Container technology originated from Linux and is a kernel virtualization technology that provides lightweight virtualization to isolate processes and resources. Although container technology has been around for a long time, it has become widely known with the advent of Docker. Docker is the first system that enables containers to be ported between different machines. It not only simplifies the process of packaging applications, but also simplifies the libraries and dependencies of packaged applications. Even the file system of the entire operating system can be packaged into a simple portable package. This package can be used to run Docker on any other Used on the machine.
Containers and virtual machines have similar resource isolation and allocation methods. Containers virtualize the operating system instead of hardware, making them more portable and efficient.
Figure 1 Container vs virtual machine
Compared with using virtual machines, containers have the following advantages:
- More efficient use of system resources.
Because the container does not require additional overhead such as hardware virtualization and running a complete operating system, the container has a higher utilization rate of system resources. Whether it is application execution speed, memory consumption or file storage speed, it is more efficient than traditional virtual machine technology. Therefore, compared with virtual machine technology, a host with the same configuration can often run a larger number of applications.
- Faster startup time
Traditional virtual machine technology often takes several minutes to start application services, while Docker container applications, because they run directly on the host kernel and do not need to start a complete operating system, can achieve startup times in seconds or even milliseconds. , Which greatly saves the time of development, testing, and deployment.
A common problem in the development of a consistent operating environment is environmental consistency. Due to the inconsistency of the development environment, test environment, and production environment, some problems have not been discovered during the development process. The Docker image provides a complete runtime environment except for the kernel, ensuring the consistency of the application runtime environment.
- Easier migration
Because Docker ensures the consistency of the execution environment, the migration of applications is easier. Docker can run on many platforms, whether it is a physical machine or a virtual machine, the results are consistent. Therefore, applications that run on one platform can be easily migrated to another platform without worrying about changes in the operating environment causing the application to fail to run normally.
- Easier maintenance and expansion
of the hierarchical storage and mirroring technology used by Docker makes it easier to reuse the repeated parts of the application, and also makes the maintenance and update of the application easier. It is also very simple to further expand the mirror based on the basic image. In addition, the Docker team and various open source project teams have maintained a large number of high-quality official images, which can be used directly in the production environment, or as a basis for further customization, which greatly reduces the cost of image production for application services.
Typical use process of Docker container
Docker container has the following three main concepts:
- Image: Docker image contains the packaged application and the environment it depends on. It contains the file system and other metadata available to the application, such as the executable file path when the mirror is running.
- Mirror warehouse: Docker mirror warehouse is used to store Docker images and to promote the sharing of these images between different people and different computers. When compiling an image, you can either run it on the computer where it was compiled, or you can upload the image to a mirror repository, then download it to another computer and run it. Some repositories are public, allowing everyone to pull images from them, while some are private, and only some people and machines can access them.
- Container: A Docker container is usually a Linux container, which is created based on a Docker image. A running container is a process running on the Docker host, but it is isolated from the host and all other processes running on the host. This process is also resource-constrained, meaning that it can only access and use the resources (CPU, memory, etc.) allocated to it.
The typical use process is shown in Figure 2:
Figure 2 Docker container typical use process
- First, the developer develops the application and makes the mirror image on the development environment machine.
Docker executes commands, builds images and stores them on the machine.
- The developer sends an upload mirror command.
After receiving the command, Docker uploads the local image to the mirror warehouse.
- The developer sends a running mirroring command to the production environment machine.
After the production environment machine receives the command, Docker will pull the image from the mirror warehouse to the machine, and then run the container based on the image.
Usage example
Next, use Docker to package a container image based on the Nginx image, run the application based on the container image, and then push it to the container image warehouse.
Installing Docker
Docker supports installation on almost all operating systems, and users can choose the version of Docker to install according to their needs.
Under Linux operating system, you can use the following commands to quickly install Docker.
curl -fsSL get.docker.com -o get-docker.sh sh get-docker.shDescription:
CentOS 8.0 operating system using the above script to install Docker will cause problems. It is recommended to use the following command to install a lower version of Docker.
wget -O /etc/yum.repos.d/docker-ce.repo
https://repo.huaweicloud.com/docker-ce/linux/centos/docker-ce.repo sudosed -i 's+download.docker.com+repo.huaweicloud.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
yum install docker-ce-18.06.3.ce -y
systemctl restart docker
Docker packaging image
Docker provides a convenient way to describe application packaging, called Dockerfile, as shown below
# 使用官方提供的Nginx镜像作为基础镜像
FROM nginx:alpine
# 执行一条命令修改Nginx镜像index.html的内容
RUN echo "hello world" > /usr/share/nginx/html/index.html
#允许外界访问容器的80端口
EXPOSE 80Execute the docker build command to package the image.
docker build -t hello .
Where -t means to add a label to the image, that is, to name the image, where the image is named hello. . Indicates that the packaging command is executed in the current directory.
Execute the docker images command to view the image, you can see that the hello image has been created successfully. You can also see an Nginx mirror, which is downloaded from the mirror warehouse and used as the basic mirror of the hello mirror.
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello latest d120ec16dcea 17 minutes ago 158MB
nginx alpine eeb27ee6b893 2 months ago 148MB
Running the container image locally
After you have the image, you can execute the docker run command locally to run the container image.
# docker run -p 8080:80 hello
docker run command starts a container, -p command is to map the local machine to port 8080 of 80 container ports, namely traffic on the local machine's 8080 port is mapped to port 80 of the container, when you visit the local machine http://127.0.0.1:8080时,就会访问到容器中,此时浏览器中返回的内容应该就是“hello world”。
the mirror Push to the mirror warehouse
HUAWEI CLOUD provides the container mirroring service SWR. You can also upload the image to SWR. The following demonstrates how to push the image to SWR. For the detailed method, please refer to the client upload image. The subsequent examples in this document will mainly use SWR as an example.
First log in to the SWR console, select "My Mirror" on the left, then click "Upload Mirror from Client" on the right, click "Generate Temporary Login Instructions" in the pop-up window, and then copy the instructions on the local machine Execute, log in to the SWR mirror warehouse.
Before uploading the image, you need to give the image a complete name, as shown below:
# docker tag hello swr.cn-east-3.myhuaweicloud.com/container/hello:v1
Here swr.cn-east-3.myhuaweicloud.com is the warehouse address, the address of each Huawei Cloud region is different, and v1 is the version number assigned by the hello image .
- swr.cn-east-3.myhuaweicloud.com is the warehouse address, which is different for each HUAWEI CLOUD region.
- The container is the organization name. The organization is generally created in SWR. If it is not created, it will be created automatically when uploading for the first time. The organization name is globally unique within a single area. You need to choose a suitable organization name.
- v1 is the version number assigned by the hello image.
Then execute the docker push command to upload the image to SWR.
# docker push swr.cn-east-3.myhuaweicloud.com/container/hello:v1
When you need to use the image, use the docker pull command to pull (download) the command.
# docker pull swr.cn-east-3.myhuaweicloud.com/container/hello:v1