• 1 Post
  • 28 Comments
Joined 1 year ago
cake
Cake day: July 12th, 2023

help-circle







  • Basically I ran into issues with building images from newer and more complex compose files that podman-compose just couldn’t pull apart.

    Docker is still the go-to if you want shit to ‘just work’, it has an easier user experience, it’s what the vast majority of developers building containers are using. You can run rootless if you want without too much pain.

    It has come a long way but the probability that you’ll run into some random edge case or other issue with podman is higher, podman-compose has some thorns (high likelihood you’ll need to hack on compose files), if you want containers to start without your interaction you have to bake up systemd unit files for them, etc. I’ve not messed with podman-kube-play - wasn’t even aware of it, so can’t really comment as to how well that works.

    There’s nothing to lose by giving it a go except your sanity and time. 😁










  • Mainly selected podman for the security, it doesn’t rely on a daemon and supported rootless containers before docker did. Easy to just come up with a pattern where you can minimise the risk of container breakout by having a user for each container stack to provide even more isolation. You can do the same with docker these days I think, each user just runs their own copy of the docker daemon. The aim of the project was to achieve 1:1 compatibility, I think it’s pretty close these days. It’s also native to the Redhat family so could avoid using the community edition of Docker.