You know Oracle is about to release a Docker for Solaris port? Using zones? Docker is a set of tooling that makes process isolation technology easy to use, if you don't like Linux that is a different issue.
I'm not sure Docker makes isolation and resource constraints significantly easier, compared to pre-existing technologies (OpenVZ, LXC) - such things were already very easy to use with those. Maybe Docker makes some things even easier, but just slightly - like pre-configured port forwarding.
Moreover, I'm not really sure Docker is about isolation any much. I think I've read that I shouldn't rely on isolation it provides.
The essence of Docker, as I get it, is mostly about the image/layer-based dirt-cheap packaging, playing well on the deficiences of most commonly used packaging systems (dpkg, rpm, pacman), like inability to have multiple versions of the same package set up at the same time.
I even use docker in hobby-projects, because it makes (once you have figured it out) deployment so easy. Its easy to ship, update and ships fully configured (especially if you the debug and production docker-compose share a common root).
It still sometimes happens that i am amazed how easy it is. A few weeks ago i switched servers for a small project and docker-compose up was all i needed to do.
How do you manage secrets (e.g. passwords or keys)?
I was puzzled by this and came to the conclusion Configuration Management [CM] is best left to the actual CM tools, and Docker just isn't one.
That was in the days docker-compose wasn't even a choice for me, because docs explicitly said that it's not for the production - but even now I don't see a sane way to automatically (re)configure 2-3 hosts[1] in with a single CLI command (and keep the secrets defined in one single "master" place that's outside of version control) with the Docker-provided toolset. Which is dead easy with Salt or Ansible (+bare Docker, of course, since it's Docker containers that are deployed)
(Haven't looked into recently-introduced Docker Swarm, though, maybe they have something there.)
yeah, thats still not easy (or trivial, its not hard) for larger projects.
I use environment variables for smaller projects, i have predefined environment variables for the images that get substituted for the real thing by docker compose, which in turn uses environment variables (here is an example: https://github.com/intellimate/Server/blob/master/image/comp...).
For larger projects i would use docker-swarm or kubernets, they have their own solution.
Compared to LXC templates, Docker provides quite nice UX in terms of image building and management. Well, as long as one doesn't hit any limitations or their scenario doesn't have some corner cases, but that's the same for every tech out there.
However, GP mentioned "process isolation technology" and I don't think this is where Docker particularly excels above any other isolation technology out there. When you have the container prepared (this is where Docker's UX excels, compared to others), isolation is easy with nearly anything.
Well, I was talking about Docker's implementation on Linux. Which has had some quite nasty security issues in the past. Although it is getting better...
