Podman in Linux

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarQube - Static code analysis for 29 languages.
  • OPS - Build and Run Open Source Unikernels
  • podman

    Podman: A tool for managing OCI containers and pods.

    > root-less nature of podman

    I see this repeated a lot, but it's not the default, its has to be explicitly configured: https://github.com/containers/podman/blob/v3.3.1/docs/tutori...

    And in addition to the known upsides, there are some lesser known downsides:

    1. There are feature limitations with it: https://github.com/containers/podman/blob/v3.3.1/rootless.md

    2. There are security implications, quoting Arch Wiki:

    > Warning: Rootless Podman relies on the unprivileged user namespace usage (CONFIG_USER_NS_UNPRIVILEGED) which has some serious security implications, see Security#Sandboxing applications for details.

    Also worth noting that Docker itself has a rootless mode as well by now: https://docs.docker.com/engine/security/rootless/

    I'm happy that there are Docker alternatives, but I have the feeling that podman has been hyped a lot recently and many articles and comments give the impression that it's more secure by default and without any downsides.

  • podman-macos

    📦 Podman frontend for macOS

    Good to know about the GUI!

    > ETA: Oh hey here it is: https://github.com/heyvito/podman-macos

    This GUI isn't an official Podman application. It's a third party. Not that it's bad or anything, it's just not official.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • Moby

    Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

    I love podman. When you write a file to a volume from a container, the user that spawned the container is the owner. This is exactly what you expect, but with Docker, everything is written as root. After many years, this has not been fixed in docker:

    https://github.com/moby/moby/issues/2259

    This has made it impossible to use docker in scripts where root access is not available. Thank you podman!

  • podman-compose

    a script to run docker-compose.yml using podman

    > For everything else...

    Except for:

      - Docker Compose (because podman-compose has a large amount of open issues https://github.com/containers/podman-compose/issues)

  • Nomad

    Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.

    That does seem better! Of course, there are a few lingering issues with support, but overall the trend is good: https://github.com/containers/podman/issues?q=is%3Aissue+is%...

    Of course, there's no Swarm support, as evidenced by that very article:

    > Caveats

    > One known caveat is that Podman has not and will not implement the Swarm function. Therefore, if your Docker Compose instance uses Swarm, it will not work with Podman.

    Feels like people will either be pigeonholed into Kubernetes for all of their deployments, or will have to migrate over to something like Hashicorp Nomad: https://www.nomadproject.io/

    Curiously, it also supports Podman as a task driver: https://www.nomadproject.io/docs/drivers/podman

  • zfs

    OpenZFS on Linux and FreeBSD

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts