Why You Might Want to Say Goodbye to Docker: A Look at Modern Container Tools

Why Stop Using Docker?

Four years ago Docker dominated the container world, but today it is just one of many OCI‑compliant engines. While Docker can build, run, pull, push, and inspect images, each task has specialized tools that often perform better, so it’s worth exploring alternatives.

Container Engines

A container engine provides a user interface for handling images and containers, fetching images from remote registries, unpacking them, and creating container manifests that are later run by a runtime such as runc or crun.

Podman

Podman, developed by Red Hat, runs without a daemon and does not require root privileges. It can manage Pods (the smallest Kubernetes compute unit), making migration to Kubernetes easier.

~ $ podman pod create --name mypod
~ $ podman pod list
POD ID   NAME   STATUS   CREATED   # OF CONTAINERS   INFRA ID
211eaecd307b mypod Running 2 minutes ago 1 a901868616a5
~ $ podman run -d --pod mypod nginx   # First container
~ $ podman run -d --pod mypod nginx   # Second container
~ $ podman ps -a --pod
CONTAINER ID   IMAGE   COMMAND   CREATED   STATUS   PORTS   NAMES   POD   POD NAME
3b27d9eaa35c   docker.io/library/nginx:latest   nginx -g daemon ...   2 seconds ago   Up 1 second ago   brave_ritchie
211eaecd307b mypodd638ac011412   docker.io/library/nginx:latest   nginx -g daemon ...   5 minutes ago   Up 5 minutes ago   cool_albattani
211eaecd307b mypoda901868616a5   k8s.gcr.io/pause:3.2   6 minutes ago   Up 5 minutes ago   211eaecd307b-infra   mypod

Podman’s CLI mirrors Docker’s, so you can alias docker=podman and continue using familiar commands.

Other Engines

LXD – a manager for LXC system containers, suitable for VM‑like workloads but less common for local development.

CRI‑O – a Kubernetes‑focused container runtime, not intended for general‑purpose use.

rkt – a now‑deprecated engine from CoreOS.

Image Building

Beyond engines, many tools can build container images.

Buildah

Buildah, also from Red Hat, works daemon‑less and complies with OCI. It can build from a Dockerfile/Containerfile and offers fine‑grained layer control.

~ $ buildah bud -f Dockerfile .
~ $ buildah from alpine:latest   # equivalent to FROM alpine:latest
Getting image source signatures
Copying blob df20fa9351a1 done
Copying config a24bb40132 done
Writing manifest to image destination
Storing signatures
alpine-working-container
~ $ buildah run alpine-working-container -- apk add --update --no-cache python3
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
~ $ buildah commit alpine-working-container my-final-image
Writing manifest to image destination
Storing signatures
~ $ buildah images
REPOSITORY   TAG    IMAGE ID        CREATED          SIZE
localhost/my-final-image   latest   1ff90ec2e26e   22 seconds ago   51.4 MB

Buildah can be invoked via podman build, which is essentially a wrapper.

Kaniko

Kaniko, a Google project, builds images from Dockerfiles inside a container without requiring a daemon. It shines in Kubernetes CI/CD pipelines but is less convenient for local builds.

BuildKit

BuildKit, part of the Moby project, is enabled with DOCKER_BUILDKIT=1 docker build. It offers parallel builds, cache improvements, and rootless operation, though it still relies on a daemon.

Other Build Tools

Source‑To‑Image (S2I) – builds images directly from source code without a Dockerfile, useful for simple OpenShift workflows.

Jib – Google’s Java‑focused image builder with Maven/Gradle plugins, no Dockerfile needed.

Bazel – a full build system that can also produce container images via rules_docker.

Container Runtimes

Runtimes execute containers. The default runc implements the OCI runtime spec and is used by Docker, Podman, and CRI‑O. crun is a faster, C‑based alternative from Red Hat. CRI‑O is a runtime for Kubernetes nodes, not a general‑purpose engine. containerd is a CNCF project that provides a daemon and API for runtimes, serving as Docker’s default runtime and used by many Kubernetes services.

Image Inspection & Distribution

Skopeo, another Red Hat tool, can inspect images and copy them between remote registries without pulling locally. Dive offers an interactive way to explore image layers, size, and efficiency, useful for CI pipelines.

Conclusion

The goal is not to force you to abandon Docker entirely but to show the full landscape of container engines, image builders, runtimes, and inspection tools. Each has strengths and trade‑offs; evaluating which combination fits your workflow is the key takeaway.