# Why I don't use Docker

May 1, 2021

If you have been to Ops industry for at least some time, you've probably heard of Docker - a tool that allows to "containerize" your (usually web) application so it can be more easily distributed and deployed.

To be honest, I was using Docker for some time after I first heard of it (about half a year ago), but after some time I found out that it was not as great as it's marketed and dropped it from my infrastructure.

## Easy development/production setups with good documentation

One of the main selling points of Docker is that you can setup a development or production environment in just a couple of clicks.

If you can provide good documentation on how to build and run your thing, there's no need for Docker at all and it would be much easier to package that, too.

As examples, check out installation instructions for gobin and gtranslate:

=> gobin installation

=> gtranslate installation

That's not to mention that Docker is pretty slow when it comes to building containers, whereas native solutions are much faster, simpler and easy to fix when something goes wrong.

## Docker itself is a lie

If you look under the hood, Docker is a wrapper around containerd, which is a wrapper around runc library which basically gives interface to Linux unshare syscall and cgroups.

=> unshare(2) man page

From this we know that Docker is nothing more than a fancy frontend for unshare + cgroups. And everything that Docker can do is possible without any complexity that it introduces.

Check out bocker to see how most Docker features can be implemented:

=> bocker - Docker in ~100 lines of Bash

## Not exposing internal services

One feature that Docker also provides is making an internal network for your databases and such so they are not accessible from the outside world.

This is possible without Docker too. The best solution is to make that service run on a Unix socket rather than the network and then use it to connect. And where this is not possible, use a firewall to block incoming connections to that port from the outside. Easy!

For example, to block connections to PostgreSQL server with Uncomplicated Firewall:

$ ufw deny 5432

=> UFW manual

## Easy updates

One of other features that Docker offers is that you can easily upgrade your services without breaking anything in the process. And, guess what, you don't need to have Docker for that either - just use your system's package manager. This also gives the benefit of updating everything in one go, instead of having basically two separate systems (host and the container).

Some popular services are already packages for your distribution packed with example configurations and init scripts. If the one you want to install doesn't, it shouldn't be that hard to make a package for it.

## Conclusion

Most of the things Docker offers, are possible without it and sometimes work even better. If you primarily use Docker for your service, that's not an issue, but please document the normal installation process without it.