docker storage mount comparison

Enterprise 2023-10-03 05:56:52 views: null

docker storage overview

Friends who are familiar with docker know that docker images exist with the concept of layer. They are superimposed layer by layer and eventually become the image we need. But each layer of the image is ReadOnly. The read and write layers are only created when we run the container. File system isolation enables:

  • When the container is no longer running, the data does not persist and is difficult to get out of the container.
  • Data migration cannot be performed well between different hosts.
  • Writing data to the container's read-write layer requires the kernel to provide a federated file system, which additionally reduces performance.

Docker provides three different ways to mount data into the container, volume, bind mount (-v mapping), tmpfs

volume mode

Volume method is the best way to persist data in docker

  • By default, docker will have a specific area on the host (Linux system: /var/lib/docker/volumes/), which is used to store volumes.
  • Non-docker processes should not modify files in this directory.
  • Volume can be managed through docker volume, such as creation, deletion and other operations
  • Volume will be generated randomly if you do not specify a name when generating it.
[root@localhost ~]# ls /var/lib/docker/volumes/
ea73bac7843b4d05c08dc758ef15a5b3fc1070f3de8b3361dd40c3c58247c98f 
ffa4846b581c1a50a01e7a12a6342ad2aaa442701a35ae56ef2f0e5d7888b22c
  • The volume will continue to exist when the container is stopped or deleted. If you want to delete it, you need to display a statement.
Related use cases
  • Data is shared between multiple containers. The volume still exists when the container is stopped or deleted. The same volume can be loaded between multiple containers.
  • When the host cannot guarantee a specified directory or file structure
  • When backup, restore, or data migration between hosts is required, stop the container and back up the volume's directory
Usage

Volume is recommended as the preferred method in docker. Compared with bind mount (-v), it has the following advantages:

  • Compared with bind mount, volume is easier to back up or migrate
  • Can be managed using Docker CLI (Command Line Interface) commands or Docker API (Interface)
  • volume works on both Linux and Windows containers
  • Volumes can be shared more securely between multiple containers
  • The volume driver allows you to provide storage, encryption, or other functionality on a remote host or cloud
  • The contents of the new volume can be pre-populated by the container
Create a management volume
[root@localhost ~]# docker volume create my-vol   创建卷
my-vol
[root@localhost ~]# docker volume ls   查看卷列表
DRIVER              VOLUME NAME
local               1ad4af809485ff974988b79fdc3ada634c0b14b1324d9581369fd3b161632115
local               my-vol
local               portainer_data
[root@localhost ~]# docker volume inspect my-vol     查看卷信息
[
    {
        "CreatedAt": "2019-03-01T19:40:26+08:00",
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/my-vol/_data",
        "Name": "my-vol",
        "Options": {},
        "Scope": "local"
    }
]
[root@localhost ~]# docker volume rm my-vol       删除卷
my-vol
[root@localhost ~]# docker volume ls
DRIVER              VOLUME NAME
local               1ad4af809485ff974988b79fdc3ada634c0b14b1324d9581369fd3b161632115
local               portainer_data
Start a container using a volume

as follows:

[root@localhost ~]# docker volume create my-vol2
my-vol2


方法一:
[root@localhost ~]# docker run -d -it --name storage-test -p 80:80 --mount source=my-vol2,target=/app nginx:latest
77d559ebcdb47e9b54b7023bbb6b7bf0a7135dc7458bb68c49311e1140251901


方法二   
[root@localhost ~]# docker run -d -it --name storage-test -p 80:80 -v myvol2:/app nginx:latest


[root@localhost ~]# docker inspect storage-test
 "Mounts": [
            {
                "Type": "volume",      
                "Name": "my-vol2",     
                "Source": "/var/lib/docker/volumes/my-vol2/_data",
                "Destination": "/app",
                "Driver": "local",
                "Mode": "z",
                "RW": true,
                "Propagation": ""
            }

Note: The volume has the correct Source and Destination and is readable and writable.

Stop containers and clean volumes
[root@localhost ~]# docker stop storage-test  #停止容器
storage-test
[root@localhost ~]# docker rm storage-test  #删除容器
storage-test
[root@localhost ~]# docker volume rm my-vol2   #删除卷
my-vol2

Learning link
When starting the service, if the Driver is local, no container can share this data. In addition, service can only use the --mount flag.

Using volume driver
When using docker volume create to create a volume or start a container that has not yet created a volume, you can specify the volume driver.
In the following example, the volume driver is first used when creating an independent volume, and then the volume driver is used when starting the container that creates the new volume.
Initial Setup
This example assumes you have 2 nodes, the first is a docker host and you can connect to the second node using SSH.
Install the vieux/sshfx plug-in on the docker host:

$ docker plugin install --grant-all-permissions vieux/sshfs

Creating volumes using volume driver
An SSH password is specified below, but the password can be omitted if the 2 hosts shared key is configured. Each volume driver can have multiple configuration options, specified using the -o flag.

$ docker volume create --driver vieux/sshfs \
  -o sshcmd=test@node2:/home/test \
  -o password=testpassword \
  sshvolume

Use the volume driver when creating a container.
It should be noted here that if you need to use options in the command, you must use --mount instead of -v.

$ docker run -d \
  -it \
  --name sshfs-container \
  --volume-driver vieux/sshfs \
  --mount src=sshvolume,target=/app,volume-opt=sshcmd=test@node2:/home/test,volume-opt=password=testpassword \
  nginx:latest

bind mount method

Through the bind mount method, you can mount any file or directory (absolute path) on your host into the container.

  • Mounted files or directories can be modified by any process, so sometimes modifications to the file or directory in the container will affect other processes.

  • If the file or directory to which the host is mounted does not exist, it will be created automatically.

  • This method cannot be managed through the command: docker volume

Related use cases:

bind mounts are generally used in the following ways:

  • What is mounted is a file, because only the bind mount method can mount files.

  • Share configuration files from the host to the container. By default, docker will bind files similar to /etc/resolv.conf for DNS resolution.

  • The host shares source code or build tools with the container. For example, you can mount the Maven target/ into the container, and every time the Maven project is built on the host, the container will have access to the rebuilt artifacts.

  • When the host's file or directory structure is consistent with that required by the container.

If you mount an empty file or directory to a container and there are files in the directory in the container, these files will be copied to the directory on the host. If you mount a non-empty file or directory to a container and there are files in the directory in the container, the files in the container will be hidden.

Comparison between volume and -V methods

volume means volume mount volume, -v means bind mount

type -v volume
volume position Can be specified arbitrarily /var/lib/docker/volumes/…
Impact on existing mount points Hide and replace with volume Copy original data to volume
Whether to support single file support Not supported, it can only be a directory
Permission control Can be set to read-only, default is read and write permissions No control, all have read and write permissions
Portability Weak portability, bound to host path Strong portability, no need to specify the host directory

tmpfs mode

tmpfs, only stores in the host system's memory and does not write to the host's file system.

Related use cases:

tmpfs is generally used when security is important and data does not need to be persisted.

How to use:

It goes without saying that the relationship between –tmpfs and --mount is the same as the previous two methods. The difference between them is:

  • –tmpfs does not allow any configurable options to be specified
  • –tmpfs cannot be used with swarm service, you must use --mount

Using tmps in the container

Guess you like

Origin blog.csdn.net/cljdsc/article/details/132866545
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com