Docker: The Cause of, and solution to, many problems

The thing which blew my mind about Docker in the first place was actually Docker Hub itself. I mean, there are a lot of projects out there which are in the 1-10GB range. And a lot of these push new tags on a regular basis. Some nightly.

And all of this was free.

That is INSANE. Just insane. And they did this for years. For thousands of projects. Even with incredibly cheap storage, someone had to know that this was unsustainable. And, in fact, some people I suspect did. Such as the people behind Docker. And companies like GitHub and Microsoft (yes they are the same now) and Google and Linux.IO. And then lastly, the teams behind solutions like Quay, Portus and Harbor. 

I think this particular group (and others like them) knew and predicted this for some simple reasons. Firstly, Docker Hub is just a fancy web site wrapped around Registry. And Registry is a tool which anyone is allowed to pull, run and use. And it is completely free. 

I actually suspect Mirantis and whoever else is concerned with Docker were shocked at the relative lack of adoption of Registry. I mean, sure, Docker Hub is a great place to put your images if you want everyone to be able to see them. And they made you pay if you wanted a lot of private repositories. But, it almost always made more sense for any large organization to simply host their own. 

I worked at companies where the only intended end user of the product was the company itself. And I know that they aren't alone in that category. If you have any knowledge of security you could probably guess that it is a bad idea to put something secret out in public when you don't need to do that. Someone can pull your image and run vulnerability scans, or inspect the contents of the container. And if you made a mistake you could have leaked credentials. Or perhaps they will simply reverse engineer your solution. In short; dumb move. 

And, when I look at the Docker CLI and how it can easily interact with multiple registries I suspect that the original idea would have been to push nightly and other non-release builds to private registries and only use Docker Hub for final versions. Perhaps paying for a subscription if you needed the repo to be private. I don't think it turned out quite that way. 

Then, you have that second group. They all started their own public repositories. Mostly because they had their own reasons. And in many cases their own plans on how to monetize it. But, I think all of them also based that decision partly on how they felt about the long term viability of Docker Hub in it's original form.

And the last group represents those who are better known, not for hosting public repos, but for making it easier to host and manage your own registry. This group clearly saw the deficiencies in Docker Hub's model while also seeing the inherent value in Registry itself.

At the end of the day, Docker's changes to image hosting is likely a bigger change than their licensing around Docker Desktop for Windows. However despite the bigger impact, people should have seen it coming and been planning a contingency.

Circling back to the title of the video though... the solution to your Docker problems is quite likely; Docker. Again, Registry is free. And there are a bunch of free solutions out there to make it even simpler. And those simply solutions can run inside of Docker. And, if their images get pulled from Docker Hub, you can bet they'll move them ghcr or mcr or gcr domains. Or perhaps they too will simply host their own freakin' registry. I run my own. It is pretty great. And I'm planning on looking into something like Harbor so that I can have a UI to help me manage the users and images a bit better.

I mean, Docker itself is not exactly revolutionary, or even unique. There are other container runtimes like Podman for example. What made Docker explosively popular was the mix of Docker Hub and the relative ease of their build tooling and Docker-Compose. And I suspect that Docker Hub itself was the main reason. But, it doesn't seem like a lot of people were looking at it and actually thinking "Hey, this sounds too good to be true". Though, to be fair, many of the people who are shocked at the moment probably have no idea that there are other container runtimes exist.

Regardless, in same way that I feel that Cloud Native is dying and Edge solutions will be the next wave, I still think that Docker is relevant (thanks to the foresight of Registry), and that you'll start seeing more organizations taking back control and ownership of their images and only publishing publicly to places like Docker Hub when and where it makes sense. 

Ultimately, this shift should help Docker itself remain viable longer term. Which, I think would be a good thing in general.