Docker
  • Introduction
    • What is Virtualization?
      • What is a Hypervisor?
      • Microsoft Hyper-V
    • What is Containerization?
      • What is docker?
      • What is a container image?
      • When to use containers?
      • When not to use Docker containers
  • Basics
    • ▶️Pull and run an image
      • Trivia
    • Basic docker commands
    • Container life cycle
  • Build an Image
    • ▶️Console app experiment
      • Hello-world image
    • What is a docker file?
      • Our docker file explained
    • ▶️Web app experiment
      • Create application
      • Create a docker file
      • Build an image
      • Run your image
      • Manipulating containers
  • Layers & Stages
    • Introduction
    • Image layers
    • Multistage images
Powered by GitBook
On this page
  1. Introduction
  2. What is Containerization?

When not to use Docker containers

When not to use Docker containers

Docker containers provide us with many benefits, as we've seen. Keep in mind that containers may not fit all of your requirements. There are a few aspects to keep in mind.

Security and virtualization

Containers provide a level of isolation. However, containers share a single host OS kernel, which can be a single point of attack.

Windows hosts provide an additional isolation model on which a purpose-built VM can be used to isolate the container at the hypervisor level. This mode is called Hyper-V isolation mode, and adds another layer of security between containers and container host.

We also need to take into account configure aspects such as storage and networks to make sure that we consider all security aspects. For example, all containers will use the bridge network by default and can access each other via IP address.

Not all applications will benefit from containerization. In such instances, it may make more sense to use a VM.

Service monitoring

Managing the applications and containers are more complicated than traditional VM deployments. Logging features exist that tell us about the state of the running containers. However, more detailed information about services inside the container is harder to monitor.

For example, Docker provides us with the docker stats command. This command returns information for the container such as percentage CPU usage, percentage memory usage, I/O written to disk, network data send and received and process IDs assigned. This information is useful as an immediate data stream, however no aggregation is done as the data isn't stored. We'll have to install third-party software for meaningful data capture over a period of time.

PreviousWhen to use containers?NextPull and run an image

Last updated 2 years ago