I am glad we have an alternative to Docker, we tried to switch to it recently but it didn't work out. Hopefully long term it gets easier and easier to switch + performance improves.
I'm genuinely curious here. I've literally never run into anything that required the rootful daemon. What exactly are people relying on that requires that?
Expose port 443 (yes, for https).
i know there are workarounds, just saying it is not a drop-in.
I decided to run an app in docker rootless in my personal server and there are a whole bunch of problems related to that. A lot of images expect to be run as "root all the way down"
Most common/immediate example: mounting volumes to files they normally can't interact with.
As a normal, non-root user, that is!
One may need to account for permissions and ownerships more when using podman compared to Docker. Being in the 'docker' group allows the daemon to set the stage for you.
Many ways to address it. For example, using named volumes instead of mounts.
... but a lot of people use mounts expecting something different than what podman offers, due to permissions/ownerships; it is notable
I'm curious what issues you have with it, as it should be pretty much a 1:1 replacement when you use the Docker compatibility for most people. Rancher Desktop is also a pretty good replacement as well there are things that aren't quite working in Podman.
I've been using it in lieu Docker Desktop for Mac for the past year and it mostly works, but I do hit issues and have to debug them.
- Several issues with non-native containers which are commonly encountered on Apple Silicon Macs: multi-platform containers start much slower, sudo commands in non-native containers don't work, the TARGETARCH variable was set wrong (fixed), the Docker API implementation didn't pay attention to the specified platform (fixed).
- The daemon that creates docker.sock so you can use the Docker CLI doesn't clean up after itself if you uninstall, and this breaks Docker Desktop if you want to switch back (say, to investigate one of these incompatibilities).
- Host directories you want to mount into containers need to be configured when the machine VM is created.
- The machine VM defaults to using an unstable image, which completely broke in September 2023 for a few days.
Interesting, I haven't hit many issues myself but it definitely seems like it's not as polished as I thought. It's definitely not as "vanilla" as Rancher Desktop, but I like the way it lets you do more outside of just the standard Docker Desktop workflow.
Can you elaborate on the host directories bit? I'm curious what you mean.
> Can you elaborate on the host directories bit? I'm curious what you mean.
Realize that when you are running podman on macOS, all of your containers are really running inside a Fedora virtual machine, and the `podman` (and `docker`) commands you execute are remotely controlling what's happening on this virtual machine.
So when you use -v to mount a file or directory into your container, you're really mounting it from the virtual machine, not your macOS host. For example:
$ podman run --rm -v /etc/os-release:/foo debian head -n 1 /foo
NAME="Fedora Linux" # this file doesn't exist on macOS
But obviously you wanted to mount a directory from your macOS host into the container. Podman accomplishes this by creating some network mounts for a few directories on your macOS host, like /Users, at the same path inside the container. Presto, `-v /Users/itsautomatisch/Stuff:/stuff` works like you wanted.
If you want to be able to mount another macOS directory that Podman doesn't do by default, like /Volumes/Stuff, you have to recreate the podman machine VM (`podman machine rm && podman machine init -v /Volumes/Stuff`) but it clears the default list if you do this.
It has to do with the binfmt_misc configuration on the podman machine VM, which is used on non-Linux hosts like macOS. I've proposed that they update the machine VM configuration to fix the inconsistency with Docker Desktop but the conversation petered out.
I second that. It's a definite flaw in marketing and mid-term planning.
curl | sh is a bad practice, but lack of "curl https://get.docker.com | sh" scenario is certainly bad for Podman adoption.
For some reason Docker Desktop users on macOS and Windows are prioritized over non-rpm Linux users.
(OTOH, there are some technical blockers as well, such as AppArmor support. Podman development team is obviously more accustomed with SELinux and expect some external contributions in that field)
Official guide regarding Ubuntu or Debian will get you podman 3.4.4 in case if Ubuntu 22.04 or 4.3.1 in case of Debian 12.
The project is in active development with lots of re-architecturing, deprecations and security fixes. There has to be a way to obtain relatively updated binary packages while not being tied to distribution update cadence.
Oh, that’s not a Podman issue - the Debian world is like RHEL I’m being conservative about major version upgrades. They’re still shipping Python 3.10 and 3.11, too, despite 3.12 having been released and 3.13 waiting in the wings.
The build from source instructions work and you can easily maintain your own back ports / PPAs for things like that as the standard mechanism for major upgrades which the core distribution doesn’t want to commit to supporting. Usually you can simply take the updated package definition from the unstable repository and build that, and a quick search suggests many people are doing just that.
Maybe I'm reading it wrong, but Podman docs say it supports "Debian 11 (Bullseye) repositories and later" - 11 is flagged as the next LTS version, with Debian 10 (Buster) LTS support ending June 30th this year.
So on the surface - if you're making the decision to try it now, at least - it doesn't seem that supporting Debian 10 is that big a deal. I guess if you've been on Debian 10 for ages & wanting to use Podman that could easily have been a dealbreaker though, but as someone looking to switch out from Docker it looks like it should be fine on the next Debians?
Podman version in Debian 12 main repos is 4.3.1 released in November 2022.
There's no official way to get more recent releases apart from building from source. The semi-official-don't-use-in-production Kubic OBS binary repo for podman and its dependencies had been deprecated in 2023.
Yeh, I guess I'm used to that in pretty much all software with Debian - you're almost never going to get the bleeding edge unless you're compiling from source.
I generally kind of see this as a good thing, in that you can assume (or at least, hope) you're getting some extra stability because of this, but it's just as often frustrating when you're missing some key feature that came out a couple years ago because the repo version is old.
Netavark stack should be a welcome change; finally no more fiddling around with cni-dnsame and shared networks to get inter-container DNS working.
I think technically .pod quadlet files came out in 4.9 but I'm still excited for them. Quadlet works great as a docker-compose replacement at the administration level but for use-cases like setting up a quick dev environment it's still lacking a little. Hopefully being able to easily set up a user-level systemd-unit pod should make it easier.
Is's not.
podman machine init with --image parameter lets you use a non-default distribution. This option was previously available as --image-path. Target should be trivial for macOS (or Linux if you use podman machine there for some reason), WSL2 has to have a compatible patched image.
