docker run principles outlined
Client-Server Architecture
- docker daemon running on the host
systemctl start docker - daemon process accepts commands from the client (docker command) to run through the socket of each container management
- A container is a runtime environment, it can be seen as a running Linux system Lite
docker container technology vs virtual machine technology (VMware, etc.)
- Comparative angle: the program is running system storage footprint, operating performance, portability (analog JDK).
- Is no longer necessary Hypevisor hardware resource virtualization abstraction layer, a program running on the container docker direct use of hardware resources actual physical host machine, so there are obvious advantages in the CPU and memory utilization.
- When docker a new container is used as the host of the core . When a new VMware virtual machine, you need to load GuestOS kernel (downloadable on various os VMware), this process is at least minute levels, while docker new vessel is the second level.
- The official comparison chart ↓
- docker
- virtual machine
- docker
docker image theory
What is mirroring
- Lightweight, standalone executable package
- Run a packaged software (such as tomcat mirror) required for all content, including:
- Code (tomcat Code)
- Runtime environment (OS, JDK)
- Dependent libraries
- Environment Variables
- Configuration files, etc.
- The underlying foundation is Union File System (Joint File System)
- UnionFS: A layered, lightweight, high-performance file system that supports changes to the file system as a submission to the superposition of layers , but also support the different directory is mounted to the same virtual file system.
- A mirror composed of layers of the file system, by layering inherit. Based on the base image, you can produce a variety of specific applications image .
- 镜像运行时,一次联合加载多个文件系统,根据继承关系进行叠加,最终外部只看到一个文件系统,但拥有了完整的文件和目录结构。
镜像加载原理
- 镜像实际有一层层的文件系统组成,即UnionFS。
- 文件系统层级中主要关注bootfs和rootfs
- bootfs包括BootLoader和kernel(操作系统内核),BootLoader主要是引导加载kernel。同Linux,docker镜像最底层是bootfs。Linux系统启动时,会加载bootfs,然后BootLoader加载kernel(Linux内核)至内存,完成之后内存的使用权由bootfs转移给内核,接着卸载掉bootfs。
- rootfs包含了我们熟悉的Linux文件目录结构:/dev/ /proc/ /bin/ /etc/ 等。对于不同的Linux发行版(Ubuntu、centos等),bootfs基本一致(内核相同,都是Linux-kernel),而rootfs会有差别。
- why一个centos的docker镜像只有200M,而VMware的centos系统镜像几个G?
- 对于一个精简的Linux系统,rootfs可以很小,只需要包括最基本的命令、工具和程序库就OK了。
- docker容器共用了宿主机的系统内核,只需要提供精简的rootfs就OK,所以docker的os镜像体积可以这么小,因此可以把docker容器看做一个精简的Linux系统。
- why一个tomcat的docker镜像反而比一个centos的docker镜像大得多
- 每个应用级别的docker镜像,都是源于基础镜像(联合文件系统),类比Java中的Object类,一层层继承得到的。
centos镜像拉取:
[root@richardCentos ~]# docker pull centos Using default tag: latest latest: Pulling from library/centos d8d02d457314: Pull complete Digest: sha256:307835c385f656ec2e2fec602cf093224173c51119bbebd602c53c3653a3d6eb Status: Downloaded newer image for centos:latest docker.io/library/centos:latesttomcat镜像拉取:
[root@richardCentos ~]# docker pull tomcat Using default tag: latest latest: Pulling from library/tomcat 9cc2ad81d40d: Pull complete e6cb98e32a52: Pull complete ae1b8d879bad: Pull complete 42cfa3699b05: Pull complete 8d27062ef0ea: Pull complete 9b91647396e3: Pull complete 7498c1055ea3: Pull complete a183d8c2c929: Pull complete 73dd800dda4c: Pull complete 2bc71ef979ec: Pull complete Digest: sha256:80db17f3efd9cdcd9af7c799097fe0d223bbee8f25aa36234ab56292e3d8bd7b Status: Downloaded newer image for tomcat:latest docker.io/library/tomcat:latest- Obviously, tomcat need to join the mirror more, imagine this inheritance:
Kernel <CentOS <the JDK <Tomcat
- docker image are read-only, but when the container starts a new writable layer is loaded to the top of the mirror, this layer is called "container layer," that we interact with the outer layer of the container operations, container layers called "mirror structure" under.
docker Reviews
Mirror understood container
- Analogy Java program, mirroring -Java class, container -Java class object, Docker-JDK (cross-platform)
- About Logo, the sea (homed host) whale (docker) carrying a lot of containers (containers run s)
- Container can be seen as a running stripped-down version of the Linux environment (file system, root user privileges others have)
Experience
- docker --help xxx look official explanation, we can solve many doubts