Considering there isn't a hack for docker, if that application gets hacked, the attacker is jailed to that docker image and can't access the host. Unikernels will perform better than native clients. I think docker performance is about the same, but you don't have to set up and configure the app.
easier management of dependencies and deployment. all requisite packages, builds, etc. are taken care of inside the container, which means you don't have to deal with conflicting requirements, needing multiple versions of things, etc. at the OS level
this also works for development and testing, all your devs can work out of the same environment which can be easily redistributed to the team, and you can ensure your end users have that same environment too (which cuts down on "works on my machine" frustration)
Docker is like some kind of universal installation script that does a bunch of stuff that a *nix admin would do anyway-and undo. It is built out of OS provided stuff and it isn't a VM (unless you configure it to be) and this post about 'no hack fordocker, sort of has me holding my face in my hands.
Comments
But I've never found it worth the effort outside work things.
https://medium.com/bb-tutorials-and-thoughts/docker-a-beginners-guide-to-dockerfile-with-a-sample-project-6c1ac1f17490