-
Notifications
You must be signed in to change notification settings - Fork 0
An Interview With Docker
Given your fame, everyone seems to know what you do. But it would be great to hear it directly from you. Can you explain what exactly you do?
Let me first thank you for this interview. As you said, everyone seems to know what I do. But what my users see is not exactly what really goes on. In fact, most of the amazing thing that I am credited with is not done by me but my colleagues. Since I am the face of it all, I get to have all the glory and fame.
You see, I (with my team) do a lot of things. But the core of what we do is called Containerization, which I do not really do. I get it done by a third party called Linux. In short, all the magical stuff is done by this Linux guy. I only show that magical stuff to my users. And this is what leads my users to believe that I do some magical things.
When you run a process, it uses some shared things. Some of the commonly shared things are Network, Filesystem etc. Say, a process writes the log to ‘/var/log/myapp.log’. The file is unique on the computer. If I run another instance of the same process, both would try to write to the same file. As a result, one of them would fail.
The Containerization allows users to work around this multiple instance problem. The users can now launch multiple instances of the same app on the same computer.
Well, this is just a by-product of this technology. But my users find it very useful. And that is probably why I am also seen as an alternative to VMs. But I can only tell you that it can’t be farther from the truth. I am NOT an alternative to VMs. They are more magical than I am. I always request my users not to consider me as an alternative to the VMs.
As far as my team is concerned, it has lately mixed containers with VM for some operating systems like Mac and Windows. So, when you run a container on Mac or Windows, it actually runs on a VM, unlike Linux. My users generally don’t notice it.
As for my users, I think the biggest reason for this misconception is the technology by-product we just talked about. Since I can create one Linux environment (say CentOS) on another Linux host (say Ubuntu), I am mistakenly treated at par with VMs.
Your question shows widespread confusion. You see, I don’t (and can’t) run a CentOS on a Ubuntu host. I only create a CentOS environment. By environment, I mean shared libraries and package manager. The process in a CentOS container on a Ubuntu host runs like it would run natively on the Ubuntu host.
As I also create fresh filesystem copy for every process, it helps users install different packages (insulated from each other) on a single host. This ability to create one Linux variant on another Linux host often creates the illusion of a VM.
Imagine you are running a process under CentOS. Now you disconnect this process from the host filesystem and give it another one which has Ubuntu files and tools. This is roughly what a Ubuntu container on CentOS looks like. The process is still running on CentOS but it some Ubuntu stuff. This plug-n-play works because they all use the same kernel.
My short answer is no, they are not.
The process isolation is not exactly a feature that my users use. In fact, it sometimes causes problems for them. As for network isolation, it allows multiple processes to listen on the same socket. But it also comes with a lot of headaches for my users.
Technically, I isolate the network of every container by hiding the host network from them. I then give them a virtual network. The virtual network then connects to the real network on the host without the container ever realizing it. So, it’s more like a trick.
Wow, that was a lot of new things for one single interview. Lastly, how would you suggest the users decide between containers and VMs?
That’s a good question. You see, Container is Linux only technology. On Windows (even Mac), it uses VM to run. So running a container on any non-Linux host is inefficient. You may still choose to do so if you don’t need performance.
If you consider a container as flavour-independent packaging of Linux apps, you would generally make the correct choice.