alt Hacker NewsI think of using Apptainer/Singularity as more like Docker than anything else (without the full networking configs). These are all issues with traditional Docker containers as well, so I’m not sure how you were using the containers or what you were expecting.
For my workflows on HPC, I use apptainers as basically drop-in replacements for Docker, and for that, they work quite well. These biggest benefit is that the containers are unprivileged. This means you can’t do a lot of things (in particular complex networking), but it also makes it much more secure for multi-tenant systems (like HPC).
(I know Docker and Apptainer are slightly different beasts, but I’m speaking in broad strokes in a general sense without extra permissions).
You can also run Docker itself in rootless mode[1]. And if for some reason you don't want to run Docker, you can also use Podman or Incus instead, and they both support Docker images, as well as running unpriviliged. Finally, there's also Flox[2], which is a Nix-based application Sandbox, that I believe would align more towards your (and OP's) use case (unless you specifically require Docker image compatibility).
So unfortunately your example doesn't illustrate why Apptainer is a better option.
[1] https://docs.docker.com/engine/security/rootless/
[2] https://flox.dev/