Experts point of view: Docker architecture advantages and disadvantages of large analysis _ architecture

Absrtact: After the advent of Docker, its packaging applications, rapid deployment capabilities, by the vast number of developers welcome. In 2015, Docker further launched the private repository function Docker Registry, as well as the native networking features Docker networking, making it easier for enterprises to structure Docker clusters.

After the advent of Docker, its packaging applications, rapid deployment capabilities, by the vast number of developers welcome. In 2015, Docker further launched the private repository function Docker Registry, as well as the native networking features Docker networking, making it easier for enterprises to structure Docker clusters. All this makes Docker a new choice for the formal environment.

In Docker received a favorable comment, with "Docker Source code Analysis", greatly praised by the Chinese Docker community Sun Hongliang that the Docker has at least 3 major shortcomings, can not meet the needs of various environments. He is also a software engineer who is involved in the frontline development of the Docker PAAs service Daocloud in China, who has studied Docker's original code.

Instead of most Docker developers talking about Docker from the application side, Sun Hongliang on 2015 Container Summit, choose from the Docker Code design architecture to analyze the pros and cons.

Sun Hongliang also pointed out that although the container technology has been developed for a long time, but through the Docker unique image design, the container technology in recent years to flourish.

Unique image profile designed to make Docker burst red

Container technology can be traced back to the 1979 when the Unix V7, where the chroot system call instructions, through the change of the root directory of the program to achieve System program isolation effect. The container technology, which has developed for more than 30 years, explains why it was late until 2013 because Docker swept the world's IT industry, Sun Hongliang explained, because Docker image file design, so that Docker can break the past "code is the application" concept.

Traditionally, when software development is finished, the output is code, or two-dollar execution file that can be compiled and executed.

In order for these code to execute smoothly, the development team also has to prepare a complete deployment file to allow the transport team to deploy the application, but even so, there is still a lot of deployment failure. Sun Hongliang said that Docker through the image file, the operating system core, operating the application needs of the system environment, from the bottom of the packaging, to achieve the seamless integration of applications across the platform operation.

Microsoft has announced that it will build Docker Engine in the next generation of Windows Server 2016, allowing Windows sever to natively support Docker. But Sun Hongliang also explained that the current Windows support for Docker, mostly in the API layer. In addition to Windows operating systems and Linux in the kernel layer difference is very large, Windows also has the development of its own container technology.

The design of the Docker image allows Docker to break the notion that "code is applied" in the past. Through the image file, the operating system, except the core, operating the application needs of the system environment, from the bottom of the packaging, to achieve the application across the platform seamless operation.

The obstacle of system service Docker

Although Docker through the image file design, to solve the traditional dimensional transport team in the deployment of problems. However, when the system service is Docker and the application is Docker, the user still encounters the actual problem.

When an application must dispatch a system's services, such as using a cron service, setting the work to automated execution, or performing a syslog service to collect system logs, developers will encounter barriers to using Docker, Sun Hongliang said.

For example, although a cron service can be packaged using Docker, the Docker cron service differs greatly from the traditional Linux cron service. Sun Hongliang said that once the cron service was containerized, the original environment variable setting would be invalidated. Therefore the user must analyze the software, the container operation Way, can satisfy the use demand. In addition, Docker and Linux kernel communication skills are weak, travel between the communication (Inter-Process COMMUNICATION,IPC) will be isolated. If the NFS server accepts the client's request, it will pass the requirements back to the Linux kernel,"users before they can be containerized, they must be considered repeatedly. "he said.

Not all applications are suitable for Docker

In the application Docker aspect, although Docker's rapid deployment characteristic is very attractive, but may not all the application is suitable docker, like MySQL, Sun Hongliang thinks if it docker the existence some drawbacks. For example, when a user's data needs to be backed up to create a MySQL database Container, you can create a MySQL database Container by using the Docker Run command, or use the Docker Run command, Modify MySQL's environment variables. These environmental variables are stored in Docker container via the Docker Daemon, Docker Engine, in JSON's file Eucalyptus format.

Environmental variables that exist in Docker container have no meaning for Docker engine, but there are hidden concerns about users who use Docker, and the user's container may create doubts if they are seen by unrelated third parties. So, Sun Hongliang, traditional developers are using MySQL's thinking and can't seamlessly move to the Docker world.

Sun Hongliang said that after the advent of Docker, Docker officials also claimed that Docker's design was an application-centric (application-centric), hoping that users would focus on developing applications, while Docker officials did not specifically encourage users, Think of Docker as a replacement for the VM as a new generation of computing units. He believes that when Docker used to pack web apps, or more simple system services, can achieve a good docker effect. However, if you want to expand the scope of the use of Docker, start to involve the operating system of the basic operating level, or decentralized systems in the promotion of micro-services, the use of Docker will create some problems.

Shared Linux Kernel, so Docker security is congenitally deficient

Original link