Most active commenters
  • regularfry(3)

←back to thread

I ditched Docker for Podman

(codesmash.dev)
1101 points codesmash | 16 comments | 05 Sep 25 11:56 UTC | HN request time: 0.021s | source | bottom
Show context
t43562 ◴[05 Sep 25 12:31 UTC] No.45137756[source]
To provide 1 contrary opinion to all the others saying they have a problem:

Podman rocks for me!

I find docker hard to use and full of pitfalls and podman isn't any worse. On the plus side, any company I work for doesn't have to worry about licences. Win win!

replies(7): >>45137807 #>>45137925 #>>45138918 #>>45140013 #>>45141773 #>>45142624 #>>45142950 #
nickjj ◴[05 Sep 25 12:51 UTC] No.45137925[source]
> On the plus side, any company I work for doesn't have to worry about licences. Win win!

Was this a deal breaker for any company?

I ask because the Docker Desktop paid license requirement is quite reasonable. If you have less than 250 employees and make less than $10 million in annual revenue it's free.

If you have a dev team of 10 people and are extremely profitable to where you need licenses you'd end up paying $9 a year per developer for the license. So $90 / year for everyone, but if you have US developers your all-in payroll is probably going to be over $200,000 per developer or roughly $2 million dollars. In that context $90 is practically nothing. A single lunch for the dev team could cost almost double that.

To me that is a bargain, you're getting an officially supported tool that "just works" on all operating systems.

replies(35): >>45137943 #>>45137961 #>>45137966 #>>45138011 #>>45138193 #>>45138456 #>>45138557 #>>45138589 #>>45138645 #>>45138697 #>>45138769 #>>45138780 #>>45138910 #>>45138938 #>>45139051 #>>45139108 #>>45139291 #>>45139346 #>>45139639 #>>45139789 #>>45139934 #>>45140972 #>>45140985 #>>45141222 #>>45141227 #>>45141250 #>>45141737 #>>45142180 #>>45142801 #>>45142963 #>>45143028 #>>45143180 #>>45143185 #>>45144942 #>>45151669 #
akerl_ ◴[05 Sep 25 12:54 UTC] No.45137961[source]
The problem isn’t generally the cost, it’s the complexity.

You end up having to track who has it installed. Hired 5 more people this week? How many of them will want docker desktop? Oh, we’ve maxed the licenses we bought? Time to re-open the procurement process and amend the purchase order.

replies(5): >>45138069 #>>45138398 #>>45138407 #>>45138518 #>>45142035 #
nickjj ◴[05 Sep 25 13:04 UTC] No.45138069[source]
A large company who is buying licenses for tools has to deal with this for many different things. Docker is not unique here.

An IT department for a company of that size should have ironed out workflows and automated ways to keep tabs on who has what and who needs what. They may also be under various compliance requirements that expect due diligence to happen every quarter to make sure everything is legit from a licensing perspective.

Even if it's not automated, it's normal for a team to email IT / HR with new hire requirements. Having a list of tools that need licenses in that email is something I've seen at plenty of places.

I would say there's lots of other tools where onboarding is more complicated from a license perspective because it might depend on if a developer wants to use that tool and then keeping tabs on if they are still using it. At least with Docker Desktop it's safe to say if you're on macOS you're using it.

I guess I'm not on board with this being a major conflict point.

replies(11): >>45138096 #>>45138683 #>>45138852 #>>45138871 #>>45139225 #>>45139632 #>>45139690 #>>45139768 #>>45140137 #>>45143122 #>>45147571 #
1. dec0dedab0de ◴[05 Sep 25 14:48 UTC] No.45139225[source]
It becomes a pain point when the IT team never heard of docker, all new licenses need to be approved by the legal department, and your manager is afraid to ask for any extra budget.

Also, I don't want to have to troubleshoot why the docker daemon isn't running every time I need it

replies(4): >>45139786 #>>45139923 #>>45140120 #>>45140425 #
2. reaperducer ◴[05 Sep 25 15:35 UTC] No.45139786[source]
It becomes a pain point when the IT team never heard of docker

Or when your IT department is prohibited from purchasing anything that doesn't come from Microsoft or CDW.

3. axlee ◴[05 Sep 25 15:49 UTC] No.45139923[source]
>It becomes a pain point when the IT team never heard of docker

Where do you work ? Is that even possible in 2025?

replies(4): >>45140790 #>>45142846 #>>45143042 #>>45143287 #
4. 0cf8612b2e1e ◴[05 Sep 25 16:05 UTC] No.45140120[source]
I have personally given up trying to get a $25 product purchased through official channels. The process can make everything painful.
replies(2): >>45141549 #>>45150801 #
5. regularfry ◴[05 Sep 25 16:28 UTC] No.45140425[source]
I'll see your "IT team never heard of docker" and raise you "security want to ban local containers because they allow uncontrolled binaries onto corporate hardware.". But that's not something podman solves...
replies(1): >>45141037 #
6. tracker1 ◴[05 Sep 25 16:58 UTC] No.45140790[source]
Apparently they work in the past...
7. mgkimsal ◴[05 Sep 25 17:20 UTC] No.45141037[source]
Every single developer is running 'uncontrolled source code' on corporate hardware every single day.
replies(2): >>45142820 #>>45148338 #
8. johannes1234321 ◴[05 Sep 25 17:59 UTC] No.45141549[source]
Congrats, the process fulfilled it's purpose. Another small cost saved :)
replies(1): >>45141847 #
9. 0cf8612b2e1e ◴[05 Sep 25 18:22 UTC] No.45141847{3}[source]
Trust me, the thought crossed my mind. They definitely beat me.
10. cyberpunk ◴[05 Sep 25 19:46 UTC] No.45142820{3}[source]
The defence isn't against malicious developers writing evil code, but some random third party container launched via a curl | bash which mounts ~/ into it and posts all your ssh keys to some server in china... Or whatever.

Or so I was told when I made the monumental mistake of trying to fight such a policy once.

So now we just have a don't ask don't tell kind of gig going on.

I don't really know what the solution is, but dev laptops are goldmines for haxxors, and locking them down stops them from really being dev machines. shrug

replies(1): >>45147351 #
11. cyberpunk ◴[05 Sep 25 19:49 UTC] No.45142846[source]
'corp IT' in a huge org typically all outsourced MCSEs who are seemingly ignorant of every piece of technology outside of azure.

Or so it seems to me whenever I have to deal with them. We ended up with Microsoft defender on our corp Macs even.. :|

12. anakaine ◴[05 Sep 25 20:08 UTC] No.45143042[source]
Its absolutely possible. Weve also had them unaware of github, and had them label Amazon S3 as a risk since it specifically wasn't Microsoft.

There is no bottom to the barrel, and incompetence and insensitivity can rise quite high in some cases.

13. dec0dedab0de ◴[05 Sep 25 20:34 UTC] No.45143287[source]
I work at a cool place now that is well aware of it, but in 2023 I worked at a very large insurance company with over a thousand people in IT. Some of the gatekeepers were not aware of docker. Luckily another team had set up Openshift, but then the approval process for using it was a nightmare.
14. zmmmmm ◴[06 Sep 25 07:32 UTC] No.45147351{4}[source]
> some random third party container launched via a curl | bash which mounts ~/ into it and posts all your ssh keys to some server in china

it's pretty stupid because the same curl | bash that could have done that could have just posted the same contents directly to the internet without the container. The best chance you actually have is to do as much development as possible inside a sealed environment like ... a container where at least you have some way to limit visibility of partially trusted code of your file system.

15. regularfry ◴[06 Sep 25 11:26 UTC] No.45148338{3}[source]
And this is regarded as an existential problem which cannot be permitted to persist by some in the security space.
16. regularfry ◴[06 Sep 25 16:42 UTC] No.45150801[source]
It can be easier to spend £100K than £100.