<i>"Containers isolate and encapsulate your application workloads from the host system. Think of a container as an OS within your host OS in which you can install and run applications, and for all practical purposes behaves like an virtual machine. Containers decouple your applications from the host OS."</i><p>Wrong wrong wrong. Containers do not encapsulate (in the security sense). You can get some security by layering SELinux underneath, but you're still wide open to a range of kernel exploits. A container is not "an OS within [an] OS". Containers do not "for all practical purposes behave like a VM" since you can't run another kernel, BSD, Windows, etc on them. Containers do not decouple your app from the host OS, you are very much dependent on features compiled into your host kernel. Subtle userspace<->kernel ABI regressions will cause you days of debugging (I've been there several times).<p><i>"[VMs] .. at a performance penalty and without the same flexibility"</i><p>After boot, there's almost no difference in performance. Boot time <i>is</i> a huge factor, but don't confuse the two.<p>Containers have their place, are useful and very fast to provision, when you understand and accept their limitations (as many do), but don't spread nonsense like this.
> Docker restricts the container to a single process only.<p>> When it comes to applications for a LAMP container you would need to build 3 containers that consume services from each other, a PHP container, an Apache container and a MySQL container.<p>Huh??
While people contemplate things like containers, it's worth noting that modern hardware virtualization imposes a performance overhead of low single digital percentage points, and with some technologies like deduplication of storage and memory can paradoxically improve performance over bare metal in many scenarios.<p>Containers are interesting and the technology is emerging, but for 1-2% overhead it just isn't as critical as its often held.