My thoughts on the whole Warden vs. Docker discussion:
Trying to convince an engineer who knows Docker and Warden to switch to Docker
is like trying to convince a manual transmission driver to buy an automatic
because it's what your neighbor knows.
The real magic happens in the kernel. Both Docker and Warden are sugar on top of
it, with APIs tailored for different things.
Docker provides reproducible environments. Warden provides agility on top of
predefined environments.
Further: Docker is a tool for bootstrapping images and running single commands
with a static environment. Warden is a tool for taking predefined images and
spinning up dynamically configurable containers that can run any number of
commands.
On Diego team we actually use both Docker and Warden. We use Docker to build our
base images[1], and we use Warden to run apps with them. We also use Docker for
having reproducible CI environments with Drone[2]. We opt for the best tool for
the job.
Diego's architecture demands a flexible, cross-platform container abstraction.
Our components cannot assume Linux, let alone LXC. Given this, the Warden
architecture serves an important function: a generic API over a pluggable
backend. Having this abstraction layer allows us to design components that will
"Just Work" when you swap out Linux for Windows, or, hell, our own Linux backend
with a Docker backend.
So, here's what would really bug me about swapping out all of Warden: you can
cleanly define Docker's container API in terms of Warden's, but not the other
way around. By switching we lose flexibility, not just control.
As a challenge, I've started working on a Docker backend for Garden[3]. So far
you can create a container, copy files in and out, run and stream commands, and
set memory/CPU limits. That's about as far as I think I can get without
rewriting half of our Linux backend; abstractions are springing leaks left and
right.
The transition is lossy, and what would it technically buy us? We wouldn't have
to maintain our Linux backend anymore? It requires next to no maintenance as it
is. Again, the magic happens in the kernel; we just have to turn some knobs. I'm
afraid of having those knobs boxed away and having GitHub issues and Google
searches and more external dependencies in their place. There does not need to
be one single application for the Linux kernel's containerization APIs.