
Goodbye Docker: Purging Is Such Sweet Sorrow - leandot
https://zwischenzugs.com/2019/07/27/goodbye-docker-purging-is-such-sweet-sorrow/
======
jasonpeacock
> was likely due to a script that had got out of hand starting up too many
> containers.

So there wasn't any actual problem with Docker, it was the OP's own problem
that they "solved" by switching container platforms instead of just fixing
their own buggy script?

~~~
meddlepal
I facepalmed when I read that...

This is an all too common problem in development and it's made me very
skeptical of coworkers at times who use it "X technology doesn't work or X is
garbage" as a justification to switch technologies or spend time prototyping
several alternatives.

I'm not gonna say Docker is a perfect tool by any stretch either.

~~~
justadudeama
Very true.

I know a lot of people in school who have to use a generally well regarded
technology, but hate it because they had to use it in a class. For example,
they might see someone on github and go “oh is that github? I hate using git”
when in reality they had to use it in a group project with 4 other people who
have never used it, and had no understanding of branches, merging, etc.

I have seen the same thing with LaTeX, Python, and Vim.

~~~
fromthestart
>git...LaTeX, Python, and Vim

To be fair, LaTeX, git, and Vim, beyond shallow use, have fairly steep
learning curves and can initially seem like a huge inconvenient mess before
one learns, through trial and error, enough of the basics to really unlock
enough utility to justify their use.

In a perfect world we'd all first sit down with manuals/tutorials, absorb
everything from the getgo, and hack away with bliss; but most people, myself
included, do not have enough intrinsic interest to muster the will to sit
through documentation while paying enough attention to absorb a bunch of
seemingly irrelevant details about some involved tech tool, when we have one
simple goal to accomplish _now_ , so instead we piece everything together with
a combination of Google searches and keyboard mashing until things work and
then optimize on top of that later.

In my experience this can be one of the factors that define a so called 10x
dev - the willingness and _ability_ to plod through docs with a genuine
interest before using a powerful tool. I imagine such crowd is overrepresented
on HN but quite rare in the general population.

~~~
user5994461
Really hard to use tools and half obsolete by some metrics.

Vi predates keyboards with arrow keys and numpad. You can do most of what vim
can do in any editor if you can use your keyboard effectively. Then there is
the question of VI vs VIM. Some schools force students to use VI, which is
really a different and antiquated beast.

LaTeX lost a lot of relevance since Office 2010, that added a great equations
editor and better handling of sections/subsections.

~~~
tasuki
You totally can't do "most of what vim can do in any editor if you can use
your keyboard effectively". For example: fXctX - find next X on current line,
change to next X. You can, fortunately, get a pretty decent vim emulation in
various IDEs.

TeX still renders equations better than Office does. Also it's programmable.

------
breatheoften
I’ve managed to resist the hype and still not ever used docker for anything
...

I still really struggle to understand what the practical benefits to this kind
of containerization actually are ...

It seems like people reach for it because they want to have some kind of
“compile target” into which they can stick “all the things” their application
needs to run — which is supposed to then help them “deploy” into their
development environment or onto their production infrastructure in a way that
serves the goal that the applications within the image should behave the “same
way” in either location ... but does anything about this kind of container
abstraction actually help with doing this? Don’t you still inevitably end up
having to manage assumptions about the differences between these environments
in order to make this work in practice (oh if you are in development
environment make sure you don’t actually submit payment to stripe, if you are
deploying to this cloud provider make sure you get secrets from <here> instead
of <here> ...) ...?

Do you actually get any good abstractions out of the container which empower
better solutions to deployment challenges? “I don’t have to think about which
hosts the (random) http client used in my application is configured to talk to
because I can just magically retarget it at the container level by
manipulating networking configuration” — is that a thing — does it actually
work? To my understanding the extent to which you _can_ do that requires you
to write your application a certain way with a crazy service discovery layer
like istio — and you’ve got to make sure you build your application completely
to use service discovery fabric ... but if you built your application to use a
service discovery fabric do you gain anything extra by also using docker at
that point ...?

And what about the impact to developer ergonomics? Is it easy and smooth to
use debuggers to quickly edit code running in an image ...? Do people
regularly run production docker images locally to debug production application
issues ...? Are there solutions that allow one to say, attach to a remote qa
testers chrome instance and then automatically attach debugger to the set of
production containers handling the requests associated with that browser ...?

Those are the kind of features I want ... I’m not sure exactly if the
containerization abstraction model would really help me get there or just
create another set of configuration knobs that _also_ have to be correctly
aligned for me to get the right environment specific behaviors out of my
application ...

~~~
e40
> _I still really struggle to understand what the practical benefits to this
> kind of containerization actually are ..._

Here's why I started using it years ago. I had a CentOS 6 machine that I
wanted to run Plex, Subsonic and Transmission on, but I couldn't, because they
had different (EDIT: and conflicting) requirements for various packages. I
might have been able to hack it, but it was looking really tricky.

Enter Docker. I have all three running in separate Docker containers. And it
just works. I've never hand a single problem. I made a yum exception for the
Docker packages I use, so I can control when they are updated, which is about
once a year.

The alternative was to build a new box that met all the requirements, but that
seemed like a big waste of resources (electricity and my money).

~~~
chrisan
If you didn't have that requirement of conflicting packages, would you still
have used docker?

Isn't once a year update a large security risk?

~~~
e40
I probably wouldn't have, had there been no package conflicts.

As for security risk on the yearly update: all the services are only locally
accessible. None are exposed to anyone but me. I do apply CentOS updates
daily, though.

My only risk in an attacker on my LAN, and I think I have that locked down
well.

------
sunseb
HDD : Hype Driven Development.

"Yeah, we should just give up on Docker and rebuild all the container
ecosystem using IBM technology."

~~~
KaiserPro
Well, if it was cheaper, I'd run my "containers" on a z series cluster.

Automatic failover during hardware failure, no need to program anything
special. HA without the need for having to do any work.

------
ci5er
I still don't "get" docker. I've deployed systems with it, and it works fine
(maybe except for postgres containment, there still seems to be some "bare
metal assumptions" that postgres may use that docker may invalidate), but why
not use Ansible/Vagrant to build images? It appears (to me) to be the same
thing, but with new mental overhead and/or cult involved.

Lots of ways to make sure that images get built and tested and deployed by
scripts that keep a lot of config and directory in stand-alone (twinned)
services. Why there is a "docker" cult (which may be the wrong word - it may
be very very valid) escapes me.

------
unixhero
I just started using Docker again in production. And it's pure garbage when
you hit a corner case, but works well when you don't.

I'd like to stop using it as well.

~~~
pknopf
Example?

~~~
unixhero
The reason why lazy docker exists: "Something's not working? Maybe a service
is down. docker-compose ps. Yep, it's that microservice that's still buggy. No
issue, I'll just restart it: docker-compose restart. Okay now let's try again.
Oh wait the issue is still there. Hmm. docker-compose ps. Right so the service
must have just stopped immediately after starting. I probably would have known
that if I was reading the log stream, but there is a lot of clutter in there
from other services. I could get the logs for just that one service with
docker compose logs --follow myservice but that dies everytime the service
dies so I'd need to run that command every time I restart the service. I could
alternatively run docker-compose up myservice and in that terminal window if
the service is down I could just up it again, but now I've got one service
hogging a terminal window even after I no longer care about its logs. I guess
when I want to reclaim the terminal realestate I can do ctrl+P,Q, but... wait,
that's not working for some reason. Should I use ctrl+C instead? I can't
remember if that closes the foreground process or kills the actual service.

What a headache!"

And war stories like these are similar to what I have experienced:
[https://thehftguy.com/2016/11/01/docker-in-production-an-
his...](https://thehftguy.com/2016/11/01/docker-in-production-an-history-of-
failure/)

~~~
unixhero
Another example - Stuff like this:
[https://stackoverflow.com/questions/19688314/how-do-you-
atta...](https://stackoverflow.com/questions/19688314/how-do-you-attach-and-
detach-from-dockers-process)

I just hit this one today.

------
kevinmgranger
> podman pull downloads get all layers in parallel, in contrast to Docker’s.

Hmm? I could have sworn docker pulled multiple layers at once the last time I
used it.

~~~
MrMorden
Docker pulls three layers at a time, not all of them.

~~~
WJW
Only because that's the default setting. You can pass in `--max-concurrent-
downloads` with any number you want.

------
aftbit
We use docker to spin up and down tens of thousands of short lived (~10
minutes) containers per day. Docker 17.05.0-ce on Ubuntu 16.04 tolerates this
fine, but Docker 18.06.0-ce hangs after only a few hours. I've not bothered
troubleshooting in detail yet; I've just pegged the docker version and moved
on with my life. Still, I've lost a lot of trust in docker.

~~~
pknopf
Interesting. Where exactly does it hang? When you create the container, or
when you run it?

------
broth
> I’d never really got to the bottom of it

Perhaps it might have been worth the extra time to get to the bottom of it
instead of switching and, in the end, not noticing any big differences?

Also, I noticed there was an ad at the end of the post for the book _Docker in
Practice_. Ironic placement.

~~~
emmanueloga_
Wait, isn't the author of the blog post the author of the book?

~~~
lioeters
Yes, wow! The blog post is by Ian Miell, one of the authors of Docker in
Practice.

~~~
broth
I glanced over at the Docker in Practice book on my nightstand and there is
his name. Surreal.

------
nullwasamistake
Docker is the Myspace of container engines. It's stupidly unreliable, at least
on MacOs. I've resorted to running system prune every week or so to keep it
from getting totally out of control.

Reminds me of NPM and rm-rfing node_modules on every build. I can't wait till
something comes along to replace it.

~~~
jasonvorhe
I've been using latest Docker, sometimes with the bundled Kubernetes on macOS
for years without such issues.

Of course it's still just a Linux VM.

~~~
nullwasamistake
It may be related to how many containers I run. Usually at least ten,
sometimes 30. Usually the problem isn't daemon itself, but all the garbage
integration attached to it

------
bastardoperator
Have you tried kaniko for docker builds? I'm using it to do docker builds on
Kubernetes in my CI pipeline.

[https://github.com/GoogleContainerTools/kaniko](https://github.com/GoogleContainerTools/kaniko)

~~~
techntoke
Works great with Skaffold

------
kingwill101
I personally like keeping my root partition to a minimal and ever since docker
came into the picture I keep running into spacing issues. So the allure for me
to switch isn't technical but for peace of mind storing images in userspace

~~~
acdha
Why not simply change the storage path by setting the data root in your
configuration?

[https://docs.docker.com/engine/reference/commandline/dockerd...](https://docs.docker.com/engine/reference/commandline/dockerd/)

------
ohiovr
It is possible to limit a containers resources, cpu, memory, network

[https://docs.docker.com/config/containers/resource_constrain...](https://docs.docker.com/config/containers/resource_constraints/)

Docker can really grind if it starts hitting swap. I have not added resource
constraints but I've been planning on doing it.

------
hpen
So did he even fix the original issue?

------
mharroun
I just wish docker wasnt slow as shit on mac's (then again I guess relative to
vagrant it's not that bad)

~~~
techntoke
Because they have to use a hypervisor to get the benefits of the Linux kernel.
If you want to speed things up and get native benefits then try switching to
Linux or convince Apple to add native containers.

~~~
llampx
Is Docker faster on Windows/WSL than Macs?

~~~
techntoke
Not that I know of but it is definitely much faster on Linux.

------
fortran77
He replaced Docker with something that's basically the same thing?! I don't
get it.

~~~
Yeroc
The article did a pretty good job of explaining the differences. Did you just
skim it quickly? Mainly, no need for a daemon or running as root.

------
thebsdbox
tl;dr

My script/code doesn’t work efficiently, I changed to a similar runtime and in
summary noticed no real difference.

------
based2
[https://lobste.rs/s/q3ryag/goodbye_docker_purging_is_such_sw...](https://lobste.rs/s/q3ryag/goodbye_docker_purging_is_such_sweet)

~~~
aerique
The first rule of lobste.rs is...

