1, the nature of

  • Container image: A file system mounted at the root of the container to provide an isolated post-execution environment for container processes
  • Also called: root file system
  • It typically consists of a complete operating system file system, such as Ubuntu16.04’s ISO
  • Rootfs is only the files, configurations, and directories contained in an operating system, not the operating system kernel
  • Rootfs ensures a high degree of consistency between the cloud and local server environments of container applications

2. Characteristics of Docker images

  • Introduce the concept of Layer to make rootFs (mirror) incrementally
  • Use the way of union mount UnionFS to achieve (commonly used AuFS union file system)

3. Mirror structure

(1) read-only layer

  • Ro + WH: readonly+whiteout
  • Each of these read-only layers, incrementally, contains a portion of the Ubuntu operating system

(2) the init layer

  • A layer ending in “-init”, sandwiched between the read-only and read-write layers
  • The Init layer is an internal layer generated by the Docker project, which is specially used to store /etc/hosts, /etc/resolv.conf and other information

(3) Readable and writable layer

  • Mount mode RW: Read Write
  • Write operations in the container are incrementally superimposed on the read-write layer

4. Add, delete, change and check the image files

The characteristics of such a federated file system (for example, AUFS) are as follows:

  • AUFS is a federated file system that mounts and renders several directories in a single directory, in order and with permissions
  • By default, only the first layer (the first directory) is writable; the remaining layers are read-only.
  • Add files: By default, new files are placed in the top writable layer.
  • Delete files: Since the bottom layers are read-only, AUFS uses the Whiteout mechanism to delete files in these layers, which is implemented by creating corresponding Whiteout hidden files in the upper writable directory.
  • Modify files: AUFS uses copy-on-write (CoW) to modify files at the read-only layer. AUFS works at the file layer and modifies files at the read-only layer for the first time. The files are copied to the writable layer and then modified.