This blog is part of my ongoing series on Docker containers. In my previous blog, I covered LXC. When I tried out LXC, I realized that there are lots of similarities between Docker and LXC. Also, I saw a recent announcement about Rkt which is another Container runtime technology. In this blog, I have tried to answer multiple questions that I had about these technologies based on reading through the reference materials mentioned below. This is a pretty controversial topic as folks have strong opinions about these technologies, I have tried to keep it as neutral as possible.
How is Container management different from Container technologies?
I found this diagram from Docker blog very helpful in answering the above question.
Linux kernel has support for Container technologies like namespaces, cgroups etc. Docker, LXC and Rocket use the technologies available in Linux kernel to manage the lifecycle of the Container. Container management involves Container creation, deletion and modification, image format and the tools around it. Before Docker version 0.9, Docker was using LXC to interact with Linux kernel. From Docker version 0.9, Docker directly interacts with Linux kernel using libcontainer interface that they developed.
How is Docker different from LXC?
Docker FAQ explains the reasons in detail. I found the significant ones being Container portability, single application focus, image sharing. Container portability allows the same Docker image to run on different Linux distributions and hardware configurations with no change to the image. Based on my reading, LXC portability works well across Ubuntu but not across other distributions. Docker is tailored to operate single application per container and it stresses on distributed application development model though multiple applications can be run using Supervisor model. LXC is more suited as a VM replacement where multiple applications can be run in the same container. Docker hub makes it easy to share Docker images. Another thing that I noted is Docker needs sudo access to manage containers, LXC has the unprivileged option to create User space containers which could be an advantage in some scenarios.
How is Rocket different from Docker?
CoreOS blog covers the motivation of Rocket and differences from Docker. Rocket is based on the App container specification that is being developed currently. App container specification defines Image format and Image discovery mechanism. Rocket implements containers according to this specification and there could be other implementations using the same specification. According to Rocket, simplicity, scale and security will be differentiators in their implementation.
Can LXC, Docker, Rocket and other container management technologies work with each other?
In the Rocket demo, I saw that they were able to take a Docker image and convert into Rocket image by flattening the root filesystem. I am not sure if its possible to do this with all combinations. It will be good if Container images are interoperable.
What is the difference between Component and platform in the context of Containers?
Docker started off as a single Container management solution. There are multiple projects ongoing in Docker related to clustering, orchestration, networking. Each of these projects is a component and together they form a Container platform. Rocket provides a single component of the Container solution that defines Container runtime. Rocket in addition to other components like components of CoreOS, Kubernetes becomes a platform. The trend looks to be that platform will have pluggable architecture for different components to hook onto.
What Linux kernel versions are needed for Containers?
Docker requires minimum Kernel version of >= 3.8. Base LXC needs >=2.6.32, lxc-attach needs >=3.8, Unprivileged containers need >= 3.12.
Is libvirt LXC driver related to LXC?
No, libvirt directly makes kernel calls to manage Containers. Libvirt LXC is another container management option like LXC, Docker.
I will try to update the Q&A list based on what I come across in the future.