“Starting a virtual machine is more expensive than starting a container, timewise”
Docker is revolutionizing IT — you’re probably hearing this phrase quite often. Still, these questions linger: If we were to look beyond the hype, what’s so disruptive about Docker technology? What are the differences between Docker and a virtual machine? What is hype and where does the real added value lie? We talked with Gianluca Arbezzano, software engineer at InfluxData about all this and more.
Docker manages to insert itself into all our conversations — why? Because it is extremely helpful and everyone loves it. There’s a lot going on in the Docker world (for example, the Docker platform and Moby Project are now integrating support for Kubernetes) but this is not why we’re doing this interview series with Docker Captains.
Don’t miss our Docker Captains interview series
- “Docker doesn’t want to be replaced as the container runtime of choice”
- Docker vs. VM: What’s the difference?
- Solving Docker confusions one by one — Docker Captains share their tricks
- “It is crucial for Docker to be the industry-wide accepted standard”
- Docker Captains speak bluntly: “Containerd is basically the real engine behind Docker”
- “Making containers usable with nice tooling was the only thing missing — Docker provided that”
- “Data persistence is the most misunderstood element by Docker users”
- “I feel like Docker Swarm needs a bit more work to really be usable in production out of the box”
We’d like to hear more about their love stories with Docker, their likes and dislikes, their battle scars and more. Without further ado, we’d like to introduce Gianluca Arbezzano, software engineer at InfluxData.
JAXenter: Can you tell us a little bit about your first contact with Docker? Was it love at first sight?
Gianluca Arbezzano: I am passionate about open source, automation and DevOps. I spend a lot of time on GitHub looking for new technology and a good community to support. I discovered Docker when it was still in a very early stage — the projects were very different from how they look like now and the community very very small.
From day one, I realised this is a useful project but I only saw what it was capable of later on. At first, it was a very good way to have a smart package that I was able to ship around my network in a fast and easy way. Now that the ecosystem is mature, we can see a lot of other important aspects such as security, flexibility and so on.
JAXenter: Docker is revolutionizing IT — that is what we read and hear very often. Do you think this is true? If we were to look beyond the hype, what’s so disruptive about Docker technology?
Gianluca Arbezzano: I think it’s true for two main reasons. cgroup and containers are really good technologies and concepts capable of a real support for developers and sysadmin. The second reason is the architecture itself.
Docker and all the projects that started from it like notary, containerd, runc are a great example of good code. Before Dockerflie, we were used to having a complex and long configuration file to describe infrastructure as code. The mix of these two factors created what we know now.
JAXenter: How is Docker different from a normal virtual machine?
Gianluca Arbezzano: A lot of people at the moment don’t really care about isolation. A container that runs as privileged inside a virtual machine, without resource limitations, security profiles and so on, is kind of a smart tarball and nothing more.
But if you put together all the capabilities provided by containers, you can reach a good isolation plus a light and easy ecosystem to run, distribute and manage your application. Starting a virtual machine is more expensive than starting a container timewise. Same goes for the distribution and building part.
JAXenter: How do you use Docker in your daily work?
Gianluca Arbezzano: I use Docker to ship applications and services like InfluxDB around big cloud services. The container allows me to ship the same application in a safe way. I use Docker a lot to create and manage environments.
With Docker Compose, I can start a fresh environment to run smoke tests or integration tests on a specific application in a very simple and easy way. I can put it in my pipeline and delivery process to enforce my release circle.
JAXenter: What issues do you experience when working with Docker? What are the current challenges?
Gianluca Arbezzano: Smart scheduling is probably a very good challenge that we still need to address. K8s, Nomad, Swarm are fighting to win the war regarding scheduling container around a pool of servers but analyze the topology of the network, traffic and resources to teach your scheduler where your container can run better or where it can save some costs — that’s still a challenge that I am happy to address.
The other one, as I said previously, is about security. I think for this one we don’t need to write that much code, AppArmor, cilium, SELinux, notary we have what we need, probably is more like “evangelist” and culture.
JAXenter: Talking about the evolution of the Docker ecosystem: How do you comment on Docker’s decision to donate containerd runtime to CNCF?
Gianluca Arbezzano: I am an ambassador for the CNCF and I am super happy to see this trend grow that much. Support an open source project to make it free in terms of governance is something that we already saw with Linux. I agree with this approach.
I am still confused about Moby and things like that. There are also a lot of politics involved. But if we talk about runc, containerd now notary, I am happy to see these projects grow free and open.
JAXenter: Is there a special feature you would like to see in one of the next Docker releases?
Gianluca Arbezzano: Not really, I am happy to see all the other projects and libraries grow as standalone projects right now.
JAXenter: Could you share one of your favorite tips when using Docker?
docker run -it -p 8000:8000 gianarb/micro:1.2.0