Docker is no longer the dominant container platform, as podman and containerd have gained popularity as open-source alternatives. Containers are now widely used for application deployment and development environments. New tools like Flatpak, Snap, and Toolbox aim to improve the user experience of running applications in containers by making them feel more integrated with the desktop. Immutable operating systems like Fedora Silverblue use containers and flatpaks extensively to improve stability and security.

1. Docker is
Dead
Long live Containers
PRESENTED BY:
Chris Tankersley
Senior Developer Advocate
@dragonmantank

2. Docker

4. Image: https://devopedia.org/docker

5. VONAGE CONFIDENTIAL
Open Container
Initiative
https://opencontainers.org/

6. What's a Container?

7. VONAGE CONFIDENTIAL
"The Container
is a Lie!"
Larry Garfield
https://presentations.garfieldtech.com/slides-containers-lie/jak
artatechtalks2021/#/

8. VONAGE CONFIDENTIAL
Set of systems and configurations
to restrict what a process (or set of
processes) can see

9. VONAGE CONFIDENTIAL
What can we
isolate?
● Single Process Isolation
● System Level Isolation

10. VONAGE CONFIDENTIAL
It's not just
Docker
● BSD Jails
● chroot
● Solaris Zones
● OpenVZ
● Docker
● Kubernetes
● LXC
● podman

11. VONAGE CONFIDENTIAL
Why did Docker
"win"?
And why is it now "losing"?

13. podman
"We have Docker at home"

14. VONAGE CONFIDENTIAL
What is
podman?
● Container engine maintained by Red
Hat
● Designed as a replacement for the
Docker daemon and command
library
● Additional tools to handle Compose

15. VONAGE CONFIDENTIAL
Installation

16. VONAGE CONFIDENTIAL
Installation

17. VONAGE CONFIDENTIAL
Installation

18. VONAGE CONFIDENTIAL
Familiar Interface

19. VONAGE CONFIDENTIAL
Additional Image Repositories

20. VONAGE CONFIDENTIAL
Almost like Docker Compose

21. VONAGE CONFIDENTIAL
Almost like Docker Compose

22. VONAGE CONFIDENTIAL
Almost like Docker Compose

23. VONAGE CONFIDENTIAL
Almost like Docker Compose
Coupon Code: 23GMRPQH

24. VONAGE CONFIDENTIAL
Why use
podman?
● No centralized daemon
● Designed for "rootless" usage
● Lots of Docker compatibility
● Additional image repositories
● Red Hat has a better history of
Open Source

25. AppImage
Flatpak
Snap
"Eww, my container is all GUI"

26. VONAGE CONFIDENTIAL
Apps have
problems too
● Solve the dependency
problem for developers
● Increase security for apps
● Make app distribution easier

27. VONAGE CONFIDENTIAL
Flatpak
● Created by Canonical
● Allows proprietary
packages
● Gated by a proprietary
store controlled by
Canonical
● Allows CLI apps
● Seem to be less
performant than Flatpak
or AppImage
AppImage Snap
● Developed by Simon
Peter
● Distribution independent
● Re-create the "exe" or
macOS "app" experience
● Uses a single repository
● Fully self-contained
● Slow updates
● Managed by Red Hat
● Designed as a
"Sandbox-First" solution
for security
● Allows for multiple
repositories
● Designed for GUI apps
● Larger distribution sizes

30. VONAGE CONFIDENTIAL
Though it's still
a bit rough
● Locked to the libraries that come in
the image/container
● Some, like VSCode, take some
additional setup compared to
"install and work"
● Inconsistent ways to handle the
same issue in different container
formats

31. LXC
"It's OK to install sshd in this"

32. VONAGE CONFIDENTIAL
When you want
to run multiple
processes
● Part of a suite of tools
from linuxcontainers.org
● Container that allows
multiple processes to
run inside
● Looks and acts more like
a Virtual Machine, but
without the overhead

33. VONAGE CONFIDENTIAL
Install

34. VONAGE CONFIDENTIAL
Set up LXD

35. VONAGE CONFIDENTIAL
Create and enter the container

36. VONAGE CONFIDENTIAL
Why this over
single-process
containers?
● Lightweight
development
environments
● Large application
deployments that
conflict with the host
● "Lightweight"
virtualization (Proxmox)

37. toolbox
"What if SCL actually worked?"

38. VONAGE CONFIDENTIAL
Huh?
https://github.com/containers/toolbox
● CLI tools for making
development environments
● Tight integration with the
host OS
● Technically distro-agnostic
● Uses podman and OCI
standards

39. VONAGE CONFIDENTIAL
Why?
● SCL (Software Collection
Libraries) sucks to work
with
● Development environments
are usually systems, not
just processes
● Developers need more than
one environment

40. VONAGE CONFIDENTIAL
Create a toolbox

41. VONAGE CONFIDENTIAL
Enter the toolbox

42. VONAGE CONFIDENTIAL
It's just a container!

43. VONAGE CONFIDENTIAL
Though it's still
a bit rough
● Locked to the libraries that come in
the image/container
● Some, like VSCode, take some
additional setup compared to
"install and work"
● Living inside of a container can be
both restrictive as well as freeing

44. Fedora Silverblue

45. [Insert slide about Flatpaks and toolbox]

46. VONAGE CONFIDENTIAL
Mission
Statement
https://silverblue.fedoraproject.org/about
"However, unlike other operating
systems, Silverblue is immutable. This
means that every installation is identical
to every other installation of the same
version. [...]
Silverblue's immutable design is intended
to make it more stable, less prone to
bugs, and easier to test and develop.
Finally, Silverblue's immutable design
also makes it an excellent platform for
containerized applications as well as
container-based software development."

47. VONAGE CONFIDENTIAL
In the real
world
● The base OS Partitions (except your
home folders) are read-only
● Prefer flatpaks (or AppImage) to
RPMs
● Work is handled inside containers
via toolbox or flatpaks
● OS Updates are handled via image
updates

48. VONAGE CONFIDENTIAL
Containers
are the
future

49. VONAGE CONFIDENTIAL
Thank you!
Any Questions?

50. VONAGE CONFIDENTIAL 50
Chris Tankersley
Senior Developer Advocate at
Vonage
@dragonmantank
@dragonmantank@php.social
chris.tankersley@vonage.com

51. VONAGE CONFIDENTIAL 51
Chris Tankersley
Senior Developer Advocate at
Vonage
@dragonmantank
@dragonmantank@php.social
chris.tankersley@vonage.com

52. VONAGE CONFIDENTIAL 52
Chris Tankersley
Senior Developer Advocate at
Vonage
@dragonmantank
@dragonmantank@php.social
chris.tankersley@vonage.com