Docker: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 12: | Line 12: | ||
* Modern kernel | * Modern kernel | ||
* 64 bit Linux | * 64 bit Linux | ||
== Security == | |||
* The Docker daemon currently requires <code>root</code> privileges. As a result, all <code>docker</code> commands must be prefixed with <code>sudo</code>, or alternatively you can create a group called <code>docker</code> and add users to that. This does not provide any security benefits. | |||
Revision as of 17:22, 17 February 2019
Containers
At a high level, containers are a lightweight form of virtual machines which encapsulate an application and its dependencies. However, there are some key differences between containers and virtual machines:
- Some resources are shared with the host operating system, which reduces the overhead involved in comparison with a VM. How much overhead is debatable, especially given that hardware support for virtualisation exists on most modern CPUs, and any machine operating a server is likely to have this available and enabled.
- Portability of containers should make them easier to deploy and migrate across hardware.
- Lower resource utilisation, particularly RAM and CPU, means running a dozen containers is more realistic than the same number of VMs, especially on a developer's laptop.
- Due to the sharing of resources, containers always run the same kernel as the host.
Requirements
- Modern kernel
- 64 bit Linux
Security
- The Docker daemon currently requires
rootprivileges. As a result, alldockercommands must be prefixed withsudo, or alternatively you can create a group calleddockerand add users to that. This does not provide any security benefits.