The Docker platform is all about app containers and containerization. If you’re new to containerization, it is a way of packing a software application and all its dependencies into a single image. Containers allow users to separate an application from its infrastructure, so the app works in a predefined way regardless of the environment.
While other types of containerizing software exist, Docker’s products and services are expected to change drastically by the end of 2022. How, you might ask? Not so long ago, Docker was a free open source platform preferred by developers. But starting from 31 January 2022, the new Docker Desktop subscription policy requires licensing for the commercial user. So what’s the confusion?
Should we panic about this licensing update and start choosing an alternative to Docker Desktop? Let’s find out.
Docker and the Container Ecosystem
According to IBM, a container is a separate unit of software that stores an application’s code, its libraries, and dependencies.
There is a widespread misconception that Docker is all about containers only. Well, that’s not true and Docker is only part of the container ecosystem that consists of large, different projects. What unites the two is the requirement to meet the Open Container Initiative (OCI) and Kubernetes Container Runtime Interface (CRI) standards.
What are Containers Used For?
Containers are mostly used in the following scenarios:
- In the cloud migration process for legacy software modernization.
- In the microservice architecture. When applications are split into smaller and independent services, containers are essential in deploying and maintaining the provider’s services.
When used in the ways mentioned above, containers solve the following problems:
- Setting up an environment for new software development.
- Building and compiling software applications.
- Running and testing an application in different environments.
- Deploying the application in a cloud platform such as Kubernetes or AWS.
- Running third-party software.
What is Docker?
Docker is a simplified platform for development, shipping, and running containerized applications. The platform provides an open-source engine that automates the deployment of any application in a lightweight, self-contained space for on-premises and cloud use.
Docker architecture overview
Docker was the first company to ever package the advanced Linux kernel features. This made development and deployment faster. Instead of building an entire server from scratch to run a service application, you could run a Docker container image on the host and start the application, using a few host resources in multiple environments.
An image is a read-only, organized collection of filesystem changes that form the basis of a container. A containeris a runnable instance of an image. Each container has itsown filesystem, memory, and network interface. Also, containers are much lighter than virtual machine (VM) images.
Containerization is a relatively new concept in software development, and we’ll show you how it works in the case of Docker.
At the heart of the Docker ecosystem is the Docker Engine which is a container runtime. A container runtime is a software tool for loading container images, monitoring, isolating system resources, and managing the container lifecycle. It allows you to create and run containers on any development machine and then store or upload container images through a container registry such as Docker Hub or Azure Container Registry.
Docker Hub is a service provided by Docker for finding and sharing container images.
As applications grow and start to include containers deployed on different servers, they get harder to work with. Everything from coordinating to planning the use of vast numbers of containers, organizing how these containers interact with each other, as well as scaling multiple container instances become harder than they should be.
Kubernetes in Docker
Docker provides the Docker Compose tool for defining and running multi-container applications. Docker Compose enables the deployment and configuration of multiple containers simultaneously. A better solution would for large systems would be using Docker for containerization and image creation. For container management, use more specialized software tools called orchestrators.
Kubernetes, also known as K8s. It was developed by Google to manage, automate, and scale containerized applications. Essentially, Docker and Kubernetes are often used together in projects. Docker simplifies the process of creating containers, while Kubernetes takes over the management of the containers. That’s considered the main Kubernetes vs Docker difference.
Docker Issues and Possible Solutions
Docker products are on a whole new level. Portability, isolation, scalability, consistency, repeatability, and automation are just a few features you can expect from Docker tools. Their widespread use and the existence of a powerful community speak for the company.
However, there is still a downside to using Docker tools. Below are some of the most common reasons why developers would look for Docker container alternatives:
Containers have a weak point in the connection between services when it comes to routing, security, or detection. There is limited security in the Docker architecture itself. A user with access to the Docker daemon has root advantage over the host system. Additionally, there is no division of containers between different users on the same system. Everyone can see all the containers running on the host system.
Solution: Use next-generation alternatives, which are initially aimed at better safety and ease of use. A good example is Podman, a great Docker open-source container alternative with no daemon at all.
Docker can’t manage the container launch order. Though it has an orchestration tool called Docker Swarm, its functionality is limited compared to powerful orchestrators like Kubernetes. Besides, Docker Swarm works only with Docker containers.
Solution: Use Docker alternatives like Kubernetes for container orchestration. Kubernetes supports multiple container types: Docker, containers, CRI-O, and any solution that corresponds to the CRI standard.
Docker does not provide 100% isolation of resources between containers. And, there could be a mess in the images repository as all the users have the power to change something.
Solution: Use next-generation alternatives aiming at better safety and ease of use. Unlike Docker, Podman stores images and containers in different directories. The Podman repository is in the user’s home directory. Each user has his own, separate set of containers so that several users can work on the host simultaneously.
The Docker daemon service is responsible for all the work with registries, images, containers, and the kernel. But, a single service means an increased risk of failure. When a daemon process fails, all the running containers are left on their own.
Solution: Use containerization tools that have no daemon — for example, Podman.
Docker interferes with the system firewall by adding its own firewall rules to the system. There is no reliable way to manage network access to the container through the firewall. Additionally,, there is an issue when combining Docker with other services that try to manage the firewall, for example, with a VPN client-server.
Solution: Deny the Docker daemon service the permission to make changes in the system’s firewall. Instead, create all the necessary rules manually.
Docker Hub Issues
Docker Hub registry contains both official and non-official images. Most of the non-official images are poorly built and have vulnerabilities. The authors of such images usually don’t provide any quality guarantees or support either.
Solution: Whenever possible, build any image used in the project yourself and put it in your own registry for Docker images. Never run randomly selected images on your system.
There are multiple ways to install Docker. But some features may stop working or may work unexpectedly when doing the custom installations.
Solution: Always install Docker tools according to the instructions from the official Docker site.
With all these unresolved issues, it’s no wonder companies and development teams are always in search of other alternatives to Docker containers. Besides, these problems were exacerbated by the latest announcement from the Docker team — Docker Desktop — when it announced that part of the Docker ecosystem, is no longer free for everyone.
Docker Desktop and What Has Changed
Docker Desktop has recently caught the attention of the container community after the new changes in its subscription policy.
Docker Desktop (DD) is an all-in-one application for Mac or Windows environments that enables building and sharing containerized applications and microservices. Docker Desktop includes Docker Engine, Docker CLI (Command Line Interface) client, Docker Compose, Kubernetes, just to mention a few.
Docker Desktop on Mac and Windows is a way to run Linux (create a Linux VM) so that Docker Engine can work.
What has changed in the Docker licensing policy?
The Docker company recently announced that it would be making changes in its Docker Desktop subscription terms. Docker Desktop is the only Docker solution without a complete alternative yet. The new changes were announced on August 31, 2021, with a grace period up to January 31, 2022. During this period, Docker Desktop users need to decide on a subscription plan if they want to continue using the Docker Desktop license. Otherwise, they will have to switch to other Docker Desktop alternatives.
The officials expressed that these changes are vital to the improvement of their product and scaling their business. With Docker Desktop now reaching have 3.3 million installations, the company is one big step closer to its goals.
The New Subscription Policy
Back to our topic, only the Personal subscription plan is free — it is available for small businesses, individual use, and non-commercial open-source projects. If a company has more than 250 employees or its revenue greater than $10 million, it will have to use one of the paid subscriptions: Pro, Team, or Business. Simply put, large business users must go for a Docker Desktop enterprise license to get additional features — secure software supply chain management, centralized policy visibility, and controls. Smaller businesses will enjoy Docker Desktop for free.
Note: If you don’t need Docker Desktop, then nothing has changed for your business.
If you don’t need Docker Desktop, then nothing has changed for your business — you can still choose any tool (Docker, Podman, CRI-O, etc.) for container creation and orchestration.
Most of the extra features provided by the Docker Desktop paid plans involve using the Docker Hub images registry. For example, the ability to scan images from the Docker Hub for vulnerabilities. But normally, companies use registries provided by Cloud vendors.
When do you really need Docker Desktop?
Docker Desktop is for people who crave a simplified installation process but don’t want to use the command line. Docker Desktop facilitates easy Docker setup and integration with WSL (Windows Subsystem for Linux).
Speaking of Linux, Docker Desktop may still not be fully available for Linux users. The thing is DD is supported on Mac and Windows only. But to use Docker in non-Linux operating systems, developers need a Virtual Machine and that’s what Docker Desktop does. Everything else (Docker CLI, Docker Engine, and other Docker tools) remains free and open source under the Apache v.2 license.
Docker Desktop Alternatives
Read the full article on ModLogix.