Docker Considered Harmful

A note in advance: This is absolutely not about Docker being too "opinionated" for me, or other tools being more flexible. I believe that learning and using Docker is just plain more complicated than learning and using the tools I describe below. Docker is genuinely more complex and harder to use than the alternatives. These tools also happen to be more flexible than Docker, but that's not why I'm recommending them: I'm recommending them because they are simpler to learn and use. If they are indeed more flexible in addition to being simpler to use, then that's just due to an overall superior design.

First, a brief explanation of how containers work. Linux containers1 are built on two kernel features, namespaces and cgroups. Their architecture is quite easy to understand.

I encourage everyone to read the main namespaces man page: man 7 namespaces. It's well written and makes it easy to grok the concept. If you create a new instance of all2 of these namespaces, you have something like a container.

Leave a Comment