02-Docker认识与原理

02-Docker认识与原理

Docker Version: 19.03.5

😄 Written by Zak Zhu

目录

• 02-Docker认识与原理
  • 参考
  • Docker认识
    • Docker特性
    • Docker对比VM
    • Docker社区版本
  • Docker原理
    • Docker engine
    • Docker architecture
    • Underlying technology

参考

• Breeze老师的docker培训
• 马哥docker视频
• C语言中文网/Docker简介以及Docker历史(http://c.biancheng.net/view/3118.html)
• 可能是把Docker的概念讲的最清楚的一篇文章(http://dockone.io/article/6051)
• About Docker CE (https://beta.docs.docker.com/install/)
• Docker overview (https://docs.docker.com/engine/docker-overview/)
• Orientation and setup (https://docs.docker.com/engine/docker-overview/)
• Roderick Bauer/What's the Diff: VMs vs Containers (https://www.backblaze.com/blog/vm-vs-containers/)
• Draveness/Docker核心技术与实现(https://draveness.me/docker)

Docker认识

Docker is a platform for developers and sysadmins to build, share, and run applications with containers. The use of containers to deploy applications is called containerization. Containers are not new, but their use for easily deploying applications is.

Docker特性

• 标准化
  • 保证一直的运行环境
  • 弹性伸缩, 快速扩容
  • 方便迁移
  • 持续集成, 持续交付与持续部署
• 高性能
  • 不需要进行硬件虚拟化及运行完整的操作系统
• 轻量级
  • 快速启动
• 隔离性
  • 进程隔离

Docker对比VM

CONTAINER	VM
Lightweight	Heavyweight
Native performance	Limited performance
All containers share the host OS	Each VM runs in its own OS
OS virtualization	Hardware-level virtualization
Startup time in seconds	Startup time in minutes
Requires less memory space	Allocates required memory
Process-level isolation, possibly less secure	Fully isolated and hence more secure

Docker社区版本

Stable release of Docker Community Edition:

docker-ce-YY.mm.<patch>

---

Docker原理

Docker engine

Docker Engine is a client-server application with these major components:

• A server which is a type of long-running program called a daemon process (the dockerd command).
• A REST API which specifies interfaces that programs can use to talk to the daemon and instruct it what to do.
• A command line interface (CLI) client (the docker command).

The CLI uses the Docker REST API to control or interact with the Docker daemon through scripting or direct CLI commands. Many other Docker applications use the underlying API and CLI.

The daemon creates and manages Docker objects, such as images, containers, networks, and volumes.

---

Docker architecture

Docker uses a client-server architecture. The Docker client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers. The Docker client and daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon. The Docker client and daemon communicate using a REST API, over UNIX sockets or a network interface.

• docker daemon

  The Docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes.

• docker client

  The Docker client (docker) is the primary way that many Docker users interact with Docker. The docker command uses the Docker API. The Docker client can communicate with more than one daemon.

• docker registry

  A Docker registry stores Docker images. Docker Hub is a public registry that anyone can use, and Docker is configured to look for images on Docker Hub by default. You can even run your own private registry.

• docker objects

  When you use Docker, you are creating and using images, containers, networks, volumes, plugins, and other objects.

  • images

    An image is a read-only template with instructions for creating a Docker container. Often, an image is based on another image, with some additional customization.

  • containers

    A container is a runnable instance of an image.

    A container is defined by its image as well as any configuration options you provide to it when you create or start it. When a container is removed, any changes to its state that are not stored in persistent storage disappear.

---

Underlying technology

Docker is written in Go and takes advantage of several features of the Linux kernel to deliver its functionality.

1. Namespaces

   Docker uses a technology called namespaces to provide the isolated workspace called the container. When you run a container, Docker creates a set of namespaces for that container.

   NAMESPACES	ISOLATES
   IPC	System V IPC, POSIX message queses
   Network	Network devices, stacks, ports, etc.
   Mount	Mount points
   PID	Process IDs
   User	User and group IDs
   UTS	Hostname and NIS domain name

2. Control groups

   Docker Engine on Linux also relies on another technology called control groups. A cgroup limits an application to a specific set of resources. Control groups allow Docker Engine to share available hardware resources to containers and optionally enforce limits and constraints.

3. Union file systems

   Union file systems, or UnionFS, are file systems that operate by creating layers, making them very lightweight and fast. Docker Engine uses UnionFS to provide the building blocks for containers.

4. Container format

   Docker Engine combines the namespaces, control groups, and UnionFS into a wrapper called a container format. The default container format is libcontainer.