What Is the Point of Docker?

[wandering-human]

So I am reading about Docker because I have seen quite few articles about but never really investigated it till now. However, I don't get the point? It seems like the main benefit is it makes sure all your dependencies are contained in a single unit.

However, if that was a concern I could just statically compile my code and any dependencies in a single binary. If that's a concern why use shared libraries and introduce this additionally layer?

[brudgers]

Containers provide atomic deploys. Packaged as a single container an application with all its dependencies is either entirely installed as instructed or not installed at all. Deploys don't require building. No compiles. No downloading dependencies. With containers, there are no partial installations (or intermediate states). That's the big deal about containers (imagine an application on 1000's of networked servers big enough that hardware/software/network failures are the norm).

So containers are a way of packaging applications. The big deal about Docker is that it focuses on tooling the individual software developer experience rather than industrial scale sys-ops in data centers. Docker allows developers to test there software in stable environments, more easily. Containers don't get automatic upgrades. They don't vary between my laptop and your laptop. Or more commonly between my laptop today and my laptop tomorrow even though I ran `apt upgrade` (or more importantly, Windows installed updates since Docker even runs on Windows).

[wandering-human]

You can do that would with a single static binary though. At the point it either runs or does not on the system.

How is that problem? Unless I need it to work with an old version. I would want anything I write to work with the latest version of a library, os ect... If it breaks while I am writing it that means I am likely doing something wrong or found a bug in underlying dependency or system.

-edit- I do suppose people develop software with languages that can't be compiled. Although, I see GO developers mention docker.

[lancerkind]

It’s a container, which has its own networking and process containment. (You can list the processes running and you will only see your own process running in the container.) You get to build and configure your container using the command line. And contain those steps as a definition file is reproducibility and “infrastructure as code” is handled.

And these containers can run on a bare metal Linux box, so unlike VMs Docker removes abstractions and overhead.

Docker simplifies software development and deployment so you don’t need a lot of additional configuration tools for infrastructure as code.

[karmakaze]

Docker containers, like shipping containers is about reaping the benefits of standardization. Yes, you can statically compile a binary, but with a containerized app, you have a standardized deployment unit for any technology not just those that compile to a single binary. Also you have the flexibility to deploy and configure a mix of containers on a pool of hardware all with central control and management of infrastructure its supporting services.

[cbanek]

Shared libraries are just one part of it. Containers also have their own filesystem for handling things like configuration files, data files, helper binaries, etc. Being self-contained, you don't need to worry about namespace conflicts running multiple of these at the same time on the same machine. If you were doing processes, you'd have to specify different command lines, different paths, etc. With docker, you run multiple containers. Same for network ports - containers are on their own isolated network port space and network bridge.

[wandering-human]

Okay that make sense if you run multiple of a program on a single machine. Although, If I knew that was use case I could ensure any program I right would not conflict with its self.

Is it mainly used for existing applications? I am not sure what the benefits of isolation like this would be?

[cbanek]

Well you also can't be sure that they aren't running some other program that is conflicting with you - for example a lot of servers run on port 8080, or 8000, or 5555.

You can also just code in your sane default config and not have to worry about that.

Also let's say you're running two different applications, and they use conflicting versions of some library or binary (like python versions). Docker is like one step of virtualization above virtualenvs, but below virtual machines (since you're sharing the same kernel).

The benefits are subtle, but there's quite a few. For example, it allows for applications to easily move from one machine to another without complex deployments. This is exactly how kubernetes works - with containers. Otherwise you'd need something like puppet or ansible to do the installs before you move apps around, and clean up after themselves.

The other thing is cleaning things up - you just delete the container, you don't have to worry about uninstalling dependencies or cleaning up after yourself. You're just isolated. But the isolation is lighter than a virtual machine, allowing you to pack more containers than VMs on a host.