As can be seen from the following figure, Docker is divided into Docker engine (server daemon) and client tool at runtime. We use various Docker commands daily, which is actually using client tool to interact with Docker engine.

The Client Client

Docker is a client-server (C/S) architecture. The Docker client only needs to make a request to the Docker server or daemon, and the server or daemon will do all the work and return the result. Docker provides a command line tool Docker and a set of RESTful apis. You can run Docker daemons and clients on the same host, or you can connect from a local Docker client to a remote Docker daemon running on another host.

Host (Docker engine)

A physical or virtual machine for executing Docker daemons and containers.

The Image of mirror

What is a Docker image? To put it simply, a Docker image is a Linux Root FileSystem, which contains programs and corresponding data that can run in the Linux kernel.

Start a container with an image. An image is an executable package that contains everything you need to run your application: code, runtime, libraries, environment variables, configuration files, etc.

Docker packages App files into an image and uses storage technology similar to multiple snapshots to achieve:

  • Multiple apps can share the same underlying image (the original operating system image);

  • IO operation and image file isolation during App running;

  • By mounting directories or volumes containing different configuration/data files, a single App image can be used to run containers for countless different services.

The Container vessel

The relationship between an Image and a Container is similar to that between a class and an instance in object-oriented programming. An Image is a static definition and a Container is an entity of the Image runtime. Containers can be created, started, stopped, deleted, paused, and so on.

Docker object-oriented container object mirror class

Mirror layered

Docker supports creating new images by extending existing ones. In fact, 99% of the images in Docker Hub are built by installing and configuring the required software in the base image.

As can be seen from the figure above, the new image is generated from the base image layer by layer. With each software installation, a layer is added to the existing image.

One of the biggest benefits of mirror layering is sharing resources. For example, if multiple images are built from the same base image, Docker Host only needs to save one base image on disk. At the same time, only one base image is loaded in memory to serve all containers. And each layer of the mirror can be shared.

If multiple containers share the same base image, when one container changes the contents of the base image, such as the file in /etc, the other containers’ /etc will not be modified, and the changes will only be limited to a single container. This is the copy-on-write feature of the container.

Writable container layer

When the container starts, a new writable layer is loaded onto the top of the image. This layer is often referred to as the “container layer”, and everything below it is called the “mirror layer”.

All changes to the container – whether adding, deleting, or modifying files – occur only in the container layer. Only “the container layer is writable, and all mirror layers below the container layer are read-only”.

There may be many mirror layers, all of which are combined to form a unified file system. If there is a file with the same path in different layers, for example, / A, the upper-layer/A overwrites the lower-layer/A, that is, users can access only the upper-layer/A files. In the container layer, the user sees a superimposed file system.

File operations instructions
Add files: When a file is created in a container, the new file is added to the container layer.
Read the file: When a file is read from the container, Docker looks for the file from top to bottom in each image layer. Once found, it is immediately copied to the container layer, then opened and read into memory.
Modify the file: When modifying an existing file in the container, Docker looks for the file from top to bottom in each image layer. Once found, copy it to the container layer and modify it.
Delete the fileWhen deleting a file from the container, Docker also looks for the file in the image layer from the top down. When you find it, it’s in the container layer.”Record this deletion“. (Just record the delete operation)

Copying a Copy of data only when it needs to be modified is called copy-on-write. As you can see, the container layer holds the changed parts of the image and does not make any changes to the image itself.

❝ sums it up: the container layer records changes made to the image. All image layers are read-only and cannot be modified by the container, so images can be shared by multiple containers. ❞

Volume data Volume

In fact, our container is like a simplified version of the operating system, but the system is only installed in the environment we need to run the program. As mentioned above, our container can be deleted, but if deleted, the program generated in the container will need to persist the data? When the container is running, we can go into the container and look at it. Once the container is deleted, there is nothing left.

So the data volume is to solve this problem, machine is used for the persistence of data to our host, and realize data sharing between containers, simply means will be hosting the directory of the mapping to the container in the directory, the application in the container in the directory, read and write data synchronization to host such a container of data can be persisted, such as our database containers, You can store the data on a real disk on our host.

Registry warehouse

Docker uses Registry to hold user-built images. Registry is classified as public and private. Docker operates a public Registry called Docker Hub. Users can register with Docker Hub to share and save their images.

Docker provides a public image Repository, Hub.Docker.com (Docker calls it Repository), which provides a huge collection of images for use.

A Docker Registry can contain multiple repositories. Each repository can contain multiple tags; Each label corresponds to a mirror.

Typically, a repository will contain images of different versions of the same software, and tag pairs should correspond to each version of the software. We can specify which version of this software is mirrored by using the format “< repository name >:< tag >”. If no label is given, latest is used as the default label.

conclusion

The official website of Docker reads: “Build and Ship any Application Anywhere”. Combined with what we have just understood, it can be summed up as: “Build once, run Anywhere.”

In addition, Docker provides public image Repository hub.Docker.com (Docker calls it Repository) and GitHub Connect to automatically build images, greatly simplifying the application distribution, deployment and upgrade process. In addition, Docker can easily create a variety of customized image files, which is an important factor for Docker to become the most popular container technology.

Through the combination of these technologies, the final result is: for most applications, developers can create images through Docker build, upload images through Docker push, download images through Docker pull, and run container applications using Docker Run. Users no longer have to worry about setting up the environment, installing it, or resolving library conflicts between different distributions — often without consuming more hardware resources or significantly degrading performance.