Today, every fast-growing business enterprise has to deploy new features of their app rapidly if they really want to survive in this competitive market. Developing apps today requires so much more than writing code. For developers, there is a vast array of complex tooling and a duplicate set of commands and tasks to go from local desktop to cloud-native development. It takes hours and possibly days for the development team to decide on the right cloud environment to meet their requirements and to have that environment successfully set up.

In the world of containerization, Docker has long been the go-to choice for developers and system administrators. However, with the rise of alternative container engines like Podman, it's important to understand the similarities, differences, and key features of each. In this article, we will compare Docker and Podman, highlighting their strengths and use cases to help you make an informed decision on which container engine to choose.

Let's first Debunk the Myths

Undoubtedly, Docker today is the de facto standard for most of the developers for packaging their apps but as the container market continues to evolve and diversify in terms of standards and implementations, there is a rise of a confusion among the enterprise developers to choose the right container platform for their environment. Fortunately, I am here to help you with top 5 reasons debunking many of these modern myths. This blog aims to clear up some commonly held misconceptions in the field of Docker capabilities. The truth, as they say, shall set you free and ‘whalified’. In this article, we will also compare Docker and Podman, highlighting their strengths and use cases to help you make an informed decision on which container engine to choose.

Myth #1: Podman support rootless containers, Docker doesn’t.

This myth says that the Docker daemon requires root privileges and hence admins can’t launch containers as a non-privileged user.

Fact: Rootless mode was introduced in Docker Engine v19.03 as an experimental feature. Rootless mode graduated from experimental mode in Docker Engine v20.10. This means that Docker today can also be run as a non-root user. Rootless containers have a huge advantage over rootful containers since (you guessed it) they do not run under the root account. The benefit of this is that if an attacker is able to capture and escape a container, this attacker is still a normal user on the host. Containers that are started by a user cannot have more privileges or capabilities than the user itself.

Learn more – docs.docker.com/engine/security/rootless

Myth #2: Docker doesn’t support daemonless architecture, Podman does.

Let us understand this myth. It says that when working with Docker, you have to use the Docker CLI, which communicates with a background daemon (the Docker daemon). The main logic resides in the daemon, which builds images and executes containers. This daemon runs with root privileges which presents a security challenge when providing root privileges to users. It also means that an improperly configured Docker container could potentially access the host filesystem without restriction. As Docker depends on a daemon running in the background, whenever a problem arises with the daemon, container management comes to a halt. This point of failure therefore becomes a potential problem.

Fact: By default, when the Docker daemon terminates, it shuts down running containers. You can configure the daemon so that containers remain running if the daemon becomes unavailable. This functionality is called live restore. The live restore option helps reduce container downtime due to daemon crashes, planned outages, or upgrades. To enable the live restore setting to keep containers alive when the daemon becomes unavailable, you can add the configuration to the daemon configuration file:

On Linux, this defaults to /etc/docker/daemon.json. On Docker Desktop for Mac or Docker Desktop for Windows, select the Docker icon from the task bar, then click Preferences -> Docker Engine

Use the following JSON to enable live-restore.

{

"live-restore": true

}

Learn more: docs.docker.com/config/containers/live-rest..

Myth #3: Docker doesn’t support Container Image signing. Podman does it flawlessly

This myth states that Docker is not secure. Docker images can’t be trusted as they are not signed. Docker doesn’t validate your images and doesn’t have capability to track the source from where the Docker images are being pulled.

Fact: Docker Content Trust has been there since v1.8. Docker version 1.8 introduces Content Trust, which allows you to verify the authenticity, integrity, and publication date of Docker images that are made available on the Docker Hub Registry. Docker Content Trust (DCT) provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side or runtime verification of the integrity and publisher of specific image tags.

Within the Docker CLI we can sign and push a container image with the ‘docker trust’ command syntax. This is built on top of the Notary feature set. A prerequisite for signing an image is a Docker Registry with a Notary server attached (such as the Docker Hub ).

docker trust

Usage:  docker trust COMMAND

Manage trust on Docker images

Management Commands:
  key         Manage keys for signing Docker images
  signer      Manage entities who can sign Docker images

Commands:
  inspect     Return low-level information about keys and signatures
  revoke      Remove trust for an image
  sign        Sign an image

Run 'docker trust COMMAND --help' for more information on a command.

Learn more – docs.docker.com/engine/security/trust

Myth #4: Docker is becoming paid and not free software anymore. Podman is 100% free.

This myth states that Docker is not free software anymore. Docker has completely monetized the software and hence one needs to pay for the subscription if they want to use it.

Fact: Docker Engine and all upstream open source Docker and Moby projects are still free. Docker Desktop is free to download and install for your personal use. If you’re running a small business with fewer than 250 employees and less than $10 million in annual revenue, Docker Desktop is still free. No matter, if you are a student or an instructor either in an academic or professional environment, it is still free to download and install. If you are working on any open source non-commercial project hosted over GitHub and abide by the Open Source Initiative definition, you can use Docker Desktop for free. All you need to do is to fill up the form and apply here.

For your open source project namespace on Docker Hub, Docker offers unlimited pulls and unlimited egress to any and all users, with no egress restrictions applying to any Docker users pulling images from that namespace. In addition, if your open source project uses Autobuild capabilities, you can continue using them for free. You are also free to continue to use Docker Desktop via the Docker Personal subscription.

Myth #5: Docker doesn’t support Kubernetes

This myth states that Docker is incapable to run Kubernetes Pods. A Pod represents a single instance of a running process in your cluster. Pods contain one or more containers, such as Docker containers. When a Pod runs multiple containers, the containers are managed as a single entity and share the Pod’s resources.

Fact: Docker Desktop does allow you to run Kubernetes Pods. If you have Docker Desktop installed in your Mac or Windows system, you can enable Kubernetes under Dashboard UI and then deploy Pods over it. You can even use the native Docker compose tool to bring up Kubernetes resources seamlessly.

Learn more – docs.docker.com/desktop/kubernetes

5 Reasons why You Should use Docker instead of Podman

Here is the list of the top five reasons why you should use Docker instead of Podman:

1. Extensive Community and Ecosystem Support

Docker has a vast and well-established community with extensive resources and support. It offers a wide range of documentation, forums, and third-party tooling. The vibrant community ensures continuous development, support, and availability of Docker-related resources.

2. Comprehensive Image and Container Repository

Docker Hub, the official image repository for Docker, hosts a massive collection of pre-built container images. It provides a centralized platform for discovering, sharing, and collaborating on container images. The extensive library of Docker images simplifies the process of finding and deploying popular software stacks and applications.

3. Industry Standard and Compatibility

Docker has become the industry standard for containerization, with widespread adoption across various platforms. Major cloud providers, orchestration platforms, and CI/CD pipelines have built-in support for Docker. Its broad compatibility ensures seamless integration and portability across different deployment environments.

4. Powerful Orchestration and Tooling

Docker provides robust orchestration capabilities through Docker Compose and Docker Swarm. Docker Compose allows you to define and manage complex multi-container setups using a declarative YAML file. Docker Swarm enables container orchestration across multiple hosts, offering features like service discovery, load balancing, and rolling updates.

5. Maturity and Innovation

Docker has a rich history of driving containerization innovation. It introduced essential features such as container images, container registries, and container networking. Docker continues to invest in enhancing its platform, addressing security concerns, and improving performance based on real-world use cases.

These reasons emphasize Docker's extensive community support, compatibility, powerful orchestration capabilities, and its track record of innovation. However, it's essential to consider your specific requirements and evaluate factors like security, simplicity, and rootless container support provided by Podman before making a decision.