I hear often how containers are “more lightweight” than virtual machines. Why is that? I think that there is no doubt that moving containers around on the web is easier because of Docker’s caching mechanisms but, as a whole, Containers are still pretty big.
A docker pull of the latest Ruby image from Docker Hub show’s nearly half a gig in size.
This isn’t much “smaller” but I cannot deny that docker makes Ops work much easier. Deploying is faster and building new images is pretty quick. Am I right to assume that it’s the way docker builds in stages and caches previous stages of builds so you don’t have to re-run everything when building new containers?
Any blog post recommendations or talks on this topic?
Docker containers share the host’s kernel, network stack, and filesystem drivers, and generally don’t run complex services like systemd or CUPS or sshd; they only run the packaged application. A VM generally has a virtualized network setup and disk and runs a full-blown operating system, on top of the OS the host is already running.
Reading through the questions that get asked repeatedly on this forum should give you a taste of what’s hard to do in Docker, because those parts aren’t there. A container doesn’t actually have a NIC, doesn’t actually run a DHCP client, and can’t (easily) run low-level network protocol software; Docker “borrows” the host iptables for its own use and if you want very specific network policy per container it can get tricky; host storage is shared across all containers and you can’t readily assign a quota to a container. In a VM there is a (virtual) NIC, and a DHCP client, and a firewall inside the VM, and so on.
I feel like Docker’s sweet spot is as a packaging and distribution mechanism for network services that speak “simple” TCP protocols, like HTTP.
If your big concern is disk utilization, one thing I’ve found is that a full C toolchain is big. Depending on what you’re trying to install, it can be complicated to avoid needing this (even in interpreted languages like Python and Ruby). (The same techniques will work fine for building smaller VMs, as it happens.) Looking at the description of the standard Ruby image, a simple docker pull ruby will get an intentionally large image.
This is very insightful. I’m actually delivering a presentation on Docker at a local meetup and that started to make me think more about what specifically makes containers more lightweight.