Converting my home server from Docker + Docker Compose to Podman + systemd. (The server runs self-hosting for my movies, TV, ebooks, comics and photos, networked to my other devices via Tailscale).
The DevEx isn't quite as easy, but I'm very happy with the final result. I don't have to run the overhead of a Docker Engine anymore, the network policy is far simpler to write and audit, and I can use the same logging tools for both containerized and non-containerized services.
The main hurdle has been file permissions for the mounted volumes for my data; Podman is rootless by default, which means you _should_ build your containers to run as non-root UIDs/GIDs and map them onto host UIDs and GIDs, then grant permissions for those host users and groups to access your data volumes. In practice, the easiest path is usually to run Podman in rootful mode, which is not a best security practice but avoids the difficult-to-troubleshoot file permission errors if you don't do the UID/GID mapping correctly.
However, unless you are really trying to optimize for overhead/performance, you should probably use k3s.
Anecdata for selfhosters: I got a one-liter PC recently, with an i7 6th gen, and it consumes about 5W of power at idle. Just running k3s, with no workloads and controlled for other variables, bumps the consumption to 7W. Benchmark it yourself before committing to it.
The DevEx isn't quite as easy, but I'm very happy with the final result. I don't have to run the overhead of a Docker Engine anymore, the network policy is far simpler to write and audit, and I can use the same logging tools for both containerized and non-containerized services.
The main hurdle has been file permissions for the mounted volumes for my data; Podman is rootless by default, which means you _should_ build your containers to run as non-root UIDs/GIDs and map them onto host UIDs and GIDs, then grant permissions for those host users and groups to access your data volumes. In practice, the easiest path is usually to run Podman in rootful mode, which is not a best security practice but avoids the difficult-to-troubleshoot file permission errors if you don't do the UID/GID mapping correctly.
However, unless you are really trying to optimize for overhead/performance, you should probably use k3s.