While reading various news portals, one gets the impression that Docker is a technology that no one uses anymore. The RedHat people seem to be using podman, and Kubernetes has deprecated Docker support. The internet is trying hard to sell the opinion that the days of Docker are over.

In the real world, however, Docker is still going strong. Very strong indeed. Companies are just migrating their applications to Docker. Moreover, most of them do not start with podman. Or even Kubernetes. They are first migrating their monolithic application to Docker.

Most people do not know podman at all. Furthermore, sometimes being compatible is very important. One does not want to give excuses on why certain features do not work with podman. For example, people often depend on docker-compose, and while podman-compose exists, one still cannot expect full compatibility. Also, the project seems to be inactive. Podman in itself is not fully compatible with Docker as well.

The problem with Docker is that it runs with root privileges. Running with root privileges sounds wrong because it might lead to security problems. What if there is a working container escape exploit? It is possible someone can execute commands with root privileges outside the container. Yes, outside the container, on the host system. Executing commands with root privileges outside the container is an excellent reason not to run something like Docker. One can understand the drive to use podman. People with security in mind should invest in podman. Podman can run with root privileges, but people who use it are trying to build rootless containers.

Running as root, however, has several advantages. Sometimes containers want to bind a port like 80 or 443. Non-root users cannot bind ports lower than 1024. So when using podman to run rootless containers, one cannot bind these ports. One can indeed work around this limitation on a different level. Firewall rules can be defined to redirect traffic to a specific local port, for example.

While people on the internet are praising the end of classic Docker, there is still a place for it. People are using Docker with Windows. Docker for Windows supports a “classic” and a WSL 2 mode. As a DevOps guy, one already has to support these two variants. Some companies have built Linux virtual machines with Docker installed. Having Linux virtual machines with Docker installed is an excellent way to avoid compatibility issues. On the downside, these companies have to invest in extra infrastructure and probably in more support requests.

Podman is working with WSL 2 as well, but people still are running old versions of Windows 10, so as a DevOps guy, one still has to go around this issue when investing in podman.

Another problem with podman is that it requires a relatively current version of Ubuntu Linux. Requiring a relatively current Ubuntu version is only a problem when one is running it on their servers. It is not uncommon to find Ubuntu 16.04 LTS on servers still, though support will end this year (except one is paying for extended support). Podman requires Ubuntu 20.10, which is not even an LTS version. Standard versions found in production systems are 16.04 LTS and 18.04 LTS.

On the other hand, running podman with CentOS 7 is not a problem at all. Podman is a RedHat project, and it is clear they favor RedHat Enterprise and CentOS Linux. RedHat refers to the Kubic Project if one wants to run podman on older Debian and Ubuntu systems.

So, one probably has to invest in classic Docker as well as podman. To have the best compatibility, a company must invest in Linux virtual machines with Docker or podman installed. Developers are using Windows, Linux, and macOS on their machines. Supporting all these different “backends” is probably more work than just providing virtual machines with Linux and Docker installed.

There is not just one way of doing it, of course.