6fee6befed
- Added new dependencies: `adler2`, `crc32fast`, `flate2`, `miniz_oxide`, and `libredox`. - Updated existing dependencies: `tokio-rustls` to version 0.26.4 and `filetime` to version 0.2.27. - Removed the `backup.rs` file as it is no longer needed. - Introduced tests for configuration and credential management. - Enhanced the `identity` module to generate W3C compliant DID documents. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
33 lines
1.3 KiB
Markdown
33 lines
1.3 KiB
Markdown
# ADR-001: Podman Over Docker
|
|
|
|
**Status**: Accepted
|
|
**Date**: 2026-03
|
|
|
|
## Context
|
|
|
|
Archipelago needs a container runtime for running applications. Docker and Podman are the two main options.
|
|
|
|
## Decision
|
|
|
|
Use Podman as the container runtime instead of Docker.
|
|
|
|
## Consequences
|
|
|
|
### Positive
|
|
- **Rootless by default**: Containers run without root privileges, reducing attack surface
|
|
- **Daemonless**: No persistent daemon process; containers are managed as individual processes under systemd
|
|
- **Docker-compatible**: Supports Docker images and most Docker CLI commands
|
|
- **Systemd integration**: Podman containers can be managed as systemd services natively
|
|
- **No vendor lock-in**: OCI-compliant, works with any container registry
|
|
|
|
### Negative
|
|
- **Smaller ecosystem**: Some Docker-specific tools and compose features require adaptation
|
|
- **Docker Compose differences**: Podman Compose exists but has occasional compatibility gaps
|
|
- **Documentation**: Most container documentation assumes Docker; developers need to translate
|
|
- **Networking**: Podman networking (CNI/netavark) differs from Docker's bridge networking
|
|
|
|
### Mitigation
|
|
- Use `podman` CLI wrapper that provides Docker-compatible interface
|
|
- Document Podman-specific commands in developer guide
|
|
- Use `archy-net` custom network for inter-container DNS
|