A brief introduction.
What is a Docker
Docker uses Go language launched by Google for development and implementation, based on Cgroup, Namespace of Linux kernel, and Union FS of OverlayFS class, encapsulating and isolating processes. Virtualization technology at the operating system level. Since a quarantined process is independent of the host and other quarantined processes, it is also called a container.
The traditional virtual machine technology is to create a set of virtual hardware, run a complete operating system on it, and then run required application processes on the system. The application processes inside the container run directly on.
Docker is based on the container, the host kernel, the container does not have its own kernel, and there is no hardware virtualization. Therefore, containers are much lighter than traditional virtual machines. Further encapsulation, from file systems to network interconnections to process isolation, greatly simplifies container creation and maintenance. Docker technology is lighter and faster than virtual machine technology.
2. Why Docker
Compare with traditional virtual machines
| features | The container | The virtual machine |
|---|---|---|
| Start the | Second level | Minutes of class |
| The hard disk to use | As a general rule, beMB |
As a general rule, beGB |
| performance | Close to the native | Weaker than |
| System support | Supports thousands of containers on a single machine | Usually dozens |
Advantages of using Docker (familiar with the following Docker should be able to answer why and how to do it)
- More efficient use of system resources
- Faster startup time
- Consistent operating environment
- Continuous delivery and deployment
- Easier migration
- Easier maintenance and extension
Two. Three basic concepts of Docker!
The advantages of Docker are inseparable from the following three concepts. If you understand the following three concepts, you can understand the whole life cycle of Docker
- Image
- Container
- Repository
Image
For Linux, the root file system is mounted to provide user-space support after the kernel is started. A Docker image, on the other hand, is a root file system. For example, the official ubuntu:18.04 image contains a complete set of root file systems for ubuntu 18.04 minimum system.
Docker image is a special file system. When Docker is designed, Union FS technology is used to design the architecture for hierarchical storage. What is hierarchical storage?
- When mirroring is built, it is built layer by layer. The previous layer is the foundation of the next layer. After each layer is built, it will not change again.
Such as: Now we want to create a new image by ourselves. First we select the official image Ubuntu :18.04 as the base image, and create a new 1KB text file in it. Now we add 1KB to the base image, which is the second layer, and delete it. In fact, the third layer is added to the second layer, and the 1KB file will remain with the image.
Container
A container is essentially a process, but a container is different from a normal thread in that it can have its own root file system, its own network configuration, and its own process space. The container therefore runs in an isolated environment and is used as if under a separate operating system. Because of this isolation feature, the host machine can be more secure.
We can think of the image as an installation package and the container as a separate process created with the image.
-
As mentioned earlier, images use tiered storage, as do containers. Each container runtime is based on an image, on which a storage layer of the current container is created. We can call this storage layer prepared for the container runtime reads and writes the container storage layer.
-
The container storage layer lives the same as the container. When the container dies, the container storage layer dies with it. Therefore, any information stored in the container storage layer is lost when the container is deleted.
-
As per Docker best practices, containers should not write any data to their storage layer, and the container storage layer should remain stateless.
Third point what meaning, that is to say we should not to write or change anything, container to change directory mounted to the host machine, so we only need to backup the configuration directory, every time I start the container to mount this configuration directory, before all changes are constant, so afraid of the container to be deleted or stop, We can restart the configured service with a single command.
For example, when we create Mysql:5.7, we mount Mysql’s data directory to the host machine. When we create Mysql:5.7, we mount Mysql’s data directory to the host machine. When we create Mysql:5.7, we mount Mysql’s data directory to the host machine.
Repository
After the image is built, it can be easily run on the current host. However, if the image needs to be used on other servers, we need a centralized service to store and distribute the image, and Docker Registry is such a service.
A Docker Registry can contain multiple repositories. Each repository can contain multiple tags; Each label corresponds to a mirror.
Take the Ubuntu image as an example. Ubuntu is the name of the repository, which contains different version labels such as 16.04 and 18.04. We can specify which version of the image we want with Ubuntu :16.04 or Ubuntu :18.04. If you omit the tag, such as Ubuntu, it will be treated as Ubuntu: Latest.
In addition, we can not only use public warehouses such as the official Docker Hub, but also build private warehouse services.
Relationship between image -> container -> repository
- Mirror (
Image) and containers (Container), just like in object-oriented programmingclass和The instanceSimilarly, a mirror is a static definition, and a container is an entity of the mirror runtime. Containers can be created, started, stopped, deleted, paused, and so on. - Warehouse (
Repository) is a centralized place to store images. - A container is a single application or group of applications that run independently and their runtime environment. A virtual machine, in turn, can be understood as a simulation of a running operating system (providing a running environment and other system environments) and the applications running on it.
For example: We pulled an official nginx image, nginx:latest, and now we have an image on our Linux host, and when we start the image, Docker will create an instance from that image. Let’s say we call it nginx, and the configuration of the instance depends on the command parameters you enter. This instance is a container, and then we go into the container nginx to make changes. When we delete the container, our changes are not saved, but destroyed along with the container. Let’s say we make a change and save the new change container as an image, and then commit it to the repository, so we can use the changed image directly next time.