Docker - Things I'd like to see fixed

Recently I've been lucky enough to spend some time with Docker.  I've really enjoyed it and would definitely consider myself a fan.  However I think a couple of issues really need fixing.

Docker registries should treat images as immutable entities

Currently docker registries (including docker hub) allow you to overwrite an image with the same tag.  This means you can't be sure that an image hasn't changed since you last pulled it.  This is a nightmare from a build and deploy point of view.  I can imagine a sequence of events whereby a small low risk change is pushed through the environments with plenty of testing, only to fail in production when suddenly a modified and incompatible dependent image is pulled and deployed for the first time.  Sadly it seems that this issue has been closed - presumably without a fix.


Registry locations and Image tags need to be separate entities

Uniquely identifying a specific docker image and a source/destination registry should be two different concepts, but with docker they are combined and seem confused.  

Docker images are specified by a tag which consists of user/image:version so running: 

docker pull someone/something

...will pull the latest something image as created by user someone from registry.hub.docker.com.  However, the user part also allows us to specify a different registry, perhaps our own locally available one.  So this means that

docker pull my.local.reg/something

...will pull something from my.local.reg.  This means that in order to push an image to a local registry you need to re-tag it to include the FQDN of my.local.reg as shown below...

docker tag someone/something my.local.reg/something

and then...

docker push my.local.reg/something

...now we've lost the user someone all together.  This seems strange to me for a number of reasons:

  • It implies that images are different if they have come from different registries which should not be the case.  
  • Your source code references your local registry's FQDN.  This is because Dockerfiles that are declared to be FROM an image need to specify the parent image in the same way.  
  • Your FQDN cannot ever be one word such as localhost as it will assume you are specifying username localhost on registry.hub.docker.com 
I'd prefer to keep these things separate as per Maven's GAV parameters with the registry (maven repo) specified in an external settings file.

Comments

Popular posts from this blog

Lessons learned from a connection leak in production

How to test for connection leaks

How to connect your docker container to a service on the parent host