those containers?
@@sridharkumar9462Podman 100% supports OCI compatible containers, so if you didn't create your container with something very Docker specific it will conform to the open container format and is then supported by Podman. No migration needed.
I've been using Podman for years now. I really appreciate that its user namespaced and doesn't require a daemon to run. Thanks for covering it! Hope to see more tech youtubers dropping "Docker" when talking about containers and just referring to them as containers. Docker's not the only game in town.
What's so great about not having a daemon running ? There are hundreds of processes running on your machine at any given time, why bother about one more ?
Yes. Well, kindof. The thing is that the term container is a lot more used by other tools too, that are not compatible with Docker like containers (forgot the official name for them).
@@emptystuff1593 Because if the docker daemon crashes for whatever reason all the containers are going down with it. This is the same reason why updating docker is a pain. Podman doesn't have this type of single point of failure.
The big advantage Podman Desktop has over Docker Desktop is the licensing for enterprise use. PD is FOSS (Apache 2.0 license), where DD is only "free for small businesses (fewer than 250 employees AND less than $10 million in annual revenue), personal use, education, and non-commercial open source projects. Otherwise, it requires a paid subscription for professional use. Paid subscriptions are also required for government entities."
I have nothing against a company trying to make money off of their work, but the fact that it is a subscription-only really rubs me the wrong way. Let me buy a copy that is mine forever and leave me alone.
@@username7763I don't like monthly licenses either, HOWEVER their licensing terms are more than fair, let's be honest if your company is exceeding 10.000.000$ revenue there is no way the license price is gonna be the deal breaker
@@cristi41611 subscriptions are always subject to change. A reasonable subscription now turns to unreasonable or even unavailable in the future. This isn't theoretical, I've seen this happen a lot with subscriptions.
That is a bit of the finger to docker. I love that! Docker went the Oracle route, and tries to charge every corporation user with a docker desktop license. Portman looks super simple and never unterestimate the security aspect.
I used Podman last year at my then-employment. I see a lot of improvements. That is very much welcome. Nice app. A good replacement for Docker Desktop, which is what makes many companies not wanting to use Docker. Podman UI really is cleaner.
Switched in April 23 when I moved to Fedora. Difference is it can be backup-ed and restored from tars and it needs dealing with effective user and group IDs and creating user session during system startup and there are some special commands to move files into and from volumes.
I’ve started to play around with Podman just to see what it’s like. I recently discovered that you can generate a Kubernetes v1 yaml file from an existing Podman pod or container. This is good because I can run my existing docker compose files on Podman to create the containers. I then use “podman kube generate” to build a Kubernetes yaml file from my existing container setup. Maybe my method is not very practical but to me it’s still pretty cool. 🙂
Honestly, I never thought about changing from Docker to Podman, but this POD creation is really catching my attention, I had some experience building sidecars for containers and is a PITA to test it locally with docker. Awesome content.
I wanted to get into containers, but could not risk installing docker desktop on my work pc due to any license consequenses. Really happy with podman! Can do everything i see people doing with docker.
4:36 For me lack of proper support of compose files was the only reason which stopped me from using podman some time ago. I don't like imperative docker, i like to use compose files much more, even for simple apps. When i tried podman it still had some issues with some yaml sections about resources limits and so on (don't remember exactly) and also with .override files. But it was few years ago, maybe it's time to give it another chance
Podman is backed by Red Hat, and it also is known to step away from Kubernetes standards. Rancher Desktop is light years ahead, they support containerd instead of docker to be in line with Kubernetes baseline, it based on k3s/k3d, and somehow I trust SUSE more. And yes, it can also be a drop in replacement, and not just by way of mimicking Docker but actually using Docker CE with k3d instead of containerd/k3s for these who just develop apps and don’t care about 1:1 matching environment to real Kubernetes. And it comes with Compose and other plugins, yes.
Finally. Been using some of your videos to implement with podman for the reasons you have mentioned. Never have had any issues with podman-compose btw. Keep up the superb work. Cheers.
I’m made to switch from docker to Podman about a year ago, I issue have most of the time is a hard coded docker deamon socket in some projects, making a symlink + activating the podman socket will do the trick most of the time. Running podman rootless by default and managing containers as systemd services is a great features
This is an excellent video! I’ve also been debating on trying Podman and I think this definitely helped. I will definitely be giving it a try for local container testing.
I was going to switch to Podman, but then I was overtaken by a compatibility problem with the devcontainer in vscode, which is why the migration plans had to be postponed on my work PC. But among the newer solutions, I’m currently trying finch from AWS, which uses lima, nerdctl internally. I recommend you try it. Thank you for the video.
Think I'll stick with Docker for now but pretty interested especially given the integration of docker-compose types of container deployments. Think i'll spin up a test VM and give Podman a try. Also.. Docker Scout video, Please and thank you!
Podman-compose is dead. Podman is 100% compatible with docker-compose. Been using it for a while now. Where I work, 95% of our servers are running RHEL. And podman is running in production without any issues. Start by enabling the podman socket: systemctl enable --now podman.socket Then export the following variable to make docker-compose communicate with podman instead of docker(put the export command in .bashrc or whichever shell you're using): export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock and that's it. You can use your regular compose files as usual with the docker-compose command.
I like that podman can use quadlets, those are files under /etc/containers/systemd/ that look similar to compose. After systemctl daemon-reload, it will create a system service you can start and will auto start on the next reboot. Podman could always generate system services, but this way it regenerated with the latest systemd version and not onetime.
I just had the task to setup gohabor on Ubuntu and this was unstable under Docker (crash of containers after 1-2 days, usually during system updates). Then I noticed Ubuntu does not support the Quadlets of Podman because of the missing systemd-generate tool. You can generate the system services for systemd with catatonit but not from quadlets, at least I couldn't figure it out on 22.04 or 24.04. The tool podlet is really cool and lets you generate quadlet files from docker-compose or running containers. I ended up using Podman-Compose on a slightly adjusted docker-compose.yml file and this runs more stable than under Docker.
I currently use Podman for all my containers. However, I found one things which is a tremendours headache with Podman: It doesn't play nice with NFS mounts. NFS assumes UIDs are synced between server and client, and the whole subuid things totally flies in the face of that. I just said "screw that" and just mounted my storage using iSCSI... but that comes with a whole set of new problems 😂
I've been using Jenkins running under Docker for a few years with Dind such the build tools (Like Java and Maven) themselves run as Docker containers. I've started using the Kubernetes Jenkins plugin so that those same containerized build tools are now running as Kubernetes pods. Well the problem is that in order to support multi-arch container builds I'm using the Jenkins Docker Pipeline plugin and docker buildx to build the multi-arch images and that seems problematic for running under Kubernetes. So now I'm working on using a containerized install of Podman which I'll be able to invoke as a Jenkins Inbound Agent to be able to do my multi-arch container builds as Kubernetes pods. Once all that is accomplished I'll end up moving Jenkins from Docker to Kubernetes.
Of course there is always nerdctl as the CLI and Rancher Desk as the GUI. Nerdctl can be run either rootful, or rootless and does more then Podman or Docker as an interface to containerd.
What do you use to theme your terminal? I would love to achieve something similar on Linux. The separators between commands really work well with my brain.
I just spent some time messing around with podman, and while I do really like it, my one issue as a somewhat inexperienced user is how hard it is to essentially edit containers. I did figure out a way to do and it does with fine, but it doesn’t feel very elegant to me. In an ideal world I just set it up right the first time, but let’s be honest when I’m trying to learn tools like traefik or authentik, there’s no way I’ll be able to do that 😅 So at least for right now, docker is the way to go for me, but since I do love a lot of things about how podman does things, I’m very likely to reevaluate in a year or so
many network issue on windows. 1. port redirct not registered in firewall so the port cannot be accessed from other device 2. cannot access port on parent so it is the best to deploy basic service like redis, mysql etc on podman
Hi Christian, thanks for great explanation. but, may i know how and what is the configuration of your terminal so the result are displayed on the bottom while the input is still in the top ? thanks
I've been interested in the security benefits of podman for a little while now, but I'm a bit worried about potential issues when trying to use podman to run a reverse proxy since you often see issues when you don't open ports 80 and 443 for them. I'd be curious to see a successful implementation of traefik in podman
I switched from Docker to Orbstack, some grails tests (from the language groovy) running through a docker desktop it takes 3 minutes and running through orbstack it takes 1 minute
With docker desktop I need to be logged in to run my containers in Windows. With podman will it run more like service so I can reboot and expect pods to run straight away?
the biggest upside to podman desktop over docker desktop is it's currently fully opensource and free use both at home and commercially where as docker desktop is no longer free for commercial uses. Where I say currently opensourse about podman given redhats recent actions I wouldn't be surprised if they monetised podman desktop. On a server level though docker is still ahead of podman due to it's swarm mode to allow for scaleable and high available clustering if you didn't want to run a k8s cluster on prem that is (still working on my employer with that 😀).
Ive been using podman instead of docker for a while now and its served its purpose excellently. The only annoyance i have wkth it is i csn't just set containers to restart: always and have them come up on the boot of the host. I know i can generate systemd files to do this or use quadlet to make simpler syatemd files but both of those require extra setup whereas under docker I could simply set the restart parameter and the containers would start on boot
If you set the restart policy on containers to always, then they should start automatically on boot. You might need to enable the restart services though. /usr/lib/systemd/system/podman-restart.service /usr/lib/systemd/user/podman-restart.service
@@danielwalsh2363 interesting. I had searched for how to do this and the only thing that came up was generating systemd unit files for every container which I didn't really want to do. I didn't know there was a restart service. I will have a look at that, thank you!
OpenShift is a beast to setup, although it's constantly getting easier. It has a much harder day 1 experience than its competitors, but the day 2 operations of actually getting things deployed is much easier.
I made the swich like two years ago, start to use inmutable linux distros and they comes with Podmam by default, using distrobox also has been a game changer for me. About the Portainer and Podman Desktop thinks, i really dont use any of them
Pardon my ignorance, but what is the terminal app, shell, or config doing the isolated input and output 'frames'? And the gravy that is the IDE-like browsing of the command history.
Unfortunately podman compose isn’t a replacement for docker compose and apparently not well maintained :( yes, it might support very very basic use cases, but if you have more than few lines of code in compose file most likely something won’t work (and good for you if you notice that because of an error, not silently ignoring fields from a file)
AFAIK, docker is also using namespace separation, main vulnerability is misconfiguration or providing excessive privileges for the container. I suppose the same happens in podman as well.
as macos user, switched from docker desktop to podman (with podman desktop) AND lima-vm to keep docker itself via full controlled virtual machine mostly i use podman, but in that 1% cases which may cause an issues i still use docker, so my `docker context ls` has 3 of them: default (/var/run/docker.sock), limactl ($LIMA_HOME/../docker.sock) and podman($XDG_DATA_HOME/containers/…/podman.sock - that’s a really important for me to be able to manage all dotfiles of my tooling and, (i’m a bit proud of this) a couple months ago i became a contributor to podman-desktop cause i really like how it’s evolving and wanna make it better
I looked at podman last year... I was intrigued by the rootless/serverless running, but was stopped by the inability to use low-numbered ports. How do you set up a webserver or email server?
Port forwarding, a reverse proxy, or just running podman as root. You can also change system settings to allow non-root access to these ports (in sysctl, net.ipv4.ip_unprivileged_port_start)
there are two solutions to this problem, you run a firewall/gateway in front of it that exposes web and mail ports and proxies it to the app server or you can run it in root mode, choice is yours :D
I did the reverse, I was using podman for a year or so but really never got into the advanced features due to having to fight with SELinux and stuff like that to get various software running and it was rootful anyway. I know docker is a little bit less secure, though is there really a difference when comparing both used in root mode? At the end of the day, a docker installation is just easier to maintain when there is a much bigger community around it
Does PodMan offer NVIDIA CUDA support via WSL2? I am currently using Windows Docker Desktop via WSL2 to run multiple containers to execute CUDA applications (Whisper + Piper + Llama2)
I still need Docker 😢. I tried podman then use some image of bitnami, then I have to change ownership but podman cannot resolve as Docker, I always get permission denied :”(
Does anyone know which extension for VSCode Christian uses to help write Kubernetes configs? The one I'm currently using is not great and what I saw here looked promising
Hi there, this is a very good video for me. Help me to understand a lot about docker and podman. But I am very curious about the screensaver on your Mac. Could you tell us how to get one of that?
Hi Christian, are you running on an Apple Silicon machine? If so what steps did you take to get it installed? I've tried repeatedly to get it working on an Apple Mac Mini M1, but each time it is crashing because the `podman machine init` step insists on grabbing the x86_64 version of the VM rather than the aarch64 version.
@@christianlempa Thanks for the reply! Turns out I downloaded the Intel version of the CLI by mistake. I saw that the web page showed the Desktop app as a Universal app, and I assumed that applied to the CLI as well. In the words of a wise man, Doh! 😉
Podman supports the concept of connections over ssh, if you configure `podman system connection` to point at a remote server, you should be able to get Podman desktop to work with the remote server I believe. podman (--remote) at the CLI works fine with remote podman services over ssh.
I wonder if podman can use the HyperKit or vz or whatever it's called on MacOS 13+ and perhaps Hyper-V on Windows? I currently am using colima on MacOS M1 Max (MacOS 14) and it works like a charm. Also as a software engineer, I am always thrilled to try features if I need them - certainly not in a commercial project I develop for on my day-job, but certainly in private. I might replace docker with podman on my custom NAS at home.
Podman supports native virtualization on Mac and Hyper-V on Windows. Will switch to default to Native Virt on Mac in Podman 5.0, currently it defaults to QEMU on Mac. 5.0 is due to be released end of February
one thing I don't much like about your videos is that you always focus on GUIs which is good for local development but not really important for real environments and real work where CLI commands are mostly used, that said, thanks for the introduction about podman I will definitely try it and read more about it.
@@christianlempa IDK but the last 4 notifications I received from your channel were all about GUI, GUI for ansible, GUI for managing containers,.....etc which doesn't pick my interest because I never use GUI for those kins of tasks even om my local laptop, maybe that's just me maybe other people are liking that, just wanted to share my thoughts
@@bashardlaleh2110 thanks! I appreciate your feedback, and you're right. I think GUIs are always nice for beginners and Homelab people, that's why you see a lot of engagement on these videos. But don't worry, it won't become a beginner channel only, I still have some stuff coming up for CLI and terminal lovers :)
I love the video , I'm trying to use docker in freebsd but it is not officially supported and podman fits well for me can you please make a video on how to migrate docker container to podman it would be really helpful to actually consider giving it a shot.
Podman doesn’t work with the :Z option on OSX which makes it incompatible with Ansible-navigator There is a known issue that won’t be fixed. If you need Ansible on OSX then you need docker not podman
Docker must have SELinux disabled, you can disable SELinux separation for Podman as well, so you can use it. Please point to the issue you are talking about not working on OSX?
Podman being daemonless can make some things more annoying. You will have to create either cronjobs or systemd-timers to automatically start containers at boot, which Docker will do. Also the Docker daemon is shared between users (which is probably why it's such a pain to do Docker rootless, though Docker can also do rootless containers AFAIK), Podman doesn't have such a synchronization. This means, that every user will have to download or build their images anew, so if you switch between root (sudo) and your user, you may have to rebuild images more often than you thought. And of course there's the gotchas you mentioned with ports etc, which can also make it painful to follow guides. I've also seen some subtle differences in how Podman build and Docker build interpret Docker images (such as the copy command, I beliefe the difference was how they treat directories with or without a following slash). Usually not to hard to work around, but difficult to spot, and can make it annoying if you want to distribute a containerfile to others that may have another engine, and are not super familiar with containers.
Unless something has changed recently, allowing access to the docker daemon is equivalent to root access (you can just run a privileged container and do whatever you want as root), so multiple users could just as well run podman with sudo to share images, or use the docker daemon emulation layer that provides a docker socket.
Most distros' podman package ships `podman-restart.service`. Enabling it is the easiest and laziest way to get your containers starting on boot. If you want to do it "properly" though, use quadlets. You get all the benefits of a systemd-managed service with it too. Migrating is made easy thanks to the `podlet` project.
I'm still getting first-hand experience with containers. I'd like to learn to be proficient with Podman more than Docker, but I haven't been able to find a single homelab project I'd want to do whose guide for deploying a container was written for Podman, lol.
Idk how you’re getting on now but you could just try simple Docker ones and replace with podman command… you may experience some problems, but doing so will teach you about containers and podman
I switched from Docker to Podman since few months, never looked back. Had some headaches to convert some containers but it is very reliable and compatible with kubernetes.
cool, I might try it too :)
What orchestration tool do you use?
Do We require to recreate the existing containers from docker to podman while shifting from docker to podman? Or we have something to migrate to those containers?
@@sridharkumar9462 you can recreate them keeping the config folder.
@@sridharkumar9462Podman 100% supports OCI compatible containers, so if you didn't create your container with something very Docker specific it will conform to the open container format and is then supported by Podman. No migration needed.
I've been using Podman for years now. I really appreciate that its user namespaced and doesn't require a daemon to run. Thanks for covering it! Hope to see more tech youtubers dropping "Docker" when talking about containers and just referring to them as containers. Docker's not the only game in town.
Sounds awesome! Yeah, maybe I should do more topics around podman :)
What's so great about not having a daemon running ? There are hundreds of processes running on your machine at any given time, why bother about one more ?
because they actually only used Docker...
Yes. Well, kindof. The thing is that the term container is a lot more used by other tools too, that are not compatible with Docker like containers (forgot the official name for them).
@@emptystuff1593 Because if the docker daemon crashes for whatever reason all the containers are going down with it. This is the same reason why updating docker is a pain. Podman doesn't have this type of single point of failure.
Switched to Podman 2 years ago now, never looked back! Thanks for the video.
Sounds awesome! :)
The big advantage Podman Desktop has over Docker Desktop is the licensing for enterprise use. PD is FOSS (Apache 2.0 license), where DD is only "free for small businesses (fewer than 250 employees AND less than $10 million in annual revenue), personal use, education, and non-commercial open source projects. Otherwise, it requires a paid subscription for professional use. Paid subscriptions are also required for government entities."
I have nothing against a company trying to make money off of their work, but the fact that it is a subscription-only really rubs me the wrong way. Let me buy a copy that is mine forever and leave me alone.
@@username7763I don't like monthly licenses either, HOWEVER their licensing terms are more than fair, let's be honest if your company is exceeding 10.000.000$ revenue there is no way the license price is gonna be the deal breaker
@@cristi41611 subscriptions are always subject to change. A reasonable subscription now turns to unreasonable or even unavailable in the future. This isn't theoretical, I've seen this happen a lot with subscriptions.
That is a bit of the finger to docker. I love that! Docker went the Oracle route, and tries to charge every corporation user with a docker desktop license. Portman looks super simple and never unterestimate the security aspect.
Podman is originally developed by Red Hat, and we all know what happened to the Red Hat drama.
Ups...that was a strong argument to stay away from this project? @@_vr
@@_vr that it was overblown and mostly FUD?
and Redhat went the corporate route as well
@@_vr what drama??
I used Podman last year at my then-employment. I see a lot of improvements. That is very much welcome. Nice app. A good replacement for Docker Desktop, which is what makes many companies not wanting to use Docker. Podman UI really is cleaner.
Switched in April 23 when I moved to Fedora. Difference is it can be backup-ed and restored from tars and it needs dealing with effective user and group IDs and creating user session during system startup and there are some special commands to move files into and from volumes.
I’ve started to play around with Podman just to see what it’s like. I recently discovered that you can generate a Kubernetes v1 yaml file from an existing Podman pod or container. This is good because I can run my existing docker compose files on Podman to create the containers. I then use “podman kube generate” to build a Kubernetes yaml file from my existing container setup. Maybe my method is not very practical but to me it’s still pretty cool. 🙂
Awesome :D
This is great. It's just eat I need for a project I'm working on. Tnx
Honestly, I never thought about changing from Docker to Podman, but this POD creation is really catching my attention, I had some experience building sidecars for containers and is a PITA to test it locally with docker. Awesome content.
I wanted to get into containers, but could not risk installing docker desktop on my work pc due to any license consequenses. Really happy with podman! Can do everything i see people doing with docker.
4:36 For me lack of proper support of compose files was the only reason which stopped me from using podman some time ago. I don't like imperative docker, i like to use compose files much more, even for simple apps. When i tried podman it still had some issues with some yaml sections about resources limits and so on (don't remember exactly) and also with .override files. But it was few years ago, maybe it's time to give it another chance
Podman is backed by Red Hat, and it also is known to step away from Kubernetes standards. Rancher Desktop is light years ahead, they support containerd instead of docker to be in line with Kubernetes baseline, it based on k3s/k3d, and somehow I trust SUSE more. And yes, it can also be a drop in replacement, and not just by way of mimicking Docker but actually using Docker CE with k3d instead of containerd/k3s for these who just develop apps and don’t care about 1:1 matching environment to real Kubernetes. And it comes with Compose and other plugins, yes.
Finally. Been using some of your videos to implement with podman for the reasons you have mentioned. Never have had any issues with podman-compose btw. Keep up the superb work. Cheers.
I’m made to switch from docker to Podman about a year ago, I issue have most of the time is a hard coded docker deamon socket in some projects, making a symlink + activating the podman socket will do the trick most of the time. Running podman rootless by default and managing containers as systemd services is a great features
Yep, the systemd feature is nice! I will have a look at it.
This is an excellent video! I’ve also been debating on trying Podman and I think this definitely helped. I will definitely be giving it a try for local container testing.
Glad it was helpful!
I was going to switch to Podman, but then I was overtaken by a compatibility problem with the devcontainer in vscode, which is why the migration plans had to be postponed on my work PC. But among the newer solutions, I’m currently trying finch from AWS, which uses lima, nerdctl internally. I recommend you try it. Thank you for the video.
Great video, thanks, I'm going to try podman tomorrow at work and see how it also fares at building and pushing docker images :)
Thank you so much :)
Think I'll stick with Docker for now but pretty interested especially given the integration of docker-compose types of container deployments. Think i'll spin up a test VM and give Podman a try. Also.. Docker Scout video, Please and thank you!
Podman-compose is dead. Podman is 100% compatible with docker-compose. Been using it for a while now. Where I work, 95% of our servers are running RHEL. And podman is running in production without any issues. Start by enabling the podman socket:
systemctl enable --now podman.socket
Then export the following variable to make docker-compose communicate with podman instead of docker(put the export command in .bashrc or whichever shell you're using):
export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock
and that's it. You can use your regular compose files as usual with the docker-compose command.
thanks that's good feedback! :)
I'm curious about the terminal application you use, is it Mac Exclusive?
same question.
Thank you for pointing out this. I am pretty sure it helps the community! Best Regards!
Tried podman a while ago, hated it so much i stopped after 40h. Bad documentation, not everything was supported, problems with setting multiple ports.
I like that podman can use quadlets, those are files under /etc/containers/systemd/ that look similar to compose. After systemctl daemon-reload, it will create a system service you can start and will auto start on the next reboot. Podman could always generate system services, but this way it regenerated with the latest systemd version and not onetime.
awesome! didn't know that
yea these things are awesome. My homeserver is solely based on quadlets(now called podman systemd units).
I just had the task to setup gohabor on Ubuntu and this was unstable under Docker (crash of containers after 1-2 days, usually during system updates). Then I noticed Ubuntu does not support the Quadlets of Podman because of the missing systemd-generate tool. You can generate the system services for systemd with catatonit but not from quadlets, at least I couldn't figure it out on 22.04 or 24.04. The tool podlet is really cool and lets you generate quadlet files from docker-compose or running containers.
I ended up using Podman-Compose on a slightly adjusted docker-compose.yml file and this runs more stable than under Docker.
I currently use Podman for all my containers. However, I found one things which is a tremendours headache with Podman: It doesn't play nice with NFS mounts. NFS assumes UIDs are synced between server and client, and the whole subuid things totally flies in the face of that. I just said "screw that" and just mounted my storage using iSCSI... but that comes with a whole set of new problems 😂
Exactly the same reason why I'm still using docker.
Excellent video, beneficial content! I Love Podman, but I haven't used the UI Podman desktop yet, but I definitely will!
Great to hear!
I admire what you do Christian. keep it up Lempa
I've been using Jenkins running under Docker for a few years with Dind such the build tools (Like Java and Maven) themselves run as Docker containers. I've started using the Kubernetes Jenkins plugin so that those same containerized build tools are now running as Kubernetes pods. Well the problem is that in order to support multi-arch container builds I'm using the Jenkins Docker Pipeline plugin and docker buildx to build the multi-arch images and that seems problematic for running under Kubernetes. So now I'm working on using a containerized install of Podman which I'll be able to invoke as a Jenkins Inbound Agent to be able to do my multi-arch container builds as Kubernetes pods. Once all that is accomplished I'll end up moving Jenkins from Docker to Kubernetes.
Thanks for the demo and info, have a great day
Thanks! you too :)
Are all problems with devcontainer from VSCode solved? Can you now use podman with devcontainers?
You said 'rootless' and I immediately got confused with the older use of that term from X-Windows. Thanks for the flashback! 🙂
:D
Of course there is always nerdctl as the CLI and Rancher Desk as the GUI. Nerdctl can be run either rootful, or rootless and does more then Podman or Docker as an interface to containerd.
What auto complete tool were you using in VSCode at 10:30?
It's GitHub Copilot
1:47 In keeping with its mascot, PodMan has seal-eye tools. 🥁📀 (I'll show myself out.)
Very focused on Desktop usage on Win and Mac.
Your head looks very smooth. Very nice.
Gae
Lmao whatttt
13:15 are you having earthquake? :) Good video btw, thank you. That pod k8s functionality is what really made me consider trying podman.
lol, no it's because the camera is mounted to the desk, which is not ideal :D
What do you use to theme your terminal? I would love to achieve something similar on Linux. The separators between commands really work well with my brain.
I just spent some time messing around with podman, and while I do really like it, my one issue as a somewhat inexperienced user is how hard it is to essentially edit containers. I did figure out a way to do and it does with fine, but it doesn’t feel very elegant to me. In an ideal world I just set it up right the first time, but let’s be honest when I’m trying to learn tools like traefik or authentik, there’s no way I’ll be able to do that 😅
So at least for right now, docker is the way to go for me, but since I do love a lot of things about how podman does things, I’m very likely to reevaluate in a year or so
many network issue on windows. 1. port redirct not registered in firewall so the port cannot be accessed from other device 2. cannot access port on parent so it is the best to deploy basic service like redis, mysql etc on podman
Still only tinkering. I have several LXCs running on Proxmox. From what I am hearing and seeing, will probably go with podman.
Hi Christian, thanks for great explanation. but, may i know how and what is the configuration of your terminal so the result are displayed on the bottom while the input is still in the top ? thanks
Warp
Brother's you always provide good content for us thanks for such type of informative content...
thank you so much :)
I've been interested in the security benefits of podman for a little while now, but I'm a bit worried about potential issues when trying to use podman to run a reverse proxy since you often see issues when you don't open ports 80 and 443 for them. I'd be curious to see a successful implementation of traefik in podman
Where can one locate the VSCode extension that you're using to craft a Pod manifest? Love the video and I'll definitely give Podman a go.
I switched from Docker to Orbstack, some grails tests (from the language groovy) running through a docker desktop it takes 3 minutes and running through orbstack it takes 1 minute
sounds also nice
Podman binary seems to be updated only for redhat distribution. Other distro the version is quite old. Latest version of podman is 4.9 as of today.
openSUSE stays on top with their package updates. The current version as of today is the latest Podman stable release 5.0.1
Does it run compose and does it properly parse yaml (unlike docker compose)?
What reverse proxy do you recommend for Podman containers? It looks like Traefik is not compatible...
Traefik should be compatible
I don't understand why podman desktop isn't available as a webui like portainer
Podman is rhel product. Cockpit has full support for podman.
With docker desktop I need to be logged in to run my containers in Windows. With podman will it run more like service so I can reboot and expect pods to run straight away?
the biggest upside to podman desktop over docker desktop is it's currently fully opensource and free use both at home and commercially where as docker desktop is no longer free for commercial uses. Where I say currently opensourse about podman given redhats recent actions I wouldn't be surprised if they monetised podman desktop. On a server level though docker is still ahead of podman due to it's swarm mode to allow for scaleable and high available clustering if you didn't want to run a k8s cluster on prem that is (still working on my employer with that 😀).
I'm not so interested in being fully open source or the licensing, TBH :/ The technical bits and pieces are, what makes it interesting for me.
so i should start learning podman as well?
Ive been using podman instead of docker for a while now and its served its purpose excellently. The only annoyance i have wkth it is i csn't just set containers to restart: always and have them come up on the boot of the host. I know i can generate systemd files to do this or use quadlet to make simpler syatemd files but both of those require extra setup whereas under docker I could simply set the restart parameter and the containers would start on boot
If you set the restart policy on containers to always, then they should start automatically on boot. You might need to enable the restart services though.
/usr/lib/systemd/system/podman-restart.service
/usr/lib/systemd/user/podman-restart.service
@@danielwalsh2363 interesting. I had searched for how to do this and the only thing that came up was generating systemd unit files for every container which I didn't really want to do. I didn't know there was a restart service. I will have a look at that, thank you!
OpenShift would be quite cool to see featured in a video, in particular it's open source version called OKD
I think I still need some time to understand openshift, but it would be nice, yes :D
OpenShift is a beast to setup, although it's constantly getting easier. It has a much harder day 1 experience than its competitors, but the day 2 operations of actually getting things deployed is much easier.
I have a question about what security priority is appropriate for Linux vs Windows vs Mac OS
but how do i seach for images in podman like i do in docker desktop .......
I made the swich like two years ago, start to use inmutable linux distros and they comes with Podmam by default, using distrobox also has been a game changer for me.
About the Portainer and Podman Desktop thinks, i really dont use any of them
Pardon my ignorance, but what is the terminal app, shell, or config doing the isolated input and output 'frames'? And the gravy that is the IDE-like browsing of the command history.
it's called warp! new video is in the works :)
Can podman use the Docker Images in The Docker hub?
My experience with Podman isn't as good as with Docker.
I feel like Podman is not fully finished, I have experienced some bugs with it.
00:27 on windows or mac ***shows ubuntu terminal*** 😅
🤣
for mac silicon user, I switched from Docker to Orbstack for better performance since it use rosetta instread on qemu
Docker has an option to use rosetta as well. You just need to enable it in the settings
Unfortunately podman compose isn’t a replacement for docker compose and apparently not well maintained :( yes, it might support very very basic use cases, but if you have more than few lines of code in compose file most likely something won’t work (and good for you if you notice that because of an error, not silently ignoring fields from a file)
AFAIK, docker is also using namespace separation, main vulnerability is misconfiguration or providing excessive privileges for the container. I suppose the same happens in podman as well.
One key difference is Podman defaults to rootless with SELinux enabled, Docker defaults to rootful with SELinux disabled.
@@danielwalsh2363 Thanks, will take a closer look at Podman.
using podman exclusively since 3 years. Running rootless just rocks on our prod servers but also locally on my laptop.
We use Ubuntu at work and the only issue I have with podman right now is Ubuntu is stuck on Podman version 3.4.4.
Yeah, Ubuntu doesn't seem to be the best distro for running Podman, it's clearly the favorite in the RHEL space (because it's created by RHEL devs :D)
as macos user, switched from docker desktop to podman (with podman desktop) AND lima-vm to keep docker itself via full controlled virtual machine
mostly i use podman, but in that 1% cases which may cause an issues i still use docker, so my `docker context ls` has 3 of them: default (/var/run/docker.sock), limactl ($LIMA_HOME/../docker.sock) and podman($XDG_DATA_HOME/containers/…/podman.sock - that’s a really important for me to be able to manage all dotfiles of my tooling
and, (i’m a bit proud of this) a couple months ago i became a contributor to podman-desktop cause i really like how it’s evolving and wanna make it better
I looked at podman last year... I was intrigued by the rootless/serverless running, but was stopped by the inability to use low-numbered ports. How do you set up a webserver or email server?
use high numbered ports
Port forwarding, a reverse proxy, or just running podman as root. You can also change system settings to allow non-root access to these ports (in sysctl, net.ipv4.ip_unprivileged_port_start)
I ran podman in my homelab and added the line in sysctl to allow podman to use low numbered ports. Works well!
there are two solutions to this problem, you run a firewall/gateway in front of it that exposes web and mail ports and proxies it to the app server
or you can run it in root mode, choice is yours :D
I did the reverse, I was using podman for a year or so but really never got into the advanced features due to having to fight with SELinux and stuff like that to get various software running and it was rootful anyway.
I know docker is a little bit less secure, though is there really a difference when comparing both used in root mode?
At the end of the day, a docker installation is just easier to maintain when there is a much bigger community around it
interesting!
Does PodMan offer NVIDIA CUDA support via WSL2?
I am currently using Windows Docker Desktop via WSL2 to run multiple containers to execute CUDA applications (Whisper + Piper + Llama2)
No idea :/ haven't tested it
@@christianlempa GPU (CUDA) support is great on WSL, but difficult to setup.
I still need Docker 😢. I tried podman then use some image of bitnami, then I have to change ownership but podman cannot resolve as Docker, I always get permission denied :”(
Pretty cool stuff. I’m currently reading through Podman documentation from Red Hat learning how to use it.
Nice!
Does anyone know which extension for VSCode Christian uses to help write Kubernetes configs? The one I'm currently using is not great and what I saw here looked promising
If you're talking about the auto-complete/suggestions, that's just Copilot.
Yes, I would definitely like to learn about Docker Scout.
Hi there, this is a very good video for me. Help me to understand a lot about docker and podman. But I am very curious about the screensaver on your Mac. Could you tell us how to get one of that?
thanks :) it's just "cmatrix" in the terminal
The company I work at recently dropped Docker because of the license issue and it’s been a pain in the ass. I’ll take a look at this
Cool, let me know how it goes
Security question about pod: why would I share the network ressources between my server and the db ????
When the server needs to connect to the db
Great video, now I would like to try Podman XD
You should! :)
Can I just easily use the Nextcloud docker image with Podman?
sure
Hi, thanks for the video - what editor are you using to create the yml-file?
it looks like vscode to me, but most IDE's have some kind of yaml syntax highlighting
Vscode
Thanks ! And how did you enable the autocompletion when you type in your code is vscode ?
Hi Christian, are you running on an Apple Silicon machine? If so what steps did you take to get it installed? I've tried repeatedly to get it working on an Apple Mac Mini M1, but each time it is crashing because the `podman machine init` step insists on grabbing the x86_64 version of the VM rather than the aarch64 version.
Maybe try to contact support, it worked on my machine
@@christianlempa Thanks for the reply! Turns out I downloaded the Intel version of the CLI by mistake. I saw that the web page showed the Desktop app as a Universal app, and I assumed that applied to the CLI as well. In the words of a wise man, Doh! 😉
@@carlcaulkett3050 ahhh, glad you solved it ;)
Hey Christian, thanks. i run pod,an on a headless rhel server currently. Do you know if podman desktop can connect to a remote server?
I don't think so, but on a server you have plenty of options to manage it, with cli, automated or using a web ui
Podman supports the concept of connections over ssh, if you configure `podman system connection` to point at a remote server, you should be able to get Podman desktop to work with the remote server I believe. podman (--remote) at the CLI works fine with remote podman services over ssh.
A very interesting argument, I will look up to podman in the near future.
Another question: what terminal are you currently using?
It's warp terminal
It all come down to user choose or they can try two way while working on their projects. It nice to expand some skills.
true
I wonder if podman can use the HyperKit or vz or whatever it's called on MacOS 13+ and perhaps Hyper-V on Windows? I currently am using colima on MacOS M1 Max (MacOS 14) and it works like a charm.
Also as a software engineer, I am always thrilled to try features if I need them - certainly not in a commercial project I develop for on my day-job, but certainly in private.
I might replace docker with podman on my custom NAS at home.
Podman supports native virtualization on Mac and Hyper-V on Windows. Will switch to default to Native Virt on Mac in Podman 5.0, currently it defaults to QEMU on Mac. 5.0 is due to be released end of February
one thing I don't much like about your videos is that you always focus on GUIs which is good for local development but not really important for real environments and real work where CLI commands are mostly used, that said, thanks for the introduction about podman I will definitely try it and read more about it.
Really? I always aim to balance GUI with CLI
@@christianlempa IDK but the last 4 notifications I received from your channel were all about GUI, GUI for ansible, GUI for managing containers,.....etc which doesn't pick my interest because I never use GUI for those kins of tasks even om my local laptop, maybe that's just me maybe other people are liking that, just wanted to share my thoughts
@@bashardlaleh2110 thanks! I appreciate your feedback, and you're right. I think GUIs are always nice for beginners and Homelab people, that's why you see a lot of engagement on these videos. But don't worry, it won't become a beginner channel only, I still have some stuff coming up for CLI and terminal lovers :)
I love the video , I'm trying to use docker in freebsd but it is not officially supported and podman fits well for me can you please make a video on how to migrate docker container to podman it would be really helpful to actually consider giving it a shot.
Thank you! :)
Migrating from Docker to Podman is a headache! Especially if you use docker compose!
Where exactly?
For straightforward containers it really is a drop-in replacement… I’ve had no problems at all on macOS
@@jimmahgee podman compose does not function similarly to docker compose.
@@Robert65536 podman compose does not function like docker compose.
@@bluecement You already implied that
Podman doesn’t work with the :Z option on OSX which makes it incompatible with Ansible-navigator
There is a known issue that won’t be fixed. If you need Ansible on OSX then you need docker not podman
Docker must have SELinux disabled, you can disable SELinux separation for Podman as well, so you can use it. Please point to the issue you are talking about not working on OSX?
Sorry, I know this is not relevant, but I’m captivated by your Terminal. What terminal are you using?
Thanks :D Look out for my videos about "Warp Terminal"
Interesting argument!
Little curiosity: were we can get that awesome Matrix animated wallpaper?
it's just "cmatrix" in the terminal :)
Are all images 100% compatible between docker and podman?
Yes! All container images are part of the OCI standard
I need to know how you got that Matrix wallpaper
It's just a cmatrix in the terminal :)
Podman being daemonless can make some things more annoying.
You will have to create either cronjobs or systemd-timers to automatically start containers at boot, which Docker will do.
Also the Docker daemon is shared between users (which is probably why it's such a pain to do Docker rootless, though Docker can also do rootless containers AFAIK), Podman doesn't have such a synchronization.
This means, that every user will have to download or build their images anew, so if you switch between root (sudo) and your user, you may have to rebuild images more often than you thought.
And of course there's the gotchas you mentioned with ports etc, which can also make it painful to follow guides. I've also seen some subtle differences in how Podman build and Docker build interpret Docker images (such as the copy command, I beliefe the difference was how they treat directories with or without a following slash). Usually not to hard to work around, but difficult to spot, and can make it annoying if you want to distribute a containerfile to others that may have another engine, and are not super familiar with containers.
Why timers? A regular systemd unit works just fine to start containers at boot. Been doing that in SuSE's MicroOS for a while, works like a charm.
Was going to say, just use systemd units, or better yet the newer quadlets.
Unless something has changed recently, allowing access to the docker daemon is equivalent to root access (you can just run a privileged container and do whatever you want as root), so multiple users could just as well run podman with sudo to share images, or use the docker daemon emulation layer that provides a docker socket.
Most distros' podman package ships `podman-restart.service`. Enabling it is the easiest and laziest way to get your containers starting on boot.
If you want to do it "properly" though, use quadlets. You get all the benefits of a systemd-managed service with it too. Migrating is made easy thanks to the `podlet` project.
I'm still getting first-hand experience with containers. I'd like to learn to be proficient with Podman more than Docker, but I haven't been able to find a single homelab project I'd want to do whose guide for deploying a container was written for Podman, lol.
Idk how you’re getting on now but you could just try simple Docker ones and replace with podman command… you may experience some problems, but doing so will teach you about containers and podman
I’m big fan of Podman, but haven’t found many tutorials on how to use it.
Actually, you can watch my docker tutorials and just replace docker with podman :D
which terminal are you using?
Warp :)
The kubernetes yaml is interesting, is docker desktop doing that?
no, it focuses on docker compose
Is there any portainer for podman
You don't need a special portainer. Existing portainer works with podman through the Docker-compatible socket.
i wonder why no one uses podman for supabase
Can you share your terminal config?
it's on in dotfiles on github