Containers vs. pods – taking a deeper look

It&#x27;s sad that LXD (<a href="https:&#x2F;&#x2F;github.com&#x2F;lxc&#x2F;lxd" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;lxc&#x2F;lxd</a>) gets so little attention. It&#x27;s a great compromise between a VM and a container as it doesn&#x27;t have the 1:1 relation between container and process. I use it to great effect at $dayjob.<p>Not that it is an alternative to K8s in every scenario, but it should have gotten at least a mention in the intro section.

This is a strange comparison. Pods are a group of containers, just like you can do with docker compose. I am not sure why one would present this as one versus the other.

It&#x27;s important to understand that containers are not a security device. Containers are a mechanism to separate resources used by processes. You should not assume any significant security benefits to containers, regardless of what anyone claims (even a kernel developer - maybe especially them....) because it all depends on Linux kernel security, which is pretty crap.<p>If you want security with containers, use Firecracker. It uses Micro VMs rather than just kernel-level restrictions, so even a Linux kernel security bug shouldn&#x27;t be able to jump out to the host or other containers&#x2F;Firecrackers.

Kubernetes is used for orchestrating containers. Pods are used for optimizing hardware resources. As far as I know, Docker have zero support for neither.<p>Edit: Please tell me down voter how to do this with Docker..