What are the principal differences between Docker and Podman?
This is just based off of some naive use in some of my personal projects so I am very welcome to corrections but here is my basic understanding.
At the top level (ie a users perspective) the goal of Podman is to be identical to Docker (their big selling point is alias podman=docker).
At a lower level (ie a system admins perspective) Docker is a root owned daemon so anyone trying to use it needs sudoers permissions while podman is a stand-alone binary based off of linux namespaces so theoretically any user without sudoers can use it.
This is correct. Podman aims to be a rootless / daemonless container engine for running OCI compatible containers. It also uses the same exact syntax of docker.
There’s a really good explanation on their website, https://podman.io/whatis.html
Docker does not map to the typical HPC IAM use case AT ALL but it has a huge install base and still probably is the easiest way for end users to develop containers on their laptops/desktops.
Podman provides a way for docker/OCI users to run docker containers on HPC systems in user space without any elevated privileges.
TLDR; develop using docker locally; run docker containers using podman on HPC systems (if performance isn’t a huge concern); if performance is a concern, consider using singularity