Docker has been the most popular tool for managing containers. It has become synonymous to containers.
But Docker is not the only tool you can use for Linux container management. There are several other tools you can consider using instead of Docker.
In this article, I am going to list such container tools.
What do you mean by "Docker replacement"?
To understand the above notice, you need to understand what Docker does. Below is a non-exhaustive list of the things that Docker does:
- Provide a container runtime
- Manage containers by being a container engine
- Mange (pull/push) container images
- Create new/custom container images
- Container orchestration
Up until now, there isn't a single piece of software (except for Docker) or multiple tools branded under the same name that provides all of the above features.
But there are individual pieces of software that perform one or more of the above-mentioned tasks.
I am going to list Docker alternatives based on different criteria. This will be more accurate as there are no exact Docker alternatives.
Docker alternatives: Container runtimes
Let me give you an analogy to help you understand what a container runtime is.
Say you have software that is written in the Python programming language. To execute said software, a Python Interpreter is absolutely necessary. Similarly, you need a container runtime to execute what is in the container image(s).
There are multiple alternatives to the container runtime provided by Docker. Below are a few of them:
crun is an OCI compatible container runtime offered by Red Hat as an alternative to Docker's container runtime. It is fast and lightweight. It is written in the C programming language and is the default container runtime for the Podman container engine.
Youki is an OCI compatible container runtime, aimed as an alternative to crun, but it is written in the rising-in-popularity Rust programming language. It can replace crun as a container runtime for the Podman container engine. Though it has some rough edges with root-less Podman. This is a work-in-progress project.
runc is a container runtime that is OCI compatible and is offered by OCI (Open Container Initiative) themselves.
LXC is a container runtime that provides an interface to the Linux kernel's containment features like Kernel namespaces, chroots, Kernel capabilities, SELinux/Apparmour profiles, etc. This is the default container engine used by the LXC container engine.
containerd: A container runtime that touts features like simplicity, robustness and portability.
Docker alternatives: Container engines
Now, you have come to the container engine aspect of alternatives to Docker. Most people use this aspect of Docker the most. But what is a container engine?
A container engine is the tool that creates a container, attaches peripheral I/O like networking, mounting storage volumes, handing communication between the outer world (outside the container) and the container, handling secrets, and much more. This also includes tasks like starting, stopping and deleting containers as per the user's demands.
A container engine is usually responsible for fetching necessary images too.
Now that you know about what a container engine is, let us take a look at a few software projects that are advertised to be container engines.
Podman: Podman is a container engine that is highly endorsed by Red Hat as an alternative offering to Docker as a container engine. It runs on top of either crun or Youki container runtimes. Podman offers you to create container without the need of
root access, it has a daemon-less architecture and much more.
LXD: It is a container engine that sits on top of LXC and it's main purpose is to manage complete Linux distributions. It is also used to manage Virtual Machines.
OpenVZ: OpenVZ allows you to run Linux containers with independent users, memory, processes, etc as separate Virtual Machines.
Docker alternatives: Container image management
Creating a container is impossible if you do not have an image to use. Docker's all-in-one approach means you only needed Docker up until now to create your custom images.
But there are various projects out there that provide a better, more interactive experience of building images. Below are some alternative tools to Docker in this aspect:
Buildah creates OCI compatible images either based on a spec file (Dockerfile) or you can interactively build an image step-by-step. This helps you understand more clearly why a step in building an image is failing. You can even pick up from a previous build command.
skopeo: Though skopeo is not--in a pedantic representation--a tool for building images like buildah is, it has a lot of capabilites for inspection of images, even remote images! Skopeo is also used for publishing newer versions of an image or new images to remote registries like
BuildKit: This is an alternative image builder bundled in with Docker since release v18.06. It's biggest features are concurrent building and being very efficient with cache, using it as much as possible and decreasing build times. It can create either OCI compatible images or Docker compatible images.
Kaniko is a tool that is used to build container images from a Kubernets cluster. Meaning, it does not require the Docker daemon to exist and all of it is done in userspace. It is an unofficial offering from Google's engineers.
Docker alternatives: Container orchestration
What you have covered so far were only the basic aspects of Docker. The real advantage of Docker comes into play when big enterprises/data-centres make use of the
docker swarm tool to manage containers across multiple machines called nodes. This is called container orchestration.
Let's take a look at some alternatives to the container orchestration offered by Docker:
Kubernetes is an extremely popular free and open source software tool that is used for scaling your containerized software and deploying it on multiple network nodes.
OpenShift is more of a software distribution rather than a single piece of software. It builds on top of Kubernetes and offers an OS-like software that can be deployed at scale.
Since you have read up until now so patiently, I want to let you in on a few gems that will help you with container management.
conmon-rs is an excellent container monitor. Used commonly with the Podman container engine, it is used to check and manage the health of individual containers along with pod-level health monitoring.
The Podman container engine has a notable absence of the ability to create containers based on the
docker-compose.yml file. The
podman-compose tool helps bring Podman in feature parity to Docker.
The dive tool allows you to explore every layer of a Docker image, and assess its contents. This can also be used to check what is taking up so much space in your images and trim it down.
This article covers various options you have for replacing all of Docker's functionalities since Docker has an all-in-one approach to containerization software. Many alternatives are already either in feature parity with Docker or are even better--depending on your use case.
I encourage you to take a detailed look at the discussed alternatives and make the decision on your own accord! :)
Join the conversation