Our great sponsors
-
-
nerdctl
contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
mariadb-podman-socket-activation
Demo of a templated systemd user service that runs rootless Podman and starts MariaDB with socket activation
-
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
-
-
-
I found getting started with Podman on Windows is utterly confusing:
1) Podman has two documentation entry points (https://docs.podman.io and https://podman.io/getting-started/) because... ? It is confusing to the user at first. It makes more sense to have everything in one place.
2) Podman does not _actually_ offer binary releases (but claims to do so here: https://podman.io/getting-started/installation#windows and https://github.com/containers/podman/blob/main/docs/tutorial...) because... ? They want me to compile it myself?
3) The Windows installation tutorial links to another article (https://www.redhat.com/sysadmin/podman-windows-wsl2) that is, by today's measurements, _very_ old, because... ? I cannot imagine that things have not changed since then, I refuse to believe it :D
From what I understand, Podman will become an _actually_ easy to use and viable solution to Docker for Desktop once Podman 4.1 has been released, and we have host volume mount support, which is a must-have feature for development.
How is it compared to nerdctl[0] (another docker compatible cli)?
Support for socket activation
Podman will pass on the socket-activated socket to the container.
I wrote a small example demo for setting up socket activation with systemd, Podman, and a MariaDB container:
https://github.com/eriksjolund/mariadb-podman-socket-activat...
Support for socket activation
Podman will pass on the socket-activated socket to the container.
I wrote a small example demo for setting up socket activation with systemd, Podman, and a MariaDB container:
https://github.com/eriksjolund/mariadb-podman-socket-activat...
`docker-compose` is different from `docker compose` (with a space in between words).
The former will be replaced by the latter in the long run.
https://github.com/docker/compose-cli/issues/901#issuecommen...
docker supports some volume mounts while building, it's part of the buildkit backend and is used for mounting secrets during builds. It is very poorly documented and hidden behind the buildkit buildx command. Check out the RUN --moount= section here: https://github.com/moby/buildkit/blob/master/frontend/docker...
Kubernetes requires a tool which implements the Container Runtime Interface, a standardized API for starting & managing containers. This is from 2015-2016[1].
For a while Kubernetes has included something called the "dockershim", it's own implementation of a CRI interface that, under the hood, calls Docker or Podman. There's also tools like kind[2] ("kubernetes in docker") that go further- not just hosting Kubernetes worker containers in Docker, but hosting the main kubernetes daemons also in Docker.
Kubernetes deprecated Dockershim, formally in December 2020, but is just throwing the switch now in the upcoming 1.24, expected mid-April[3]. A company Mirantis has pledged to take over support of Dockershim[4], and is calling the new effort "cri-dockerd"[5]. This should allow Kubernetes workers to continue to run via Docker or Podman.
Kind is unaffected, since it runs the main Kubernetes controllers in Docker, which then launch their own opencontainerd (one off the main CRI implementations) inside that Docker container, nested like, so no dockership/cri-dockerd is needed).
[1] https://kubernetes.io/blog/2016/12/container-runtime-interfa...
[3] https://kubernetes.io/blog/2022/01/07/kubernetes-is-moving-o...
[4] https://www.mirantis.com/blog/mirantis-to-take-over-support-...
Kubernetes requires a tool which implements the Container Runtime Interface, a standardized API for starting & managing containers. This is from 2015-2016[1].
For a while Kubernetes has included something called the "dockershim", it's own implementation of a CRI interface that, under the hood, calls Docker or Podman. There's also tools like kind[2] ("kubernetes in docker") that go further- not just hosting Kubernetes worker containers in Docker, but hosting the main kubernetes daemons also in Docker.
Kubernetes deprecated Dockershim, formally in December 2020, but is just throwing the switch now in the upcoming 1.24, expected mid-April[3]. A company Mirantis has pledged to take over support of Dockershim[4], and is calling the new effort "cri-dockerd"[5]. This should allow Kubernetes workers to continue to run via Docker or Podman.
Kind is unaffected, since it runs the main Kubernetes controllers in Docker, which then launch their own opencontainerd (one off the main CRI implementations) inside that Docker container, nested like, so no dockership/cri-dockerd is needed).
[1] https://kubernetes.io/blog/2016/12/container-runtime-interfa...
[3] https://kubernetes.io/blog/2022/01/07/kubernetes-is-moving-o...
[4] https://www.mirantis.com/blog/mirantis-to-take-over-support-...
I really like Podman, and I'm happy to see this new release. This little nugget about non-released features makes me most excited though:
> More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.
IIUC that's the last major missing feature in Podman that would allow Podman Desktop Companion [1] to replace Docker Desktop on Windows/Mac for most use cases - if it works well. It'd be great to replace that nagging-for-updates and nagging-for-subscriptions with a completely open source replacement tool. (I'm sympathetic to the Docker team in need of a revenue source, but I'm happy OCI containers can move on beyond significant vendor lock-in).
> See, and in almost all of my use-cases, I really do. I do HPC computing, which is almost always a multi-tenant environment.
Maybe you need firecracker with something along the lines of https://github.com/combust-labs/firebuild?
> No reason something like the compose syntax (or similar) couldn't be a common, shared front-end to all container solutions
Hopefully it will, since the docker-compose spec is being formalized: https://github.com/compose-spec/compose-spec
Thanks! It seems that netavark uses macvlan to avoid creating bridge devices. Although it can also use bridges, and it seems that Docker is adding macvlan support too: https://github.com/moby/libnetwork/blob/master/docs/macvlan....
Related posts
- Podman Desktop v1.5 with Compose onboarding and enhanced Kubernetes pod data
- An Overview of Kubernetes Security Projects at KubeCon Europe 2023
- Podman Desktop: A Free OSS Alternative to Docker Desktop
- Checklist for Kubernetes-Based Development
- Is it possible that k8s updates image version on pod relaunch?