The cool thing that is that we have a number of companies contributing significant technologies to the open source ecosystem that build a stack of software that gets us closer to running distributed systems in a reasonable reproducible manner:
- Google is bringing kubernetes (k8s) which represents their experience in deploying cluster wide applications
- CoreOS is bringing etcd to the table for the cluster wide decisions in k8s
- Docker is bringing a format that makes getting your applications isolated and running quickly
I think that's the way the landscape is changing.. light weight and easily-managed containers rather than virtualizing entire systems.
It's just one level of abstraction up. First the hardware was abstracted, and now the OS is abstracted. Once we can reliably and seamlessly shift applications (not VMs) around generic pools of compute resources, to coin a phrase, you're going to see some serious shit!
It may very well go that way, but I think unikernels (like MirageOS (http://http://www.openmirage.org/) are very interesting as well. A paravirtualized unikernel should be able to carry less overhead than regular virtualized OSs and be able to operate completely in ring0/kernelspace.
Pair that with all the hw acceleration for virtualization available these days and you may get some pretty lean and fast virtualization that also more easily support hybrid deployments (Container software needs to be built for specific container host OSs and libs(depending on how much is bundled in each container)).
Also, the security implications of containers vs (para)-virtualization are different, so I think my personal jury's still out on that one too.
But I do agree that these are interesting times, for sure. And containers may win, I just don't think it's a done deal just yet. :)
This is not a swipe at Docker; it's an interesting technology if you're running Linux and I'm sure it will be very valuable to many.
However, let's not forget that Solaris had this functionality first.
Solaris has offered hypervisor-level virtualization (LDOMS) on SPARC, light-weight "virtualization" (Containers/Zones) on SPARC/x86, and now offers full system virtualization out of the box (Kernel Zones) SPARC/x86.
And there's also OpenStack and Puppet system management integration in Solaris 11.2+.
Not really. Even in an absolute sense, linux-vserver is/was contemporary with zones.
Yes, in the sense that partitioning technology isn't new. zones and jails are comparable to vserver/openvz/lxc. vpars, lpars, and ldoms have analogues on mainframes. Various hypervisor technologies (xen, kvm, vmkernel) are also not unique to solaris, and were done on Linux.
What Docker offers that none of these do not is that it's containerization for applications without the "weight" of even zones. It's not virtualizing systems. It's starting one application in its own container. That's it.
I don't know who's spreading this "Docker is just like zones" FUD, but it's wrong. Linux has had container-level virtualization for a decade, and LXC has had mainline support for a while. Docker builds on that, but it's different.
At the same time, EMC is not shitting themselves over docker. Application containers will not replace traditional or container virtualization for all workloads. But they will for some.
linux-vserver is not contemporary with zones. If you think that it is, you haven't looked at Solaris zones technology very carefully.
linux-vserver requires the kernel to be patched; Solaris zones does not.
linux-vserver has no clustering or process migration capability; Solaris zones in combination with LDOMs gives you a path for live migration.
linux-vserver networking is based on isolation, not virtualization. This means each virtual server can't create its own internal routing or firewall setup -- Solaris zones can.
linux-vserver doesn't fully virtualize the system; clock, parts of /proc and /sys are not virtualized.
So no, linux-vservers are not equivalents.
Yes, docker offers containerization -- but not sufficient containerization. Certainly not sufficient for security purposes as have come up repeatedly in recent history.
As for the "weight" of zones; I don't know what "weight" you're talking about. Solaris zones have almost no overhead at all. They use some disk space, but we're talking less than 300MB if I recall correctly at most in a default configuration. And Solaris Zones give you several advantages that Docker doesn't provide.
Regardless, I'm certain that for some specific use cases, Docker will prove an appropriate technology.
This is not something you agree or disgree with. The Linux technologies mentioned _was_ contemporary, or in specific cases even pre-dates, zones.
The rest is just not a one-to-one comparison. The fact that Linux requires the kernel to be patched is a cultural thing. That is how new functionality is distributed in Linux land.
Linux-vserver also does not, as you mention, offer comparable functionality. Solaris Zones works differently, and the only cases where you can compare them is where their use cases overlap. But you will see much more overlap with something like LXC.
Any direct comparion is moot however, as Sun/Oracle does not want these technologies to be adopted in Linux. They can at most serve as (valuable) proof of concepts on how the implementation works in the real world as Linux slowly gains corresponding functionality. And it increasingly looks like Docker is part of this picture.
It's unreasonable to compare the functionality of zones in 2014 with their functionality in 2005, when vserver was contemporary and the principal containerization solution.
In 2014, you'll find that LXC or OpenVZ (or Xen paravirt in some environments) are the preferred virtualization solutions and have been for years, which have every advantage zones have.
By "weight" of zones, I mean that they're still effectively Solaris containers running init and basic services. Linux containers do this. Docker doesn't. It's app virtualization.
You wrote whole paragraph about what it isn't. But what is it then that make Docker not just LXC (other container) + scripts to manage applications in it. One could presumable still spawn a single application on any OS...
While Docker is built on top of libcontainer and cgroups (used to be LXC), traditional containers, including LXC and zones, start init and enough services to look like a "normal" system. You can still use rc.local to manage applications if you want to, I guess.
Docker is a build system for containers which run /bin/foo as PID1, with no services, no ssh, and no init (which presents other problems reaping children, handling sigterm, etc). It's containerization for application virtualization.
It's analogous to App-V or an Application LPAR, if such a thing existed, but these are both good examples.
My complaint to the previous poster is mostly that it differs in the same way that an Application WPAR differs from a WPAR. Yes, they're the same base. No, they're not the same thing.
> light weight and easily-managed containers rather than virtualizing entire systems.
Not if lighweight easily-manage containers can run Windows. Not just windows but any non-matching-with-host-kernel OS-es so nobody is eating VMWare's lunch yet.
I think after the baby boomers have left the picture in business, windows will slowly die out. Developers today are using OSX and Linux. Don't quote me, but traditional schools are the only ones using windows. My college does, and I honestly think its a learning point for all developers to know Linux over windows because of usage around the world. Tech companies are dropping windows for the opposing systems because of speed, reliability, and the current trend in design. With this happening all development, or at least what I'm seeing in the web, is mainly done on OSX or Linux. Therefore it make sense that lightweight containers will eventually eat VMWares lunch.
I think the only ones that really ran with KVM were/are Joyent with their Smart OS - combining (some of the) tooling/tech that makes Solaris Zones great with a Free and Open operating system, freedom from Sun/Oracle and support for many guest platforms (and/or low overhead "native" zones).
I think the only real downside of Smart OS is the same as with Open Solaris (or pretty much any other "it isn't Linux"-unix-like OS'): drivers and hw support.
The great thing with Linux as a host, is that (edge cases excepted) you can literally run in on your entire infrastructure (right now, or in the near probable future) -- from phones and tablets via desktops and laptops through servers, clusters and pretty much anything beyond.
I'm sure we'll see some backlashes from the new monoculture, but I think overall it's a bright future.
And we can have our occasional parties arguing for why everyone should really use (Dragonfly|Free|Open)BSD/(Open)Solaris/Plan9 because it has X, does Y better and has more consistent and better documentation.
lxc is lighter weight. just like 5% page size saves millions in bandwidth. 5% cpu overhead saves in electricity and hardware costs. Assuming all other things being equal (I know they aren't - but security, tooling, and management can be improved) vmware has inherent overhead of the hypervisor that's not an issue with lxc.
TLDR; Kubernetes is basically like a local copy of a specific-configuration cloud provider that uses docker. It's also Google Cloud Platform's basis, so developing against it lets you deploy your code there. As far as software goes, it's very immature/early days. Some of the pertinent architectural limitations that Kubernetes appears to have are: limited range of target OS platforms for services to target, non-standard mechanism of service relationship abstraction (read: lock-in warning), immature security model, limited support for complex network topologies (eg. hardware switch management), fixed approach to cluster scheduling/consensus.
PS. Corrections welcome, I'm just trying to help people get a grasp without bothering with the background reading.
Google's open source investment hugely astonishes me but as far as desktop is concerned they are also hugely oblivious and ignorant (Yes, I am talking about Drive for Linux).
Gophers? Thats what developers who use the Go language call themselves?
What's with the ridiculously bad naming/branding in the tech world?
* Gophers (the animal) are considered by many to be a pest.
* The Docker logo is a whale carrying shipping containers on its back. Shipping containers that go into the ocean are basically unrecoverable/not worth recovering, and whales spend very little of their time on the surface (meaning all the containers will go into the ocean)
This is as ridiculous as having an airline named after an animal that cannot fly and kills people.
- Google is bringing kubernetes (k8s) which represents their experience in deploying cluster wide applications
- CoreOS is bringing etcd to the table for the cluster wide decisions in k8s
- Docker is bringing a format that makes getting your applications isolated and running quickly