[Docker | 1] Introduction to Docker Basics

 

1 What is Docker 

Docker is an open source application containerization platform that can package applications into containers for deployment and operation in different environments.

Docker is implemented based on container technology, which can quickly build, release and run applications, while providing a lightweight, flexible and portable application deployment solution. 

1.1 The main components of Docker

The main components of Docker include:

1. Docker engine : The Docker engine is the core component of Docker and is used to manage and run containers. The Docker engine includes components such as Docker daemon, Docker CLI, and Docker API. It can perform operations such as creating, starting, stopping, and deleting containers through the command line interface or API.

2. Docker image : Docker image is the packaging format of the application, which contains information such as the code, dependencies, and configuration of the application. Docker images can be built through Dockerfile, or obtained from image warehouses such as Docker Hub. A Docker image is the basis of a container and can be used to create and start a container.

3. Docker container : A Docker container is a running instance of a Docker image that can run applications inside the container. Docker containers provide a lightweight, isolated runtime environment that avoids conflict and interference between applications. Docker containers can be created, started, stopped, deleted and other operations through the Docker engine.

1.2 Advantages of Docker

Advantages of Docker include:

1. Simplify application deployment : Docker can package applications into images, avoiding dependencies and configuration problems, and can quickly and reliably deploy applications in different environments.

2. Improve application portability : Docker provides a lightweight, portable application deployment solution that can run applications on different operating systems and hardware platforms.

3. Improve application security : Docker provides an isolated operating environment, which can avoid interference and attacks between applications and improve application security.

4. Improve application scalability : Docker can quickly create and start containers, and dynamically adjust the number of containers according to the application load, improving application scalability.

In short, Docker is a very useful application containerization platform that can greatly improve the deployment, portability, security and scalability of applications.

2 Docker implementation principle

The implementation principle of Docker is mainly based on the container technology of the Linux kernel, including the following aspects:

1. Namespace
2. Control group (Cgroup)
3. Union File System (UnionFS)
4. Container Image (Container Image)
5. Container

2.1 Namespace

Namespace (Namespace) : A namespace is an isolation mechanism that can isolate system resources, and each namespace has its own resource view.

Docker uses namespaces to isolate file systems, networks, processes, users, and IPC.

Commonly used namespaces in Docker 

Specifically, the commonly used namespaces in Docker include the following:

1. File system namespace (Mount Namespace): Each container has its own file system namespace, which can mount its own file system in the container and isolate the file systems of other containers. In this way, the view of the file system in the container is different from that of the host and other containers, and the isolation of the file system can be realized.

2. Network Namespace (Network Namespace): Each container has its own network namespace, which can have its own network devices, IP addresses, routing tables, etc., and is isolated from the host and other containers. In this way, the network view in the container is different from that of the host machine and other containers, and network isolation can be achieved.

3. Process namespace (PID Namespace): Each container has its own process namespace and can have its own process ID space, which is isolated from the host and other containers. In this way, the process view in the container is different from that of the host machine and other containers, and the process isolation can be realized.

4. User Namespace: Each container has its own user namespace and can have its own user ID space, which is isolated from the host and other containers. In this way, the user view in the container is different from that of the host machine and other containers, and user isolation can be achieved.

5. IPC Namespace (IPC Namespace): Each container has its own IPC namespace, and can have its own System V IPC and POSIX message queue, etc., isolated from the host and other containers. In this way, the IPC view in the container is different from that of the host and other containers, and IPC isolation can be achieved.

2.2 Control group (Cgroup)

Control group (Cgroup) : A control group is a resource limitation mechanism that can limit the resource usage of a process, such as CPU, memory, disk, and network. Docker uses control groups to limit and manage container resources.

Commonly used control groups 

Commonly used control groups in Docker include the following:

1. CPU control group : You can limit the time slice and number of CPU cores used by the container to prevent the container from occupying too much CPU resources and affecting the performance of other containers and the host.

2. Memory control group : You can limit the memory size and swap space used by the container, etc., to avoid the container from occupying too much memory resources, resulting in insufficient memory on the host.

3. I/O control group : It can limit the speed and bandwidth of resources such as disk and network bandwidth used by containers, so as to prevent containers from occupying too many I/O resources and affecting the performance of other containers and hosts.

4. Device control group : It can limit the authority and scope of the container to access and use the device, so as to prevent the container from causing damage or impact on the host's device. 

 2.3  Union File System (UnionFS)

Union File System (UnionFS) : A union file system is a file system hierarchy that can combine multiple file systems into a single file system. Docker uses a joint file system to implement layering and sharing of images, reducing storage space usage.

The commonly used union file system in Docker is AUFS (Another UnionFS). AUFS is a file system implemented based on the union file system, which can merge multiple file systems into one file system, and supports mirror layering and sharing.

In Docker, each container has its own view of the file system, and the container is isolated from the file system view of the host machine and other containers.

Docker uses AUFS to implement layering and sharing of container images. The basic principles are as follows:

1. Each Docker image is composed of multiple read-only layers (Layer), and each layer is a file system.
2. When the container starts, Docker uses AUFS to combine multiple read-only layers into one writable layer (Writable Layer), which serves as the root file system of the container.
3. When the container modifies the file system, Docker will save the modified content in the writable layer without affecting the original read-only layer.
4. When creating a new container, Docker can share the existing read-only layer, thereby speeding up the creation and deployment of the container.

2.4 Container Image (Container Image)

Container Image : A container image is the packaging format of an application, which contains information such as the code, dependencies, and configuration of the application.

Docker uses Dockerfile and Union File System to build container images, which can quickly create and deploy applications.

In Docker, each container is built from one or more images. Through Docker's image layering and sharing mechanism, multiple images can be combined to form a complete container image.

The layering mechanism of the Docker image can greatly reduce the storage space and improve the reusability and scalability of the image.

Docker images can be defined and built through Dockerfile.

Dockerfile is a text file that contains a series of instructions and parameters to instruct Docker to build an image. Through the Dockerfile, you can specify the base image of the container image, the software packages to be installed, configuration files, and startup instructions.

The management and distribution of Docker images can be achieved through Docker Hub and private warehouses. Docker Hub is a public Docker image warehouse, which contains tens of thousands of commonly used images, where users can search and download the images they need. A private repository is a Docker image repository built and managed by the user, which can be used to store and distribute custom images.

Image build example

Here is an example Dockerfile for a backend Java build image:

dockerfile

# 基础镜像
FROM openjdk:11-jdk

# 镜像作者信息
MAINTAINER Your Name <[email protected]>

# 设置工作目录
WORKDIR /app

# 复制项目文件到镜像中
COPY ./target/my-application.jar /app/my-application.jar

# 设置容器启动命令
CMD ["java", "-jar", "/app/my-application.jar"]

The base image of this Dockerfile is openjdk:11-jdk, which is the Java 11 development environment.

Then set the working directory of the container to /app, and copy the my-application.jar file generated by the project build to the /app directory in the image.

Finally, set the container startup command to java -jar /app/my-application.jar, that is, use the Java command to start the application.

Construct

When building an image, you can use the following commands:

docker build -t my-application .

Among them, the -t parameter specifies the name and label of the image, namely my-application.

The last . indicates that the Dockerfile in the current directory is used for construction.

run

Once the build is complete, the container can be run with the following command:

docker run -p 8080:8080 my-application

Among them, the -p parameter specifies the port mapping between the host and the container, that is, port 8080 of the container is mapped to port 8080 of the host.

my-application is the name and label of the previously built image.

2.5 Containers

Container : A container is a running instance of an image that can run applications within the container.

Docker uses namespaces and control groups to isolate and restrict containers, providing a lightweight and isolated operating environment.

Container (Container) is an important concept in Docker, which is a running instance created by Docker image. A container can be regarded as an independent and isolated operating environment, which contains information such as the application's runtime environment, file system, and network configuration.

In Docker, each container is built from one or more images. Through Docker's image layering and sharing mechanism, multiple images can be combined to form a complete container image. In the container, any application can be run, including web application, database, message queue, cache, etc.

Docker container features

Docker containers have the following characteristics:

1. Lightweight: Containers are a lightweight virtualization technology. Compared with traditional virtual machines, containers can be started and destroyed faster and consume fewer resources.

2. Isolation: Each container is an independent operating environment, isolated from the host and other containers, which can avoid conflicts and interference between applications.

3. Portability: Containers can run on different platforms and environments, with good portability and repeatability.

4. Scalability: Containers can be easily scaled up and down, and the number of containers and resource allocation can be automatically adjusted according to the load of the application.

In Docker, the management and operation of containers can be realized through the Docker command line tool. You can use the docker run command to create and start a container, use the docker stop command to stop the container, use the docker rm command to delete the container, and use the docker ps command to view the running status of the container, etc.

In short, a container is an important concept in Docker. It is a running instance created by a Docker image and can be regarded as an independent and isolated running environment. The Docker container has the characteristics of light weight, isolation, portability and scalability, and provides an efficient and reliable way for the deployment and management of applications.

Simple operation commands for containers

The following are some commonly used Docker container operation commands:

1 Create and start the container:

docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

Among them, OPTIONS is some optional parameters, such as -p specifies port mapping, -v specifies data volume mounting, -e specifies environment variables, etc.; IMAGE is the image name and label to be used; COMMAND and ARG are optional container startup commands and parameters.

For example, create and start a container based on the nginx:latest image, and map port 80 of the host to port 80 of the container:

docker run -p 80:80 nginx:latest

2 View the running status of the container:

docker ps [OPTIONS]

Among them, OPTIONS is some optional parameters, such as -a means to view all containers, -q means to output only the container ID, etc.

For example, to view all currently running containers:

docker ps

3 Stop the container:

docker stop [OPTIONS] CONTAINER [CONTAINER...]

Among them, OPTIONS is some optional parameters, such as -t specifies the timeout for stopping the container.

For example, to stop a container named my-container:

docker stop my-container

4 Start the stopped container:

docker start [OPTIONS] CONTAINER [CONTAINER...]

Among them, OPTIONS is some optional parameters, such as -a means to start all stopped containers.

For example, to start a container named my-container:

docker start my-container

5 Delete the container:

docker rm [OPTIONS] CONTAINER [CONTAINER...]

Among them, OPTIONS is some optional parameters, such as -f means to force delete the container, even if the container is running.

For example, to delete a container named my-container:

docker rm my-container

6 Enter the container:

docker exec [OPTIONS] CONTAINER COMMAND [ARG...]

Among them, OPTIONS is some optional parameters, such as -it specifies to use an interactive terminal to enter the container.

For example, enter a container named my-container, and use the bash command:

docker exec -it my-container bash

The above are some commonly used Docker container operation commands, which can be used to create, start, stop, delete, and enter containers to achieve container management and operation.

2.6 Summary 

The implementation principle of Docker is mainly based on the container technology of the Linux kernel. Through components such as namespaces, control groups, joint file systems, container images, and containers, functions such as isolation, restriction, packaging, and deployment of applications are realized. These components cooperate with each other to realize the efficient, reliable, portable and safe features of Docker.