Ask HN: Any Good Alternative for Docker?

47 pointsgroovy-sky4y ago27 comments

Now, after latest announcement (https://www.docker.com/blog/updating-product-subscriptions/), I've started to wonder is there any good alternative for Docker?

27 comments

24 comments · 13 top-level

zimpenfish4y ago· 8 in thread

I guess Podman[1] - I swapped to using that instead of Docker on my Linux servers a while back and it's definitely working well.

[1] https://podman.io

c7DJTLrn4y ago

I'm a Podman skeptic. Whenever I've tried these "OCI compatible" alternatives in the past it's been a painful experience because something doesn't work as expected. Podman's homepage proclaims it's as simple as "alias docker=podman" but it has never worked out for me this way.

Docker is ubiquitous and significantly more battle-tested, and even has a rootless mode now. And it works on Mac and PC alike.

zimpenfish4y ago

> it's as simple as "alias docker=podman" but it has never worked out for me this way.

For me, it was, but I'm very much not doing anything complicated - just running some services in containers with an occasional 'compose' scenario.

> Docker is ubiquitous and significantly more battle-tested

Sure but if you now have to pay to use Docker Desktop at your company, Podman might be a better option.

BossingAround4y ago

> Docker is ubiquitous and significantly more battle-tested

I think that's fair. Then again, Docker as a company has been struggling to get customers, and their practices are... Let's say highly sub-optimal.

Feel free to pay for Docker. In our company, Docker is almost a curse word by now.

truffdog4y ago

Yeah- https://wonky.computer/post/podman-notes/

grawlinson4y ago

Calling docker battle tested is an extremely long stretch. It has several security issues[0], many of which are ignored by upstream as "working as intended".

[0]: https://blog.newsblur.com/2021/06/28/story-of-a-hacking/

1 more reply

groovy-skyOP4y ago

Have you tried PouchContainer (https://github.com/alibaba/pouch)?

zimpenfish4y ago

Will definitely have a look at it once someone gets around to packaging it for Arch Linux...

1 more reply

fb034y ago

Anyone know if we already have a proper docker-compose alternativa for podman? podman-compose seems like a toy now ;(

speedgoose4y ago· 3 in thread

The Docker Desktop is just a GUI and some scripts to run Docker in a local VM. You can do the same manually or use alternatives to do the same, like Docker machine (now deprecated though). Better GUI and tools will probably appear soon.

The Docker Registry is already easy to replace. The API is not complex and almost everyone is providing a Docker Registry as a Service. AWS, Gitlab, Github, Azure... You can also self-host it but I would not recommend that.

To run Docker in production, you can use Kubernetes.

hultner4y ago

Why not self-host the registry? I do it and have done it at quite a few places.

It’s really nice to have it in the same network as the consuming servers to get great speeds.

speedgoose4y ago

I heard some horrors stories about the registry going down and dying without working backups. They had to rebuild all containers more or less manually in a specific order because the build system did need some containers during the build.

Of course you can setup a high availability self hosted registry and test your backups regularly, but it's not super interesting in my humble opinion and it's a lot more expensive. Hosted Docker registries are cheap.

Having a local copy of the images is very interesting I agree. I would use a cache for that.

1 more reply

groovy-skyOP4y ago

Docker Registry already is unusable. Now Docker GUI. Not sure that something will be left after upcoming improvements.

techthumb4y ago

I've been using Minikube's docker-engine and haven't missed DockerForMac for some time now.

Minikube sets up a Linux VM using MacOS Hypervisor.

It even has a convenience command to configure docker-cli/docker-client.

  $ minikube docker-env
    export DOCKER_TLS_VERIFY="1"
    export DOCKER_HOST="tcp://192.168.65.11:2376"
    export DOCKER_CERT_PATH="/Users/wibble/.minikube/certs"
    export MINIKUBE_ACTIVE_DOCKERD="minikube"

For corporate situations where MITM proxies are used, you can inject/trust custom CAs using

  $ minikube start --embed-certs

https://minikube.sigs.k8s.io/docs/handbook/untrusted_certs/

BossingAround4y ago

If you mean the Docker client, Podman comes to mind. Honestly though, if you don't like Podman, I'd recommend Minikube.

Then again, if you know nothing of Kubernetes, I'd stick with Podman (which has limitations on anything but Linux AFAIK). You might create wrappers around runc [1] if you really wanted (wouldn't recommend) or containerd [2] (no personal experience on my part).

If you mean the Docker registry, there are a number of alternatives, like quay.io or MCR.

[1] https://github.com/opencontainers/runc#introduction

[2] https://containerd.io/

Ericson23144y ago

If you aren't looking for narrow replacements, the Nix ecosystem will be much better for you than Docker ever was.

throw031720194y ago

If you don’t have 10M ARR or 100s of employees, I think you’re fine.

fhaldridge74y ago

The docker registry is easy to self-host for development purposes (https://docs.docker.com/registry/). Securing it for production is another topic though.

If you use Kubernetes you can self-host the registry and use Harbor (goharbor.io), it supports security scanning of images and can sign them too.

shci4y ago

On macOS you can always run things in a VirtualBox VM if you're only concerned about Docker Desktop, not Docker itself.

Here's a convenient installer for that: https://github.com/dziemba/mobymac

It does however have some rather annoying limitations. Also no Apple Silicon support.

zamalek4y ago

The docker daemon is easy to install on any *nix. Docker desktop doesn't really actually do much.

If you're on Windows, you'll need WSL. Enable remote daemon access on the internal IP, then install the CLI (scoop or chocolatey) and set your default context to your WSL instance.

snicker74y ago

Nix and Guix (my preference) are good alternatives. Guix, in particular, has its own system/application containers (not runc compatible). Highly efficient since they are essentially composed of symlinks of individual items in the Guix store.

1 more reply

mahalol4y ago

I've had a bit of a play with Singularity containers and thought they were quite cool. Popular in the science circles but not so much anywhere else. I wonder why.

fouadf4y ago

Has anyone tried https://cloud.google.com/container-registry?

Seems cheaper than docker

Datsundere4y ago

you don't need docker if you're developing ruby/rails apps

j / k navigate · click thread line to collapse

27 comments

24 comments · 13 top-level

zimpenfish4y ago· 8 in thread

I guess Podman[1] - I swapped to using that instead of Docker on my Linux servers a while back and it's definitely working well.

[1] https://podman.io

c7DJTLrn4y ago

Docker is ubiquitous and significantly more battle-tested, and even has a rootless mode now. And it works on Mac and PC alike.

zimpenfish4y ago

> it's as simple as "alias docker=podman" but it has never worked out for me this way.

For me, it was, but I'm very much not doing anything complicated - just running some services in containers with an occasional 'compose' scenario.

> Docker is ubiquitous and significantly more battle-tested

Sure but if you now have to pay to use Docker Desktop at your company, Podman might be a better option.

BossingAround4y ago

> Docker is ubiquitous and significantly more battle-tested

I think that's fair. Then again, Docker as a company has been struggling to get customers, and their practices are... Let's say highly sub-optimal.

Feel free to pay for Docker. In our company, Docker is almost a curse word by now.

truffdog4y ago

Yeah- https://wonky.computer/post/podman-notes/

grawlinson4y ago

Calling docker battle tested is an extremely long stretch. It has several security issues[0], many of which are ignored by upstream as "working as intended".

[0]: https://blog.newsblur.com/2021/06/28/story-of-a-hacking/

1 more reply

groovy-skyOP4y ago

Have you tried PouchContainer (https://github.com/alibaba/pouch)?

zimpenfish4y ago

Will definitely have a look at it once someone gets around to packaging it for Arch Linux...

1 more reply

fb034y ago

Anyone know if we already have a proper docker-compose alternativa for podman? podman-compose seems like a toy now ;(

speedgoose4y ago· 3 in thread

To run Docker in production, you can use Kubernetes.

hultner4y ago

Why not self-host the registry? I do it and have done it at quite a few places.

It’s really nice to have it in the same network as the consuming servers to get great speeds.

speedgoose4y ago

Having a local copy of the images is very interesting I agree. I would use a cache for that.

1 more reply

groovy-skyOP4y ago

Docker Registry already is unusable. Now Docker GUI. Not sure that something will be left after upcoming improvements.

techthumb4y ago

I've been using Minikube's docker-engine and haven't missed DockerForMac for some time now.

Minikube sets up a Linux VM using MacOS Hypervisor.

It even has a convenience command to configure docker-cli/docker-client.

  $ minikube docker-env
    export DOCKER_TLS_VERIFY="1"
    export DOCKER_HOST="tcp://192.168.65.11:2376"
    export DOCKER_CERT_PATH="/Users/wibble/.minikube/certs"
    export MINIKUBE_ACTIVE_DOCKERD="minikube"

For corporate situations where MITM proxies are used, you can inject/trust custom CAs using

  $ minikube start --embed-certs

https://minikube.sigs.k8s.io/docs/handbook/untrusted_certs/

BossingAround4y ago

If you mean the Docker client, Podman comes to mind. Honestly though, if you don't like Podman, I'd recommend Minikube.

If you mean the Docker registry, there are a number of alternatives, like quay.io or MCR.

[1] https://github.com/opencontainers/runc#introduction

[2] https://containerd.io/

Ericson23144y ago

If you aren't looking for narrow replacements, the Nix ecosystem will be much better for you than Docker ever was.

throw031720194y ago

If you don’t have 10M ARR or 100s of employees, I think you’re fine.

fhaldridge74y ago

The docker registry is easy to self-host for development purposes (https://docs.docker.com/registry/). Securing it for production is another topic though.

If you use Kubernetes you can self-host the registry and use Harbor (goharbor.io), it supports security scanning of images and can sign them too.

shci4y ago

On macOS you can always run things in a VirtualBox VM if you're only concerned about Docker Desktop, not Docker itself.

Here's a convenient installer for that: https://github.com/dziemba/mobymac

It does however have some rather annoying limitations. Also no Apple Silicon support.

zamalek4y ago

The docker daemon is easy to install on any *nix. Docker desktop doesn't really actually do much.

If you're on Windows, you'll need WSL. Enable remote daemon access on the internal IP, then install the CLI (scoop or chocolatey) and set your default context to your WSL instance.

snicker74y ago

1 more reply

mahalol4y ago

I've had a bit of a play with Singularity containers and thought they were quite cool. Popular in the science circles but not so much anywhere else. I wonder why.

fouadf4y ago

Has anyone tried https://cloud.google.com/container-registry?

Seems cheaper than docker

Datsundere4y ago

you don't need docker if you're developing ruby/rails apps

j / k navigate · click thread line to collapse