Before we start talking about Docker containers, what is virtualization and what is a container
virtualization
If you want to use a simple statement to describe the virtualization technology, then you can explain: virtualization technology is a computer physical resources abstraction, converted into virtual computer resources for the use of the program technology. The computer resources referred to here include computing control resources provided by CPU, data storage resources provided by hard disks, network transmission resources provided by network cards and so on.
Designed for cross-platform
In the early stage of computer development, all kinds of computer platforms and computing resources provided different interfaces, so the invocation was very chaotic and there was no relatively unified standard like today. Virtualization technology was born out of writing a variety of compatible code for different platforms. Virtualization technology abstracts the hardware of different platforms into a unified interface, so as to realize the cross-platform application.
Use virtualization techniques for resource management
In the process of the development of virtualization technology, people found another use of virtualization technology: resource management. Because virtualization technology is the abstraction of computer physical resources into a virtual computer resources, so it is easy to modify computer resources here, such as this computer can tell the program only 4 gb of memory, and whether the computer is a 16 gb or 32 gb, the program will tell its 4 g memory according to the virtual machine to use. The way we manage computer resources through virtualization technology allows us to be more flexible in our control of computer resources, and to deliver a great deal of utilization of computer resources. See this may be some confusion, virtualization technology itself will consume part of the computer resources, how can also produce 1+1>2 effect? In fact, this refers to the rate of computer usage, not the rate of computer occupancy, which looks very similar, but is not the same concept. Virtualization technology improves the utilization of computer resources. Virtualization technology allocates resources that cannot be used by original programs to other programs to improve the overall utilization of computer resources. For example, here we have a machine running Nginx, which leaves almost 95% or more of the system’s resources idle because Nginx does not consume a lot of system resources. At this time we through virtualization technology, put some other programs on this machine to run, they can make full use of idle resources. The advantage of this is that we no longer need to deploy a separate machine for these programs, thus saving a lot of money.
Classification of virtualization
- Hardware virtualization
- Software virtualization
The so-called hardware virtualization refers to the physical hardware itself provides virtualization support. A CPU on one platform, for example, can translate another platform’s instruction set into its own instruction set for execution, giving the impression that the program is running entirely on that platform. Alternatively, the CPU can simulate fission itself, making a program or operating system think there are more than one CPU, and thus be able to run multiple programs or operating systems simultaneously. These are all manifestations of hardware virtualization. Software virtualization refers to the realization of key instruction conversion in virtualization through software. Again using the CPU example, in software virtualization implementations, instructions are translated through a layer of virtualization that is interspersed between the application and the hardware platform. That is, even if an application issues commands to the operating system or physical hardware that are not supported by the current hardware platform, the virtualization software will translate them into commands that the current hardware platform can recognize
In actual scenarios, virtualization can also carry out more detailed classification, for example:
- Platform virtualization: A virtualization facility is built between the operating system and the hardware platform so that the entire operating system runs in a virtual environment.
- Application virtualization: Virtualizes between operating systems and applications so that applications only run in a virtualized environment.
- Memory virtualization: The virtual memory of non-contiguous memory areas, or even disk space into a unified contiguous memory address, which is often referred to as virtual memory.
- Desktop virtualization: Enables local desktop applications to use remote computer resources to control remote computers.
The virtual machine
Virtual Machine (VM). The so-called Virtual Machine is usually separated from the operating system and hardware or application and operating system through a Virtual Machine Monitor facility, so as to achieve the purpose of virtualization. This sandwiched virtual machine monitor is often referred to as a Hypervisor.
Container technology
Container technology is a new sense of virtualization technology, according to the classification or implementation, it should belong to the category of operating system virtualization, that is, by the operating system to provide virtualization support. The so-called container technology refers to the operating system itself to support some connections, so that applications can run independently of each other, and can interfere with the resources used in running. Since application execution is isolated in a separate runtime environment, this independent runtime environment acts as a container that wraps around the application, hence the name container technology. Virtual machine VS container
What is a Docker
Docker is a container engine implemented by Go and opened source by dotCloud in 2013.
What does Docker bring
Take advantage of its overall improve our work efficiency and ease of use, can be developers or operations staff from repetitive and error-prone service building, especially under the wave of micro service, project more modular and as a service, a complete project is composed of many small service, it is also a big challenge for the building. The implementation of Docker is based on three major technologies: Namespaces, Control Groups, and Union File systems.
Namespace
Namespaces are a module for running isolation that was gradually introduced in the Linux core after version 2.4. The Linux kernel namespace is the ability to divide computer resources into separate Spaces. In terms of implementation, Linux Namespaces can be divided into a number of specific subsystems, such as User Namespace, Net Namespace, PID Namespace, Mount Namespace, etc. Using the PID Namespace, we can create a separate process running space in which the process is numbered from 1. Processes running in this space are completely unaware of other processes on the outside system or processes running in other process namespaces.
Control Groups
Resource control groups (often abbreviated as CGroups) is a module for controlling computer resources introduced by Linux kernel after version 2.6. As the name implies, the role of the resource control group is to control computer resources. Unlike namespaces that isolate virtual resources such as processes, networks, and file systems, CGroups mainly isolate hardware resources. As mentioned before, apart from creating a virtual environment to separate different programs running on the same physical platform, another major function of virtualization is to control the allocation of hardware resources. CGroups are used for this purpose. Once again, CGroups play a key role in resource allocation as well as resource isolation. With CGroups, we can specify the occupancy value or rate of any resource for any isolated environment, which is a very useful feature for many distributed usage scenarios.
Union File System
A Union File System is a File System that can mount different actual files or folders to the same directory at the same time, forming a Union File structure. The joint file system itself has little to do with virtualization, but Docker innovatively introduces it into container implementation, using it to solve the problem of virtual environment occupying too much of the file system and realizing the virtual environment’s quick start and stop. Docker provides an improved implementation of UnionFS, that is, AUFS (Advanced Union File System).
| attribute | Docker | The virtual machine |
|---|---|---|
| startup | Second level | Minutes of class |
| The hard disk to use | MB level | gigabyte |
| performance | Close to the native | The lower |
| Ordinary machine support | Hundreds of | A few |
What can Docker do
Theoretically, we already know that Docker can bring great convenience to our work, so how should we properly use it in practice? Here I have extracted and sorted out a section of guidance from Docker official documents, hoping to provide reference for everyone’s practice.
Deliver your applications faster and more consistently
With Docker, developers can get a standard application or service operating environment in the local container, thus simplifying the development life cycle (reducing the extra consumption caused by adaptation and adjustment between different environments). For the entire application iteration, the inclusion of Docker workflow will be more suitable for Continuous Integration and Continuous Delivery. A concrete example: developers can use Docker to write code locally and share their work with colleagues through containers. They can use Docker to push written programs to test environments for automated testing or manual testing. When Bugs occur, developers can fix them in the development environment and quickly redeploy them to the test environment. After testing is complete, deploying the image with the application is ready for production release.
Cross-platform deployment and dynamic scaling
Docker based on container technology has a high cross-platform, Docker container can easily run on developers’ local computers, physical machines or virtual machines in data centers, cloud servers provided by cloud service providers, and even in mixed environments. At the same time, Docker’s lightweight and high portability can help us to complete the dynamic scaling of the application. We can scale the docker-based application flexibly in near real time by some means, which can greatly improve the robustness of the application.
More output from the same hardware
Docker’s high efficiency and lightweight features provide an economical, efficient and feasible alternative to hypervisor-based virtual machines. Under Docker, you can save more resources to put into the business, so that the application produces higher efficiency. At the same time, such low resource consumption also shows that Docker is very suitable for high-density small to medium deployment scenarios.
Docker core components
In Docker system, there are four objects that we have to introduce, because almost all the functions of Docker and surrounding ecology are carried out around them. They are Image, Container, Network, and Volume.
The mirror
An image can be understood as a read-only file package that contains the contents of the original file system that the virtual environment runs on. Of course, there are some differences between Docker images and virtual machine images. First of all, one of the innovations in Docker we talked about earlier is the use of AUFS as the underlying file system implementation. In this way, Docker implements an incremental mirror structure.
The container
Container is better understood. In Container technology, Container is the infrastructure used to isolate the virtual environment, while in Docker, it is also extended to the isolated virtual environment. If an image is understood as a class in programming, then a container can be understood as an instance of a class. The mirror holds immutable objects, and when the container based on them is activated, the container becomes a “living” space. To use a more official definition, a Docker container should consist of three things:
- A Docker image
- A program execution environment
- A set of instructions
network
In Docker, powerful network functions are realized. We can not only easily configure the network of each container, but also build virtual networks among containers, wrapping several containers in them and isolating them from other network environments.
Data volume
In addition to the network, files are also an important resource for data interaction. In the past, the VM file system is used to store application data and other files. However, this approach is not completely safe. When the virtual machine or container fails to use the file system, although we can quickly restore the application by resetting the file system through the image, the data stored before will also disappear. To keep the data independent, we usually mount a separate file system to store the data. This can be tedious in a virtual machine, as we have to figure out how to implement mounting on different hosts, mount file system compatibility, virtual operating system configuration, and so on. Fortunately, these are easy to implement in Docker, we only need one or two simple commands or parameters, can complete the file system directory mount. Such a simple mount is mainly due to the Union File System technology at the bottom of Docker. Under UnionFS, in addition to being able to mount directories from the host operating system, it is also possible to create independent directories to persist data or share data between containers. In Docker, the files or directories that are shared or persisted in these ways are all called data volumes.
Docker Engine
Today, the Docker ecosystem is much larger than when it was born. Although we are still used to using the name Docker to refer to the software that supports container technology, it is obviously easier to be confused with other concepts. Here it is necessary for us to introduce the most core software in Docker, not only because it plays a central role in the Docker ecosystem, but also because it is the thing we really touch the most in development. At present, this tool to achieve containerization is maintained by Docker official, Docker official named it as Docker Engine, and defines it as an industry-standard Container Engine. In Docker Engine, the core part of Docker technology is realized, that is, the container Engine.
Docker Daemon and Docker CLI
We say Docker Engine is a piece of software, but if you dig deeper, it’s actually a package made up of multiple independent software. The core of these programs are the Docker Daemon and the Docker CLI. All the container management, application choreography, image distribution and other functions that we generally think Docker can provide are concentrated in Docker Daemon, and the image module, container module, data volume module and network module mentioned before are also implemented in Docker Daemon. In the operating system, Docker daemons usually run as services to provide these functions silently, so they are also called Docker services.
