[Docker] Understand and use Docker

Containers are a standardized technology for encapsulating software and related environments , providing a lightweight, portable, efficient and secure way to run applications. It allows developers to run applications in the same way on different operating systems and environments.

In layman's terms, a container is a place to store things, just like a schoolbag can hold various stationery, a wardrobe can hold various clothes, and a shoe rack can hold various shoes. The things we are talking about in containers may be more biased towards applications such as websites, programs and even system environments.

Containers typically consist of one or more operating system layers, including the operating system kernel, runtime and associated libraries, as well as applications and their dependencies.

The emergence of containers can be traced back to the 1970s, when people began to use technologies similar to container technology, such as chroot, OpenVZ, and LXC. These technologies allow users to run applications in restricted environments, but they often require manual configuration and management. Container technology has become more popular with the rise of Docker.

Advantages of containers

Portability: Containers allow developers to package an application and its dependencies into a portable container that can be deployed and run in different environments.
Flexibility: Container technology allows developers to create, modify, and delete containers as needed to quickly respond to changing requirements.
Efficiency: Container technology allows developers to package an application and its related dependencies into a single container so that resources can be shared across multiple environments, resulting in higher resource utilization and lower costs.
Security: Container technology provides some security features, such as isolation, permission control, and encryption, to ensure the security of applications and data.

What is Docker?

Docker, translated as Docker, is an open source application container engine .

Docker is a container technology based on Linux container (LXC). The whole project is developed based on the Go language and adopts the Apache 2.0 protocol. It allows developers to package an application and its dependencies into a portable container for rapid deployment and operation in different environments.

It uses a sandbox mechanism completely, and there will be no interface between each other. There is almost no performance overhead, and it can be easily run on machines and data centers. Most importantly, they are not dependent on any language, framework or packaging system.

Users can easily create and use containers, and put their own applications into containers. Containers can also perform version management, copy, share, and modify , just like managing ordinary code.

Docker official website: https://www.docker.com docker Chinese library: docker Chinese community, docker help, docker manual, docker tutorial, docker installation manual - docker Chinese community

Docker thought

The idea of Docker is to package the application and its dependencies into a standardized and portable container, so that the application can run quickly and reliably in different environments, and realize the lightweight, isolation and portability of the application. Its ideas are mainly reflected in the following aspects:

Container: Docker packages the application and all its dependencies into a container, and the application inside the container can run in a completely independent environment, isolated from other applications and systems outside the container, similar to the concept of a container.
Standardization: Docker enables containers to easily run on different machines and environments through standardized API interfaces and formats, similar to the standardized transportation and storage methods of containers.
Isolation: Docker can run multiple containers on one machine, each container is isolated from each other, has an independent environment and resources, and will not interfere with each other, similar to the isolation and independence of containers on a ship.
Lightweight: Compared with traditional virtualization technologies, Docker containers are more lightweight, start and stop faster, occupy less resources, and can use computing resources and management costs more efficiently.
Portability: Docker containers can run on different machines and environments, making it easier for developers to deploy applications from one environment to another, improving the efficiency of development, testing, and deployment.

Why use Docker?

Consistent operating environment: The Docker image provides a complete runtime environment except the kernel, ensuring the consistency of the application operating environment, so that there will be no more problems such as "this code is fine on my machine".
Faster startup time: It can achieve second-level or even millisecond-level startup time, which greatly saves development, testing, and deployment time.
Isolation: Avoid public servers, resources will be easily affected by other users.
Elastic Scaling: Good at handling the pressure of concentrated burst server usage.
Easy Migration: Rapid expansion can easily migrate applications running on one platform to another platform without worrying about changes in the operating environment causing the application to fail to run normally.
Continuous delivery and deployment: Using Docker, you can achieve continuous integration, continuous delivery, and deployment by customizing application images.

Containers vs Virtual Machines

Containers and virtual machines have similar resource isolation and allocation benefits, but function differently:

Virtual machine technology virtualizes physical hardware, which can make full use of hardware resources, and resources between virtual machines are isolated. Multiple applications can be deployed, which reduces costs, but virtual machines need to be installed with an operating system, which also causes waste of resources.
Containers encapsulate and isolate processes , which is a virtualization technology at the operating system level. Containers are easier to transplant and more efficient.

Virtual machines are better at completely isolating the entire operating environment . For example, cloud service providers usually use virtual machine technology to isolate different users. And Docker is usually used to isolate different applications , such as front-end, back-end and database.

Basic Concepts in Docker

There are three very important basic concepts in Docker. After understanding these three concepts, you can understand the entire life cycle of Docker. They are today's highlight: mirror (Image), container (Container), warehouse (Repository).

mirror image

The operating system is divided into kernel space and user space. For Linux, after the kernel starts, the root file system will be mounted to provide user space support. The Docker image is equivalent to a root file system .

A Docker image is a special file system. In addition to providing the programs, libraries, resources, and configuration files required for the container to run, it also contains some configuration parameters (such as anonymous volumes, environment variables, users, etc.) prepared for the runtime. Images do not contain any dynamic data, and their contents are not changed after they are built .

When Docker was designed, it took full advantage of Union FS technology and designed it as a hierarchical storage architecture. Mirroring is actually composed of multi-layer file systems.

When the image is built, it will be built layer by layer, and the previous layer is the basis of the next layer. After each layer is built, it will not change again, and any changes on the next layer only occur on its own layer. For example, the operation of deleting a file in the previous layer does not actually delete the file in the previous layer, but only marks the file as deleted in the current layer . When the final container is running, although this file will not be seen, in fact, the file will always follow the image. Therefore, when building an image, you need to be extra careful. Each layer should only contain what needs to be added to that layer, and any extra things should be cleaned up before the end of the layer's construction.

The feature of hierarchical storage also makes the reuse and customization of images easier. You can even use the previously built image as the base layer, and then further add new layers to customize what you need and build a new image.

Container

The relationship between the image (Image) and the container (Container) is like the class and instance in object-oriented programming. The image is a static definition, and the container is the entity of the image runtime . Containers can be created, started, stopped, deleted, paused, etc.

The essence of a container is a process , but unlike a process directly executed on the host, a container process runs in its own independent namespace. As mentioned earlier, images use hierarchical storage, and so do containers.

The life cycle of the container storage layer is the same as that of the container. When the container dies, the container storage layer also dies. Therefore, any information stored in the storage layer of the container will be lost when the container is deleted.

According to the best practices of Docker, containers should not write any data into their storage layer , and the container storage layer should remain stateless. All file writing operations should use data volumes (Volume) or bind host directories. Reading and writing in these locations will skip the container storage layer and directly read and write to the host (or network storage), which has higher performance and stability. The life cycle of the data volume is independent of the container. When the container dies, the data volume will not die. Therefore, after using the data volume, the container can be deleted and re-run at will, but the data will not be lost .

Warehouse (Repository)

After the image is built, it can be easily run on the current host. However, if we need to use this image on other servers, we need a centralized storage and image distribution service. Docker Registry is such a service.

A Docker Registry can contain multiple warehouses (Repository); each warehouse can contain multiple tags (Tag); each tag corresponds to a mirror image. So: the mirror warehouse is the place where Docker uses to centrally store mirror files, similar to the code warehouse we used before .

Usually, a warehouse will contain images of different versions of the same software, and tags are often used to correspond to each version of the software. We can use the format of <warehouse name>:<label> to specify which version of the software is the mirror image. If no tag is given, latest will be used as the default tag.

Here is a supplement to the concept of Docker Registry public service and private Docker Registry:

The Docker Registry public service is a Registry service that is open to users and allows users to manage images. Generally, such public services allow users to upload and download public images for free, and may provide paid services for users to manage private images. The most commonly used Registry public service is the official Docker Hub, which is also the default Registry, and has a large number of high-quality official mirrors. The URL is: https://hub.docker.com/open in new window.
Users can build a private Docker Registry locally. Docker officially provides a Docker Registry image, which can be used directly as a private Registry service. The open-source Docker Registry image only provides the server-side implementation of the Docker Registry API, which is sufficient to support docker commands without affecting usage. However, it does not include a graphical interface, and advanced functions such as image maintenance, user management, and access control.

Docker architecture

If we want to use Docker to operate images and containers, we must install Docker.

Docker is a program of CS architecture, which consists of two parts:

Server (server): Docker daemon process, responsible for processing Docker instructions, managing images, containers, etc.
Client (client): Send instructions to the Docker server through commands or RestAPI. Commands can be sent to the server locally or remotely.

common commands

basic command

docker version # 查看docker版本
docker images # 查看所有已下载镜像，等价于：docker image ls 命令 
docker container ls # 查看所有容器 
docker ps #查看正在运行的容器 
docker image prune # 清理临时的、没有被使用的镜像文件。-a, --all: 删除所有没有用的镜像，而不仅仅是临时文件；

The address of the help document: Reference documentation | Docker Documentation

pull image

docker search mysql # 查看mysql相关镜像 
docker pull mysql:5.7 # 拉取mysql镜像 
docker image ls # 查看所有已下载镜像

delete mirror

For example, we want to delete the mysql image we downloaded. Before deleting an image via docker rmi [image] (equivalent to docker image rm [image]), first make sure that the image is not referenced by the container (can be deleted by label name or image ID). You can view it through the docker ps command we mentioned earlier

➜  ~ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                               NAMES
c4cd691d9f80        mysql:5.7           "docker-entrypoint.s…"   7 weeks ago         Up 12 days          0.0.0.0:3306->3306/tcp, 33060/tcp   mysql

You can see that mysql is being referenced by the container whose id is c4cd691d9f80. We need to suspend the container through docker stop c4cd691d9f80 or docker stop mysql first. Then check the id of the mysql image

➜  ~ docker images
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
mysql                   5.7                 f6509bac4980        3 months ago        373MB

Delete by IMAGE ID or REPOSITORY name

docker rmi f6509bac4980 # 或者 docker rmi mysql

Today's sharing of Docker is over here. I believe you have a basic understanding of Docker. In the next article, we will perform actual installation and install Docker on our server.