Most active commenters
  • (6)
  • whilenot-dev(5)
  • jeppester(4)
  • kuratkull(4)
  • dbacar(4)
  • tristan957(3)

Red Hat to contribute container tech (Podman, bootc, ComposeFS...) to CNCF

(www.redhat.com)
272 points twelvenmonkeys | 89 comments | 14 Nov 24 17:59 UTC | HN request time: 2.462s | source | bottom
1. xer0x ◴[14 Nov 24 18:22 UTC] No.42139358[source]
What took them so long?
replies(2): >>42139403 #>>42139529 #
2. tecleandor ◴[14 Nov 24 18:25 UTC] No.42139403[source]
Waiting for IBM to buy them? (half joking)
replies(1): >>42140469 #
3. nijave ◴[14 Nov 24 18:37 UTC] No.42139529[source]
My take was they sort of dug in said "Docker isn't made right for Linux, we're reinventing it"

On Fedora w/ SELinux that led to quite a bit of compatibility issues for a while with lots of quirky things that didn't behave the same.

I think their implementations have gotten pretty stable and improved in compatibility since then

replies(1): >>42139632 #
4. NewJazz ◴[14 Nov 24 18:42 UTC] No.42139600[source]
Does podman support docker compose files well? Devs love them for local environments.
replies(6): >>42139683 #>>42139823 #>>42140017 #>>42140109 #>>42140241 #>>42140505 #
5. RcouF1uZ4gsC ◴[14 Nov 24 18:42 UTC] No.42139605[source]
Reading about Keycloak and how long it is taking to patch critical vulnerabilities, I wonder is CNCF becoming how Apache was - where abandoned open source software goes to die.
replies(4): >>42140022 #>>42140506 #>>42142224 #>>42142912 #
6. 2OEH8eoCRo0 ◴[14 Nov 24 18:44 UTC] No.42139632{3}[source]
That's my take as well. Red Hat's design choices fit into Linux much more neatly. Docker has always been rubbish with late cgroups v2 support, punching holes in my firewall, no rootless, etc.
replies(1): >>42139891 #
7. lytedev ◴[14 Nov 24 18:48 UTC] No.42139683[source]
I've been using podman-compose, yes.
8. spockz ◴[14 Nov 24 18:58 UTC] No.42139823[source]
I’ve been using it on my Fedora server because I make myself. I think all functionality and syntax is covered. However, the user feedback and TUI of docker-compose is way nicer (interactive at least). Also, podman compose does seem to recreate containers that do not need to be recreated in more cases than I have noticed docker compose do.
replies(1): >>42140098 #
9. mmh0000 ◴[14 Nov 24 19:04 UTC] No.42139891{4}[source]
> punching holes in my firewall

I teach various Linux training courses. One of which is Containers. It always shocks several people per-class how Docker just blatantly ignores and rewrites existing firewall rules. And there's no real option to prevent that unless you want to manually configure ALL network routing.

For me personally, that was one of the big issues the pushed me over to Podman.

Also, Docker's insistence on "forcing" and preventing the disabling of using the malware-ridden Docker Hub didn't help me appreciate their security practices.[]

[]

https://jfrog.com/blog/attacks-on-docker-with-millions-of-ma...

https://www.infosecurity-magazine.com/news/malicious-contain...

https://www.bleepingcomputer.com/news/security/millions-of-d...

https://www.bleepingcomputer.com/news/security/docker-hub-re...

https://sysdig.com/blog/analysis-of-supply-chain-attacks-thr...

... ETC ...

replies(3): >>42140120 #>>42141051 #>>42143434 #
10. jeppester ◴[14 Nov 24 19:15 UTC] No.42140017[source]
I use podman with docker-compose files for my day-to-day work; spinning up databases and other service dependencies for locally running or containerized webapps.

podman-compose never worked very well for me, so I'm running with the podman.socket systemd service and the standalone version of docker-compose. That is however working flawlessly.

What I really like about podman (and which to be fair docker might have since catched up on) is that rootless containers work so well. Gone are the days where bind-mounting a project folder into a container would mess with your file permissions.

In my experience podman also feels easier and less invasive to install, although I can't say if the latter is really the case.

replies(1): >>42140117 #
11. teepo ◴[14 Nov 24 19:16 UTC] No.42140022[source]
I think that CNCF has better handle on abandonware, plus really good observably. https://devstats.cncf.io/
12. jeppester ◴[14 Nov 24 19:24 UTC] No.42140098{3}[source]
You can run the standalone version for docker-compose against podman. You just need to have the podman.socket systemd service running.
replies(1): >>42141499 #
13. madspindel ◴[14 Nov 24 19:25 UTC] No.42140109[source]
Try podman kube generate and podman kube play. Podman can generate a Kubernetes YAML, and then you can run it with kube play.

I use it together with systemd in my home lab. It's Kubernetes for single node and without the bloat. I love it!

https://www.redhat.com/en/blog/kubernetes-workloads-podman-s...

replies(1): >>42141766 #
14. ocular-rockular ◴[14 Nov 24 19:25 UTC] No.42140117{3}[source]
My only problems with Podman is the lack of up to date repos across systems, the fact that the latest raw binaries are managed by a maintainer out of the goodness of their heart, and that the VS Code extension ecosystem for managing pods is not integratable with the existing Docker stuff (and the replacement extensions are woefully underdeveloped).

Otherwise it honestly is great and preferable over Docker.

replies(2): >>42140208 #>>42141024 #
15. hughesjj ◴[14 Nov 24 19:26 UTC] No.42140120{5}[source]
I want to switch to podman. What are the general gotchas and difficulties you could see in doing that for multi architecture+os builds/deployments?
16. kuratkull ◴[14 Nov 24 19:28 UTC] No.42140145[source]
Podman actually works really well. Out-of-the-box virtually-no-configuration-needed rootless containers. It's also usable via docker-compose with a single env variable. (podman-compose wasn't up to par for us)

We've been using it for a couple of years running and managing hundreds of containers per server - no feeling of flakiness whatsoever. It's virtually zeroconf and even supports GPUs for those who need it. It's like docker but better, IMO.

Hope it gets a popularity boost from CNCF. Rooting for it.

replies(14): >>42140324 #>>42140486 #>>42140492 #>>42140544 #>>42140660 #>>42140768 #>>42141042 #>>42141174 #>>42141341 #>>42142569 #>>42142974 #>>42150237 #>>42151540 #>>42155624 #
17. jeppester ◴[14 Nov 24 19:34 UTC] No.42140208{4}[source]
I won't deny that the outdated repos was a pain in the past, but ever since ubuntu got to version 4 it's been working flawlessly for me.

I think version 4 was where podman became a reliable tool, whereas I found it to be flaky and unreliable in previous versions.

I don't use vs code extensions for managing my containers, so I can't say much about those, but I wonder if many of them won't work fine with an alias for docker and maybe the podman-socket running.

replies(1): >>42140720 #
18. avcxz ◴[14 Nov 24 19:36 UTC] No.42140241[source]
For more information on compose files take a look at the Compose Spec [0], looks like podman compose supports the Compose Spec which Docker compose files use as well.

[0] https://github.com/compose-spec/compose-spec?tab=readme-ov-f...

19. jeppester ◴[14 Nov 24 19:43 UTC] No.42140324[source]
I completely agree and have had the same experience as you with docker-compose working better than the alternatives.

Past versions of podman were flaky, but since version 4, which is now a couple of years old, I haven't had any issues whatsoever. I'd recommend anyone using containers on linux to try it out instead of installing docker out of habit.

20. cyberax ◴[14 Nov 24 19:55 UTC] No.42140469{3}[source]
Or The Onion!
21. bombela ◴[14 Nov 24 19:57 UTC] No.42140486[source]
The IO through fuse-overlay is performance limiting though. It's almost half the speed as overlay directly for layers with many tiny files.

Note that Linux allows you to mount overlay within a user namespace if you are root within the user namespace.

In other words, if you are root within a container; even though it is not root on the host; Linux accepte ton mount overlay filesystems (most filesystems are not allowed). `man user_namespace`

replies(1): >>42141117 #
22. dbacar ◴[14 Nov 24 19:58 UTC] No.42140492[source]
> docker-compose with a single env variable what is that env variable?
replies(3): >>42140850 #>>42140871 #>>42151420 #
23. dbacar ◴[14 Nov 24 19:58 UTC] No.42140505[source]
Yes it doesm even with rootless. We are using it in prod.
24. pphysch ◴[14 Nov 24 19:58 UTC] No.42140506[source]
Hopefully the Keycloak thing will spur more competition. I looked at some alternatives and settled on Keycloak because it was "obviously" the mature and hardened solution.

Well, clearly not.

replies(2): >>42141416 #>>42142584 #
25. dbacar ◴[14 Nov 24 20:00 UTC] No.42140523[source]
To all those interested in podman, this book by Daniel Walsh is a gem. Highly recommended and it is free.

https://developers.redhat.com/e-books/podman-action

replies(3): >>42141979 #>>42144247 #>>42151288 #
26. righthand ◴[14 Nov 24 20:02 UTC] No.42140544[source]
If podman compose would parse env var strings correctly, then it would be on par. Not sure why that hasn’t been fixed but probably because it’s a stepping stone instead of a well thought out replacement.
27. vbezhenar ◴[14 Nov 24 20:03 UTC] No.42140555[source]
Is CNCF new Apache foundation? Looks like everyone dumps their stuff there. Does not look promising. Am I missing something? Probably RedHat paid salary to podman developers, but who will pay salary to them now?
replies(5): >>42140635 #>>42141199 #>>42141683 #>>42141739 #>>42142463 #
28. EdwardDiego ◴[14 Nov 24 20:10 UTC] No.42140635[source]
Strimzi is CNCF, Strimzi still has a full time team of devs in RH.
29. bityard ◴[14 Nov 24 20:11 UTC] No.42140660[source]
> It's also usable via docker-compose

Is that "docker-compose" (with a dash) or "docker compose" (with a space)?

replies(2): >>42140940 #>>42151448 #
30. ocular-rockular ◴[14 Nov 24 20:17 UTC] No.42140720{5}[source]
Its broken with alias but what's this about the podman-socket? Do you know where I can take a look at that?
31. papichulo2023 ◴[14 Nov 24 20:22 UTC] No.42140768[source]
I only dislike Podman because some distributions used it as an alias for docker which made a lot of docker-compatible software to not work on that distribution unless some workarounds. I wouldnt normally blame the application for this but in this case they are both, application and distribution, from the same dev.
replies(1): >>42140838 #
32. colechristensen ◴[14 Nov 24 20:29 UTC] No.42140838{3}[source]
Agreed, the `podman` command is 95% drop-in compatible with the `docker` command, but those edge cases are annoying and I would rather just use the docker cli backed with podman running the containers.
replies(1): >>42141004 #
33. whilenot-dev ◴[14 Nov 24 20:30 UTC] No.42140850{3}[source]
Probably DOCKER_HOST[0][1]

[0]: https://docs.docker.com/reference/cli/docker/#environment-va...

[1]: https://podman-desktop.io/docs/migrating-from-docker/using-t...

replies(1): >>42146039 #
34. ◴[14 Nov 24 20:31 UTC] No.42140871{3}[source]
35. whilenot-dev ◴[14 Nov 24 20:38 UTC] No.42140940{3}[source]
Both should do exacly the same, they are just installed differently. docker compose is installed as docker CLI plugin (Linux only), and docker-compose is installed as standalone binary.

See ref: https://docs.docker.com/compose/install/#scenario-two-instal...

replies(1): >>42141011 #
36. tristan957 ◴[14 Nov 24 20:43 UTC] No.42141004{4}[source]
Podman has a docker frontend. On Fedora, it is packaged as podman-docker, I believe. I recently went through the pain of getting testcontainers working on Fedora 41 with Podman. After enabling the Podman socket and setting an environment variables, I was off to the races!
37. tristan957 ◴[14 Nov 24 20:44 UTC] No.42141011{4}[source]
There are subtle differences between the two and not exactly the same.
replies(1): >>42141040 #
38. tristan957 ◴[14 Nov 24 20:45 UTC] No.42141024{4}[source]
I think you can use the VSCode Docker extension if you enable the Podman socket.
39. whilenot-dev ◴[14 Nov 24 20:47 UTC] No.42141040{5}[source]
That would be news to me, as both are pointing to the exact same GitHub repository[0]. Can you name the differences?

[0]: https://github.com/docker/compose

replies(1): >>42142498 #
40. Cyph0n ◴[14 Nov 24 20:47 UTC] No.42141042[source]
+1, Podman is great. I have been running it for a while on NixOS.

But Compose doesn’t mesh well with the overall NixOS configuration system. So I ended up building a custom tool that can convert your existing Compose project into a NixOS config.

41. xelamonster ◴[14 Nov 24 20:48 UTC] No.42141051{5}[source]
You might just be convincing me to switch, I generally love docker and compose but the firewall thing still blows my mind and that there still just is not a solution.

My workaround has been to bind all docker port forwards to localhost and only ever expose them externally via reverse proxy. Which is annoying because that means I can't run the reverse proxy itself in docker.

42. nolist_policy ◴[14 Nov 24 20:56 UTC] No.42141117{3}[source]
You may need to do

  podman system reset
The Linux kernel only gained unprivileged overlay recently. Kernel fuse and fuse-overlay are incompatible so you need to wipe everything.

You may need to set

  [storage]
  
  driver = "overlay"
in storage conf as well.

https://docs.podman.io/en/stable/markdown/podman-system-rese...

43. zamalek ◴[14 Nov 24 21:02 UTC] No.42141174[source]
I vastly prefer it to Docker, especially buildah over buildx. Instead of inventing yet-another-dsl buildah allows you to simply use shell scripts (though it does also support dockerfiles). Another thing buildah is really good at is not doing much automatically: you can really optimize layers if you care to.

The Podman ecosystem has given me a strong disliking of the Docker ecosystem, so I'm also rooting for it.

replies(1): >>42142929 #
44. anticorporate ◴[14 Nov 24 21:04 UTC] No.42141199[source]
I'm sure Red Hat will continue to pay Podman developers, just like they continue to pay developers for the other upstream projects that are hosted at CNCF (like Kubernetes).

I'm we can all think of some projects "abandoned" to foundations through the years, but in general, I'd call getting core infrastructure out of the control of a single company and into a place with more transparent and democratic governance a good thing.

replies(1): >>42144617 #
45. mattgreenrocks ◴[14 Nov 24 21:19 UTC] No.42141341[source]
Dumb question: is it rootless for users on something like macOS?

I'd love to get the benefits of Docker without the battery drain and the Docker software, but I'm not sure if Podman would help much with either.

replies(2): >>42141541 #>>42144536 #
46. LilBytes ◴[14 Nov 24 21:27 UTC] No.42141416{3}[source]
Zitadel is worth a look, we're replacing Keycloak with it currently.
47. spockz ◴[14 Nov 24 21:37 UTC] No.42141499{4}[source]
Yes indeed. I have that on other systems as well. But I try to keep both around to notice these kind of differences. (I’m working on tooling that relies on docker compose files so I like to see how it behaves in different setups.)
48. goalieca ◴[14 Nov 24 21:42 UTC] No.42141541{3}[source]
On macOS it creates a centos VM to run containers in. Rootless simply means that the root user in a container maps to the runner outside and not as the actual system root.

Edit: .. because the runner is not needing to run as root

49. greatgib ◴[14 Nov 24 21:57 UTC] No.42141656[source]
Usually, when big orgs like that dump their projects to such a foundation (like Apache), it is that they are about to drop investing in support it soon.
50. lysace ◴[14 Nov 24 22:00 UTC] No.42141683[source]
In the same way as how the Kubernetes ecosystem is the new Enterprise Java ecosystem? Often even from the same companies as back in the late 90s/00s.

Look: I'm probably ignorant, but from the outside the similarities seem striking.

Please explain why I'm wrong. I'm humble on this one.

replies(1): >>42144196 #
51. nonameiguess ◴[14 Nov 24 22:08 UTC] No.42141739[source]
I'm not sure why you think that. Plenty of CNCF projects, if not all of them, are still developed by the same corporate teams that originally developed them, even though ownership has been transferred. Cilium is still being developed by paid Isovalent employees. I'm pretty sure Kubernetes is still maintained mostly by Google employees. Longhorn and k3s are maintained by SUSE employees. This isn't Red Hat's first foray. They bought CoreOS, which is the company that originally developed etcd, one of the oldest CNCF projects that even predates Kubernetes, and most of its maintainers are still employees of either Red Hat or Google.
52. bjoli ◴[14 Nov 24 22:12 UTC] No.42141766{3}[source]
Being able to play around with kube files and then just shove them into a my-seevice.kube and execute them via systemd is really neat. The documentation is pretty OK as well: https://docs.podman.io/en/latest/markdown/podman-systemd.uni...

The only downside is that some things are not yet supported in quadlets, and that things don't map 1 to 1 between quadlets and the command line.

53. j1mc ◴[14 Nov 24 22:35 UTC] No.42141922[source]
I think people are missing the contribution of bootc and composefs. This is a big part of what undergirds Red Hat's new 'image mode' means of deployment. They're using container-related tooling to deploy whole operating systems, and it's a large part of where they're headed.

I write this to say, "This is not them dumping abandonware." To me, it's them putting these technologies under the supervision of a neutral third party to encourage adoption.

replies(4): >>42141926 #>>42141989 #>>42143842 #>>42149122 #
54. ◴[14 Nov 24 22:35 UTC] No.42141926[source]
55. duckmysick ◴[14 Nov 24 22:42 UTC] No.42141979[source]
Important to note, this book is from early 2023 and supports Podman version 4.1. It's missing newer features like quadlets.

https://www.redhat.com/en/blog/quadlet-podman

replies(1): >>42143044 #
56. ◴[14 Nov 24 22:43 UTC] No.42141989[source]
57. gigatexal ◴[14 Nov 24 22:50 UTC] No.42142058[source]
This is cool and all I just want to make sure podman and others are maintained and useful. I’m sure they will be it’s just that I use podman every day and depend on it.

I could go back to docker but why?

58. preisschild ◴[14 Nov 24 23:07 UTC] No.42142224[source]
I think being a CNCF project is better than not being one. It gives it more visibility and structure and thus is less likely to be abandoned.

But sure, unfortunately if not enough different companies and individiuals are maintaining stuff it gets abandoned.

59. gbraad ◴[14 Nov 24 23:35 UTC] No.42142463[source]
The podman team and my team, working in the virtualization side (Podman Machine), will continue doing so
60. thangngoc89 ◴[14 Nov 24 23:41 UTC] No.42142498{6}[source]
Previous docker-compose was a separate program, written in Python if I remember correctly, people usually preferred to them as v1. Later docker incorporated it into the docker binary itself as a subcommand so that’s v2
replies(1): >>42144443 #
61. Sparkle-san ◴[14 Nov 24 23:49 UTC] No.42142569[source]
> Rooting for it.

No root necessary :)

62. pratio ◴[14 Nov 24 23:51 UTC] No.42142584{3}[source]
I've replaced keycloak with https://goauthentik.io/ 2 years on, no complaints
63. philipwhiuk ◴[15 Nov 24 00:38 UTC] No.42142875[source]
Hmm maybe worth switching from Docker Desktop to Podman Desktop...
64. caniszczyk ◴[15 Nov 24 00:44 UTC] No.42142912[source]
Last I checked, Keycloak has increased in activity since joining CNCF...

https://keycloak.devstats.cncf.io/d/1/activity-repository-gr...

CNCF has probably 20x the funding of the ASF and is a different organization that spends millions of dollars on security audits, events and more, you can read about it in our annual report: https://www.cncf.io/reports/cncf-annual-report-2023/

Also we actively remove/prune projects that aren't active... we will probably archive ~10 this year https://www.cncf.io/project-metrics/

65. ryan29 ◴[15 Nov 24 00:47 UTC] No.42142929{3}[source]
I think I might be the only one that prefers Docker for building Docker containers using CI.

I use Drone, but instead of using the Docker plugin I start a detached (background) Caddy server to work as a proxy to DOCKER_HOST. That lets me proxy to the local Docker socket to take advantage of caching, etc. while I'm iterating, but gives the option of spinning up docker-in-docker to get a clean environment, without any caching, and running a slower build that virtually identical to what happens on the CI server.

I find that having the daemon available solves a ton of issues that most of the CI provided builder plugins have. For example, with the builder plugins I'd always end up with a step like build-and-tag-and-push which didn't work very well for me. Now I can run discreet build steps like build, test, tag, push and it feels far more intuitive, at least to me.

66. forabi ◴[15 Nov 24 00:57 UTC] No.42142974[source]
> Rooting for it.

I wanted to say something funny about "rooting" and "rootless", but it's probably too silly. :)

replies(1): >>42143032 #
67. msgilligan ◴[15 Nov 24 01:12 UTC] No.42143032{3}[source]
Ruthlessly rooting for rootless!
68. msgilligan ◴[15 Nov 24 01:13 UTC] No.42143044{3}[source]
Yes. Definitely already needs a second edition. I would happily buy it.
69. justinclift ◴[15 Nov 24 02:27 UTC] No.42143434{5}[source]
> It always shocks several people per-class how Docker just blatantly ignores and rewrites existing firewall rules.

Yeah. Many times I've mentioned that to people, and they just don't believe it's a thing which Docker does. Including here on HN. :/

70. jauntywundrkind ◴[15 Nov 24 03:58 UTC] No.42143842[source]
Composefs has a totally crucial feature that sold me immediately, which is that if two containers use the same file, the kernel can serve that file from the same page cache. This means you can hypothetically launch a lot of containers, and if they share some layers/base images, the memory usage can still be quite reasonable. Nice. https://github.com/containers/composefs?tab=readme-ov-file#b...
replies(1): >>42145328 #
71. elzbardico ◴[15 Nov 24 05:31 UTC] No.42144196{3}[source]
Kubernetes is the new websphere. Yaml the new ANT.
72. 5d41402abc4b ◴[15 Nov 24 05:46 UTC] No.42144247[source]
The font on that book is so awful. As someone with bad sight i have to strain my eyes a lot to read even a single sentence.
73. whilenot-dev ◴[15 Nov 24 06:43 UTC] No.42144443{7}[source]
v2 is still a separate binary, it can just be installed in different ways (on Linux). If GGGP was referring to v1, then that's legacy software since 2+ years and they probably shouldn't use it.
replies(1): >>42144545 #
74. ◴[15 Nov 24 07:01 UTC] No.42144536{3}[source]
75. yjftsjthsd-h ◴[15 Nov 24 07:03 UTC] No.42144545{8}[source]
The one problem I previously hit was that the ansible integration used the Python version; I hope they've fixed it now but haven't looked lately.
replies(1): >>42144663 #
76. cryptos ◴[15 Nov 24 07:22 UTC] No.42144617{3}[source]
Maybe open source foundations should be more selective with the projects. I'm thinking of Oracle dumping OpenOffice, although it was obvious that LibreOffice is the way to go.
77. whilenot-dev ◴[15 Nov 24 07:30 UTC] No.42144663{9}[source]
Looks like v2 is available: https://galaxy.ansible.com/ui/repo/published/community/docke...
replies(1): >>42149507 #
78. ChocolateGod ◴[15 Nov 24 09:41 UTC] No.42145328{3}[source]
If you swap to a content-based object store for container images (like OSTree/Flatpak), you could potentially save a lot of disk space too because you'll no longer need to be careful about your Dockerfile layers.

If two OCI images share the same file, they'll be de-duplicated on disk and only be downloaded once.

79. ◴[15 Nov 24 11:32 UTC] No.42145973[source]
80. dbacar ◴[15 Nov 24 11:42 UTC] No.42146039{4}[source]
Thank you
81. ◴[15 Nov 24 17:44 UTC] No.42149122[source]
82. yjftsjthsd-h ◴[15 Nov 24 18:26 UTC] No.42149507{10}[source]
On the I've hand: that's great news!

On the other:

> The Docker compose CLI plugin has no stable output format (see for example https://github.com/docker/compose/issues/10872 ), and for the main operations also no machine friendly output format. The module tries to accomodate this with various version-dependent behavior adjustments and with testing older and newer versions of the Docker compose CLI plugin. Currently the module is tested with multiple plugin versions between 2.18.1 and 2.23.3. The exact list of plugin versions will change over time. New releases of the Docker compose CLI plugin can break this module at any time.

83. yangff ◴[15 Nov 24 19:50 UTC] No.42150237[source]
until you start to use zfs.. (completely doable with fuse overlay, but just painful)
84. neitsab ◴[15 Nov 24 21:26 UTC] No.42151288[source]
Let me present you a full 212-page RHEL 9 docs PDF on everything Podman, updated as of this month:

https://docs.redhat.com/en-us/documentation/red_hat_enterpri...

85. kuratkull ◴[15 Nov 24 21:37 UTC] No.42151420{3}[source]
yeah, basically verbatim `DOCKER_HOST=unix:///run/user/1000/podman/podman.sock`
86. kuratkull ◴[15 Nov 24 21:39 UTC] No.42151448{3}[source]
AFAIK docker-compose is a an older utility, and `docker compose` is the new-way to do things.
87. kuratkull ◴[15 Nov 24 21:47 UTC] No.42151540[source]
For posterity, there have been some issues when destroying containers. Errors about "inconsistent state of container" or such. But these have always been about non-running containers, so the answer has been destroy/recreate, so no measurable impact for the business. After spawning and destroying thousands of containers in a high-load live environment(across half a dozen servers), I consider podman pretty stable.

And assuming my own comment is high up, this is the env variable we automatically load:

> DOCKER_HOST=unix:///run/user/1000/podman/podman.sock

88. jacooper ◴[16 Nov 24 10:14 UTC] No.42155624[source]
Honestly everytime i wanted to use podman i hit a bug, which is already fixed most of the time but i can't get the new version because they don't have any direct repos to get updates from, this is very helpful for docker.

Also networking in rootless containers still suck.

The end result is just go bakc to docker with less hassle and better stability.