在vm上运行码头工具的优点是什么？ [英] what are the advantages of running docker on a vm?

问题描述

Docker是OS（内核）的抽象，而在下面，VM是Hardware的抽象。在VM上运行Docker（如Azure）的要点（除了应用程序可移植性）？他们不应该直接在硬件上托管docker？

解决方案

Docker不提供内核级安全漏洞的有效隔离（只有一个环0，它共享所有容器）。因此，人们可以合理地希望通过虚拟化机制提供额外的隔离。

请记住，Docker的价值不在于安全性，而是关于容器化 - 构建和分发便携式应用程序，以确保层之间的耦合仅发生在何处以及如何意图。

Docker is an abstraction of OS (kernal) and below, VM is abstraction of Hardware. What is the point of running a Docker on an VM (like Azure) (apart from app portability)? should they not be directly hosting docker on the hardware?

解决方案

Docker doesn't provide effective isolation for kernel-level security exploits (there's only one ring 0, and it's shared across all containers). Thus, one could reasonably wish to have the additional isolation provided by a virtualization mechanism.

Keep in mind that much of Docker's value is not about security, but about containerization -- building and distributing portable applications in such a way as to ensure that coupling between layers occurs only where and how intended.

这篇关于在vm上运行码头工具的优点是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！