HN Distilled

Essential insights from Hacker News discussions

Using Podman, Compose and BuildKit

Original Article

Hacker News Discussion

Here's a summary of the themes expressed in the Hacker News discussion:

Podman vs. Docker Comparison and Adoption

A significant portion of the discussion revolves around comparing Podman and Docker, with many users expressing their experiences and preferences. There's a general consensus that Podman is a viable alternative to Docker, especially for users seeking a daemonless and often rootless experience. However, Docker still holds a strong position due to its maturity, ecosystem, and perceived ease of use for certain workflows.

  • "I have never used Podman, but I hear about it very often. I currently use Colima ... I have tried to find a good comparison between the two, but I find it hard to have a clear opinion on which one is best for me." (cyprien_g)
  • "I use Podman, I wanted a Docker-like experience on MacOS or Windows. I use it to provide services during development (PostgreSQL, etc.) and working on image builds. It works pretty well. :-)" (cmiles74)
  • "Colima is related but separate, Colima runs a Linux VM seamlessly in MacOS so you can interact with Docker as if it was running on your host OS. Podman will also need a VM (coz there is no native Docker on MacOS)." (rockyj)
  • "iTokio: Isn’t that limited to a single node? How would you configure a cluster? I’m trying to explore lightweight alternatives to kubernetes, such as docker swarm, but I think that the options are limited if you must support clusters with equivalent of pods and services at least." (iTokio)
  • "I was a huge fan of Podman, but I eventually gave up and use Docker Compose for local development. It's not worth fighting the system." (lukaslalinsky)
  • "I've mostly just stuck to Docker myself... that said, podman definitely has some curiousity from me, just haven't taken the time to learn." (tracker1)
  • "podman pissed me off when I tried it in it's early days. Is it better?" (leemelone)

Rootless Containerization

The ability to run containers rootless is a frequently discussed advantage of Podman, with users highlighting its ease of setup compared to Docker.

  • "But Docker can run rootless these days, right? Can anyone chime in with how well does this work?" (haolez)
  • "Actually setting up rootless Docker is pretty manual and kludgy. With Podman, rootless is pretty much effortless." (pxc)
  • "Wow. It seems really clunky indeed: [Docker rootless docs link]" (haolez)
  • "I use rootless podman in socket mode but use the docker CLI (just the CLI, no daemon or service or messing with iptables) as the frontend. Can recommend!" (sureglymop)

Podman's Ecosystem and Alternatives (Quadlets, Buildah)

There's a strong emphasis on Podman's ecosystem, particularly the move towards quadlet files as a replacement for docker-compose for systemd integration. buildah is also highlighted as a more flexible tool for image building.

  • "If you're not wedded to docker-compose, with podman you can instead use the podman kube support, which provides roughly docker-compose equivalent features using a subset of the Kubernetes pod deployment syntax." (jabl)
  • "Additionally, podman has nice systemd integration for such kube services, you just need to write a short systemd config snippet and then you can manage the kube service just like any other systemd service." (jabl)
  • "Recently (now that Deb13 is out with Podman 5) I have started transitioning to Podmans Quadlet files which have been quite smooth so far. As you say, its great to run things without all the overhead of kubernetes." (GCUMstlyHarmls)
  • "Docker has one of the most severe cases of not-invented-here. All solutions require a combination of a new DSL, a new protocol, a new encryption scheme, a new daemon, or any combination there-of. People are sleeping on using buildah directly; which OP alluded to with Bakah (but fell short of just using it directly)." (zamalek)
  • "Why? Because they didn't invent something new, and so the equivalent of a dockerfile in buildah is just a script in whatever scripting language you want (probably sh, though)." (zamalek)
  • "smjburton: This is an interesting find OP and could help people transition from Docker to Podman (especially if they're used to deploying with Docker-Compose). I think the better long-term approach though is to use systemd user units for deployment, or the more modern approach of using Podman Quadlets. There's a bit of a learning curve, but these approaches are more native to the Podman platform, and learning how systemd services work is a great skill to have." (smjburton)
  • "However, for single server deployments, where I don't need Kubernetes, I now exclusively use Quadlets to run apps and I couldn't be happier. It's a much nicer experience that using typical Docker/Podman setup. It feels integrated into the system." (lukaslalinsky)
  • "Podman compose is an attempt to court Docker users by porting over a bad idea. Instead of that, learn how to create "quadlets" and you'll never want to touch docker again." (bogwog)
  • "I use a special feature of Docker Buildx with a multistage Dockerfile build, with the SDK in the first part, and an empty container in the second part to copy the build artifact (like firmware.bin), like explained here: [Docker export docs]. Does Podman supports the same feature?" (zoobab)
  • "For what it's worth, podman has also a thin wrapper around docker compose (podman compose) which can also automatically select podman-compose." (figmert)

Platform-Specific Containerization (macOS, Windows, WSL2)

Users discuss achieving a Linux-like container experience on macOS and Windows, with tools like Colima, OrbStack, Podman Desktop, and WSL2 being mentioned.

  • "I have never used Podman, but I hear about it very often. I currently use Colima (https://github.com/abiosoft/colima) and I'm very satisfied with it." (cyprien_g)
  • "Colima runs a Linux VM seamlessly in MacOS so you can interact with Docker as if it was running on your host OS." (rockyj)
  • "Podman Desktop uses a VM on windows too.(WSL2)" (privatelypublic)
  • "I replaced my Docker usage entirely with OrbStack[1] a few months ago, and have had zero issues with it so far. Great product that I happily pay a license for." (mstade)
  • "orbstack is just a vm provider for docker on mac, colima offers the same features without a ui and is a great open replacement but as neither supports podman both are not really relevant to the podman discussion." (jFriedensreich)
  • "On Linux I'm using colima with docker compose and buildx and it seems to work ok for my limited cases. On Mac it works ok to, but there are networking cases that Colima on mac doesn't handle - so orbstack for there" (digikata)

Orchestration and Cluster Management (Lightweight Alternatives to Kubernetes)

The discussion touches on alternatives to full-blown Kubernetes for managing containerized services, with mentions of Docker Swarm, Nomad, and k3s, alongside Podman's ability to integrate with systemd for orchestration.

  • "How would you configure a cluster? I’m trying to explore lightweight alternatives to kubernetes, such as docker swarm, but I think that the options are limited if you must support clusters with equivalent of pods and services at least." (iTokio)
  • "In the off chance your search didn't expand to k3s, I can semi-recommend it." (gf000)
  • "K3s is light in terms of resources, but heavy in operational complexity, I’m not looking for a smaller version of kubernetes but for a simple way to run container backed services when you’re not google but a small company, something that has few moving parts but is very reliable and low maintenance." (iTokio)
  • "I've been back and forth on this for a long time, but I've just decided at this point that I either settle for podman or docker on a single host, or go to Talos / k3s / k8s. There's a lot of tools there, a lot of inertia, and eventually it's likely that I will need to solve the problems that k8s does. YMMV" (esseph)
  • "It that's what you want to do, just get something running... what's wrong with docker swarm?" (tracker1)
  • "HashiCorp Nomad is probably the only real alternative. It's what in using, and I like it better than the overcomplexity of k8s." (MrDrMcCoy)
  • "I've found you can get pretty far with a couple of fixed nodes and scaling vertically before bringing in k8s these days." (mands)

Compatibility and Maturity of Podman Features

Concerns are raised about feature parity between Podman and Docker, particularly regarding docker-compose compatibility and the stability of newer features like podman compose and quadlet integration.

  • "I encountered this exact issue (no buildkit with Podman) months ago. I gave up and used Docker desktop, but I'm glad you didn't. Well done!" (lloydjones)
  • "Last I tried using the .kube files I ran into issues with specifying container networks ([Podman issue link]). This is sort of "fixed" by using a Quadlet ".kube" but IMO that's a pretty weak solution and removes the "here's your compose file, run it" aspect." (GCUMstlyHarmls)
  • "The straw that broke the camels back was a bug in podman compose that funnily enough was fixed two hours ago[1]; if service1 has a depends_on on service2, bringing down service1 will unconditionally bring down service2, even if other services also depend on it." (heavensteeth)
  • "Another incompatibility with Docker I experienced was raised in 2020 and fixed a few months ago[2]; you couldn't pass URLs to build: to automatically pull and build images. The patch for this turned out to be a few lines long." (heavensteeth)
  • "I'm sure Podman will be great once all of these bugs are ironed out, but for me, it's not quite there yet." (heavensteeth)
  • "Can you use those quadlets inside a development project? I use docker-compose (with podman) just so i can work on a project that is completely self-contained. No copying files to ~/.config/systemd just run docker-compose to start and stop." (johnny22)
  • "Upstream seems content with that status quo. That's their prerogative, and I could build it myself, but it makes me concerned they don't really have multi-distro compatibility as a priority, which makes me hesitant to commit time to experimenting with it when Docker considers Ubuntu a first-class citizen." (rsyring)
  • "The problem is podman in the apt repos are very old. Last time I checked, Podman was on v5, where debian was on v2 something." (figmert)