Article Directory
Preface
Since Docker became popular in 2013, it has been leading the way. The following are some basic theories of Docker I have compiled. Personally, I feel that these are the stepping stones for playing Docker, K8S, etc. in the future. They are very basic and very important!
One: Docker theory
1.1: What is docker? what's the effect?
Docker is an open platform for developing, delivering and running applications. Docker enables you to separate your application from the infrastructure so you can deliver software quickly.
It is an open source application container engine that allows developers to package the gated application and dependent packages into a portable image, and then publish it to any popular Linux or Windows machine, which can also be virtualized. Containers completely use the sandbox mechanism, and there will be no interfaces between them.
Sandbox: In the field of computer security, sandbox is an isolated operating mechanism for programs.
Docker became a hit in 2013. Until now, it has Become synonymous with container technology.
Docker has been aiming to provide a standardized runtime environment from the very beginning, truly "build once, run anywhere". The same build version can be used in any environment such as development, testing, pre-release, production, etc. Decoupling of the underlying operating system. On this basis, CaaS (Container as a Service) technology has been further developed.
1.2: Docker usage scenarios
Simple deployment of packaged applications
can be freely migrated away from the underlying hardware (application isolation is achieved, applications are split and decoupled), for example: server migration from Tencent Cloud to Alibaba Cloud
Continuous Integration and Continuous Delivery (CI/CD): Development To test release,
deploy
microservices, provide PAAS products (platform as a service) {OpenStack cloud host is similar to Alibaba Cloud ECS, belongs to IAAS, Docker (K8S) belongs to PAAS}
1.3: Docker Engine
Docker Engine is a client-server application with the following main components: The
server is a long-running program called a daemon process (dockerd command).
REST API, which specifies the interface that programs can use to communicate with the daemon and instruct its operations.
Command line interface (CLI) client (docker command).
1.4: Docker architecture
Docker uses a client-server architecture. The Docker client talks to the Docker daemon, which completes the heavy work of building, running, and distributing Docker containers.
Docker is different from traditional virtualization. It does not require virtual hardware resources and directly uses the container engine, so it is fast
Docker Client: client
The Docker client (docker) is the main way many Docker users interact with Docker. When you use commands such as docker run, the client will send these commands to dockerd to execute these commands. The docker command uses the Docker API. The Docker client can communicate with multiple daemons.
Docker daemon: daemon
The Docker daemon (dockerd) listens to Docker API requests and manages Docker objects such as images, containers, networks, and volumes. The daemon can also communicate with other daemons to manage Docker services.
Docker images: mirroring
The container can be packaged into a mirror image
Docker container: container
Docker registry: mirror warehouse
The place to store the image is found on the public Docker Hub by default, and you can build a personal warehouse.
1.5: The difference between containers and virtual machines
1.6: Namespaces
Docker uses a technology called namespaces to provide isolated workspaces for containers. When running a container, Docker creates a set of namespaces for the container.
These namespaces provide a layer of isolation. Every aspect of the container runs in a separate namespace, and its access is limited to that namespace.
Docker Engine uses the following namespaces on Linux:
**The pid namespace: **Process isolation (PID: Process ID).
**The net namespace: **Management network interface (NET: network).
**The ipc namespace: **Manage access to IPC resources (IPC: inter-process communication).
**The mnt namespace: **Manage file system mount points (MNT: mount).
**The uts namespace: **Isolate kernel and version identifiers. (UTS: Unix Time Sharing System).
1.7: Control groups
The Docker engine on Linux also relies on another technology called cgroups. Cgroup restricts applications to a specific set of resources. The control group allows Docker Engine to share available hardware resources to the container and selectively enforce restrictions and constraints. For example, you can limit the memory available to specific containers.