Our great sponsors
-
> root-less nature of podman
I see this repeated a lot, but it's not the default, its has to be explicitly configured: https://github.com/containers/podman/blob/v3.3.1/docs/tutori...
And in addition to the known upsides, there are some lesser known downsides:
1. There are feature limitations with it: https://github.com/containers/podman/blob/v3.3.1/rootless.md
2. There are security implications, quoting Arch Wiki:
> Warning: Rootless Podman relies on the unprivileged user namespace usage (CONFIG_USER_NS_UNPRIVILEGED) which has some serious security implications, see Security#Sandboxing applications for details.
Also worth noting that Docker itself has a rootless mode as well by now: https://docs.docker.com/engine/security/rootless/
I'm happy that there are Docker alternatives, but I have the feeling that podman has been hyped a lot recently and many articles and comments give the impression that it's more secure by default and without any downsides.
-
Good to know about the GUI!
> ETA: Oh hey here it is: https://github.com/heyvito/podman-macos
This GUI isn't an official Podman application. It's a third party. Not that it's bad or anything, it's just not official.
-
Scout APM
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
-
Moby
Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
I love podman. When you write a file to a volume from a container, the user that spawned the container is the owner. This is exactly what you expect, but with Docker, everything is written as root. After many years, this has not been fixed in docker:
https://github.com/moby/moby/issues/2259
This has made it impossible to use docker in scripts where root access is not available. Thank you podman!
-
> For everything else...
Except for:
- Docker Compose (because podman-compose has a large amount of open issues https://github.com/containers/podman-compose/issues) -
Nomad
Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.
That does seem better! Of course, there are a few lingering issues with support, but overall the trend is good: https://github.com/containers/podman/issues?q=is%3Aissue+is%...
Of course, there's no Swarm support, as evidenced by that very article:
> Caveats
> One known caveat is that Podman has not and will not implement the Swarm function. Therefore, if your Docker Compose instance uses Swarm, it will not work with Podman.
Feels like people will either be pigeonholed into Kubernetes for all of their deployments, or will have to migrate over to something like Hashicorp Nomad: https://www.nomadproject.io/
Curiously, it also supports Podman as a task driver: https://www.nomadproject.io/docs/drivers/podman
-
Related posts
- What you gonna add to your selfhost stack this year?
- Docker Desktop will require a paid monthly subscription per userfor enterprises over 250 employees from Jan 31 2022
- Does davinci work well On Linux?
- Why do I need 'exit 1' in shell form?
- Jeeves - a Docker-based development-only dependency manager for Windows, Linux, and macOS