I’d wager it’s mainly just that deployment is mildly more annoying and requires more disparate steps.
Especially if you want to go rootless (and you should).
For someone that isn’t “Linux first” (like a baby developer learning to containerize their apps), the idea of dealing with systemd unit files or kublet configs, and having to created dedicated local service accounts (and remembering to enable linger) is somewhat intimidating when compared to just installing docker, whipping up a docker compose file and pressing “start”.
I understand why they’ve taken this approach but it’s pretty clunky and a bit unfriendly.
> the idea of dealing with systemd unit files or kublet configs, and having to created dedicated local service accounts
Podman does not require systemd (thank God). I use a simple podman compose up/down in a user systemd file to automatically bring my containers up at boot, but other mechanisms are possible, like quadlets and init scripts.
Quadlets are awesome and honestly I think one of the best additive things that podman has on top of the regular docker toolset.
I use podman regularly, and despite it being a good drop-in replacement like 95% of the time, the 5% of the time where it isn't seamless are super painful. For example, skaffold (https://skaffold.dev/) pukes all over itself when you try to run podman as a drop in replacement. I'm sure there are plenty of other examples, but that one stops me from using podman at work in addition to in my personal projects.
Well, but that's kinda the point, isn't it? You know that other mechanisms are possible, but you opted out for a user systemd file. I know that too, and I also just use systemd for that. Because the alternative doesn't look much easier. I guess it makes sense that they try to discourage it now, because for serious deployment it isn't the best option. But when I install Podman on my laptop, I really wish the systemd configs would be added automatically without me even knowing.
I mean, really, if we keep in mind that formally these are 2 totally unrelated projects, it's hard to complain. Yes, it's almost seamless. But since when installing Podman everyone thinks roughly "I am installing a newer better Docker version", and we all already have a few dozens of custom Docker containers running, it's hard no to wish it was even more seamless and backwards-compatible. I remember the transition process wasn't nearly as smooth as I hoped, and every small glitch is kinda stressful, because you know that currently all of it "somehow works", and if something breaks you probably won't even notice right away.
Linux. It’s not the installation of podman that can be fiddly. It’s the setting up systemd unit files and local user accounts for rootless / daemonless deployment of containerized apps that can be a headache.
It might not be the popular way here in HN but nowadays I just ask llm to create required configuration files and everything is so easy. Of course you need to review them but tbh no more headaches at least with config files.
You could quite simply have a systemd file that calls podman compose up when the service starts and podman compose down when it stops. Basically the same systemd file for every container stack defined in a single compose.yml. It's extremely easy, and does not do stuff behind your back like Docker (such as silently altering iptables rules).
Last time I checked podman compose was only a superficial docker compose equivalent. Also stuff like inotify seems to randomly break a lot on the podman side.
I'd love to be able to recommend people use podman but not having a good docker compose compatibility and missing inotify on volumes makes the DX just too problematic.
I think a stronger brand name. Also on macOS I found Docker Desktop to be more straightforward. Also lately it has been very error prone. Randomly failing at mounting files, or cleaning up networking rules, or suddenly becoming bog slow so I have to restart the VM.
Podman on macOS feels miles less refined. Orbstack is a way better choice.
I only use podman on Linux and there it is blazing fast. Even so, most features seem to be geared to be able to replace kubernetes in combination with systemd. And then something simple as docker compose support is flaky and it’s TUI/ux lags behind the original.
I gave up on Podman for some minor reasons: one was that they decided to deviate from Docker and handle SELinux differently, which required effort to change the SELinux security labels on a stock Centos system. That made it a no go.
The other issue is minor differences from Docker, but small enough that a packaged up Docker compose doesn’t work out of the box. It’s not a good use of my time to debug that when I could just switch to Docker, have it work, and get on with my day.
Can you elaborate on SELinux? It affected me too but I just had to add :Z to my mount argument. Curious about whether there's further impact I'm unaware of.
This is my biggest gripe. If you're using docker-compose.yml on a team that mostly uses docker, you can't use use that same docker-compose.yml with rootless podman. Any volume mounts that need to be writable (like the app, or databases) need to have `:X` or `:x` as a suffix, or podman won't set the SELinux label correctly to make it writable. But if you add those, docker blows up because it doesn't understand them.
There were other problems although it’s been a few years so I’ve forgotten them. I think the container I had trouble with Ory Kratos. We did eventually get it to work but had to change the sample docker deployment a fair bit.
macOS had a seperate set of problems. I ended up just going with buildx and Colima on macOS. (We don’t use Docker Desktop.)
Long term I’d like to try to switch to podman again, but it needs to have a “be 100% compatible with Docker” mode as opposed to this:
One advantage of Docker is reliable host-to-container file change notifications, allowing tools like Vite inside the container to detect changes. Podman and many alternatives don’t handle this well for our web development on macOS.
Not even Tart or Apple Container support it, as far as I know. Maybe someone has found a way.
> don’t handle this well for our web development on macOS
In general this seems to be a common complaint here. If you're developing with cloud runners or on linux infra you won't run into this, but on macOS for local development it is impactful.
I went all in on podman compose last year but went all back because off constant permission errors. I thought it was going to be better than docker because I run the containers as a user… but man the amount of time I wasted on files that either I or the container itself or some other container couldn’t read… With docker I felt that stuff just works.
And then there are the extra steps: Enable user lingering, make a systemd service that starts the compose containers (and there is nothing really “native”, it’s a script.) With Docker compose containers just restart if you say so in the file.
There are many great things about podman, will try again in a year or so perhaps?
Just today, I tried to run docker compose on a remote host via podman-docker on Fedora (Asahi). I ran into all sorts of buildx issues, and the easiest fix for me was to remove podman and install docker instead.
I tried working through it with Claude, but after a few failed attempts I gave up. I'd like to use podman, but the docker compose + buildx compatibility gaps made it more trouble than it was worth for now. I'm definitely going to try it again.
If you want podman equivalents, you can either use pods of multi containers are the need, or if multi arch builds are the main buildx need, OCI manifests work.
Fedora and selinux may be a thing to look into if you were trying to share volumes.
I am posting this from a park on my phone, so this may be slightly wrong, but this is the multiarch case that seems to be harder to find for many people.
In many places it doesn't matter, because cheap companies don't want to even hear about Docker, so one gets to choose between podman, rancher, and if on Windows wslc is going to be a thing.
Docker (the company) lost the plot in Linux containers, OCI got standardized, alternative runtimes came to be, and very few companies actually care to pay for Docker Desktop or the other services they sell.
I know, but companies legal or IT department make it easier, no docker of any kind being installed from https://www.docker.com.
Microsoft also is finally adding their own docker cli (wslc), due to having had enough pressure that many companies don't want to instal third party tools for Linux/Windows containers, even if API is compatible with docker daemon.
Apple is doing a similar approach on top of their virtualisation framework.
Last time I evaluated podman, Ubuntu was second class citizen. Rootless was non trivial and required additional setup. Documentation also suck.
Docker is something we all already hate, milion edge cases and forever bugs but at least well documented and understood. Podman claim to be drop-in replacement does it mean it carry docker shitness? Examples: ufw punch through, env file handling, volumes, etc
Last time I tried rootless podman was about 6 months ago and it was a total mess. I was trying to use it to run a container as me (user 1000) and mount a directory from my home (owned by user 1000) and it drove me and Claude around the bend. It's not a podman vs docker thing per se, just rootless being a total pain. However I just enabled the docker service, ran the same command on docker and it worked. I think I just left docker running after that. I realised that on my home setup I don't care enough to fight with it. Sometimes you just want to do the thing you want to do and not turn it into a 4 hour learning session about some side shit.
Had similar issues with podman on a Steam Deck of mine that I use as a little home server - eventually got a configuration working fine but was a real pain.
With recent advances in both systemd and podman a lot of this is basically a non-issue.
Documentation has also gotten better.
For tools that require docker to work, like testcontainers and tilt, I've found some annoyances using podman, but ultimately I've been able to work around them.
For everything else, it's pretty much a drop in replacement.
One of the key design principles of podman was rootless operation; they were so disgusted by Docker being a daemon they decided to do a full open source implementation. I've never had an issue with it running without root.
I've never interacted with anyone that knew them by another name. It's always (docker) container, where they may leave out the docker term, but if questioed what kind of container they mean theyll say it.
And the times I've called them OCI container (or image when talking about those) nobody knew what I meant until I clarified to docker
Isn't Docker is basically a front end to containerd, the most common k8s container runtime? One could just as well ask why use a completely separate container stack just for local development when docker shares the same business end as the prod environment.
I mean, one answer is that docker configuration on your local dev machine can go one of two ways:
1. You have to use `sudo` for every `docker ...` command; or
2. You add your user to the `docker` group and now anything that can run as your user can use docker to read or write any file on your system, making docker into the best local privilege escalation option out there.
I ran into an issue I couldn't figure out how to solve with podman. Some of the testcontainers my test suites would run wouldn't start in time causing tests to fail locally. Switching back to docker desktop solved the problem.
For the company I work at, it’s primarily inertia. We started using containers with Docker. And then it just continued. We are two out of 20+ developers who would like to use Podman, but the rest is just ”eh, why bother?”. And I don’t fully fault them for holding that position, Docker generally works. Why switch to something which may or may not provide some benefit (most which will be indirect such as better security and setup)? I still continue to mention Podman regularly though …
Most people simply do not care. They just want a Dockerfile to become an image, and they want to run that image. I use both... rootless podman is nice. Although the promise of ez systemd integration is a bit... oversold. I use it with systemd however with my own hand-crafted unit files. Pretty good combo.
I mean for local dev I like that I can just press one button and have Kubernetes available. Podman Desktop had something approaching that simplicity but I have found Docker Desktop more stable in my limited experience with it.
I used rancher + podman on Windows. Mainly Rancher. The last 8 months I use exclusively Podman + Podman Desktop. Rancher has a slightly better desktop app and can manage podman.
After Docker Desktop randomly started consuming insane amounts of memory again we switched to Podman and it was literally as easy as installing it and pointing it at our docker-compose.yml.
Zero changes needed and now I don’t need to keep a daemon running.
It's been a couple months so I forget what problems I ran into, but Docker's AI bullshit pushed me over the edge and I tried switching to Podman. I ran into some compatibility issues. Alas I don't recall the details.
So I tried Rancher Desktop and other than I keep forgetting its name it just worked.
I really love Quadlet. I used to host my rootless containers on Hetzner, Ansible, SystemD and RockyLinux for years without any issues and extracted it to template repo [1].
If any Podman engineers are here: does the new /libpod/local/artifacts/add endpoint let me ingest individual layers? I have an alternative pull client that's currently a little hamstrung on Podman compared to docker+containerd, due to having to convert the entire image to tarball to ingest rather than only new layers.
Cool, been running my home server on podman + quadlets for about two years now and picked up a couple of things in the release notes
podman quadlet list
Added in v5.6.0, lists quadlets and their containers
podman system migrate --migrate-db
Flag added in v5.8.0. I remember seeing the bolt db deprecation warnings in the past but there was no tool to do the migration to sqlite, now there is (or just upgrade to podman 6.0.0 and it will do it automatically)
We moved from docker to podman about 15 months ago, and I'm never going back. I (personally) love the quadlet (read: systemd) integration, that makes it so much easier to monitor a set of running services, be they regular systemd services or containers. Running rootless is as straightforward as it gets and on top of it, podman is blazingly fast. I, personally, don't miss docker compose all that much, but I understand if the lack of docker compose is a showstopper for others. I've never tried podman's compose plugin.
I switched from a giant docker compose file to podman quadlets on my homelab. IIRC it look me a little while to translate the first couple of services because there wasn't (at the time, at least) as much documentation/examples of quadlets as compose files, but after that it was a piece of cake. I highly recommend them.
The only issue I have is validation, there isn't a convenient built-in command to validate quadlet files and systemd doesn't warn you if any fail to generate. You either have to do a --dry-run first (and probably alias the full command to something reasonable) or check the journal for errors.
Swapped a few years back (pre 5.0), haven't looked back. For compose files I'd look into using quadlets.
For quick conversions you can use compose files directly with podman-compose or docker compose pointed at the podman socket[0].
There's also podlet[1] which converts compose files into native quadlets. It does a pretty good job of taking care of everything for you and for a lot of simple to medium complexity compose files it will Just Work. There's talk of making it into a library of some kind so other tools can transparently convert compose files to quadlets so hopefully we'll see more stuff like it.
Otherwise, writing your own Quadlet files isn't too hard if you're at all familiar with systemd unit files. Most `docker run` or `podman run` arguments have direct quadlet conversions so once you get used to the INI format versus yaml it's pretty easy to see a compose file and churn out the equivalent quadlet(s).
I have switched on production and QA servers. I used AI tools to help with the migration. Easy peasy. On the desktop, I am still using docker. Old habits die hard. Eventually I plan to switch on the desktop as well.
I've been coding solutions against each. I'm currently having issues extracting progress from the current Podman on my TUI build pane, but now switching versions to see if it addresses it and continue working the issue.
I have zero issues with it doing the builds I need. Works same same as Docker from what I can tell.
I took Docker completely off my Macbook which has a tiny drive in it. Hardly ever use it, except for testing. Podman is super lightweight and using a project I'm developing, launches containers with dev agents in it, just the same as Windows running Docker.
I switched everything over to rootless podman a year or two back. Some containers ended up with permissions issues when trying to read their old data - caused by being run with a different UID. This was really the only problem I ran into, but I would have had the same issue switching from rootful docker to rootless docker.
I set up my stuff as all Podman when I moved from a VPS to my home server and it's been pretty simple. I didn't use any of the compose functionality because I have a single DBMS of each type and just have multiple DBs on them etc. and I use podman through the systemd quadlet system. Honestly, it's been pretty flawless.
I have the feeling the docker company is communicating a lot with Apple because virtualisation got better and better over the years. I wonder if podman would be a speed downgrade here?
I switched a few years back and use Quadlets instead of compose now. Converting compose files to Quadlets is pretty mechanical once you get the hang of it.
Highly recommend Podman overall; there are some quirky edge cases, but for the most part it’s a smooth replacement for Docker.
If you don’t want to give up compose entirely, podman-compose exists. I just prefer Quadlets so I haven’t used it much myself.
Do you have a good canonical source on this conversion? I’ve tried the conversion tools that came out around the release of podman v4 and again with v5. But somehow the files being generated contained deprecated features which pointed me to use different commands which led me to yet again different structures which when executed in systemd brought me back to what I originally had. I never got it to work fully.
In our shop, I wasn't one of those who knew Docker in and out, got just enough into it I could containerise applications we needed to have containerised, which was of a modest scope -- no crazy networking setup that required bleeding edge or anything like that. Anyway, after only a few months into Docker, organisation announced migration to Podman across the board. Initial impressions were soured by, ironically, poor out-of-the-box installation experience _on Red Hat Enterprise Linux_ (which we run everywhere where Linux is used) -- getting `podman` to do much of anything useful in the "rootless" mode matched the typical anecdotal evidence requiring a bunch of incancations you may or may not understand fully, as RHEL itself wasn't ready for the package, apparently. That was in 2024 though, and it rapidly got better after that. These days I have all but forgotten we used to use `docker` but use `podman` instead, but then again I have had to learn plenty enough about at least the latter -- enough I am able to navigate problems better than earlier (what with UID/GID mapping, for example -- which too had to be done manually occasionally when we first transitioned).
There is however, the LLMs that pull their fair share of documentation, or rather, replacing it. Not opening that can of worms here, but heck am I glad I can query `$AI` about occasional Podman "burst pipe", instead of hitting Google and looking for [that one e-mail message from a guy who had exactly the same issue, solved it _and_ had the wherewithal to post the solution](https://xkcd.com/979/).
We never got into use of `docker compose`, not in any capacity to speak of, and these days we use Kubernetes and OKD/Openshift for things that Docker -- in my understanding -- solves with swarm and composition. It works well enough, I almost don't find it worthwhile to mention that it does :)
Yes. 99% of things just worked, zero modifications.
The few cases where something was not directly translatable was <10 minutes with a coding agent to make some minor config changes, and then it just worked.
I can imagine that but I don't have those issues with the default config. So it allows using docker compose with podman directly.
On the other hand I could see it being hard for people to only install the cli part of docker. Luckily on arch that was simple due to how it's packaged.
What I have observed through my limited experience, primarily testing docker-based development env setups in podman, is that it's usually not a straight swap.
I switched from Docker to rootless Podman for our build server. Completely positive experience so far. Our builds went _down_ from 1 minute to 2 seconds.
I'm also using podman-compose that is small and delightful (I had to fix a few bugs there). It's just one Python file that you can copy.
I like Podman, but what's up with that grey text colour? It looks ugly and the contrast of 4.96:1 makes it hard to read (does not reach WCAG AAA level).
One thing I don't like about Podman is that it pretends to be docker-compatible while having some minor differences that will come to bite you. And users of your docker-based project who try to run it on Podman will come to you and complain.
I've found most of the differences to come not from the socket API, or the logical behavior, or CLI differences. But instead from assumptions Docker makes, that it's running rootful, when Podman will not (by default).
As such, most of the fixes for Podman/Docker incompatibilities is just addressing that assumption with a few extra flags on the Podman commands to change how the user namespace maps between the container and the host, etc etc.
I've been using Podman on Mac and Linux for 3 years, and unfortunately, I have found this to be perennially true. I am willing to doggedly pursue the root cause and file bugs, but for many people it will just seem broken.
Most recently: Netavark doesn't match Docker's behavior with accepting broadcast traffic on a published port.
Yes! It put me off Podman for years. I do now think it has some clever ideas and if you’re running RHEL it’s a no brainer, but they should be more upfront that you will have to adapt. Especially if you’re moving from rootful docker to rootless Podman.
How is Podman these days? I use OrbStack on macOS and it seems to be much faster, not sure how everything will shake out now that macOS 27 is adding (more) native and performant Linux containers, similar to WSL with micro-VMs.
Same question, same scenario. I tried it on MacOS, and the first issue I experienced (don’t recall what it was) had me deep into Redhat forums to even understand what was happening. Switching to OrbStack was a no-brainer, but there are obvious tradeoffs from a features perspective.
Rootless was the reason I switched to Podman years ago. It's just so smooth and I don't have to worry about obscure permissions and services errors anymore.
SO much of the text of a comment thread is not black, though. The line above each comment is gray. Downvoted comments are various shades of gray. The "help" link next to the comment box is gray.
I've seen worse, but gray on beige is not my favorite.
> podman doesn't spew garbage and punch holes in my firewall (iptables)
The way Docker silently rewrites iptables rules is just insane. It boggles my mind that someone thought that it would be a good idea, and that it survived a peer review.
Does it still completely screw up file/group owners in user containers? Because they keep saying it gets fixed and then that 1 out of 10 times it's not.
The new network stuff is a welcome improvement.
Especially if you want to go rootless (and you should).
For someone that isn’t “Linux first” (like a baby developer learning to containerize their apps), the idea of dealing with systemd unit files or kublet configs, and having to created dedicated local service accounts (and remembering to enable linger) is somewhat intimidating when compared to just installing docker, whipping up a docker compose file and pressing “start”.
I understand why they’ve taken this approach but it’s pretty clunky and a bit unfriendly.
Podman does not require systemd (thank God). I use a simple podman compose up/down in a user systemd file to automatically bring my containers up at boot, but other mechanisms are possible, like quadlets and init scripts.
I use podman regularly, and despite it being a good drop-in replacement like 95% of the time, the 5% of the time where it isn't seamless are super painful. For example, skaffold (https://skaffold.dev/) pukes all over itself when you try to run podman as a drop in replacement. I'm sure there are plenty of other examples, but that one stops me from using podman at work in addition to in my personal projects.
I mean, really, if we keep in mind that formally these are 2 totally unrelated projects, it's hard to complain. Yes, it's almost seamless. But since when installing Podman everyone thinks roughly "I am installing a newer better Docker version", and we all already have a few dozens of custom Docker containers running, it's hard no to wish it was even more seamless and backwards-compatible. I remember the transition process wasn't nearly as smooth as I hoped, and every small glitch is kinda stressful, because you know that currently all of it "somehow works", and if something breaks you probably won't even notice right away.
It’s not hard. It’s just fiddly.
You could quite simply have a systemd file that calls podman compose up when the service starts and podman compose down when it stops. Basically the same systemd file for every container stack defined in a single compose.yml. It's extremely easy, and does not do stuff behind your back like Docker (such as silently altering iptables rules).
They’re essentially long junior devs asking Claude to set up podman
I'd love to be able to recommend people use podman but not having a good docker compose compatibility and missing inotify on volumes makes the DX just too problematic.
podman-compose never worked well for me but docker-compose on podman did.
Podman on macOS feels miles less refined. Orbstack is a way better choice.
I only use podman on Linux and there it is blazing fast. Even so, most features seem to be geared to be able to replace kubernetes in combination with systemd. And then something simple as docker compose support is flaky and it’s TUI/ux lags behind the original.
The other issue is minor differences from Docker, but small enough that a packaged up Docker compose doesn’t work out of the box. It’s not a good use of my time to debug that when I could just switch to Docker, have it work, and get on with my day.
And usability continues for being security’s number one enemy...
macOS had a seperate set of problems. I ended up just going with buildx and Colima on macOS. (We don’t use Docker Desktop.)
Long term I’d like to try to switch to podman again, but it needs to have a “be 100% compatible with Docker” mode as opposed to this:
https://github.com/podman-container-tools/podman/issues/1478...
Either an old experience you had, or a newer experience you had on vastly out of date packages and probably podman itself?
Not even Tart or Apple Container support it, as far as I know. Maybe someone has found a way.
In general this seems to be a common complaint here. If you're developing with cloud runners or on linux infra you won't run into this, but on macOS for local development it is impactful.
Works with OrbStack though.
And then there are the extra steps: Enable user lingering, make a systemd service that starts the compose containers (and there is nothing really “native”, it’s a script.) With Docker compose containers just restart if you say so in the file.
There are many great things about podman, will try again in a year or so perhaps?
I tried working through it with Claude, but after a few failed attempts I gave up. I'd like to use podman, but the docker compose + buildx compatibility gaps made it more trouble than it was worth for now. I'm definitely going to try it again.
Fedora and selinux may be a thing to look into if you were trying to share volumes.
I am posting this from a park on my phone, so this may be slightly wrong, but this is the multiarch case that seems to be harder to find for many people.
All depends on your needs, but even with docker I prefer moving forward with OCI when possible, preferring standards to product specific workflows.Docker (the company) lost the plot in Linux containers, OCI got standardized, alternative runtimes came to be, and very few companies actually care to pay for Docker Desktop or the other services they sell.
Microsoft also is finally adding their own docker cli (wslc), due to having had enough pressure that many companies don't want to instal third party tools for Linux/Windows containers, even if API is compatible with docker daemon.
Apple is doing a similar approach on top of their virtualisation framework.
Devcontainers work without having to pass special arguments and deal with inconsistent stuff once in the devcontainer itself.
K3d is easier to work with Docker.
Docker locally just makes sense.
Docker is something we all already hate, milion edge cases and forever bugs but at least well documented and understood. Podman claim to be drop-in replacement does it mean it carry docker shitness? Examples: ufw punch through, env file handling, volumes, etc
Documentation has also gotten better.
For tools that require docker to work, like testcontainers and tilt, I've found some annoyances using podman, but ultimately I've been able to work around them.
For everything else, it's pretty much a drop in replacement.
[1] https://github.com/podman-container-tools/podman/discussions...
I've never interacted with anyone that knew them by another name. It's always (docker) container, where they may leave out the docker term, but if questioed what kind of container they mean theyll say it.
And the times I've called them OCI container (or image when talking about those) nobody knew what I meant until I clarified to docker
1. You have to use `sudo` for every `docker ...` command; or
2. You add your user to the `docker` group and now anything that can run as your user can use docker to read or write any file on your system, making docker into the best local privilege escalation option out there.
As a developer, I wager that any gains I get from Podman will be dwarfed by bugs that I’m encountering in the other software I use.
I’m not implying that Podman causes the bugs. I’m saying that I’ll be more likely to be the first person to encounter the bug.
So any time people talk about docker someone can go:
I use podman btw
"OCI container" doesn't have same ring, unfortunately.
And most Podman things are just clones of Docker, e.g. Containerfile. In a clone situation, the original brand will always have the staying power.
Zero changes needed and now I don’t need to keep a daemon running.
Great software.
is this firecracker or total rewrite
It runs ontop of the libkrun vmm forked with optimizations, which is the underlying lib powering podman as well.
open source, will contribute upstream when possible: https://github.com/smol-machines/libkrun
But it seems more like a completely different way to run isolated workloads?
So I tried Rancher Desktop and other than I keep forgetting its name it just worked.
It's another simple option for those who need it.
[1] https://github.com/Mati365/hetzner-podman-bunjs-deploy
I have a lot of compose files in my homelab/automation setup and those are what I’m most concerned about.
The only issue I have is validation, there isn't a convenient built-in command to validate quadlet files and systemd doesn't warn you if any fail to generate. You either have to do a --dry-run first (and probably alias the full command to something reasonable) or check the journal for errors.
For quick conversions you can use compose files directly with podman-compose or docker compose pointed at the podman socket[0].
There's also podlet[1] which converts compose files into native quadlets. It does a pretty good job of taking care of everything for you and for a lot of simple to medium complexity compose files it will Just Work. There's talk of making it into a library of some kind so other tools can transparently convert compose files to quadlets so hopefully we'll see more stuff like it.
Otherwise, writing your own Quadlet files isn't too hard if you're at all familiar with systemd unit files. Most `docker run` or `podman run` arguments have direct quadlet conversions so once you get used to the INI format versus yaml it's pretty easy to see a compose file and churn out the equivalent quadlet(s).
[0] https://www.redhat.com/en/blog/podman-docker-compose
[1] https://github.com/containers/podlet
I have zero issues with it doing the builds I need. Works same same as Docker from what I can tell.
I took Docker completely off my Macbook which has a tiny drive in it. Hardly ever use it, except for testing. Podman is super lightweight and using a project I'm developing, launches containers with dev agents in it, just the same as Windows running Docker.
Absolutely zero regrets, would never go back.
I have the feeling the docker company is communicating a lot with Apple because virtualisation got better and better over the years. I wonder if podman would be a speed downgrade here?
Highly recommend Podman overall; there are some quirky edge cases, but for the most part it’s a smooth replacement for Docker.
If you don’t want to give up compose entirely, podman-compose exists. I just prefer Quadlets so I haven’t used it much myself.
There is however, the LLMs that pull their fair share of documentation, or rather, replacing it. Not opening that can of worms here, but heck am I glad I can query `$AI` about occasional Podman "burst pipe", instead of hitting Google and looking for [that one e-mail message from a guy who had exactly the same issue, solved it _and_ had the wherewithal to post the solution](https://xkcd.com/979/).
We never got into use of `docker compose`, not in any capacity to speak of, and these days we use Kubernetes and OKD/Openshift for things that Docker -- in my understanding -- solves with swarm and composition. It works well enough, I almost don't find it worthwhile to mention that it does :)
Other than that, I haven't found anything that makes me consider using docker again.
The few cases where something was not directly translatable was <10 minutes with a coding agent to make some minor config changes, and then it just worked.
Regardless it works enough for me to run local Kubernetes and Tilt
Having a heterogenous fleet can be annoying though, some Podman-only config values[1] stop Docker dead in its tracks because it hates unknown fields.
1. It was a while back, and I can't remember what specific field it was, but it had to do with namespacing and/or (sub)UID mapping.
On the other hand I could see it being hard for people to only install the cli part of docker. Luckily on arch that was simple due to how it's packaged.
I'm also using podman-compose that is small and delightful (I had to fix a few bugs there). It's just one Python file that you can copy.
As such, most of the fixes for Podman/Docker incompatibilities is just addressing that assumption with a few extra flags on the Podman commands to change how the user namespace maps between the container and the host, etc etc.
Most recently: Netavark doesn't match Docker's behavior with accepting broadcast traffic on a published port.
If I build an image with podman will it run in cri-o, docker and other misc runtimes?
Been debating on using rootless podman for building images since docker build requires sudo and it gets annoying with agentic workflows.
I've seen worse, but gray on beige is not my favorite.
no "container root" / "docker group" = "host root" shenanigans
podman doesn't spew garbage and punch holes in my firewall (iptables)
(edit: formatting)
The way Docker silently rewrites iptables rules is just insane. It boggles my mind that someone thought that it would be a good idea, and that it survived a peer review.