Why Docker? Pros and Cons

So I guess developers got pissed off by the whole “Linux” or “Windows” thing, and they where like: “Let’s build something that can run both Windows and Linux applications, regardless of the operating system or environment”, then containers were invented!
The idea is Containers will isolate “our code” from what is “not our code”, to make sure the “works on my machine” situation doesn’t happen.

From Virtual Machines to Containers
So before Containers showed up, we used to use VMs to host our application, and I guess people liked it, because we were able to get a big server and slice it up to several VMs and have multiple computers and simulate a network. now that Containers showed up, it seems like VMs aren’t a good idea anymore, because it seems like Containers give us a better level of abstraction than VMs.
Though some people might argue that, we might not even need docker, if we choose a right Cloud platform, and use PaaS (Platform as a Service) offerings which will give us a higher level of abstraction, but again other might argue that, that way you are kind of tight to that Cloud Provider, which again might not necessarily be a bad thing, considering what they offer these days!
Also, even some of the Cloud providers does not natively support Linux or Windows, so now with Containers, you can put your code in some container and then move your container into your cloud provider if you like.
Remind me what Virtual Machines are!
Virtual machines (VMs) are an abstraction of physical hardware, that would slice your one giant physical server into multiple ones. The “hypervisor” or “VMM (Virtual Machine Monitor)” provides the capability to run multiple Virtual Machines on one set of hardwar and each one of these VMs with have an OS (you need to have licenses, update and patch them and everything IT related you do with all of your regular computers).
Tell me again about Containers!
Containers are an abstraction at the app layer that packages code and dependencies together. Multiple containers can run on the same machine and share the OS kernel with other containers, each running as isolated processes in user space. Since Containers does not have a full blown Operating System they take up less space compared to VMs.
The following image from Docker website explains the differences Between Containers and VMs:

Deeper dive into Virtualization
As mentioned before Virtualization is handled by Hypervisor, and it basically manages the CPU’s “root mode” and by some sort of interception, manages to create an illusion for the VM’s Operation System as if it has its own hardware. I f you are interested to know who did this first to send them a “Thank You” note, it was “VMWare”.
So ultimately, the hypervisor, facilitates to run multiple seperate operation systems on the same hardware. All the VM operating system (known as Guest OS) go through the boot process to load the kernel and all the other OS modules, just like regular computers, hence the slowness! And if you are curious about the isolation between the guests and hosts, I should say, you can have pretty strict security between them.
Deeper dive into Containers
A bit more than 10 years ago, some folks from Google came up with namespaces concept. Yeah, exactly as developers are familiar with, the idea is, we want to put hardware resources into namespaces, and only give permission to use resources to other resources or software, only if they belong to a specific namespace. So you basically can tell processes, what is their namespace, and what hardware namespaces they can access.
So this basically creates a level of isolation, where each process has only access to the resources that are in their own namespace.
This is how Docker works! Each container runs in its own namespace and all containers use the same kernel to manage the namespaces.
Now because kernel is the control plane here and knows the namespace that was assigned to the process, it makes sure that process can only access resources in its own namespace.
As you can see the isolation level in Docker is not as strong as VMs as they all share the same kernel, also because of the same reason they are much lighter than VMs.
Docker and Other alternative Containers
As you have seen above, I might use “Container” and “Docker” interchangeably, because I guess Docker has become the industry de facto standard, and lot of people including myself use these words interchangeably.
But if you are interested on other alternatives here are some that are out there:
Although Docker is the most popular container technology, but there many other container solutions out there:
BSD Jails
LXD
LXC
Solaris Zones
RKT
Here what google trends shows comparing these:

Docker, the good parts
Here are some advantages when you are looking into VMs or Bare-bone servers
Containers are small compared to VMs
Though they are bigger than Functions, if you compare them with AWS Lambda, or Azure Functions, or even Azure App services! They tend to start somewhere from tens of megabytes up, where VMs start from Gigabytes. So your current server can host way more containers compared to VMs.
Containers uses less resources
Since you don’t have a full OS and they all share the same kernel, they are pretty light.
Fast boot.
Takes seconds to start a container, so if things go south and you need to restart or deploy new versions, you new instance is up in seconds.
Eliminating the “Works on My Machine” situation
Bug bounces around issues where you test in one environment, and then code doesn’t work in other environment because of config issues will not happen as often because local and QA environment would be identical.
They work well in DevOps and CI/CD
Container-based virtualization are a great option for Microservices, DevOps, and continuous deployment since it is easy to manage them (if you have the right tools!)
Docker, the dark side
Though there are very good benefits of using Containers there are things to watch for!
Security
Since there is no full operating system people tend to overlook the security aspect of containers, but if you look up online, you will see that hackers are targeting systems that are hosted in containers and not secured properly.
Isolation
Since the containers use the same kernel, they are not 100 isolated, so you should be aware of the risks if you are using multiple containers in one server, and make sure you know what you are doing and which containers are running on the same kernel along with your stuff!
Networking
Networking can be tricky in containers world when you want to limit the access within containers and also have proper network communications where required.[Source]-https://koukia.ca/why-docker-pros-and-cons-949d104478c5
Beginners & Advanced level Docker Training in Mumbai. Asterix Solution's 25 Hour Docker Training gives broad hands-on practicals.

Comments

Popular posts from this blog

What Is Java? A Beginner’s Guide to Java and Its Evolution

Is Data Scientist & Data Analyst are same? Learn the Differences Now!

Full Stack Development : All that you need to know