Docker Learning Notes (i) Fundamentals and concepts

1 What is Docker.

Docker is a cloud-open source project based on the Go language. The main goal of Docker is "build,ship and run any App,anywhere", that is, through the encapsulation, distribution, deployment, operation and other lifecycle management of application components, Enable the user's app (which can be a web app or database application, etc.) and its operating environment to be "packaged once, run everywhere".

The Docker engine is based on Linux's own container (Linux CONTAINERS,LXC) technology. IBM's precise description of container technology is as follows:

Containers effectively divide resources managed by a single operating system into orphaned groups to better balance conflicting resource usage requirements among orphaned groups. This requires neither instruction-level emulation nor immediate compilation, as compared to virtualization. The container can run instructions locally on the core CPU without requiring any special interpretation mechanism. In addition, the complexity of quasi-virtualization (paravirtualization) and system call substitution is avoided.

We can understand the container as a sandbox. Each container runs an application, different containers are isolated from each other, and a communication mechanism can be established between the containers. Containers are created and stopped very quickly (in seconds), and the container itself has very limited resource requirements, much less than the virtual machine itself consumes.
2 Benefits of Docker for DevOps

Faster delivery and Deployment: Developers can use mirroring to quickly build a standard development environment, and once development is complete, test and OPS personnel can quickly deploy applications using Docker images provided by the developer to avoid deployment issues that result from developing and testing the environmental differences between operations personnel.

More University resources: Docker containers run without the need for additional hypervisor support, which is a kernel-level virtualization that achieves higher performance in less resource-intensive situations.

More convenient migrations and extensions: Docker containers can run on virtually any platform, including physical machines, virtual machines, public clouds, private clouds, servers, and more. This compatibility makes it easy for users to complete application migrations between different platforms.

Simpler update management: With Dockerfile, only minor configuration changes are needed to replace a lot of previous updates, and all modifications are distributed and updated incrementally. 3 Virtualization and Docker

The core of virtualization is the abstraction of resources, and the goal is often to run multiple systems or applications on the same machine, thus increasing the utilization of system resources. Virtualization is divided into many types, such as common hardware-assisted virtualization (VMware Workstation, KVM, and so on). The container virtualization technology represented by Docker is operating system-level virtualization: The kernel isolates different processes by creating multiple virtual operating system instances (cores and libraries).

Traditional virtualization and container technology structure comparison: The traditional virtualization technology is virtualized at the hardware level, which increases the link of the system call link, has the performance loss; container virtualization technology is implemented in a shared kernel, with little performance loss. 4 How Docker is implemented.

Docker is the architecture of Client/server, and Docker clients interact with Docker Daemon, Daemon is responsible for building, running, and publishing Docker containers. The client can run on the same system as the server, or it can connect to a remote daemon. The Docker client's daemon socket communicates through the RESTful API.

As pictured above, the Docker Daemon (daemon) runs on the host, the user cannot interact directly with the daemon, but can be interacted with by the Docker client; The client is the initial user interface of Docker, which receives the user's commands and feedback, And interact with Docker's daemon.

Docker is based on technologies such as Linux container Technology (LXC) and Namespace,cgroup,unionfs (Federated file system):

namespace (namespace): Namespaces are a powerful feature of the Linux kernel. Each container has its own separate namespace, and the applications running in it are like running in a separate operating system. namespaces ensure that the containers do not affect each other. Docker is actually a process container that implements the isolation of the resources used by processes and processes through namespace. Make different processes invisible to one another.

Some of the namespaces that Docker uses are:

PID namespaces: For isolating processes, containers have their own independent process tables and process 1th;

NET namespace: Used to manage the network, the container has its own independent networkinfo;

IPC namespaces: For access to IPC resources (ipc:interprocess communication);

MNT namespaces: For managing mount points, each container has its own unique directory mount;

UTS namespace: For isolating kernels and version identifiers (Uts:unixtimeprocess System), each container has a separate hostname and domain.

Cgroup (control group): A feature of the Linux kernel that is used to isolate, restrict, audit, and share resources. Only the resources allocated to the container can be controlled to avoid competition for system resources when multiple containers are running concurrently. Control group technology was first proposed by Google programmers since 2006, and the Linux kernel began to support 2.6.24. Control groups can provide restrictions on the memory, CPU, disk IO, and other resources of the container and audit management.

UnionFS (Federated file System): the Union File System (UnionFS) is a layered, lightweight, and high-performance file system that supports file system modifications as a layer of overlay on a single commit, while mounting different directories to the same virtual file system (Unite several directories to a single virtual filesystem). The Union file system is the basis for Docker mirroring. Mirroring can be inherited by layering, and it is possible to create a variety of specific application images based on the underlying image (without the parent image). In addition, different Docker containers can share some of the underlying file system layers, plus their own unique layer of change, greatly improving the efficiency of storage. The AUFS (ANOTHERUNIONFS) used in Docker is a Union FS. AUFS supports the ability to set read-only (readonly), read-write (ReadWrite), and write-out (whiteout-able) permissions for each member directory (such as a Git-like branch), while AUFS has a hierarchy-like concept, A branch that is read-only can be incrementally modified logically (without affecting the read-only portion). The types of Union file systems currently supported by Docker include AUFS, Btrfs, VFS, and Devicemapper. 5 Docker Core Concept 5.1 Image

A docker image is similar to a virtual machine image, is a read-only template, and contains a file system. A mirror can contain only one operating system environment (such as the SuSE image), or the user program and its operating environment (such as a ebackup mirror) can be installed. A mirror is actually a file, and any user program can be part of the image.

Mirroring = Operating system + software operating environment + user program

As shown above, a layer is an image, and multiple images can be packaged into an image. Image resembles a single-linked list system, each image contains a pointer to the parent image, and an image without the parent image is baseimage (the pointer to the image is saved by the SQLite database).

The topmost layer (not the image) is writable, the above content depends on the content below, if you want to modify the following content, first copy the following to the above and then modify.

Image is the basis for creating container.

Some commands about the image:

Docker pull//download image from Network

Docker images//view mirrored 5.2 that the local host already exists Container

A container is a running instance created from a mirror and can be started and started. Stops, deletes, and these containers are isolated from each other (independent processes) and are not visible to each other. 5.3 Repository