As we all know, Docker has developed into one of the core technologies of cloud computing worldwide.
As a popular container management technology, Docker’s greatest strength is its ability to separate applications from computing environments, allowing developers to use different technologies on the same computer. With Docker, developers can have applications running Python, Ruby, PHP, Node JS, or any other language on the same server, and install each application in a separate container with a separate database engine.
However, Docker’s latest terms of service, which took effect on August 13, have drawn wide attention from the domestic IT industry. The provision makes it clear that Docker’s service is off-limits to entities on its “entity list” in the Us.
At present, Chinese IT companies are included in the trade control “entity list” of enterprises including: Huawei, Sensetime, according to the graph, Megvii, Hikon Vision, Dahua, IFLYtek, AIU Cupressoke, Yixun Technology, Qihoo 360, The Signal Technology Group, Eastern netpower, dacati technology, cloud from the technology, In the division of dawn, haiguang, etc.
Moreover, there is no rule out that more Chinese IT companies will be invited into this “entity list” in the future.
While the entity list ban is limited to Docker’s business edition and other Docker services, such as Docker Hub, it still casts a shadow over Docker’s future in China.
Moreover, some insiders point out that the most valuable thing of Docker is not the Docker software itself, but the Docker Hub.
Open source, for now, is still the safest option. The Linux Foundation’s recent white paper “Understanding Open Source Technology and U.S. Export Control” points out that the EAR explicitly exempts most software and technologies in open source form.
For domestic IT enterprises and network security enterprises, Docker’s “entity list” embargo has actually been a wake-up call that IT is time to start evaluating open source alternatives to Docker. Docker is far from a perfect product, with many drawbacks. For example, you must run as root, and stopping the container will delete all information in it (except the contents of the volume). Other disadvantages include: less security and isolation than VM, difficult to manage on a large scale (Kubernetes application), difficult troubleshooting, no Windows support, etc.
In fact, there are many excellent substitutes for Docker software at present, and many of them perform as well as or even better than Docker in terms of technology maturity, stability and resource occupation.
Below, we recommend 12 of the best alternatives to Docker.
OpenVZ
OpenVZ is a popular Linux-based operating system-level server virtualization technology that can create multiple secure and isolated virtual environments within a single physical server to improve server utilization and performance. The virtual server ensures that applications do not collide and can be restarted independently.
OpenVZ also provides a network file system (NFS) that allows access to network disk files from the OpenVZ virtual environment. The tool supports checkpoint and live migration of IA64 processors that other open source operating system virtualization software does not provide, allowing system administrators to move virtual servers between physical servers without end user intervention, without expensive storage systems.
OpenVZ is an open source technology that is the basis for SWsoft’s Virtuozzo virtualization product. It provides standard support for vlans in virtual environments, allowing each network packet to be tagged on different networks. FUSE (file systems in user space) is supported, for example to display an FTP or SSH server as a file system in a virtual environment.
Website: openvz.org/
System support: Linux
Rancher
Rancher is an open source container management technology that provides complete container infrastructure services, including networking, storage services, host management, and load balancing, supporting a variety of infrastructures, making it easy and reliable to deploy and manage applications.
Website: rancher.com
Supported system: Linux
Nanobox
Nanobox is the ideal DevOps platform for developers. Nanobox does all the building, configuration, and management of the infrastructure, so you can focus on code rather than configuration.
With Nanobox, you have the freedom to create a consistent and isolated development environment that can be easily shared with anyone and implemented on any host (AWS, Digital Ocean, Azure, Google, etc.). Developers can run their applications consistently between the local machine and the cloud provider.
You can easily manage production applications using Nanobox dashboards. Nanobox also supports zero downtime deployment and scaling, and monitors application status through a statistics dashboard and history log output.
Website: nanobox. IO /
System support: Based on Web
Podman
PodMan is a virtual container manager available for Linux distributions. It is special in that it does not need to run daemons, but runs directly on runC. PodMan allows us to run containers as users without root privileges, which is extremely important from a security perspective!
With Podman, not only can we examine OCI images without even downloading them, but we can also extract elements from one repository and move them directly to another, without transferring image files through our device. We can examine or use its components without downloading the image. Podman also allows you to run containers with Systemd enabled by default without any modifications.
Podman supports socket activation, so you can use the system to configure sockets and have access to the remote API for communicating with the tool. It has the ability to use UID separation through namespaces, which provides an additional layer of isolation when running containers.
Download link: developers.redhat.com/… dman/
System support: Linux
rkt
RKT is part of the CoreOS release and was developed specifically for container virtualization and processing. Today, it is one of Docker’s biggest competitors. RKT works on Linux platforms such as ArchLinux, Core OS, Fedora, NixOS, etc.
One of the main reasons CoreOS decided to start RKT was security. Prior to version 1.1, Docker needed to run as root, a very serious vulnerability that allowed superuser level attacks. In contrast, RKT allows us to use standard group handling for Linux permissions, allowing the container to run after a user is created without root privileges.
Docker has the advantage of being easy to integrate, while RKT requires more manual installation and configuration. However, it is still a good alternative to Docker because it allows us to use APPC images (App container images) as well as Docker images. In turn, it allows for integration with Kubernetes and AWS Orchestrator.
Download link: github.com/rkt/rkt
System support: Linux
Singularity
Singularity is an operating system virtual for HPC (High performance Computing) because it does not need to run with users with root privileges and is well suited for use in shared Spaces due to its isolation level. The concept of “insecure clients running insecure containers” completely changed the security paradigm.
Another important fact about Singularity is that we can import and use Docker images that we already have. We can even edit the container locally and then mount it to a shared environment, since it does not require root privileges to mount. You can also use basic file transfer protocols such as RSYNC, HTTP, SCP, and so on.
Download link: Sylabs.io/Singularity…
System support: Linux
Kubernetes (K8s)
Kubernetes is an open source system for automatically organizing and managing containerized applications. If you’re designing applications using popular open source Linux containers, Kubernetes is probably one of the most ideal ways to create cloud-native applications for private, public, or hybrid cloud hosting.
Kubernetes automates the deployment, management, and scaling of containerized applications, making it easier, faster, and more efficient to perform the process. Users can now update the core version of Kubernetes they are using in their cluster with a one-click update. Keeping the Kubernetes cluster up to date is fairly easy because it can now be done without redeploying the cluster or application.
Kubernetes is an open source project managed by the Cloud Native Computing Foundation (CNCF) and the Linux Foundation. This ensures that the project is supported by the best practices and ideas of the large open source community, in addition to eliminating the risk of relying on a single provider.
Website: kubernetes. IO /
System support: Based on Web and Linux
Red Hat OpenShift Container Platform
Red Hat OpenShift Container Platform is an open source enterprise Kubernetes Platform for developing, deploying, and managing containerized applications across enterprise, private, and public cloud architectures.
Website: www.openshift.com/prod… Tf…
System support: Linux, Windows
Apache Mesos
Mesos is an open source cluster management tool based on the Linux kernel that runs on any platform (Linux, Windows, or OSX). It also provides applications with apis for resource management and planning. CPU, memory, storage, and other resources can be extracted from dedicated servers or VMS, making elastic systems easy to build, efficient and fault-tolerant.
Mesos uses a two-tier scheduling system in which it determines the number of resources to be assigned to each framework, and the framework determines the resources to be accepted and which tasks to run on those resources. You can scale up to 50,000 nodes, share clusters between frameworks, and optimize over time.
Mesos allows the cluster to run on a framework that distributes the load between different servers to avoid overloads and achieve optimal performance. Mesos is commonly used in Java, Python, Scala, and R applications.
Website: mesos.apache.org/
System support: Linux, OSX, and Windows
FreeBSD
FreeBSD is known for its functionality, speed, security, and stability. It comes from BSD, an adaptation of UNIX deployed at the University of California, Berkeley. It is deployed and followed by a wide community. FreeBSD offers a number of unique features and is particularly known for creating excellent Internet or Intranet servers. FreeBSD can provide powerful network services under high load, efficient memory utilization, and can quickly respond to millions of concurrent processes.
FreeBSD also offers improved network operating system functionality for connectors and complete platforms, from Intel favored high-end connectors to ARM, MIPS, and PowerPC hardware platforms. FreeBSD has more than 23,000 libraries and facade applications that support applications for desktops, assistants, devices, and integrated media.
Website: www.freebsd.org/
System support: Unix and Web-based
Vagrant
Vagrant is a tool for automatically creating and configuring portable and runnable virtual machines. One of Vagrant’s great advantages over DevOps tools like Docker is that it can be quickly mastered and used by any computer scientist/programmer/developer (even someone who uses Windows) because Vagrant can configure and automatically create virtual machines.
Vagrant is installed on the developer’s computer and is oriented toward the development environment, not the production environment. Even Vagrant’s development company does not recommend its use in production environments. Vagrant is cross-platform and supports Mac, Windows, CentOS, and Debian. Vagrant is positioned among developers to install tools that are portable and run development environments.
Vagrant uses the Virtual Box for virtualization by default, but can be used with any virtualization software, and the syntax of the Vagrantfile configuration file is simple.
Website: www.vagrantup.com/
System support: Debian, centOS, Arch Linux, Linux, FreeBSD, macOS and Microsoft Windows
File size: 210 MB (for Windows)
LXC
LXC is an operating system-level virtualization technology that allows users to create and run multiple virtual Linux environments independently.
Unlike Docker, LXC can be viewed as a complete operating system. Docker, on the other hand, can only run a single application and is limited to the OS. Compared to Docker, LXC is a lighter and more secure option because it consumes fewer resources and does not need to run as root.
The price of these advantages is increased complexity, in addition to having to add bad documentation. In general, when we use containers, we want to create our working environment quickly and easily. Therefore, the LXC alternative is more suitable for advanced users.
Website: linuxcontainers.org/
System support: Linux
These are 12 top Docker alternatives that work on multiple operating systems. If you have a better Docker alternative product recommendation, please submit it in the comments section.
※ Some articles from the network, if any infringement, please contact to delete; More articles and materials | click behind the text to the left left left 100 gpython self-study data package Ali cloud K8s practical manual guide] [ali cloud CDN row pit CDN ECS Hadoop large data of actual combat operations guide the conversation practice manual manual Knative cloud native application development guide OSS Operation and maintenance actual combat manual cloud native architecture white paper Zabbix enterprise distributed monitoring system source document 10G large factory interview questions