I keep reading about podman, yet it doesm’t FEEL as mature to me as docker for a normal user like me. What’s your opinion? Did you already switch or do you keep waiting for … for what? When will you switch?

Podman is CLI and API compatible with Docker (except where differences in implementation doesn’t allow it)

Running Podman as root is 99.9% the same as running Docker.

I have been running my homelab with Podman for several years and it is absolutely mature enough for a regular user.

Also, the docs are really good.

deleted by creator

litmus1931
link
fedilink
11Y

You shouldn’t need root to bind to privileged ports. I use k8s but I assume you can set sys capabilities for containers in a similar way I do for pods.

@vegetaaaaaaa@lemmy.world
link
fedilink
English
6
edit-2
1Y

You technically can bind ports <1024 to unprivileged containers. echo 'net.ipv4.ip_unprivileged_port_start=0' | sudo tee /etc/sysctl.d/50-unprivileged-ports.conf; sudo sysctl --system. Though this will allow any user to bind ports below 1024, so it’s not very clean.

Another workaround is to redirect port 80 to 8080 (or other) through iptables and have your proxy listen on this port. sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080. Same thing for 443.

As far as I know granting the CAP_NET_BIND_SERVICE capability to /usr/bin/podman does not work.

Also podman-compose implementation is still incomplete, and I prefer using systemd units to start and manage containers. Check man podman-generate-systemd

@worldofgeese@lemmy.world
link
fedilink
English
1
edit-2
1Y

For what it’s worth, I just wrote up a compose.yaml file as I’d write it for Docker Compose and it just worked. See the bottom of my comment on this GitHub issue for an example. I think the team’s intention is for it to transparently support whatever you’d write for a standard Compose file but of course we don’t have things like the brand new Docker watch. They do point to the Compose spec in the Podman Compose README. Bind mounts are good enough for me, thus far.

@CapillaryUpgrade@lemmy.sdf.org
link
fedilink
English
1
edit-2
1Y

I only tried running rootless when i set them up several years ago and i was completely green, so it was probably me who was the problem.

Regarding podman-compose, Fedora repos has a a package that aliases podman -> docker and the regular docker-compose package, which i used before migrating to podman+systemd. It worked flawlessly unless i did networking shenanigans because Podman and Docker differs (/differed?) in so some thing simply couldn’t be brought over.

Edit: i found the docker-compose and Podman alias thingies in a Fedora Magazine post.

However, unless you use docker-compose a lot for other stuff, learning to use Podmans systemd integration (also called quadlet) is very much worth it. They’re just a really powerful combo and systemd has a ton of nice features for making stuff run and keep running.

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 127 users / day
  • 422 users / week
  • 1.16K users / month
  • 3.85K users / 6 months
  • 1 subscriber
  • 3.68K Posts
  • 74.2K Comments
  • Modlog