I recently made a video on my YouTube Channel, about Podman vs Docker. Podman claims to be more secure and lightweight than Docker. But is that enough to switch from Docker to Podman. And probably more important is the question if you should switch now?
What is Podman and what is wrong with Docker?
Docker has clearly changed the way how we develop and maintain applications. And made containerization very popular. But it’s not the only implementation of running containers. Containers are defined in a standardized format, that doesn’t necessarily need Docker. Docker is just one way of managing and running containers. Podman is another open-source tool, that was developed by Red Hat engineers. It tries to replace Docker completely. But what is wrong with Docker?
One thing that was always concerning about Docker is the daemon, which runs in the background. Because always you run Docker in the CLI you always communicate with the Docker daemon. Podman doesn’t use a daemon to manage containers. Instead it just directly executes and runs instructions on the system. And this has two major benefits over Docker.
Podman doesn’t rely on a single point of failure like Docker
Docker depends on the daemon that runs in the background. That means, whenever there is a problem with that daemon, you can’t run or manage containers anymore. This single point of failure could potentially be a problem.
Podman runs Containers rootless
The Docker daemon runs as root on a Linux system. This alone isn’t always a problem. But when you expose the Docker API or add a user to the Docker group, means giving these users root privileges on the system.
How does Podman work?
You can always use the official Podman documentation as a starting point. Because here you will find details and a command reference. The good thing about it is, that it uses the same Syntax as Docker. Because the Podman developers didn’t want to confuse the user with new commands. That means you can just use the same commands “podman run” like “docker run“.
Do you need to be worried about using Docker?
If you ask the question, if Podman is more secure and has advantages over Docker, the simple answer is: Yes! But that doesn’t mean, that you should be always worried about using Docker.
Docker still is the most used implementation to manage and run containers. And therefore, it also has the most supported third-party tools or resources. I just don’t want to miss Portainer or Watchtower to manage and update my Containers. Exposing the Docker API to these Containers may be a small security concern, but in reality, the risk is pretty low on my own server. Because if you don’t expose the API to the public internet without authorization, someone needs to have explicit access to your server and the Docker group.
However, I think it’s good to have an alternative way of managing containers. I appreciate the project and will follow it. And when for whatever reason you prefer to use Podman over Docker, you can easily do that.