<title>The basic concept of Docker pits</title> The basic concept of Docker is pits 1. The basic composition of Docker
- Docker Client Clients
- Docker Daemon Daemon
- Docker image Image
- Docker Container Container
- Docker Registry Warehouse
Docker is a program of C/s architecture. The Docker client makes a request to the server side of Docker (that is, the daemon) and the daemon processes all the work and returns the results. Docker client access to the server can be either local or remote.
The Docker image Image is a cascading, read-only file system, such as
Its lowest end is a boot file system Bootfs (like a typical Linux boot file system), and Docker users never interact with the underlying file system
The second layer of the Docker file system is the Rootfs file system, located on the Bootfs, which can be one or more operating systems, such as Ubuntu or CentOS. Rootfs is always read-only in Docker. < ————-base image
and Docker loads more read-only file systems on top of ROOTFS with the Federated loading Technology (union mount). Federated loading refers to loading multiple file systems at once, but outside it looks like only one file system is visible. The federated load will overlay the file systems of each layer so that the final file system will contain all the underlying files and directories.
Docker Container container starts with mirroring
When the image starts, using the structure of the image file we just introduced, Docker loads a read-write structure at the top of the image file-the writable layer. When the file system changes, these changes are applied to this layer. For example, if you want to modify a file, you will first copy it from the read-only layer to the read-write layer and then modify it. The read-only version of the file still exists, but will be hidden by the modified version-this is an important mechanism in Docker when it is copied (copy on write).
Docker Registry Warehouse, divided into: public, private. Docker provides a public repository called the Docker Hub, where we can register accounts, share and save our own images.
Docker Online Demo Address:
https://www.docker.com/tryit/
Basic operation:
1.Docker version#查看Docker的版本
2.Docker Search Tutorial#通过仓库查找一个叫tutorial的镜像文件
3.Docker Pull Learn/tutorial#下载该镜像文件, the image file name here is the image file name that was found in the repository in the previous step, which contains the user name and the mirror name
4.DockerRunLearn/tutorial Echo' Hello World ' #通过run命令启动一个容器, and output ' Hello World '
5.DockerRunLearn/tutorial Apt-get install-yPing #在容器中安装ping命令
6.Docker Ps-l#用ps命令来查看有哪些容器
7.Docker Commit ID number learn/Ping #对新更改的容器保存为一个镜像, Learn/ping is a new name.
8.DockerRunlearn/Ping Pingwww.google.com#在新保存的容器中运行ping谷歌的网站
9.Docker Inspect ID number#查看容器信息
.Docker images#查看有哪些镜像文件
One by one .Docker Push learn/Ping on the #将镜像文件保存到docker hub
2. Introduction to Docker container related technologies
Docker relies on the Linux kernel features:
- Namespaces namespaces
- Control groups (cgroups) Controls Group
Namespaces namespaces
1.编程语言
2. 封装------->代码隔离
3.操作系统
4. 系统资源的隔离(进程、网络、文件系统....)
For Docker, it uses 5 command spaces:
- PID (process ID) process isolation
- NET Management Network interface
- IPC (interprocess communication) manages access to cross-process communications
- MNT (Mount) Management mount point
- UTS (Unix timesharing System) isolated kernel and version ID
Docker uses control groups to allocate resources.
Cgroups Features:
- Resource limits
- Priority setting
- Resource metering
- Resource control
What capabilities do these two features bring to Docker containers?
- File system isolation: Each container has its own root file system
- Process isolation: Each container runs in its own process environment
- Network isolation: Virtual network interfaces and IP addresses between containers are separate
- Resource isolation and Grouping: Use Cgroups to assign resources such as CPUs and memory to each Docker container independently
Docker basic Concept Pits