-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.qmd
126 lines (104 loc) · 5.54 KB
/
index.qmd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
---
title: "Why Docker"
description: |
While there are several container technologies, Docker is one of the
most popular and commonly used technologies.
date: "2022-12-14"
previous: true
categories:
- container
- deploy
- installation
- dependencies
---
<!-- TODO: Update this to match style of other posts -->
## Introduction
When considering container technologies, Docker is by far the most
well-known and popular container platform in use today. However, there
are different platforms on the market, each with unique approaches and
use cases. Even though all have a similar concept of images and
containers, there are some technical differences worth noting.
As to why we have chosen containerization, see the page [Why choose
containerization technology](/why-containers/index.qmd).
## Comparison of technologies
### Docker
Docker is without a doubt the most popular container
application/platform. According to Stack Overflow's [2020 Developer
Survey](https://insights.stackoverflow.com/survey/2020), which included
almost 65,000 respondents, Docker was the [third most
popular](https://insights.stackoverflow.com/survey/2020#technology-platforms)
platform among developers, trailing only Linux and Windows. In this
survey, Docker was the [most wanted and the second most
loved](https://insights.stackoverflow.com/survey/2020#technology-most-loved-dreaded-and-wanted-platforms)
platform.
Docker is incredible in many ways. It is a developer-friendly open
source platform that can be used for rapid application development and
is complemented by outstanding documentation, which is a major reason
for its popularity.
Docker employs the client-server architecture, which entails clients
requesting and receiving services from a host, in this case, the Docker
daemon. Any contact with Docker may be initiated by the Docker client
via an API call. The Docker client can communicate with many docker
daemons. Any API queries performed by the Docker client are then
received by the Docker daemon. The daemon is in charge of constructing,
executing, and distributing your Docker containers and is responsible
for the majority of the heavy work. This client-server architecture add
one extra security layer to isolate the content inside the container
from the outside environment.
### Podman
[Podman](https://podman.io) is an open-source, Linux-native tool
designed to develop, manage, and run containers and pods under the Open
Container Initiative (OCI) standards. Presented as a user-friendly
container orchestrator developed by [Red
Hat](https://www.redhat.com/en).
Podman is a daemonless container engine that enables users to create,
manage, and run OCI Containers on the Linux system. Podman, like Docker,
is an open source project. The program's source code is available to
anyone. Podman, unlike Docker, does not require a daemon process to
launch and manage containers. This is a significant distinction between
the two projects.
The ability to run both root and rootless containers is also Podman's
main advantage. As a single point of failure, a daemon is not used.
Compared to their root container counterparts, operating rootless
containers is viewed by some as improving system security.
### rkt
[rkt](https://github.com/rkt/rkt), like other container technologies,
lets you separate your software from its surroundings. However, rkt
provides adjustable isolation, allowing you to choose the appropriate
amount of isolation utilising rkt's pluggable runtime architecture,
which is divided into different phases.
rkt also includes security measures like a signature verification by
default and even privilege separation, which is in charge of retrieving
and validating signatures as unprivileged users. Having these
characteristics can help to mitigate the potential damage caused by
unforeseen vulnerabilities.
The rkt is not a complete platform, end-to-end solution. It is instead
utilised in conjunction with other technologies or in substitute of
particular Docker system components. Furthermore, the [rkt
project](https://github.com/rkt/rkt) has been archived on GitHub as of
February, 2020.
### Hyper-V
Because each container can run its own kernel, Hyper-V containers are
more closely aligned with the VM virtualization model. Because
applications running within them do not need to be compatible with the
host system, they are more portable than traditional containers. They
also provide improved security due to greater isolation from the host
operating system and other container environments. These advantages,
however, come with a cost: Hyper-V containers have a slightly larger
infrastructure footprint than Windows and other containers that rely on
a shared kernel-based system.
The biggest disadvantage of the Hyper-V is that each guest environment
must be based on Windows, though it might not have been the same version
as the host.
## Conclusion
After researching the container platform on the market, Docker still is
the best option for Seedcase software. First of all, Docker has the
world's largest repository of container images that allow Docker users
to create, test, store and distribute containers. Secondly, Docker is a
single, robust, and autonomous tool. Docker manages, runs, builds, and
does all other container-related tasks independently of any other
third-party tools. Lastly, Docker has a lengthy history of working with
well-known cloud platforms like Amazon Web Services (AWS) and Google
Cloud Platform (GCP). It is also compatible with Microsoft, Azure, and
OpenStack. Overall, regardless of how great the alternatives are, Docker
is the most suitable container platform for this project.