[brendandburns]

Users of the Google Cloud run Docker in VMs, since VMs are what the Google Cloud Platform sells.

(as does every public cloud provider [e.g. AWS])

For now, VMs are required to ensure a security barrier between different user's containers on the same physical machine. See some of Dan Walsh's posts on the subject (e.g. https://opensource.com/business/14/9/security-for-docker) for more context.

[jganetsk]

Google Container Engine runs containers that are in Docker format. The user does not have to deal with Docker or a VM.

https://cloud.google.com/container-engine/

There's also Amazon EC2 Container Service

http://aws.amazon.com/ecs/details/

So Google and Amazon don't just sell VMs. They sell "CMs" as well (Container Machines).

[gobengo]

It's most likely that even the "CM"s from both providers are actually Virtual Machines running on a hypervisor running on bare metal. You just can't tell and don't need to care (for most workloads).

[falcolas]

Yup, you can even SSH to them and poke around yourself.

[jganetsk]

How does that prove it's a VM? How do you know it's not cgroup isolation with a chroot jail? Also known as containers?

[takeda]

Because you're the one setting them up. Basically you run Amazon provided agent on an EC2 instance and ECS will see it as a host for ECS.

Also Amazon bills you for that EC2 instance as any other instance.

Personally I have hard time understanding the benefits of running docker in public cloud, you still run a VM you still pay for that VM. It just one extra abstraction layer which increases complexity of your infrastructure and also reduces performance.

I do understand the benefits of using containers in own data center, when you run it on bare hosts. There's simplicity and and lower costs (because you don't have VM) you have more resources which lets you run more containers than VMs on that host.

[girvo]

> Personally I have hard time understanding the benefits of running docker in public cloud, you still run a VM you still pay for that VM. It just one extra abstraction layer which increases complexity of your infrastructure and also reduces performance.

Simpler deployment and basically forcing "12-factor", as well as easier development environment setups. Nothing you can't achieve with other tooling, but it's nice to be able to guarantee that your dev environment is identical to your prod.

[scprodigy]

People use Docker in a public cloud (VM), primarily to simplify the deployment pipeline, not for LXC.

Given this, it actually makes sense to combine VM with Docker, check out www.hyper.sh