No idea why Docker is still so much more popular than Podman. Podman is obviously the better implementation.

The new network stuff is a welcome improvement.

I’d wager it’s mainly just that deployment is mildly more annoying and requires more disparate steps.

Especially if you want to go rootless (and you should).

For someone that isn’t “Linux first” (like a baby developer learning to containerize their apps), the idea of dealing with systemd unit files or kublet configs, and having to created dedicated local service accounts (and remembering to enable linger) is somewhat intimidating when compared to just installing docker, whipping up a docker compose file and pressing “start”.

I understand why they’ve taken this approach but it’s pretty clunky and a bit unfriendly.

It's not just mildly annoying, it completely ruins a great thing.

Docker Compose is to stacks what Dockerfiles are to a single application. Podmans solution is to not commit to compose, but instead to create a bespoke mechanism involving a bunch of tiny files, all of which is insanely system (linux) specific, and therefore completely non-portable.

I genuinely don't understand how someone can see the value of Docker, but then do things so completely "not-docker" when it comes to deployment/stacks/orchestration.

> but instead to create a bespoke mechanism involving a bunch of tiny files, all of which is insanely system (linux) specific, and therefore completely non-portable.

To nit pick slightly, it's not really a bespoke mechanism it's just re-using the mechanisms provided by systemd. Quadlets are implemented as a systemd generator in order to re-use the existing service management system that exists on essentially all major Linux distros. Quadlets are less a direct competitor with compose (hence why Podman implements the compose spec) and more a way to better integrate containers with the rest of a system. The closer Podman native equivalent to compose is Kube files.

> Docker Compose is to stacks what Dockerfiles are to a single application. Podmans solution is to not commit to compose

This isn't (completely) true. I found podman-compose to be a more or less drop-in replacement for docker-compose. I know that in the past support was patchy, but things are rather good now.

Pretty sure that's because podman-compose literally calls docker-compose under the hood.

e: from the manpage:

"podman compose is a thin wrapper around an external compose provider such as docker-compose or podman-compose. This means that podman compose is executing another tool that implements the compose functionality but sets up the environment in a way to let the compose provider communicate transparently with the local Podman socket. The specified options as well as the command and argument are passed directly to the compose provider."

it calls podman-compose or docker-compose depending on what is installed...

this is literally what manpage you quoted says too

That's the "podman compose" wrapper command. podman-compose (the implementation referenced in the first sentence of your quote) does not call docker-compose: https://github.com/containers/podman-compose

The purpose of quadlets is when you want good integration with systemd.

The better equivalent of docker compose is podman kube, which does use a single file. And it isn't bespoke, it uses the same format as kunernetes.

And if you prefer the docker compose format, podman-compose is available as a separate tool.

And FWIW docker compose is a separate tool from docker itself as well (and needs to be installed separately on several linux distros). And can actually work with podman instead of docker.

FWIW, for me docker compose works just fine with podman. I am not sure what kind of additional configuration is needed these days, make sure you are running podman with the socket thing and perhaps set DOCKER_HOST. It's just a client / frontend to an API that podman provides.

IIRC `podman compose` can invoke either `podman-compose` or `docker-compose` and sets up the environment for the call, so I don't think you need to even really do anything special other than install either of the 2 commands

[deleted]

Depends on your point of view.

It can be argued that it’s Docker that is reinventing the wheel and doing its own bespoke process management, journal management etc when all of these are solved problems on Linux. Podman is instead reusing the platform which exists, Quadlets are just reusing systemd, so as a sysadmin I can manage, control and monitor docker containers using the same standard tooling that I already use to manage, control and monitor all the other processes which are running on the system.

Architecturally I find the above argument attractive. The problem is chronology. Docker and docker compose came before systems was ubiquitous and long before Quadlets, so it’s natural to think of Quadlets as reinventing the wheel.

Personally I wish docker had not rejected composition/integration around systemd. Would have made everyone’s job a lot easier in the long term.

> Personally I wish docker had not rejected composition/integration around systemd. Would have made everyone’s job a lot easier in the long term.

It also would have only run on Linux hosts (and not all of those at that), so something else would have been adopted instead. Docker didn't win by being superior to every alternative, it won by being good enough and being everywhere. For portable orchestration, Desktop does ship with kubernetes that's literally one click to enable.

Have you try podman-compose ?

> the idea of dealing with systemd unit files or kublet configs, and having to created dedicated local service accounts

Podman does not require systemd (thank God). I use a simple podman compose up/down in a user systemd file to automatically bring my containers up at boot, but other mechanisms are possible, like quadlets and init scripts.

Quadlets are awesome and honestly I think one of the best additive things that podman has on top of the regular docker toolset.

I use podman regularly, and despite it being a good drop-in replacement like 95% of the time, the 5% of the time where it isn't seamless are super painful. For example, skaffold (https://skaffold.dev/) pukes all over itself when you try to run podman as a drop in replacement. I'm sure there are plenty of other examples, but that one stops me from using podman at work in addition to in my personal projects.

Well, but that's kinda the point, isn't it? You know that other mechanisms are possible, but you opted out for a user systemd file. I know that too, and I also just use systemd for that. Because the alternative doesn't look much easier. I guess it makes sense that they try to discourage it now, because for serious deployment it isn't the best option. But when I install Podman on my laptop, I really wish the systemd configs would be added automatically without me even knowing.

I mean, really, if we keep in mind that formally these are 2 totally unrelated projects, it's hard to complain. Yes, it's almost seamless. But since when installing Podman everyone thinks roughly "I am installing a newer better Docker version", and we all already have a few dozens of custom Docker containers running, it's hard no to wish it was even more seamless and backwards-compatible. I remember the transition process wasn't nearly as smooth as I hoped, and every small glitch is kinda stressful, because you know that currently all of it "somehow works", and if something breaks you probably won't even notice right away.

Are we talking windows here? On Linux and Mac I believe you can install Podman via a package manager like anything else.

Linux. It’s not the installation of podman that can be fiddly. It’s the setting up systemd unit files and local user accounts for rootless / daemonless deployment of containerized apps that can be a headache.

It’s not hard. It’s just fiddly.

> It’s just fiddly.

You could quite simply have a systemd file that calls podman compose up when the service starts and podman compose down when it stops. Basically the same systemd file for every container stack defined in a single compose.yml. It's extremely easy, and does not do stuff behind your back like Docker (such as silently altering iptables rules).

Sure. But that wasn’t OP’s question.

The question was why Podman doesn’t have the adoption levels that Docker does, and my supposition was that (for those that don’t have much Linux administration experience) added steps like systems configs, or quadlets etc are just another barrier to entry that you don’t have with Docker.

I’m not arguing that Docker is better (I think Podman wins in a lot of ways actually) just that Podman requires a bit of extra work to implement well and that is just enough of an annoyance to tip the scales towards Docker.

I think it's just because Docker came before. Podman is more secure and architecturally cleaner, but not touching something that works is an equally good reason not to migrate.

You can just run podman containers as root if you don’t want the fiddllyness of user accounts - it’s no less secure than rootful Docker.

It might not be the popular way here in HN but nowadays I just ask llm to create required configuration files and everything is so easy. Of course you need to review them but tbh no more headaches at least with config files.

Doesn't quadlet fix some or all of those problems? It's supposed to allow you to convert podman containers to systemd unit files automatically

> Doesn't quadlet fix some or all of those problems?

It definitely can solve some of those problems, and that’s the approach I’d generally recommend.

But to answer OP’s question - my supposition was that the mere fact that such a device is even necessary (when compared to docker) is an added work that isn’t obviously easy to implement for someone who is just trying to learn how to containerize their app (and might be a developer but not that experienced with Linux administration) and this one of the main reasons Podman isn’t as popular as Docker.

I think Podman is better in a number of ways, but it isn’t the most intuitive to implement compared to Docker.

I think it’s probably correct strategy wise to just “do the right thing”

They’re essentially long junior devs asking Claude to set up podman

I use podman on my local dev machine and I don't touch any system-d files for that

Its not only intimidating, its clunky and error-prone. That's the answer to OP's question, this podman thing does not have good UX story.

Or, to look at it another way, the answer is that it’s the developers who don’t want to learn something new that, objectively speaking, might turn out to be better than what they’re used to.

Last time I checked podman compose was only a superficial docker compose equivalent. Also stuff like inotify seems to randomly break a lot on the podman side.

I'd love to be able to recommend people use podman but not having a good docker compose compatibility and missing inotify on volumes makes the DX just too problematic.

You can use actual docker-compose with podman, the -compose projects are separate from podman/docker.

podman-compose never worked well for me but docker-compose on podman did.

The CLI plugin or the script? Last time I checked the podman CLI did not support docker CLI plugins and the script is EOL since years.

Podman has supported plugin compose (v2) for years now, and I believe that's the version I used before I switched to Quadlets, but I must have not needed Buildkit features back then because those are apparently still unsupported over v2.

> for years

Don't know about that. I did a ddg search "using docker compose (v2) plugin with podman" I do get some tutorials but they all are from 2026. This also aligns with my experience from late 2024 where you where typical advised to use `podman compose` or the compose script.

Here's the 2022 release announcement for Podman 4.1 claiming support for compose v2. Your distro may have been stuck with an older Podman version for much longer though.

https://podman.io/release/2022/05/09/podman-release-v4.1.0

[deleted]

docker-compose (v1) is obsolete. The new version (v2) is a plugin for the docker CLI.

[deleted]

See my answer to your sibling comment. Podman supports v2 but not with Buildkit.

Check again? I don't have any issues like this and use podman compose in prod.

I spent about a week last year trying to move from docker+compose plugin to a podman hosted variant. It has issues on multiple stages of the lifecycle as I mentioned in my original comment. Mac users lose fs events, a lot of compose.yml features are flaky (post start events), buggy (reset and import), or just not implemented (don't remember the exact features).

If you use podman and have no issues that is awesome but your use case is probably quite narrow, you are most probably on a non fedora based Linux and keep compose usage to a minimum.

It was a pain when i tried it like 5 years ago for what it’s worth.

I gave up on Podman for some minor reasons: one was that they decided to deviate from Docker and handle SELinux differently, which required effort to change the SELinux security labels on a stock Centos system. That made it a no go.

The other issue is minor differences from Docker, but small enough that a packaged up Docker compose doesn’t work out of the box. It’s not a good use of my time to debug that when I could just switch to Docker, have it work, and get on with my day.

Can you elaborate on SELinux? It affected me too but I just had to add :Z to my mount argument. Curious about whether there's further impact I'm unaware of.

This is my biggest gripe. If you're using docker-compose.yml on a team that mostly uses docker, you can't use use that same docker-compose.yml with rootless podman. Any volume mounts that need to be writable (like the app, or databases) need to have `:X` or `:x` as a suffix, or podman won't set the SELinux label correctly to make it writable. But if you add those, docker blows up because it doesn't understand them.

I've recently been using podman on SELinux... :Z and :z seem to work fine across both podman and docker for writeable volumes. Am I missing something?

There were other problems although it’s been a few years so I’ve forgotten them. I think the container I had trouble with Ory Kratos. We did eventually get it to work but had to change the sample docker deployment a fair bit.

macOS had a seperate set of problems. I ended up just going with buildx and Colima on macOS. (We don’t use Docker Desktop.)

Long term I’d like to try to switch to podman again, but it needs to have a “be 100% compatible with Docker” mode as opposed to this:

https://github.com/podman-container-tools/podman/issues/1478...

> have it work, and get on with my day.

And usability continues for being security’s number one enemy...

> on a stock Centos system

Either an old experience you had, or a newer experience you had on vastly out of date packages and probably podman itself?

CentOS comes with SELinux on by default.

I think a stronger brand name. Also on macOS I found Docker Desktop to be more straightforward. Also lately it has been very error prone. Randomly failing at mounting files, or cleaning up networking rules, or suddenly becoming bog slow so I have to restart the VM.

Podman on macOS feels miles less refined. Orbstack is a way better choice.

I only use podman on Linux and there it is blazing fast. Even so, most features seem to be geared to be able to replace kubernetes in combination with systemd. And then something simple as docker compose support is flaky and it’s TUI/ux lags behind the original.

I like OrbStack for macOS, much faster.

Now that Apple has containerization api’s probably the gap closed but when I ran benchmarks a couple years ago Orbstack would on average perform the same build at 4x faster wall clock time as docker desktop

Build as in building images or as in building a project when mounted in a container? I notice 3-4x performance degradation of our maven builds in containers. With golang I haven’t noticed much performance degradation, but that may be because it is fast enough anyway.

One advantage of Docker is reliable host-to-container file change notifications, allowing tools like Vite inside the container to detect changes. Podman and many alternatives don’t handle this well for our web development on macOS.

Not even Tart or Apple Container support it, as far as I know. Maybe someone has found a way.

Thats a use-case I never tried but seems valid. Is it a common issue on macOS?

> don’t handle this well for our web development on macOS

In general this seems to be a common complaint here. If you're developing with cloud runners or on linux infra you won't run into this, but on macOS for local development it is impactful.

Yeah, it doesn't work with Apple Containers.

Works with OrbStack though.

Just today, I tried to run docker compose on a remote host via podman-docker on Fedora (Asahi). I ran into all sorts of buildx issues, and the easiest fix for me was to remove podman and install docker instead.

I tried working through it with Claude, but after a few failed attempts I gave up. I'd like to use podman, but the docker compose + buildx compatibility gaps made it more trouble than it was worth for now. I'm definitely going to try it again.

If you want podman equivalents, you can either use pods of multi containers are the need, or if multi arch builds are the main buildx need, OCI manifests work.

Fedora and selinux may be a thing to look into if you were trying to share volumes.

I am posting this from a park on my phone, so this may be slightly wrong, but this is the multiarch case that seems to be harder to find for many people.

      podman manifest create my-image:latest
      podman build --platform linux/amd64 --manifest my-image:latest .
      podman build --platform linux/arm64 --manifest my-image:latest .
      podman manifest push my-custom-image:latest docker://docker.io/user/my-image:latest

All depends on your needs, but even with docker I prefer moving forward with OCI when possible, preferring standards to product specific workflows.

Last time I evaluated podman, Ubuntu was second class citizen. Rootless was non trivial and required additional setup. Documentation also suck.

Docker is something we all already hate, milion edge cases and forever bugs but at least well documented and understood. Podman claim to be drop-in replacement does it mean it carry docker shitness? Examples: ufw punch through, env file handling, volumes, etc

Last time I tried rootless podman was about 6 months ago and it was a total mess. I was trying to use it to run a container as me (user 1000) and mount a directory from my home (owned by user 1000) and it drove me and Claude around the bend. It's not a podman vs docker thing per se, just rootless being a total pain. However I just enabled the docker service, ran the same command on docker and it worked. I think I just left docker running after that. I realised that on my home setup I don't care enough to fight with it. Sometimes you just want to do the thing you want to do and not turn it into a 4 hour learning session about some side shit.

Try without Claude. Happy rootless podman user since October. It just works.

Had similar issues with podman on a Steam Deck of mine that I use as a little home server - eventually got a configuration working fine but was a real pain.

With recent advances in both systemd and podman a lot of this is basically a non-issue.

Documentation has also gotten better.

For tools that require docker to work, like testcontainers and tilt, I've found some annoyances using podman, but ultimately I've been able to work around them.

For everything else, it's pretty much a drop in replacement.

They should better manage expectations. They put rootless as a forefront before it was ready and still no proper support for Ubuntu on v4 of Podman.

[1] https://github.com/podman-container-tools/podman/discussions...

One of the key design principles of podman was rootless operation; they were so disgusted by Docker being a daemon they decided to do a full open source implementation. I've never had an issue with it running without root.

When have you tryed ? I have installed podman in Debian with a sudo apt install podman and I didn't to do anything special. It's rootless by default.

In many places it doesn't matter, because cheap companies don't want to even hear about Docker, so one gets to choose between podman, rancher, and if on Windows wslc is going to be a thing.

Docker (the company) lost the plot in Linux containers, OCI got standardized, alternative runtimes came to be, and very few companies actually care to pay for Docker Desktop or the other services they sell.

Docker CLI is free for commercial use, it's only docker desktop you have to pay for

I know, but companies legal or IT department make it easier, no docker of any kind being installed from https://www.docker.com.

Microsoft also is finally adding their own docker cli (wslc), due to having had enough pressure that many companies don't want to instal third party tools for Linux/Windows containers, even if API is compatible with docker daemon.

Apple is doing a similar approach on top of their virtualisation framework.

I ran into an issue I couldn't figure out how to solve with podman. Some of the testcontainers my test suites would run wouldn't start in time causing tests to fail locally. Switching back to docker desktop solved the problem.

This except in production. Nothing helped. I actually stopped using containers for a bit after that.

I went all in on podman compose last year but went all back because off constant permission errors. I thought it was going to be better than docker because I run the containers as a user… but man the amount of time I wasted on files that either I or the container itself or some other container couldn’t read… With docker I felt that stuff just works.

And then there are the extra steps: Enable user lingering, make a systemd service that starts the compose containers (and there is nothing really “native”, it’s a script.) With Docker compose containers just restart if you say so in the file.

There are many great things about podman, will try again in a year or so perhaps?

> I went all in on podman compose last year but went all back because off constant permission errors.

The issue is that "ease of use" and "it just works" come at the expensive of security and the principle of least privilege. Docker makes things easy by running a daemon as root. Rootless Podman forces you to think about permissions and does not stab you in the back by overwriting your firewall rules.

Yes, the firewall rule altering was what drove us to podman! Was kind of weird to find a container's Postgres wide open on 5432 after a `sudo ufw default deny`. Madness really.

But as said below, the permissions issues got to us.

what kind of stuff is in your compose?

Mostly self made containers, also one with Claude-code, but I couldn't for the life of me get it to be able to store and retrieve credentials in an externally mounted folder (~/.claude). I tried everything from fixing the user creation process in the container, `--userns=keep-id`, `--userns=keep-id:uid=1000,gid=1000`, several tags, :Z, :U, `chown`-ing after creation etc. And I keep running into that stuff.

I wish that "run podman containers as a user, rootless" would just simply mean: All the things are also the property of the user, but you get weird uid/guid combos and stuff on your filesystem as owners you never heard of (like www-data, but not that one in particular) due to the mismatches.

If containers can ever simply be run as user like they are a user process, that would be so nice.

Fuse overlayfs was noticeably slower than Docker's overlayfs setup. Maybe there's a way to reconfigure but I haven't checked lately.

I think it was Zig (building ghostty) was broken in podman with obscure "unknown file" errors. Turns out that was lack of fuse-overlayfs supporting some attributes it was trying to check.

It's random, little things like that which keep biting me every time I try to make the switch. I use it for simple stuff though.

Podman, including rootless podman, uses native overlays since Linux 5.11: https://github.com/torvalds/linux/commit/459c7c565ac36ba09ff...

Podman has some serious issues they are not really fixing, we ran into an issue where builds just hang for a few minutes before doing anything. So we had to switch back to using docker desktop locally for that.

it has a stronger brand, probably because it was created first. I still hear the term "docker container" (sometimes).

> sometimes

I've never interacted with anyone that knew them by another name. It's always (docker) container, where they may leave out the docker term, but if questioed what kind of container they mean theyll say it.

And the times I've called them OCI container (or image when talking about those) nobody knew what I meant until I clarified to docker

I hear occasionally Image Container, but even that is fundamentally docker flavored because when disambiguating for the term "image".

This comes up because we use both the Image and Package registries on Gitlab, so we sometimes have to absolutely specify, and the conversation lends to "The Docker Image one".

I never liked Docker, but someone pointed out to me that Podman is backwards compatible, doesn't need root, and even has simulated docker commands if you need them so you can just alias podman to docker... and voila same experience, so every online tutorial works just fine.

Because they don't publish up to date packages for major distros.

Default stickiness, tbh.

A few years ago, I started moving towards Podman when it got to that "good enough" point on both Linux and macOS and when Docker started to remind people about Docker Desktop that it needed a license for commercial use.

Even then, it took around a year or so to transition.

> No idea why Docker is still so much more popular than Podman. Podman is obviously the better implementation.

docker-compose is one big reason. The networking aspect of it still isn't feature-compatible compared to using docker. I keep trying podman+docker-compose again every 6–9 month, and there's also some issue that makes it unfeasible for my use case.

Its IPv6 implementation is also broken, and connections from the host to the container are dropped if the host doesn't have a public IPv6 address (WTF!?). I reported this in June 2024 (#22959). Not being able to reach an HTTP server on a podman container from my host when I'm offline is ridiculous.

Lots and lots of tiny little bugs and quirks which are a nuisance to deal with. With docker, everything just works.

Another recent bug I hit was that the value of the environment variable TMPDIR and XDG_RUNTIME_DIR is persisted to disk with podman's internal state. After a reboot, if either of those has changed, nothing works because podman tries to use directories that don't exist. This… seems to be due to workarounds for wildly broken setups.

I've reported many of these bugs, and have a backlog of a lot more that I haven't bothered to report yet.

What honestly really surprises me is how many people actually manage to use podman for work despite all its issues.

Isn't Docker is basically a front end to containerd, the most common k8s container runtime? One could just as well ask why use a completely separate container stack just for local development when docker shares the same business end as the prod environment.

I mean, one answer is that docker configuration on your local dev machine can go one of two ways:

1. You have to use `sudo` for every `docker ...` command; or

2. You add your user to the `docker` group and now anything that can run as your user can use docker to read or write any file on your system, making docker into the best local privilege escalation option out there.

You can also run docker in rootless mode.

They really upset me with how they introduced it initially, and I haven't looked at it since.

Redhat swapped in podman and removed docker, and all of the config/images/scripts I had spend 2 years making stopped working on new/replacement hosts... So I had to spend a lot of time in meetings/filling out paperwork to get docker back. I haven't forgiven Redhat for dropping that shitty experience on my head.

Colima just seems to be easier to work with using Docker.

Devcontainers work without having to pass special arguments and deal with inconsistent stuff once in the devcontainer itself.

K3d is easier to work with Docker.

Docker locally just makes sense.

For the company I work at, it’s primarily inertia. We started using containers with Docker. And then it just continued. We are two out of 20+ developers who would like to use Podman, but the rest is just ”eh, why bother?”. And I don’t fully fault them for holding that position, Docker generally works. Why switch to something which may or may not provide some benefit (most which will be indirect such as better security and setup)? I still continue to mention Podman regularly though …

You can use podman for your local environment because it's pretty much the same

Mostly but there are a few differences and that causes some friction

This was about a year ago, but I had trouble getting podman to add an nvidia GPU so that the container could use it. It was technically possible (I succeeded) but it was annoying and "different".

PaaS like render.com explicitly support Docker.

As a developer, I wager that any gains I get from Podman will be dwarfed by bugs that I’m encountering in the other software I use.

I’m not implying that Podman causes the bugs. I’m saying that I’ll be more likely to be the first person to encounter the bug.

This comment it's a bit weird, both podman and docker and render etc support dockerfile which is a standard way of packaging.

Most people simply do not care. They just want a Dockerfile to become an image, and they want to run that image. I use both... rootless podman is nice. Although the promise of ez systemd integration is a bit... oversold. I use it with systemd however with my own hand-crafted unit files. Pretty good combo.

Yeah, a great developer I know showed me how he could use it to get a safe dev container for Claude Code, in a way that wasn't doable with Docker.

[deleted]
[deleted]

We need to popularize a "podman btw" meme based on the arch meme.

So any time people talk about docker someone can go:

I use podman btw

Brand.

"OCI container" doesn't have same ring, unfortunately.

And most Podman things are just clones of Docker, e.g. Containerfile. In a clone situation, the original brand will always have the staying power.

The average developer is much dumber than you think.

I mean for local dev I like that I can just press one button and have Kubernetes available. Podman Desktop had something approaching that simplicity but I have found Docker Desktop more stable in my limited experience with it.

I hold that thought about RancherDesktop.

One answer is ECR/ECS/Fargate ie AWS. You’re not gonna split the ops stories between local and remote.

I used rancher + podman on Windows. Mainly Rancher. The last 8 months I use exclusively Podman + Podman Desktop. Rancher has a slightly better desktop app and can manage podman.