Many friends who are new to container technology are not easy to understand the difference and connection between container, container image and Docker.
Let’s start with containers and container images. For example, when executing the command line docker search nginx, each record of the search result is a container image.
A mirror is a static concept. A mirror consists of several read-only layers.
On the left side of the image above is the internal implementation details of the Docker image. We can see that multiple read-only layers are superimposed on each other. The layers are linked by Pointers.
Linux’s Union File System technology merges these stacked read-only layers into a single file system that provides a unified view of these read-only layers, thus hiding the existence of multiple layers from Docker users.
From the Docker user’s perspective, a Docker image has only one file system, as shown on the right in the figure above.
The design of these file systems is a Docker implementation detail that we generally don’t have to delve into. But if you’re curious enough, use the sudo tree command to browse the /var/lib/docker directory:
For example, I use the docker images command to browse the docker images downloaded locally:
One of these images, called Jerry-nginx, is a Web application whose contents can be found in /var/lib/docker:
So, having talked about container images, let’s look at containers.
A container, like a container image, is a stack of layers. The only difference is that the top layer of all read-only layers is a readable and writable layer, as shown in the green legend above.
Beginners can remember this simple formula: Container = container image + readable and writable layer
If we use the docker ps –all command to view the list of all containers on the host, we will find that some containers are in the running state, and some are in the exit state.
Thus, a running container contains a read-write file system plus isolated process space.
Processes in the container can modify, delete, and create files in the read-write file system.
Each layer in the image can actually be found under the Containers subdirectory of the Docker folder:
In the image above, each red folder represents a layer in the image, and the blue file contains the log file or network configuration for that layer.
Here’s an experiment:
After executing the Ubuntu container, use the find / -name i042416.txt file to indicate that the Docker runtime can write to the host’s file system.
Here are some common and confusing commands.
docker create
Take a look at its help documentation:
Try implementing the following:
Produces an output ID:
7ee10851c3f1e53bbd35e5f196f34de560afa1a20d9bf1ced587630dbcda877b
Create Creates a container whose state changes to created:
The docker create command creates a new container instance by creating a new readable and writable layer for the container image passed through the command line:
And then execute docker start, input docker create to create the container instance ID, you can start the container instances.
Docker run is a version of docker create and Docker start.
Hopefully this article has helped you understand the difference between containers and container images. For more of Jerry’s original articles, please follow the public account “Wang Zixi “:
