1. What is a container
He said docker have to say container, so we need to look for the concept of the container.
In fact, the container is a tool that can accommodate other items refers to tools, can be used to store, transport goods; article may be placed in the container, and the container can protect the article.
Common container:
bottle
basket
bowl
container
cabinet
2. Virtualization Technology
Said container must contrast container and virtualization technology, said first virtualization technology.
We realize there are two main virtualization technology
Mode 1 : Host Virtualization
Here is the virtualization of the entire hardware platform, such as VMware , Virtual Box , they are out of the virtual is a complete bare metal, then we can install on the bare metal casual os and software.
Host virtualization is divided into two categories
L type-the I (type 1 virtualization)
L type-II (type 2 virtualization)
Program running in a virtual machine, certainly poor performance than running physical machine, so why run it in a virtual machine?
Multiplexing : such as the need to run two tomcat, allowed to work in a virtual machine, it can achieve 8080 sockets do not conflict
Isolation : A process to do anything in a virtual machine, is no effect on the other virtual machines and physical machines in the process of process
So that is how we achieve isolation, without affecting performance?
After running up a host, into kernel space and user space, it is user-space process running in user space.
By default, all user processes are in the same space of the user, so this time we want to isolate multiple processes operating environment, you can create multiple user space, space and more users are isolated from each other
Here a user a separate space for what we call the linux container .
Use containers, the purpose is to create an isolated environment isolated environment in this environment, it should include at least the following several levels of isolation
UTS : host and domain name
Mount: working directory, also known as installation tree
IPC : ipc is necessary to isolate, if not isolation IPC , then multiple processes can communicate with each other, then there is no isolated
PID : isolation PID is a must
user and Group : in the container should have a separate user, for example, should have a root , but the root is certainly not true root , because if it is true root user, then you have permission to delete the contents of the other container.
Network : Network isolation is the most important, because a container as a single unit of work, then you need a network card, the interface for each container tcp / IP protocol stack.
Here is a concept that is Namespaces (namespace)
linux kernel former gifted supports 6 model name space in the building when the container is from 6 names extracted space forms part of a container.
All kinds of name space and kernel version supported
From here you can see, if you want to make better use of container technology, centos6 not appropriate.
3.LXC
The so-called LXC , in fact, Linux Container , which is a realization of the solution container technology template-based approach, in LXC includes a set of tools
the Create-LXC : quickly create command vessel
4. What is the Docker
In fact, docker is lxc second package release, he is lxc as the vessel engine, simultaneously mirroring technology, will file a type of operation needed to extract container installed, and labeled as a package
When creating a container, simply copy the package N copies and start the container, so good, very fast.
When a docker when the container is created, in fact, is to use lxc create to create a container.
docker dramatically reduces the difficulty of using containers
Used to store the mirrored server, which we call docker warehouse , we have almost all of the container can think of in this warehouse
docker使用了一种更为精巧的设计,那就是每个容器中仅仅运行一个进程。
比如在一个容器中仅仅运行nginx,如果要用apache,就需要下载另一个容器了,此时的nginx和apache就可会通过容器间的通信逻辑进行通信。
这里让每个进程运行在一个独立的容器中,而且我们也知道容器是一个隔离的环境,那么这样一来,一个进程出现了问题,对于其他的进程是不会受到影响的。
使用docker另个一好处:真正的实现的一次编写,到处运行了
现在我们的生成环境中,都是多版本并行的,如同时用着centos5 6 7,同时还用着windows、ubuntu等系统,如果这个时候要开发一个程序在所有的平台都能运行,这个时候往往是需要有好几个团队分别开发面向不同系统的版本。
而有了docker以后,就只需要开发一个版本,并将这个软件做到一个docker镜像中,这样只需要将这个镜像放到任意的平台上,只要这个平台有docker,那么就可以运行这个镜像,同时这个程序也就可以开始运行了,所以,软件开发的难度大大降低了。
再来说docker镜像的构建方式
docker镜像的构建方式是很特殊的,称之为:分层构建、联合挂载
以构建nginx镜像为例解释一下
先做一个最底层、纯净的系统,比如最小化的centos6系统
在这个centos系统的基础上安装一个nginx就构成了镜像
注意,构建的镜像只包含nginx本身,而不包含centos操作系统内容
这个镜像就包含了两层,这两层共同构成了运行在了linux上的centos
当启动容器的时候,需要将这两层都挂载上去就可以用了,这就是分层构建、联合挂载,
如果需要启动多个镜像,其中有nginx、tomcat、apache等,如都是基于centos的,所以在下载的时候,只需要下载一个centos,再分别下载需要层就可以了。
为何能实现多个上层应用公用底层系统?
是因为底层的centos和tomcat都是只读的。
当用户在所创建的容器中执行写操作的时候,底层是只读无法修改
所以,这个时候就会底层的资源复制一份上来,然后在复制的这层中进行修改,这种机制称之为:写时复制。
关于容器编排工具
比如我们有100个主机可以运行docker,当需要启动容器的时候,只需要编排工具发送指令,这个编排工具根据算法从后端的这几种找一个来启动docker
再比如,我们要运行amp的环境,这里三个程序就是三个容器,这三个容器的启动顺序是有关系的,所以就需要设置启动的顺序,这样编排工具还需要可以根据顺序依次启动。
编排有很多:
第一个:docker自己的编排工具:这里其实是三个工具的组合,machine+swarm+compose
第二个:ASF的,meos+marathon
第三个:google的,kubbernets,简称k8s,这是因为k和s间有8个字母
5.对比kvm虚拟化
kvm:基于硬件虚拟化技术,是需要cpu支持的,是虚拟出来一个虚拟机,虚拟机管理器是需要占用额外的系统资源的,也就是即使不跑任何虚拟机,都需要占用6%左右的系统资源
docker:基于内核虚拟化技术,没有虚拟任何东西,但是是通过隔离技术实现的,所以不会对系统带来额外的开销。
6.对比openstack虚拟化
真正的docker是不应该当做虚拟机用的(虽然可以)
7.docker架构
整个架构分为了三个部分
l 1:客户端:cient
l 2:服务器端:docker_hosts
l 3:仓库端:registery
l 各个部分之间通信是基于http或者https进行通信的
docker_host部分
服务器端就是靠运行docker daemon来运行在守护进程模式的下的,此时的docker就会监听在一个套接字之上了,而且docker是支持三种套接字的
l ipv4套接字
l ipv6套接字
l unix socket套接字:也就是监听在一个本地文件上。
docker仓库
首先docker的registery中提供了docker镜像的存储功能,而且还提供了用户登录下载镜像时候的认证功能。
另外docker的registery中,还包括repository,一个repository就是一个目录,在一个目录中只存储一个应该程序的镜像,比如要创建的nginx的镜像,那么就创建一个目录,这个目录名就是nginx,所有的nginx的镜像都是放在同一个目录下。
因为现在有多个镜像,那么如果想唯一的标识一个镜像,就需要借助于 tag(标签),比如第一个1.9 1.11 1.23,这样通过repo名称和标签名的组合,就可以唯一的标识一个镜像。
docker官方提供有docker仓库,但是其实也有第三方提供的,而且也可以自己做docker仓库。
5.docker的应用场景
1.简化配置
工作中的环境有生产环境、测试环境、开发环境测试环境又分为功能测试、性能测试;生产环境又分为预生产环境和生成环境。
So many environments, different environment, the configuration is different, if configured differently, then it may lead to a failure on the line, using a docker can simplify the configuration and do a mirror, the use of this image can be deployed on the line.
2. Code pipeline management
Developers after development is complete, the code is passed to the server, and then got me testers can test the code from the server, after testing is completed, begin publishing the first is gray publish, and then publish is down to business.
3. development efficiency
After the entry of new staffing a variety of environments, this process is often more troublesome, then here, we can use docker be a container easy to achieve.
4. The application isolation
Between applications are isolated from each other.
5. Server Consolidation
That is a server can run multiple instances of the container
6. debugging capabilities
Handling bug capability
7. Multi-Tenant
8. rapid deployment
docker is second-class, extremely fast launch speed.
Such as said before, the Spring Festival rush micro letter envelopes, using a docker , said to be a start s 1000 Ge docker program.
Medium and large companies choose reason docker's
l technical reserves
l keep pace, enhance their technology
l breaks the current traffic demands and
(Now generally it is second, there are not the first and third)