At uRadical, we recently delivered a containerised SaaS application for one of our customers, and we made a deliberate choice to use Podman rather than the more ubiquitous Docker. The results exceeded expectations, and I wanted to share why this approach worked so well.

The Challenge

Our customer needed a reliable, secure deployment for their SaaS platform. Like most modern applications, it comprised multiple services that needed orchestration, isolation, and straightforward management. The obvious choice might have been Docker, but we took a step back to evaluate what would actually serve the project best.

Why Podman?

No Daemon, No Problem

Docker's architecture relies on a persistent daemon running as root. This creates a single point of failure and a potential security concern. Podman runs daemonless, executing containers as direct child processes. When something goes wrong, debugging is simpler. There's no mysterious daemon state to investigate.

Rootless by Design

Security matters, particularly for SaaS applications handling customer data. Podman was built from the ground up to run containers without root privileges. This isn't an afterthought or an optional mode—it's the default approach. Each container runs with only the permissions it genuinely needs.

Familiar Interface

For anyone comfortable with Docker, Podman requires almost no relearning. The CLI is compatible, so existing scripts and muscle memory transfer directly. We didn't sacrifice developer experience for better architecture.

Systemd Integration

On a Linux server, Podman integrates cleanly with systemd. Running podman generate systemd creates production-ready unit files directly from your containers, giving you proper service management, automatic restarts, and straightforward logging through journald. No additional orchestration layer required for a deployment of this scale.

The Outcome

The deployment has been running smoothly for over six months now with minimal operational overhead. Updates are straightforward, rollbacks are simple, and the customer has a solution that doesn't require babysitting. The security posture is stronger than it would have been with a traditional Docker setup, and we achieved this without adding complexity.

What This Means for Your Project

At uRadical, we don't reach for the default tool because it's popular. We evaluate each project's needs and choose technology that fits. Sometimes that's the mainstream option. Sometimes, like here, a better alternative exists.

Whether you need hosting, development, or both, we focus on delivering solutions that work well and ship fast.