mirror of
https://github.com/davegallant/davegallant.github.io.git
synced 2025-08-05 08:13:40 +00:00
265 lines
15 KiB
HTML
265 lines
15 KiB
HTML
<!DOCTYPE html>
|
|
<html><head>
|
|
<meta charset="utf-8" />
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge"><title>Replacing docker with podman on macOS (and Linux) - davegallant</title><link rel="icon" type="image/png" href=https://davegallant.ca/favicon.ico /><meta name="viewport" content="width=device-width, initial-scale=1">
|
|
<meta name="description" content="" />
|
|
<meta property="og:image" content=""/>
|
|
<meta property="og:title" content="Replacing docker with podman on macOS (and Linux)" />
|
|
<meta property="og:description" content="" />
|
|
<meta property="og:type" content="article" />
|
|
<meta property="og:url" content="/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/" /><meta property="article:section" content="post" />
|
|
<meta property="article:published_time" content="2021-10-11T10:43:35-04:00" />
|
|
<meta property="article:modified_time" content="2021-10-11T10:43:35-04:00" />
|
|
|
|
<meta name="twitter:card" content="summary"/>
|
|
<meta name="twitter:title" content="Replacing docker with podman on macOS (and Linux)"/>
|
|
<meta name="twitter:description" content=""/>
|
|
<script src="https://cdn.jsdelivr.net/npm/feather-icons/dist/feather.min.js"></script>
|
|
<link href="https://fonts.googleapis.com/css2?family=IBM+Plex+Mono:ital,wght@1,500&display=swap" rel="stylesheet">
|
|
<link href="https://fonts.googleapis.com/css2?family=Fira+Sans&display=swap" rel="stylesheet">
|
|
<link href="https://fonts.googleapis.com/css?family=Roboto+Mono" rel="stylesheet">
|
|
|
|
|
|
<link rel="stylesheet" type="text/css" media="screen" href="/css/main.0e5aa3b634b92d61bafebfd908290cc7a034e4d50e6a0c59ce50044560179c4e.css" />
|
|
<link id="darkModeStyle" rel="stylesheet" type="text/css" href="/css/dark.b11f422ffce8151207bad84653d44cb512043f9efe93a0a049f836b9cc32b34a.css" disabled />
|
|
|
|
|
|
|
|
|
|
<script type="text/javascript"
|
|
src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML">
|
|
</script>
|
|
|
|
|
|
<script type="text/x-mathjax-config">
|
|
MathJax.Hub.Config({
|
|
tex2jax: {
|
|
inlineMath: [['$','$'], ['\\(','\\)']],
|
|
displayMath: [['$$','$$'], ['\[','\]']],
|
|
processEscapes: true,
|
|
processEnvironments: true,
|
|
skipTags: ['script', 'noscript', 'style', 'textarea', 'pre'],
|
|
TeX: { equationNumbers: { autoNumber: "AMS" },
|
|
extensions: ["AMSmath.js", "AMSsymbols.js"] }
|
|
}
|
|
});
|
|
</script>
|
|
|
|
|
|
|
|
|
|
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/katex.min.css">
|
|
<script defer src="https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/katex.min.js"></script>
|
|
<script defer src="https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/contrib/auto-render.min.js" onload="renderMathInElement(document.body);"></script>
|
|
|
|
|
|
<script>
|
|
document.addEventListener("DOMContentLoaded", function() {
|
|
renderMathInElement(document.body, {
|
|
delimiters: [
|
|
{left: "$$", right: "$$", display: true},
|
|
{left: "$", right: "$", display: false}
|
|
]
|
|
});
|
|
});
|
|
</script>
|
|
|
|
|
|
|
|
|
|
|
|
<link rel="stylesheet" type="text/css" href="/css/custom.2e59ff60a2d9c7e42e3c1af2aff0ba627da46f910a234867e98d178eb05c87dc.css">
|
|
|
|
</head>
|
|
<body>
|
|
<div class="content"><header>
|
|
<div class="main">
|
|
<a href="/">davegallant</a>
|
|
</div>
|
|
<nav>
|
|
|
|
<a href="/">Home</a>
|
|
|
|
<a href="/post">All posts</a>
|
|
|
|
<a href="/index.xml">RSS</a>
|
|
|
|
<a href="/tags">Tags</a>
|
|
|
|
<a href="/about">About</a>
|
|
|
|
| <span id="dark-mode-toggle" onclick="toggleTheme()"></span>
|
|
<script src="/js/themetoggle.js"></script>
|
|
|
|
</nav>
|
|
</header>
|
|
|
|
<main>
|
|
<article>
|
|
<div class="title">
|
|
<h1 class="title">Replacing docker with podman on macOS (and Linux)</h1>
|
|
<div class="meta">Posted on Oct 11, 2021</div>
|
|
</div>
|
|
|
|
|
|
<section class="body"><p>There are a number of reasons why you might want to replace docker, especially on macOS. The following feature bundled in Docker Desktop might have motivated you enough to consider replacing docker:</p>
|
|
<blockquote class="twitter-tweet"><p lang="en" dir="ltr">...ignoring Docker updates is a paid feature now?? <a href="https://t.co/ZxKW3b9LQM">pic.twitter.com/ZxKW3b9LQM</a></p>— Brendan Dolan-Gavitt (@moyix) <a href="https://twitter.com/moyix/status/1388586550682861568?ref_src=twsrc%5Etfw">May 1, 2021</a></blockquote>
|
|
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
|
|
|
|
|
|
<p>Docker has been one of the larger influencers in the container world, helping to standardize the <a href="https://github.com/opencontainers/image-spec/blob/main/spec.md">OCI Image Format Specification</a>. For many developers, containers have become synonymous with terms like <code>docker</code> and <code>Dockerfile</code> (a file containing build instructions for a container image). Docker has certainly made it very convenient to build and run containers, but it is not the only solution for doing so.</p>
|
|
<p>This post briefly describes my experience swapping out docker for podman on macOS.</p>
|
|
<h3 id="what-is-a-container">What is a container?<a href="#what-is-a-container" class="hanchor" ariaLabel="Anchor">#</a></h3>
|
|
<p>A container is a standard unit of software that packages up all application dependencies within it. Multiple containers can be run on a host machine all sharing the same kernel as the host. Linux namespaces help provide an isolated view of the system, including mnt, pid, net, ipc, uid, cgroup, and time. There is an <a href="https://www.youtube.com/watch?v=sK5i-N34im8">in-depth video</a> that discusses what containers are made from, and <a href="https://youtu.be/sK5i-N34im8?t=2468">near the end</a> there is a demonstration on how to build your own containers from the command line.</p>
|
|
<p>By easily allowing the necessary dependencies to live alongside the application code, containers make the “works on my machine” problem less of a problem.</p>
|
|
<h3 id="benefits-of-podman">Benefits of Podman<a href="#benefits-of-podman" class="hanchor" ariaLabel="Anchor">#</a></h3>
|
|
<p>One of the most interesting features of Podman is that it is daemonless. There isn’t a process running on your system managing your containers. In contrast, the docker client is reliant upon the docker daemon (often running as root) to be able to build and run containers.</p>
|
|
<p>Podman is rootless by default. It is now possible to <a href="https://docs.docker.com/engine/security/rootless/">run the docker daemon rootless</a> as well, but it’s still not the default behaviour.</p>
|
|
<p>I’ve also observed that so far my 2019 16" Macbook Pro hasn’t sounded like a jet engine, although I haven’t performed any disk-intensive operations yet.</p>
|
|
<h3 id="installing-podman">Installing Podman<a href="#installing-podman" class="hanchor" ariaLabel="Anchor">#</a></h3>
|
|
<p>Running Podman on macOS is more involved than on Linux, because the podman-machine must run Linux inside of a virtual machine. Fortunately, the installation is made simple with <a href="https://formulae.brew.sh/formula/podman">brew</a> (read <a href="https://podman.io/getting-started/installation#linux-distributions">this</a> if you’re installing Podman on Linux):</p>
|
|
<pre><code class="language-sh">brew install podman
|
|
</code></pre>
|
|
<p>The podman-machine must be started:</p>
|
|
<pre><code class="language-sh"># This is not necessary on Linux
|
|
podman machine init
|
|
podman machine start
|
|
</code></pre>
|
|
<h3 id="running-a-container">Running a container<a href="#running-a-container" class="hanchor" ariaLabel="Anchor">#</a></h3>
|
|
<p>Let’s try to pull an image:</p>
|
|
<pre><code class="language-console">$ podman pull alpine
|
|
Trying to pull docker.io/library/alpine:latest...
|
|
Getting image source signatures
|
|
Copying blob sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e
|
|
Copying config sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
|
|
Writing manifest to image destination
|
|
Storing signatures
|
|
14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
|
|
</code></pre>
|
|
<blockquote>
|
|
<p>If you’re having an issue pulling images, you may need to remove <code>~/.docker/config.json</code> or remove the set of auths in the configuration as mentioned <a href="https://stackoverflow.com/a/69121873/1191286">here</a>.</p>
|
|
</blockquote>
|
|
<p>and then run and exec into the container:</p>
|
|
<pre><code class="language-console">$ podman run --rm -ti alpine
|
|
Error: error preparing container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b for attach: error configuring network namespace for container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b: error adding pod unruffled_bohr_unruffled_bohr to CNI network "podman": unexpected end of JSON input
|
|
</code></pre>
|
|
<p>What does this error mean? A bit of searching lead to <a href="https://github.com/containers/podman/issues/11837">this github issue</a>.</p>
|
|
<p>Until the fix is released, a workaround is to just specify a port (even when it’s not needed):</p>
|
|
<pre><code class="language-sh">podman run -p 4242 --rm -ti alpine
|
|
</code></pre>
|
|
<p>If you’re reading this from the future, there is a good chance specifying a port won’t be needed.</p>
|
|
<p>Another example of running a container with Podman can be found in the <a href="https://jellyfin.org/docs/general/administration/installing.html#podman">Jellyfin Documentation</a>.</p>
|
|
<h3 id="aliasing-docker-with-podman">Aliasing docker with podman<a href="#aliasing-docker-with-podman" class="hanchor" ariaLabel="Anchor">#</a></h3>
|
|
<p>Force of habit (or other scripts) may have you calling <code>docker</code>. To work around this:</p>
|
|
<pre><code class="language-sh">alias docker=podman
|
|
</code></pre>
|
|
<h3 id="podman-compose">podman-compose<a href="#podman-compose" class="hanchor" ariaLabel="Anchor">#</a></h3>
|
|
<p>You may be wondering: what about docker-compose? Well, there <em>claims</em> to be a drop-in replacement for it: <a href="https://github.com/containers/podman-compose">podman-compose</a>.</p>
|
|
<pre><code class="language-sh">pip3 install --user podman-compose
|
|
</code></pre>
|
|
<p>Now let’s create a <code>docker-compose.yml</code> file to test:</p>
|
|
<pre><code class="language-sh">cat << EOF >> docker-compose.yml
|
|
version: '2'
|
|
services:
|
|
hello_world:
|
|
image: ubuntu
|
|
command: [/bin/echo, 'Hello world']
|
|
EOF
|
|
</code></pre>
|
|
<p>Now run:</p>
|
|
<pre><code class="language-console">$ podman-compose up
|
|
podman pod create --name=davegallant.github.io --share net
|
|
40d61dc6e95216c07d2b21cea6dcb30205bfcaf1260501fe652f05bddf7e595e
|
|
0
|
|
podman create --name=davegallant.github.io_hello_world_1 --pod=davegallant.github.io -l io.podman.compose.config-hash=123 -l io.podman.compose.project=davegallant.github.io -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=hello_world --add-host hello_world:127.0.0.1 --add-host davegallant.github.io_hello_world_1:127.0.0.1 ubuntu /bin/echo Hello world
|
|
Resolved "ubuntu" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
|
|
Trying to pull docker.io/library/ubuntu:latest...
|
|
Getting image source signatures
|
|
Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
|
|
Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
|
|
Copying config sha256:597ce1600cf4ac5f449b66e75e840657bb53864434d6bd82f00b172544c32ee2
|
|
Writing manifest to image destination
|
|
Storing signatures
|
|
1a68b2fed3fdf2037b7aef16d770f22929eec1d799219ce30541df7876918576
|
|
0
|
|
podman start -a davegallant.github.io_hello_world_1
|
|
Hello world
|
|
</code></pre>
|
|
<p>This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.</p>
|
|
<h3 id="summary">Summary<a href="#summary" class="hanchor" ariaLabel="Anchor">#</a></h3>
|
|
<p>Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers.</p>
|
|
<p>One caveat to mention is that there isn’t an official graphical user interface for Podman, but there is an <a href="https://github.com/containers/podman/issues/11494">open issue</a> considering one. If you rely heavily on Docker Desktop’s UI, you may not be as interested in using podman yet.</p>
|
|
<blockquote>
|
|
<p>Update: After further usage, bind mounts do not seem to work out of the box when the client and host are on different machines. A rather involved solution using <a href="https://en.wikipedia.org/wiki/SSHFS">sshfs</a> was shared <a href="https://github.com/containers/podman/issues/8016#issuecomment-920015800">here</a>.</p>
|
|
</blockquote>
|
|
<p>I had been experimenting with Podman on Linux before writing this, but after listening to this <a href="https://kubernetespodcast.com/episode/164-podman/">podcast episode</a>, I was inspired to give Podman a try on macOS.</p></section>
|
|
|
|
<div class="post-tags">
|
|
|
|
|
|
<nav class="nav tags">
|
|
<ul class="tags">
|
|
|
|
<li><a href="/tags/docker">docker</a></li>
|
|
|
|
<li><a href="/tags/podman">podman</a></li>
|
|
|
|
<li><a href="/tags/containers">containers</a></li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
|
|
</div>
|
|
</article>
|
|
</main>
|
|
|
|
<section id='comments' class='comments'>
|
|
<div class='container sep-before'>
|
|
<div class='comments'><script>
|
|
|
|
var getTheme = window.localStorage && window.localStorage.getItem("theme-storage");
|
|
getTheme = getTheme == null ? 'light' : getTheme;
|
|
|
|
let theme = getTheme === 'dark' ? 'github-dark' : 'github-light';
|
|
let s = document.createElement('script');
|
|
s.src = 'https://utteranc.es/client.js';
|
|
s.setAttribute('repo', 'davegallant\/davegallant.github.io');
|
|
s.setAttribute('issue-term', 'pathname');
|
|
s.setAttribute('theme', theme);
|
|
s.setAttribute('crossorigin', 'anonymous');
|
|
s.setAttribute('async', '');
|
|
document.querySelector('div.comments').innerHTML = '';
|
|
document.querySelector('div.comments').appendChild(s);
|
|
</script>
|
|
</div>
|
|
</div>
|
|
</section><footer>
|
|
<div style="display:flex"><a class="soc" href="https://github.com/davegallant" rel="me" title="GitHub"><i data-feather="github"></i></a>
|
|
<a class="border"></a><a class="soc" href="https://twitter.com/davega11ant/" rel="me" title="Twitter"><i data-feather="twitter"></i></a>
|
|
<a class="border"></a><a class="soc" href="https://mastodon.social/@davegallant" rel="me" title="Mastodon"><i data-feather="speaker"></i></a>
|
|
<a class="border"></a><a class="soc" href="https://www.linkedin.com/in/dave-gallant/" rel="me" title="LinkedIn"><i data-feather="linkedin"></i></a>
|
|
<a class="border"></a></div>
|
|
<div class="footer-info">
|
|
2023 Dave Gallant
|
|
</div>
|
|
</footer>
|
|
|
|
|
|
<script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script>
|
|
<script>
|
|
var doNotTrack = false;
|
|
if (!doNotTrack) {
|
|
window.dataLayer = window.dataLayer || [];
|
|
function gtag(){dataLayer.push(arguments);}
|
|
gtag('js', new Date());
|
|
gtag('config', 'G-V8WJDERTX9', { 'anonymize_ip': false });
|
|
}
|
|
</script>
|
|
|
|
<script>
|
|
feather.replace()
|
|
</script></div>
|
|
</body>
|
|
</html>
|