Cloud computing solves the elastic problems of computing, network, and storage in computer infrastructure, but it leaves two problems, namely, application scalability and migration. In the cloud computing environment, people have come up with two solutions: one is through automated scripts, but the effects of running in different environments are different. A script may run normally in one environment, but not in another environment. The second is through the virtual machine image, but the virtual machine image is too large, and copying and downloading are too time-consuming.
In order to solve the above problems, someone proposed container technology. By referring to the solutions of the traditional transportation industry, some people propose that applications and the environment in which they run (dependencies required for application operation) can be packaged in a container-like manner, that is, any application and its dependencies can be packaged into a lightweight, scalable Portable, self-contained container. A kind of virtualization technology is used to isolate different processes running on the host, so that the containers, the container and the host operating system are isolated from each other and do not affect each other, so that applications can run in the same way anywhere. Developers create and test containers on their computers, and they can run on virtual machines, physical servers, or public cloud hosts in production systems without any modification.
Containers and VMs
When it comes to containers, it has to be compared with virtual machines, because both provide encapsulation and isolation for applications. Traditional virtualization technologies, such as VMware, KVM, and Xen, aim to create complete virtual machines. In order for an application to run, in addition to deploying the application itself and its dependencies, the entire operating system must be installed. A container consists of two parts:
- the application itself;
- IT resources that the application depends on, such as libraries or other applications required by the application.
Containers run in the user space of the host operating system, isolated from other processes of the operating system, which is significantly different from virtual machines. Figure 7-1 shows the difference between containers and virtual machines.
In Figure 7-1, since all containers share a host operating system, the container is much smaller than the virtual machine in size. Plus, starting a container doesn't require booting an entire operating system, so container deployment and startup are faster, less expensive, and easier to migrate.
Containers and images
Anyone who has installed a system on a computer knows that we need to download the system image before installing the system. The image is equivalent to the operating system running on the computer. A container image is equivalent to a set of systems running in a container. Commonly used databases, middleware, software, etc. may be included in the image. Insufficient software can continue to be installed after the mirror is installed, and a new mirror system will be formed.
Let's take Docker, the most commonly used container, as an example. Docker supports extending existing images to build new images. For example, we need to build a new image, and its Dockerfile is shown in Figure 7-5.
The new image does not need to start from scratch, but is built directly on the Debian base image, then installs emacs and apache2, and finally sets the base image to run when the container starts. The process of building a new image is shown in Figure 7-6.
As can be seen from Figure 7-6, the new image is generated layer by layer from the base image. Every time a piece of software is installed, a layer is added to the existing image. The biggest advantage of Docker adopting this layered structure is that it can share resources. Some people may ask, if multiple containers share a base image, when a container modifies the content of the base image, will the contents of other containers be modified? The answer is no, modifications are limited to a single container. This is known as the COW feature of containers. When the container starts, a new writable layer is added on top of the image. This layer is called the container layer, and everything below the container layer is called the image layer. All changes to the container, whether adding, deleting, or modifying files, will only occur in the container layer. Only the container layer is writable, and all image layers below the container layer are read-only. It can be seen that the container layer saves the changed part of the image, and does not make any changes to the image itself.