Let's talk about Docker
What is Docker?
definition
Docker is an open source application container engine.
Simply put, it is software based on container virtualization technology. The application and the dependent packages can be packaged into a portable image and released to run on Linux or Windows. (code + runtime environment)
Comparison of virtual machine and container technology
virtual machine
Virtual machines can efficiently use computer resources (for example, they can solve problems such as port conflicts of the same service, different program dependencies, and process restrictions) . Common virtual machines include: vmware, virtualbox .
The underlying principle of a virtual machine is based on a hypervisor (hardware abstraction layer) , also called a virtual machine monitor (VMM) .
container technology
Is a sandbox technology, there will be no interface between each other. Run the application in the container, and the containers are isolated.
Container technology pays more attention to the application itself, the sharing and reuse of applications and dependent environments.
Linux Container (LXC for short) is a lightweight operating system layer virtualization technology for the kernel. The containerization technology is implemented based on LXC.
Comparison of Four Dimensions
It can be seen from this that why container technology appears and why container technology is so popular is because virtual machines have pain points, and container technology was born to solve these pain points. And Docker is the representative of containerization technology.
Application scenarios of Docker
Docker's Implementation Principles and Advantages
Docker's technical architecture
Docker is a product launched by dotCloud in 2013, written in GO language.
Docker has two release versions , namely CE (Community Edition, Community Edition) and EE (Enterprise Edition, Enterprise Edition).
Docker is a C/S architecture. The client (docker cli, execution program) communicates with the daemon process (docker daemon, providing Docker services) through the command line and API.
To give a specific example, in a common virtual machine implementation, we need to build a set of LNMP-structured services. We usually create a virtual machine, install a Linux system in the virtual machine, and then install Nginx, MySQL, and PHP respectively.
In Docker, the best practice is to build three containers based on the images of Nginx, MySQL, and PHP respectively, running Nginx, MySQL, and PHP respectively, and the virtual operating systems where they are located are also directly shared with the operating system of the host machine.
Docker's implementation principle
Linux three technologies
The realization of Docker is mainly attributed to the three major technologies of Linux: Namespaces, Control Groups and Union File System.
Namespaces¶
In a programming language, the main purpose of a namespace is to collect classes of the same module and distinguish classes with the same name between different modules.
The namespace of the Linux kernel is the ability to divide computer resources into separate spaces.
Such as User Namespace, Net Namespace, PID Namespace, Mount Namespace and so on.
Using PID Namespace, Docker achieves the goal of isolating processes in containers while isolating programs.
Control Groups
The role of resource control groups is to control computer resources . CGroups mainly does the isolation of hardware resources. In addition to the isolation of resources, there is also the key role of resource allocation.
Through CGroups, we can specify the occupancy value or occupancy rate of any resource in any isolation environment , which is a very useful function for many distributed usage scenarios.
Union File System
A file system that can mount different actual files or folders to the same directory at the same time to form a joint file structure.
Docker uses it to solve the problem that the virtual environment occupies too much of the file system, and realizes the rapid start and stop of the virtual environment.
Docker greatly reduces the physical storage space occupied by the virtual file system. (Example: Git, every time a commit is made in Git, Git does not package all our content into a version, but only records the modified part, so that even after we commit many times, the space occupied by the code base will not multiplier)
Advantages of Docker
- Application security, portability and cost savings;
- Make automated deployment easier (continuous integration CI and continuous deployment CD, fast delivery);
- Accelerate the modernization process of application architecture (such as microservice architecture);
- Make full use of server resources;
- Cross-platform deployment and dynamic scaling (such as using K8s orchestration tool management).
Docker installation
macos install
Installation tutorial: https://www.runoob.com/docker/macos-docker-install.html
windows installation
Installation tutorial: https://www.runoob.com/docker/windows-docker-install.html or
https://blog.58heshihu.com/index.php/archives/286/
Linux installation
centos:https://www.runoob.com/docker/centos-docker-install.html
ubuntu:https://www.runoob.com/docker/ubuntu-docker-install.html
The four core components of Docker
mirror image
It can be understood as a read-only file package, which contains the content of the most primitive file system running in the virtual environment.
View the mirror list: docker images
Image naming format: developer/image name: version number
Pull: docker pull image name
Search: docker search image name // search from docker hub
Image details: docker inspect image name/ID
Delete image: docker rmi image name/ID
Container
Introduction
In container technology, a container is the infrastructure used to isolate a virtual environment, and in docker, it is also extended to an isolated virtual environment.
container includes
- A Docker image
- a program execution environment
- an instruction set
container life cycle
- Created: The container has been created, and the related resources required by the container are ready, but the program in the container is not yet running
- Running: The container is running, that is, the application in the container is running
- Paused: The container is paused, indicating that all programs in the container are in a paused (not stopped) state
- Stopped: The container is in a stopped state, and the occupied resources and sandbox environment still exist, but the applications in the container have been stopped
- Deleted: The container has been deleted, and related resources and management information stored in Docker have also been released and removed
Common commands
View a list of running containers: docker ps
All containers: docker ps -a
Create a startup container: docker run --name redis -d redis:5.0.15
Stop the container: docker stop container name/ID
Start/restart container: docker start/restart container name/ID
Delete container: docker rm [-f] //-f is mandatory, you can delete the running container
Enter the container: docker exec -it redis bash // inside the container is a virtual Linux
View container error information: docker logs container ID
Network
The container network is essentially part of the virtual environment created by Docker for the application, which allows the application to be independent from the network environment of the host operating system, forming the container's own network device, IP protocol stack, port socket , IP routing table, firewall and other network-related modules.
-
Sandbox (Sandbox) provides the virtual network stack of the container, which is the content of the port socket, IP routing table, firewall, etc. mentioned above. Its implementation isolates the container network from the host network, forming a completely independent container network environment
-
Network (Network) can be understood as a virtual subnet inside Docker, and participants in the network can see each other and communicate. This kind of virtual network of Docker is also isolated from the host network, and its purpose is mainly to form a secure communication environment between containers
-
Endpoint (Endpoint) is a hole located above the container or network isolation wall, and its main purpose is to form a controllable entrance and exit to break through the closed network environment. When the endpoint of the container is paired with the endpoint of the network, it is like building a bridge between the two, and data transmission can be carried out
[External link picture transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the picture and upload it directly (img-KuxNurAy-1692625431644)(http://flt-pan.58heshihu.com/blog/typecho/llkx21og.png )]
There are 5 types of network drivers in the Docker container network , namely: Bridge Driver (bridge default), Host Driver, Overlay Driver (cluster), MacLan Driver, None Driver.
Ports can be used to access between containers and between the host and the container.
Common commands
View network list: docker network ls
The container joins the network:
docker run -d --name mysql -e MYSQL_RANDOM_ROOT_PASSWORD=yes --network network_name mysql:5.7
docker run -d --name php --link mysql --network network_name php:latest
Port Mapping:
docker run -d --name nginx -p 8080:80 nginx:1.12 //80 is the port of the container, and 8080 can be the port of the host or other containers
Data volume (Volume)
In Docker, the files or directories for data sharing or persistence through bind mount, volume, and tmpfs mount are called volumes.
There are 3 mounting methods for Docker data volumes , namely: Bind Mount, Volume, Tmpfs Mount
-
Bind Mount can directly mount directories and files in the host operating system to the file system in the container. By specifying the path outside the container and the path inside the container, a mount mapping relationship can be formed. The reading of files inside and outside the container write, are mutually visible
-
Volume also mounts the directory from the host operating system into the container, but the mounted directory is managed by Docker. We only need to specify the directory in the container, and we don’t need to care about where it is mounted in the host operating system.
-
Tmpfs Mount supports mounting part of the system memory to the container's file system, but due to the characteristics of memory and containers, its storage is not persistent, and its contents will disappear as the container stops
Bind mount method:
docker run -d --name nginx_test -v /nginx/html:/usr/share/nginx/html nginx
View the container hanging in the file:
docker exec nginx_test ls /usr/share/nginx/html
Sharp tool docker-compose
docker-compose is a tool for defining and running multi-container Docker applications (integrated deployment), using docker-compose to efficiently manage containers.
Steps for usage:
1. Dockerfile defines the environment of the application (customize your own image source)
2. docker-compose.yml defines the services that make up the application, and executes multiple containers together
3. docker-compose up starts and runs the entire application
Note: Linux requires Install docker-compose separately, macos and windows have been integrated
Practical Cases - Building an LNMP Environment
Source code download: https://github.com/zhangdejian/docker_lnmp.git
Please refer to my other blog: https://learnku.com/articles/39417 (Dockerfile way to customize lnmp environment)
Shortcomings of Docker
- Must run on a 64-bit machine, currently only supports x86_64 and AMD64;
- The Linux kernel of the system must be 3.8 or newer;
- The kernel must support cgroups and namespaces;
- Docker has limited management of disk;
- The network management is relatively simple, mainly due to the isolation of the namespace;
6. The container is destroyed as the user process stops, and user data such as logs in the container are not convenient to collect.
Docker learning resources
Official website: https://docs.docker.com/engine/reference/run/
Chinese manual: https://docker_practice.gitee.io/zh-cn/basic_concept/image.html
Rookie tutorial: https://www.runoob .com/docker/docker-tutorial.html
Nuggets Community: https://juejin.cn/tag/Docker
Open Source China: https://www.oschina.net/question/tag/docker
SegmentFault: https://segmentfault .com/t/docker
Recommended introductory books: "Docker Technology Introduction and Practical Combat" , "Docker Advanced and Practical Combat" Huawei team
Kanyun: "Docker - From Getting Started to Practice"
Excellent article:
CentOS install docker
Dockerfile way to customize lnmp environment
Docker Build Jenkins to realize automatic deploymentDocker
+LNMP+Jenkins+ code cloud realize PHP code automatic
deploymentDocker operation command collection