Is it time to switch? // Docker vs Podman Desktop
HTML-код
- Опубликовано: 28 июл 2024
- In this video, we will be exploring an alternative to Docker - Podman. With its claims of being faster, more secure, and compatible, it's time to see if Podman is a mature alternative to Docker. We'll also discuss its recently released Podman Desktop Application and its exciting features, as well as the possibility of switching from Docker to Podman.
References
- Podman: podman.io
- Podman Desktop: podman-desktop.io
________________
💜 Support me and become a Fan!
→ christianlempa.de/patreon
💬 Join our Community!
→ christianlempa.de/discord
________________
Read my Tech Documentation
christianlempa.de/docs
My Gear and Equipment-*
christianlempa.de/kit
________________
Timestamps:
00:00 Introduction
01:10 What is Podman?
04:39 Podman Desktop
07:28 Why Podman is so great
09:27 How to create Pods
12:28 Where Docker is still ahead
14:56 Final Thoughts
________________
All links with `*` are and/or include affiliate links. 
Наука
I switched from Docker to Podman since few months, never looked back. Had some headaches to convert some containers but it is very reliable and compatible with kubernetes.
cool, I might try it too :)
What orchestration tool do you use?
Do We require to recreate the existing containers from docker to podman while shifting from docker to podman? Or we have something to migrate to those containers?
@@sridharkumar9462 you can recreate them keeping the config folder.
@@sridharkumar9462Podman 100% supports OCI compatible containers, so if you didn't create your container with something very Docker specific it will conform to the open container format and is then supported by Podman. No migration needed.
I've been using Podman for years now. I really appreciate that its user namespaced and doesn't require a daemon to run. Thanks for covering it! Hope to see more tech youtubers dropping "Docker" when talking about containers and just referring to them as containers. Docker's not the only game in town.
Sounds awesome! Yeah, maybe I should do more topics around podman :)
What's so great about not having a daemon running ? There are hundreds of processes running on your machine at any given time, why bother about one more ?
because they actually only used Docker...
Yes. Well, kindof. The thing is that the term container is a lot more used by other tools too, that are not compatible with Docker like containers (forgot the official name for them).
@@emptystuff1593 Because if the docker daemon crashes for whatever reason all the containers are going down with it. This is the same reason why updating docker is a pain. Podman doesn't have this type of single point of failure.
Switched to Podman 2 years ago now, never looked back! Thanks for the video.
Sounds awesome! :)
That is a bit of the finger to docker. I love that! Docker went the Oracle route, and tries to charge every corporation user with a docker desktop license. Portman looks super simple and never unterestimate the security aspect.
Podman is originally developed by Red Hat, and we all know what happened to the Red Hat drama.
Ups...that was a strong argument to stay away from this project? @@_vr
@@_vr that it was overblown and mostly FUD?
and Redhat went the corporate route as well
@@_vr what drama??
Finally. Been using some of your videos to implement with podman for the reasons you have mentioned. Never have had any issues with podman-compose btw. Keep up the superb work. Cheers.
The big advantage Podman Desktop has over Docker Desktop is the licensing for enterprise use. PD is FOSS (Apache 2.0 license), where DD is only "free for small businesses (fewer than 250 employees AND less than $10 million in annual revenue), personal use, education, and non-commercial open source projects. Otherwise, it requires a paid subscription for professional use. Paid subscriptions are also required for government entities."
I have nothing against a company trying to make money off of their work, but the fact that it is a subscription-only really rubs me the wrong way. Let me buy a copy that is mine forever and leave me alone.
Thank you for pointing out this. I am pretty sure it helps the community! Best Regards!
Honestly, I never thought about changing from Docker to Podman, but this POD creation is really catching my attention, I had some experience building sidecars for containers and is a PITA to test it locally with docker. Awesome content.
I used Podman last year at my then-employment. I see a lot of improvements. That is very much welcome. Nice app. A good replacement for Docker Desktop, which is what makes many companies not wanting to use Docker. Podman UI really is cleaner.
Thanks for the demo and info, have a great day
Thanks! you too :)
Great video, thanks, I'm going to try podman tomorrow at work and see how it also fares at building and pushing docker images :)
Thank you so much :)
This is an excellent video! I’ve also been debating on trying Podman and I think this definitely helped. I will definitely be giving it a try for local container testing.
Glad it was helpful!
I wanted to get into containers, but could not risk installing docker desktop on my work pc due to any license consequenses. Really happy with podman! Can do everything i see people doing with docker.
With docker desktop I need to be logged in to run my containers in Windows. With podman will it run more like service so I can reboot and expect pods to run straight away?
Brother's you always provide good content for us thanks for such type of informative content...
thank you so much :)
Migrating from Docker to Podman is a headache! Especially if you use docker compose!
Switched in April 23 when I moved to Fedora. Difference is it can be backup-ed and restored from tars and it needs dealing with effective user and group IDs and creating user session during system startup and there are some special commands to move files into and from volumes.
I admire what you do Christian. keep it up Lempa
I’m made to switch from docker to Podman about a year ago, I issue have most of the time is a hard coded docker deamon socket in some projects, making a symlink + activating the podman socket will do the trick most of the time. Running podman rootless by default and managing containers as systemd services is a great features
Yep, the systemd feature is nice! I will have a look at it.
What do you use to theme your terminal? I would love to achieve something similar on Linux. The separators between commands really work well with my brain.
Hi Christian, thanks for great explanation. but, may i know how and what is the configuration of your terminal so the result are displayed on the bottom while the input is still in the top ? thanks
Warp
I have a question about what security priority is appropriate for Linux vs Windows vs Mac OS
I’ve started to play around with Podman just to see what it’s like. I recently discovered that you can generate a Kubernetes v1 yaml file from an existing Podman pod or container. This is good because I can run my existing docker compose files on Podman to create the containers. I then use “podman kube generate” to build a Kubernetes yaml file from my existing container setup. Maybe my method is not very practical but to me it’s still pretty cool. 🙂
Awesome :D
This is great. It's just eat I need for a project I'm working on. Tnx
Your head looks very smooth. Very nice.
Gae
You said 'rootless' and I immediately got confused with the older use of that term from X-Windows. Thanks for the flashback! 🙂
:D
Does anyone know which extension for VSCode Christian uses to help write Kubernetes configs? The one I'm currently using is not great and what I saw here looked promising
If you're talking about the auto-complete/suggestions, that's just Copilot.
Are all problems with devcontainer from VSCode solved? Can you now use podman with devcontainers?
Very focused on Desktop usage on Win and Mac.
Yes, I would definitely like to learn about Docker Scout.
Of course there is always nerdctl as the CLI and Rancher Desk as the GUI. Nerdctl can be run either rootful, or rootless and does more then Podman or Docker as an interface to containerd.
Great video, now I would like to try Podman XD
You should! :)
Pardon my ignorance, but what is the terminal app, shell, or config doing the isolated input and output 'frames'? And the gravy that is the IDE-like browsing of the command history.
it's called warp! new video is in the works :)
I'm curious about the terminal application you use, is it Mac Exclusive?
same question.
using podman exclusively since 3 years. Running rootless just rocks on our prod servers but also locally on my laptop.
Hey Christian, thanks. i run pod,an on a headless rhel server currently. Do you know if podman desktop can connect to a remote server?
I don't think so, but on a server you have plenty of options to manage it, with cli, automated or using a web ui
Podman supports the concept of connections over ssh, if you configure `podman system connection` to point at a remote server, you should be able to get Podman desktop to work with the remote server I believe. podman (--remote) at the CLI works fine with remote podman services over ssh.
but how do i seach for images in podman like i do in docker desktop .......
Thank you.
You're welcome!d
What auto complete tool were you using in VSCode at 10:30?
It's GitHub Copilot
Pretty cool stuff. I’m currently reading through Podman documentation from Red Hat learning how to use it.
Nice!
Can podman use the Docker Images in The Docker hub?
many network issue on windows. 1. port redirct not registered in firewall so the port cannot be accessed from other device 2. cannot access port on parent so it is the best to deploy basic service like redis, mysql etc on podman
Hi Christian, are you running on an Apple Silicon machine? If so what steps did you take to get it installed? I've tried repeatedly to get it working on an Apple Mac Mini M1, but each time it is crashing because the `podman machine init` step insists on grabbing the x86_64 version of the VM rather than the aarch64 version.
Maybe try to contact support, it worked on my machine
@@christianlempa Thanks for the reply! Turns out I downloaded the Intel version of the CLI by mistake. I saw that the web page showed the Desktop app as a Universal app, and I assumed that applied to the CLI as well. In the words of a wise man, Doh! 😉
@@carlcaulkett3050 ahhh, glad you solved it ;)
Where can one locate the VSCode extension that you're using to craft a Pod manifest? Love the video and I'll definitely give Podman a go.
Hi there, this is a very good video for me. Help me to understand a lot about docker and podman. But I am very curious about the screensaver on your Mac. Could you tell us how to get one of that?
thanks :) it's just "cmatrix" in the terminal
I currently use Podman for all my containers. However, I found one things which is a tremendours headache with Podman: It doesn't play nice with NFS mounts. NFS assumes UIDs are synced between server and client, and the whole subuid things totally flies in the face of that. I just said "screw that" and just mounted my storage using iSCSI... but that comes with a whole set of new problems 😂
Exactly the same reason why I'm still using docker.
so i should start learning podman as well?
I looked at podman last year... I was intrigued by the rootless/serverless running, but was stopped by the inability to use low-numbered ports. How do you set up a webserver or email server?
use high numbered ports
Port forwarding, a reverse proxy, or just running podman as root. You can also change system settings to allow non-root access to these ports (in sysctl, net.ipv4.ip_unprivileged_port_start)
I ran podman in my homelab and added the line in sysctl to allow podman to use low numbered ports. Works well!
there are two solutions to this problem, you run a firewall/gateway in front of it that exposes web and mail ports and proxies it to the app server
or you can run it in root mode, choice is yours :D
I made the swich like two years ago, start to use inmutable linux distros and they comes with Podmam by default, using distrobox also has been a game changer for me.
About the Portainer and Podman Desktop thinks, i really dont use any of them
Looking forward to a new series of Kubernetes video!!
Podman is backed by Red Hat, and it also is known to step away from Kubernetes standards. Rancher Desktop is light years ahead, they support containerd instead of docker to be in line with Kubernetes baseline, it based on k3s/k3d, and somehow I trust SUSE more. And yes, it can also be a drop in replacement, and not just by way of mimicking Docker but actually using Docker CE with k3d instead of containerd/k3s for these who just develop apps and don’t care about 1:1 matching environment to real Kubernetes. And it comes with Compose and other plugins, yes.
Hi, thanks for the video - what editor are you using to create the yml-file?
it looks like vscode to me, but most IDE's have some kind of yaml syntax highlighting
Vscode
Thanks ! And how did you enable the autocompletion when you type in your code is vscode ?
Good video as usual. 👌
Appreciate that
13:15 are you having earthquake? :) Good video btw, thank you. That pod k8s functionality is what really made me consider trying podman.
lol, no it's because the camera is mounted to the desk, which is not ideal :D
Think I'll stick with Docker for now but pretty interested especially given the integration of docker-compose types of container deployments. Think i'll spin up a test VM and give Podman a try. Also.. Docker Scout video, Please and thank you!
Podman-compose is dead. Podman is 100% compatible with docker-compose. Been using it for a while now. Where I work, 95% of our servers are running RHEL. And podman is running in production without any issues. Start by enabling the podman socket:
systemctl enable --now podman.socket
Then export the following variable to make docker-compose communicate with podman instead of docker(put the export command in .bashrc or whichever shell you're using):
export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock
and that's it. You can use your regular compose files as usual with the docker-compose command.
thanks that's good feedback! :)
I like that podman can use quadlets, those are files under /etc/containers/systemd/ that look similar to compose. After systemctl daemon-reload, it will create a system service you can start and will auto start on the next reboot. Podman could always generate system services, but this way it regenerated with the latest systemd version and not onetime.
awesome! didn't know that
yea these things are awesome. My homeserver is solely based on quadlets(now called podman systemd units).
Yes, Docker Scout for SBOM please !!
I love the video , I'm trying to use docker in freebsd but it is not officially supported and podman fits well for me can you please make a video on how to migrate docker container to podman it would be really helpful to actually consider giving it a shot.
Thank you! :)
I did the reverse, I was using podman for a year or so but really never got into the advanced features due to having to fight with SELinux and stuff like that to get various software running and it was rootful anyway.
I know docker is a little bit less secure, though is there really a difference when comparing both used in root mode?
At the end of the day, a docker installation is just easier to maintain when there is a much bigger community around it
interesting!
Can I just easily use the Nextcloud docker image with Podman?
sure
I switched from Docker to Orbstack, some grails tests (from the language groovy) running through a docker desktop it takes 3 minutes and running through orbstack it takes 1 minute
sounds also nice
I've been interested in the security benefits of podman for a little while now, but I'm a bit worried about potential issues when trying to use podman to run a reverse proxy since you often see issues when you don't open ports 80 and 443 for them. I'd be curious to see a successful implementation of traefik in podman
OpenShift would be quite cool to see featured in a video, in particular it's open source version called OKD
I think I still need some time to understand openshift, but it would be nice, yes :D
OpenShift is a beast to setup, although it's constantly getting easier. It has a much harder day 1 experience than its competitors, but the day 2 operations of actually getting things deployed is much easier.
for mac silicon user, I switched from Docker to Orbstack for better performance since it use rosetta instread on qemu
Docker has an option to use rosetta as well. You just need to enable it in the settings
I have one word. QUADLET. I've met the developer of Podman, and have attended a few of his seminars.
Running a buch of docker containers on my servers, diden't hear about Podman before, gling to try it out.
random question : what shell are you using , it looks fantastic !
I'm using ZSH on Warp terminal :)
I've been using podman for distrobox
A very interesting argument, I will look up to podman in the near future.
Another question: what terminal are you currently using?
It's warp terminal
Is there any portainer for podman
You don't need a special portainer. Existing portainer works with podman through the Docker-compatible socket.
I've been using Jenkins running under Docker for a few years with Dind such the build tools (Like Java and Maven) themselves run as Docker containers. I've started using the Kubernetes Jenkins plugin so that those same containerized build tools are now running as Kubernetes pods. Well the problem is that in order to support multi-arch container builds I'm using the Jenkins Docker Pipeline plugin and docker buildx to build the multi-arch images and that seems problematic for running under Kubernetes. So now I'm working on using a containerized install of Podman which I'll be able to invoke as a Jenkins Inbound Agent to be able to do my multi-arch container builds as Kubernetes pods. Once all that is accomplished I'll end up moving Jenkins from Docker to Kubernetes.
I wonder if podman can use the HyperKit or vz or whatever it's called on MacOS 13+ and perhaps Hyper-V on Windows? I currently am using colima on MacOS M1 Max (MacOS 14) and it works like a charm.
Also as a software engineer, I am always thrilled to try features if I need them - certainly not in a commercial project I develop for on my day-job, but certainly in private.
I might replace docker with podman on my custom NAS at home.
Podman supports native virtualization on Mac and Hyper-V on Windows. Will switch to default to Native Virt on Mac in Podman 5.0, currently it defaults to QEMU on Mac. 5.0 is due to be released end of February
I was going to switch to Podman, but then I was overtaken by a compatibility problem with the devcontainer in vscode, which is why the migration plans had to be postponed on my work PC. But among the newer solutions, I’m currently trying finch from AWS, which uses lima, nerdctl internally. I recommend you try it. Thank you for the video.
It all come down to user choose or they can try two way while working on their projects. It nice to expand some skills.
true
the biggest upside to podman desktop over docker desktop is it's currently fully opensource and free use both at home and commercially where as docker desktop is no longer free for commercial uses. Where I say currently opensourse about podman given redhats recent actions I wouldn't be surprised if they monetised podman desktop. On a server level though docker is still ahead of podman due to it's swarm mode to allow for scaleable and high available clustering if you didn't want to run a k8s cluster on prem that is (still working on my employer with that 😀).
I'm not so interested in being fully open source or the licensing, TBH :/ The technical bits and pieces are, what makes it interesting for me.
Does PodMan offer NVIDIA CUDA support via WSL2?
I am currently using Windows Docker Desktop via WSL2 to run multiple containers to execute CUDA applications (Whisper + Piper + Llama2)
No idea :/ haven't tested it
@@christianlempa GPU (CUDA) support is great on WSL, but difficult to setup.
Podman binary seems to be updated only for redhat distribution. Other distro the version is quite old. Latest version of podman is 4.9 as of today.
openSUSE stays on top with their package updates. The current version as of today is the latest Podman stable release 5.0.1
Tried podman a while ago, hated it so much i stopped after 40h. Bad documentation, not everything was supported, problems with setting multiple ports.
4:36 For me lack of proper support of compose files was the only reason which stopped me from using podman some time ago. I don't like imperative docker, i like to use compose files much more, even for simple apps. When i tried podman it still had some issues with some yaml sections about resources limits and so on (don't remember exactly) and also with .override files. But it was few years ago, maybe it's time to give it another chance
Security question about pod: why would I share the network ressources between my server and the db ????
When the server needs to connect to the db
Ive been using podman instead of docker for a while now and its served its purpose excellently. The only annoyance i have wkth it is i csn't just set containers to restart: always and have them come up on the boot of the host. I know i can generate systemd files to do this or use quadlet to make simpler syatemd files but both of those require extra setup whereas under docker I could simply set the restart parameter and the containers would start on boot
If you set the restart policy on containers to always, then they should start automatically on boot. You might need to enable the restart services though.
/usr/lib/systemd/system/podman-restart.service
/usr/lib/systemd/user/podman-restart.service
@@danielwalsh2363 interesting. I had searched for how to do this and the only thing that came up was generating systemd unit files for every container which I didn't really want to do. I didn't know there was a restart service. I will have a look at that, thank you!
AFAIK, docker is also using namespace separation, main vulnerability is misconfiguration or providing excessive privileges for the container. I suppose the same happens in podman as well.
One key difference is Podman defaults to rootless with SELinux enabled, Docker defaults to rootful with SELinux disabled.
@@danielwalsh2363 Thanks, will take a closer look at Podman.
We use Ubuntu at work and the only issue I have with podman right now is Ubuntu is stuck on Podman version 3.4.4.
Yeah, Ubuntu doesn't seem to be the best distro for running Podman, it's clearly the favorite in the RHEL space (because it's created by RHEL devs :D)
which terminal are you using?
Warp :)
Scout YES!❤
noted :D
1:47 In keeping with its mascot, PodMan has seal-eye tools. 🥁📀 (I'll show myself out.)
I still need Docker 😢. I tried podman then use some image of bitnami, then I have to change ownership but podman cannot resolve as Docker, I always get permission denied :”(
The kubernetes yaml is interesting, is docker desktop doing that?
no, it focuses on docker compose
Are all images 100% compatible between docker and podman?
Yes! All container images are part of the OCI standard
Interesting argument!
Little curiosity: were we can get that awesome Matrix animated wallpaper?
it's just "cmatrix" in the terminal :)
I don't understand why podman desktop isn't available as a webui like portainer
Podman is rhel product. Cockpit has full support for podman.
I personally use Rancher desktop which also supports Kubernetes.
looks interesting, also
Can you share your terminal config?
it's on in dotfiles on github
Nice video! Realy made me doubt now. Maby i'll run it beside docker te test fisrst,
Docker is stil a bit difficult
Especially bindmount propagation. Can you do a indept video about that?
What the heck is docker skout. sounds like a nice addition!
Again thanks for sharing :)
Thanks :) You should look at my docker course, it's gonna teach you everything! Hope to get part 3 out in the next 2 months
I need to know how you got that Matrix wallpaper
It's just a cmatrix in the terminal :)
I'm still getting first-hand experience with containers. I'd like to learn to be proficient with Podman more than Docker, but I haven't been able to find a single homelab project I'd want to do whose guide for deploying a container was written for Podman, lol.
Been using pod man in prod since 2020.
The company I work at recently dropped Docker because of the license issue and it’s been a pain in the ass. I’ll take a look at this
Cool, let me know how it goes
one thing I don't much like about your videos is that you always focus on GUIs which is good for local development but not really important for real environments and real work where CLI commands are mostly used, that said, thanks for the introduction about podman I will definitely try it and read more about it.
Really? I always aim to balance GUI with CLI
@@christianlempa IDK but the last 4 notifications I received from your channel were all about GUI, GUI for ansible, GUI for managing containers,.....etc which doesn't pick my interest because I never use GUI for those kins of tasks even om my local laptop, maybe that's just me maybe other people are liking that, just wanted to share my thoughts
@@bashardlaleh2110 thanks! I appreciate your feedback, and you're right. I think GUIs are always nice for beginners and Homelab people, that's why you see a lot of engagement on these videos. But don't worry, it won't become a beginner channel only, I still have some stuff coming up for CLI and terminal lovers :)
Good video.
Thanks!
I'll try if CasaOS makes a podman version. 😅