 Good morning. Good afternoon. Good evening. Wherever you're handling from welcome to another edition of the little up hour here on open shift TV I am Chris short executive producer of open shift TV. I speak so quick sometimes that I don't even realize what words I'm saying Because I'm so used to this Langdon. How you doing this morning, buddy? Yes Well, I'm I'm now a little concerned because I feel like I've been diminished in your eyes because I'm not apparently illustrious today So oh, I'm so sorry the illustrious Langdon white everybody. Thank you. Thank you And and you brought on a guest. I know. Yeah, that's what I'm super excited about And I also speak very quickly. I normally know what I'm saying But I don't have the word wicked in basically every sentence. I feel like not a proper Bostonian So, you know, there's that So Brent Pouty is here with us today to talk about kind of what's new in podman v3 and I I have applied the title Architect to him for the project, but I completely made that up. So we'll also ask him what his actual title is on the on the project and Well, we'll go through a bunch of different stuff Brent, do you want to give a quick introduction yourself and then we'll kind of introduce the show a little more? Sure Brent Pouty. I'm on the containers of runtime team and and At Red Hat and our primary focus is on things like podman build a scopio containers image and storage And and other associated libraries. I am actually the podman architect and And I'm located in Minnesota In this out in the sticks out in the sticks. Okay, you're full Chris is in Michigan. So, you know, it's all it's all flyover as far as oh, thanks Thanks, buddy. I'll be sure to crap on Boston every chance I get now. Oh, yeah And then we like it that way Yeah, well, you know, you gotta you gotta get the jokes in Let's see. Have I been to Michigan? I think I have been to Michigan. Oh, no, I'm sorry I've definitely been to Detroit and Michigan. I was gonna say Minnesota I think I've been to Minnesota But I'm trying to hit that all 50 states one of these days But mostly it doesn't count as far as I'm concerned If all you do is go to the airport on your way to somewhere else, right? You have to like get out and like go places as well All right, so let me share our like truly amazing slides As we do each time to try to just kind of introduce the show We You know, this is the level up hour if you are lost. That's what we're doing here today and this show is about Trying to figure out why containers are interesting and how they might be interesting to you Especially as like a rel admin say and you want to you you hear all this buzz or whatever around containers You know, you got to learn about them someday So that's what we're here to talk about is like a Help you to learn about containers But more importantly show you how awesome they are for your kind of like every day even as a like a rel admin job Right, you don't need to be You know some sort of cloud native software developer or an open shift admin or any of those things To really appreciate why containers are super useful just in general And so that kind of leads us into things like tools like pod man, which is why we're talking about v3 today So about the show you can find us on Twitter at Langdon with a one and Chris short all one word and two s's as we discussed last time and You can also find us in relatively active discussion lately in our discord Where you can come in and ask questions about the various shows or about you know, the technologies used on the shows and Sometimes we know the answer and sometimes we corral other people to join us to help you with the answer So please come and join us there and I assume you're doing the magic discord button Stand by I'm putting our Twitter handles in and then I will be okay. All right discord button awesome And then as I always do I like to just kind of say, okay, if you want to know more about the level up program Which is kind of like a way like it's a way red hat is trying to help our customers Excuse me kind of level up into containers and in open shift in general And so there's a bunch of like free training and free licensing and stuff like that So check out the website red hat slash level up our and then today we have pod man With Brent Boudie and then last episode which was not last week, right? It was week before Was episode 28 and you can find the show notes at that link and I will drop that link into the chat Once I find the window that has it and Then I will drop it in there, but so let's go ahead and get started because nobody likes slides Yeah, let's get into it All right, so my first and hopefully simplest question You know or the thing that's been coming up for a lot of people and we talked about this even a little before the show is pod man and kind of support for Docker compose And just to give a little bit of background if you are unfamiliar One of the things we talk about on this show a lot is like as soon as you start using one container You start to recognize the need for a bunch of containers to accomplish your goal and what we refer to that is is orchestration and One of the very popular and I hesitate to say lightweight, but lightweight or straightforward or simple Orchestration models is been this thing's been floating around for a bunch of years I don't even think it was developed by Docker called Docker compose And it's super useful You kind of say I want a little web server and I want a database server and blah blah blah And then you can just describe all the pieces you need and say go and up comes all those containers And so recently in podman v3 podman has grown support for being able to read those same files I know this is where Brent comes in and and tells me how it actually works Yeah, I think it's important to also look at To look at how we kind of got here at the decision to support compose Was not taken lightly. It was something we had Debated probably for a year and a half Oh, wow before before even deciding to say, okay, let's do it. Wow. And so we yes and that's because of the of the beliefs around the orchestration model which we which I think will probably get to a little bit later, but if we We made the decision in the podman 2.x time frame to go ahead and support the Docker API the restful API and That was because we we were told very clearly by users that it's It's difficult to get off of Docker and onto podman even if they want to If they've written applications that consume that the restful API So we designed this split personality API for podman that answers to the Docker API but also has a podman API That has all the special stuff that podman has It wasn't long after that where you know, we were trying to really knock out hurdles for people to use podman and to use it more production rather than just Rather than just as a develop strictly as a single development tool and It became clear with the removal of Docker. Shall we say from rel 8? That Docker composes was really the last bastion to get taken care of and and we were seeing users and They were rather audible about it not being able to adopt podman and or leave Docker Without the investment. Yeah. Yeah, whether you will 100% believe that is the case or not That's that's the argument and it's reasonable Mm-hmm. So So last fall when we had our Well, it was even longer ago, but we decided, okay, we got to do this We got to get composed in because we don't we want to eliminate all the Rat for lack of a better word excuses that That prevent people from migrating barriers to entry hurdle. Yes, and let's be honest This is about rel 7 and rel 8 people can't move to rel 8 If they can't get their workload moved, right, right? Actually, I had a question come up on Twitter literally I think yesterday That someone was asking is like when will podman v3 be available for rel 8? And I was like, don't know But I I said I would ask and they brought up the great point of hey It could be in an app stream and I was like, oh, yeah, I like those. I was very involved in making those happen So is is there is podman v3 released already for rel? I didn't actually go and dig around because I knew we had the show Do you know what the timeline might be? This is what happens when you ask a developer who's right right? About what happened three months. Well, this is LinkedIn and I's problem too, right? We're talking about living in the future, but trying to stay in the present, right? I believe eight four is the target. Okay for version three Well, luckily, it's just between the three of us and so, you know, no one's no one's being quoted here But you know, but it's very very soon. I want to say is it me? I think it's me. Okay. This comes out Hey, okay. Good. So so but that and and fundamentally the goal is to have it land in rel, right? A v3 for rel dot next whatever that's gonna be it's it's like in one of the current rels Is where the the plan is for it to land. Let's put that way. Yeah, actually a V3 versions. I think it's a release candidate slipped out through the sent us the new Oh nice Yeah If anything that involves Koji is not answers that you want right rule. Yeah, no, so Actually, it kind of I was just sorry. I was thinking we have a show on the channel actually the rel What's it's called the rel admin show the rel something show with McBrien? Where you can definitely go hassle him about when pod man v3 will will be heading rel itself So so you ask you asked a question, which I don't think I quite answered Which which was your first question I just gave a little background about how we got there. Oh, okay Remind me. What was the specific? So I was gonna ask it like like what's what's my expectation as a former docker compose user or whatever About the future and and for me what I find actually Like most limiting about using pod man without having composed support is that I find random software on the internet And I want to try out and they have provided a docker compose file. So like right What's what's my expectation of is it a hundred percent compatibility? How you know, what should I what should I be expecting? Okay, the rules so to speak. Yeah. Yeah So if for those that maybe don't know a docker compose file is just a yaml structured file And it's kind of a recipe on how to build and run one or more containers and it also has the ability to sort of say how they should work together and The so-called rules for 3.0 are fairly simple root full only so We wanted to get root full pod man support of compose because that's what docker does. So that's the apples to apples comparison right functionally one of the areas always is going between Pied man and docker regardless of compose is always going to be swarm. We don't do swarm will never do swarm Okay, right? That's not the way we went. So if your Compose file dips into that water, which I don't see a lot of yeah, then we can't we can't digest that Well, we can digest so we can't run it right right otherwise. It should It should all work if it doesn't it's likely a bug and As you know, we're quite receptive to those upstream. Yep And so when we see those we go ahead and fix them right away. Yep Actually, and I mean it stands to reason, right? I mean, I've seen swarm like next to nothing You know swarms addition to docker compose was was really far into the you know, the docker compose like lifespan So I'm not I'm not all that surprised. I am curious. How is oh good. Sorry. I was gonna say one other thing there has been some confusion with early with folks that Don't have a straight vision for this. Let's say there has been confusion on they're thinking that somehow our Podman can interact with the docker stores like The docker's container runtime where the containers are running or their image stores. That's not the case It's it's a YAML file. Let's get fed in the podman. It's a hundred percent isolated from docker Right except that you run docker compose under pseudo presumably to To get this thing going so there's not actually an interaction between podman and docker's back ends You can see the containers and whatever it's it what we did is we wired The docker compose application, which is a python application to Podman's back end. Oh Oh, so this is not a podman command No, you can you if you dnf install docker compose on fedora You get the docker compose And you just run it and it's but it's actually using podman underneath, but it's using path podman as it's back in Okay, okay, that's the user experience we wanted so when when we say we wired up Docker compose what we did is made sure when you run compose and those API calls go through the restful interface We know what to do with them and we respond So it was also in a in a sense right a really good test of the sufficiency of your rest API implementation unfortunately Totally see that Also, it also forced us our hand on a number of commands or API endpoints that we didn't want to implement Because we for example a big one was container rename and we With the way pie man was designed. We had a hard fast belief that a Container's a container. It's not mutable You if you want to make a different container that's that name or whatever you deleted it and you recreated it but Docker compose uses remain and So we were you know, we had we had a force to contemplate that the other thing we had to do is fix some of our we had two network commands because we Under that same belief you didn't really modify a container on the fly the whole ability to be able to connect a Container to a network or disconnect it on the fly was not something we wanted to do this forced our hand. We now have a We have a pod man network connect and disconnect command because composed uses that so so it really forced us also to look at a lot of things we were doing and and So the side effect that the net side effect was just a good thing Is that our CLI became more compatible as well? Catching some of those commands that were on the outer edges Right, right. Oh, yeah, that's neat. Oh, yeah. Sorry. Go ahead lots lots of stuff happening in the chat right now I'm gonna start from the easy stuff for the hard stuff. So playing risky asked was volume is one of those I remember Dan mentioning that docker would create volume directories if they didn't exist while pod man wouldn't with pod man compose This has been an ongoing argument Did Dan tell you that our view of what docker does is that that's a bug? Versus a feature right, I mean typically in you know, POSIX you don't Create things that don't exist for people. You know Docker does we don't I believe in that end of that Was that we should do it for the API endpoint. So if you call in through the docker API Then we should do what docker does Nice so next question Well, what just a point of clarification. There's docker compose and there's pod man compose, right? Docker requires Podman compose is a separate project. Okay, and It has a different. I don't know if it has a different file format, but it essentially wraps pod man executable It doesn't call to its back end like Like docker compose Okay, did the docker compose like did the original one always like has it always called the API? Cuz I thought it was a wrap around docker too. Well, I don't know in the very very beginning but for The recent years. It's it's using the docker Python Package, okay to talk to the back end and I understand that has that is currently under development That they're changing that portion as well. They mean docker. Yeah. Yeah. Okay. Now. Here's the hard question pod man on Mac People want that I get asked for it at least weekly when will pod man on Mac start working and I know there's been some effort To kind of help with that. When will it start working two weeks ago? There you go. It started working A team member Ashley and I have been working the last three weeks on Exactly that we have a design in mind user experience in mind and how this should work Which differs a little bit from docker, but the user experience in the end is going to be about the same We've been working on Actually, we're gonna allow it. It's part of the pod man command The way we're building it so pod man machine will now be a command in pod man And then so it'd be like pod man machine and knit start stop remove SSH, that's what we can list. That's what we have today. Okay. That's all upstream in the main branch It went in After we cut 3 1 which was cut This week so 3 1 release is now out And it's going through the various fedora isms to get into Bodie and we've got a Set of folks that are testing it and giving it the run through It's still using the plan though is still to use a VM which is actually running the containers, right? Yes, actually we wrote this in a way that the back end if you will which which could be Livevert QMU Lib K run We wrote this such that we can do Those can be added And and then users can decide Or somebody a developer's gonna decide it's important enough to add it and then That will become available The Lib K run guys and I asked us to make sure that we started design it in that way and We're happy. I mean it's not really any extra work. We're happy to do that and So the version we're using right now. It uses QMU and We have it working on The reason I mentioned it was part of a command is because we're sort of developing in Linux It's just kind of faster for us but We've been also testing and developing on Apple M1s and we have it working there as well. Oh I like that That that decision so like I'm at this inflection point where it's like I need Something device wise new to do stuff and I'm trying to figure out where I land and be at PC or M1 Mac or Whatever a new iPad Pro comes out next month or whatever. I'm not sure yet. So that's interesting I will say they're quite nice. Yeah, no kidding. That's what I've heard nothing but good news Andrew Sullivan on our team has one and you just is enamored with it and was worried about like graphics performance and everything and apparently it's no issue It has not been the only Issues with taking this live or to GA with M1 is twofold We've got two hurdles that we're working on both. One is that there needed to be some There's a patch set from from a QMU developer That needs to get into QMU upstream proper and get released That has some specific enablement for M1s for the architecture and the second thing is The Out of the gate. We're basing this on Fedora CoreOS That's the VM running underneath And AR64 is not a Official architecture for CoreOS yet But we do see that changing very very soon So those are the two hurdles we're working on even then We've got a way to work around the fact that it's not official and we there's a mirror we can go grab them from And so the user experience will be as simple as this you you're gonna brew install Podman mm-hmm Which which will bring in the dependencies and whatever else we need then you're gonna do podman machine a knit and Hit enter and it's gonna go grab the default image uncompress it and then you're gonna do podman machine start And it'll boot that and it'll hold the terminal until it knows it's booted And then you can do podman remote or just podman And off it it'll automatically set up the keys and automatically Do what you need to do That's awesome so I thought I saw an article about this exact setup. I cannot remember where it was a red hat property I can't remember if it was developers or open source.com or do you recall by chance? It wasn't you writing it. I think because of What was the article about like podman on mac? Uh, oh And like kind of like a what what you just said in text form. Uh, no There's nothing like that yet Okay, there is a podman. There are several blogs on podman on mac on how to use A darwin a binary that we compiled of darwin To interact with a linux session somewhere else But we've never talked about it actually physically being on the same machine And us doing all the setup work and you can understand you got to think about the barrier here We're probably it seems actually quite small compared to docker corporation um We didn't really want to get into the virtualization business The operating system business, you know to make this all work and wire it all up that We're kind of putting ourselves a little bit out there and the hope is That the upstream community will help once we get the initial stuff laid out Like that they'll help us kind of maintain it because this this is probably a little bit beyond what we're going to be long-term capable of So I have just a quick question in there, which is um Do you envision at all that the For lack of a better term that the vm be pluggable So would I potentially be able to run rel core os instead of fedora core os? today Well, so i've done that but today You can If you don't do if you just take the default, you know, we wanted the sort of Yeah, you want that you want that really simple setup experience, right? So if you don't do anything you're going to get fedora core os But you can um on the init you can say you can play to a url or a local file and say i want to use this for my image nice Nice because I mean what very cool What comes back for me a lot of the time right is you know having spent many years as a developer is like I really like the things that i'm working on to be as close to production as humanly possible And if I know i'm running rel in production I don't really like developing on fedora, you know, like it might be You know, it might be my daily driver, but that's not the same thing. It's the thing i'm deploying to And you know if i'm on a mac or whatever right it's even worse So You know, it's kind of interesting to be able to say oh, you know what okay. I'm pretty satisfied with this You know, I i've been using the fedora core os. It's fast and you know, it's Excuse me. It's got some, you know future feature set or whatever Let me see what it's going to look like with some beta of rel Um, you know, and that's the that's the developer mindset because you're wanting to match these two things um For the I'll say the more casual user It's going to be I just don't make me figure this all out. Oh totally three three commands And I don't care as long as podman responds Right. I don't care what's on the inside if it's alpine or for the core os or you know, whatever just make it Just make it work To be clear. I only want to do that on the very last day of well, of course, right? I want it super easy until then and and we have also made it such that you can have multiples So you can you could make uh, you could have your default one For f cost and then you can say oh now I want to test it on our cost And do a five-man machine and that uh and give it a name You know our cost and then point it to the our cost image and off you go Nice nice That's very cool. Yeah Um, now there are her let me give you let me so I give me all the great news. Let me give you the news The not very good The news that we're living in right now A couple hurdles we gotta tip we guys knock out Pie man has this whole root full rootless experience If you think about how that applies to this scenario You know, you've got you've got now a host and a vm So root full and rootless on the host and root full and rootless in the vm And you know, what's going to be the deal? So what we've done right now is we've just enabled Rootless on the host rootless on the on the guests But that has limitations primarily in the networking area Right, we can't open rootless users can't open networks port and use ports that are They can't create bridge networks. It can't open ports that it's not allowed to so We're kind of bouncing our way through how does this really end up working in the end Because if you're a root user then you get all this exposure through bridge networking Right On the other hand bridge networking is kind of hard like to program it On the various or use it for that matter. Yeah, exactly So it's not clear cut. We've still got a venture that way Volume mounts will be a challenge From host to guests with two different os's and things like this We've got things to figure out. There are precedents for all of them we're just sort of At this stage, we're just it's like minimum viable product, you know product. Can we get this working? Is it realistic? And um, can we get enough out there that people can start to contribute to those things and help us Because I'm not an I'm not a macOS expert. I can't remember You know if it can do this or it can do that versus Linux the 5.4 kernel or you know, you mean it's right It can get maddening. Yeah. No, trust me. I yeah, I've I have to live in both worlds kind of so yeah Just the nature of the beast of live streaming, right? It's easier to stream from a mac than it is a fedora rig Although we have used fedora quite often to on the channel, but yeah, it's right Um, and it used to be the os that was the streaming thing before he moves to cloud instances. Um So yeah, I I've Fully understand that Linux mac windows like you can't keep track of all three or maybe even two Like it's hard enough with just Linux Yeah, um, so so related to this right so If people wanted to you know, at least contribute back bugs, you know or things like that like What should they do? Is there like a manual list they should join? Is there uh, is there a binary they can go and download and try out now? You know, um, you know or or is this or are you not there yet in a sense? We're not we're not well We would welcome help and we we have already gotten Two or three pull requests from community who's been watching us like sometimes you feel like they're Sitting on the wall kind of creeped over watching you and Did you get it in they pounce The guy has some so we get feedback sometimes within hours of cup qr is going in that's great though. Yeah That's great Yeah, it's it's a little of both and sometimes you get stuff for stuff that you knew you needed a fix You just didn't gotten to it yet, which is even better because it's like they're reading your mind um So we haven't changed what you can get from brew brew is still the the i'll call the old Podman remote approach where it interfaces with linux yet um I can't see Maybe maybe we will I don't quite have a feeling for what we even talked about This problem with the qmua patches, you know, would you actually release? Uh to brew which is the max install method would you release to that when there's a qmua that wouldn't work for an m1? Mm-hmm, but it would work for the intel mac um I don't know we got to kind of see where we are with that patch set. We're sure certainly not going to Distribute qmua on our own Yeah, that'd be a little much. Yeah Um, if but if you want to contribute, there's the if you go to podman io podman.io Uh, there's a mailing list there's um We'll take prs. We really value prs from the community. We try to give them um You know the first read through of the day rather than appears we'll go to something dan is very good about dan walsh was very good about pointing that out um And then really the the best absolute best place is we all hang out on Free node in a channel called pound podman Nice and during the us work time. We are there Uh 100 of the time unless we're in meetings. We're always watching it That's our primary development Communication method so we don't hide away on slack or anywhere else. It's right there come in You know ask a question Sure, but you get our attention when you say hey, I want to fix this bug. What do I do? We'll we'll hand walk you through that Right. I I have been there. I have said, uh, why is this broken? Um, the uh Actually, uh, it surprised me that you say us uh time actually just because I know there's a bunch of europeans on the team as well Um, so but they tend to be like more more on on us time generally um They at least bite off the first half of our us today Okay, all right. Um So I'm in central time um One's a weird one player particular valentine rothberg who's in uh, France he signs off about 11 my time Okay thereafter. Yeah, yeah um So one of the things I want to talk about too is just and I know uh, this is you know a subject that you're interested in Which is kind of like Oh, sorry chris. Was there another question in the audience or do you want to move on something else? Let me double check make sure you got everything. I don't think I'm I'm looking at discord in the corner. No, I There was one question. I think from One two. I'm not sure if it got answered, but I'll double check scrolling through. Okay um, so one of the things I wanted to talk about was Um, one of okay, so actually, why don't we start here? So when I do the docker compose stuff um Like how is podman treating it? So is it making a pod that it's putting all the containers in Is it a separate set of containers because obviously that has ramifications for how the communication between the components works And kind of by extension If I know it's working in that scenario, how do I mimic that in you know, for lack of better term in production Or in you know, somewhere else that isn't using that technique And and so kind of knowing how it works and then what do I do next is useful? Sure When you run docker compose we do whatever docker compose asks for so in the docker world That's containers docker, uh, to this point is unaware of what a pod is right And in fact, there's no As such there's no call for docker compose through the compatibility layer for a pod that all sits on That all sits on the pod man side like we have all that extra goodness that we offer So if you run it you get what you would in docker you get the same network the same volume the same containers The same ports everything tries to follow it if it doesn't it's probably a bug gotcha Um But I think where you're going is what do you do then like Okay, so you ran it What do you do? What are some things that you can do with that from From someone who writes code for pod man? What what do I think? Is that kind of where you want me? Yeah. Yeah, that's So yeah, yeah, um I thought the first answer would be more complicated to be honest, but it's basically it's like We're we're trying basically it's whatever docker would have done if docker compose called docker That's a good answer. Um, and it just and that's what people want I mean that's that in in essence is what people want And now we want them to say, okay, and you got it in the pod man do something you know Give me the extra chocolate and nuts and cherry on top Um And so our view is I a good example is I've done I wrote an article with or vashi and um Then did a presentation at the container plumbing days that Um described, okay We've got docker compose now we already could interact with kubernetes How do you get from From docker with docker compose To being able to push something into kubernetes and know almost nothing about kubernetes So someone says, oh, yeah, you can push your workload here. That's about all you need to know Right and and we've covered that on the show like we talked about this before like I think that Basically being able to set up your whole little pod right and say put this container there and that one there or whatever And then be able to say okay now export that is huge You know, there's a lot of other tools that I wish I could do that with So that I can kind of I know how I want everything to connect together. I don't always know the yaml Whatever to make that true. And so having that export is super handy Um, yeah, that's kind of where I want to go. It's like, okay now. I've got this docker compose yaml Either either from somewhere else on the internet or something that I figured out how to do How do I get that into kubernetes? And on that topic On that topic That's where I feel podman still has plenty of growth Is that assistance from single node To kubernetes and back So thinking as a developer I'm trying to develop this application that's got these pods and containers and I finally got it working on my on my laptop the way I want it How do I get it over there? And today we dump it to a yaml file and then you take the yaml file and you Push it off to kubernetes, but we think there's still plenty of of meat there to make that even better And we're sort of requirement driven in that way Users will come in and say, oh, you know, I tried to do this, but um You know, you guys don't when you when you snapshot the running pods or the running containers You don't catch this attribute, you know bug So then we we say, oh, that's not a bug. That's a feature But we'll put it on the list, right and then we do that Actually of late people have just given us a pr saying you don't do it. Here it is and we've been able to just merge it for free Right Right question in chat podman currently supports generating kubernetes resources based on running setups Will podman v3 support converting compose files into kubernetes resources Not in a direct Wanner in other words, you have to run the compose file and then you have your running Containers as a result of that then you run the kube generate to get your game off But it won't be quite It may not be quite what you want Because of the lack of pods right because it's doing exactly what docker told it to do Well, we convert those containers into pods depending on how you snapshot them So let's say you ran a compose file that had Let's say it had five containers And three of them were database related and two of them were web related Depending on how you snapshot that I might say well snapshot those three Snapshot it in two pieces two groups One's database one's web you'll get two yaml files and then service files if you need them That way they're sort of organized But we always we oh when we do the yaml it has to be these containers have to be in a pod Even if it's just one container In one pod That's the way it has to be because kubernetes can't You know kubernetes obviously can't run straight containers has to be in a pod as well okay, so so I'm not sure if I'm asking this correctly, but like okay, so Inside so when I say cube generate or I can't remember exact syntax command, but you get the idea. Um, yep It's going to wrap the stuff in pods. Absolutely But are is it running in pods in podman? No. No. Okay. Okay. That's where I okay So so it really is inside of podman. It looks exactly like docker told it to look in this But then as soon as you say hey, I need to go deploy this over in cube land which requires pods it introduces the pod concept, um okay, so I guess for me as a consumer right like so what I would actually recommend someone do is Kind of generate the cube out of it and then one of the nice things about podman, right? And I actually I know I filed a bug about this and hopefully it's getting better, but it's like Then I would want to turn around and run that generated cube files in podman To make sure that the pods are now set up correctly because now now I have introduced a pretty big difference Between what I had running and what I'm proposing to run in kubernetes Yes, and one of the things one of the things people struggle with in that Um, what these are things like I said that we I think we can make better There's there's still plenty of things to do here is Most people don't under that aren't familiar with kubernetes, but are familiar with docker Or podman. They don't really understand the pros and cons of a pot of grouping containers in a pod Oh, yeah So the big the big big one that we always get is networking and how the fact that containers in the same pod share the same network namespace So what that really means to the containers is if you have three containers in a pod they can refer to each other by localhost That all they're all in the same container network space So this this thing about port mapping so that they can communicate and running on You can eliminate all that that's one of the that's one of the things that we get That docker compose does a really good job of Of when it runs it sets up all the dns for the containers so that they can refer to each other and we do that too But there's no need for it when it's in a pod. You can just go straight to localhost or something like that Right, and so that's one of the upsides that people quite don't quite see is it's not that hard to To actually make this, you know a nice tightly bound thing that's why I was saying put all your database stuff into One pod and they can just refer to each other or localhosts. You don't have to expose traffic Right, right. I see things right Yeah, I mean I don't like personally, I think there's um Like the thing that docker compose has as an advantage is the simplicity Of its yaml syntax The the the resultant thing that is running is in some ways a lot less simple um but You know, it's like and this is kind of Like to be honest why i'm a little surprised and I guess, you know, it's kind of that customer feedback problem is that um I I guess I was hoping for Uh docker compose syntax Resulting in podman simplicity um in a sense, um, you know, so that it's a slightly different take On how to implement that docker compose, uh, kind of functionality. Um, you know But you know I like I can see both sides of that argument very very easily, uh, and it's just you know, like I said That's why I was a little surprised. I didn't quite realize that was the path that went down. Um So that's cool but uh File an issue because we you know, we are I I didn't I wasn't really like Saying enough, but we are requirements driven we we We have ideas on where we want to take like really core stuff like security and networking and you know things that are core to the runtime But how that always gets ingested in use We need to hear sometimes right totally totally specifically people like Dan and I you know We we need to hear like well, no, no This is how I want it to work or look or act or this is what it should do And then we can you know, we can kind of contemplate that amongst all the other things but It's it's it's a conundrum we talk about it as a team The team Is primarily a container runtime expert. We know we know about the runtimes the back ends the apis namespacing C groups v2 we know about those things To say that we're container experts It depends on what On what point you're coming from right like I don't know how my sequel works with you know The mycicle image from red hat works with the alpine image of php over here like I don't know Well, this is like when I first joined red hat right I came in as a developer advocate right and one of the people What I first thought was hey, I've got you know red hat has a lot of engineers So I can use those engineers to kind of inform You know what kinds of things people want to do and that kind of stuff and I quickly discovered that no I can't because the people who work on building an operating system the people who work on building a container platform Or whatever are not the same people who build web applications, right? And you know, I'm sure both can you know, at least in in many occasions could cross over But certainly not with the expertise that they normally or or kind of the knowledge of the pain Of day-to-day operations in the you know in whatever, you know house they live in in a sense The great question we get often on IRC and I smile about it is So there's a bunch of us developers sitting out there and someone will come in and say all right. I'm a new How do I wire together these containers? I mean you might get 12 responses that are completely different On how that should be done and that's sort of that's why I say that's the conundrum of of being a developer stuck between The nitty gritty and the I just want this to work at people, right, you know, it's Well, I mean honestly space in there. That's I mean that Exact experience right is actually why this concept of developer advocacy is actually kind of taking off the last five or 10 years Um, it's like okay. You built this cool thing, but as a consumer of it. How do I use it, right? Um, but so that's super interesting So we're we're getting close to running out of time one thing I wanted to ask you was okay We've we've beaten docker composed like a dead horse What is your favorite feature of v3 that isn't that? You know, what's the what's the coolest thing that you think that people should know about? That you know, we haven't talked about yet So we're excluding Generate and coup play I don't know. I really like those. So yeah, those are really good. And so let's reiterate that people should go look at those if That for me is the number one thing because like I don't think it's used enough and I think it's a shame because You know docker composed is the is the Is the technology that allows docker and podman to interact And yaml, you know kube is the one that allows podman and all these kubernetes kubernetes back ends To coexist, right? Right. So anytime you can find that That's where the powerful stuff is and so are there a lot of improvements in the kube area of Yeah, yeah, I was looking at the release notes because it was so long ago So long ago for me, right and I was like wow there was I mean, we had probably a dozen bug fixes and And a half dozen new things on kube between three and three one Including three and three one kube generate episode. Um, you know, because the last one we did would have been I don't know middle early last year. Uh, so You know, we uh, we should definitely think about doing another episode Did dan talk about the short name? Stuff no, but I did in an episode or two ago, which I was a good thing or a bad thing It's it's cool. Once you know, it's happening But at first you're like what like where did it come up with this thing over here? um, at least that was my my opinion, uh, the other related one that I thought was interesting is the um The like menu of options if it's not sure which container you want which Was interesting because I found one where all four of the options didn't actually exist at the far end Uh, and I was kind of like well, this is disappointing Like could we have like maybe a little bit and I was thinking about going to file a bug about this But it's like maybe a little bit of checking of that. Is this an actual option? Even though it looks like an option Was kind of funny and I I definitely hit an edge case there. I'm I'm certain But I thought that was really neat is the You know, you said you wanted this, but which one did you really mean? Um, because I think that's something that that catches people a fair amount And there was a security element to it. Was that was that Brought to light on why we did it? No, actually, I don't think no We we had this we had I totally just found it as a user this this use case Um, yeah, we didn't just do short names to like do a cool menu The the the idea behind it is In in the docker world. They're primarily only pulling from docker. I owe that's how that product was designed, right? Uh in our world With podman and sort of being open sourced a little bit more open minded on where things come from You can have 10 registries and by default we usually ship two or three enabled Right, uh fedoras and quit, you know, whether it's quay or red hat or you know, whatever and so What was what and then docker. I owe what was learned is it is possible that if you type in um podman run foobar And it went through this algorithm of we used to go through an algorithm of trying to find the image like we walked each one Wow, and then when we found a hit we'd pull it right And so it was We never had a case of it but One of the things we learned is it was possible that a bad actor could put a image in one of these Repositories that as it walked it would pull it And so You know the the recommendation was well now you must Pull everything by a fully qualified name In other words, you know docker. I owe library or quay. I don't know. Yeah, but But I'm lazy. You know our users would howl about that because we just want to do docker pull alpine Right, we don't and so the compromise was to do this and then it remembers That when I say alpine I mean This one over here So that we can prevent that accidental pulling that was the that's the genesis of that of why that work was done Interesting. I I didn't actually know about the remember part that it's definitely interesting and useful. Um, you know, I think Right, that's another thing maybe I would go kind of file a bug about though is that Um, if I then go and turn around and do cube generate for example Is it going to put in the fully qualified names? I would want it to because I've now I've now indicated maybe a non default choice, right? Um, and I actually had this problem in open shift We talked about it on the show of like I tried to get a particular image I didn't have the secret set up to get it And so it silently failed and gave me a different it gave me an alternative Which was completely borked because it was set up completely differently. Um, so yeah, so that that's really interesting I really like that feature. I thought it was uh, it was really cool I would also be remiss not to tell you guys that 3 1 now includes secrets Oh, so we did get that in. Oh nice. They're not encrypted. They're still you know stuck to do But all the It's there and it works And that came in 3 1 Nice nice very nice Uh, so like I said, we're nearly out of time Let's uh quickly jump to the sweet sweet internet points and for Brent who I assume has not watched the show all that regularly if at all um What we do is we have a fun little game where if you uh kind of watch episodes and fill in uh google form You collect points. Uh, and so and then every episode we talk about where people's standings are Uh, and so right now, uh with 4700 points We have norendes and then netherland's hack them. Uh, mind you Brent just by way of context We completely make up how to say these names Yeah, uh, it's because the way the form is set up is that um, I ask for your actual name But I also asked for a name that you want to be uh displayed if you want to be sure Um, so then we also have no affriction at 3600 um And then uh, joe fuzz who I think has been sticking at uh, 2300. We need joe fuzz to come back um And uh detective kona kudo, uh, who also goes by the eighth doctor. Um, I'm not sure which one he is today Um, but we know him from sidora land pretty well And then bacon fork with 800 points uh and fork Exactly. So, uh, thank you all so much for collecting those points. I am looking for the correct window to be able to today's points Which is here um And so you can go kind of follow the link with the pre cashed, uh, or like prefilled form Or just go enter it manually And then the other thing that I do on occasion is today I just want to call out, uh, some new people So we have daggo berks Uh, pinhead tejas row row probably 97 Who are some new people to the show or loose new people to submit for points For example, jp dayd who I think is here at most episodes still has like near zero points jp dayd You could be getting points. Um And uh, you know, but we like to welcome new people. We hope you come back. We hope you found the episode interesting Um a couple of quick points. I would just make about past episodes. We have jeff. I went and looked it up It's in the chat. Um, but we started covering Podman cube generate in like episode seven It sounds like maybe we should do a new one using v3, which would be kind of cool Um, uh, because I think it's I think it's a super cool feature. I agree with you brent. It's like highly unknown um And uh, it really needs a lot more surfacing because I think even even if you aren't going to cube The ability to generate that yamble and then replay it even in podman Uh is is so much like the feature set of docker compose that it's totally worth it Whether you're using kubernetes of any kind at all. Um, so yeah, I strongly recommend it Thank you again for being on the show. Thank you for all of our work. Uh, we really appreciate it Um, is there anything else we should cover chris or should we uh Well, I had there's a very generic question here from ms that just says podman versus docker with respect to security I asked for more clarification. I'm hoping to get some um Want me to answer it? Sure. I mean if you think you can answer that question go ahead The only rule we have on the show is that the level of hour can never actually be an hour So perfect timing perfect timing. Yeah The it's without a doubt podman is the more secure um, and it's based on its design so If you just look at root full versus rootless rootless right out of the box is more secure, but also you know, dan welch is a big part of podman and you know Yeah, he's got mr. Yep, he's got stuff nailed down and the way we do things is just Just outright more secure c-groups v2 And all those things are contributing to that and it's only going to get Better or tighter as things go One thing I want to point out too is that I think a lot of people don't realize That they're running docker in a in a as a root full state. Yeah, because when you install it and set it up Um, most you know most directions about setting it up actually have you If you know sudo, right? It's basically doing a sudo without a password model On creating your docker images. So like for a long time. I used docker and didn't know That I was actually right operating as root. Yeah And why is that bad like why why is that bad? Because then stupid people like me Give way too much power to the inside of that container And you know, if you break free of the container, which sometimes you want like you let it do right? I use application containers all the time You know, and so I'm giving it access to my file system On a regular basis and giving it as root is a whole lot different than giving it as my normal user Absolutely. The reason I use sudo is because I almost never use the root user And and so that I don't accidentally rm-rf slash, right? I mean, it's nice that rm actually has built in that it's hard to do that now But the that's kind of the point is like I'm operating this piece of software as non-root because I know I screw that kind of thing up regularly when an app Makes me think that I'm non-root, but I'm actually root. That's very very dangerous for me So that's one of the things that I think people don't realize about docker Yep, and by the way, that's one of the biggest Issues or complaints against podman, which is a bit unfounded is We get users that have been running container x on docker for three years And then they run it in podman as rootless and it doesn't work And they you know poop on podman in because of it and then when you start asking questions Well, that container like you know needs to map to a port less than 1024 Or that container is doing something that's privileged and therefore it doesn't have to be run as root That's you know, that's not something podman's not gonna Not gonna fix that for you So we always say if it fails as rootless try it as root If if it works as root then go back to rootless and figure out what privilege is required See if you can overcome that hurdle It's like just as the list of of set and force zero try it again, right if it works Yeah, there's the first one right, you know if the firewall, you know turn off the firewall See if it works right turn it back on if you know try your pod or try your image as a You know root podman and then you know, that's that's funny. I I don't do that Generally speaking I find the error messaging is sufficient to kind of say. Oh, yeah, you know Like I am doing something that requires root or whatever But it is a good that is a good tip. I'll uh, I'll definitely keep that one around. I like it All right, Chris. Yeah, I think we're good. I think uh All our questions have been answered. If not, there is a discord channel folks. Please join us We can make brint come back, you know Bring come back if there's enough questions. Absolutely Absolutely And when in doubt check out our calendar and don't forget folks Red Hat summit is coming. I'm sure everybody on the channel has some hand in it this year. Um Keep an eye out. We're going to be doing a teaser show on the level up our uh with some big name guests for Uh, both summit and kubecon because they uh, they're back to back. Yeah. Yeah Yeah, I'm in the I'm in the the race to kubecon right now speaking of kubecon. Did you want to mention anything about that? Yeah, duh uh, so we are doing uh We're going to give away some tickets to kubecon. We have some tickets And uh, we are going to take a slightly different tack in a sense than the general internet points tack Which is what we're asking people to do is post somewhere on the social media Um pick whichever one you like the best That you you know something cool you learned on the level up our Then give us a link to it in the discord and say this is what I posted about the level up our, you know Whatever and then so for every time you uh, do one of those social media posts and then link to it in the discord So I don't have to follow all of the socials forever That's why we're asking you to put a link to it in the discord You'll get an entry into our our little raffle to give away We uh a few kubecon tickets that we were able to secure And so we can hopefully support you go into kubecon We also may be giving out a couple of kubecon tickets to some of the uh, biggest What do we call it biggest proponents of the channel? Yeah, um, and so uh, you know So you can you can win multiple ways in a sense But uh, definitely want to use the this is an opportunity to share what you've learned And you should see some tweets from me over the next few days You know, and I think I even started using the hashtag, you know, share what you learned In there because I'm a nerd But yeah, so hopefully we'll have a fun little contest and you will also get internet points for Joining the discord if you didn't already if you weren't already joining the discord So that is what we're doing to give away a few kubecon EU tickets So oh and we only have two weeks. So you have from today Two and then not next show right but the show after that And we'll give away the tickets or we'll announce it You know, we'll do the public private thing like we do for the internet points During that episode Cool. That was super complicated Yeah, so folks the gist of it is Share something you learned on the channel post the link to it in the discord before Before Sorry, April 14th 14. Okay, cool Just wanted to make the nice short suite package there for everybody. Exactly. Yeah There you are the short guy. So you should give away tickets to red hat summits That's a good point. We should We should um, we didn't get on top of that in time to be clear. Summit is free. So We're giving you all tickets So just remember you got them here the level up hour gave you a free ticket to summit Yes, you got them here. All your free tickets are for you for summit. Yes. I hope I'm right I'm like 99.9 percent sure but now I have a panic attack that I'm wrong I believe it to be free All right So with that being said, I feel like we're good here Brent. Thank you very much for coming on Thank you to the audience for participating as always We've already had a hundred messages in chat today, which always makes me happy especially when it's in one show And uh, we will see you next week. What are we talking about next week? Do you remember? Uh, what are we talking? I opened it already. So I should know. Uh, let's see I can follow it. Let's see if we are talking about oh, we're supposed to be doing pod manv three stuff next week With just the two of us. So we will definitely light something on fire. Yeah, something will definitely break And we're doing oh, then we're supposed to be doing a deep dive into the ubi with uh, mr. McCarty um And then the one after that is when we do that t show with some pretty big guests, uh, which as soon as I As soon as we can like probably later this week We will be announcing uh those guests and we'll actually be teasing a little bit of another show that red hat produces And then kind of going into a deeper dive on what that show is about Um, that is a great hint as to who the guest may be exactly exactly especially the summit and kubecton part is also right Yeah So Thanks everybody. Yeah. Thank y'all and stay safe out there. Don't forget to uh, you know, do your points and register You know or post accordingly as we've prescribed for free tickets to kubecton. Exactly exactly Thank you again, and we will see y'all next time