I Tried Podman. It's Cool, But I Won't Switch From Docker (For Now)
Podman sounds pretty rad if you're into containers. As a heavy user of Docker, I was curious about Podman when I heard it's a completely Open Source alternative. Yes, Docker can be used completely free and from what I understand, has Open Source components. I just liked the idea of an alternative that sticks to a completely Open-Source model. In addition, Podman is "rootless" by default, making it a superior option security minded people. I dig it, so I thought I'd give it a shot. However, I ran into some roadblocks which prevent me from leaving Docker.
Let me be completely straight- this isn't a tutorial, so I'm not going to ramble on about the little things. Instead, let me get to my findings: Podman adds some significant changes to my normal container workflow which I don't love. I'm a heavy user of Docker Compose, and I have a very fast and specific workflow for deploying new containers. Each container has a single Docker Compose file, often named compose.yml, which is all I need to think about. Say I needed to deploy a new Ghost instance (the platform this blog is based on). It'd be trivial to do. First, I'd make a directory for it, say, ghost_2 or something. Then I'd cd into the directory and make a new compose.yml within that folder. Most of the time, I'll just copy the compose.yml from the github of the project, adjusting ports as required and making bind mounts (often ./data or something). Easy. Then it's as easy as running docker compose up -d. Easy. Bam. Container online. Access container on localhost:port and GG.
Yes, Podman can be made to work with Docker Compose. However- because it's "Daemon-less" I found that Podman has no clue what containers need to be started on boot. So this means I'd need to configure it somehow to work similarly to how it'd work with Docker. The funny part is, many guides online will have you fix this at the compromise of being rootless, which is one of the things we are trying to preserve. Yes, you can do it, but why are there so many hoops? Supposedly, I can make some systemd service run which can handle my compose stuff. OK, but I struggled to figure out how to do this.
If you read further on Podman, you'll see lots of people recommending getting off of Docker Compose anyway, and just using what they call Quadlets. Quadlets sound cool enough- you basically make each docker compose file into a Quadlet, and you can use a tool to convert the compose files into Quadlets. OK cool, but that's a lot of work for each container, and will it work every time? Not sure. Quadlets is a whole new way of thinking about my "container stacks", and I'm not quite ready to redo my workflow for the benefits of Podman.
This doesn't mean I don't respect Podman or what it's trying to do. If Docker decided to suddenly turn "evil" and fall prey to "enshittification" than yes, I'll gladly migrate to Podman. However, I don't see a specific need at this time to flip the table on Docker just yet. It may not be rootless, but it's still very safe provided you know what you're doing. For my self-hosted stuff, Docker remains completely fine. I do hope Podman receives further development and love. Maybe I'll slowly migrate a few things over to it to see how it feels, but I can't completely ditch my Docker setup unless I can completely drop-in replace my Docker Compose setup.
Still, Podman is awesome. If I could start from scratch or had a small amount of containers, the effort to adopt the Podman way of doing things would be small enough to be worth it. Having over 100 containers managed via Docker Compose makes it a little intense for me at this time.