In order to become an architect, in addition to learning to master Java advanced knowledge points, you must also learn to use one of the two must-have tools (Docker)

This article only gives a more detailed introduction to the concept of Docker, and does not involve some installations like Docker environment and some common operations and commands of Docker.

One, know the container

Docker is the world's leading software container platform , so if we want to understand the concept of Docker, we must first start with containers.

1. What is a container?

1) Let's first take a look at the more official explanation of the container

Summarize the container in one sentence: A container is the packaging of software into standardized units for development, delivery, and deployment.

• A container image is a lightweight, executable, stand-alone software package that contains all the content needed for the software to run: code, runtime environment, system tools, system libraries, and settings.
• Containerized software is suitable for Linux and Windows-based applications, and can run consistently in any environment.
• Containers give software independence and protect it from external environmental differences (for example, development and rehearsal environments), thereby helping to reduce conflicts between teams running different software on the same infrastructure.

2) Let's take a look at the more popular explanation of the container

If you need a popular description of the container, I think the container is a place to store things, just like a schoolbag can hold all kinds of stationery, a closet can hold all kinds of clothes, and a shoe rack can hold all kinds of shoes. What we are talking about container storage may be more biased towards applications such as websites, programs and even system environments.

2. Graphical physical machines, virtual machines and containers

The comparison between virtual machines and containers will be introduced in detail later, here is just to deepen everyone's understanding of the three physical machines, virtual machines and containers through the pictures on the Internet (the picture source and network below).

Physical machine

virtual machine:

container:

through the three abstract diagrams above, we can roughly generalize by analogy: the container virtualizes the operating system rather than the hardware, and the containers share the same set of operating system resources. Virtual machine technology is to virtualize a set of hardware and run a complete operating system on it. Therefore, the isolation level of the container will be slightly lower.

---

I believe that through the above explanation, everyone has a preliminary understanding of the unfamiliar and familiar concept of container. Let's talk about some concepts of Docker.

Second, let's talk about some concepts of Docker

1. What is Docker?

To be honest about what Docker is, it's not too easy to say, let me explain to you what Docker is in four points.

• Docker is the world's leading software container platform.
• Docker uses the Go language launched by Google for development and implementation, based on the CGroup function and name space provided by the Linux kernel, as well as AUFS-like UnionFS and other technologies to encapsulate and isolate processes, which is a virtualization technology at the operating system level. Since the isolated process is independent of the host and other isolated processes, it is also called a container.
• Docker can automate repetitive tasks, such as setting up and configuring development environments, freeing up developers to focus on what is really important: building great software.
• Users can easily create and use containers, and put their own applications into the container. Containers can also perform version management, copy, share, and modify, just like managing ordinary code.

2.Docker thought

• container
• Standardization : ① transportation method ② storage method ③ API interface
• isolation

3. Features of Docker container

• Lightweight

Multiple Docker containers running on a machine can share the operating system kernel of this machine; they can be started quickly and only require very little computing and memory resources. The mirror is constructed through the file system layer and shares some common files. This will minimize disk usage and download images faster.

• standard

Docker containers are based on open standards and can run on all major Linux versions, Microsoft Windows, and any infrastructure including VMs, bare metal servers, and clouds.

• Safety

The isolation that Docker gives applications is not limited to isolation from each other, but also independent of the underlying infrastructure. Docker provides the strongest isolation by default, so application problems are only the problem of a single container, and will not affect the entire machine.

4. Why use Docker?

• Docker's image provides a complete runtime environment except for the kernel, ensuring the consistency of the application runtime environment, so that there will be no problems like "This code is okay on my machine";-a consistent runtime environment
• It can achieve a startup time of seconds or even milliseconds. Greatly save the time of development, testing, and deployment. -Faster startup time
• Avoid public servers, resources will be easily affected by other users. ——Isolation
• Be good at dealing with centralized and explosive server pressure;-Elastic scaling and rapid expansion
• Applications running on one platform can be easily migrated to another platform without worrying about changes in the operating environment causing the application to fail to run normally. ——Easy to migrate
• With Docker, continuous integration, continuous delivery, and deployment can be achieved by customizing application images. -Continuous delivery and deployment

Three, container VS virtual machine

When talking about containers, we have to compare them with virtual machines. As far as I am concerned, it does not matter who will replace the two, but the two can coexist in harmony.

To put it simply: Containers and virtual machines have similar advantages in resource isolation and allocation, but their functions are different. Because the container virtualizes the operating system, not the hardware, the container is easier to transplant and more efficient.

1. Comparison between the two

The traditional virtual machine technology is to virtualize a set of hardware, run a complete operating system on it, and then run the required application processes on the system; while the application process in the container runs directly on the host's kernel, and the container does not have its own Kernel, and there is no hardware virtualization. Therefore, containers are lighter than traditional virtual machines.

2. Summary of containers and virtual machines

• **Container is an application layer abstraction used to package code and dependent resources together. Multiple containers can run on the same machine, sharing the operating system kernel, but each run as an independent process in user space. **Compared with virtual machines, the container occupies less space (the size of the container image is usually only tens of megabytes), and the startup can be completed in an instant .
• A virtual machine (VM) is a physical hardware layer abstraction used to turn one server into multiple servers. The hypervisor allows multiple VMs to run on one machine. Each contains a set of VM operating system, one or more applications, the necessary binaries and library resources, and therefore take up a lot of space . And the VM startup is very slow .

Through the Docker official website, we know so many advantages of Docker, but there is no need to completely deny the virtual machine technology, because the two have different usage scenarios. **Virtual machines are better at completely isolating the entire operating environment. **For example, cloud service providers usually use virtual machine technology to isolate different users. And Docker commonly used for isolating different applications , such as a front end, a rear end and a database.

3. Both containers and virtual machines can coexist

As far as I am concerned, it does not matter who will replace the two, but the two can coexist in harmony.

Four, Docker basic concepts

There are three very important basic concepts in Docker. After understanding these three concepts, you can understand the entire life cycle of Docker.

• Mirror image (Image)
• Container (Container)
• Repository

Understand these three concepts, you can understand the entire life cycle of Docker

1. Image: a special file system

**Operating system is divided into kernel and user space. **For Linux, after the kernel is started, the root file system will be mounted to provide user space support for it. The Docker image (Image) is equivalent to a root file system.

A Docker image is a special file system. In addition to providing the programs, libraries, resources, configuration and other files required by the container runtime, it also contains some configuration parameters prepared for runtime (such as anonymous volumes, environment variables, users, etc.) ). The image does not contain any dynamic data, and its content will not be changed after it is built.

Docker design, take full advantage of Union FS technology, it is designed as a tiered storage architecture . The mirror is actually composed of a combination of multi-layer file systems.

When mirroring is built, it will be built layer by layer, and the former layer is the foundation of the latter layer. After each layer is constructed, there will be no changes, and any changes on the latter layer will only occur on your own layer. For example, the operation of deleting a file in the previous layer does not actually delete the file in the previous layer, but only marking the file as deleted in the current layer. When the final container runs, although this file will not be seen, in fact the file will always follow the image. Therefore, when building a mirror, you need to be extra careful. Each layer should only contain what needs to be added to that layer, and any extra things should be cleaned up before the end of the layer's construction.

The hierarchical storage feature also makes it easier to reuse and customize mirroring. You can even use the previously built image as the base layer, and then further add new layers to customize what you need and build a new image.

2.Container: the entity that mirrors the runtime

The relationship between the image (Image) and the container (Container) is like the class and instance in object-oriented programming. The image is a static definition, and the container is the entity of the image at runtime. Containers can be created, started, stopped, deleted, suspended, etc.

The essence of a container is a process, but unlike a process that executes directly on the host, a container process runs in its own independent namespace. As mentioned earlier, mirroring uses tiered storage, and so does the container.

The life cycle of the container storage layer is the same as that of the container. When the container dies, the container storage layer also dies. Therefore, any information stored in the container storage layer will be lost when the container is deleted.

According to the requirements of Docker's best practices, the container should not write any data to its storage layer , and the container storage layer should remain stateless. All file write operations should use data (Volume) or bind the host directory . Reading and writing at these locations will skip the container storage layer and directly read and write to the host (or network storage). Its performance and stability Higher sex. The life cycle of the data volume is independent of the container. The container dies, and the data volume will not die. Therefore, after using the data volume, the container can be deleted and rerun at will, but the data will not be lost.

3. Repository: a place where mirror files are centrally stored

After the image is built, it can be easily run on the current host. However, if the image needs to be used on other servers, we need a centralized storage and distribution service for the image. Docker Registry is such a service.

A Docker Registry can contain multiple repositories; each repository can contain multiple tags; each tag corresponds to a mirror. So: The mirror warehouse is a place where Docker uses to store mirror files centrally, similar to the code warehouse we used before .

Usually, a warehouse will contain images of different versions of the same software, and tags are often used for each version of the software . We can <仓库名>:<标签>format to specify which version of the software specifically a mirror. If no label is given, latest will be the default label.

Here is a supplement to the concepts of Docker Registry public services and private Docker Registry:

Docker Registry public service is a Registry service that is open to users and allows users to manage images. Generally, this type of public service allows users to upload and download public images for free, and may provide paid services for users to manage private images.

The most commonly used Registry public service is the official Docker Hub , which is also the default Registry, and has a large number of high-quality official images. The URL is: https://hub.docker.com/. The official introduction of Docker Hub is as follows:

Docker Hub is an official service provided by Docker to find and share container images with your team.

For example, we want to search for the mirror we want:

In the search results of Docker Hub, there are several key information to help us choose the appropriate mirror:

• OFFICIAL Image : Represents that the image is officially provided and maintained by Docker, which is relatively stable and safe.
• Stars : It has the same meaning as liking, similar to GitHub's Star.
• Dowloads : Represents the number of times the image is pulled, basically it can indicate how often the image is used.

Of course, in addition to mirror this way directly through the Docker Hub site search, we can also docker searchsearch Docker Hub mirrored this command, the search results are the same.

➜ 	~ docker search mysql 
NAME 									DESCRIPTION 
	STARS 					OFFICIAL 				AUTOMATED 
mysql 									MySQL is a widely used, open-source relation… 
	8763 						[OK] 
mariadb 								MariaDB is a community-developed fork of MyS… 
	3073 						[OK] 
mysql/mysql-server 						Optimized MySQL Server Docker images. Create… 
	650 						[OK]

Accessing Docker Hub in China may be slower. There are also some cloud service providers in China that provide public services similar to Docker Hub.

In addition to using public services, the user can also set up a local private Docker Registry . Docker officially provides a Docker Registry image, which can be used directly as a private Registry service. The open source Docker Registry image only provides a server-side implementation of the Docker Registry API, which is sufficient to support docker commands without affecting the use. But it does not include a graphical interface, and advanced functions such as mirror maintenance, user management, and access control.

Five, common commands

1. Basic commands

docker version # 查看docker版本 
docker images # 查看所有已下载镜像，等价于：docker image ls 命令 
docker container ls # 查看所有容器 docker ps #查看正在运行的容器 
docker image prune # 清理临时的、没有被使用的镜像文件。-a, --all: 删除所有没有用的镜像，而 不仅仅是临时文件；

2. Pull the image

docker search mysql # 查看mysql相关镜像 
docker pull mysql:5.7 # 拉取mysql镜像 
docker image ls # 查看所有已下载镜像

3. Delete the mirror

For example, we want to delete the mysql mirror we downloaded.

Before deleting an image by docker rmi [image](equivalent to docker image rm [image]), first make sure that the image is not referenced by the container (it can be deleted by tag name or image ID). By speaking in front of our docker pscommand to view.

➜ ~ docker ps 
CONTAINER ID 		IMAGE 		COMMAND 				CREATED 
	STATUS 				PORTS 								NAMES 
c4cd691d9f80 		mysql:5.7 	"docker-entrypoint.s…" 	7 weeks ago 
	Up 12 days 			0.0.0.0:3306->3306/tcp, 33060/tcp 	mysql

See id mysql is being cited as c4cd691d9f80 container, we need to first pass docker stop c4cd691d9f80or docker stop mysqlsuspend this vessel.

Then check the id of the mysql mirror

➜ ~ docker images 
REPOSITORY 		TAG 		IMAGE ID 		CREATED 
	SIZE 
mysql 			5.7 		f6509bac4980 	3 months ago 
	373MB

Delete by IMAGE ID or REPOSITORY name

docker rmi f6509bac4980 # 或者 docker rmim mysql

六、Build Ship and Run

The concept of Docker and common commands have basically been finished, let's talk about: Build, Ship, and Run.

If you search the Docker official website, you will find the following words: "Docker-Build, Ship, and Run Any App, Anywhere" . So what exactly are Build, Ship, and Run doing?

• Build (build image) : The image is like a container including files and operating environment and other resources.
• Ship (transport mirroring) : Transport between the host and the warehouse. The warehouse here is like a super terminal.
• Run : The running image is a container, and the container is the place to run the program.

The Docker running process is to go to the warehouse to pull the image locally, and then use a command to run the image into a container. Therefore, we often refer to Docker as Docker or Docker, which is exactly the same as Docker's Chinese translation porter.

Seven, briefly understand the underlying principles of Docker

1. Virtualization technology

First of all, Docker container virtualization technology-based software, so what is virtualization technology?

To put it simply, virtualization technology can be defined as follows:

Virtualization technology is a resource management technology that abstracts and transforms various physical resources of a computer (CPU, memory, disk space, network adapter, etc.), and can be divided and combined into one or more computers Configuration Environment. As a result, the inseparable barriers between physical structures are broken, and users can use these computer hardware resources in a better way than the original configuration. The new virtual part of these resources is not restricted by the way existing resources are erected, geographical or physical configuration. Generally referred to as virtualized resources include computing power and data storage.

2.Docker is based on LXC virtual container technology

Docker technology is based on LXC (Linux container-Linux container) virtual container technology.

LXC, whose name comes from the abbreviation of Linux Containers, an operating system-level virtualization technology, is a user space interface for Linux kernel container functions. It packages the application software system into a software container (Container), which contains the code of the application software itself, as well as the required operating system cores and libraries. A unified name space and common API are used to allocate the available hardware resources of different software containers, creating an independent sandbox running environment for applications, so that Linux users can easily create and manage systems or application containers.

The LXC technology is mainly realized with the help of the CGroup function and name space provided in the Linux kernel. Through LXC, an independent operating system operating environment can be provided for the software.

Introduction to cgroup and namespace:

• Namespace is the way Linux kernel isolates kernel resources. Through namespace, some processes can only see part of the resources related to themselves, while other processes can only see resources related to themselves, and the two groups of processes cannot feel the existence of each other at all. The specific implementation is to specify the related resources of one or more processes in the same namespace. Linux namespaces are a kind of encapsulation and isolation of global system resources, so that processes in different namespaces have independent global system resources. Changing the system resources in a namespace will only affect the processes in the current namespace, and has no effect on processes in other namespaces. .
• CGroup is the abbreviation of Control Groups. It is a mechanism provided by the Linux kernel to limit, record, and isolate the material resources (such as cpu memory i/o, etc.) used by process groups (process groups).

Comparison of cgroup and namespace:

Both are grouping processes, but the roles of the two are still essentially different. The namespace is to isolate the resources between process groups, and the cgroup is to monitor and limit the resources of a group of processes uniformly.

8. Summary

This article mainly elaborates some common concepts in Docker, but does not involve the installation of Docker, the use of mirroring, and the operation of containers. I hope that readers can master this part by reading books and official documents. If you feel that the official documents are very laborious to read, here is a book "Docker Technology Introduction and Actual Combat Second Edition".

Reference materials: "Comprehensive Analysis of Java Intermediate and Advanced Core Knowledge" It's time to get learning materials to learn to prepare for March! ! !
Seats are limited first come first served! ! !
"Docker Technology Introduction and Actual Combat Second Edition" Students who want to get this learning material can click here to get it for free "" "" "" "