Docker (1) - Overview

Docker Overview

Docker is one for the development, delivery and open platform for running applications. Docker enables you to separate applications and infrastructure that can quickly deliver software. With Docker, you can manage applications with the same approach to managing infrastructure. By using the method to quickly deliver Docker, testing and deployment of code, you can greatly reduce the delay between writing code and running in a production environment code.

Docker platform

Providing loose Docker isolated environment (referred to as a container) to package and run the application functionality. Isolation and security so that you can run multiple containers simultaneously on a given host. Container is lightweight, because they do not need the extra load hypervisor, but run directly in the kernel host. This means that compared to using a virtual machine, you can run more containers on a given hardware combinations. You can even run Docker containers is actually a virtual machine host!

Docker provides tools and platforms to manage the life cycle of container:

• Use container to develop the application and its supporting components.
• Container distribution and become a unit test application.
• When ready, the application can be deployed to the production environment as a container or coordination services. Whether your production environment is the local data center, hybrid cloud provider, or both, it works all the same.

Docker engine

Docker Engine is has the following main components of a client - server applications:

• The server is running a long-term program, called daemon process (  dockerdcommand).

• REST API, which specifies the program can be used to communicate with and instruct the interface daemon operation thereof.

• Command Line Interface (CLI) client ( dockercommand).

CLI use Docker REST API to control Docker daemon via script or CLI command or directly interact with Docker daemon. Docker many other applications use the underlying API and CLI.

Docker daemon create and manage  objects , such as images, the container, and the network volume.

Note : Docker licensed open source Apache 2.0 license.

For more detailed information, please see the following Docker Architecture .

I can Docker what for?

Quickly and consistently deliver your application

Docker allows developers to use to provide your applications and services of local container work in a standardized environment, thus simplifying the development life cycle. Container is ideal for continuous integration and continuous delivery (CI / CD) workflow.

Consider the following example scenario:

• Your local developers to write code, and use the Docker containers to share their work with colleagues.
• They use Docker their applications pushed to a test environment, and perform automatic and manual testing.
• When developers errors are found, they can be repaired in the development environment, and then re-deployed to the test environment for testing and verification.
• After the test is completed, the patch will be pushed to a production environment like the updated image pushed to the production environment as simple.

In response to expansion and deployment

Docker-based platform to allow the container workload highly portable. Docker containers can be, the data center physical or virtual machine, on a cloud provider or mixed environments running on the local laptop developers.

Portability and lightweight properties Docker also allows you to easily manage dynamic workloads, and indicate real-time extension or removal of applications and services based on business needs.

Run more workloads on the same hardware

Docker lightweight and fast. It provides a viable, cost-effective alternative to a virtual machine hypervisor-based virtual machine, so you can use more computing power to achieve business goals. Docker is ideal for high-density environments as well as small to medium deployments, and you need to use fewer resources to do more things.

Docker architecture

Docker using a client - server architecture. Docker  client and Docker  daemon dialogue, the daemon complete the construction, operation and distribution Docker containers heavy work. Docker client and the daemon can  run on the same system can also be connected to a remote Docker Docker client daemon. Docker client and Daemon REST API used to communicate on a UNIX socket or a network interface.

Docker daemon

Docker daemon ( dockerd) listens for requests and manage Docker Docker the API objects, such as images, the container, and the network volume. Daemon can also communicate with other daemon to manage Docker services.

Docker client

Docker client ( docker) is the main way many Docker Docker interaction with the user. When you use a command such as likedocker run , the client will be sent to these commands dockerdto execute these commands . The dockercommand uses Docker API. Docker client can communicate with a plurality of daemon program.

Docker registry

Docker 注册表存储Docker映像。Docker Hub是任何人都可以使用的公共注册表，并且默认情况下，Docker已配置为在Docker Hub上查找映像。您甚至可以运行自己的私人注册表。如果使用Docker数据中心（DDC），则其中包括Docker可信注册表（DTR）。

使用docker pull或docker run命令时，所需的图像将从配置的注册表中提取。使用该docker push命令时，会将映像推送到配置的注册表。

Docker对象

使用Docker时，您正在创建和使用映像，容器，网络，卷，插件和其他对象。本节是其中一些对象的简要概述。

镜像

一个镜像是一个只读用于创建一个Docker 容器的指令模板。通常，一个映像基于另一个映像，并进行一些其他自定义。例如，您可以基于该ubuntu 映像构建映像，但是安装Apache Web服务器和您的应用程序，以及运行该应用程序所需的配置详细信息。

您可以创建自己的镜像，也可以仅使用其他人创建并在注册表中发布的镜像。要构建自己的映像，您可以 使用简单的语法创建一个Dockerfile，以定义创建映像并运行它所需的步骤。Dockerfile中的每个指令都会在映像中创建一个层。当您更改Dockerfile并重建映像时，仅重建那些已更改的层。与其他虚拟化技术相比，这是使映像如此轻巧，小型和快速的部分原因。

容器

容器是镜像的可运行实例。您可以使用Docker API或CLI创建，启动，停止，移动或删除容器。您可以将容器连接到一个或多个网络，将存储连接到它，甚至根据其当前状态创建新映像。

默认情况下，容器与其他容器及其主机之间的隔离程度相对较高。您可以控制容器的网络，存储或其他基础子系统与其他容器或与主机的隔离程度。

容器由其映像以及在创建或启动时为其提供的任何配置选项定义。删除容器后，未存储在持久性存储中的状态更改将消失。

示例docker run命令

以下命令运行一个centos容器，以交互方式附加到本地命令行会话，然后运行/bin/bash。

$ docker run -i -t centos /bin/bash

当您运行此命令时，会发生以下情况（假设您使用的是默认注册表配置）：

1. 如果您在centos本地没有该映像，则Docker将从您配置的注册表中提取该映像，就好像您已docker pull centos手动运行该映像一样。

2. Docker会创建一个新容器，就像您已docker container create 手动运行命令一样。

3. Docker将一个读写文件系统分配给容器，作为其最后一层。这允许运行中的容器在其本地文件系统中创建或修改文件和目录。

4. Docker创建了一个网络接口以将容器连接到默认网络，因为您未指定任何网络选项。这包括为容器分配IP地址。默认情况下，容器可以使用主机的网络连接连接到外部网络。

5. Docker启动容器并执行/bin/bash。由于容器是交互式运行的，并且已附加到您的终端（由于-i和-t 标志），因此您可以在输出记录到终端时使用键盘提供输入。

6. 当您键入exit以终止/bin/bash命令时，容器将停止但不会被删除。您可以重新启动或删除它。

服务

服务允许您跨多个Docker守护进程扩展容器，所有这些守护进程都与多个管理者和工作人员一起工作。swarm的每个成员都是docker守护进程，所有守护进程都使用docker api进行通信。服务允许您定义所需的状态，例如在任何给定时间必须可用的服务副本的数量。默认情况下，该服务在所有工作节点之间是负载平衡的。对于消费者而言，Docker服务似乎是一个单独的应用程序。Docker Engine在Docker 1.12及更高版本中支持集群模式。

底层技术

Docker用Go编写，并利用Linux内核的多个功能来交付其功能。

命名空间

Docker使用一种称为namespaces提供容器的隔离工作区的技术。运行容器时，Docker会为该容器创建一组 命名空间。

这些名称空间提供了一层隔离。容器的每个方面都在单独的名称空间中运行，并且对其的访问仅限于该名称空间。

Docker Engine在Linux上使用以下名称空间：

• pid命名空间：进程隔离（PID：进程ID）。
• net命名空间：管理网络接口（NET：网络）。
• ipc命名空间：管理访问IPC资源（IPC：进程间通信）。
• mnt命名空间：管理文件系统挂载点（mnt:mount）。
• utsNamespace: isolation and kernel version identifier. (Uts: unix time-sharing system).

The control group

Docker engine on Linux also depends on the other is called the control group  ( cgroupstechnology). cgroup application is limited to a specific set of resources. Docker Engine control group allows the shared hardware resources available to the vessel, and selectively restrictions and constraints. For example, you can restrict a particular container available memory.

Joint File System

United UnionFS file system or file system operates by creating a layer, making it very lightweight and fast. Docker Engine UnionFS provided for the container using the building blocks. UnionFS Docker Engine can use multiple variants, including AUFS, btrfs, vfs and DeviceMapper.

Container format

Docker Engine namespace, combined into a control group and a called UnionFS packaging container format. The default container format libcontainer. In the future, Docker likely to support other container formats through integration with BSD Jails or Solaris Zones technology.

Source official website: https://docs.docker.com/engine/docker-overview/