 Today, I'm presenting my talk, Your Practical Guide to Docker Contacts. As she said, I'm Carl, I'm an ops engineer producer next, and I help with the admin maintenance and development on the Skiver platform, which is our Drupal hosting platform. And today I'll be discussing Docker's ecosystem, some problems around the licenses which changed a few years ago, as we all know, and the implications behind that, and some things that came out of it. And we'll be discussing some Docker desktop alternatives. Why I discuss this, I think it's important to note that such behavior as changing a license after you become dependent on it, can be, it's not good. And as a result, we've got alternatives to bits of the puzzle that make up Docker, and being able to replace those with things that we need to, essentially. It builds stability and resilience of Docker, and Docker concepts long term. So this talk would be for people that have existing frustrations with Docker, or people who want to learn a bit more about how Docker works. We'll be talking about the API feedback loop, how our request is made and authenticated, and how we can use that, well, some of those constructs to replace the virtual machine behind Docker desktop if you wanted to. So questions I'd like everyone to answer, or be able to answer. What I'd be paying for Docker, first and foremost, licenses can be difficult. This is just to raise awareness of the details. What alternatives are there? I'll be discussing three alternatives today, and I'll go into some of those features and what they provide. Should be exploring an alternative, this is subjective to your needs. Docker desktop is not a bad product, inherently it's a good package solution, but it doesn't mean it will fit the bill for everyone. Maybe there's something you're seeking that you can't get from it right now. And lastly, how the alternative is different, I'll be going into those three alternatives to discuss that. Now my personal experience coming into this problem was when I was working with Department of Finance and I rebuilt a project, Amazee was where the custodians are, and that's Pygmy for those that don't know. We had an issue that came in where people needed to continue to use it. These are government users, they are dependent on their stacks, and there was a sudden change that they had to move away from Docker desktop, so that was the scenario. I had a couple of prototypes to fix that problem but we ended up resolving it in the same way that we'll be looking at today. Now the Docker, this section, rather, the Docker ecosystem, I'll be covering the product stack, what comes in Docker, some issues around what people have had issues. We'll go into Docker context, so we'll discuss what a context is, what it looks like, what it does in the API lifecycle, and then we'll talk about the license itself. So the Docker ecosystem, not everyone is fully aware but Docker desktop is just one of the products in its product stack. You have things like the engine, you have Compose, which from next talk it's a bit of history there. We come from, was it FIG, yep, all the way, and now it's actually baked into the Docker CLI, so the first version is still a separate product but its future is embedded in the Docker CLI. There's also a software called Billkit, that's one I'm trying to look at replacing myself just out of curiosity. Billkit is the engine behind container builds, essentially, and of course there's the Kubernetes flavor of Docker, and it provides its own defaults and its own opinions. People have historically, we've seen this on Skype even, Docker have shipped API versions or upgrades that are perhaps too soon, or have problems where obviously when we gather around we find a solution, but that isn't always effective because we need to work on those solutions, we need to sustain them through upgrade cycles, and they don't send that a bit. Problems around slowness, potentially in Docker, I'm not claiming anything but there have been issues in the past. Volume mounts, like how the file system works, the architecture of the laptop or the desktop you're using can play a part in the performance, and yes. So lastly on this slide, Docker was made at a time where there wasn't any unified standards around how the software should work. So it was very much doing its own thing at the time, and like Nick said also, Docker just exploded, and it's become the monopoly. Everyone uses it, and that's where we are now. This actually dropped support for Docker officially as part of 120 and 2020, and more recently they had a Docker shim which was providing support for that again, ironically, but they recently moved that as well, and they replaced that with container D as their default runtime. So there's a bit of history there. APL lifecycle, it's a fairly straightforward thing. It's a restful API, it will offload all the work to a daemon, and we're going to be exploring one architecture which combines those two actually. But a user will come into the application, the CLI, they'll want to perform an operation, start a container, or maybe they want to pull a container. So the request comes in, it goes through a Docker construct known as a context which contains network information as well as a path to a Unix socket which provides the authentication to the virtual machine. And this is kind of what that looks like, but this one did come from a bare metal system which is not virtual machine based, just heads up with that. What this allows us to do is to add, replace, or remove additional context if we have the need to. We may have sensitive clients, we may have tech stacks dedicated to a certain product or client. This effectively allows us to do that and switch between them. The Docker license, this is effectively Docker desktop only. All of the other licenses haven't changed as far as I have accounted for. If you're more than 250 employees, or if you make more than 10 million in gross income, or if you are part of a government agency, the license states that you're supposed to pay for it. And the problem with this was it wasn't up front when a lot of people made the investment to move into Docker. And I'm running out of time, I'll leave it. I wanted to discuss Podman, OrbStack, and Colmar, three, I guess, favorable options in the community. The first one is OrbStack. It's built to be Apple Silicon first. It is fast and light, and it's also a paid product, but it's fairly upfront about that. The downside to this one is it's non-permissive license. If you want to know what the experience of that one looks like, it's really rather pretty, here it is. Colmar is another community favorite I've seen it pop up many times. I personally haven't had a lot of luck with it, but it is extremely customizable. And it provides quite a lot, it's free and open source. But the downside to this one is it doesn't have a UI. Some interesting stats on perhaps performance on the file system, Colmar versus Docker Desktop. What I'm doing here is just showing that if you want to seek differences and improvements in your workflow, there are options for you. I'm definitely not trying to say anything about Docker Desktop because it is so cohesive and complete, but if you want, there are options. Lastly, Podman. Podman is a Red Hat built product. They are built and maintained by them. It's open source, a very active community. What Podman does is it's focused on security, lots of security features, and it also allows a user to remove Docker completely from their system. Like for like, you probably wouldn't notice it from the CLI if you were to alias your Podman to Bash. It includes things like compose and even rootless containers. If you have a laptop that's stolen, the attack vector could not be through container escape strategies. This architecture will couple the API to the demon, which provides a more security focused product. The last point I would like to make about this is the AC Linux support. AC Linux was a technology that was built by NSA. It was made to control what a Linux process is allowed to do or not allowed to do, and it was handed over because they don't want to maintain a longer term. They wanted the capacity, obviously, but it is open source now. This is both defaulted and customizable. It's really flexible, and you find this technology in Kubernetes fairly often as well. Here's what Podman desktop looks like. As you can see, there's a few different integrations, and it looks pretty nice. Here's a quick comparison. I'll leave it up for a moment, but it just tries to narrow the focus of each of them. Coloma is focused on configurability as well as rootless containers. OrbStack is an experience-focused product, which is focused on, I guess you could say, it's speed, time to 200. It's really focused on user experience and lightweightness. Podman, security, and if I had a high point for Docker desktop, I would say it's a cohesive and complete product. What should you do? It's a good question. Everyone's case is different. You may have a necessity to move away from Docker desktop. You may have an interest in increasing your security perimeter. What I would do in this case is I would look at each piece of the puzzle and try to see if I could break it apart completely. We have an ecosystem of products coming out now, which do exactly this because of the license change. It's spawned a whole heap of puzzle pieces, and we are now in a place where we can pick and choose each of those. So, yeah. Any questions?