Original author, public number [programmer reading], welcome to pay attention to the public number, reprint the article please indicate the source oh.
Image, Container and Repository are the three components of Docker. In fact, we have briefly understood the knowledge of the three components in the last article “10 Minutes to Quickly Master the Essential Basic Knowledge of Docker”, but did not explain them in detail. So in this article, let’s explore it in detail.
Mirror Image (Image)
What is a Docker image?
Simply put, a Docker image is a Linux Root FileSystem, which contains programs and corresponding data that can run in the Linux kernel.
While we’re at it, we might want to add a little bitLinuxOperating system related knowledge:
In general, Linux is divided into two parts: The Linux Kernel and user space, and the real Linux operating system is the Linux Kernel, The commonly used Ubuntu,Centos and other operating systems are actually Linux Distribution versions created by different vendors adding their own software and tools to the Linux kernel.
Therefore, we can also regard the image as the user space mentioned above. When Docker creates a container through the image, the user space defined by the image is run as an independent and isolated process on the Linux kernel of the host computer.
Two features of mirroring are highlighted here:
-
Images are layered: that is, an image can be composed of multiple middle layers, which can share the same middle Layer, or we can create a new image by adding an additional Layer to the image.
-
An image is read-only: after the image is built, it cannot be modified. Adding a layer to build a new image actually creates a temporary container on which files can be added or deleted, since the container can change dynamically.
I can better understand the relationship between Docker images and Linux by looking at the following diagram:
Command for operating a mirror
Docker image operation related commands are under the Docker image command, through the Docker image –help command, you can see the Docker image subcommand details, as follows:
Usage: docker image COMMAND Manage images Commands: build build an image from a Dockerfilehistory Show the historyImport import the contents from a tarball to create a filesystem image inspect Display detailed information on one or more images load load an image from a tar archive or STDIN(import images from a file or standard input stream) ls List images prune Remove unused images pull pull an image or a repository Rm Remove one or more images from a registry rm Remove one or more images from a registry Save save one or more images to a tar archive (streaming to STDOUT by default) tag Create a tag TARGET_IMAGE on index streaming That refers to SOURCE_IMAGECopy the codeAccess to the mirror
After Docker is installed, we don’t have any local images. Of course, we can build our own images, but it’s more convenient to pull the official or third-party images from Docker Hub, the warehouse service officially provided by Docker.
Pull images can be pulled using docker image pull in the following format:
docker image pull [OPTIONS] NAME[:TAG|@DIGEST]
Copy the codeOf course, docker image pull can be used more succinctly:
docker pull [OPTIONS] NAME[:TAG|@DIGEST]
Copy the codeTo pull an image, you need to specify the URL and port number of Docker Registry. The default is Docker Hub. In addition, you need to specify the repository name and label. The repository name consists of the author name and the software name.
So, after omitting the parameters, for example, if we want to pull the centos image, we can use the following simple command to pull it from the Docker Hub:
$ docker pull centos
Copy the codeViewing a Local Mirror
Using the above method we pull the mirror to the local, so how to check the local mirror? We can view all local mirrors by using the following command:
$ docker image ls
Copy the codeOf course Docker provides a more concise way to write it, as follows:
$ docker images
Copy the codeMere illusion mirror
We know that the Docker image name consists of the repository name and tag, but sometimes we will see a mirror with both the repository name and tag < None >, which is called a virtual suspended image, as shown below:
A suspended image is usually a new image generated when we use Docker pull to pull the latest image, so the warehouse name and label are given to the new image, while the old warehouse and label are cancelled and become a suspended image.
We can print all hover images with the following statement:
$ docker image ls -f dangling=true
Copy the codeThe general hover image is no longer useful, so it can be cleaned up. The following command can clear all hover images:
$ docker image prune
Copy the codeHowever, if we want to keep some useful virtual images, we can use the docker tag command to give the image a new repository name and tag:
$ docker tag 621d57f27e93 "The test: 1.0"
Copy the codeImage export and import
If you want to share an image with others, in addition to pulling the image from the mirror service repository and pushing the image to the repository, you can also export the locally built image and save it as a file and send it to others as follows:
$ docker image save -o /tmp/test_image.tar.gz centos:latest
Copy the codeYou can use the docker load command to load the image into the local Docker image list as follows:
$ docker load < /tmp/test_image.tar.gz
Copy the codeDeleting a Local Mirror
To delete one or more local mirrors, use the following command:
docker image rm [option] IMAGE1,IMAGE2,... IMAGEnCopy the codeYou can also use a more concise way, such as:
docker rmi [option] IMAGE1,IMAGE2,... IMAGEnCopy the codeYou can delete a mirror using its long ID, short ID, summary, and name, as shown below
$ docker rmi f7302e4ab3a8
Copy the codeThe shorter ID of the image is more commonly used, for example:
$ docker rmi f7302
Copy the codeYou can also delete a mirror by using the summary of the mirror. The summary of the mirror can be queried using the following command:
$ docker image ls --digests
Copy the codeOf course, if we want to clear all local mirrors, we can use the following command, but it is generally not recommended.
$ docker rmi $(docker images -qa)
Copy the codeIn addition, if an image has already been used to create a container, using the command above to delete it will result in the following error telling us that the image is already in use and cannot be deleted.
Error response from daemon: conflict: unable to remove repository reference "Mysql: 5.7" (must force) - container ccd406c07a78 is using its referenced image e1e1680ac726
Copy the codeThere are two ways to delete an image that has been used to create a container. One is to delete the container first and then delete the image, and the other is to delete the image with a -f parameter in the command for deleting the image, for example:
$ docker rim -f f7302
Copy the codeBuild the image using Docker Commit
The examples above all use official images directly. In fact, in addition to pulling images built by others from official or other mirror warehouses, we can also build our own images. Generally, there are two ways to build images.
Using the docker commit command, we can recommit the modified container as an image, such as:
$docker commit conntaner_id my-hello:1.0Copy the codeAn image constructed in this way is called a black box image, which is just like a black box. People do not know what changes and operations we have made to the container, so they may question its security.
It is not recommended to build images in this way. Here is a more general and convenient way.
useDockerfileBuild the mirror
It is generally recommended to write Dockerfile to build a mirror, Docker Hub images are built in this way, the advantage of using this way is that we do not have to distribute the image to others, but only the Dockerfile and the corresponding need to write the image of the data to others, others can also build their own image, Safety and transparency.
Write a simple Got program
package main
import "fmt"
func main(){
fmt.Println("Hello Go")}Copy the codeCompile the Go program into an executable program, as follows:
$ go build hello.go
Copy the codewriteDockerfilefile
Here we write a simple Dockerfile to build our first image, as follows:
# Start with a blank mirror image
FROM stratch
ADD hello /
# to perform
CMD /hello
Copy the codeStart building the image
After compiling the Dockerfile file, you need to use the docker build command to build it. The format of the docker build command is as follows:
$ docker build [OPTIONS] PATH | URL | -
Copy the code# Note the last dot (.) Represents the current directory, where the Dockerfile resides
$ docker build -t "Hello - go: 1.0" .
Copy the codeThis is just a simple demonstration of how to build an image using Dockerfile. There are many more in-depth uses of Dockerfile that we will talk about later.
The Container (the Container)
The relationship between containers and images is similar to the relationship between objects and classes in oriented programming.
Because containers are created using images, they must have an image before they can be created, and the resulting container is an isolated process independent of the host, with its own network and namespace.
The image is read-only, but the container is readable and writable. This is achieved by adding a writer/read layer on top of the image, as shown in the following figure:
Commands for manipulating containers
Usage: docker container COMMAND
Manage containers
Commands:
attach Attach local standard input, output, and error streams to a runnin g container
commit Create a new image from a containerCp Copy files/folders between a container and the local filesystem create create a new Diff Inspect changes to files or directories on a container's filesyste m
exec Run a command inA Running container(executing commands in a running container)export Export a container's filesystem as a tar archive inspect Display detailed information on one or more containers kill Kill one or more Running containers kill one or more containers that are running Logs Fetch the logs of a container ls List containers display a List of local containers pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container prune Remove all Stopped containers rename rename a container restart restart one or more containers rm Remove one or More containers(delete one or more containers) Run run a command in a new container start start one or more containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running Containers (to stop one or more containers) top Display the running processes of a container unpause unpause all processes within one or more containers update Update configuration of one or more containers wait Block until one or more containers stop, then print their exit codesCopy the codeStart the container
There are several different ways to start a container, the most common way is to use the docker run command to create a container from the image, such as:
# /bin/bash indicates the command to execute after running the container
$ docker run -it centos /bin/bash
Copy the codeDocker run command has some common parameters, such as container is a kind of service daemon, then usually need to open the port for external access, such as:
$ docker run -p 80:80 nginx
Copy the codeYou can also specify a name for the container, as in:
$ docker run -p 80:80 --name webserver nginx
Copy the codeThe docker start command is used to restart the stopped container, for example:
# container_id specifies the ID of the container
$ docker start container_id
Copy the codeFor running containers, you can restart them with the docker restart command, for example:
# container_id specifies the ID of the container
$ docker restart container_id
Copy the codeView a list of local containers
After running the container, we can view all local containers with the following command:
$ docker container ls
Copy the codeDocker container ls can also be written succintly:
$ docker ps
Copy the codeThe command output is as follows:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f4f184f5ffb9 redis:latest "Docker - entrypoint. S..."6 seconds ago Up 4 seconds 0.0.0.0:6379->6379/ TCP myredis f7d970e7d4ce mysql:5.7"Docker - entrypoint. S..."7 seconds ago Up 5 seconds 0.0.0.0:3306->3306/ TCP, 33060/ TCP docker-mysqlCopy the codeThe above command displays only running containers. If you want to display all containers, including those that exit execution, you can add the parameter -a, for example:
$ docker ps -a
Copy the codeSometimes, we just want to find the container ID, we can use the following command:
$ docker ps -aq
Copy the codeThe execution result
f4f184f5ffb9
f7d970e7d4ce
Copy the codeStop the container
For containers that are no longer needed, you can use the docker stop command to stop them, for example:
$ docker stop container_id1,container_id2...
Copy the codeBatch stop containers such as:
$ docker stop $(docker ps -qa)
Copy the codeThree modes of operation for containers
In summary, Docker container generally has three operating modes, as follows:
Exit after run
The container created by the following statement will exit after running.
$ docker run centos echo "hellowrold"
Copy the codeResident memory is the mode of the daemon
If a daemon is running in a container, the container is always running, as in:
$ docker run -d -p 80:80 nginx
Copy the codeinteractive
We can also interact directly with the container while running it.
$ docker run -it centos /bin/bash
Copy the codeRemove the container
$ docker container rm container_id
Copy the codeThe delete container command can also be succinctly written as follows:
$ docker rm container_id
Copy the codeWe can also delete containers in batches as we did above:
$ docker rm $(docker ps -qa)
Copy the codeInto the container
For a running container, we can also re-enter the container using the Docker exec command, as in:
$ docker exec -it f4f184f5ffb9 /bin/bash
Copy the codeYou need to specify the id or name of the container; we used id in the above command.
Export container as image
$ docker export -o ./image.tar.gz f4f184f5ffb9
Copy the codeAfter exporting the container, we can import the file package into the image on another computer with Docker installed, for example:
$ docker import image.tar.gz
Copy the codeThis is the concept of containers and some common commands. Containers can also be used to set up data volumes and network Spaces, which we will talk about later.
Warehouse (Repository)
A Repository is a place where images are stored centrally. There is a concept to distinguish between Repository and Registry. For example, Docker Hub is an official Repository server provided by Docker. But sometimes we don’t need to make too much of a distinction.
Public warehouse
Public warehouse generally refers to Docker Hub. We have introduced how to obtain images from Docker Hub many times before. In addition to obtaining images, we can also store the images we build in Docker Hub, so that others can also use the images we build.
However, to upload the image to Docker Hub, you must first register an account on the official website of Docker. The registration interface is as follows. You can register by filling in the necessary information as required.
Once registered, you can log in to the Dokcer Hub locally using commands as follows:
# Enter on the command line
$ docker login
Copy the code
After entering the account password to log in to the Docker Hub, the Docker push command can be used to push the image to the Docker Hub.
$ docker push test: 1.0Copy the codePrivate warehouses
Sometimes when there are some images to be shared within our department, it is troublesome to directly export the images to others, and it is not very convenient to use a public warehouse like Docker Hub. At this time, we can build our own private warehouse service to store and distribute our images.
Docker officially provides the image Registry, which can be used to build a private warehouse service. After we pull the image to the local, we can use the following command to create the container of the image to build a warehouse service, as follows:
$ docker run -d -p 5000:5000 --restart=always --name registry registry
Copy the codeSuppose we take a server with IP 192.168.0.100 as the warehouse service and run the above statement, then we can rebuild the above image with the following statement, such as:
$ docker build -t "192.168.0.100 / hello - go: 1.0" .
Copy the codeThen push to your own private warehouse server with the following statement:
$docker push 192.168.0.100 / hello - word: 1.0Copy the codesummary
Image is a static concept that cannot be modified after construction, while container is a dynamic concept. Docker can easily create or delete containers. The relationship between image and container is just like the relationship between classes and objects in object-oriented programming, and the warehouse is the place where images are stored and distributed.
Welcome to scan code attention, common learning progress
