Beyond Docker: Exploring Modern Container Engines and Build Tools

Docker was once the dominant container platform, but newer tools have emerged that can replace it for building, running, and managing containers.

Why stop using Docker?

If you have been using Docker for a long time, convincing you to try other tools may require extra effort. Docker is an all‑in‑one solution that often tries to do everything, which can lead to suboptimal results. Specialized tools that focus on a single task usually perform better.

All the tools discussed follow the OCI (Open Container Initiative) specifications, so you can switch CLI, API, or concepts without breaking compatibility. You can continue using the same Docker commands while choosing a tool that fits your needs.

Container Engines

When comparing Docker with alternatives, we first look at the container engine. An engine provides a user interface for handling images and containers, extracting images from remote registries, and creating container manifests that are handed to a runtime such as runc or crun.

The main competitor to Docker is Red Hat’s Podman . Unlike Docker, Podman does not require a daemon and can run without root privileges. It also supports pods, the smallest compute unit in Kubernetes.

Example of creating a pod with two containers:

~ $ podman pod create --name mypod
~ $ podman pod list
POD ID        NAME   STATUS   CREATED          # OF CONTAINERS   INFRA ID
211eaecd307b  mypod  Running  2 minutes ago    1                a901868616a5

~ $ podman run -d --pod mypod nginx   # First container
~ $ podman run -d --pod mypod nginx   # Second container
~ $ podman ps -a --pod

CONTAINER ID  IMAGE                         COMMAND               CREATED          STATUS               PORTS  NAMES          POD           POD NAME
3b27d9eaa35c  docker.io/library/nginx:latest  nginx -g daemon ...   2 seconds ago    Up 1 second ago               brave_ritchie  211eaecd307b  mypod
d638ac011412  docker.io/library/nginx:latest  nginx -g daemon ...   5 minutes ago    Up 5 minutes ago               cool_albattani 211eaecd307b  mypod
a901868616a5  k8s.gcr.io/pause:3.2          <none>                6 minutes ago    Up 5 minutes ago               211eaecd307b-infra 211eaecd307b mypod

Because Podman’s CLI mirrors Docker’s, you can simply alias Docker to Podman: alias docker=podman Other engines such as LXD, CRI‑O, and the now‑defunct rkt exist, but they are either niche or not suited for local development.

Building Images

While Podman is the primary Docker replacement for building images, several other tools are available.

Buildah (also from Red Hat) works closely with Podman. It builds OCI‑compatible images without a daemon and can use Dockerfiles or Containerfiles.

Example:

~ $ buildah bud -f Dockerfile .

~ $ buildah from alpine:latest   # Equivalent to "FROM alpine:latest"
Getting image source signatures
Copying blob df20fa9351a1 done
Copying config a24bb40132 done
Writing manifest to image destination
Storing signatures
alpine-working-container # Name of the temporary container

~ $ buildah run alpine-working-container -- apk add --update --no-cache python3
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
...

~ $ buildah commit alpine-working-container my-final-image
Getting image source signatures
Copying blob 50644c29ef5a skipped: already exists
Copying blob 362b9ae56246 done
Copying config 1ff90ec2e2 done
Writing manifest to image destination
Storing signatures
1ff90ec2e26e0a6b45b2c62901956d0eda138fa6093d8cbb29a88f6b95124c

~ # buildah images
REPOSITORY          TAG     IMAGE ID                              CREATED          SIZE
localhost/my-final-image latest 1ff90ec2e26e                         22 seconds ago   51.4 MB

Kaniko (Google) also builds images from Dockerfiles without a daemon, but it runs as a container inside Kubernetes, making it less convenient for local builds.

BuildKit (part of Moby) enables advanced Docker builds with parallelism, cache, and root‑less operation, but still requires the Docker daemon.

Other niche tools include S2I (source‑to‑image), Jib (Java images), and Bazel (general build system).

Container Runtimes

Runtimes execute containers. runc is the default OCI runtime used by Docker, Podman, and CRI‑O. crun (also from Red Hat) is a faster, more memory‑efficient C implementation, slated to become the default in newer RHEL releases.

CRI‑O is not an engine but a runtime designed exclusively for Kubernetes; it delegates actual execution to runc.

containerd is a CNCF project that provides a daemon and API for managing containers and images; it underpins Docker’s default runtime and is widely used in Kubernetes clusters.

Image Inspection and Distribution

The only tool that fully replaces docker inspect and adds cross‑registry copy capabilities is Skopeo . Developed by Red Hat, it can inspect images and copy them between remote registries without pulling them locally.

Dive is a user‑friendly tool for exploring and analyzing image layers, useful for CI pipelines to assess image efficiency.

Conclusion

The goal of this article is not to force you to abandon Docker, but to show the full landscape of tools for building, running, managing, and distributing container images. Each tool—including Docker—has its own strengths and trade‑offs, and the best choice depends on your workflow and requirements.