返回文章列表

现在是 2025 年了,为什么还在使用 Docker?

@admin
标签:
分类: Default
创建: 2025-08-12 14:21 更新: 2025-08-12 14:21 浏览: --次

t’s 2025, Why Are You Still Using Docker?
现在是 2025 年了,为什么还在使用 Docker?
The Latency Gambler
The Latency Gambler
延迟赌徒

Follow跟随
5 min read
5分钟阅读
·
Jul 22, 2025
7月 22, 2025
70

3

Time to face the uncomfortable truth about containerization
是时候面对容器化的令人不安的事实了

Here’s a question that’s been eating at me: why do we keep reaching for Docker when better alternatives have been sitting right in front of us for years?
这是一个一直困扰着我的问题:当更好的替代方案多年来一直摆在我们面前时,为什么我们仍然继续使用 Docker?

I get it. Docker was transformative. It democratized containerization, made deployment predictable, and gave us the “it works on my machine” solution we desperately needed. But clinging to it in 2025 feels like insisting on using Internet Explorer because “it got us online back in the day.”
我明白了。Docker 具有变革性。它使容器化民主化,使部署可预测,并为我们提供了我们迫切需要的“它可以在我的机器上运行”的解决方案。但在 2025 年坚持下去感觉就像坚持使用 Internet Explorer,因为“它让我们过去上网了”。

The wake-up call came during a code review last week. A junior developer asked why we were using Docker for a simple Python API that took 3 minutes to build and produced a 800MB image. The honest answer? “Because that’s how we’ve always done it.” That’s when I realized we might have a problem.
上周的一次代码审查中敲响了警钟。一位初级开发人员问我们为什么使用 Docker 来构建一个简单的 Python API,该 API 需要 3 分钟来构建并生成一个 800MB 的映像。诚实的答案?“因为我们一直都是这样做的。”就在那时,我意识到我们可能遇到了问题。

Docker isn’t inherently bad, but the ecosystem has evolved far beyond what most teams realize.
Docker 本质上并不是坏事,但生态系统的发展远远超出了大多数团队的认识。

Press enter or click to view image in full size
按 Enter 键或单击以查看大图

The Uncomfortable Reality
令人不安的现实
Let’s address the elephant in the room. Docker’s architecture has fundamental issues that were acceptable compromises in 2015 but feel outdated today.
让我们解决房间里的大象。Docker 的架构存在一些基本问题,这些问题在 2015 年是可以接受的妥协,但今天感觉已经过时了。

The daemon dependency is a liability. Every Docker command goes through the Docker daemon , a persistent background process running with elevated…
守护进程依赖是一种负担。每个 Docker 命令都经过 Docker 守护进程,这是一个持久的后台进程,运行的是提升的...

Security was an afterthought. Running containers often requires root access, and the default security model assumes you trust everything in your environment. In an era where supply chain attacks are common, this feels reckless.
安全是事后才想到的。运行容器通常需要 root 访问权限,默认安全模型假设您信任环境中的所有内容。在供应链攻击司空见惯的时代,这让人感觉很鲁莽。

Performance overhead adds up. Docker Desktop consumes significant system resources even when idle. I’ve watched developers close applications just to free up memory for Docker. That’s backwards.
性能开销会增加。Docker Desktop 即使在空闲时也会消耗大量系统资源。我看到开发人员关闭应用程序只是为了释放 Docker 的内存。这是倒退的。

The licensing shift created trust issues. When Docker introduced commercial licensing for Desktop in enterprise environments, teams started questioning their dependency on the platform. Nobody likes vendor lock-in disguised as convenience.
许可转变造成了信任问题。当 Docker 在企业环境中引入桌面商业许可时,团队开始质疑他们对平台的依赖性。没有人喜欢伪装成便利的供应商锁定。

What the Smart Teams Are Actually Using
智能团队实际使用什么
While many of us perfected our Dockerfile optimization techniques, forward-thinking teams quietly migrated to superior alternatives.
虽然我们中的许多人完善了我们的 Dockerfile 优化技术,但具有前瞻性思维的团队悄悄地迁移到更好的替代方案。

Podman has become the obvious choice for local development. It’s Docker-compatible without the daemon baggage. Commands are nearly identical, but execution is faster and more secure. The rootless containers alone make it worth the switch. Most developers can migrate by simply running alias docker=podman and forgetting Docker ever existed.
Podman 已成为当地发展的不二之选。它与 Docker 兼容,没有守护进程包袱。命令几乎相同,但执行更快、更安全。仅无根容器就值得切换。大多数开发人员可以通过简单地运行alias docker=podman 来迁移,而忘记 Docker 曾经存在过。

Containerd powers production environments. Kubernetes deprecated Docker runtime support because containerd is more efficient and purpose-built. It’s lighter, more stable, and integrates natively with container orchestration platforms. If Kubernetes prefers it, maybe we should too.
Containerd 为生产环境提供支持。Kubernetes 弃用了 Docker 运行时支持,因为 containerd 更高效且专门构建。它更轻、更稳定,并与容器编排平台原生集成。如果 Kubernetes 更喜欢它,也许我们也应该这样做。

WebAssembly is redefining what containers should be. WASM modules start in microseconds, have stronger security boundaries, and can run on any platform without compatibility layers. For many use cases, traditional containers feel unnecessarily heavy.
WebAssembly 正在重新定义容器应该是什么。WASM 模块以微秒为单位启动,具有更强的安全边界,并且可以在没有兼容层的情况下在任何平台上运行。对于许多用例来说,传统容器感觉不必要地沉重。

Cloud-native container services eliminated infrastructure headaches. AWS Fargate, Google Cloud Run, and Azure Container Instances handle runtime management while offering better scaling and reliability than self-managed solutions. Unless you have specific requirements, managed services are simply superior.
云原生容器服务消除了基础设施的难题。AWS Fargate、Google Cloud Run 和 Azure 容器实例处理运行时管理,同时提供比自我管理解决方案更好的扩展性和可靠性。除非您有特定要求,否则托管服务更胜一筹。

Distroless images are the new best practice. Why ship a full operating system when your application only needs a handful of libraries? Google’s distroless images reduce attack surface and image size dramatically. A Node.js app can go from 900MB to 150MB without changing a line of code.
无发行版映像是新的最佳实践。当应用程序只需要少数库时,为什么还要提供完整的作系统呢?Google 的无发行版映像显着减少了攻击面和图像大小。一个Node.js应用程序可以从 900MB 扩展到 150MB,而无需更改一行代码。

A Real Migration Story
真实的移民故事
Last year, I worked with a team running 15 microservices in a Docker-based development environment. The pain points were obvious: 20-minute build times, inconsistent environments across developer machines, and Docker Desktop licensing costs that made management nervous.
去年,我与一个在基于 Docker 的开发环境中运行 15 个微服务的团队合作。痛点是显而易见的:20 分钟的构建时间、开发人员机器之间的环境不一致,以及让管理层感到紧张的 Docker 桌面许可成本。

We implemented a gradual migration strategy:
我们实施了逐步迁移策略:

Week 1: Replaced Docker with Podman for local development. The transition was seamless , same commands, better performance, no daemon crashes.
第 1 周:用 Podman 替换 Docker 进行本地开发。过渡是无缝的,相同的命令,更好的性能,没有守护进程崩溃。

Week 2: Migrated CI/CD pipelines to use containerd directly. Build times dropped by 40% because we eliminated the Docker daemon overhead.
第 2 周:迁移 CI/CD 管道以直接使用 containerd。构建时间缩短了 40%,因为我们消除了 Docker 守护进程开销。

Week 3: Introduced distroless base images. Average image size went from 800MB to 200MB, significantly reducing registry costs and deployment times.
第 3 周:引入无发行版基础映像。平均映像大小从 800MB 增加到 200MB,显着降低了注册表成本和部署时间。

Week 4: Moved production workloads to managed container services. No more Kubernetes cluster management, better auto-scaling, reduced operational overhead.
第 4 周:将生产工作负载转移到托管容器服务。不再需要 Kubernetes 集群管理,更好的自动扩展,减少运营开销。

The results were dramatic: developers reported faster feedback loops, operations spent less time on infrastructure issues, and management was happy about reduced costs. The team never looked back.
结果是戏剧性的:开发人员报告说反馈循环更快,运营部门在基础设施问题上花费的时间更少,管理层对成本降低感到满意。球队再也没有回头。

The Path Forward
前进的道路
I’m not suggesting you abandon containers , they’re still incredibly valuable. But the tools we use to build, ship, and run containers need an upgrade.
我并不是建议你放弃容器,它们仍然非常有价值。但是我们用于构建、交付和运行容器的工具需要升级。

Start with local development. Replace Docker Desktop with Podman or Colima. The learning curve is minimal, but the benefits are immediate.
从本地开发开始。将 Docker Desktop 替换为 Podman 或 Colima。学习曲线很短,但好处是立竿见影的。

Optimize your images. Switch to distroless or minimal base images. Your deployment pipeline and security team will thank you.
优化您的图像。切换到无发行版或最小基础映像。您的部署管道和安全团队将感谢您。

Consider managed services. Unless you have specific compliance requirements, let cloud providers handle container runtime management.
考虑托管服务。除非您有特定的合规性要求,否则请让云提供商处理容器运行时管理。

Experiment with WebAssembly. For stateless functions and edge computing, WASM might be exactly what you need.
尝试使用 WebAssembly。对于无状态函数和边缘计算,WASM 可能正是您所需要的。

Evaluate your CI/CD pipeline. If you’re still using Docker in CI, containerd or other alternatives might offer significant performance improvements.
评估您的 CI/CD 管道。如果您仍在 CI 中使用 Docker,containerd 或其他替代方案可能会显着提高性能。

The Hard Truth About Change
关于变革的残酷真相
The biggest barrier to moving beyond Docker isn’t technical , it’s psychological. We’re comfortable with what we know, even when what we know is holding us back.
超越 Docker 的最大障碍不是技术,而是心理上的。我们对我们所知道的感到满意,即使我们所知道的阻碍了我们。

But here’s what I’ve learned: the teams that stay competitive are the ones that regularly question their tools and processes. They’re not afraid to admit when something they invested time learning is no longer the best option.
但我学到了:保持竞争力的团队是那些经常质疑他们的工具和流程的团队。当他们花时间学习的东西不再是最佳选择时,他们并不害怕承认。

Docker served us well, but in 2025, clinging to it feels like using Internet Explorer because “it’s what I learned first.” The web moved on, browsers got better, and users benefited. The same thing is happening with containerization.
Docker 为我们提供了很好的服务,但在 2025 年,坚持下去感觉就像使用 Internet Explorer 一样,因为“这是我首先学到的”。网络不断发展,浏览器变得更好,用户也受益。容器化也发生了同样的事情。

Making the Switch
进行转换
You don’t need to revolutionize everything overnight. Start small:
你不需要在一夜之间彻底改变一切。从小处着手:

Pick one problematic Docker use case and experiment with alternatives. Maybe it’s the slow build process that would benefit from Podman, or the resource-heavy local environment that could be lighter with containerd.
选择一个有问题的 Docker 用例并尝试替代方案。也许是缓慢的构建过程会从 Podman 中受益,或者资源密集型本地环境可能会使用 containerd 更轻。

The goal isn’t to eliminate Docker from every corner of your stack immediately. It’s to make informed decisions about when and where it still makes sense, rather than using it by default.
目标不是立即从堆栈的每个角落消除 Docker。这是为了就何时何地仍然有意义做出明智的决定,而不是默认使用它。

The future of containerization is more diverse, more efficient, and more secure than the Docker-centric world we’ve grown accustomed to. The question isn’t whether you should explore alternatives , it’s whether you can afford not to.
容器化的未来比我们已经习惯的以 Docker 为中心的世界更加多样化、更高效、更安全。问题不在于您是否应该探索替代方案,而是您是否负担得起不这样做。

Your competitors are already making the switch. The only question is: will you lead or follow?
您的竞争对手已经在进行转变。唯一的问题是:你会领导还是跟随?

Have you experimented with Docker alternatives in your projects? What’s been your experience with tools like Podman, containerd, or WebAssembly? Share your thoughts — I’d love to hear about your successes and challenges in the comments.
您是否在项目中尝试过 Docker 替代方案?您使用 Podman、containerd 或 WebAssembly 等工具的经验如何?分享您的想法 — 我很想在评论中听到您的成功和挑战。