I read some about how it works and understand it’s benefit \[allows you to build on one OS, but run the app on multiple different OSes without concern as the docker handles all the translation\]. Or is this wrong?
* But does a docker usually run multiple containers? Is there any benefit to having a 1:1 docker:container or is that wasteful?
* Within AWS/Azure, does using this configuration versus a full-fledged VM save money in the long run?
Anything else I’m missing, feel free to add.
In: Technology
A container is a sometimes described as a “light-weight virtual machine”. Apps still run on the same operating system, and are NOT in a virtual machine in the traditional sense. However, resources normally considered to be the same for all apps can be isolated. Normally only one program can possibly listen on TCP port 80 (HTTP web server), but if you run a web server in a container, it is possible for it to listen on port 80 and not interfere with another web server on the same OS or in a different container on the same OS. Similar thing can be done to things like the computer’s name, filesystems and directory views, sharing memory between apps, etc to produce the illusion of a virtual machine, but it’s really not. The operating system is merely isolating all the apps further than usual. So it is possible to run a Debian Linux host, and a container that was built from Ubuntu or Red Hat or Suse or something else because it’s all still just Linux.
Docker is a particular program designed to run containers, but more than that, to be able to download and install them from a centralized server. That is its main feature: building or fetching them for you to run. Someone else has gone to the effort of making a container that contains only a web server, and you can just install and run it on your own server, or you could build your own and even publish it. There are a few competing apps to do similar things, but docker seems to be the most popular. As an alterantive I’ve been using LXC, which instead gives users much more flexibility and control at the expense of being harder to work with and easier to make mistakes.
Running 1 container per virtual machine is, imo, wasteful. While it provides a security layer, a hypothetical escape just gets them into the virtual machine as a whole and there’s not much else there to be compromised. As for AWS/Azure situations, it should save you a little bit of money if you can take multiple containers and run them on fewer servers. Check the pricing, but if you need 100 containers, it may be cheaper to rent 10 big servers/virtual machines vs 100 smaller ones when each is spec’d correctly.
Containers are a Linux thing, and can only run Linux apps with all the normal rules that go with it. x86 Linux can only run x86 containers, so no running Windows programs or ARM apps/containers or FreeBSD programs. While workarounds exist – Wine for windows apps, and QEMU for different CPU types – you would still have to use them inside the containers as you would normally. So you’d need to install Wine within a container as you would any other Linux system to run Windows programs. And so on and so forth.
Latest Answers