Docker's three core components: mirrors, containers and warehouses

镜像(Image), 容器(Container), 仓库(Repository)We often say that Dockerthe three components, in fact, we are in the article "10 minutes to quickly master the necessary basics Docker" has been simply to find out about the knowledge of the three components, but did not explain in great detail, so in this article, we'll explore some detail in it together.

Image (Image)

What is Dockera mirror?

Simply understood, Docker镜像it is a Linuxfile system ( Root FileSystem), which contains the file system can run Linux内核programs and corresponding data.

At this point, we may need to add that with the Linuxknowledge of the associated operating system:

In general, Linuxdivided into two parts: Linux内核(Linux Kernel)with 用户空间, but the real Linux操作系统means Linux内核, we used Ubuntu, Centosand other operating systems are in fact different manufacturers Linux内核add their own software and tools on the basis of ( tools) release version of the form ( Linux Distribution).

Therefore, we can also be seen as mirroring the above mentioned 用户空间, when Dockeryou create a container through a mirror, the mirror is defined 用户空间as an independent isolate processes running in the host machine Linux内核on.

Here we must emphasize two features mirror:

1. Layered mirror ( Layer) is: i.e., a plurality of intermediate layers can be image, a plurality of mirrors can share the same intermediate layer, we can also add an extra layer to generate a new image in the mirror.

2. Mirroring is read-only ( read-only): After mirroring built, they can no longer modify, and add a layer of the above we are talking about building a new image, which is actually the middle of containers by creating a temporary increase or on the container delete files, to form a new image, because the container can be changed dynamically.

By following diagram, I can better understand Docker镜像the Linuxrelationship:

Mirror operations command

DockerMirroring operation associated with the command in docker imagethe command this sliver by docker image --helpthis command, see docker imagedetailed documentation subcommands, as follows:

Usage:  docker image COMMAND

Manage images

Commands:
  build       Build an image from a Dockerfile(构建镜像的命令)
  history     Show the history of an image(显示镜像构建历史过程)
  import      Import the contents from a tarball to create a filesystem image(导入一个由容器导出的镜像)
  inspect     Display detailed information on one or more images(显示一个镜像的详细信息)
  load        Load an image from a tar archive or STDIN(从一个文件或标准输入流中导入镜像)
  ls          List images(查看镜像列表)
  prune       Remove unused images(删除虚悬镜像)
  pull        Pull an image or a repository from a registry(从仓库拉取镜像)
  push        Push an image or a repository to a registry(推送镜像到仓库)
  rm          Remove one or more images(删除镜像)
  save        Save one or more images to a tar archive (streamed to STDOUT by default)(保存镜像到文件)
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE(给镜像打标签)
复制代码

Get a mirror

Installed Dockerafter, we do not have any local mirroring, of course, we can build your own, but more convenient or from the Dockerwarehouse service provided by the official Docker Hubpull on official or third parties have built a good image.

Pulling the mirror may be used docker image pullin the following format:

docker image pull [OPTIONS] NAME[:TAG|@DIGEST]
复制代码

Of course, docker image pullthere is more concise usage: such as:

docker pull [OPTIONS] NAME[:TAG|@DIGEST]
复制代码

To pull mirroring, you need to specify Docker Registrythe URL and port number, the default is Docker Hub, also need to specify 仓库名and labels, warehouse name and label uniquely identify a mirror, and the tag is likely to be omitted. If omitted, the default use latestas a label name, and the repository name by the author's name and the name of the software components.

So, after so omitted parameters, such as we would like to pull centosthe mirror, you can use the following simple command from Docker Hubthe pull:

$ docker pull centos
复制代码

Check local mirror

Through the above method we will pull into the local mirror, to see how it is up to local mirroring what does? We can use the following command to view all local mirroring:

$ docker image ls
复制代码

Of course, Dockerit provides a more concise wording as follows:

$ docker images
复制代码

Dangling mirror

We know that Dockermirror the name 仓库名and 标签composition, but sometimes we will see the repository name and label are all <none>mirrored, we call this image is 虚悬镜像, as shown below:

虚悬镜像Generally when we use docker pullthe time to pull in the mirror, the resulting new image, so 仓库名and 标签gave new mirror, mirror the old warehouses and labels were canceled, become 虚悬镜像.

We can use the following statement prints all 虚悬镜像:

$ docker image ls -f dangling=true
复制代码

General dangling mirror has no effect, so you can clean out, the following command can clear all the dangling mirror:

$ docker image prune
复制代码

However, if we want to keep some useful virtual images, you can use the docker tagcommand again to the mirror from a warehouse name and label:

$ docker tag 621d57f27e93 "test:1.0"
复制代码

Export and import image

If you want to share with others a mirror, apart from the mirror service warehouse in pullthe mirror and the mirror pushto go beyond the warehouse, in fact, we can also build a good local mirror directly exported and saved as a file to send to others, as follows:

$ docker image save /tmp/test_image.tar.gz
复制代码

And when you get someone else to export the image file, you can use the docker loadcommand to load the image to the local Dockermirror list, as follows:

$ docker load < /tmp/test_image.tar.gz
复制代码

Delete local mirror

To delete one or more local mirror, you can use the following command:

docker image rm [option] IMAGE1,IMAGE2,...IMAGEn
复制代码

You can also use a more concise way, such as:

docker rmi  [option]  IMAGE1,IMAGE2,...IMAGEn
复制代码

You can use the mirror long id, mirroring short id, summary, and mirror image name to remove the mirror, as follows

$ docker rmi f7302e4ab3a8
复制代码

Usually more common mirror short id, such as:

$ docker rmi f7302
复制代码

Mirroring summary can also remove the mirror, mirror summaries can use the following command to query:

$ docker image ls --digests
复制代码

Of course, we want to clear all local mirror, you can use the following command, but is not generally recommended.

$ docker rmi $(docker images -qa)
复制代码

In addition, generally if the mirror has been used to create a container, use the above command to delete the following error will be reported, it tells us that the image has been used, can not be deleted.

Error response from daemon: conflict: unable to remove repository reference "mysql:5.7" (must force) - container ccd406c07a78 is using its referenced image e1e1680ac726
复制代码

Mirror has been used for the construction of a container, there are two ways to delete, delete the first one is the container, and then remove the mirror, and the other only with a need to remove the mirror in command -fparameters can be, for example:

$ docker rim -f f7302
复制代码

Use docker commit to build the mirror

The example above is directly mirrored the official, in fact, in addition to pulling others to build a good image from a warehouse or other official mirror outside the store, we can also build your own image, in general there are two ways to build.

Use docker committhe command, we can re-submit the modified container as a mirror, such as:

$ docker commit conntaner_id my-hello:1.0
复制代码

Mirroring built this way, we called black box mirror is the same as a black box, others we do not know what changes to make and container operations, it will be questions about its safety.

It is not recommended to use this way of building a mirror, let's introduce a more versatile and convenient way.

Use Dockerfilebuild Mirror

It is recommended to prepare Dockerfileto construct a mirror, Docker Hubmirror on are built this way, the benefits of using this approach is that we do not distribute the image to others, but only to Dockerfileand corresponding data needs to be written mirroring issue others, they can build their own mirror, safe and transparent.

Got to write a simple program

package main
import "fmt"

func main(){
    fmt.Println("Hello Go")
}
复制代码

The Goprogram is compiled into an executable program, such as:

$ go build hello.go
复制代码

Write Dockerfilefile

Let's write a simple Dockerfiledocument, build your first image, as follows:

# 从一个空白的镜像开始
FROM stratch
ADD hello /
# 执行
CMD /hello
复制代码

Start building Mirror

Good writing Dockerfilethe file, use the docker buildcommand building, docker buildthe format command is as follows:

$ docker build [OPTIONS] PATH | URL | -
复制代码

# 注意最后的点(.)表示当前目录，即Dockerfile所在的目录
$ docker build -t "hello-go:1.0" .
复制代码

The above simply demonstrates the use of Dockerfilefile how to build a mirror, on Dockerfile, there are many more in-depth usage, then we talk about organic.

Container (Container)

, Just as for the relationship between object classes and relations programming container mirror.

Because the container is created by mirroring, so you must have a mirror to create the container, the container is generated independent of the host's isolation process, and there is a container belonging to its own network and namespaces.

We introduced earlier, mirrored by a plurality of intermediate layers (Layer) composed of the generated image is read-only, but the container is readable and writable, this is because the container layers are added one reader (writer mirroring above / read layer) implemented, as shown below:

Commands related to the operation of the container

Usage:  docker container COMMAND

Manage containers

Commands:
  attach      Attach local standard input, output, and error streams to a runnin                                                                                             g container
  commit      Create a new image from a container's changes(把容器保存为镜像)
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container(创建一个新的容器)
  diff        Inspect changes to files or directories on a container's filesyste                                                                                             m
  exec        Run a command in a running container(在一个运行的容器中执行命令)
  export      Export a container's filesystem as a tar archive
  inspect     Display detailed information on one or more containers
  kill        Kill one or more running containers(杀死一个或多个正在运行的容器)
  logs        Fetch the logs of a container
  ls          List containers(显示本地容器列表)
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  prune       Remove all stopped containers
  rename      Rename a container(重命名容器)
  restart     Restart one or more containers(重启一个或多个容器)
  rm          Remove one or more containers(删除一个或多个容器)
  run         Run a command in a new container(运行一个新的容器)
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers(停止一个或多个容器)
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  wait        Block until one or more containers stop, then print their exit codes
复制代码

Start container

Starting container in several different ways, the most common method is to use the docker runcommand to create a container through the mirror, such as:

# /bin/bash表示运行容器后要执行的命令
$ docker run -it centos /bin/bash
复制代码

docker runCommand some of the more commonly used parameters, such as the container is a daemon to provide services, it usually requires an open port for external access, such as:

$ docker run -p 80:80 nginx
复制代码

You can also specify a name for the container, such as:

$ docker run -p 80:80 --name webserver nginx
复制代码

Another is to use the docker startcommand to restart the container has stopped running, such as:

# container_id表示容器的id
$ docker start container_id
复制代码

As for the container is running, you can also docker restartrestart command, such as:

# container_id表示容器的id
$ docker restart container_id
复制代码

View a list of local container

After running the container, we can see all the local container with the following command:

$ docker container ls
复制代码

But docker container lsalso concise wording:

$ docker ps
复制代码

The above command execution results are as follows:

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                               NAMES
f4f184f5ffb9        redis:latest        "docker-entrypoint.s…"   6 seconds ago       Up 4 seconds        0.0.0.0:6379->6379/tcp              myredis
f7d970e7d4ce        mysql:5.7           "docker-entrypoint.s…"   7 seconds ago       Up 5 seconds        0.0.0.0:3306->3306/tcp, 33060/tcp   docker-mysql
复制代码

The above command will only display container is running, if you want to display all of the containers, the denunciation of execution, you can add parameters -a, such as:

$ docker ps -a
复制代码

Sometimes, we just want to id found in the container, you can use the following command:

$ docker ps -aq
复制代码

Results of the

f4f184f5ffb9
f7d970e7d4ce
复制代码

Stop the container

Has no need for the container, can docker stopcommand stops its operation, such as:

$ docker stop container_id1，container_id2...
复制代码

Stop bulk containers, such as:

$ docker stop $(docker ps -qa)
复制代码

Three modes of operation of the vessel

In summary, Dockerthe container generally has three operation modes, as follows:

After running exit

The following statement creates the container, after running quits.

$ docker run centos echo "hellowrold"
复制代码

Permanent memory, is the daemon mode

If a daemon running in the container, the container will always be running, such as:

$ docker run -d -p 80:80 nginx
复制代码

Interactive

We can also run in the container, direct interaction with the container.

$ docker run -it centos /bin/bash
复制代码

Delete container

$ docker container rm container_id
复制代码

Delete container commands are also simple wording, as follows:

$ docker rm container_id
复制代码

Like the one above can also stop the container quantities, we can also delete a batch container, such as:

$ docker rm $(docker ps -qa)
复制代码

Into the container

For containers that are running, we can also docker execenter the container again command, such as:

$ docker exec -it f4f184f5ffb9 /bin/bash
复制代码

You need to specify the container id or name, the above command we use id.

Export containers for the mirror

$ docker export -o ./image.tar.gz f4f184f5ffb9
复制代码

After exporting the vessel, we can additionally mounting a DockerPC import the files become mirror package, such as:

$ docker import image.tar.gz
复制代码

Mentioned above is the concept of container and some commonly used commands on the container, you can also set data volumes and network space, which we have the opportunity to talk back.

Warehouse (Repository)

Warehouse ( Repository) is a centralized place to store the image, there is a concept to distinguish between what that warehouse and warehouse server ( Registry) are two different things, as we said above Docker Hub, is Dockera warehouse official server, but in fact, sometimes we do not too we need to distinguish between these two concepts.

Public Warehouses

Generally refers to a public warehouse Docker Hub, how many times we have in front from Docker Hubfetching an image, in addition to obtaining a mirror, we can also build their own image to be stored Docker Hub, so others can use the mirror we build.

But you want to upload to the image Docker Hub, you must first Dockerregister an account on the official website, following registration interface, fill in the necessary information required to be registered, very simple.

Well, after registration, you can log on locally to use the command Dokcer Hub, the process is as follows:

# 在命令行中输入
$ docker login
复制代码

Enter the account password to log in to Docker Hubafter, you can use docker pushthe command to push the mirror Docker Hub.

$ docker push test:1.0
复制代码

Private warehouse

Sometimes their own internal departments to share some of the mirror, the mirror show it to others if they are directly exported too much trouble, like the use of Docker Hubpublic warehouses this is not very convenient, this time we can build their own private warehouses of their own to store and distribution of our mirrors.

DockerThe official provided registrythis image, can be used to build private warehouses, and then we pulled the mirrored locally, use the following command to create a mirror image of the container will be able to build a warehouse service, as follows:

$ docker run -d -p 5000:5000 --restart=always --name registry registry
复制代码

Suppose we put one IP to 192.168.0.100the server as warehouse services, and run the above statement, then we can reconstruct the following statement above the mirror, such as:

$ docker build -t "192.168.0.100/hello-go:1.0" .
复制代码

Then use the following statement to push their own private repository server:

$ docker push 192.168.0.100/hello-word:1.0
复制代码

summary

Mirroring is a static concept, building can no longer be modified after completion, and the container is a dynamic concept, use Dockercan be simply and easily create or delete a container, mirror-image relationship with the container, just as the class with the object oriented programming in the relations, while the warehouse is mirrored storage and distribution areas.

---

Welcome scan code concerned, common learning progress