As I’ve detailed previously, this website was created with the goal of detailing my technology journey through the world of kubernetes. Before most people get there though, they start with Docker.
So, let’s talk about Docker. The what, why, how, when, and where(?).
Oh, and all this is based on personal experiences. Just like a lot of people, I started from nothing besides a strong background in electronics and building the occasional PC.
What is Docker?
I’d like to think that we all had the same beginnings when it came to running a homelab. At first, we have our awesome windows or linux box. With said box, we install all of our apps that we need.
Eventually though, something goes wrong and all of our apps go down. I remember these nights well, basically forcing me to stay up until the wee hours of the morning getting everything back up again.
The next step was to use a hypervisor and spin up a virtual machine for each of my apps. This worked well… really well. If it weren’t for the fact that I kept increasing the number of apps I wanted to run, this method would have probably been fine. But my server at the time did not like having 100+ VM’s shared across 10 cores / 20 threads.
If only there was a way to run all those apps, but consume less resources….
Mind you, this was before docker. I remember when it was first released. The concept was so foreign at the time. But let’s break it down.
Imagine being able to install all of your apps on your single instance of Linux like before, but now each app gets its own solitary confinement room. We’re going to call these rooms “containers”. The app still functions, but only with the resources that you deem necessary.
If it wasn’t completely evident, by resources, I mean CPU, Memory, Storage, Networking. Everything that the app needs to function. This allows you, the master and commander, to reserve and set limits to how much any one app can use.
But remember! I did say it was solitary confinement. This is where Docker truly comes into its own. Every app that you run in a container doesn’t know about other containers. Nor should it. Why should App A have to talk to App B unless you let them?
So, at a high level, docker is a way to run apps using containers (those solitary confinement rooms) for each individual app. These containers can be provisioned with the exact resources you deem necessary and are unable to talk to eachother unless you say so.
Why (is) Docker?
I started hinting at this in the previous section. When you install all your apps in windows, those apps are technically capable of seeing everything else that’s installed. In this sense, the app does not live within a walled garden.
This can be nice and convenient if it’s your daily driver. From a security point of view though, it’s a nightmare. Security lives or dies by its ability to control access and/or communication between any two entities.
By using docker to run all of our apps, we now have an easy way to ensure that if one piece of software malfunctions or starts performing malicious actions, you can (ideally) be rest assured that the damage will be isolated. Nice!
How is Docker?
Seeing as docker isn’t a person, I wouldn’t know.
Next.
When (to use) Docker?
I usually see Docker compared to the likes of VM’s. While there are a number of applications that can be run on both a VM or a container… when you really stop to think about the use case and requirements for the app you want to run, it should become fairly apparent which is the correct answer.
Again, this is all my opinion, but I tend to say that monolithic applications should continue to be run on VM’s. Or when the application uses something that is closely tied to the OS it is running on.
In all other cases, switch to docker and call it a day. The number of benefits far outweigh any concerns.
A nice thing about docker and containers is the relative lightweight-ness compared to running VM’s. A dozen apps, each installed on its own VM will consume far more idle resources compared to a single OS running a dozen containers. It’s simple math. And in the enterprise world, those wasted resources count more than you would think.
But, even at home, it should be very appealing if someone were to tell you that you could triple or quadruple the number of apps you could run on any given hardware by switching to docker. I remember when I made the switch and I have no intention of going back, if I can help it 🙂
Where?
Docker is typically run on Linux. Personally, I use Ubuntu server, though any of the major distributions are fine. Some are more security focused, some are even purpose built for docker or kubernetes by hardening the file system.
What’s next?
Now look, I didn’t intend for this to be an all encompassing comparison of Docker and VM’s, merely a primer. There are far more articles out there and I simply don’t care to repeat their points.
Next up though, is talking about Kubernetes. I promise I’ll bring some diagrams this time.