Should I Run Plain Docker Compose in Production in 2026?

Posted by pmig 4 days ago

Should I Run Plain Docker Compose in Production in 2026?(distr.sh)

64 points | 43 comments

2ndorderthought 1 hour ago|

Should you have a turkey sandwich for lunch in 2026? I don't know buddy just do whatever. There are ten thousand other sandwiches you could eat surely, but does turkey sound good for you?

gchamonlive 29 minutes ago||

> does turkey sound good for you?

What if you can't by yourself objectively evaluate if turkey sandwich sounds good?

It's not a matter of giving a universal answer to whether docker compose in production is fine, but how to evaluate it. Which features or safeguards necessary for a healthy production environment you forfeit when choosing plain docker compose? What's the tradeoff?

poly2it 51 minutes ago||

Is your point that we shouldn't motivate our technological choices? I wouldn't use Docker Compose in production.

2ndorderthought 49 minutes ago|||

Yes. I clearly believe we should not motivate choices in technology.

jagged-chisel 30 minutes ago||||

I also would not eat a turkey sandwich for lunch on a Tuesday.

*shudder*

JodieBenitez 26 minutes ago|||

I wouldn't use Docker in production.

malux85 8 minutes ago||

Spotify, Visa, NASA, Netflix, and a zillion others do, why not?

noodlesUK 1 hour ago||

I think many of these issues are also solved by Podman and systemd depending on what kind of "production" you're building for. If you're building a linux-y appliance and you need to run a few containers I think Podman is a much better and more ergonomic way of doing so. I think perhaps that's less true for running a web service (where the linux environment is just a means to that end).

pmig 43 minutes ago||

What are the benefits of running Podman Compose instead of Docker Compose? I don't see how it helps with orphan containers, logs and mutable tags.

figmert 3 minutes ago|||

I'm not OP, but the whole podman compose topic gets quite confusing, as initially Podman didn't seem to know what they were trying to do. I've given some more context around it in previous comments.

You shouldn't be using podman compose. It's flimsy and doesn't work very well (at least it was last time I used it prior to Podman v3), and I'm pretty sure it doesn't have Red Hat's direct support.

Instead, activate Podman's Docker API compatibility socket, and simply set your `DOCKER_HOST` env var to that socket, and from there you can use your general docker client commands such as `docker`, `docker compose` and anything else that uses the Docker API. There are very few things that don't work with this, and the few things that don't are advanced setups.

For what it's worth, podman has also a thin wrapper (podman compose) which executes `docker-compose` or the old `podman-compose`. The docs should explain which it picks.

Note:

- `podman-compose` is an early attempt at remaking `docker-compose` v1 but for Podman. This used parsed the compose config and converts them to podman commands, and executes it.

- Later Podman wrote a Docker compatible socket instead, which can work with most docker clis that accept a `DOCKER_HOST` argument, including `docker` and `docker-compose` (both v1 and v2)

- `podman compose` is a thin wrapper that automatically selects `docker-compose` or `podman-compose` depending on which is installed.

Generally all you need is podman, docker-compose (the v2 binary), and that's it. From there you can use `podman` and/or `podman compose`.

whilenot-dev 12 minutes ago||||

GP is talking about podman with generated systemd unit files (a.k.a. podman quadlet[0]), not the docker-compose-compatible podman-compose ...and I'd agree, systemd can manage services on a system just fine, and even better than any compose workload ever could.

journald will help with logs, and the pull policy[1] helps with mutable tags. What help do you need with "orphan containers"?

[0]: https://docs.podman.io/en/latest/markdown/podman-quadlet.1.h...

[1]: https://docs.podman.io/en/latest/markdown/podman-image.unit....

gear54rus 10 minutes ago|||

Then you learn podman can't even list containers for all users properly and it kind of starts smelling like the whole ip4 vs ip6 debacle: bunch of vocal proponents wanting you to subject yourself to endless torture for no discernible reason.

figmert 2 minutes ago|||

What do you mean it can't list containers for all users?

tovej 1 minute ago|||

I mean, ipv6 is for not runnig out of IP addresses. There is a clear discernible reason.

There are workarounds to make ipv4 work, but they complicate the system and make it more fragile.

madspindel 1 hour ago|||

Yes, I recommend this: https://www.redhat.com/en/blog/kubernetes-workloads-podman-s...

philipallstar 1 hour ago||

Is there a nice guide for podman that includes quadlets (or saying not to use them?) I find lots of guides stray into things that work on redhat, and on my Linuxes of choice, Raspbian and Ubuntu, things aren't straightforward.

notme43 19 minutes ago|||

I find the podman man pages quite readable and thorough if you've had experience configuring systemd services. Good examples as well.

https://docs.podman.io/en/latest/markdown/podman-systemd.uni...

exceptione 1 hour ago|||

Can't comment on Raspbian, but Ubuntu LTS (has/had) a seriously outdated podman version. This is the kind of nuisance the Debian derivatives have been running into for more than 20 years: they are extremely conservative, and if that is all you need, then that is great, but if not, you'll have to either run the latest Ubuntu (not LTS), or you upgrade to something like fedora.

skydhash 6 minutes ago|||

> they are extremely conservative, and if that is all you need, then that is great

You don’t need to live at the edge of new features. Do you upgrade your fridge and your oven every two months? It’s nice when you can have something running and not worry that the next update will break your software and/or your workflow.

jiggunjer 57 minutes ago||||

Is there no upstream package repo like docker has.

mr_mitm 40 minutes ago|||

In many cases, Debian unstable is also a good choice.

__jonas 26 minutes ago||

I like running docker compose for my simple needs because it consolidates pretty much all the config in one declarative file, and docker manages 'everything'. By now I know how to handle the handful of caveats listed in this article. Beyond what's listed there, I'd also give a mention to the way port publishing works (the fact that it ignores firewalls), as that's something that still trips people up if they don't know about it.

> docker compose pull && docker compose up -d is a fine command if you are SSH’d into the host. At customer scale—dozens of self-managed environments behind firewalls, each with its own change-control process—that manual process doesn’t scale.

No idea what this 'customer scale' operation is, but it seems like a pretty clear cut candidate for not using docker compose. I also don't think watchtower should be listed there, it's been archived and was never recommended for production usage anyways.

embedding-shape 25 minutes ago|

> I'd also give a mention to the way port publishing works (the fact that it ignores firewalls), as that's something that still trips people up if they don't know about it.

Isn't that a Docker thing rather than Docker Compose though? There is a ton more caveats to add if we don't already assume the reader is familiar with the hard edges of Docker, seems the article only focuses on Docker Compose specifically, probably because it'd be very long otherwise :)

Sarky 8 minutes ago||

I prefer Portainer to manage my docker composes. It is simple and can do it all instead of using cli. Added benefit if you have multiple hosts and want to manage them from one place. And you can extend the whole setup with git for version control.

Havoc 18 minutes ago||

I really like developing against compose because it's light but gives you that escape hatch of translating to k8s if later circumstances call for it.

Very few separate ecosystem transfers are quite that frictionless.

fabian2k 38 minutes ago||

My experience with docker-compose is a bit outdated, but my impression some years ago was that it was too sensitive and fragile. I encountered bugs or incompatibilities that broke the docker-compose setup often enough to be forced to pin the specific docker and docker-compose versions.

And the error handling was terrible. Most of these problems resulted in a Python stack trace in some docker-compose internals instead of a readable error message. Googling the stack trace usually lead to a description of the actual problem, but that's really not something that inspires confidence.

jpalomaki 30 minutes ago||

Kubernetes sounds like overkill, but I've been running microk8s for few standalone servers. This feels a pretty good match when working with agents. Codex can manage the cluster also over ssh, schedule new pods, check statuses, logs etc.

gchamonlive 26 minutes ago|

I think k8s is a great choice today specially when you can plug it into Gitlab and have a control plane for your clusters in the same place where your code lives.

philipallstar 1 hour ago||

Very cool article. Wish it didn't have silly AI-isms:

> This is the shape Distr lands on

Cthulhu_ 1 hour ago|

It's an AI company, it's kind of expected at this point - who would take an AI company seriously if they don't use AI themselves?

dewey 1 hour ago||

Why do you say it's an AI company? It seems like their business is "Distribute your application to self-managed customers" not especially AI focused.

dwedge 46 minutes ago|||

They said they help deployments for "software companies and AI companies" which I thought was an interesting distinction

dewey 40 minutes ago|||

That's just different customer personas for marketing reasons, just like Vercel has "Build and deploy on the AI Cloud" as their main tag line on the landing page. It doesn't mean they are an "AI company".

hnlmorg 56 minutes ago|||

Every company these days are AI companies. Even the ones you’d least expect. https://www.bbc.com/news/articles/c98mrepzgj7o

dewey 52 minutes ago|||

Sure, but you wouldn't just say "Oh they are a Postgres" company because they use that specific database somewhere in the stack.

Eldt 42 minutes ago|||

Only in certain bubbles, which certain people have trouble realising they're in

mdrzn 8 minutes ago||

AI article with 27 occurrences of dashes —

meander_water 1 hour ago|

Surprised they didn't mention docker compose secrets - https://docs.docker.com/reference/compose-file/secrets/

pmig 31 minutes ago|

To be honest I never really understood the benefit of Docker (Compose) Secrets - which a different from Swarm Secrets. Imho there just plain host mounted volumes, which are hidden from inspect commands?

More comments...