modlogix.com
What Has Changed In The...
Excerpt
### Security Issues The first issue in Docker is the connection between services when it comes to routing, security, or detection. There is limited security in the Docker architecture itself. A user with access to the Docker daemon has root advantage over the host system. ### Orchestration issues Docker can’t manage the container launch order. Though it has an orchestration tool called Docker Swarm, its functionality is limited compared to powerful orchestrators like Kubernetes. Besides, Docker Swarm works only with Docker containers. ### Isolation issues Docker does not provide 100% isolation of resources between containers. And, there could be a mess in the images repository as all the users have the power to change something. ### Reliability Issues The Docker daemon service is responsible for all the work with registries, images, containers, and the kernel. But, a single service means an increased risk of failure. When a daemon process fails, all the running containers are left on their own. ### Firewall Issues Docker interferes with the system firewall by adding its own firewall rules to the system. There is no reliable way to manage network access to the container through the firewall. Additionally, there is an issue when combining Docker with other services that try to manage the firewall, for example, with a VPN client-server. ### Docker Hub Issues Docker Hub registry contains both official and non-official images. Most of the non-official images are poorly built and have vulnerabilities. The authors of such images usually don’t provide any quality guarantees or support either.
Source URL
https://modlogix.com/blog/docker-desktop-alternatives-changes-in-licensing-and-new-pricing-policy/Related Pain Points
Single point of failure in Docker daemon service
8The Docker daemon is a single service responsible for all container, image, registry, and kernel operations. When it fails, all running containers are left without management, creating a critical reliability issue.
Docker Desktop networking conflicts on Windows and macOS
7Docker Desktop's networking implementation interferes with other host applications like OpenVPN and Xbox Game Center on Windows and macOS. The volume and file permissions model on Windows is problematic, and Windows updates frequently conflict with Docker Desktop, causing runtime failures.
Docker socket access and privilege escalation risks
7Docker runs as root by default and requires Unix domain socket access for communication. This creates privilege escalation risks and security considerations that developers must understand but are not well-documented.
Poor quality and unsupported images in Docker Hub registry
6Docker Hub contains many non-official images that are poorly built, contain vulnerabilities, and lack quality guarantees or vendor support. This makes it difficult for developers to find and trust reliable base images.
Docker lacks container launch order management
6Docker cannot automatically manage or enforce the order in which containers launch. While Docker Swarm exists as an orchestration tool, its functionality is limited compared to Kubernetes and only works with Docker containers.
Incomplete resource isolation between Docker containers
6Docker does not provide complete isolation of resources between containers, allowing potential resource interference and conflicts. Additionally, all users with access to the image repository can modify images, creating potential chaos and security issues.