Building a web application using containers is one of the new technologies that I and my Capstone team need to learn and master. I researched and self-learned to build Docker images and run docker stack services to create a microservice web application. However, there is a need for our project to build an internal web application which is run on the HPC system. As a result, Singularity containers become more preferable than Docker’s. However, the process of converting from Docker’s multi-containers to a single Singularity container seems to be challenging. In this blog, I differentiate the differences between Singularity and Docker. Hopefully, this will help new learners to gain some insights when choosing the right container technologies for their applications.
2.0 Docker containers:
To maintain the Docker engine, Docker daemon needs to be run in the background; Docker daemon needs root privileges, which could potentially be a security concern. Only trusted users should be allowed to control your Docker daemon . Otherwise, without limiting access rights, containers can alter the host filesystem as Docker host and guest containers share a directory. However, some extra steps can be done to reduce these security risks. For example, enabling SELinux and not allowing users to mount directories outside Docker context. Also, binding options should only apply to trusted user-defined paths and the filesystem maintains proper user’s ownership rights .
Docker is suitable for DevOps engineering; Docker provides cloud-native micro-services to users . With Docker swarm, multiple Docker containers can be run and connected on multiple hosts. With Docker compose, multiple Docker containers can be configured and started on the same host. Docker Hub provides a great number of pre-built Docker images, which is convenient to meet the needs of many applications.
3.0 Singularity containers:
Singularity containers are not as popular as Docker containers are. For Windows users, for example, users can set up a Docker desktop but cannot install a Singularity desktop. To run Singularity locally, Windows’ users have to install many dependencies including Git Bash, Vagrant, and Virtual Box . In addition, when encountering problems with container technologies, Docker containers seem to have more support from a large number of users. Singularity has smaller numbers of users; thus, new learners might find it is challenging when building applications with Singularity.
Singularity containers are preferred when running applications in HPC systems. Singularity containers can be run without sudo. Unprivileged users can also use –remote or –fakeroot features to build Singularity containers. In addition, Singularity can convert Docker containers to Singularity, or can run containers directly from Docker Hub, or can pull images from Singularity Hub.
4.0 Differences between Singularity definition file and Dockerfile:
Understanding the basic differences between the Singularity definition file and Dockerfile could help users to quickly build Singularity definitions files when it is necessary.
Singularity definition files have header and section. Header has the keyword “Bootstrap”. Depending on bootstrap agents, other keywords need to be added. For example: “From”, “OSVersion”, “MirrorURL”, “include”, “Fingerprints”. Sections start with % followed by the names of the sections. Common sections are %setup, %files, %environment, %post, %runscripts, %startscripts, %test, %label. %help, %app*.
In contrast to Singularity, dockerfile can only use Docker Hub to bootstrap. Also, Dockerfile does not support %setup, %startscript, % help, and %app*. Instead of %files, %environment, %post, %runscript, %test, and %label, dockerfile uses different section names including COPY, ENV, RUN, CMD, HEALTHCHECK, and LABEl respectively .
Understanding pros and cons of Docker and Singularity containers could help developers select suitable container technology for their applications. From my own experience, it is faster to build and deploy Docker containers; the main concern is the security risks that prevent usage of Docker containers on HPC systems.
 Docker docs. (Docker Security. [Online]. Available: https://docs.docker.com/engine/security/. Accessed Jan 3rd, 2022.
 Nishanth Dandapanthula. (2018). [Online]. Available: https://www.nextplatform.com/2018/03/19/singularity-containers-for-hpc-deep-learning/. Accessed Jan 3rd, 2022.
 RRZE. (2020). Introduction to software containers with Singularity. [Online]. Available: https://hpc.fau.de/files/2020/05/2020-05-12-singularity-containers.pdf. Accessed Jan 3rd, 2022
 Singularity container. Support for Docker and OCI. [Online]. Available: https://sylabs.io/guides/3.5/user-guide/singularity_and_docker.html#sec-deffile-vs-dockerfile. Accessed Jan 3rd, 2022.
 Singularity docs. Installation. [Online]. Available: https://sylabs.io/guides/3.0/user-guide/installation.html. Accessed Jan 3rd, 2022.