That's funny. To me one of the whole point of containers is that it's not systemd that's PID1.
Combine that with a distro like Talos, an immutable Linux distro that contains less than ten executables and where none of them is systemd and...
At long last containers and stuff like Talos show a path leading to, in a not-so-distant future, a world where we can be systemd and [ini]/microsoft config files (from a microsoft employee btw) free again.
It's not about running systemd in the container (practically nothing does that, though I myself considered it for a multi-user ssh shell system), but making containers manageable under systemd alongside other units.
With Docker, I found rootless setup to be a PITA, despite having experience with unprivileged LXC containers. The manager daemon constantly consumed system resources even when no containers were running. Docker upgrades sometimes refused to run my containers until I chased down whatever storage driver problem they introduced in the latest version.
When the most recent upgrade broke my containers yet again, I decided to give Podman a try. Setup was a breeze. There is no management daemon wasting resources. My containers just worked. Even the little cron script I wrote to query Docker for pending image updates just worked with Podman tools.
I think Podman also makes it easy to map host uids to non-root container uids, which ought to help me reduce attack surface. (I haven't actually tried this feature yet.) Last time I checked, Docker did not.
> Even the little cron script I wrote to query Docker for pending image updates just worked with Podman tools
Podman comes with an auto-update flag you can set for containers that uses systemd to do this for you. Takes a bit of reading to get it right but its smooth sailing mostly.
Good to know, but my script is for a different workflow: It checks for updates to remote dependencies of my running custom containers. (For example, when alpine:latest points to something new.) It then prints a message for cron to email to me, noting that it's time to rebuild my custom stuff.
It's got a more modern design while having a drop-in CLI interface to docker (and also if needed a near-drop-in replacement for the docker socket API). This makes it the preferred backend for tools like distrobox.
Is that a question or a statement? I'm running Kubernetes on Docker Desktop. But every few months Docker Desktop either outright craps out and forces me to wipe everything and rebuild my containers or the latest annoyance is that it keeps giving me popups saying something something couldn't start Ubuntu.... but then seems to work perfectly fine after skipping it 10 times.
