What is docker? The related theories of docker container technology are full of dry goods! !

Preface

First of all, docker also belongs to a kind of virtualization technology, so we can talk about the development of virtualization first, and then talk about the difference between virtual machines and docker in combination with docker.

1. The development of virtualization

• The composition of the computer

1.在我们上大学的时候，就会被冯诺依曼体系洗脑，导致我们都知道了计算机是由计算器、控制器、存储器、输入、输出这五部分组成。

2.那计算器和控制器现在一般都结合在一起作为cpu，存储器一般包括内存和磁盘，输入输出一般指的是网络的I/O或者磁盘的I/O。

3.所以，我们在生活中常见的IT资源就有cpu、内存、磁盘、网卡等等这些设备，使用操作系统来驱动这些设备，让它们协同合作，这就变成了
一台完整的计算机。

• The background of virtualization

随着计算任务的变化，我们对计算机有了更多的需求。比如,你只有一台电脑，上面已经装了windows系统，你却想让他在跑一台linux；

再比如，你现在的电脑计算能力不够了，但是加上你同学的电脑就可以了。也就是说，我们想要计算机的资源能够具有很强的弹性伸缩能力，
可任意增长，也可任意消减。

• The purpose of virtualization

1.希望能够使用软件的方法重新定义和划分IT资源；
2.可以实现IT资源的动态分配、灵活调度、跨域共享，提高IT资源利用率；
3.使IT资源能够真正成为社会基础设施，服务于各行各业中灵活多变的应用需求。

虚拟化目前有两个方向：

其一是把一个物理机虚拟成多个独立的逻辑虚拟机；
其二是把若干分散的物理机拟为一个大的逻辑虚拟机。现在用的较多的一般都是第一种技术。

note:

• Virtualization technology is actually a concept that was put forward very early. After so many years of development, its technical iterations are shown in the figure below. It is now in the stage of container-level virtualization, that is, the application, development software package, dependent environment, etc. are packaged in a unified container, and the entire container is deployed to other platforms or servers.

Second, get to know docker

2.1 Overview of docker

• Docker is an open source application container engine that allows developers to package their applications and dependencies into a portable image, and then publish it to any popular Linux or Windows machine, which can also be virtualized. Containers use the sandbox mechanism completely, and there will be no interfaces between them.

docker也可以从以下四个方面来理解：
1）Docker是世界领先的软件容器平台；

2）Docker使用Google公司推出的Go语言进行开发实现，基于Linux内核的cgroup，namespace，以及AUFS类的UnionFS等技术，对进程
进行封装隔离，属于操作系统层面的虚拟化技术。 由于隔离的进程独立于宿主和其它的隔离的进程，因此也称其为容器。Docke最初实现是基于LXC；

3）Docker能够自动执行重复性任务，例如搭建和配置开发环境，从而解放了开发人员以便他们专注在真正重要的事情上：构建杰出的软件；

4）用户可以方便地创建和使用容器，把自己的应用放入容器。容器还可以进行版本管理、复制、分享、修改，就像管理普通的代码一样。

• To understand docker, you can start with understanding containers

1.什么是容器?
一句话概括容器：容器就是将软件打包成标准化单元，以用于开发、交付和部署。
1) 容器镜像是轻量的、可执行的独立软件包 ，包含软件运行所需的所有内容：代码、运行时环境、系统工具、系统库和设置。
2) 容器化软件适用于基于Linux和Windows的应用，在任何环境中都能够始终如一地运行。
3) 容器赋予了软件独立性，使其免受外在环境差异（例如，开发和预演环境的差异）的影响，从而有助于减少团队间在相同基础设施上运行不同软件时的冲突。

2.容器较为通俗的解释：
如果需要通俗的描述容器的话，我觉得容器就是一个存放东西的地方，就像书包可以装各种文具、衣柜可以放各种衣服、鞋架可以放各种鞋子一样，
我们现在所说的容器存放的东西可能更偏向于应用比如网站、程序甚至是系统环境。

• Docker: Code container loader The
  Docker running process is to go to the warehouse to pull the image locally, and then use a command to run the image into a container. Therefore, we often refer to Docker as docker or docker, which is exactly the same as Docker's Chinese translation porter.
  

2.2 The origin and composition of Docker

2.2.1 Origin of docker

• Docker is an LXC-based high-level container engine open sourced by PaaS provider dotCloud. The source code is hosted on Github, based on the Go language and open source in compliance with the Apache2.0 protocol;
• Docker has been very hot since 2013, whether it is from the code activity on github or Redhat's integrated support for Docker in RHEL6.5, even Google's Compute Engine supports docker to run on it;

2.2.2 Docker composition

• A complete Docker consists of the following parts:
  Docker Client: Client
  Docker Daemon: Daemon
  Docker Image: Mirror
  Docker Container: Container
  Docker Registry: Image warehouse management

补充：

• Namespaces

Docker使用 namespace 提供容器的隔离工作区的技术。运行容器时,Docker会为该容器创建以组名称空间；
这些名称空间提供了一层隔离。容器的每个方面都在单独的名称空间内运行，并且其访问仅限于该名称空间；

Docker Engine在Linux上使用以下名称空间：

1.pid 名称空间：进程隔离（PID：进程ID）
2.net 名称空间：管理网络接口（NET：网络）
3.ipc 名称空间：管理访问IPC资源（IPC：进程间通信）
4.mnt 名称空间：管理文件系统挂载点（MNT）
5.uts 名称空间：隔离内核和版本标识符 （UTS：Unix时间共享系统）
6.user命名空间：操作进程的用户和用户组

• The underlying technology
  Docker is written in GO language and uses multiple functions of the Linux kernel to deliver its functions

• The container format
  Docker Engine combines the namespace, control group, and UnionFS into a wrapper called the container format. The default container format is libcontainer.

Docker solves the problem of KVM islands

2.3 Docker thoughts and usage scenarios

2.3.1 Three Ideas of Docker

• container
• Standardization: ①transportation method, ②storage method, ③API interface
• isolation

2.3.2 Docker usage scenarios

• Simple deployment of packaged applications;
• It can be freely migrated away from the underlying hardware (the application is isolated, and the application is split and decoupled). For example: server migration from Tencent Cloud to Alibaba Cloud
• Continuous integration and continuous delivery (CI/CD): development to test release;
• Deploy microservices;
• Provide PAAS products (Platform as a Service)
  Openstack's cloud host is similar to Alibaba Cloud's ECS, which belongs to IAAS, and Docker (K8S) belongs to PAAS

2.4 Features of Docker containers

• Lightweight, multiple Docker containers running on a machine can share the operating system kernel of this machine; they can be started quickly and only take up very little computing and memory resources. The image is constructed through the file system layer and shares some common files. In this way, the disk usage can be reduced as much as possible, and the image can be downloaded faster.
• Standards, Docker containers are based on open standards and can run on all mainstream Linux versions, Microsoft Windows, and any infrastructure including VMs, bare metal servers, and clouds.
• Security, the isolation that Docker gives applications is not limited to isolation from each other, but also independent of the underlying infrastructure. Docker provides the strongest isolation by default, so application problems are only the problem of a single container, and will not affect the entire machine.

2.5 Why use Docker

• Consistent operating environment. Docker's image provides a complete runtime environment except for the kernel, which ensures the consistency of the application runtime environment, so that there will be no problems such as "This code is okay on my machine";
• Faster startup time. It can achieve a start-up time of seconds or even milliseconds. Greatly save the time of development, testing, and deployment;
• Isolation. Avoid public servers, resources will be easily affected by other users;
• Flexible scalability, rapid expansion, good at dealing with concentrated outbreak of server pressure;
• Convenient migration, applications running on one platform can be easily migrated to another platform without worrying about changes in the operating environment causing the application to fail to run normally;
• Continuous delivery and deployment. Using Docker can achieve continuous integration, continuous delivery, and deployment by customizing application images.

使用docker的意义：

• The docker engine unifies the infrastructure environment-the docker environment;
• The docker engine unifies the program packaging (boxing) method-docker image;
• The docker engine unifies the program deployment (running) mode-docker container;

Three, the basic concept of Docker

• Docker includes three basic concepts:
  image (Image)
  container (Container)
  warehouse (Repository)
  

3.1 Image

• Mirroring refers to a special file system. The
  operating system is divided into kernel and user space. For Linux, after the kernel is started, the root file system will be mounted to provide user space support for it. The Docker image (Image) is equivalent to a root file system;
  Docker image as a special file system, in addition to providing programs, libraries, resources, configuration and other files required by the container runtime, it also contains some runtime files. Prepare some configuration parameters (such as anonymous volumes, environment variables, users, etc.). The image does not contain any dynamic data, and its content will not be changed after it is built;
  Docker is designed to make full use of the Union FS technology and design it as a tiered storage architecture. The mirror image is actually composed of a combination of multi-layer file systems;

• Precautions:

1.镜像构建时，会一层层构建，前一层是后一层的基础。每一层构建完就不会再发生改变，后一层上的任何改变只发生在自己这一层。
比如，删除前一层文件的操作，实际不是真的删除前一层的文件，而是仅在当前层标记为该文件已删除。在最终容器运行的时候，虽然不会看到
这个文件，但是实际上该文件会一直跟随镜像。
2.因此，在构建镜像的时候，需要额外小心，每一层尽量只包含该层需要添加的东西，任何额外的东西应该在该层构建结束前清理掉。

• The feature of hierarchical storage also makes it easier to reuse and customize mirroring. You can even use the previously built image as the base layer, and then further add new layers to customize what you need and build a new image.

3.2 Container

• The container refers to the entity when the image is running.
• The relationship between the image and the container:
  Just like the class and instance in object-oriented programming, the image is a static definition, and the container is the entity of the image at runtime. Containers can be created, started, stopped, deleted, suspended, etc.
• The essence of a container: it is a process, but unlike a process that executes directly on the host, the container process runs in its own independent namespace. As mentioned earlier, mirroring uses tiered storage, and so does the container.
• The life cycle of the container storage layer is the same as that of the container. When the container dies, the container storage layer also dies.
  Therefore, any information stored in the storage layer of the container will be lost when the container is deleted.

3.3 Repository

• The warehouse is actually a place where mirror files are centrally stored.
• After the image is built, it can be easily run on the current host. However, if we need to use this image on other servers, we need a centralized storage and distribution service for the image. Docker Registry is such a service.
• A Docker Registry can contain multiple repositories; each repository can contain multiple tags; each tag corresponds to a mirror. So: The mirror warehouse is a place where Docker uses to store mirror files centrally, similar to the code warehouse we used before.
• Usually, a warehouse will contain images of different versions of the same software, and tags are often used to correspond to each version of the software.
  We can use the format of <warehouse name>:<tag> to specify which version of the software is the mirror image. If no label is given, latest will be used as the default label.

补充：

一、Docker Registry 公开服务 和 私有 Docker Registry 的概念：

1.Docker Registry公开服务是开放给用户使用、允许用户管理镜像的Registry服务。
一般这类公开服务允许用户免费上传、下载公开的镜像，并可能提供收费服务供用户管理私有镜像；
最常使用的Registry公开服务是官方的Docker Hub ，这也是默认的Registry，并拥有大量的高质量的官方镜像。

2.除了使用公开服务外，用户还可以在本地搭建私有Docker Registry 。
Docker官方提供了Docker Registry镜像，可以直接使用做为私有Registry服务；
开源的Docker Registry镜像只提供了Docker Registry API的服务端实现，足以支持Docker命令，不影响使用；
但不包含图形界面，以及镜像维护、用户管理、访问控制等高级功能。

二、Build，Ship，and Run的概念：

Build（构建镜像）：镜像就像是集装箱包括文件以及运行环境等等资源。
Ship（运输镜像）：主机和仓库间运输，这里的仓库就像是超级码头一样。
Run （运行镜像）：运行的镜像就是一个容器，容器就是运行程序的地方。

Fourth, the comparison of VM (virtual machine) and container

• To put it simply: Containers and virtual machines have similar advantages in resource isolation and allocation, but their functions are different. Because the container virtualizes the operating system, not the hardware, the container is easier to transplant and more efficient.
• Comparison between the two

1.传统虚拟机技术是虚拟出一套硬件后，在其上运行一个完整操作系统，在该系统上再运行所需应用进程；
2.而容器内的应用进程直接运行于宿主的内核，容器内没有自己的内核，而且也没有进行硬件虚拟。因此容器要比传统虚拟机更为轻便。

• Container and virtual machine (VM) summary

1.Docker以容器的方式实现了应用程序的隔离，隔离和安全性可以给主机上同时运行多个容器。
2.容器是轻量级的，因为不需要要管理撑的额外负担，而时直接在主机的内核中运行。
3.与vm虚拟机相比，可以在给定的硬件组合上运行更多的容器。甚至可以在虚拟机的主机中运行docker，具体的区别如下：

difference	container	VM
Start speed	Second level	Minute level
Running performance	Close to native	Around 5% loss
Disk usage	MB	GB
Quantity	Hundreds of thousands	Generally a dozen
Isolation	Process level isolation	System level
operating system	Mainly supports Linux	Support almost all systems
Degree of encapsulation	Only package project code and dependencies, share the host kernel	Complete operating system

note:

• Both containers and virtual machines (VM) can coexist