Running Podman in production for years now, and I don't miss the Docker daemon one bit.
-
@oldsysops not sure, I'll have to check that
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz another person of culture I see…/me tips hat
I’ve been operating with a mixture of quadlets and manual podman-compose containers for quite some time. I’ve found compatibility issues with some projects, but I decided those do not justify switching to docker. There’s also an annoying race condition with CNI coming up before networkmanager, but manual fix is easy enough for those times.
Great blog post! Thanks
-
@Larvitz another person of culture I see…/me tips hat
I’ve been operating with a mixture of quadlets and manual podman-compose containers for quite some time. I’ve found compatibility issues with some projects, but I decided those do not justify switching to docker. There’s also an annoying race condition with CNI coming up before networkmanager, but manual fix is easy enough for those times.
Great blog post! Thanks
@andrew That blog article took me the longest of them all. A first draft had been lingering in my blog's git repo since November last year, and I went through numerous rewrites of various parts until I found them good enough. Today, I added the final paragraph about Ansible and decided to publish it before I end up waiting another 6 months
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz Maybe you could add the hint, that automatic starting of rootless quadlets needs an user, where lingering is enabled.
It can be found at the examples.
https://docs.podman.io/en/latest/markdown/podman-system-service.1.html
```
loginctl enable-linger <USER>
``` -
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz I love podman too, but recently I’ve been wondering about running rootless containers that aren’t tied to a specific host user. I’ve posted this as a discussion topic here - thoughts? https://github.com/containers/podman/discussions/28445
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz Thanks for the article.
I never went beyond podman compose because I couldn't really find beginner-friendly examples on how to use Quadlets in production, so this is a great reference on how to get started. -
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz very good starter pack for podman! I'd say all the normal operations described well and then some. Only thing more I use is exec for various debugging things or fixing something in storage. But if this is for docker users, there is no difference.
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz Now I know what I'll be reading tomorrow!
I made the switch about two years ago and use Podman for embedded systems development. It's much easier than spinning up a VM and combined with VSCodium makes a nice IDE that allows remote debugging.
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz Interesting.
For me, the poor Compose support is one of the reasons I'm still sticking with Docker for development. Although, I think, the advantage of Compose files is simplicity (not having to commit to the whole systemd units system). -
@Larvitz I might be wrong but, don't you lose basically all advantages of Podman by doing so? Having to give up daemonless and rootless.
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz I have been planning tot migrate tot podman but life has many priorities
Will read -
@Larvitz Thank you. I might have to dig a bit further into this.
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz nice!
I am halfway with podman; still have compose files launched from systemd units that I write myself - they are all basically identical except the home directory setting
I deliberately use compose start only, not run. I do not want restarts to be messing about pulling new images when I dont expect it!
Is there an equivalent to quadlets for alternative init tools? I would not want to lock myself into systemd right now
seriousky looking at BSD. -
@Larvitz nice!
I am halfway with podman; still have compose files launched from systemd units that I write myself - they are all basically identical except the home directory setting
I deliberately use compose start only, not run. I do not want restarts to be messing about pulling new images when I dont expect it!
Is there an equivalent to quadlets for alternative init tools? I would not want to lock myself into systemd right now
seriousky looking at BSD.@Slash909uk I doin't know of any alternatives. Quadlets are transniently transformed into systemd units by a generator. That's all very systemd specific.
FreeBSD's Podman port ships with rc.d service scripts already. You enable them with:
sysrc podman_enable=YES
service podman start
sysrc podman_service_enable=YES
service podman_service startThen, containers started with --restart=always will be automatically restarted after a host reboot. Podman's internal restart logic handles this, with the podman service acting as the supervisor. This is the closest equivalent to what quadlets do on Linux.
-
@Slash909uk I doin't know of any alternatives. Quadlets are transniently transformed into systemd units by a generator. That's all very systemd specific.
FreeBSD's Podman port ships with rc.d service scripts already. You enable them with:
sysrc podman_enable=YES
service podman start
sysrc podman_service_enable=YES
service podman_service startThen, containers started with --restart=always will be automatically restarted after a host reboot. Podman's internal restart logic handles this, with the podman service acting as the supervisor. This is the closest equivalent to what quadlets do on Linux.
@Larvitz thanks, good to know there is BSD support already
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz Thanks for this great guide! I’m also a heavy user of
podman since years, and it's my number one solution for deploying services.I had a question about the pod-in-pod deployment of forgejo / traefik,
giving access to the docker.socket allows thoses pods to create pods, but then
it can create privileged pods which mount the root volume of the host, right?
Even with the NoNewPrivileges arg?Is there a way to control what a pod having access to the docker.socket can
create? -
@Larvitz thanks, good to know there is BSD support already
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz thanks. I never took the time to explore Podman, I think I will do it in close future thanks to your nice article
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz We are using podman for a year now as a local Docker replacement for developing distributed apps (.NET, Postgres, MSSQL, Kafka, etc.) on MacOS/Windows. The early quirks are gone, several months now without an issue.
-
@Larvitz We are using podman for a year now as a local Docker replacement for developing distributed apps (.NET, Postgres, MSSQL, Kafka, etc.) on MacOS/Windows. The early quirks are gone, several months now without an issue.
@svenhennessen awesome! I use it to run production workloads on my linux server (forgejo, Nextcloud, Keycloak etc.). Worked for the last 4 years without any issue.
