Introduction to docker

Understanding docker

The following are all translated from the official docker documentation. For more information, see Vikings.

What is docker?

　　Docker is an open-source platform designed to facilitate development, deployment, and application execution. You can use docker to quickly distribute developed applications. With docker, you can split the development platform and application and manage the development platform as you manage the application. Docker helps you quickly develop applications, quickly test applications, quickly deploy applications, and shorten the interval between code development and code execution.

Docker uses the virtualization platform workflow and related tools of a lightweight container to achieve the above functions, and uses this lightweight container to help you manage and deploy applications.

At the docker core layer, it provides a way to run various applications in isolated containers. This method allows docker to run several containers on the same host at the same time. This lightweight container running method has almost no additional running overhead. This means that you can make full use of the hardware capabilities of the main sentence.

With the tools and virtualization platform provided by docker, you can do the following:

1. Deploy your application or component to the container.

2. distribute your containers to your team for further development or testing.

3. Deploy your applications to the release environment, whether in local or cloud mode.

What can I use docker?

1. Fast distribution of applications

Docker helps you control the development cycle. Docker allows you to develop code in a local development environment, and then integrate the developed applications into the development process of the team.

For example, you can write code locally. You share the code development stack information to team members. After the compilation is completed, the development stack information is also shared. Then, in the test environment, use the development stack shared by the team to perform the required test. After the test is completed, the team can release the tested docker image (images) to the product environment.

2. easy deployment and management

Docker container-based mechanism can be easily deployed. A docker container can be executed on a local host or on a virtual machine, whether local or cloud.

Rapid deployment of docker and lightweight features make it easy to manage loads. You can quickly start or destroy containers. This time is almost real-time.

3. A large amount of work load can be executed

Because docker is easy to deploy and can start and stop quickly, docker also provides a feasible and cost-effective virtual machine management mechanism. Docker is suitable for environments with high load requirements. For example, when you use your cloud platform as a paas, Or you require your environment to have high resource usage.

What are the major docker components?

Docker has two main components:

Docker: open-source container virtualization platform

Docker hub: a software-as-a-service platform used to share and manage docker containers.

What is docker's architecture?

Docker takes the C-S structure. Docker client communicates with docker daemon. docker daemon is responsible for maintaining the construction, operation, and distribution of docker containers.

The client and daemon can be executed on the same host or separately. The local client can connect to a remote daemon. The client can communicate with daemon through socker or rest APIs.

 

　　

　　

The docker daemon

As shown in, daemon runs on the host. The user can only communicate with the daemon through the client.

The docker Client

Docker client is an important interface between users and docker. It receives commands from the user and displays the data returned by daemon.

Inside docker

To thoroughly understand the internal mechanism of docker, you need to understand the following three components:

• • Docker images. (image)
  • Docker registries. (repository)
  • Docker containers. (container)

Docker Images

Docker image is a read-only template. For example, an image can be an Ubuntu operating system that contains Apache and your web applications. We often use images to create containers. Docker provides a quick way to create or update images. You can also download images that have been created by others. Docker image is a building component in the docker structure.

Docker registries

Docker registries is used to save the image. It is divided into public and private warehouses. You can upload or download images from the repository. The public docker repository is called "docker Hub". It provides many images that you can use. You can freely create an image or use an image that has been created by others. Docker registries is a distribution component in docker.

Docker containers

Docker containers is somewhat similar to the directory. Docker containers saves all the resources required to execute the application. Each docker containers is created by an image. Docker containers can run, started, stopped, moved, and deleted. Note that docker containers is isolated from each other. Docker containers is an execution component in docker.

So how does docker work?

So far, we can do the following:

1. Create an image that contains the application you want to execute.

2. Based on this image, you can create a container.

3. You can upload the container to the repository for use by others.

Next, let's take a look at how to execute docker.

How does a docker image work?

We know that docker images is actually a read-only template when docker containers is started. Each template contains several layers. Docker adopted the union file systems mechanism to aggregate these into an image. Union file systems allows physically isolated files or directories to overlap with each other to form a linear file system.

Docker is also lightweight based on the implementation of the above layer. When you modify an image, docker does not modify the original image data, but creates a new data layer. When you modify the entire image or recreate an object in docker, the original data does not change, but several layers have changed. Therefore, when the image changes, you do not need to re-Synchronize the entire image, but only need to synchronize the changed layer once. In this way, docker image is fast and simple.

Each image evolved from a base image. You can create your base image. If you have an Apache image, you can use this image as the base image of your application.

Note: docker generally obtains base images from the dock hub.

Docker uses some simple steps to create a new image based on base images. Each time you perform a step, a new layer is created for the new image ). The basic steps are as follows:

• • Run a command.
  • Add a file or directory.
  • Create an environment variable.
  • What process to run when launching a container from this image.

These commands can be defined in dockerfile. When you need to create a new image, docker can automatically read the commands in dockerfile and execute these commands. Finally, a new image is generated.

How does a docker Registry work?

Docker registry is used to save images. After creating an image, you can upload the image to the dock hub or your private store.

With docker client, you can search for the images you need in the dock hub and download these images to your local device.

The dock Hub also provides both public and private modes. Images in public mode can be downloaded and used by all users. In private mode, only the user or authorized person can download and use these images.

How does a container work?

A standard container includes the operating system, user-defined files, and original data. As we know, each container is created by an image. Image tells docker which processes and configuration parameters should be included when the container is running. Because the image is read-only, the container will create some readable and writable layers on the basis of the original image layer at runtime. The data required for running your application will be recorded in the data layer.

What happens when you run a container?

Docker client notifies docker daemon of how to operate the container whether it is using docker programs or APIs.

When we execute the following command:

$ docker run -i -t ubuntu /bin/bash

The docker client starts and then uses the run parameter to notify docker daemon to start a new container. This short command notifies docker daemon of the following information:

1. Where is the image required by the container? Here, the image name is Ubuntu, which is a base image.

2. When the container starts, you need to automatically switch to/bin/bash when the container starts.

So after we press enter, what will docker do?

• • PullsubuntuImage:Docker checks whether the image exists. If the local image does not exist, the image is downloaded from the dock hub by default. If the container exists locally, use the local image to start the container.
  • Creates a new container:Docker loads the image and then creates a container.
  • Allocates a filesystem and mounts a read-writeLayer:The container starts to create a file system and adds a readable and writable data layer to the image.
  • Allocates a network/Bridge interface:Docker starts to create network interfaces and allows containers to be associated with the host.
  • Sets up an IP Address:Docker selects a container from the IP resource pool.
  • Executes a process that you specify:Docker starts to execute the specified application or command
  • Captures and provides application output:Docker returns the output or error information in the execution process to the client. Let the user know the current application execution status.

The above is the container execution process. Next we will begin to describe how to manage the container, including: end, stop, and remove.

The underlying technology

Docker uses the virtualization technology in the Linux kernel at the underlying layer to present all the features we saw just now.

Namespaces

Docker uses a technical solution called "namespaces" to isolate different workspaces (containers defined above ). When you execute a container, docker will create a series of namespaces for the container.

The namespace created by docker is as follows:

• • ThepidNamespace:Used to isolate processes. (PID is the process ID)
  • ThenetNamespace:Used to manage network interfaces
  • TheipcNamespace:Controls access to IPC resources.
  • ThemntNamespace:Used to manage mount points (MNT is a mount point)
  • TheutsNamespace:Used to isolate kernel and version information (UTS, time-sharing system UNIX timesharing System)

Control Groups

Docker also uses a technology called "cgroups" to control the group. The key to isolation between different applications is that each application can only access its own resources. This ensures that multiple users exist on the host at the same time. Cgroups ensures that docker shares available hardware resources to all containers, and restricts the hardware resources of containers as necessary. For example, you can limit the memory capacity that each container can access.

Union file systems

Union file systems, or "unionfs", is the file system that docker uses when creating the layer. This file system makes docker very lightweight and fast to execute. Docker uses unionfs to provide the corresponding data block for the container ). Docker can use multiple types of unionfs, such as aufs, btrfs, VFS, and devicemapper.

Container format

Docker encapsulates the components described above into the container data type (we call it a container ). The default container type is libcontainer. Docker also supports the container types implemented using lxc in traditional Linux. In the future, docker will also support other types of containers, such as BSD jails or Solaris zones.

　　

Introduction to docker