bestov.io

a tech bläg

Using WireGuard as the network for a Docker container

Docker is a container engine for the Linux operating system. It leverages two Linux kernel functionalities, chroot jails (or, nowadays, the pivot_root system call, but the details don’t really matter here) and namespaces, to create containers, or isolated environments where you can run processes separately from your host system. This has roughly the same advantages of virtualization: isolation (not), portability, separation of concerns, reproducibility. These are all good things for a lot of applications, including CI, orchestration, resilient setups, etc...