There are another important reason than most of the issues pointer out here that docker solves.
Security.
By using containerization Docker effectively creates another important barrier which is incredibly hard to escape, which is the OS (container)
If one server is running multiple Docker containers, a vulnerability in one system does not expose the others. This is a huge security improvement. Now the attacker needs to breach both the application and then break out of a container in order to directly access other parts of the host.
Also if the Docker images are big then the dev needs to select another image. You can easily have around 100MB containers now. With the “distroless” containers it is maybe down to like 30 MB if I recall correctly. Far from 1GB.
Reproducability is also huge efficiency booster. “Here run these this command and it will work perfecty on your machine” And it actually does.
It also reliably allows the opportunity to have self-healing servers, which means businesses can actually not have people available 24/7.
The use of containerization is maybe one of the greatest marvels in software dev in recent (10+) years.
There are another important reason than most of the issues pointer out here that docker solves.
Security.
By using containerization Docker effectively creates another important barrier which is incredibly hard to escape, which is the OS (container)
If one server is running multiple Docker containers, a vulnerability in one system does not expose the others. This is a huge security improvement. Now the attacker needs to breach both the application and then break out of a container in order to directly access other parts of the host.
Also if the Docker images are big then the dev needs to select another image. You can easily have around 100MB containers now. With the “distroless” containers it is maybe down to like 30 MB if I recall correctly. Far from 1GB.
Reproducability is also huge efficiency booster. “Here run these this command and it will work perfecty on your machine” And it actually does.
It also reliably allows the opportunity to have self-healing servers, which means businesses can actually not have people available 24/7.
The use of containerization is maybe one of the greatest marvels in software dev in recent (10+) years.
https://www.explainxkcd.com/wiki/index.php/2044:_Sandboxing_Cycle
Oof. I’m anxious that folks are going to get the wrong idea here.
While OCI does provide security benefits, it is not a part of a healthly security architecture.
If you see containers advertised on a security architecture diagram, be alarmed.
If a malicious user gets terminal access inside a container, it is nice that there’s a decent chance that they won’t get further.
But OCI was not designed to prevent malicious actors from escaping containers.
It is not safe to assume that a malicious actor inside a container will be unable to break out.
Don’t get me wrong, your point stands: Security loves it when we use containers.
I just wish folks would stop treating containers as “load bearing” in their security plans.