Obviously, we know the answer. This blog is intended to allow me to have an easy place to point people when they ask me “so what’s wrong with Docker”?
[To clarify, I use Docker myself, and it is pretty neat. All the more reason missing features annoy me.]
Docker itself:
- User namespaces — slated to land in February 2016, so pretty close.
- Temporary adds/squashing — currently “closed” and suggests people use work-arounds.
- Dockerfile syntax is limited — this is related to the issue above, but there are a lot of missing features in Dockerfile (for example, a simple form of “reuse” other than chaining). No clear idea when it will be possible to actually implement the build in terms of an API, because there is no link to an issue or PR.
Tooling:
- Image size — Minimal versions of Debian, Ubuntu or CentOS are all unreasonably big. Alpine does a lot better. People really should move to Alpine. I am disappointed there is no competition on being a “minimal container-oriented distribution”.
- Build determinism — Currently, almost all Dockerfiles in the wild call out to the network to grab some files while building. This is really bad — it assumes networking, depends on servers being up and assumes files on servers never change. The alternative seems to be checking big files into one’s own repo.
- The first thing to do would be to have an easy way to disable networking while the container is being built.
- The next thing would be a “download and compare hash” operation in a build-prep step, so that all dependencies can be downloaded and verified, while the hashes would be checked into the source.
- Sadly, Alpine linux specifically makes it non-trivial to “just download the package” from outside of Alpine.
Moshe'z 