Updated

I’ve been a Docker loyalist for years. But lately, I’ve been experimenting with Podman, and honestly? It’s grown on me.

The switch started out of necessity. I’ve been working on FEGA for a while, I needed rootless containers for security reasons. Docker can do rootless, but it always felt like an afterthought. Podman was built for it from day one.

What’s the Difference?

At the surface, not much. Podman is CLI-compatible with Docker. This works:

alias docker=podman

Seriously. Most commands just work. But architecturally they’re different.

Docker runs a daemon. Every container talks to dockerd, which runs as root. Podman doesn’t have a daemon. Containers run as child processes of your shell. No daemon means no single point of failure, no root process sitting there waiting.

The Gotchas

A few things bit me:

  1. Compose — There’s podman-compose and podman play kube, but honestly? We still use docker-compose with Podman as the backend. It just works. Set DOCKER_HOST to your Podman socket and your existing compose files run unchanged. Sometimes the boring solution is the right one.
  2. Networking — Docker’s bridge network just works out of the box. Podman needs more hand-holding when containers need to talk to each other:
podman network create mynet
podman run --network mynet --name app1 myimage
podman run --network mynet --name app2 myimage
  1. Build caching — This is where Docker still wins. BuildKit has SPOILED ME.

Docker BuildKit

It builds independent stages in parallel. If our multi-stage Dockerfile has a frontend and backend that don’t depend on each other, they build at the same time. It also does content-addressed caching! Meaning that it can reorder your Dockerfile and the cache still hits if the files haven’t changed.

For example:

FROM node:20 AS frontend
# build frontend (base image #1) ...

FROM golang:1.22 AS backend
# build backend (base image #2)...

FROM alpine
# build final stage (base image #3)...
COPY --from=frontend /ui/dist /usr/share/nginx/html
COPY --from=backend /api/app /app

BuildKit vs Buildah

Podman uses Buildah, which doesn’t do parallel stages yet. For simple images you won’t notice. For anything with heavy multi-stage builds, you will.

When to Use What

I still reach for Docker when I need fast builds, or I’m just spinning up something throwaway. For anything security-sensitive or closer to production? Podman.

They read the same Dockerfiles, pull from the same registries, produce OCI-compliant images. Switching between them costs nothing.

Been away from writing for most of 2025. Feels good to be back.

Well, now what?

You can navigate to more writings from here. Connect with me on LinkedIn for a chat.

  1. 2026

    1. Why I Switched to Podman (and Why You Might Too)
      February 02

  2. 2024

    1. The World is Stochastic
      October 18
    2. Debugging a running Java app in Docker
      May 29
    3. Why is it UTC and not CUT?
      February 21

  3. 2023

    1. Deep prop drilling in ReactJS
      December 26
    2. Eigenvectors
      October 24
    3. Java's fork/join framework
      October 21
    4. TypeScript's omit and pick
      August 10
    5. JavaScript's new immutable array methods
      June 28
    6. Integrating JUnit 5 in Maven projects
      May 25
    7. My take on ChatGPT and prompt engineering
      March 11
    8. Declarative events in ReactJS
      March 09
    9. Positive Lookaheads
      March 07
    10. Functors
      March 06
    11. Fast forward videos with ffmpeg
      January 18
    12. Rotate y-axis of a 2D vector
      January 05

  4. 2022

    1. Synchronizing time
      December 31
    2. Vector rotation
      November 20
    3. Sed find and replace
      November 14
    4. Asgardeo try it application
      September 06
    5. Flatten error constraints
      August 11
    6. Good Git commit messages
      July 24
    7. Asgardeo JIT user provisioning
      March 09
    8. Monotonic Arrays
      February 25
    9. How GOROOT and GOPATH works
      February 01

  5. 2021

    1. Two summation
      November 21