1 container
Container is a lightweight virtualization technology. Container technology has been around for a long time, and there are many container technologies for Linux such as Linux-VServer, OpenVZ and FreeVPS. While these technologies have matured, these solutions have yet to integrate their container support into the mainstream Linux kernel. In general, containers are not Docker, and containers are not virtual machines.
In essence, a container is a collection of view-isolated, resource-limiting, independent file system processes. View isolation is the ability to see part of the process and have a separate host name, etc. To control resource usage, you can limit the memory size and CPU usage. A container is a collection of processes that isolate other resources in the system and have its own view of resources.
How does a container achieve isolation?
The isolation mechanism for containers is provided by Linux namespaces and control groups.
The Linux NameSpace allows each process to see only its own system view (such as files, process ids, network interfaces, host names, etc.). The Linux control group (CGourp) limits the amount of resources (CPU, memory, network bandwidth, etc.) that a process can use.
2 Docker
The docker engine
Docker provides an isolated environment for packaging and running applications on the machine. Many containers can be placed inside, and containers are isolated from each other.
Docker’s isolation and security features allow you to run multiple containers on a host at the same time, and it is not as heavy weight as virtual machines. Containers are run on the host kernel, it is lightweight, whether you are running Ubuntu, Debian or other Linux systems, using the host kernel.
Docker Engine, also known as Docker, is not a container itself, but a tool to create containers. It is a C/S architecture application that provides most of the functional components, and is responsible for managing images, containers, networks and data volumes. Docker Engine consists of the following sections:
- Docker Daemon – A Docker Daemon that belongs to the C/S server
- Docker REST API – The REST interface exposed by the Docker Daemon
- Docker CLI – Docker exposed Command Line API
Therefore, the client can access the server in two ways: using the command line, or directly invoking the Rest API.
Docker architecture
- Docker Daemon: Docker Daemon used to manage images, containers, and data volumes.
- Docker Client: Used to interact with the Docker Daemon.
- Docker Registry: Used to store Docker images. Similar to Github, the public Registry includes Docker Hub and Docker Cloud.
- Images: An image is a collection of all the files that the container needs to run. It can also be viewed as a template for the container. An image contains everything that is involved in running the application — code or binaries, runtime, dependencies, and so on.
- Containers: Containers are a working example of images that can be created, started, stopped, or deleted using the Docker client (run command) or API. By default, the container is isolated from the host and other containers, although you can control the network of isolated containers or how they are stored.
- Repository: A Docker Repository for storing images.
- Docker Swarm is a concept introduced by docker Swarm, which can be used to scale the number of containers between multiple hosts and support load balancing and service routing.