Most active commenters
  • xrd(3)

←back to thread

I ditched Docker for Podman

(codesmash.dev)
1101 points codesmash | 11 comments | 05 Sep 25 11:56 UTC | HN request time: 0.222s | source | bottom
1. xrd ◴[05 Sep 25 12:25 UTC] No.45137711[source]
I love podman, and, like others have said here, it does not always work with every container.

I often try to run something using podman, then find strange errors, then switch back to docker. Typically this is with some large container, like gitlab, which probably relies on the entirety of the history of docker and its quirks. When I build something myself, most of the time I can get it working under podman.

This situation where any random container does not work has forced me to spin up a VM under incus and run certain troublesome containers inside that. This isn't optimal, but keeps my sanity. I know incus now permits running docker containers and I wonder if you can swap in podman as a replacement. If I could run both at the same time, that would be magical and solve a lot of problems.

There definitely is no consistency regarding GPU access in the podman and docker commands and that is frustrating.

But, all in all, I would say I do prefer podman over docker and this article is worth reading. Rootless is a big deal.

replies(5): >>45137959 #>>45137963 #>>45139216 #>>45139243 #>>45140243 #
2. gorjusborg ◴[05 Sep 25 12:54 UTC] No.45137959[source]
> I love podman, and, like others have said here, it does not always work with every container.

Which is probably one of the motivations for the blog post. Compatibility will only be there once a large enough share of users use podman that it becomes something that is checked before publish.

3. firesteelrain ◴[05 Sep 25 12:54 UTC] No.45137963[source]
Weird, we run GitLab server and runners all on podman. Honestly I wish we would switch to putting the runners in k8s. But it works well. We use Traefik.
replies(1): >>45139462 #
4. nunez ◴[05 Sep 25 14:47 UTC] No.45139216[source]
I presume that the bulk of your issues are with container images that start their PID 1s as root. Podman is rootless by default, so this causes problems.

What you can do if you don't want to use Docker and don't want to maintain these images yourself is have two Podman machines running: one in rootful mode and another in rootless mode. You can, then, use the `--connection` global flag to specify the machine you want your container to run in. Podman can also create those VMs for you if you want it to (I use lima and spin them myself). I recommend using --capabilities to set limits on these containers namespaces out of caution.

Podman Desktop also installs a Docker compatibility layer to smooth over these incompatibilities.

replies(2): >>45139534 #>>45143571 #
5. k_roy ◴[05 Sep 25 14:49 UTC] No.45139243[source]
I use a lot of `buildx` stuff. It ostensibly works in podman, but in practice, I haven't had much luck
6. xrd ◴[05 Sep 25 15:08 UTC] No.45139462[source]
Yeah, I had it running using podman, but then had some weird container restarts. I switched back to docker and those all went away. I am sure the solution is me learning more and troubleshooting podman, but I just didn't spend the time, and things are running well in an isolated VM under docker.

That's good to know it works well for you, because I would prefer not to use docker.

replies(1): >>45140293 #
7. xrd ◴[05 Sep 25 15:14 UTC] No.45139534[source]
This is terrific advice and I would happily upvote a blog post on this! I'll look into exactly this.
8. ◴[05 Sep 25 16:15 UTC] No.45140243[source]
9. dathinab ◴[05 Sep 25 16:19 UTC] No.45140293{3}[source]
in my experience (at least rootless) podman does enforce resource limits much better/stricter

we had some similar issues and it was due to containers running out of resources (mainly RAM/memory, by a lot, but only for a small amount of time). And it happens that in rootless this was correctly detected and enforced, but on non rootless docker (in that case on a Mac dev laptop) it didn't detect this resource spikes and hence "happened to work" even through it shouldn't have.

10. bsder ◴[05 Sep 25 21:02 UTC] No.45143571[source]
Is there a blog post on this somewhere? I'd really love to read more about it beyond just the official documentation.
replies(1): >>45170161 #
11. nunez ◴[08 Sep 25 16:18 UTC] No.45170161{3}[source]
I made a blog post some years ago about how to create your own VMs with Lima: https://blog.carlosnunez.me/post/docker-desktop-alternative-...

You can also use this to create a VM for Podman that runs on Fedora, rootful by default: https://github.com/carlosonunez/bash-dotfiles/blob/main/lima...

If you go the Lima approach, use `podman system connection add` to add rootful and rootless VMs, then use the `--connection` flag to specify which you want to use. You can alias them to make that easier; for instance, use `alias podman=podman` for rootless stuff (assuming the rootless VM is your default) nad `alias rpodman=podman --connection rootful` for rootful stuff. I'll write a post describing how to set all of that up soon!