Should you ditch Docker?

Docker has been the de facto standard for containerization for quite some time. However, the time has come to rethink this. When Docker was introduced around 2013, it was an instant hit because it perfectly served its purpose, and there were not many alternatives that could deliver equivalent performance. It is very similar to virtual machines in functionality, but since all containers share the kernel and hardware resources with the host operating system, it is very lightweight on the machine and easier to deploy. It was one of the few successful projects written in Golang in its initial days.

Presently, Docker is no longer the default option if one chooses to use containers. The Open Container Initiative (OCI) (https://opencontainers.org/) has defined the basic structure for containers to follow. There are quite a few products available that adhere to the OCI standards, and in most cases, you can easily migrate from one system to another. For a list of alternatives, please check here: https://spacelift.io/blog/docker-alternatives.

Red Hat introduced its own alternative, called Podman. Red Hat aimed to create a more secure and lighter tool that could provide similar functionality. It has addressed several drawbacks present in Docker.

Docker uses a single daemon. All containers are managed by this daemon, which runs as root by default. This means that if this daemon crashes, all containers are affected. Also, running with root privileges always carries a security risk.

Podman, on the other hand, employs a daemonless model. All containers run as child processes of the invoking command. Since it is rootless by default, containers survive in case of command termination. Practically, there is no single point of failure.

Docker relies on containerd and runc as its container runtime stack, whereas Podman directly interacts with runc.

Unlike Docker, Podman uses Container Network Interface (CNI) plugins for rootless networking.

Podman focuses more on Kubernetes compatibility and does not support Docker Swarm.

The introduction of a subscription model for using Docker packages might be the key catalyst for the adoption of Podman in Red Hat Enterprise Linux (RHEL) systems. As of today, for most users, Docker and Podman will appear similar. In any RHEL system, you can use both docker or podman commands. Docker is not present on RHEL 8.x onwards, but Podman will interpret all the docker commands and perform tasks similarly. There will be a small warning text, which can be disabled easily.

Docker images are created from Dockerfiles, whereas Podman creates images from Containerfiles, but both these file formats are syntactically identical. Both systems can pull or push images from Docker Hub. Since both systems follow the Open Container Initiative, images are interchangeable between them.

In conclusion, while Docker established itself as the pioneering force in containerization, the emergence of OCI standards and tools like Podman offer compelling alternatives. Podman's daemonless architecture and rootless operation address key security and reliability concerns associated with Docker's traditional approach. The interoperability of container images due to OCI compliance allows for a smoother transition and greater flexibility in choosing the containerization technology that best suits specific needs and environments, particularly in systems like RHEL where Podman is now the default.