preface
This paper only introduces the concept of Docker in detail, and does not involve the installation of Docker environment and some common operations and commands of Docker.
Docker is the world’s leading software container platform, so to understand the concept of Docker, we must start from the container
To know the container
What is a container?
A container is the packaging of software into standardized units for development, delivery, and deployment.
- Container images are lightweight, executable, stand-alone packages that contain everything you need to run your software: code, runtime environment, system tools, system libraries, and Settings.
- Containerized software is suitable for Linux – and Windows-based applications and runs consistently in any environment.
- Containers help reduce conflicts between teams running different software on the same infrastructure by giving software independence from external environmental differences (for example, differences in development and rehearsal environments).
Let’s take a look at the more popular explanation of container: if a popular description of container is needed, I think container is a place to store things, just like a bag can hold all kinds of stationery, a wardrobe can hold all kinds of clothes, and a shoe rack can hold all kinds of shoes. What we now refer to as containers may be more application-specific such as websites, programs, or even system environments.
Containers virtualize operating systems rather than hardware and share the same set of operating system resources between containers. Virtual machine technology is a set of virtual hardware, running a complete operating system on it. Therefore, the isolation level of the container is slightly lower.
Some concepts of Docker
What is a Docker
To be honest, it is not easy to say what a Docker is. I will explain to you what a Docker is through four points below.
- Docker is the world’s leading software container platform.
- Docker uses the Go language launched by Google for development and implementation. Based on cgroup, Namespace, AUFS class UnionFS and other technologies, Docker encapsulates and isolates processes, which is a virtualization technology at the operating system level. Since a quarantined process is independent of the host and other quarantined processes, it is also called a container. Docke was originally implemented based on LXC.
- Docker automates repetitive tasks, such as setting up and configuring development environments, freeing up developers to focus on what really matters: building great software.
- Users can easily create and use containers and put their own applications into containers. Containers can also be versioned, copied, shared, and modified just like normal code.
Docker thought
- container
- Standardization: ① mode of transportation, ② mode of storage, ③API interface
- isolation
Docker container features
- Lightweight, multiple Docker containers running on one machine can share the operating system kernel of that machine; They can start quickly and require very few computing and memory resources. Mirrors are constructed through the file system layer and share some common files. This minimizes disk usage and allows images to be downloaded more quickly.
- Standards, Docker containers are based on open standards and can run on all major Linux versions, Microsoft Windows, and any infrastructure including VMS, bare-metal servers, and the cloud.
- Security. Docker allows applications to be isolated not only from each other, but also from the underlying infrastructure. Docker provides maximum isolation by default, so when an application has a problem, it is a problem in a single container, not across the entire machine.
Why Docker
- Docker image provides a complete runtime environment in addition to the kernel, to ensure the consistency of the application running environment, so that there will no longer be “no problem with this code on my machine ah” such problems; — Consistent operating environment
- The startup time can be in the order of seconds or even milliseconds. Greatly saving the development, testing, deployment time. — Faster startup time
- Avoid public servers, where resources are vulnerable to other users. – isolation,
- Good at dealing with server usage stress of concentrated outbreak; — Elastic expansion and rapid expansion
- Applications running on one platform can be easily migrated to another platform without worrying about running in a different environment. — Easy to migrate
- With Docker, continuous integration, continuous delivery and deployment can be achieved by customizing application images. — Continuous delivery and deployment
When it comes to containers, we have to compare them to virtual machines.
Container VS VIRTUAL machine
To put it simply: Containers and virtual machines have similar resource isolation and allocation benefits, but their functionality is different because containers virtualize the operating system, not the hardware, and therefore are more portable and efficient.
Comparison diagram
The traditional virtual machine technology is to create a set of virtual hardware, run a complete operating system on it, and then run required application processes on the system. The application process in the container runs directly on the host kernel, without its own kernel and without hardware virtualization. Therefore, containers are much lighter than traditional virtual machines.
Containers and Virtual Machines (VMS) summary
- A container is an application-layer abstraction for packaging code and dependent resources together. Multiple containers can run on the same machine, sharing the operating system kernel, but each running as a separate process in user space. Compared to virtual machines, containers take up less space (container images are usually only a few tens of megabytes in size) and can be started instantaneously.
- A virtual machine (VM) is a physical hardware layer abstraction for turning one server into multiple servers. Hypervisors allow multiple VMS to run on one machine. Each VM contains a complete set of operating systems, one or more applications, the necessary binaries, and library resources, and therefore takes up a lot of space. VM startup is also slow.
Docker basic concepts
Docker consists of three basic concepts:
- Image
- Container
- Repository
Image – a special file system
Operating systems are divided into kernel and user space. For Linux, the root file system is mounted to provide user-space support after the kernel is started. A Docker Image, on the other hand, is a root file system. Docker image is a special file system, in addition to providing programs, libraries, resources, configuration files required by the container runtime, but also contains some configuration parameters prepared for the runtime (such as anonymous volumes, environment variables, users, etc.). The image does not contain any dynamic data and its contents are not changed after the build. When Docker is designed, it makes full use of Union FS technology and designs it as a layered storage architecture. A mirror is actually a combination of multiple file systems. When a mirror is built, one layer is built on top of the other. After each layer is built, there are no more changes, and any changes on the next layer only happen on your own layer. For example, deleting a file at the previous layer does not actually delete the file at the previous layer, but only marks the file as deleted at the current layer. This file will not be seen when the final container runs, but it will actually follow the image. Therefore, when building the image, extra care should be taken. Each layer should contain only what needs to be added to that layer, and any extras should be cleared away before the layer is built. The feature of hierarchical storage also makes it easier to reuse and customize images. You can even use the previously built image as the base layer and then add new layers to customize what you need to build new images.
Container – The image runtime entity
The relationship between an Image and a Container is similar to that between a class and an instance in object-oriented programming. An Image is a static definition and a Container is an entity of the Image runtime. Containers can be created, started, stopped, deleted, paused, and so on. The essence of a container is a process, but unlike processes that execute directly on the host, container processes run in their own separate namespace. As mentioned earlier, images use tiered storage, as do containers. The container storage layer lives the same as the container. When the container dies, the container storage layer dies with it. Therefore, any information stored in the container storage layer is lost when the container is deleted. As per Docker best practices, containers should not write any data to their storage layer, and the container storage layer should remain stateless. All file writing operations should use data volumes or bind host directories. Read/write operations in these locations skip the container storage layer and directly read/write operations to the host (or network storage), achieving higher performance and stability. The lifetime of a data volume is independent of the container. The container dies and the data volume does not die. Therefore, after using the data volume, the container can be deleted and run again at will without data loss.
Repository – A centralized place where image files are stored
After the image is built, it can be easily run on the current host. However, if the image needs to be used on other servers, we need a centralized service to store and distribute the image, and Docker Registry is such a service. A Docker Registry can contain multiple repositories. Each repository can contain multiple tags; Each label corresponds to a mirror. So mirror repository is a place where Docker centrally stores image files similar to the code repository we used before. Typically, a repository contains images of different versions of the same software, and labels are often used to match versions of the software. We can specify which version of this software is the mirror by using the format < repository >:< tag >. If no label is given, latest is used as the default label. The concept of Docker Registry public service and private Docker Registry is added here: Docker Registry public service is a Registry service that is open for users to use and allows users to manage images. These public services typically allow users to upload and download public images for free, and may provide a fee service to manage private images. The most commonly used Registry exposure service is the official Docker Hub, which is also the default Registry and has a large number of high quality official images at hub.docker.com/. Docker Hub may be slower to access in China. There are also some domestic cloud service providers that provide open services similar to Docker Hub. In addition to using public services, users can also set up the private Docker Registry locally. Docker officially provides the Docker Registry image, which can be directly used as a private Registry service. The open source Docker Registry image only provides the server-side implementation of the Docker Registry API, which is sufficient to support Docker commands without affecting use. Advanced functions such as image maintenance, user management, and access control are not included.
Finally, Build, Ship, and Run
- Build: An image is like a container containing resources such as files and runtime environments.
- Ship: Transport between the mainframe and the warehouse, which is like a Superterminal.
- Run (Run image) : A running image is a container, and the container is the place to Run the program.
The Docker run process is to go to the repository to pull the image to the local, and then run the image into a container with a command. Therefore, we often refer to Docker as Docker worker or Docker, which is exactly the same as Docker’s Chinese translation of porter.
conclusion
This paper mainly elaborates some common concepts in Docker, but it does not involve Docker installation, image use, container operation and other contents. I hope readers can grasp this part by reading books and official documents.