Why Docker? Pros and Cons

So I guess developers got pissed off by the whole “Linux” or “Windows” thing, and they where like: “Let’s build something that can run both Windows and Linux applications, regardless of the operating system or environment”, then containers were invented!
The idea is Containers will isolate “our code” from what is “not our code”, to make sure the “works on my machine” situation doesn’t happen.

From Virtual Machines to Containers
So before Containers showed up, we used to use VMs to host our application, and I guess people liked it, because we were able to get a big server and slice it up to several VMs and have multiple computers and simulate a network. now that Containers showed up, it seems like VMs aren’t a good idea anymore, because it seems like Containers give us a better level of abstraction than VMs.
Though some people might argue that, we might not even need docker, if we choose a right Cloud platform, and use PaaS (Platform as a Service) offerings which will give us a higher level of abstraction, but again other might argue that, that way you are kind of tight to that Cloud Provider, which again might not necessarily be a bad thing, considering what they offer these days!
Also, even some of the Cloud providers does not natively support Linux or Windows, so now with Containers, you can put your code in some container and then move your container into your cloud provider if you like.
Remind me what Virtual Machines are!
Virtual machines (VMs) are an abstraction of physical hardware, that would slice your one giant physical server into multiple ones. The “hypervisor” or “VMM (Virtual Machine Monitor)” provides the capability to run multiple Virtual Machines on one set of hardwar and each one of these VMs with have an OS (you need to have licenses, update and patch them and everything IT related you do with all of your regular computers).
Tell me again about Containers!
Containers are an abstraction at the app layer that packages code and dependencies together. Multiple containers can run on the same machine and share the OS kernel with other containers, each running as isolated processes in user space. Since Containers does not have a full blown Operating System they take up less space compared to VMs.
The following image from Docker website explains the differences Between Containers and VMs:

Deeper dive into Virtualization
As mentioned before Virtualization is handled by Hypervisor, and it basically manages the CPU’s “root mode” and by some sort of interception, manages to create an illusion for the VM’s Operation System as if it has its own hardware. I f you are interested to know who did this first to send them a “Thank You” note, it was “VMWare”.
So ultimately, the hypervisor, facilitates to run multiple seperate operation systems on the same hardware. All the VM operating system (known as Guest OS) go through the boot process to load the kernel and all the other OS modules, just like regular computers, hence the slowness! And if you are curious about the isolation between the guests and hosts, I should say, you can have pretty strict security between them.
Deeper dive into Containers
A bit more than 10 years ago, some folks from Google came up with namespaces concept. Yeah, exactly as developers are familiar with, the idea is, we want to put hardware resources into namespaces, and only give permission to use resources to other resources or software, only if they belong to a specific namespace. So you basically can tell processes, what is their namespace, and what hardware namespaces they can access.
So this basically creates a level of isolation, where each process has only access to the resources that are in their own namespace.
This is how Docker works! Each container runs in its own namespace and all containers use the same kernel to manage the namespaces.
Now because kernel is the control plane here and knows the namespace that was assigned to the process, it makes sure that process can only access resources in its own namespace.
As you can see the isolation level in Docker is not as strong as VMs as they all share the same kernel, also because of the same reason they are much lighter than VMs.
Docker and Other alternative Containers
As you have seen above, I might use “Container” and “Docker” interchangeably, because I guess Docker has become the industry de facto standard, and lot of people including myself use these words interchangeably.
But if you are interested on other alternatives here are some that are out there:
Although Docker is the most popular container technology, but there many other container solutions out there:
BSD Jails
LXD
LXC
Solaris Zones
RKT
Here what google trends shows comparing these:

Docker, the good parts
Here are some advantages when you are looking into VMs or Bare-bone servers
Containers are small compared to VMs
Though they are bigger than Functions, if you compare them with AWS Lambda, or Azure Functions, or even Azure App services! They tend to start somewhere from tens of megabytes up, where VMs start from Gigabytes. So your current server can host way more containers compared to VMs.
Containers uses less resources
Since you don’t have a full OS and they all share the same kernel, they are pretty light.
Fast boot.
Takes seconds to start a container, so if things go south and you need to restart or deploy new versions, you new instance is up in seconds.
Eliminating the “Works on My Machine” situation
Bug bounces around issues where you test in one environment, and then code doesn’t work in other environment because of config issues will not happen as often because local and QA environment would be identical.
They work well in DevOps and CI/CD
Container-based virtualization are a great option for Microservices, DevOps, and continuous deployment since it is easy to manage them (if you have the right tools!)
Docker, the dark side
Though there are very good benefits of using Containers there are things to watch for!
Security
Since there is no full operating system people tend to overlook the security aspect of containers, but if you look up online, you will see that hackers are targeting systems that are hosted in containers and not secured properly.
Isolation
Since the containers use the same kernel, they are not 100 isolated, so you should be aware of the risks if you are using multiple containers in one server, and make sure you know what you are doing and which containers are running on the same kernel along with your stuff!
Networking
Networking can be tricky in containers world when you want to limit the access within containers and also have proper network communications where required.[Source]-https://koukia.ca/why-docker-pros-and-cons-949d104478c5
Beginners & Advanced level Docker Training in Mumbai. Asterix Solution's 25 Hour Docker Training gives broad hands-on practicals.

Comments

Post a Comment

Popular posts from this blog

What Is Java? A Beginner’s Guide to Java and Its Evolution

What is Java used for? Before I answer the question, what is Java used for, let me brief you about why you should choose Java. Java is highly popular and has dominated this field from early 2000’s till the present 2018. Java has been used in different domains. Some of them are listed below: Banking: To deal with transaction management. Retail: Billing applications that you see in a store/restaurant are completely written in Java. Information Technology: Java is designed to solve implementation dependencies. Android: Applications are either written in Java or use Java API. Financial services: It is used in server-side applications. Stock market: To write algorithms as to which company they should invest in.   Big Data: Hadoop MapReduce framework is written using Java. Scientific and Research Community: To deal with huge amount of data. Wait! Java can do more. Let’s see how some of the technologies make use of Java as an essential core of their functionalit...
Read more

Is Data Scientist & Data Analyst are same? Learn the Differences Now!

Image
If we talk about the hottest jobs in tech right now, then only two names will pop up in your mind those are a data analyst or data scientist.  And, that’s not only we are saying even the Harvard Business Review declared “data scientist” as the“sexiest job of the 21st century .” But there is a lot of confusion between both the names even people who have some basic knowledge of data science consider both the job profiles as one.  Well, the reason behind this confusion is both of the professions deal with big data, rather defined vaguely and sometimes used interchangeably with one another. So, here we are to explain the differences between the two of them and that too in the easiest way. Let’s begin the brief introduction of both the terms, followed by skillsets each require to understand well.   Definition a. Data Analysts Data Analysts play a vital role in the Data Science domain. As a role, they play a variety of tasks associated with collectin...
Read more

Full Stack Development : All that you need to know

What is a Full Stack Development professional? A full stack development professional is the one who is having a sound technical knowledge of each and every aspect of development – front end, back end, various operating systems among other details of the technology. These people are usually termed as “developer generalists”. The significant thing to be noted here is that full stack developer should not be confused with senior developers. In nutshell, this stack of developers can create any complex application from the scratch, provided they would have understood how each technical layer should interact with the other. Why Full Stack Development? At the beginning of this post, we have mentioned about a query that had instantly popped in the mind – why would a company require full stack development professional. Here’s the answer: 1. Creation of unique code: The developer or the agency would be able to create a unique code for multiple technologies; as they could work with ...
Read more