You don't need Docker to build your images

The Open Container Initiative defines the standards about images and containers and how they are distributed. Most of the people work with images and containers using Docker. In fact, this is one of the companies leading the initiative.

Docker consists of a server (Docker daemon) and a client (Docker CLI), that makes requests against the server, via socket, to perform every single operation (build, run, stop...). That's the reason we need Docker daemon up and running in the host machine.

However, there exist other tools that allow building and running OCI images without any daemon. Red Hat's buildah and podman are examples of daemonless tools for building images and running containers, respectively. They follow OCI standard, so they are fully compatible with Docker. Literally, we can build images from Dockerfile and run them using the exact same syntax as Docker CLI:

$ buildah build -f Dockerfile -t myimage .
$ podman run myimage

So, should we move from Docker to damonless tools to work with images and containers? The answer is, as always, it depends.

In a local environment, it's a personal decision. If your machine can run Docker Daemon well, it's ok. You just use an all-in-one tool. Easy.

However, in your CI/CD build machines, you should consider using daemonless tools. If your CI server just builds images and push them to a registry, it is a waste of time and resources to start Docker daemon to do so. Also, it could drive to a security issue because an attacker could run containers in that machine; Docker is a two-in-one tool.

I hope you enjoyed the post 👋