Article directory
1. Docker images and containers
A docker image is an executable static independent software package that contains files such as packager code and software runtime environment. Such as: code, runtime libraries, environment variables and configuration files are included in it. The container is the runtime state of the image (the software and programs in the image are running), occupying the server CPU, memory, disk and other resources.
If you have studied java, you can use the following analogy to better understand the relationship between the two:
- An image can be likened to a binary bytecode file of a Java class.
- Containers are analogous to Java objects instantiated from bytecode.
- A bytecode file (class) can create multiple new objects, and an image can quickly instantiate multiple container services.
What are the mirror sources?
- Docker Hub official images, as well as domestic Alibaba Cloud, etc. have open docker image repositories.
- Build the image yourself using the Dockerfile. Dockerfile is a description of the construction of code files, environment variables, system-dependent software, etc. It solidifies the construction process of the image and ensures that the environment installation work is not repeated. Conceptually similar to maven's pom.xml.
- Enterprise private images and private image repositories Docker registry
The essence of the docker container is a process on the host. How do you understand this sentence?
The runtime of the container is essentially a process, but it is different from the process executed directly in the host. The container process has its own independent namespace. So a container has its own root filesystem, its own network configuration, its own process space, and even its own user ID space.
The processes inside the container run in an isolated environment and are used as if they were operating on a system independent of the host. Because of this isolation, many people often confuse containers and virtual machines when they are new to Docker.
2. Docker core components
The Docker CE we installed in the previous article is mainly composed of the following parts: Docker Client (Docker Client), Docker daemon (Docker daemon), containerd and runc, which coordinate and cooperate to be responsible for the creation and operation of containers and the management of life cycle .
- Docker Client: Send commands to the docker engine (server) in command line mode.
- REST API: The docker engine (server) provides external operation command entry through RESTful API.
- daemon: docker daemon, including REST AP, authentication, basic configuration management and other features.
- containerd: The core functions are used for the management of the container life cycle, such as: start, pause, delete, etc. The image management function is also in containerd.
- runc : runc is a lightweight command-line interactive tool wrapped for Libcontainer (Libcontainer replaced LXC in the earlier Docker architecture). LXC provides the ability to manipulate basic tools such as Namespaces and Control Groups (CGroups).
- Namespace implements resource isolation, such as: independent file system, network space, user space, etc.
- cgroups implement limits on resources, such as how much memory each container uses.
