
Demystifying container runtimes - Tomte
https://lwn.net/SubscriberLink/741897/5ba9c60a4f6747a3/
======
dsies
I think this is a great article that can be used as a way to shed some light
on the container movement over the past couple of years to someone who is not
intimately familiar with containerization.

Bookmarked and thank you to the author!

~~~
dominotw
I watched this talk couple of years ago that made docker/containers finally
click for me.

Cgroups, namespaces, and beyond: what are containers made from? - Jérôme
Petazzoni,

[https://www.youtube.com/watch?v=sK5i-N34im8](https://www.youtube.com/watch?v=sK5i-N34im8)

------
cmroanirgo
I'm sorry, but it doesn't demystify things for me.

I'm still stuck at the 'I don't get it' phase, despite looking at Docker, and
more recently Kubernetes, several times over the years, mainly because
everyone around me evangelizes it so much.

Unfortunately, I don't even understand how to describe where I'm at with it.
For instance, if I look at a WordPress[1], I'm lost. What's the platform? What
user does it run on, I see that it is mostly only supported by Apache, but
what if I wanted nginx? What if I don't want it to run on Alpine, but Ubuntu
17? etc, etc? Even comments like this:

"This image does not provide any additional PHP extensions or other libraries,
even if they are required by popular plugins. There are an infinite number of
possible plugins, and they potentially require any extension PHP supports.
Including every PHP extension that exists would dramatically increase the
image size."

Everywhere I look I always see the answer: "Well, just build your own".... but
it's at that point I always give up, because I consistently fail to see the
benefit of this rabbit-hole. This is especially an issue when security updates
on WordPress, the webserver, or OS can change so quickly that it seems
pointless to even want to make an image.

Clearly, there's something I'm missing.

Can _anyone_ explain it to me like a 5 year old, who knows how to set up and
maintain his own server? (I typically run through a cheat sheet of things to
do).

I also fail to see the benefits of spinning up an image for development
purposes, when I already use VirtualBox and Snapshots for said purpose.

(I'm sorry If I seem dense, and seem trollish...but I just don't see it, and
the article didn't do a thing for me)

[https://hub.docker.com/_/wordpress/](https://hub.docker.com/_/wordpress/)

~~~
1_player
> I'm still stuck at the 'I don't get it' phase, despite looking at Docker,
> and more recently Kubernetes, several times over the years, mainly because
> everyone around me evangelizes it so much.

This is me until a few weeks ago. After all the hype, I think some bulb turned
on in my head and I'm finally starting to understand the point of all these
container shenanigans.

> For instance, if I look at a WordPress[1], I'm lost. [...] what if I wanted
> nginx? What if I don't want it to run on Alpine, but Ubuntu 17?

It might help not to think like a sysadmin for a second. You'd pull the
wordpress container because you want to run Wordpress. Who cares what's
underneath? It should feel to you as a blackbox that might as well be running
on hamsters for all you care. And that's great for 99% of the cases, because
wordpress is just a puzzle piece in a bigger picture and we developers
shouldn't have to spend too much time thinking "ah, what were the required
rewrite rules for wordpress again?" when there's more important stuff you
should be spending your energy on.

If you really need to tweak the internals of the blackbox, yeah, write your
own Dockerfile, but you'll find there's often no need.

I've been a sysadmin for years, and then a lone wolf developer, and never
understood the point of Docker to manage my projects, now I find myself at the
engineering helm of a company and need to juggle all the legacy pieces of
software we have, and all the new stuff in the pipeline: MySQL, PHP 5
applications, PHP 7 sites, Elixir app, Node for SSR, Redis, Prometheus,
Grafana, etc.

I jumped into the Ansible bandwagon immediately because configuring servers by
hand is an irresponsible idea, but now I have to manage all these small blocks
that have completely different runtime needs, and let me tell you, my goal for
the first half of 2018 is to containerise everything and retain my sanity.

I don't know Kubernetes very much, seems to be the next hyped thing but still
feels very complicated unless you're in the loving embrace of Google
Cloud/AWS. I still believe in bare, cheap VPSes and in-house infrastructure.
I'm still investigating Docker Swarm to orchestrate multiple containers across
servers but it's hard to tell the real world performance for the hype.

Hope this helps!

------
AlexB138
I don't have a comment on the content of the article itself, though it will be
interesting to see how the competing standards shake out in the longterm.

I did want to say that while I read through the article I was struck by how
high quality the writing was. I'm so used to technical writing being
relatively low-effort blog posts. This level of detail was a real breath of
fresh air.

~~~
jlgaddis
> _... I was struck by how high quality the writing was._

That's pretty par for the course, IMO, WRT LWN's articles. It's why I'm happy
to continue throwing a few dollars their way every month.

------
tyingq
They seem pretty easy to understand to me. Mostly namespacing to hide things
so that a container appears to be a separate instance of an OS. Hide the
parent filesystem, process list, network interfaces, etc, so it "feels" like a
separate instance of an operating system.

There's value in this, of course, but it isn't really complicated.

~~~
nqzero
OFF-TOPIC - replying to an old thread

the original thread is locked because it's old so i can't reply there, but
recently saw your comment

[https://news.ycombinator.com/item?id=15425678](https://news.ycombinator.com/item?id=15425678)

> me: i need to generate avatars as a jpeg

> you: The jpeg requirement seems odd. Even if it has "jpg" in the url, you
> can serve up a standalone SVG (with a jpg extension in the url) as long as
> you send the right MIME type

i tried your suggestion and it worked - thanks a lot !

~~~
tyingq
Great! Thanks for the thanks...

