How is Docker different from a virtual machine?

前端 未结 20 2692
闹比i
闹比i 2020-11-21 22:36

I keep rereading the Docker documentation to try to understand the difference between Docker and a full VM. How does it manage to provide a full filesystem, isolated network

相关标签:
20条回答
  • 2020-11-21 23:16

    There are a lot of nice technical answers here that clearly discuss the differences between VMs and containers as well as the origins of Docker.

    For me the fundamental difference between VMs and Docker is how you manage the promotion of your application.

    With VMs you promote your application and its dependencies from one VM to the next DEV to UAT to PRD.

    1. Often these VM's will have different patches and libraries.
    2. It is not uncommon for multiple applications to share a VM. This requires managing configuration and dependencies for all the applications.
    3. Backout requires undoing changes in the VM. Or restoring it if possible.

    With Docker the idea is that you bundle up your application inside its own container along with the libraries it needs and then promote the whole container as a single unit.

    1. Except for the kernel the patches and libraries are identical.
    2. As a general rule there is only one application per container which simplifies configuration.
    3. Backout consists of stopping and deleting the container.

    So at the most fundamental level with VMs you promote the application and its dependencies as discrete components whereas with Docker you promote everything in one hit.

    And yes there are issues with containers including managing them although tools like Kubernetes or Docker Swarm greatly simplify the task.

    0 讨论(0)
  • 2020-11-21 23:17

    Docker encapsulates an application with all its dependencies.

    A virtualizer encapsulates an OS that can run any applications it can normally run on a bare metal machine.

    0 讨论(0)
  • 2020-11-21 23:17

    They both are very different. Docker is lightweight and uses LXC/libcontainer (which relies on kernel namespacing and cgroups) and does not have machine/hardware emulation such as hypervisor, KVM. Xen which are heavy.

    Docker and LXC is meant more for sandboxing, containerization, and resource isolation. It uses the host OS's (currently only Linux kernel) clone API which provides namespacing for IPC, NS (mount), network, PID, UTS, etc.

    What about memory, I/O, CPU, etc.? That is controlled using cgroups where you can create groups with certain resource (CPU, memory, etc.) specification/restriction and put your processes in there. On top of LXC, Docker provides a storage backend (http://www.projectatomic.io/docs/filesystems/) e.g., union mount filesystem where you can add layers and share layers between different mount namespaces.

    This is a powerful feature where the base images are typically readonly and only when the container modifies something in the layer will it write something to read-write partition (a.k.a. copy on write). It also provides many other wrappers such as registry and versioning of images.

    With normal LXC you need to come with some rootfs or share the rootfs and when shared, and the changes are reflected on other containers. Due to lot of these added features, Docker is more popular than LXC. LXC is popular in embedded environments for implementing security around processes exposed to external entities such as network and UI. Docker is popular in cloud multi-tenancy environment where consistent production environment is expected.

    A normal VM (for example, VirtualBox and VMware) uses a hypervisor, and related technologies either have dedicated firmware that becomes the first layer for the first OS (host OS, or guest OS 0) or a software that runs on the host OS to provide hardware emulation such as CPU, USB/accessories, memory, network, etc., to the guest OSes. VMs are still (as of 2015) popular in high security multi-tenant environment.

    Docker/LXC can almost be run on any cheap hardware (less than 1 GB of memory is also OK as long as you have newer kernel) vs. normal VMs need at least 2 GB of memory, etc., to do anything meaningful with it. But Docker support on the host OS is not available in OS such as Windows (as of Nov 2014) where as may types of VMs can be run on windows, Linux, and Macs.

    Here is a pic from docker/rightscale :

    0 讨论(0)
  • 2020-11-21 23:17

    This is how Docker introduces itself:

    Docker is the company driving the container movement and the only container platform provider to address every application across the hybrid cloud. Today’s businesses are under pressure to digitally transform but are constrained by existing applications and infrastructure while rationalizing an increasingly diverse portfolio of clouds, datacenters and application architectures. Docker enables true independence between applications and infrastructure and developers and IT ops to unlock their potential and creates a model for better collaboration and innovation.

    So Docker is container based, meaning you have images and containers which can be run on your current machine. It's not including the operating system like VMs, but like a pack of different working packs like Java, Tomcat, etc.

    If you understand containers, you get what Docker is and how it's different from VMs...

    So, what's a container?

    A container image is a lightweight, stand-alone, executable package of a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings. Available for both Linux and Windows based apps, containerized software will always run the same, regardless of the environment. Containers isolate software from its surroundings, for example differences between development and staging environments and help reduce conflicts between teams running different software on the same infrastructure.

    So as you see in the image below, each container has a separate pack and running on a single machine share that machine's operating system... They are secure and easy to ship...

    0 讨论(0)
  • 2020-11-21 23:19

    I have used Docker in production environments and staging very much. When you get used to it you will find it very powerful for building a multi container and isolated environments.

    Docker has been developed based on LXC (Linux Container) and works perfectly in many Linux distributions, especially Ubuntu.

    Docker containers are isolated environments. You can see it when you issue the top command in a Docker container that has been created from a Docker image.

    Besides that, they are very light-weight and flexible thanks to the dockerFile configuration.

    For example, you can create a Docker image and configure a DockerFile and tell that for example when it is running then wget 'this', apt-get 'that', run 'some shell script', setting environment variables and so on.

    In micro-services projects and architecture Docker is a very viable asset. You can achieve scalability, resiliency and elasticity with Docker, Docker swarm, Kubernetes and Docker Compose.

    Another important issue regarding Docker is Docker Hub and its community. For example, I implemented an ecosystem for monitoring kafka using Prometheus, Grafana, Prometheus-JMX-Exporter, and Docker.

    For doing that, I downloaded configured Docker containers for zookeeper, kafka, Prometheus, Grafana and jmx-collector then mounted my own configuration for some of them using YAML files, or for others, I changed some files and configuration in the Docker container and I build a whole system for monitoring kafka using multi-container Dockers on a single machine with isolation and scalability and resiliency that this architecture can be easily moved into multiple servers.

    Besides the Docker Hub site there is another site called quay.io that you can use to have your own Docker images dashboard there and pull/push to/from it. You can even import Docker images from Docker Hub to quay then running them from quay on your own machine.

    Note: Learning Docker in the first place seems complex and hard, but when you get used to it then you can not work without it.

    I remember the first days of working with Docker when I issued the wrong commands or removing my containers and all of data and configurations mistakenly.

    0 讨论(0)
  • 2020-11-21 23:20

    Docker, basically containers, supports OS virtualization i.e. your application feels that it has a complete instance of an OS whereas VM supports hardware virtualization. You feel like it is a physical machine in which you can boot any OS.

    In Docker, the containers running share the host OS kernel, whereas in VMs they have their own OS files. The environment (the OS) in which you develop an application would be same when you deploy it to various serving environments, such as "testing" or "production".

    For example, if you develop a web server that runs on port 4000, when you deploy it to your "testing" environment, that port is already used by some other program, so it stops working. In containers there are layers; all the changes you have made to the OS would be saved in one or more layers and those layers would be part of image, so wherever the image goes the dependencies would be present as well.

    In the example shown below, the host machine has three VMs. In order to provide the applications in the VMs complete isolation, they each have their own copies of OS files, libraries and application code, along with a full in-memory instance of an OS. Whereas the figure below shows the same scenario with containers. Here, containers simply share the host operating system, including the kernel and libraries, so they don’t need to boot an OS, load libraries or pay a private memory cost for those files. The only incremental space they take is any memory and disk space necessary for the application to run in the container. While the application’s environment feels like a dedicated OS, the application deploys just like it would onto a dedicated host. The containerized application starts in seconds and many more instances of the application can fit onto the machine than in the VM case.

    Source: https://azure.microsoft.com/en-us/blog/containers-docker-windows-and-trends/

    0 讨论(0)
提交回复
热议问题