Yep. Docker Con.
That 'bout covers it. At least they are up front about it.
Container popularizer Docker on Tuesday opened its DockerCon 19 conference in San Francisco with an amiable video of Docker employees stumbling over obtuse platform lingo. "I just gave up trying to explain it to my parents," quipped one Docker software engineer. Yet when CEO Steve Singh arrived on stage, he talked about how …
There's no con here unless you take the view that the kind of functionality provided by Docker and containers should have been subsumed into the operating system years ago.
While Linux is volunteer led and so lacks the resources to lead on such a scale, there's no reason why IBM or Microsoft couldn't have innovated this for themselves 10 years ago.
In a similar vein, and while I'm on a mini-rant, it's a similar situation to Java. Why do we still have Firefly/JBoss, Websphere and Webserver when it could all be subsumed into the operating system?
It's a total con.
Basically a chroot with bind mounts is docker.
There are other namespaces under linux (pid namespace, network namespace etc), the rest is just hype and nonsense.
It's best innovation is the name and the iconography but fundamentally it doesn't do anything other than use Linux facilities and try to pretend it's somehow invented copy-on-write or package management.
That said, it's strength is just how shit it is, it means plenty of work fixing problems people didn't have.
1) The functionality is in the operating system.
2) An operating system is not an application suite.
3) Java and by extension software written in Java, needs to delegate some functionality to the underlying operating system, for example memory mapped I/O.
4) Java has certain issues that make it unsuitable for systems software e.g. inside a kernel etc.
I have used docker and lxd, what I like about docker, in theory, it can run Linux containers on macOS and Windows, now I do not really see the point of running Linux containers on a Mac in a VM, then again, it is pretty stable, and this cannot be written about Linux containers on Windows, well, no, you really cannot. Every other docker update breaks something new, Windows feature updates re-enable fast startup and that then causes you to have to restart docker after every shutdown or reboot, once docker has come up or it will list your containers and not allow you to connect to them. It uses HyperV which sucks, imho, it is dog slow. On Linux, docker is pretty solid as well and you do not need a VM, obviously, so all is good. LXD is really quite easy to setup and run as well, is Linux only, but honestly, docker on Windows is a waste, just too unstable, YMMV.
The problem is that decent docker containers have a pid 1, which actually acts as pid 1.
Once you strip all the nonsense away, you are building embedded systems, which is it's own specialism and requires rather better knowledge of the linux system model than most people using docker have.
The number of people who think that it's a magic solution is amazing, and the process per container nonsense is just rubbish.
K8s is just nonsense on stilts, that leaving aside that the desire for orchestration is largely predicated on not understanding that the claimed security boundary is largely fictional.
Running multiple services inside a container, running with a pid 1 and an init system starts to give you somewhat lighter virtual machines. There is an argument to be made that Docker makes that usecase easier but for most uses, the fail can be seen from space.