1, the nature of
- Container image: A file system mounted at the root of the container to provide an isolated post-execution environment for container processes
- Also called: root file system
- It typically consists of a complete operating system file system, such as Ubuntu16.04’s ISO
- Rootfs is only the files, configurations, and directories contained in an operating system, not the operating system kernel
- Rootfs ensures a high degree of consistency between the cloud and local server environments of container applications
2. Characteristics of Docker images
- Introduce the concept of Layer to make rootFs (mirror) incrementally
- Use the way of union mount UnionFS to achieve (commonly used AuFS union file system)
3. Mirror structure
(1) read-only layer
- Ro + WH: readonly+whiteout
- Each of these read-only layers, incrementally, contains a portion of the Ubuntu operating system
(2) the init layer
- A layer ending in “-init”, sandwiched between the read-only and read-write layers
- The Init layer is an internal layer generated by the Docker project, which is specially used to store /etc/hosts, /etc/resolv.conf and other information
(3) Readable and writable layer
- Mount mode RW: Read Write
- Write operations in the container are incrementally superimposed on the read-write layer
4. Add, delete, change and check the image files
The characteristics of such a federated file system (for example, AUFS) are as follows:
- AUFS is a federated file system that mounts and renders several directories in a single directory, in order and with permissions
- By default, only the first layer (the first directory) is writable; the remaining layers are read-only.
- Add files: By default, new files are placed in the top writable layer.
- Delete files: Since the bottom layers are read-only, AUFS uses the Whiteout mechanism to delete files in these layers, which is implemented by creating corresponding Whiteout hidden files in the upper writable directory.
- Modify files: AUFS uses copy-on-write (CoW) to modify files at the read-only layer. AUFS works at the file layer and modifies files at the read-only layer for the first time. The files are copied to the writable layer and then modified.