I didn't see a strong case against Docker here. Just that it can do a lot and requires root privileges. Is that really a reason to abandon the industry standard and go with a lesser-known alternative? What is your main reason you think podman is better just from reading the article?
I don't really pay much attention to what the herd is saying (industry standards). I try things out and if they work good enough for my purpose with good enough stability, security, performance and ease of use I use them for my projects.
some stuff I've chosen over the herd recommendations would be: svelte over vue/react, .net core over node, mongodb over postgres/mysql, vertical slice architecture over layered, servicestack over web api, monoliths with good caching over microservices, etc. and I'm extremely happy with my choices.
personally I like bare metal deployments compared to containers because currently my ci/cd pipelines takes care of pushing my builds out to my servers without much hassle. in the future when theres a need to manage clusters with hundreds of nodes, I'll start using k8s or something. needing root privileges is a huge no-no for docker in my book. so I'll be looking for alternatives.
The ’herd’ = industry standards? We have and need industry standards for a reason. The term ’herd’ has negative connotations and is not an effective or positive term to describe standardization, IMO.
okaaay, let me try and rephrase then... "the widely accepted popular choices/ beliefs/ patterns, etc." basically what i'm trying to say is: question and evaluate everything for yourself. don't just blindly follow what the masses are doing. i believe that's the herd mentality, yes? i have no problems with the industry coming up with standards so that everybody's on the same page. hope i've explained my intentions clearly.
I think one of the main parts here is the word standard. Docker is not the standard, standard is OCI. Docker complies with OCI, Podman complies with OCI. Both are just some of the tools that implement the current container standards. And the main problem, in my opinion, is that we currently view one particular technology as a standard. It's similar if instead of HTTP requests we would be talking about "Focus-Pocus requests", simply because "Focus-Pocus" would be the very popular tool that implements the HTTP standard.
The reason most experienced devs will ONLY go with things that are widely used, is because we've lived long enough to get burned by using some less popular tool or framework where if you try to google some specific problem or issue you find "zero search results".
If you go with the standards all the bugs will be worked out, you'll interoperate with the rest of the world better, you'll find much more resources, and others will want to join you in whatever you're doing. If you go with the oddball framework, you'll have more trouble, less quality, less support, less interoperability, higher maintenance costs, as a 'general rule'.
Just like most products (from guns to cars) if you buy the oddball product, you're just asking for difficulties that otherwise are easy to avoid.
Like any rule, there are exceptions. What I just stated is all "on average", "rule of thumb" type of advice. Take it or leave it. :)
It's an important point about lack of support, community, and Google/Stack Exchange results. A long time ago, I worked in a department where we used Borland (later Embarcadero) C++ Builder and Ingres database, and an ancient version of RedHat Linux on the backend. There were many problems that we had to overcome that existed because of that particular combination of technologies, for which we could find no outside help because I don't think anyone else used that combination of technologies. Whilst trying to figure out how to deal with one of these problems one day, I wondered out loud: "I wonder how many people in the world use C++ Builder, Ingres and RedHat together?". I began to count the number of people in the office: "1, 2, 3, 4..." and everyone laughed.
I've been coding 30 years (in my 50s) and used Borland C++ a lot too. Your example sounds familiar to a lot of what I've seen many times. I've seen junior developers download random libraries from the old sourceforge and put it directly into a commercial product with no permission asked for, no discussions had, etc. And it was a name-brand company you'd know.
I think the fact that docker requires root is a big enough concern to switch. It does have experimental support for rootless but its very limited and has performance issues (looking at you, vfs). Podman provides a solution to precisely what has been my biggest gripe about docker.
another gripe I have with docker is the loss of performance. when I benchmarked a docker container on my local dev machine the RPS for a REST app dropped ~30% compared to running it bare metal. maybe I did it wrong. but I'd like to stay away from containers for as long as I humanly can. I feel all the extra work I need to do managing docker is not worth my while (yet).
There are several factors that could be at play. If you aren't running docker natively on Linux that will have some overhead (virtualization, proxying, sync files in bind mount to vm, etc). If you forgot to add a volume somewhere and there's some IO-heavy operations being done inside the container there will be some overhead. If you're on a RHEL-based distro and didn't configure devicemapper to use a proper thin pool there will be some overhead. Et cetera.
If you get things right though there shouldn't be any measurable performance difference with running containers. Also worth noting that orchestrators such as Kubernetes have their own overhead.
I'd also note that rootless is going to have a greater overhead since there's a couple of extra things which need to run in userspace (e.g., slirp4netns). It isn't something specific to podman though.
yeah nothing is perfect in our world and I guess I'll have to evaluate the cost/benefits of using or not using containers. hopefully it's many months or years in the future for me 😜
runc is an OCI industrial standard, podman and libpod are implementations of OCI standard. It is prudent to know about these alternatives as Industry is moving to such open source alternatives.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I didn't see a strong case against Docker here. Just that it can do a lot and requires root privileges. Is that really a reason to abandon the industry standard and go with a lesser-known alternative? What is your main reason you think podman is better just from reading the article?
I don't really pay much attention to what the herd is saying (industry standards). I try things out and if they work good enough for my purpose with good enough stability, security, performance and ease of use I use them for my projects.
some stuff I've chosen over the herd recommendations would be: svelte over vue/react, .net core over node, mongodb over postgres/mysql, vertical slice architecture over layered, servicestack over web api, monoliths with good caching over microservices, etc. and I'm extremely happy with my choices.
personally I like bare metal deployments compared to containers because currently my ci/cd pipelines takes care of pushing my builds out to my servers without much hassle. in the future when theres a need to manage clusters with hundreds of nodes, I'll start using k8s or something. needing root privileges is a huge no-no for docker in my book. so I'll be looking for alternatives.
The ’herd’ = industry standards? We have and need industry standards for a reason. The term ’herd’ has negative connotations and is not an effective or positive term to describe standardization, IMO.
okaaay, let me try and rephrase then... "the widely accepted popular choices/ beliefs/ patterns, etc." basically what i'm trying to say is: question and evaluate everything for yourself. don't just blindly follow what the masses are doing. i believe that's the herd mentality, yes? i have no problems with the industry coming up with standards so that everybody's on the same page. hope i've explained my intentions clearly.
I think one of the main parts here is the word standard. Docker is not the standard, standard is OCI. Docker complies with OCI, Podman complies with OCI. Both are just some of the tools that implement the current container standards. And the main problem, in my opinion, is that we currently view one particular technology as a standard. It's similar if instead of HTTP requests we would be talking about "Focus-Pocus requests", simply because "Focus-Pocus" would be the very popular tool that implements the HTTP standard.
yes 👍
The reason most experienced devs will ONLY go with things that are widely used, is because we've lived long enough to get burned by using some less popular tool or framework where if you try to google some specific problem or issue you find "zero search results".
If you go with the standards all the bugs will be worked out, you'll interoperate with the rest of the world better, you'll find much more resources, and others will want to join you in whatever you're doing. If you go with the oddball framework, you'll have more trouble, less quality, less support, less interoperability, higher maintenance costs, as a 'general rule'.
Just like most products (from guns to cars) if you buy the oddball product, you're just asking for difficulties that otherwise are easy to avoid.
Like any rule, there are exceptions. What I just stated is all "on average", "rule of thumb" type of advice. Take it or leave it. :)
thank you for your opinion ♥️🙏
It's an important point about lack of support, community, and Google/Stack Exchange results. A long time ago, I worked in a department where we used Borland (later Embarcadero) C++ Builder and Ingres database, and an ancient version of RedHat Linux on the backend. There were many problems that we had to overcome that existed because of that particular combination of technologies, for which we could find no outside help because I don't think anyone else used that combination of technologies. Whilst trying to figure out how to deal with one of these problems one day, I wondered out loud: "I wonder how many people in the world use C++ Builder, Ingres and RedHat together?". I began to count the number of people in the office: "1, 2, 3, 4..." and everyone laughed.
I've been coding 30 years (in my 50s) and used Borland C++ a lot too. Your example sounds familiar to a lot of what I've seen many times. I've seen junior developers download random libraries from the old sourceforge and put it directly into a commercial product with no permission asked for, no discussions had, etc. And it was a name-brand company you'd know.
I think the fact that docker requires root is a big enough concern to switch. It does have experimental support for rootless but its very limited and has performance issues (looking at you, vfs). Podman provides a solution to precisely what has been my biggest gripe about docker.
another gripe I have with docker is the loss of performance. when I benchmarked a docker container on my local dev machine the RPS for a REST app dropped ~30% compared to running it bare metal. maybe I did it wrong. but I'd like to stay away from containers for as long as I humanly can. I feel all the extra work I need to do managing docker is not worth my while (yet).
There are several factors that could be at play. If you aren't running docker natively on Linux that will have some overhead (virtualization, proxying, sync files in bind mount to vm, etc). If you forgot to add a volume somewhere and there's some IO-heavy operations being done inside the container there will be some overhead. If you're on a RHEL-based distro and didn't configure devicemapper to use a proper thin pool there will be some overhead. Et cetera.
If you get things right though there shouldn't be any measurable performance difference with running containers. Also worth noting that orchestrators such as Kubernetes have their own overhead.
yeah I've been reading about those. maybe I'll have another crack at it with podman sometime soon. thanks for the input 🙏🙏🙏
I'd also note that rootless is going to have a greater overhead since there's a couple of extra things which need to run in userspace (e.g., slirp4netns). It isn't something specific to podman though.
yeah nothing is perfect in our world and I guess I'll have to evaluate the cost/benefits of using or not using containers. hopefully it's many months or years in the future for me 😜
runc is an OCI industrial standard, podman and libpod are implementations of OCI standard. It is prudent to know about these alternatives as Industry is moving to such open source alternatives.