Second, the basic concept
Docker includes three basic concepts
- Mirror
Image
( ) - Container
Container
( ) - Warehouse
Repository
( )
Understand these three concepts, we understand the Docker's entire life cycle.
Docker Mirror
We all know that the operating system is divided into kernel and user space. For Linux, the kernel starts, it will mount the root
file system to provide user-space support. The Docker image (Image), the equivalent of a root
file system. For example, the official image ubuntu:18.04
contains a complete set of Ubuntu 18.04 minimum system root
file system.
Docker image is a special file system, in addition to providing the desired containers run programs, libraries, resources, and other configuration files, further comprising a number of configuration parameters for the preparation of runtime (e.g. anonymous volume, environment variables, user, etc. ). Image does not contain any dynamic data, its contents will not be changed after the construct.
Tiered Storage
Because the operating system image contains the complete root
file system, the volume is often large, so Docker design, take full advantage of Union FS technology, it is designed as a tiered storage architecture. So, strictly speaking, the mirror is not as packed as an ISO file, a virtual image is just concept, not its practical expression composed of one file, but by a set of file system components, or that joint multi-layer file system composition.
When constructing the mirror, will build a layer, the previous layer is the basis of the latter layer. Each layer you've built will not change, any change in the level occurs only in his own this layer. For example, one file before delete operation, the actual not really delete the previous layer files, but only deleted in the current layer mark for the file. When the final container to run, though not seen this document, but in fact the file will always follow the mirror. Therefore, when building the image, you need to be extra careful, try each layer of the layer containing only thing you need to add any extra things to be cleared away before the end of the layer build.
Further characterized in that the tiered storage mirror multiplexing, the customized becomes easier. Even before you can build a good image as a base layer, and then further adding a new layer to customize the content they need to build a new image.
About Mirror building will be further explained in the following relevant chapters.
Docker container
Mirror ( Image
) and container ( Container
relations), like object-oriented programming design 类
and 实例
the same image is a static definition of container is a runtime entity mirror. Container can be created, start, stop, delete, pause.
The process is the essence of container, but in a different process and direct the implementation of the host, container process running on their own separate namespace . Therefore, the container can have its own root
file system, your network configuration, its own process space, or even their own user ID space. Process in the container is run in an isolated environment, use up, as though it were operating under a system independent of the host. This feature allows direct application of the packaged safer operation than in the host. Because of this isolation characteristics, many people often confuse virtual machine container and beginners Docker.
Recall mirroring is tiered storage container as well. Each container is running, is a mirror for the base layer, create a storage container at its current level, we can call this run for the container storage layer to read and write and prepare for the container storage layer.
Lifetime of the storage layer and the container as the container, the container die, the container also will die of the memory layer. Therefore, any container stored in the storage layer information will be deleted with the container lost.
Docker best practices as required, the container should not write any data to which the storage layer, the storage layer to keep the container free of state. All file write operations should use data volume (Volume) , or binding directory host, reading and writing these locations will skip container storage layer to read and write to the host (or network storage) occurs directly, and its performance higher stability.
Lifetime data volume is independent of the container, which die, the data volume will not die. Therefore, the use of data volumes, after the container delete or re-run, but the data will not be lost.
Docker Registry
After the image is built, you can easily run on the current host, but if you need to use this image on another server, we need a centralized storage, distribution mirroring service, Docker Registry is one such service.
It may comprise a plurality of Docker Registry repository ( Repository
); each warehouse may comprise a plurality of tags ( Tag
); each tag corresponds to a mirror.
Typically, a warehouse will contain different versions of the same software image, and label it to be commonly used in various versions of the software. We can <仓库名>:<标签>
format to specify which version of the software specifically a mirror. If the tag is not given, it will be latest
used as the default label.
To Ubuntu mirror , for example, ubuntu
it is the name of the warehouse, which contains different versions within a label, such as, 16.04
, 18.04
. We can ubuntu:16.04
, or ubuntu:18.04
which version of the image to specify desired. If you ignore the label, for example ubuntu
, it will be considered ubuntu:latest
.
Warehouse were often two-stage path appears in the form of, for example jwilder/nginx-proxy
, the former often means that the user name of Docker Registry under a multi-user environment, the latter is often the name of the corresponding software. But this is not absolute, depending on the specific use of Registry Docker software or services.
Docker Registry public service
Docker Registry public service is open to users, allows users to manage mirrored Registry service. Such general public free service allows users to upload, download public image, and may provide fee-based services for users to manage private image.
The most commonly used Registry is the official public service Docker Hub , which is the default Registry, and has a large number of high-quality official images. In addition, there CoreOS of Quay.io , CoreOS related image stored here; Google's Google Container Registry , Kubernetes mirrored this service is used.
For some reason, in the country access to these services may be slow. Some domestic cloud service providers to provide a mirror for Docker Hub services of ( Registry Mirror
), these images are called accelerator service. Common are Ali cloud accelerators , DaoCloud accelerator and so on. Download Accelerator will use the image directly from Docker Hub home address, than from Docker Hub direct download speeds will increase a lot. In the mounted Docker detailed configuration section.
There are also a number of cloud service providers of public services like Docker Hub. Such as speed of clouds mirrored warehouse , Netease cloud mirror service , DaoCloud mirror market , Ali cloud image library and so on.
Private Docker Registry
In addition to using public services, users can also set up private Docker Registry locally. Docker provides official Docker Registry mirror can be used directly as a private Registry service. In private warehouse section, there will be further set up to explain the private Registry services.
Open source Docker Registry mirroring provides only Docker Registry API server implementation, sufficient to support docker
command, it does not affect use. But it does not include a graphical interface, as well as mirroring maintenance, user management, access control and other advanced features. In the official commercial version Docker Trusted Registry , provided these advanced features.
In addition to the official Docker Registry, as well as third-party software to achieve the Docker Registry API, user interface and even provides some advanced features. For example, Harbor and Sonatype Nexus .