Introduction
We will go over Podman VS Docker – In Depth Comparison.
Did you know that Podman could be a complete replacement for docker?
I will break this review in the following sections:
- What each technology is
- The differences between docker and podman
- Which in my opinion is good for your use case.
I have been personally using docker since inception but I started trying out Podman as soon as it came out for various reasons I’m going to discuss below.
Going to keep things simple and straight to the point but also go in depth on each category to give you some perspective as a developer and product architect on which one will suit your needs better.
You can find more about the Docker project here and Podman here.
Which Is More Popular Podman Or Docker
There’s no doubt that Docker has a much great community and support but lets see how the two match up on popularity over time.
If we quickly go over the google trends and see the requests being made between the two we will see a graph that looks like the one below.
Podman is going up a lot in popularity over the past years, but how does Docker compare in terms of popularity lets see…
As you can see on the other side of the coin Docker is losing popularity compared to Podman. It’s trend is going down with a lot of downward spikes. It seems to still be recovering every time but overall it’s stable with a downward trend. This tell me that either Podman is gaining traction or people are losing interest in Docker.
Which Is More Secure Podman or Docker
Both solutions are very secure by nature. The do privilege isolation and allow you to run things in your system in a more secure way than running traditional apps. Since both offer a sandboxing method that separates it from your main system the security is as good as it can get from that perspective.
The main security both technologies offer can be split up in the following sections:
- Process isolation from your system
- Different protected memory sections
- Isolated filesystem (you can still expose your system resources)
- Protected networking using low level operating specifics in the firewall
- Isolated virtual CPUs and environment of execution
However there is one core difference when it comes to how both are implemented under the lines which gives a big edge to Podman. This difference is basically how each of them is executed.
Podman does not require root privileges to run which makes it inherently more secure as a solution compared to Docker. Since docker relies heavily on having root privileges any potential vulnerability in the subsystem or the docker instances can result into a system root privilege escalation which could be detrimental for the host operating systems security.
Having said that you can do a lot of things to harden docker and limit what gets executed as root privileges however at the end of the day this will still be the weakest link in your chain. If you really care about security and want to have complete isolation of your tasks from the system I recommend going with Podman as it will require less hardening and will be safer to run potentially malicious instances.
Which Has More Image Support and Community Podman or Docker
Podman is a relatively new project that started up not very long ago. Like everything new it tries to build it’s user base, community and support. Furthermore the images that are supported and can run on the environment are also not always bullet proof.
When it comes to the community which is very important for most people Docker by far exceeds Podman so it has a clear edge here. You can virtually search for anything you want and there will always be a solution in a support forum or a blog like mine. You can check my docker section here which I have written some articles about it if you are interested in that.
Having said that Podman is doing a great job running the existing images from docker. They claim that you can simply replace the docker command with Podman and be good to go. Unfortunately in my experience I think this is far from the truth which is one of the reasons I’m keeping both installed on my system.
I’ve had bad luck running properly some images especially when they are exposing ports and having some special things in the Dockerfile. Without going into details I think it’s safe to say the project is relatively new still and I believe it will greatly improve over time and get to the point where you can really replace the command with it.
Which Is Easier To Use Podman or Docker
Both technologies have a very similar set of command line that’s very intuitive. Since I have been using docker for many years initially it comes to me more naturally to use. However since I started using Podman I found that it has a lot of handy commands that are much better than docker.
There’s some features that make it simpler to use and require less typing to do more work. Let’s go over some examples of why I think Podman is easier to use and comes with better and more intuitive command line support.
Stopping All Containers In Docker vs Podman
Podman makes it a lot easier to stop all the containers. This is demonstrated below that shows the difference between stopping all containers in docker vs Podman.
# Podman stop all instances $ podman stop --all # Docker stop all instances $ docker stop $(docker ps -aq)
The –all command line parameter is used across all commands and it makes it handy to do things at a bigger scale rather than running two commands like in the case with docker which requires the extra ps.
Deleting All Containers In Docker vs Podman
Similarly as above the rm command for Podman has the all switch which makes it much easier to delete instances and images than you can in docker. Basically in docker you need to run two commands cascaded in a much less intuitive way than you can with Podman.
# Podman delete all instances $ podman rm --all $ podman rmi --all # Docker delete all instances $ docker rm $(docker ps -aq) $ docker rmi $(docker images -q)
Furthermore from the above since you are typing less you are wasting less time trying to think of what you need to do which for me makes it a lot easier to work with the Podman command line as a developer. The reason for this is that it’s very common in a dev environment to want to tear down both images and instances pretty often.
Running Commands In the Latest Container ID
Podman offers yet another very useful command line switch called –latest. This basically allows you to do all your operations on the latest instance you are working with. Again if you are a developer it’s fairly command that you will be creating new instances and tearing them down.
The process doing this in docker is fairly tedious as every time a new instance is created you need to run the docker ps find the ID you are working with and reference it in every command you are running.
# Podman --latest (-l): Apply the command to the latest container. $ podman --latest # In Docker you need to run docker ps find the ID and use it $ docker ps
Which is Faster Docker Or Podman
When it comes to execution speed it’s really hard to completely quantify. Lets start by saying that Podman was created to simply execute containers and not create or do anything else. This allows for a lot of optimization of the code towards the end goal.
Furthermore Podman does not rely on a daemon running in the background which has the old school server/client daemon architecture which goes over a socket and can significantly slow things down.
Additionally it takes up less disk space and memory to run.
In my opinion for now I would go on a whim and say Podman is more efficient and faster on the system. Having said that when you go into other operating systems aside of Linux speed may be sacrificed. Podman was developed by Red-hat for Linux mainly and this is where it excels in terms of speed and optimization.
If you are running in Linux I would say Podman is faster and better overall.
Does Podman Require a Server/Daemon
Unlike Docker which relies on a server/daemon architecture Podman is self sustained and does not need a server/damon running for it to operate. This is a great architecture advantage as it means there’s nothing needed to always be running in your system taking up much less resources.
I’m personally a big fan of a daemonless architecture that does not rely on the old UNIX paradigm. It takes less memory, occupies less disk space and does not require a registry to be maintained. If you are however an old school Unix admin and you are used into managing things via daemon then you will find Docker more like your home.
Having said that both approaches are good but it comes down to personal taste on what you prefer to use. I will be going with Podmans daemonless for now.
Does Podman Require Root/Admin Privileges To Run
As mentioned in the security section briefly luckily Podman does not require root privileges to run like Docker does.
One thing to note is that you can invoke Podman as a root user if you want too, I do not personally advice it for the same reasons you login as a user and not as root in your desktop. If you value your security make sure you do not run as root unless really needed.
Docker on the other hand requires root privileges to run which makes it inherently less secure than Podman.
Since then docker has had some solutioning for running rootless containers if you configure it as a rootless daemon mode in your configuration. For this you may need the help of a tool called
What Is Buildah and Is It Needed for Podman
Buildah is an isolated tool that Podman relies on when building new images and instances. Unlike docker which is a monolithic all inclusive application that has every bit of that functionality built in Podman cannot do that.
Podman is designed to simply execute and run containers and instances and it does this very well.
So the difference between Podman and Docker here is that one is more optimized for execution than the other (Podman) and thus can provide more edge cases and optimizations within the code.
Does Podman Support Clustering Like Docker
Podman currently does not support Docker Swarm which is the native orchestration system for clustering and managing multiple instances at the same time. Having said that there’s Kubernetes which is the dominating player when it comes to orchestration of instances and containers.
Since Kubernetes is the key player the question really becomes the following does Podman support Kubernetes like docker does?
The answer is yes it even provides a way to generate the tube commands that allow you to export existing containers into a Kubernetes Pod YAML file. This allows you to use your containers into something like a Kubectl cluster or Openshift.
$ podman generate kube
I would say if your old setup is tied to Docker Swarm then you may want to stick to Docker since it’s only natively supported by Docker. However if you are more open and you are using already Kubernetes then it shouldn’t be a problem at all.
The answer is that it depends on your system setup.
Is Podman Compatible With Docker
The short answer for this is maybe. Podman has some backwards compatible support for your Docker setup but it’s not a complete solution. I’m going to try to list at a very high level some of the things I don’t think it does very well with.
- As mentioned above Docker swarm is not supported
- The command line does not always translate on a one to one with the features of Docker
- Not all instances and images are fully backwards compatible with Podman (this is improving)
- Your existing coding scripts will have to change
If the list above does not affect you then you can consider Podman kind of compatible. Offcourse lets not forget that installing it in your system and how it works internally is vastly different if you are even relying on that part.
Can You Use Both Podman And Docker
Yes you an use both Podman alongside with Docker. The truth is that I still use both because I want to slowly move away from Docker. However this comes with the cost of more memory, disk space, cpu usage and the tedious part of maintaining two systems.
If you are someone that is interested in making the shift and your containers are not well supported or you are using something from the list I mentioned earlier in regards to compatibility then you will probably need to use both. If you are happy with Docker as is you can stick to it and avoid it.
Which Has Better Operating System Support Docker Or Podman
I believe by far docker is the key player here. Podman is making a very fast paced progress but up to recently I had issues running Podman properly in my MacOSX. Since then that has been resolved and things are working great now. When it comes to Linux since Redhat maintains and develops Podman everything works great.
For Windows systems I do not have much experience with it but my guess is that it won’t be up to par like it is with Linux unless you use it under the Linux subsystem (WSL). Docker on the other hand I have used for a prolonged period of time in all three operating systems Windows, Linux and MacOSX and it works pretty well in all platforms.
I believe the winner here is Docker.
Conclusion
We were able to successfully go over Podman VS Docker – In Depth Comparison hopefully I answered any questions you may have had and helped you decide which is best for your needs.
If you found this useful and you think it may have helped you please drop me a cheer below I would appreciate it.
If you have any questions, comments please post them below or send me a note on my twitter. I check periodically and try to answer them in the priority they come in. Also if you have any corrections please do let me know and I’ll update the article with new updates or mistakes I did.
Which one are you planning to use Docker or Podman?
I want to give Podman a go since it offers a little more security but I don’t think it plays well with the images still so I’m going to let it mature a bit more as a project before I make the switch.
If you would like to find more docker related articles check the list below: