DEV Community

Sam Farahmand
Sam Farahmand

Posted on

Docker Is Not Dead (Stop Writing That Headline)

#docker #kubernetes #container #webdev

Docker is not Dead!

Every few months, someone posts a hot take: "Docker is dead. Time to move on."
Nope. Not dead. Not even close. Docker is alive, drinking coffee, and still running your local stack while you type your LinkedIn rants.
Why the drama? Because Kubernetes removed its dockershim back in v1.24 and standardized on containerd/CRI-O. That broke… absolutely nothing for your Docker-built images. They're still OCI images, they still run everywhere. The only thing that died was a shim.

What the haters say

  • The Daemon Thing. Docker runs a root-level daemon (dockerd). If you hand someone access to docker.sock, you basically gave them root. Rootless mode exists but isn't universal.
  • Kubernetes dropped dockershim. True - but it just switched runtimes. Your images still run fine. Licensing & Money. Docker Desktop is free for small teams, paid for bigger ones. Finance noticed.
  • Pull Limits. In 2025, Docker Hub tightened free pulls. Paid users now get unlimited pulls (fair use). CI pipelines had to authenticate or mirror.
  • Shady Images. Public Hub images sometimes contain junk or even malware. If you docker pull randomstuff123, that's on you.
  • Alternatives exist. Podman, nerdctl, and containerd are legit. Especially if you hate daemons or subscriptions.

Fair complaints. Still not a funeral.

What actually happened

Kubernetes standardized; Docker specialized.
K8s stopped babysitting Docker, and Docker leaned harder into dev workflows.

  • Builds: BuildKit + Buildx are now default. Faster builds, smarter caching, multi-arch without crying.
  • Compose: docker compose up is still the fastest way to stand up a stack locally. Now with Compose Bridge, you can even spit out Kubernetes manifests when you're ready to promote.
  • Content & security: Verified Publishers, Official Images, and Docker Scout help you dodge shady pulls. And yes - Docker is retiring Docker Content Trust (DCT) for Official Images, moving toward Sigstore/Notation.
  • Hardening: Docker Engine 28 flipped defaults: unpublished ports are no longer reachable from your LAN. Secure by default, fewer surprises.
  • New domains: Docker's 2025 push into AI/agent apps with GenAI Stack and Compose patterns. Dead platforms don't ship new features every quarter.

Why Docker still matters in 2025

  • Local Dev Experience. Still the easiest way to go repo -> running app on macOS, Windows, Linux. (Yes, Desktop runs in a VM on macOS/Windows, but performance keeps improving with VirtioFS and Synced Shares.)
  • Build Once, Run Anywhere. Docker-built OCI images run fine on containerd, CRI-O, Podman. That's the whole point.
  • Ecosystem Gravity. Testcontainers, dev containers, endless tutorials - most expect a Docker-API–compatible runtime.
  • It Just Works. Sure, you could handcraft containerd configs. But do you really want to?

Practical advice

  • Use Docker for dev and builds.
  • Run containerd/CRI-O in Kubernetes. Your images won't care.
  • Harden the basics: rootless mode, non-root containers, scans, digest pinning, trusted registries.
  • If Hub limits hurt: authenticate, mirror, or pay (paid = unlimited pulls).
  • Plan ahead: DCT is being retired -> move to Sigstore/Cosign/Notation.

The punchline

Docker isn't dead. It just grew up.
Kubernetes standardized runtimes; Docker doubled down on being the default developer platform: builds, Compose, trusted content, security, even AI workloads.

You can grumble about daemons or Desktop pricing, but here's the truth: Docker remains the fastest, friendliest way to get real work done - and the images it produces run everywhere that matters.
So next time you see "Docker is Dead", just reply with the obvious:
 "Nah, it's still alive. And it just built my app in 3 seconds flat."

Top comments (0)