20

I get the big difference between VMs and containers. But that has me confused about how an Ubuntu container can even exist. It feels contradictory to me since Ubuntu is an OS.

https://hub.docker.com/_/ubuntu

Isn't this an entire guest OS? So what makes this a container over a VM? Or is the line between container and VM blurred?

I've tried googling this but the only results I find are the classic VM vs container answers which isn't really what I'm asking I don't think.

Edit - I've updated to try further clarify my question.

Winston Henke
  • 321
  • 2
  • 7
  • 1
    Short answer: Docker shares the host's kernel and physical devices; a VM has a duplicate kernel and emulated hardware. A Docker container also doesn't usually run everything that's bundled into the userspace, but only runs some target application with that userspace available. (It "looks like" Ubuntu but isn't running systemd, cron, sshd, ...) – David Maze Dec 29 '18 at 18:37
  • I updated my question to try and clarify. I'm not asking about the difference between a VM and container. But more how can an entire OS like Ubuntu be a container, why isn't it just called a VM at that point. – Winston Henke Dec 29 '18 at 19:04
  • 4
    The "docker container for Ubuntu" **isn't** an "entire OS"; it doesn't run its own kernel. It's an entire OS's userspace, sure -- but, well, whether it's running its own ring-0 or just as a bunch of namespaces inside someone else's kernel is precisely the distinction. – Charles Duffy Dec 29 '18 at 20:11
  • @CharlesDuffy that answers my question, thank you. This was my first post on Sack Overflow and I'm not sure why it's being downvoted. I don't think the linked question is the same thing that I'm asking. – Winston Henke Dec 29 '18 at 20:30
  • @WinstonHenke, the question isn't about writing code, and the answer doesn't/couldn't reasonably be expected to change *how* you write code (aka how you go about the practice of software development, essential to make it a "practical" question about software development), so it's off-topic here. There are other sites in the Stack Exchange network where it could well fit, but it's not squarely within the guidelines for SO. – Charles Duffy Dec 29 '18 at 22:36
  • ...note not just the "practical" specifier but also the "based on actual problems that you face" requirement in https://stackoverflow.com/help/dont-ask. I don't see an *actual problem* here. (Yes, these guidelines are sometimes inconsistently applied -- an interesting enough question will often get some slack -- but one's safest when staying within them). – Charles Duffy Dec 29 '18 at 22:42
  • ...and frankly, answers to the linked duplicate **do** make it 100% clear that in a Docker container the kernel is shared with the host. – Charles Duffy Dec 29 '18 at 22:45
  • @CharlesDuffy Fair enough about the why this question doesn't belong on SO. And I'd agree that answers to the linked duplicate do make it 100% clear that in a Docker container the kernel is shared with the host. But that is the part that was causing my confusion. That statement to me made zero sense with the idea of an Ubuntu container until it was clarified that it's not actually a full Ubuntu with a Linux kernel and I don't think the linked article explains that. I maybe didn't word the question the best either :( but thank you for your time. – Winston Henke Dec 29 '18 at 23:02
  • This is a very good question for people new to docker. I too am surprised to know that there are linux containers for windows docker!, didn't make sense. I am not really sure on the answer, but its either - a. as others here mentioned, the linux image is not full linux. or b. linux is running as a vm. see https://stackoverflow.com/q/42158596/4919103. – Nagarjuna Borra Jul 29 '21 at 18:52

1 Answers1

6

Docker is a new way of running applications in isolated lightweight containers. Even though they are isolated, they can integrate with other components.

Efficiency isn't the only gain. When you package your application to run in Docker, you get portability. You can run your app in a Docker container on your laptop, and it will behave in exactly the same way on a server in your data center and on a virtual machine (VM) in any cloud.

The other big motivator is security. Containers add secure isolation between applications, so you can be confident that if one application is compromised, the attacker can't move on to compromise other apps on the same host.

When you package your applications as Docker images, they all have the same shape—you can deploy, manage, secure, and upgrade them all in the same way.

To answer your question:

  • Each docker container runs its own lightweight VM, so the line between a regular VM is blurred, except the fact that docker containers aren't meant for GUI applications like regular VM's.

  • You assumed wrong. You need to include an OS in your Dockerfile and afterwards the application code. However, depending on your application, different sizes of OS images exist on Docker Hub, like the windows nanoserver, if you only have a simple console application that you want to run. Then you don't need a VM with the full scale OS. Another thing you can do is running staged builds in your dockerfile that will compile your application and only include the Runtime environment in your image, effectively reducing its size.

  • Docker is mainly meant to dockerrize new and legacy applications, meaning splitting them up in logically separated containers. When an application is dockerrized, it gains benefits like security, separation of dependencies, zero downtime maintenance, continuous integration pipelines, portability, efficiency etc. You can't containerize an application using a regular VM. The purposes and builds of docker containers and regular VM's are different.

I can recommend the following book if you are working with windows containers to get a better overview of the purpose of docker: https://www.packtpub.com/virtualization-and-cloud/docker-windows

If not then packt offers other books for docker on linux.

I hope this answers your question :)

valiano
  • 16,433
  • 7
  • 64
  • 79
hatati
  • 379
  • 2
  • 7
  • 1
    I edited my question. I'm not really asking what's the difference between a VM and a container, I get that. What I don't understand is how an entire OS like Ubuntu can be a container... Isn't it just a VM at that point? – Winston Henke Dec 29 '18 at 19:03
  • 1
    The Ubuntu image does not contain the ENTIRE OS, but only the necessary elements to make it lightweight. As Ken Cochrane explained in https://stackoverflow.com/questions/16047306/how-is-docker-different-from-a-virtual-machine: "A full virtualized system gets its own set of resources allocated to it, and does minimal sharing. You get more isolation, but it is much heavier. With Docker you get less isolation, but the containers are lightweight. So you could easily run thousands of containers on a host, and it won't even blink" So yeah, it is just a VM without a GUI. – hatati Dec 29 '18 at 19:09
  • I can't find any documentation on that. You say "The Ubuntu image does not contain the ENTIRE OS". But I'm assuming it has some or most of the Linux kernel making it a full operating system. Which is basically the heart of my question. – Winston Henke Dec 29 '18 at 20:01
  • 3
    A (Linux) container does _not_ contain its own kernel. That's an extremely significant difference. – David Maze Dec 29 '18 at 20:11
  • 1
    @DavidMaze thank you that answers my question – Winston Henke Dec 29 '18 at 20:34