Where did this extra VM come from?

LeFantome · 2025-02-12T02:46:08 1739328368

An OCI container (what people call Docker containers) are just applications that run on a Linux kernel.

That is, you need a Linux kernel underneath for the containers to run on. More often than not, that Linux kernel is running in a virtual machine.

When you run Docker Desktop on your Windows or macOS machine, how do you think it runs that Alpine Linux container? It works because there is a virtual machine running Linux that all the Docker containers run on top of.

If you are running Linux directly on real hardware, your containers do not need a VM. Everywhere else, they do.

reissbaker · 2025-02-12T02:18:15 1739326695

Well, AWS, typically.

ninetyninenine · 2025-02-12T02:20:13 1739326813

Are you sure? Are those instances a VM or another docker container? Does anyone from amazon know?

reissbaker · 2025-02-12T02:33:45 1739327625

It's a custom VM they wrote called Nitro: https://aws.amazon.com/ec2/nitro/

threeseed · 2025-02-12T02:37:45 1739327865

Depends what part you mean.

AWS Fargate / Lambda are Firecracker VMs. EC2 are normal VMs.

pjmlp · 2025-02-12T08:21:38 1739348498

See https://katacontainers.io

Turns out only containers is not secure enough.