Allow me to retort :)
- Security: “Unless you run your containers in privileged mode” — which is the equivalent of running a regularly installed packaged service as root. “how do you know what’s inside the image you just pulled”, that’s exactly like asking if you verified a package installed by apt. You can get them from official repos trusting that their behavior is approved by the community much like pulling images from communities such as official repositories or the more broad Bitnami community. In this case Docker doesn’t protect you against yourself (which would’ve been worth mentioning had someone implied that it would)
- Persistent Storage: so Docker doesn’t ‘solve’ something it precisely says it doesn’t. It’s like writing an article that a spoon isn’t good at cutting stuff. Dude, nobody claimed it would! It’s actually mentioned in every container tutorial/documentation that containers aren’t meant to hold persistent data. Big newsflash indeed.
- Vendor Locking: you’re dead wrong about this. The Docker environment has long been decoupled (there are alternatives for running and building technically Docker containers without the Docker daemon). Maybe a read on https://medium.com/@alenkacz/whats-the-difference-between-runc-containerd-docker-3fc8f79d4d6e will help. The “Docker Management Board” only manages the commercial software around it (like the docker registry, docker desktop, etc).
- Braindead: no, you can’t run 100 instances (just like that). You need an orchestrator for that, and it’s far from brain dead. Try running a speedy 100 instance on Kubernetes with minimal resilience demands while ‘braindead’, I dare you.
- Resource effectiveness — by default, no it’s not. A docker container running mysql will have the exact requirements of the mysql daemon running on a bare metal Debian installation. You can start it with near 0 costs on your local dev environment (whereas a bare metal configuration will probably account for reserving some system resources in advance) but once your start it running with enough data and load it’s not much more effective than any other setup. You do get benefits of automated resource management in an orchestrated environment (Kubernetes, Swarm, etc) but that’s somewhat different.
“I am a big fan of “I want to know WHAT I am doing and WHY” — big claim, but it doesn’t really feel like you do.