There are another important reason than most of the issues pointer out here that docker solves.
Security.
By using containerization Docker effectively creates another important barrier which is incredibly hard to escape, which is the OS (container)
If one server is running multiple Docker containers, a vulnerability in one system does not expose the others. This is a huge security improvement. Now the attacker needs to breach both the application and then break out of a container in order to directly access other parts of the host.
Also if the Docker images are big then the dev needs to select another image. You can easily have around 100MB containers now. With the “distroless” containers it is maybe down to like 30 MB if I recall correctly. Far from 1GB.
Reproducability is also huge efficiency booster. “Here run these this command and it will work perfecty on your machine” And it actually does.
It also reliably allows the opportunity to have self-healing servers, which means businesses can actually not have people available 24/7.
The use of containerization is maybe one of the greatest marvels in software dev in recent (10+) years.
actully i started with it 2 days ago so i have on my device something called adguardhome its for blocking ads and a dns
and i have metube which is webui for ytdlp and memos and photo prism im still messing with them i started knowing how to see the proccess and stop and run and see logs so i gained some knowledge
btw it doesn’t have advanced configs so give it a try also their are some others you can try
i have metube cuz my dad wants somthing easy for him just to put youtube link and download this is why i used it for him
I don’t have in-depth knowledge of the differences and how big that is. So take the following with a grain of salt.
My main point is that using containerization is a huge security improvement. Podman seems to be even more secure. Calling Docker massively insecure makes it seem like something we should avoid, which takes focus away from the enormous security benefit containerization gives. I believe Docker is fine, but I do use Podman myself, but that is only because Podman desktop is free, and Docker files seem to run fine with Podman.
Edit: After reading a bit I am more convinced that the Podman way of handling it is superior, and that the improvement is big enough to recommend it over Docker in most cases.
Not only that but containers in general run on the host system’s kernel, the actual isolation of the containers is pretty minimal compared to virtual machines for example.
There are another important reason than most of the issues pointer out here that docker solves.
Security.
By using containerization Docker effectively creates another important barrier which is incredibly hard to escape, which is the OS (container)
If one server is running multiple Docker containers, a vulnerability in one system does not expose the others. This is a huge security improvement. Now the attacker needs to breach both the application and then break out of a container in order to directly access other parts of the host.
Also if the Docker images are big then the dev needs to select another image. You can easily have around 100MB containers now. With the “distroless” containers it is maybe down to like 30 MB if I recall correctly. Far from 1GB.
Reproducability is also huge efficiency booster. “Here run these this command and it will work perfecty on your machine” And it actually does.
It also reliably allows the opportunity to have self-healing servers, which means businesses can actually not have people available 24/7.
The use of containerization is maybe one of the greatest marvels in software dev in recent (10+) years.
i said same thing and in 2 days deployed 4 conatainers that fixed a problems in my life so thats goood
What did you deploy?
I’m messing with self-hosting a LMM with a web front end right now.
actully i started with it 2 days ago so i have on my device something called adguardhome its for blocking ads and a dns and i have metube which is webui for ytdlp and memos and photo prism im still messing with them i started knowing how to see the proccess and stop and run and see logs so i gained some knowledge
Oh I’m totally getting metube. I use ytdlp with a script
btw it doesn’t have advanced configs so give it a try also their are some others you can try i have metube cuz my dad wants somthing easy for him just to put youtube link and download this is why i used it for him
Isn’t Docker massively insecure when compared to the likes of Podman, since Docker has to run as a root daemon?
I don’t have in-depth knowledge of the differences and how big that is. So take the following with a grain of salt.
My main point is that using containerization is a huge security improvement. Podman seems to be even more secure. Calling Docker massively insecure makes it seem like something we should avoid, which takes focus away from the enormous security benefit containerization gives. I believe Docker is fine, but I do use Podman myself, but that is only because Podman desktop is free, and Docker files seem to run fine with Podman.
Edit: After reading a bit I am more convinced that the Podman way of handling it is superior, and that the improvement is big enough to recommend it over Docker in most cases.
Not only that but containers in general run on the host system’s kernel, the actual isolation of the containers is pretty minimal compared to virtual machines for example.
What exactly do you think the vm is running on if not the system kernel with potentially more layers.
Virtual machines do not use host kernel, they run full OS with kernel, cock and balls on virtualized hardware on top of the host OS.
Containers are using the host kernel and hardware without any layer of virtualization