[claytongulick]

Yeah, this is honestly one of the things that turns me off of containers in general.

Like, the whole point was to effectively use linux kernel namespaces with cgroups in an intelligent way to give VM-like isolation, but non-emulated performance - and supposedly not having to deal with image size bloat from the OS like you get in VMs.

What we got was an unholy mashup of difficult to debug, bloated images and ridiculously complex deployment and maintenance mechanisms like kubernetes.

I just do old school /home/app_name deployments with systemd unit files, and user-level permissions.

Oh, and it's webscale[1].

[1] https://www.youtube.com/watch?v=b2F-DItXtZs

[tracker1]

It doesn't HAVE to be that bulky or complex. You have a lighter space like Dokku or just direct scripted deployments pretty easily. As to the size, you can use debian-slim or alpine as a base for smaller options. There's also bare containers, or close to bare for some languages and platforms as well (go in particular).

[claytongulick]

What's even "lighter" is a single binary sitting in /home/app running under "app" user and launched by systemd unit file with auto restart.

Look, I totally get the unholy hell that's (for example) python dependency management, and containers are a great solve for that.

Sometimes you don't have a choice of technology, so I get it.

What I don't understand is folks that use containers for stuff like go binaries. Or nodejs. I mean, it's just an "npm install". Or now bun with it's fancy new build option, you don't even need that.

I honestly don't get the point of containers with languages that have good dependency management, unless you're in a big matrix organization or something.

Or, as one HN user put it years ago, "containers are static compilation for millennials".

I snorted beer out of my nose the first time I read that.

[TechBro8615]

It feels like the same people who make this argument are also using the other side of their mouth to lament that nobody uses containers for their original purpose of containerization. And yet, that's a legitimate use case that is totally orthogonal to any build process or artifact distribution method. In fact the argument itself betrays a misunderstanding, because the underlying complaint is about using Docker images as a build artifact, but it's presented as if containers are the problem. But they're separate concepts (you don't compile a container, so the snarky analogy to static compilation is nonsensical upon closer inspection).

There are plenty of good reasons to containerize even a single binary executable, as demonstrated by the fact that officially maintained images exist for containerizing processes like Postgres or haproxy. Sure, you could run both Postgres and haproxy as services directly on the host, but then you'd miss out on all the benefits either provided by or complementary to containerization, like isolated cgroups and network namespaces that make declarative service orchestration easily achievable with maintainable configuration.

[ptx]

> I totally get the unholy hell that's (for example) python dependency management, and containers are a great solve for that. [...] What I don't understand is folks that use containers for stuff like [...] nodejs. I mean, it's just an "npm install".

With Python it's just "venv/bin/pip install -r requirements.txt".

All the tools needed to create an isolated environment (venv) and install packages (pip) come with the standard Python distribution these days. I wouldn't characterize that as "unholy hell".

[TechBro8615]

Now wait two years, run the same command, and see what happens.

[ptx]

What are you implying will happen?

Using the built-in tools, you can save the exact versions of dependencies (i.e. a lock file) using "pip freeze >dependencies.txt". This should give you the exact same set of packages in two years' time.

If you want to be even more sure, you can also store hashes in the lock file. This has to be generated by a separate tool at the moment [1][2] but can be consumed by the built-in tools [3], so "pip install -r requirements.txt" is still all you need in two years' time.

This is also explained in the pip documentation [4].

[1] https://github.com/pypa/pip/issues/4732

[2] https://pip-tools.readthedocs.io/en/latest/#using-hashes

[3] https://pip.pypa.io/en/stable/topics/secure-installs/#hash-c...

[4] https://pip.pypa.io/en/stable/topics/repeatable-installs/

[tracker1]

You get a lot more from containers than just dependency management. You get isolation options for everything related to i/o from disk to network. As well as hard CPU/Memory controls. It's a few steps above what you get with chroot, etc.

There's plenty to like about containers.