Infornstionalise me.
I don’t see the point in containers. I use them as I have to but it’s another abstraction layer of complexity that is not needed.
If I wanted resilience I’d use a cluster
If I wanted security I’d use a multitude of products.
What’s a container providing me?
the ability to spin up one or many instances of one or many different “ready to go” services in seconds.
If you have an existing configuration, you generally just map the configuration file (or folders) from the host into the container.
Something gets fucked in the container? As long as it’s not the configuration, you can simply delete the container and re-spin it back up in seconds with a “factory os” with your existing configuration.
Technically speaking the idea of docker is to have one service per container, but you don’t have to do that (although most images you’ll find on the hub will be that way) and you can use docker compose to define the interdependencies and start order for the various containers.
It’s shared the kernel with the host so there’s only the tiniest overhead, much lower than using a VM since it’s simply just sharing the resources of the kernel, the container will contain its entire “os” image (barring the kernel) so as far as the container is concerned, it’s running a full os.
You can share devices, have massive control over the networking of the containers and whether it uses a docker bridge or whether it uses the hosts networking, in bridge mode you can map host ports to ports inside the container, that’s incredibly useful because the container thinks everything is happening on whatever ports the service uses, but the host will be using ports convenient to it.
That is even more useful when you have many services that by default use the same port, for example I have tens of containers that all provide web interfaces (and some are just multiple instances of the same service) and I don’t have to faff in the container changing ports, I leave them as 443 and then give them a unique port on the host, couple that with a reverse proxy and you can access all your things such as Emby, Plex, Node Red and many others by domain name rather than having to specify the host IP and having to remember the port that a particular service is using.
It’s also useful for build tools that can sometimes be difficult or extremely long winded to install and can sometimes cause issues if they overwrite stuff, or if things need specific versions of libraries, you can keep the app happy because it has its own copies of the libraries and is completely separate to the hosts libraries, and for tools like that you can create a shell script that calls docker so you can make all the docker stuff invisible, it looks like you’re running the app inside the host when it’s happening inside the container.
I also use LXC containers because they again are more lightweight than a full VM, but are designed to be a full os, so you spin up containerised versions of your favourite Linux distribution and can use it as if it’s a VM.
I rarely use VM’s anymore because the combination of docker and LXC pretty much has all bases covered.
