When not to use Docker and how to choose an alternative
Docker might be the default for container orchestration, but what if it doesn't meet your needs? Explore why Docker might not be the right fit and what might be.
To most IT professionals, "container" means Docker. But Docker's widespread popularity doesn't mean it's the best choice for every shop.
Docker is a comprehensive container system with loyal and active developers and users. None of Docker's competitors has its breadth of support, which is why Docker is the default choice for container users. But organizations concerned with security or portability should consider alternatives, such as Podman and containerd.
When should you not use Docker?
The first step in deciding whether to use a Docker alternative is to inventory where you expect your applications to run. What specific data center hosting platform do you use and what public cloud container services are you considering? Docker containers are compatible with almost everything, but the same might not be true for Docker alternatives.
Second, consider whether container orchestration is important. The container orchestrator Kubernetes is almost as well known and widely used as Docker. If you're a Kubernetes user, you might still want to use Docker, but Docker's advantages over other container systems diminish when a container orchestrator manages the environment.
A large part of Docker's value is that it's a complete ecosystem. Organizations that don't need that ecosystem -- either because they've selected Kubernetes orchestration or because they don't need complex orchestration at all -- will likely find looking beyond Docker more valuable.
The final consideration when deciding whether to use Docker is application specialization. It's tough to beat Docker's broad support and qualified expert base for general containerized applications, but there are specific situations where a less popular option might be better.
Considerations when choosing a container system
Alternatives to Docker tend to address specific areas where Docker lacks, and most shops that decide to look beyond Docker for container systems will justify their decision based on these factors.
Security is often a top concern with Docker, and it's an area that alternative technologies address. Podman focuses on security issues, providing user isolation and eliminating dependence on root access.
Unlike Docker, Podman doesn't require sharing process ID namespaces because it uses a daemonless rather than client-server model. For applications that demand the highest level of security, Podman is a great alternative to Docker.
It's hard to beat Docker when it comes to portability. Docker is efficient in abstracting containerized elements from their environment, something that the popular alternative LXC/LXD doesn't do as effectively.
However, containerd does an even better job than Docker in this abstraction. For containerized applications that must be portable across multiple OSes, containerd might be a better choice.
In addition, because Kubernetes is so dominant among container orchestration users, migrating from a simple container system to Kubernetes can be an issue. Podman, as its name suggests, supports both pod and container deployments, making it easier to migrate to Kubernetes.
Performance and efficiency
Podman, LXC/LXD and containerd are often easier to adopt as initial container models and are satisfactory for basic container applications overall.
Migrating out from Podman to Kubernetes orchestration is easier in most cases, and Podman and Kubernetes can coexist in an installation with minimal issues. For execution performance, it's difficult to get comprehensive data, but Docker is as fast as any alternative and perhaps a little faster than Podman.
LXC/LXD is a kind of waystation between a container system and a VM, and it might benefit applications that need lower overhead and tighter integration with hardware. However, it's not an easy framework to implement.
Docker's weaknesses compared with competitors
Where does this leave us? Comparing the alternatives, Podman is the best overall. For organizations choosing not to use Docker, Podman will likely offer the most compelling benefits over its more popular competitors. It's also straightforward to evolve from Podman to a Kubernetes environment.
Containerd began as a piece of Docker, and Kubernetes adopted the containerd piece without the rest of Docker. As a result, it's also possible to migrate from containerd to Kubernetes. However, containerd is often used with other elements of the container ecosystem rather than by itself, which calls the effectiveness of that migration into question. The best reason to adopt containerd rather than the entire Docker framework is if you need a simple, limited container environment.
Adopting LXC/LXD is a good strategy for IT teams whose skill levels are high and who manage applications that require an almost-VM strategy. For example, LXC/LXD can run multiple OSes on a host, if that's a requirement. Containerd is an excellent alternative for basic container applications that require a special OS relationship, but it's more difficult to understand, adopt and support than Docker or the other options.
The future of container systems
So, when should you use an alternative instead of Docker? The short answer is when you have to, because Docker's ubiquity and breadth of capability are currently impossible to match.
Today, picking an alternative container system is usually justifiable only for high-security and specialized applications. But Podman in particular is gaining traction, and before long it might match or even surpass Docker. Keep an eye on it if you're planning extensive container use.