
Docker's Dirty Little Secret - dwighttk
http://blog.altometrics.com/2016/06/dockers-dirty-little-secret/
======
crgwbr
There's nothing _dirty_ or _secret_ about this. The whole point of docker is
to be lighter weight than VM, because you're sharing a kernel with the host.
It's no surprise, then, that you can't run a container with an OS using a
different kernel from the host.

~~~
kyptin
Author here. Thanks for your comment. I figured this would be obvious to some.

Question: do you know of a good resource that describes docker in these terms,
such that what I wrote about isn't surprising?

The official architecture page [1] doesn't illuminate this issue. To be fair,
it isn't super relevant—so long as you run Linux, OS X, or Windows. When you
run alternative OS's, though, it becomes pretty important.

[1] [https://docs.docker.com/engine/understanding-
docker/](https://docs.docker.com/engine/understanding-docker/)

~~~
brudgers
On Linux, Docker uses cgroups to isolate resources. Cgroups is a feature of
the Linux kernel. Cgroups are almost ten years old.

Docker on FreeBSD utilizes the Linux compatibility layer. It was introduced in
2015. It is officially experimental.

[https://wiki.freebsd.org/Docker](https://wiki.freebsd.org/Docker)

To me, none of this is obvious and my limited understanding has taken several
years and many hours of podcast listening and technical reading. I still don't
know squat.

~~~
ibotty
> Docker on FreeBSD utilizes the Linux compatibility layer. It was introduced
> in 2015. It is officially experimental.

Huh!? I remember running unmodified Linux binaries on FreeBSD (and other BSDs)
in the late 90s. Maybe it was not suitable for most docker images and that
started last year...

~~~
brudgers
Per the link, Docker [the subject of the thread] is experimental on FreeBSD.

------
loukrazy
This is of course also true of linux running on a different architecture such
as power, you need specific images that are built for that architecture.

I wonder if the author noticed that none of his docker images were actually
_running_ on Mac OS...

------
creshal
TL;DR: Containers are containers, and not virtual machines. In other shocking
news: Water is still wet.

------
Bulk70
The clickbait is real with this one. Nothing shocking or "secret" here that a
30 second skim of the documentation wouldn't reveal.

~~~
brudgers
Docker [the technology not the company] has reached a level of success where
it is discussed and used by people who are not aware of the technical details
of its implementation. It is entirely practical to use Docker without ever
visiting Docker's official documentation.

Because Docker is an alternative to the virtual machines with which people
tend to have more experience, it is normal for people to fill holes in their
knowledge with facts about VM's. Much of the time, this works.

I don't think the title is great, but I think more than anything else it
reflects frustration with the complexity of containers and normal
disappointment with things that at first appear to be silver bullets.

 _The future is already here -- it 's just not very evenly distributed._ \--
William Gibson

