Can someone redpill me on Docker? Should I switch from my KVM VMs to using Docker apps?

Can someone redpill me on Docker? Should I switch from my KVM VMs to using Docker apps?

Does the software package have to explicitly support Docker or can I easily package it myself?

Other urls found in this thread:

hub.docker.com
twitter.com/SFWRedditGifs

Docker are container like lxc.
But unlike lxc, docker container can be made as minimal as possible.
With lxc, you only doesn't need a kernel, but you still need the whole userspace (init, libc, gnu coreutils, etc)

Docker doesn't need a full blown OS but you'll need to package your software to docker format.

The advantage of using container is you can run hundreds of same program without much overhead.
Of course, there's no conflict of ip/port or library either.

The disadvantage is your container must match your OS.
You can't run windows program on linux container or vice versa.

so what is the benefit of a docker versus just installing a multi-user program in linux if it can be used as a VM?

Small overhead and each instance are isolated.
Docker are not VM like VirtualBox or KVM.

You can visit hub.docker.com for list of dockerized application.
You can also build it yourself, if you want to.

So for instance, I could grant each user admin rights for their own docker so they would be responsible for their own environment? Or is it more exclusively for single programs?

Docker is a meme

It's commonly used for single application but running multiple instance.

For example in server cluster, dockers are commonly used for autoscaling.
When there's not much load, cluster manager software will reduce the instance running and in return saving more power.
On the other hand, when servers load are increasing, more instance will be launched to handle the load, without breaking cpu and memory limit.

Container are also useful for development.
For example, when you want to test the load balancing between servers.

Docker is hipster shit. It re-solves a problem that has already been solved many times in a better way.

Stick to KVM.

What does vm in kvm stand for??

video/mouse

depends
in context of "kvm switch" it stands for keyboard/ video and mouse
in context of linux kvm stands for kernel virtual machine

You don't need Docker. Ever.

ITT Ragng salty baby duck neckbeards that have no clue about the real world

I remember that

>muh "real world"
>just use Docker and AWS, who cares that it will cost 10x as much to run
Kid, if you ever get out of the startup/meme phase of your app, relying on all this trash is going to bite you in the ass.

>app

you really expect to be taken seriously here using that word?

pain in the ass to develop working containers
pain in the ass to administer containers
pain in the ass to keep up with because every version is somehow broken and they update like madmen

do not replace KVM VMs with docker unless you have very good reasons

I'm trying to talk to him using his dialect.

can the latest kitematic beta connect to remote servers yet or are they still pissing around making it work with reatred local hypervisors?

>Small overhead and each instance are isolated.
Can someone explain this to me on a more basic level?
I have no experience with docker. Only a vague idea.

What is isolated from what?
Why do I want to isolate anything?
What happens if I don't?
How much does it differ from running a VM?
And if it is not too much to explain:
what are cons and pros compared to VM?

I forgot another question:
What does to isolate mean in this context?

have you ever unzipped a deb or rpm file?

a program needs specific resources available in certain places

a lot of the time the OS handles some of that but you can run into dependency hell when different programs require different dependency versions

a docker or container stores all of the dependencies next to the program itself so that it doesn't matter how the OS is setup, it is isolated from it

It's really easy if you get the hang out of it, especially with docker-compose. All my projects are now dockerized in their own little containers with the minimal stuff they need: don't need mysql in this one, but php-fpm in another, no problem, just copy some lines and compose it. Makes it easier to deploy to a different server too.

Is that somewhat comparable to static linking when I compile a program?
Or is there more to it?

same idea, there's just some additional voodoo involved

the only real benefit I've seen is on click-to-install server software like on digital ocean or AWS. it saves the company storage space and provides the end user more software options and more control

If the reason you are using KVM is for an isolated environment that doesn't involve running other VMs, Docker will do the same thing except use pretty much no resources. It does require a bit more setup initially though.

But after that, you can create new containers in pretty much no time at all, so if you wanted to, you could literally create a hundred brand new Ubuntu boxes and get them all doing different things in seconds if you script it. Also, a ton of things use Docker for environments these days, so instead of having to make a new VM to try a Linux Distro, you can just "docker pull" it and then go nuts.

The downside to containers is, while you can, that they are not really supposed to be used for data storage. So you would generally have to mount a volume to write to inside of them, or use the -v switch to mark a particular folder as persistent. This is the "additional setup" I mentioned above if you wanted to replace KVM.

how do I access docker in a multi-user environment? in libvirt, I use VNC/SPICE to give users access to their own VMs based on port number, how is this accomplished in docker?

You would basically do the same thing. You can install VNC or SPICE in the same way, and when making the container, just forward the port to the port they would connect to with "-p :5900". That way, each port on the host would go to a different containers' VNC.

>the joke

GILF bump

Does she still does porn?

>docker
>isolated

Yes. That's kinda the point of Docker.

memes are a meme

Somewhat, it's not airtight security, but it's still better than none.

Anyhow, you don't use docker for defense in depth, you use it for easier deployment in big organization and universal packaging of complex applications.

Docker is only good if you're actually going legit microservice

If you don't need elasticity then it's sort of worthless if you aren't the developer

I tried to use docker to run multiple instances of my web browser. Idea being that the one used for banking wouldn't have all the privacy and cookie destroying addons.
In the end it was buggy as shit and crashed a lot. I was accessing programs with X11, maybe there was a better way.

Either way it turned me off and there's no way I'd switch my "real" stuff to docker. Plus it doesn't actually isolate things like others have pointed out. It only logically separates them, but they still have some access to the host machine.