不应该使用Docker的7种情况

Docker是改变游戏规则的人。 但这不是万能的解决方案。 (Docker is a game-changer. But it is not a one-size-fits-all solution.)

There are many good things about Docker. It packs, ships, and runs applications as a lightweight, portable, and self-sufficient containerization tool. Docker is great for businesses of all sizes. When you are working on a piece of code in a small team, it eliminates the “but it works on my machine” problem. Meanwhile, enterprises can use Docker to build Agile software delivery pipelines to ship new features faster and more securely.

Docker有很多好处。 它打包，运送和运行应用程序，是一种轻巧，可移植且自给自足的容器化工具。 Docker非常适合各种规模的企业。 当您在一个小型团队中编写一段代码时，它消除了“但在我的机器上有效”的问题。 同时，企业可以使用Docker构建敏捷的软件交付管道，以更快，更安全地发布新功能。

With its built-in containerization system, Docker is an excellent tool for cloud computing. In turn, Docker Swarm advances clusterization and decentralized design. Sounds too good to be true, right? Well, there are still several cases when not to use Docker. Here are seven of them.

凭借其内置的容器化系统，Docker是用于云计算的出色工具。 反过来，Docker Swarm促进了集群化和分散式设计。 听起来好得令人难以置信，对吧？ 嗯，仍然有几种情况不使用Docker。 这是其中的七个。

Let's go through these one by one.

让我们一一讲解。

如果需要提高速度，请不要使用Docker (Do Not Use Docker if You Need to Boost Speed)

Docker containers are smaller and require fewer resources than a virtual machine with a server and a database. At the same time, Docker will use as much system resources as the host’s kernel scheduler will allow. You should not expect Docker to speed up an application in any way.

与具有服务器和数据库的虚拟机相比，Docker容器更小且所需资源更少。 同时，Docker将使用主机内核调度程序所允许的尽可能多的系统资源。 您不应期望Docker以任何方式加速应用程序。

What is more, Docker might even make it slower. If you are working with it, you should set limits on how much memory, CPU, or block IO the container can use. Otherwise, if the kernel detects that the host machine’s memory is running too low to perform important system functions, it could start killing important processes. If the wrong process is killed (including the Docker itself), the system will be unstable.

而且，Docker甚至可能使其变慢。 如果要使用它，则应设置容器可以使用的内存，CPU或块IO的限制。 否则，如果内核检测到主机的内存运行不足，无法执行重要的系统功能，则它可能会开始杀死重要的进程。 如果杀死了错误的进程(包括Docker本身)，系统将变得不稳定。

Unfortunately, Docker’s memory adjustments – the out-of-memory priority on the Docker daemon – do not solve this issue. By contrast, an additional layer between an application and the operating system could also result in speed reduction. Yet, this decrease will be insignificant. Docker containers are not fully isolated and do not contain a complete operating system like any virtual machine.

不幸的是，Docker的内存调整(即Docker守护程序的内存不足优先级)无法解决此问题。 相比之下，应用程序和操作系统之间的附加层也可能导致速度降低。 然而，这种下降将是微不足道的。 Docker容器不是完全隔离的，并且不像任何虚拟机一样包含完整的操作系统。

如果您优先考虑安全性，请不要使用Docker (Do Not Use Docker if You Prioritize Security)

The greatest Docker security advantage is that it breaks the app into smaller parts. If the security of one part is compromised, the rest of them will not be affected.

Docker最大的安全优势是将应用程序分成了较小的部分。 如果一部分的安全性受到损害，则其余部分将不受影响。

However, while isolated processes in containers promise improved security, all contai