[-] declination@programming.dev 31 points 1 year ago

You need to me careful about benchmarking to find performance problems after the fact. You can get stuck in a local maxima where there is no particular cost center buts it’s all just slow.

If performance specifically is a goal there should probably at least be a theory of how it will be achieved and then that can be refined with benchmarks and profiling.

[-] declination@programming.dev 1 points 1 year ago

I can't remember exactly what all the pieces are. However, I believe its a combination of

  • cgroups: process isolation which is why you can see docker processes in ps/top/etc but you can't for vms. I believe this is also what gets you the ability to run cross distro images since the isolation ensures the correct shared objects are loaded
  • network namespaces: how they handle generating the isolated network stack per process
  • some additional mount magic that I don't know what its called.

My understanding is that all of the neat properties of docker are actuall part of the kernel, docker (and podman and other container runtimes) are mostly just packing them together to achieve the desired properties of "containers".

[-] declination@programming.dev 3 points 1 year ago

I suspect they meant it runs natively in that it’s an aarch64 binary. It’s still running a VM under the hood because docker is really just a nice frontend to a bunch of Linux kernel features.

view more: ‹ prev next ›

declination

joined 1 year ago