←back to thread

I ditched Docker for Podman

(codesmash.dev)
1101 points codesmash | 2 comments | 05 Sep 25 11:56 UTC | HN request time: 0.412s | source
Show context
miki123211 ◴[05 Sep 25 15:37 UTC] No.45139800[source]
I've been dealing with setting up Podman for work over the last week or so, and I wouldn't wish that on my worst enemy.

If you use rootless Podman on a Redhat-derived distribution (which means Selinux), along with a non-root user in your container itself, you're in for a world of pain.

replies(13): >>45139949 #>>45139952 #>>45140035 #>>45140041 #>>45140112 #>>45140315 #>>45140558 #>>45140561 #>>45140736 #>>45140993 #>>45141204 #>>45141405 #>>45142506 #
jwildeboer ◴[05 Sep 25 16:38 UTC] No.45140561[source]
Sure. Constructing the case to shoot yourself in the foot is not a big problem. But in reality things mostly just work. I’m happily running a bunch of services behind a (nginx) reverse proxy as rootless containers. Forgejo, the forgejo runner to build stuff, uptime-kuma and more on a bunch of RHEL10 machines with SELinux enabled.
replies(1): >>45141156 #
preisschild ◴[05 Sep 25 17:29 UTC] No.45141156[source]
Do you do OCI/container builds inside your forgejo-runner container?
replies(1): >>45141390 #
1. mfenniak ◴[05 Sep 25 17:46 UTC] No.45141390[source]
People having trouble getting this configured is a common issue for self-hosting Forgejo Runner. As a Forgejo contributor, I'm currently polishing up new documentation to try to support people with configuring this; here's the draft page: https://forgejo.codeberg.page/@docs_pull_1421/docs/next/admi...

(Should live at https://forgejo.org/docs/v12.0/admin/actions/docker-access/ once it is finished up, if anyone runs into the comment after the draft is gone.)

replies(1): >>45142116 #
2. preisschild ◴[05 Sep 25 18:43 UTC] No.45142116[source]
Im not hosting a Forgejo instance (yet), but self-hosted Gitlab with gitlab-runner in Kubernetes, so I was wondering how you solved this.

I'm using dind too, but this requires privileged runners...