undefined | Better HN

0 pointsgeggam10y ago0 comments

what is the benefit to any isolation of a process for a single tenant ? and why cant you just run cgroups without the overhead of docker ?

see : bocker

0 comments

3 comments · 1 top-level

superuser210y ago· 2 in thread

>what is the benefit to any isolation of a process for a single tenant?

Build, test, and ship the same artifact. Whether it's a Vagrant on your Mac, AWS, or metal in your colo datacenter.

>and why cant you just run cgroups without the overhead of docker ?

If you're running cgroups, you've created your own half-baked implementation of Docker in giving yourself a reasonable API to work with. This might make sense if you're Google but otherwise probably not.

geggamOP10y ago

cgroups is docker now ? what does that make systemd-nspawn ?

superuser210y ago

Docker is a simplified interface for controlling cgroups, yes. (Some people are working on/using alternative backends now, but that was the whole point at the beginning - a nice API for cgroups.)

j / k navigate · click thread line to collapse