Composition of docker:
- Docker engine is a lightweight and powerful open-source container virtualization platform that uses the virtualization technology that includes workflows to help users build and containerize an application.
- Docker hub, an SaaS service provided to share and manage your application stack
Advantages of docker:
- Fast Application delivery
- Easier deployment and Expansion
- Higher deployment density and more full Running Load
- Faster deployment makes management easier
Docker architecture:
Docker uses the CS architecture, including docker client and docker daemon. Docker client calls docker and daemon completes heavyweight tasks, including creating, running, and distributing docker containers. The client and daemon can run on the same physical machine, and the client can also connect to a remote daemon. The client and daemon communicate with each other through socket or rest APIs.
The docker architecture is as follows:
Running on the host machine, the user does not directly interact with docker, but connects through the docker client.
It exists as a binary file and is the main user interface of docker. It accepts user input commands and communicates with docker daemon.
Docker internal structure:
A docker image is a read-only template. For example, an image can be an Ubuntu operating system containing the Apache server and installed with your application. An image is used to create a docker container. Docker provides a simple way to create a new image, update the image, or download an image that has been created by another user. Docker image is docker'sCreateModule.
- Docker registries (Registration)
Docker registries manages images. Registry indicates an image uploaded or downloaded by a user, marked as public storage, or private storage. Public Registration is called docker hub. It provides a large number of ready-to-use images for users. These images can be created by the user or by others. Docker registries is docker'sReleaseModule.
- Docker containers (container)
Docker containers and folders are similar. A docker container saves everything required for an application to run. Each container is created based on an image. Docker can be run, started, stopped, moved, or deleted. Each container is an independent and secure application platform. Docker container is docker'sRunModule.
How docker works:
- Create an image containing the application;
- Create a docker container to run the application based on the created image;
- You can share a docker image through a public docker hub or your own registration.
How docker components work:
We have seen that a docker image is a read-only template that is easy to create when docker is created. Each image consists of several "layers". The docker image uses unionfs to integrate these "layers" into an image. Unionfs allows different file systems (called "branches") to be used for Files And Directories. The layers are transparently stacked to form an overall and consistent file system.
All such lightweight docker is related to these "layers". When you need to modify an image, such as updating an application to a new version, a new "layer" is created ". In a virtual machine, you need to replace the entire image, or re-create an image. docker only needs to add the new layer to the image, or perform "layer" updates. In this way, you do not need to release a new image. You only need to update it to make docker image publishing faster and simpler.
Each image starts with a basic image, such as Ubuntu, a basic Ubuntu image, fedora, and a basic fedora image. You can also use your own image as a basic image. For example, if you create an Apache image, you can create your web application image accordingly.
Generally, docker obtains these basic images from the docker hub.
Then, based on these basic images, the docker image uses a set of simple and descriptive steps called "commands ". Each Command creates a new "layer" on the image ". Commands include the following actions:
- Execute a command
- Add a file or directory
- Create an environment variable
- The process that is executed when a container is loaded based on the current image
These commands are stored in a file called dockerfile. When a user requests to create an image, docker reads the dockerfile, runs the command in it, and then returns a final image.
- How docker registration works:
Docker registration is a management library for docker images. After creating a docker image, you can push the image to the Public Registry docker hub or the personal registry that runs in the firewall.
You can use the docker client to search for released docker images, drag the images to the local docker host, and create containers based on these images.
Docker hub provides public and private image storage mechanisms. Public images can be searched and downloaded by anyone. Private images are excluded from the search results, and only you and your users can download the images and create containers based on them. You can create a storage plan here.
- How docker containers work:
A container includes the operating system, user-added applications, and metadata. Each container is created based on an image. The image tells docker what content the container contains,
Processes and other configuration data that are run when the container is loaded. A docker image is read-only. When docker runs a container, it adds a read/write layer to the read-only image (using the unionfs mentioned earlier ), applications can run on this layer.
- Internal Mechanism for running a container
With docker programs or APIs, The docker client notifies docker daemon to run a container:
$ sudo docker run -i -t ubuntu /bin/bash
Disassemble the preceding command:
Docker client-start with a docker program;
|-Use run to notify docker daemon to load a new container;
|-Ubuntu: the container is created based on that image;
|-/Bin/sh: What command is executed in the container after the container is loaded;
When loading a container, at least tell docker daemon to create a container based on that image and what commands the container will execute after loading.
The internal implementation mechanism of the preceding command is as follows:
- Download Ubuntu image: docker checks whether the Ubuntu image exists. If the local image does not exist, download it from docker hub. if it already exists, create a container based on the Local Ubuntu image;
- Create a new container: once an image is available, use the image to create a container;
- Allocate a file system and create a read/write layer: the container is created in this file system, and a read/write layer is added to the original basic image;
- Allocate Network \ bridge interface: create a network interface that allows containers to communicate with local hosts;
- IP Address Allocation: Find and bind an available IP address from the resource pool;
- Run the process specified by the user: run the application you specified;
- Capture and provide application output: connect to and record standard input, output, and error reports, and provide the information to users for them to understand how the application runs.
With a running container, you can manage the container and interact with the application. After the running, close and remove the container.
Docker underlying technology:
Docker is written in the go language and some features of the Linux kernel are used to provide some of the features we can see.
Docker uses the namespaces technology to provide an isolated workspace called a container. When running a container, docker creates a group of namespaces for the container.
In this way, an isolation layer is created: each container instance (aspect of container) runs in its own namespace and cannot be accessed externally.
Some namespaces used by docker include:
-
- PID: process ID, process isolation;
- Net: Networking, manage network interfaces;
- IPC: Interprocess Communication, managing access to IPC resources;
- MNT: Mount. Manage mount points;
- UTS: Unix timesharing system, kernel isolation and version identification.
- Control groups (control group)
The key to running an application in isolation is to control the application to use legal resources. This ensures that the container is a good multi-tenant user on the host machine. The control group allows docker to share the hardware resources of the host to the container, and supports restrictions and constraints on the available resources of the container. For example, restrict the available memory of the specified container.
Union file systems (Federated File System)
A file system, or unionfs, is a special file system that creates a "layer" for operations. This file system is fast and lightweight enough. Docker uses the federated file system to provide the container creation module. Docker supports multiple variants of the combined file system, including: aufs, btrfs, VFS, and devicemapper
- Container format (container format)
Docker packs these components into a package named container format. The default container format is libcontainer. Docker also supports the use of lxc traditional Linux containers. In the future, docker will spend other container formats, such as integration with BSD jails and Solaris zones.
Reference:
Https://docs.docker.com/introduction/understanding-docker/
Docker 01 Introduction