What are the advantages and disadvantages of docker

Advantages: 1. Faster delivery and deployment; 2. More efficient virtualization; 3. Easier migration and expansion; 4. Simpler management; 5. Low CPU/memory consumption. Disadvantages: 1. It cannot be used in 32-bit Linux, Windows or Unix environments; 2. Docker's management of disks is relatively limited, etc.

The operating environment of this tutorial: linux5.9.8 system, docker-1.13.1 version, Dell G3 computer.

As an emerging virtualization method, Docker has many advantages compared with traditional virtualization methods. First of all, Docker containers can be started in seconds, which is much faster than traditional virtual machine methods. Secondly, Docker has a high utilization rate of system resources. Thousands of Docker containers can be run simultaneously on one host. In addition to running the application in it, the container basically consumes no additional system resources, making the application performance very high and the system overhead as small as possible. The traditional virtual machine method requires 10 virtual machines to run 10 different applications, while Docker only needs to start 10 isolated applications.

Docker has great advantages in the following aspects.

1) Faster delivery and deployment

For development and operation and maintenance (devops) personnel, what they hope most is to create or configure once and run normally anywhere . Developers can use a standard image to build a set of development containers. After development is completed, operation and maintenance personnel can directly use this container to deploy code. Docker can quickly create containers, quickly iterate applications, and make the entire process visible, making it easier for other members of the team to understand how the application is created and works. Docker containers are light and fast! The startup time of the container is seconds, which saves a lot of time in development, testing, and deployment.

2) More efficient virtualization

The running of Docker containers does not require additional hypervisor support. It is kernel-level virtualization, so it can achieve higher performance and efficiency.

3) Easier migration and expansion

4) Easier management

5) Low consumption of CPU/memory

6) Quick start /Shutdown

7) Cross-cloud computing infrastructure

What are the limitations of Docker?

Docker is not omnipotent, nor was it originally designed to be a substitute for virtualization methods such as KVM. Here are a few simple summaries:

1) Docker is based on Linux 64bit. It cannot be used in 32bit linux/Windows/unix environment.

2) LXC is based on Linux kernel functions such as Cgroup, so the Guest system of Container can only be Linux base.

3) Isolation is still somewhat lacking compared to virtualization solutions such as KVM. All containers share a part of the runtime library.

Network management is relatively simple, mainly based on namespace isolation.

4) The cpu functions provided by cgroup's cpu and cpuset are difficult to measure compared to virtualization solutions such as KVM (so dotcloud mainly charges based on memory).

5) Docker’s management of disk is relatively limited.

6) The container is destroyed when the user process stops, and user data such as logs in the container are inconvenient to collect.

So the above limitations can be divided into the following applicability:

• For 1-2, those who have the need for Windows base applications can basically pass.

• For 3-5, it mainly depends on the user's needs, whether they need a container or a VM. It also determines that docker is not feasible as IaaS.

• For 6-7, although it is a function that docker itself does not support, it can be solved by other means (disk quota, mount –bind).

In short, the choice between container and vm is a trade-off between isolation and resource reusability. In addition, even if docker 0.7 can support non-AUFS file systems, its functions are still unstable, and commercial applications may have problems. The stable version of AUFS requires kernel 3.8, so if you want to replicate the success of dotcloud, you may need to consider upgrading the kernel. Or switch to the server version of Ubuntu (the latter provides deb updates). This is also the reason why the open source community is more inclined to support ubuntu (kernel version).

Extended knowledge: Docker security issues

1) Docker environment security

The momentum of Docker has been very hot in the past 12 months, many People say it's rare to see an emerging technology attract such industry interest. However, when the excitement translates into actual deployments, enterprises need to pay attention to Docker's security. Anyone who knows Docker knows that Docker uses containers to effectively isolate resources. Therefore, containers have almost the same level of security operation management and configuration management as Linux OS and hypervisor. But when it comes to security operations and management, and support for common controls with confidentiality, integrity, and availability, Docker may let you down.

Docker security becomes more complex when Docker runs on a cloud provider platform. You need to know what the cloud provider is doing, maybe you are sharing a machine with others. Docker Although containers do not have built-in security factors, and it is difficult for emerging technologies like Docker to have relatively comprehensive security measures, this does not mean that it will not appear in the future.

2) Docker ensures container deployment security

Some experts also position the essence of Docker security issues in configuration security, believing that the current problem with Docker is that it is difficult to configure a secure container. While Docker developers are now reducing the attack surface by creating very small containers, the problem is that employees within large enterprises running Docker containers in production environments need to have more visibility and control. When an enterprise deploys thousands or tens of thousands of Docker containers, it is crucial to ensure that these Docker containers are configured in compliance with enterprise security policies.
To solve this problem, Docker needs to increase the real-time visibility of Docker container deployment and implement the security policies formulated by the enterprise. Some vendors have also launched solutions for this purpose, providing operators with real-time visibility and helping them enforce security policies for virtual infrastructure at the container level.

Recommended learning: "docker video tutorial"

The above is the detailed content of What are the advantages and disadvantages of docker. For more information, please follow other related articles on the PHP Chinese website!