What do you think of Docker?

bobemoe · 2020-12-14 16:41:55

I'm posting this because I've started using Docker a lot lately, mainly on my Devuan servers, and beginning to on my Devuan desktops at home, and it crossed my mind, "What's the point of running Devuan to avoid systemd, if I'm just going to end up having it in various containers!?"

After a bit of research I found that systemd isn't actually inside many containers, its a pain to do so, and pretty pointless! That gave me hope that Docker could be something good. Containers may even be a reason for packages not to adopt systemd

So I'm on the brink of embracing Docker, and I find that kubernetes is deprecating Docker: https://kubernetes.io/blog/2020/12/02/d … nd-docker/

Will Docker take a big hit with this? Is this the right time to be embracing it? Are there better containers systems to be investigating?

Are their reasons genuine or is it sneaky move to force the direction of adoption, similar to how systemd does?

Thoughts?

Head_on_a_Stick · 2020-12-14 18:47:02

bobemoe wrote:

systemd isn't actually inside many containers

Yeah, docker's default image is based on Alpine Linux and that is fundamentally incompatible with systemd because it uses musl libc.

bobemoe wrote:

Are there better containers systems to be investigating?

There's systemd-nspawn

But seriously, how about LXC? I don't actually run any servers though so my opinion is pretty worthless.

bobemoe wrote:

Are their reasons genuine

Yes, docker is superfluous and just adds an extra layer to Kubernetes' container system:

https://www.tariqislam.com/posts/kubernetes-docker-dep/

bobemoe wrote:

is it sneaky move to force the direction of adoption

Probably.

bgstack15 · 2020-12-14 21:29:34

From what I read, I was under the impression that k8s was removing a specific layer of code that interacts with Docker. You will still be able to use Docker components underneath k8s, because they both use CRI (container runtime interface) protocols. https://news.ycombinator.com/item?id=25280888

bobemoe · 2020-12-16 12:20:03

Head_on_a_Stick wrote:

bobemoe wrote:
systemd isn't actually inside many containers
Yeah, docker's default image is based on Alpine Linux and that is fundamentally incompatible with systemd because it uses musl libc.

But the ubuntu and debian base images are quite popular which is where I'd expect systemd to try and sneak/force its way in!

Head_on_a_Stick wrote:

bobemoe wrote:
Are there better containers systems to be investigating?
There's systemd-nspawn
But seriously, how about LXC? I don't actually run any servers though so my opinion is pretty worthless.

Sweet, I'd not heard of this, thanks. I'll research this before going down the (dying?) docker route.

Head_on_a_Stick wrote:

Yes, docker is superfluous and just adds an extra layer to Kubernetes' container system:
https://www.tariqislam.com/posts/kubernetes-docker-dep/

Looks a good read, will have a proper look soon, thanks again

bgstack15 wrote:

From what I read, I was under the impression that k8s was removing a specific layer of code that interacts with Docker. You will still be able to use Docker components underneath k8s, because they both use CRI (container runtime interface) protocols. https://news.ycombinator.com/item?id=25280888

Thanks also for another good read. I guess I'm still a way off making a decision!

Think I'll have to have a play with Kubernetes then and LXC. Would these be a good choice to maintain software freedom? And maybe ditch Docker.

Head_on_a_Stick · 2020-12-17 17:49:27

Interesting article just published:

51% of 4M Docker images have critical vulnerabilities

Probably best to just roll your own containers then...

bobemoe · 2020-12-20 12:58:31

Just had a bit of a read up of LXC / LXD and while it looks pretty cool, it seem Canonical are heavily involved! They ruined Ubuntu for me with their crazy Unity interface. I wonder what direction this is going in!? Looks like LXD is their version of LXC, but they are still "sponsoring" the whole project?

Mmm yeah I was wondering about how much to trust containers, Having and understanding the workings of Devuan on the host for privacy/security/trust reasons and then allowing a black box container to run... hmmm.

Rolling my own sounds like a possible solution. I see there are a few non official Devuan base images. But can we trust any of them? I wonder how I'd make my own, or would it be an idea to encourage an official build?

Last edited by bobemoe (2020-12-20 12:59:19)

Head_on_a_Stick · 2020-12-20 13:46:15

bobemoe wrote:

I wonder how I'd make my own

https://docs.docker.com/develop/develop … aseimages/

bobemoe · 2021-01-16 16:45:20

Well that was easy

debootstrap beowulf beowulf
tar -C beowulf -c . | docker import - beowulf
docker run beowulf cat /etc/os-release

Should be easy to automate.

So do you think we could see an official image?

Head_on_a_Stick · 2021-01-16 19:12:01

I have no idea but I think the developers' resources are pretty stretched as it is so working on Docker infrastructure might not be a priority.

Last edited by Head_on_a_Stick (2021-01-16 19:12:09)

Spock · 2021-04-06 16:24:49

Maybe I'm getting old (or too paranoid) but I dont really trust these container software thingies.

The officially official Devuan Forum!

#1 2020-12-14 16:41:55

What do you think of Docker?

#2 2020-12-14 18:47:02

Re: What do you think of Docker?

#3 2020-12-14 21:29:34

Re: What do you think of Docker?

#4 2020-12-16 12:20:03

Re: What do you think of Docker?

#5 2020-12-17 17:49:27

Re: What do you think of Docker?

#6 2020-12-20 12:58:31

Re: What do you think of Docker?

#7 2020-12-20 13:46:15

Re: What do you think of Docker?

#8 2021-01-16 16:45:20

Re: What do you think of Docker?

#9 2021-01-16 19:12:01

Re: What do you think of Docker?

#10 2021-04-06 16:24:49

Re: What do you think of Docker?

Board footer