Is your feature request related to a problem? Please describe.
As a fool proof script to run a self-hosted coordination server, the getting-started-with-zitadel.sh is great !
however, it is based on Docker which, in it's community version, runs rootful containers and works on a rootful daemon, which presents a real security risks, especially since this project is supposed to be security first oriented.
Describe the solution you'd like
Podman v5 brings parity with docker, and is secure by default, as the containers are rootless by default, and doesn't rely on a daemon ( also good for auditability).
using Podman instead of docker, minimises the shift of the security burden on the user.
there is the performance gains, with the lack of a daemon (client server architecture) like docker. and better compatibility with macos hyper-v
Describe alternatives you've considered
rootles docker would be a potential alternative, but is is hard ( for a foolproof script idea), comes with considerable compromies, and is not possible on Docker desktop (mac and windows)
Additional context
quadlet scripts would also make it easy to manage the containers as systemd services, and are simple. it is also natively supported in immutable OSes like Coreos. which would present a great security solution.
There is the Podlet project to translate Docker-Compose files into quadlets :https://github.com/containers/podlet
pomology
commented
4 months ago
Is your feature request related to a problem? Please describe. As a fool proof script to run a self-hosted coordination server, the getting-started-with-zitadel.sh is great ! however, it is based on Docker which, in it's community version, runs rootful containers and works on a rootful daemon, which presents a real security risks, especially since this project is supposed to be security first oriented.
Describe the solution you'd like Podman v5 brings parity with docker, and is secure by default, as the containers are rootless by default, and doesn't rely on a daemon ( also good for auditability). using Podman instead of docker, minimises the shift of the security burden on the user. there is the performance gains, with the lack of a daemon (client server architecture) like docker. and better compatibility with macos hyper-v
Describe alternatives you've considered rootles docker would be a potential alternative, but is is hard ( for a foolproof script idea), comes with considerable compromies, and is not possible on Docker desktop (mac and windows)
Additional context quadlet scripts would also make it easy to manage the containers as systemd services, and are simple. it is also natively supported in immutable OSes like Coreos. which would present a great security solution. There is the Podlet project to translate Docker-Compose files into quadlets :https://github.com/containers/podlet