Home >Operation and Maintenance >Docker >What are the limitations of docker?
The limitations are: 1. Docker is based on Linux 64bit and cannot be used in a 32bit environment; 2. LXC is based on Linux kernel functions such as Cgroup, so the Guest system of the Container can only be Linux base; 3. Network management is limited, and pre-allocated instances must be added to the network definition. Additional steps are required each time a container is provided, which can easily cause errors; 4. Disk management is relatively limited; 5. Library control is limited; 6. None Clear audit trail.
The operating environment of this tutorial: linux5.9.8 system, docker-1.13.1 version, Dell G3 computer.
Docker, a new container technology, can run more applications on the same old server, which also makes it easy to package and distribute programs. It can get more applications running on the same hardware than other technologies (little overhead memory/CPU/hard disk, which means lower costs); it enables developers to quickly create simple, ready-to-run containerized applications; It makes managing and deploying applications easier.
But docker also faces many problems in its use. Docker is not omnipotent, and it was not originally designed to be a substitute for virtualization methods such as KVM. Some shortcomings are inevitable.
Briefly summarize some of the limitations of docker:
1) Docker is based on Linux 64bit and cannot be used in 32bit linux/Windows/unix environments.
2) LXC is based on Linux kernel functions such as Cgroup, so the Guest system of Container can only be Linux base.
3) Network restrictions
Container Network (Docker Network) allows you to easily connect containers to the network under the same host. With some additional work, you can use overlay networking capabilities across hosts. However, that's where it ends. Network configuration operations are limited and so far have been manual. Although container scripting can scale because you have to add pre-allocated instances to the network definition, it requires an extra step each time you provision the container, which can easily lead to errors.
4) The cpu functions provided by cgroup cpu and cpuset are difficult to measure compared to virtualization solutions such as KVM (so dotcloud mainly charges based on memory).
5) Docker’s management of disk is relatively limited.
6) The container is destroyed when the user process stops, and user data such as logs in the container are inconvenient to collect.
7) Restricted Library Control
Libraries have become a central topic in any container conversation. The public library is the most valuable because it contributes a large number of preset containers and saves a lot of configuration time. However, using it in a sandbox is risky. Without knowing who created the image and how, there can be any number of intentional or unintentional stability and security risks. For enterprises, it is necessary to establish and maintain a private library. The establishment of this library is not a big challenge, but management is a problem. Docker provides a limited metadata model for image management of large libraries, ensuring that future instances have limited capabilities as expected and no overlay functionality.
8) No clear audit trail
Providing containers is easy, but knowing when, why, how and who provided them is not. So you don't have much history for audit purposes after it's provided. Low visibility of running instances: Without deliberate action, it is difficult to access the objects running the container after the instance is provisioned, and it is difficult to know what should be there and what should not be there
Recommended Learning : "docker video tutorial"
The above is the detailed content of What are the limitations of docker?. For more information, please follow other related articles on the PHP Chinese website!