Docker Alternatives

[00:00:00]
>> Brian Holt: I've now talked to you about Docker, I've talked to you about Kubernetes Compose, Docker Compose, I feel like it's useful for me to kind of talk about if you're not using Docker or what else you would be using. I have far less experience with this because Docker is so popular.

[00:00:18]
I will say, since I last saw this course, there really wasn't alternatives, it really was just Docker, was pretty much the only game in town. I mean, there was RKT and some other stuff like that, but really, everybody was using Docker. I will say that's not necessarily true anymore from the perspective of running containers in production.

[00:00:39]
There's tons of viable alternatives that are not Docker. I will still say that anything running locally on your computer, Docker is still definitely the biggest game in town, and for good reason. It has good developer experience and they care about that. Let's just kind of dive into to that for a little bit.

[00:00:56]
Let's talk about some alternatives to Container Builders, really the only one that I found that I would endorse would be Buildah, which is supposed to be said, Buildah with a Boston accent. That's on their docs, I didn't make that up. This is what would replace docker build instead of saying, we said docker build, tag this with this docker file.

[00:01:18]
Buildah does that but without Docker, right, it has its own thing. So it can read Dockerfiles just fine, and you'll end up with a built container. They'll end up in a different format and you can have build to build things to be used with Docker, but usually you're building them with something that's called OSI style containers.

[00:01:43]
I forgot what that stands for, OSI, is that Open Container Initiative? I guess it's OCI, yeah. OCI is Open Container Initiative. It's like a style of making containers that generally are fairly interoperable between Docker and other things, but there are some differences there in terms of how they're just packaged.

[00:02:06]
So that's what Buildah was built for, was to build stuff for OCI style containers. And it does have objectively the best logo, okay. Though I do like the docker whale, right? Which I think is pretty cool. So, container runtime tools. So this is generally things that are gonna replace docker run, cuz Buildah has no capability of running containers.

[00:02:34]
It just builds, that's the only thing it does. And it does bear mentioning that Buildah is maintained by Red Hat/IBM because they just got bought, right? Podman is really the big one that people talk about here. Podman and Buildah are two tools, they're two Buildahs in a pod, right?

[00:02:53]
Two containers in a pod. That it's also maintained by IBM and Red Hat but, yeah, that's what Podman is for. Docker relies on having a daemon in the background, a daemon being a background process to run as containers. The interesting thing about Podman is it doesn't, it runs them directly without any sort of background process that's handling that.

[00:03:19]
That's the major difference that people will cite between the two. I'm sure that's important to someone, it's not important to me. Colima is another one. This is just an open source project, and I think this is mostly oriented towards macOS. Never used it, but people kept mentioning it in blog post I was looking at so I checked it in here.

[00:03:42]
And then rkt was the one from CoreOS, I talked about in my last course, it's now, I think officially deprecated and has been for some time. Yeah, you can see this repository has been archived. So it's gone, cuz CoreOS got bought by Red Hat, Red Hat got bought by IBM, and just in the shuffle there, they stopped maintaining it.

[00:04:01]
I think rocket was how you used to say that. Okay, and so now there's containers actual runtime of what's actually executing your container underneath the hood. There's containerd or co containerd depending on who you ask. This is an official project from the Cloud Native Foundation as well. Yeah, Cloud Native Computing Foundation, CNCF.

[00:04:27]
This is actually what Docker uses underneath the hood and you can use containerd without Docker, which is why it bears mentioning. Yeah, Docker has a really in-depth explanation of what is Docker and what is containerd, if you're interested in that, and this was written by Savannah. Savannah used to work at Microsoft together, she's great.

[00:04:47]
You will see a lot of people these days are moving to gVisor, and away from containerd. I'm not gonna pass any judgment of what I think is better and what is not. GVisor is made by Google and it's meant to be extremely security-oriented, because that's generally what Google cares about in their infrastructure.

[00:05:05]
So, I'm not gonna tell you too much about what the difference is, cuz honestly, I don't know. The only thing I'll comment is that, companies that I know and interact with, I've seen a lot of them getting moving towards gVisor. And then kata was another one that bears mentioning.

[00:05:23]
You're controlling full on VMs with something like Docker. One of the things that they say is, we don't expect you to put everything in kata containers, that's a bad idea. Only use it for the exact things that need to be in a full-on VM, and you need that full isolation from everything else.

[00:05:43]
Everything else should still be in containerd or gVisor, or whatever you're doing. So, I thought that was a cool idea, I thought it was worth mentioning. Let's talk about some orchestrators, which is what Kubernetes is. So this is, yeah, alternatives to Kubernetes, Mesos has been around forever, I believe it's older than Kubernetes.

[00:06:07]
It's certainly older than Kubernetes. I don't know if it's older than Borg, which is what Kubernetes is based off of. So all of Google's template structures is run on something called Borg. Kubernetes is then taking Borg out of Google and making that available to everybody. But everything inside of Google still runs on Borg cuz Kubernetes still different enough.

[00:06:26]
Before that there was Mesos, and they actually tried to deprecate this some years ago, and there was an open revolt of people's, we love Mesos and we wanna use it. The only thing that I've heard about people that work with Mesos is just, it's so complicated. So don't know anything about it, but it is still widely used.

[00:06:50]
And it's Apache project so you know it's gonna be well maintained. Docker Swarm, initially, Docker fought pretty hard against Kubernetes and the incoming tide of Kubernetes. So they release Swarm which was their competitor to Kubernetes and they lost. So Swarm is still out there, it's still used for some things, but I don't use it personally.

[00:07:17]
Nowadays if you're planning on using Swarm I would say, use Compose locally and then Kubernetes in production, and Swarm is somewhere in the middle of those two. Okay, OpenShift and Rancher, I'll just talk about those together. They're both Kubernetes projects, they're both layers on top of Kubernetes. OpenShift is Red Hats version of it, it sits on top of it and add some more features like CI/CD that Kubernetes doesn't have built into it.

[00:07:42]
And then ranchers from SUSE, as in the people that make SUSE Linux. And it's just on top of Kubernetes as well, but it adds things like Guis and some ability to host things and it has a tight integration with SUSE as well. And then Nomad, Nomad is basically saying, we think Kubernetes is too complicated.

[00:08:05]
You just wanna run some containers or production, that's what Nomad does. They didn't get the traction that I think they wanted with Nomad. Yeah, simple and flexible scheduling for containers, that's exactly what it is. Cuz Kubernetes just kind of took over the whole industry. But it's still out there, they still maintain it.

[00:08:26]
And again, well, I guess they're also now owned by IBM, right? HashiCorp got bought by IBM, so OpenShift now and Nomad are technically the same company. Hadn't really thought about that, but that's now true. Some alternatives to Docker Desktop, there is Podman Desktop, never used it. But if you're interested in that, that's also there as is Rancher Desktop.

[00:08:57]
And again, all still basically the same thing, just with Ranchers flavor on top of it. So any questions? Anything I didn't cover that you think is interesting?
>> Student: How do you recommend managing secrets in Docker or with Docker Compose?
>> Brian Holt: It's a good question Docker secrets is perfectly viable.

[00:09:24]
My last company, which was Snowflake, we used that quite extensively to manage all of our secrets to great success. So that is perfectly viable if you're into into that, if you're not into that the other one that I have used is a Vault from, also from HashiCorp. HashCorp Vault, Which is this one.

[00:09:49]
This was very easy to use. I've also used Azure Key Vault, cuz I worked there. Also worked very well, no problems with that. Key Vault definitely has some really cool features with it, and then anything built by HashiCorp. I mean, we'll see how IBM treats them. But I have a lot of faith in Mitchell, cuz every time Mitchell, you came to Salt Lake City I used to hang out with him.

[00:10:12]
Just a fantastic engineer, and so anything that he was overseeing, which he oversaw the development of this was always great, so. Those are three that I know of and have used. If you're gonna ask me anything beyond some developer niceties that each one of them has, I don't know.

[00:10:31]
But I have faith that any one of those three would work really well.