←back to thread

We Need to Talk About Docker Hub

(www.linuxserver.io)
128 points darthShadow | 1 comments | 24 Jan 25 11:40 UTC | HN request time: 0s | source
1. jillesvangurp ◴[24 Jan 25 13:05 UTC] No.42812687[source]
There are a few good reasons to avoid docker hub in production environments:

- free usage is capped and throttled if you exceed download limits.

- some cloud environments don't pay for docker hub access and it's easy to exceed those limits collectively. I've seen that happen on telekom cloud a few times.

- you can configure docker on your machine to use a mirror. For example https://mirror.gcr.io. Or you can setup your own mirror of course. Most cloud environments do this for you.

Using a mirror means you can continue to use images published (by others) to docker hub. And since you don't really have much of a choice about where others publish their images, using a mirror is a good workaround.

IMHO the docker solution of simply prepending images with your registry domain is actually a decent practice. I don't get websites I browse from a central repository either.

For your own stuff, you don't really need to use dockerhub. You can just run your own repository, which isn't that hard or expensive. But of course, an empty repository isn't that useful if you mainly use stuff made by others.

Btw. docker is not unique with having a corporately owned central repository of software. Annoyingly, maven central is run by Sonatype and their process for pushing stuff there is mildly convoluted. It's stupidly easy to use a simple aws or gcp bucket as a maven repository from gradle (I do this for some of my OSS projects). Or any old server with ssh access and a web server. Github also offers repositories for a lot of stuff. But getting your library on maven central just means dealing with their bureaucracy (Jira driven!) and jumping through a lot of hoops. I've been wishing somebody would beat some sense into them or would setup a (vastly) easier to use public repository for years.

It's nice that companies offer public repositories of stuff. But it's inconvenient when they start policing/taxing access to that or put up barriers to get stuff in there. Mainly because they tend to host the vast majority of interesting dependencies that you might want to use.

IMHO the ownership of such central infrastructure ideally moves to some kind of foundation with proper governance rather than some company. For docker that could be the Linux Foundation. It's not clear to me why that responsibility lies with a tiny company for the Java ecosystem that makes a rather convoluted product for hosting jar files which at this point isn't actually that widely used since there are plenty better alternatives. Nothing against them but why delegate such a big responsibility to them?