Docker: It’s Virtual Containers All the Way Down


Just when you thought virtualization was old news, Docker has stormed on to the scene and looks like changing everything.

Docker didn’t come out of nowhere. The Linux kernel has gradually been accumulating a suite of really useful features for providing virtual environments without the overhead of full-on virtual machines:

  • cgroups provide isolation of resource usage (CPU, memory, disk I/O, etc.) of process groups.
  • Linux Containers (LXC) builds on cgroups to create a virtual environment that has its own process and network space.

Neither of these is new. Cgroups appeared in Linux kernel 2.6.24 back in 2008, but Docker packages these and creates a “chroot on steroids” by building fully isolated software containers running in user space inside a machine, either virtual or hardware.

I followed the Quick Tutorial and with three commands had a virtual Linux box running inside OS X (thanks to Vagrant). Two more commands and I was facing a Docker shell prompt inside a container inside the virtual box inside my MacBook. Hell, I could have kept going and created a Docker container in the Docker container.

I stared at that for a few minutes. My head was buzzing with the possibilities.

The containers are super lightweight – they spin up in a second – but they are a completely isolated environment with their own filesystems, networking and processes. You can install packages, edit files, do whatever you like in the container and the changes are recorded in the read-write layer mounted over the underlying file system.

What really blew me away was the possibilities for a standard way of installing an application stack. I’ve always hated the messiness of installing and configuring multiple packages to get them to work together. Docker pretty much guarantees you can create a black box with all the dependencies and configuration working on any platform you drop it into.

There is already a nice ecosystem of pre-built containers blossoming at the Docker Index and the community is pulling together conventions for containers to talk to each other. These things are going to be the Lego blocks we’ve always wanted.

Docker is not the first project to use containers like this (commercial vendors such as DotCloud and Heroku already use them for PaaS environments) but the explosion of interest in Docker shows how open sourcing can fire up a community.

All problems in computer science can be solved by another level of virtualisation.
– Apologies to David Wheeler

3 thoughts on “Docker: It’s Virtual Containers All the Way Down

  1. Pingback: Docker: It's Virtual Containers All the Way Dow...

Leave a Reply