Article Directory
- Question1: Three-tier cloud computing architecture?
- Answer1:
- Question2: Describe the overall architecture of Docker?
- Answer2:
- Question3: A brief introduction to Namespaces in Linux?
- Answer3:
- Question4: Talk about the process isolation of Docker?
- Answer4:
- Question5: Introduce Docker's network isolation (or talk about the understanding of Libnetwork in Docker)?
- Answer5:
- Question6: A brief introduction to CGroups
- Answer6:
- Question7: Introduce the Docker image
- Answer7:
- Question8: Talk about the understanding of the storage driver in Docker
- Answer8:
Interview-oriented blogs are presented in Q / A style.
Java interview column: cloud computing https://blog.csdn.net/qq_36963950/article/details/105228870
Java interview column: zookeeper https://blog.csdn.net/qq_36963950/article/details/105200255
Java interview: SSM ( Spring + SpringMVC + Mybatis) https://blog.csdn.net/qq_36963950/article/details/105230985
Java interview column: microservices https://blog.csdn.net/qq_36963950/article/details/105265993
Java interview column: Netty and RPC https://blog.csdn.net/qq_36963950/article/details/105266425
Java interview column: computer network https://blog.csdn.net/qq_36963950/article/details/105297603
Java interview column: Kafka https: //blog.csdn.net/qq_36963950/article/details/105333460
Java interview column: RabbitMQ https://blog.csdn.net/qq_36963950/article/details/105335758
Java interview column: Big Data Hadoop https: // blog. csdn.net/qq_36963950/article/details/105336055
Java Interview Column: Big Data Spark https://blog.csdn.net/qq_36963950/article/details/105336060
Java Interview Column: Big Data Storm https://blog.csdn.net/qq_36963950/article/details/105336074
Java Interview Column: Big Data Hbase https://blog.csdn.net/qq_36963950/article/details/105336095
Java Interview Column: Load Balancing https://blog.csdn.net/qq_36963950/article/details/105336111
Java Interview Column: Database https://blog.csdn.net/qq_36963950/article/details/105336136
Question1: Three-tier cloud computing architecture?
Answer1:
The three-layer architecture of cloud computing
is shown in the figure: Explanation of the above figure:
SaaS
SaaS is Software-as-a-Service (software as a service).
PaaS
PaaS is an abbreviation of Platform-as-a-Service, meaning platform as a service. Use the server platform as a business model for service provision. The service provided by the program through the network is called SaaS (Software as a Service), and the corresponding server platform or development environment in the cloud computing era is provided as a service to become PaaS (Platform as a Service).
IaaS
IaaS (Infrastructure as a Service), that is, infrastructure as a service. The service provided to consumers is the use of all facilities, including processing, storage, network and other basic computing resources. Users can deploy and run any software, including operating systems and applications.
Question2: Describe the overall architecture of Docker?
Answer2:
The Docker architecture diagram is as follows: The
related concepts in the Docker architecture are as follows (corresponding to the above picture):
| Concepts in Docker | Explanation |
|---|---|
| Docker images (Images) | Docker images are templates for creating Docker containers. |
| Docker container (Container) | A container is an application or group of applications that runs independently. |
| Docker client (Client) | The Docker client uses the Docker API to communicate with the Docker daemon through the command line or other tools. |
| Docker host (Host) | A physical or virtual machine is used to execute Docker daemons and containers. |
| Docker warehouse (Registry) | The Docker warehouse is used to store images, which can be understood as a code warehouse in code control. Docker Hub provides a huge collection of images for use. |
| Docker Machine | Docker Machine is a command-line tool that simplifies Docker installation. You can install Docker on the corresponding platform through a simple command line, such as VirtualBox, Digital Ocean, Microsoft Azure. |
Docker uses a client-server (C / S) architecture pattern and uses remote APIs to manage and create Docker containers. Docker containers are created from Docker images. The emergence of Docker is because the current back-end really needs a virtualization technology to solve the problem of the consistency of the development environment and the production environment during the development and operation and maintenance stages. With Docker, we can also include the environment in which the program runs in version control and exclude Because the environment may cause different operating results.
Question3: A brief introduction to Namespaces in Linux?
Answer3:
Namespaces (namespaces) is a method provided by Linux for us to separate the process tree, network interface, mount point, and interprocess communication and other resources. In the daily use of Linux, we do not need to run multiple completely separate servers, but if we start multiple services on the server, these services will actually affect each other, each service can see the progress of other services , You can also access any file on the host machine, which we do n’t want to see many times. We hope that different services running on the same machine can be completely isolated, just like running on multiple different machines. Same as above.
Linux's namespace mechanism provides the following seven different namespaces, including CLONE_NEWCGROUP,
CLONE_NEWIPC, CLONE_NEWNET, CLONE_NEWNS, CLONE_NEWPID,
CLONE_NEWUSER and CLONE_NEWUTS, through these seven options we can set which resources the new process should be in when creating a new process Isolate from the host machine.
Question4: Talk about the process isolation of Docker?
Answer4:
When docker creates a new process, it passes in the process isolation implemented by CLONE_NEWPID, that is, using the Linux namespace to achieve process isolation. Any process inside the Docker container knows nothing about the host machine's process. Every time we run docker run or docker start, we will create a Spec to set up process isolation, and set the process-related namespace, and also set the namespace related to users, network, IPC, and UTS. All the namespace-related settings Spec will be set as the incoming parameters of the Create function when creating a new container.
Question5: Introduce Docker's network isolation (or talk about the understanding of Libnetwork in Docker)?
Answer5:
If the Docker container completes the network isolation from the host process through the Linux namespace, but there is no way to connect to the entire Internet through the host network, there will be many restrictions, so although Docker can create an isolation through the namespace Network environment, but the services in Docker still need to be connected to the outside world to function.
The functions of the entire network part of Docker are implemented through libnetwork split by Docker. It provides an implementation to connect different containers, and it can also give the application a container network model that can provide a consistent programming interface and network layer abstraction. .
The most important concept in libnetwork, the container network model consists of the following main components, namely Sandbox, Endpoint, and Network. In the container network model, each container contains a Sandbox, which stores the network stack configuration of the current container, including the container's interface, routing table, and DNS settings. Linux uses the network namespace to implement this Sandbox. Each Sandbox has There may be one or more Endpoints, which is a virtual network card veth on Linux. Sandbox joins the corresponding network through Endpoint. The network here may be the Linux bridge or VLAN we mentioned above.
Each container started using docker run actually has a separate network namespace. Docker provides us with four different network modes, Host, Container, None, and Bridge mode, as shown in the figure:
The default network setting mode of Docker is the bridge mode .
In bridge mode, in addition to assigning isolated network namespaces, Docker also sets IP addresses for all containers. When the Docker server is started on the host, a new virtual bridge docker0 is created, and all services started on the host are connected to the bridge by default. By default, each container will create a pair of virtual network cards when it is created. Two virtual network cards form a data channel, one of which will be placed in the created container and will be added to the bridge named docker0, as shown in the figure As shown.
Question6: A brief introduction to CGroups
Answer6:
Control Groups is abbreviated as CGroups. CGroups can isolate physical resources on the host machine, such as CPU, memory, disk I / O, and network bandwidth. Each CGroup is a group of processes that are restricted by the same standards and parameters. There is a hierarchical relationship between different CGroups, which means that they can inherit some standards and parameters used to restrict the use of resources from the parent class.
Question7: Introduce the Docker image
Answer7:
The namespace and control group of Linux respectively solve the problem of isolation of different resources. The namespace in Linux solves the isolation of processes, networks and file systems. The control group in Linux realizes the isolation of resources such as CPU and memory. There is another very important issue in Docker that needs to be solved-namely mirroring.
The Docker image is actually a compressed package. We can use the command to export the files in a Docker image. You can see that the directory structure in this image is not much different from the content in the root directory of the Linux operating system. The Docker image is just a file.
Question8: Talk about the understanding of the storage driver in Docker
Answer8:
Docker uses a series of different storage drivers to manage the file system in the image and run the containers. These storage drivers are somewhat different from Docker volumes. The storage engine manages storage that can be shared among multiple containers.
When the image is created by the docker run command, a writable layer is added to the top layer of the image, that is, the container layer. All changes to the runtime container are actually changes to the read-write layer of this container.
The difference between containers and mirrors is that all mirrors are read-only, and each container is actually equal to the mirror plus a readable and writable layer, that is, the same mirror can correspond to multiple containers.
UnionFS is actually a file system service designed for the Linux operating system to "union" multiple file systems to the same mount point. AUFS, or Advanced UnionFS, is actually an upgraded version of UnionFS, which can provide better performance and efficiency.
AUFS is just one of the storage drivers used by Docker. In addition to AUFS, Docker also supports different storage drivers, including aufs, devicemapper, overlay2, zfs and vfs, etc. In the latest Docker, overlay2 has replaced aufs as Recommended storage driver, but aufs will still be used as the default driver for Docker on machines without an overlay2 driver.
Java interview column: cloud computing https://blog.csdn.net/qq_36963950/article/details/105228870
Java interview column: zookeeper https://blog.csdn.net/qq_36963950/article/details/105200255
Java interview: SSM ( Spring + SpringMVC + Mybatis) https://blog.csdn.net/qq_36963950/article/details/105230985
Java interview column: microservices https://blog.csdn.net/qq_36963950/article/details/105265993
Java interview column: Netty and RPC https://blog.csdn.net/qq_36963950/article/details/105266425
Java interview column: computer network https://blog.csdn.net/qq_36963950/article/details/105297603
Java interview column: Kafka https: //blog.csdn.net/qq_36963950/article/details/105333460
Java interview column: RabbitMQ https://blog.csdn.net/qq_36963950/article/details/105335758
Java interview column: Big Data Hadoop https: // blog. csdn.net/qq_36963950/article/details/105336055
Java Interview Column: Big Data Spark https://blog.csdn.net/qq_36963950/article/details/105336060
Java Interview Column: Big Data Storm https://blog.csdn.net/qq_36963950/article/details/105336074
Java Interview Column: Big Data Hbase https://blog.csdn.net/qq_36963950/article/details/105336095
Java Interview Column: Load Balancing https://blog.csdn.net/qq_36963950/article/details/105336111
Java Interview Column: Database https://blog.csdn.net/qq_36963950/article/details/105336136
