`

Docker Overview

 
阅读更多

原创转载请注明出处:http://agilestyle.iteye.com/blog/2354828

 

Docker的目标

  • 提供简单轻量的建模方式
  • 职责的逻辑分离
  • 快速高效的开发生命周期
  • 鼓励使用面向服务的架构

Docker的使用场景

  • 使用Docker容器开发、测试、部署服务
  • 创建隔离的运行环境
  • 搭建测试环境
  • 构建多用户的平台即服务(PaaS)基础设施
  • 提供软件即服务(SaaS)应用程序
  • 高性能、超大规模的宿主机部署

Docker基本组成

Docker Client客户端

The Docker client, in the form of the docker binary, is the primary user interface to Docker. It accepts commands and configuration flags from the user and communicates with a Docker daemon. One client can even communicate with multiple unrelated daemons.

 

Docker Daemon守护进程

The Docker daemon runs on a host machine. The user uses the Docker client to interact with the daemon.

  • C/S架构
  • 本地/远程

 

Docker Image镜像

A Docker image is a read-only template with instructions for creating a Docker container. For example, an image might contain an Ubuntu operating system with Apache web server and your web application installed. You can build or update images from scratch or download and use images created by others. An image may be based on, or may extend, one or more other images. A docker image is described in text file called a Dockerfile, which has a simple, well-defined syntax. 

  • 容器的基石
  • 层叠的只读文件系统
  • 联合加载(union mount)

 

Docker Container容器

A Docker container is a runnable instance of a Docker image. You can run, start, stop, move, or delete a container using Docker API or CLI commands. When you run a container, you can provide configuration metadata such as networking information or environment variables. Each container is an isolated and secure application platform, but can be given access to resources running in a different host or container, as well as persistent storage or databases.

  • 通过镜像启动
  • 启动和执行阶段
  • 写时复制(copy on write)


 

Docker Registry仓库

A docker registry is a library of images. A registry can be public or private, and can be on the same server as the Docker daemon or Docker client, or on a totally separate server.

  • 公有
  • 私有
  • Docker Hub

Docker’s architecture

Docker uses a client-server architecture. The Docker client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers. The Docker client and daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon. The Docker client and daemon communicate using a REST API, over UNIX sockets or a network interface.


Note:

通过Docker Client来访问Docker Daemon,从而操作Docker Container,而Docker Container是通过Docker Image来创建的,而Docker Image又保存在Docker Registry中 

 

Docker Underlying Technology

Namespaces —— 系统资源的隔离

Docker uses a technology called namespaces to provide the isolated workspace called the container. When you run a container, Docker creates a set of namespaces for that container.

 

These namespaces provide a layer of isolation. Each aspect of a container runs in a separate namespace and its access is limited to that namespace.

 

Docker Engine uses namespaces such as the following on Linux:

  • The pid namespace: Process isolation (PID: Process ID). —— 进程隔离
  • The net namespace: Managing network interfaces (NET: Networking). —— 管理网络接口
  • The ipc namespace: Managing access to IPC resources (IPC: InterProcess Communication). —— 管理跨进程通信的访问
  • The mnt namespace: Managing filesystem mount points (MNT: Mount). —— 管理挂载点
  • The uts namespace: Isolating kernel and version identifiers. (UTS: Unix Timesharing System). —— 隔离内核和版本标识

Control groups —— 用来分配资源,来源于Google

Docker Engine on Linux also relies on another technology called control groups (cgroups). A cgroup limits an application to a specific set of resources. Control groups allow Docker Engine to share available hardware resources to containers and optionally enforce limits and constraints. For example, you can limit the memory available to a specific container.

  • 资源限制
  • 优先级设定
  • 资源计量
  • 资源控制

Union file systems

Union file systems, or UnionFS, are file systems that operate by creating layers, making them very lightweight and fast. Docker Engine uses UnionFS to provide the building blocks for containers. Docker Engine can use multiple UnionFS variants, including AUFS, btrfs, vfs, and DeviceMapper.

 

Container format

Docker Engine combines the namespaces, control groups, and UnionFS into a wrapper called a container format. The default container format is libcontainer. In the future, Docker may support other container formats by integrating with technologies such as BSD Jails or Solaris Zones.

 

Docker容器的能力

  • 文件系统的隔离:每个容器都有自己的root文件系统
  • 进程隔离:每个容器都运行在自己的进程环境中
  • 网络隔离:容器间的虚拟网络接口和IP地址都是分开的
  • 资管隔离和分组:使用cgroups将CPU和内存之类的资源独立分配给每个Docker容器

 

Reference

https://docs.docker.com/engine/understanding-docker/

  • 大小: 58.5 KB
  • 大小: 37.9 KB
  • 大小: 34.1 KB
  • 大小: 32.8 KB
分享到:
评论

相关推荐

    83程序员练级攻略(2018):容器化和自动化运维1

    Docker 的官方介绍 Docker Overview 是学习 Docker 的一个不错的起点,然后可以通过 Katacoda Docker Playground 或 Play With Docker 体验 Docker 的使用。 Learn Docker 教程可以指导我们安装和实践 Docker环境,...

    Docker.Orchestration.epub

    This book gives an overview of core tools such as Docker Machine, Swarm, and Compose which will enhance your orchestration skills. You'll learn how to set up a swarm using the decentralized building ...

    docker tutorial

    1. DOCKER ─ OVERVIEW 2. DOCKER – INSTALLING DOCKER ON LINUX Docker Version Docker Info Docker for Windows Docker ToolBox 3. DOCKER ─ INSTALLATION Docker for Windows Docker ToolBox Working ...

    UWB项目Docker部署1

    /overview。 六、进程管理 在 UWB 项目 Docker 部署过程中,需要停止项目工程对应的服务,查看项目下的工程构建 Docker 工程,查看 docker 容器运行状况,查看系统中被 kill 的进程。使用 egrep -i -r 'killed ...

    Learning Docker - Second Edition

    The other important topics covered in this chapter include a quick overview of a Dockerfile's syntax and a bit of theoretical information on how Docker stores images. Chapter 4, Publishing Images, ...

    Docker and Immutable Infrastructure

    1.Overview of Docker the company and growth 2.Overview of Docker the latest stuff (DCUS announcements) & CaaS; 3.Overview of Immutable infrastructure and Microservices; 4.Docker and Immutable ...

    Docker-Swarm集群-Portainer使用总结

    点击Docker Toolbox overview进行下载。 安装完成后,如果你之前安装过git,那么打开Docker Quickstart Terminal可能会报错“bush无法找到”,你需要点击Docker Quickstart Terminal右键属性,手动改成你Git目

    CIS Docker Benchmark v1.5.0 PDF 2022

    文档的“Overview”部分介绍了基准的总体目标,它强调了Docker容器在现代软件开发和部署中的关键作用,同时也指出由于其轻量级和快速部署的特性,容器可能成为攻击者的目标。因此,遵循CIS Docker Benchmark的指导...

    docker-environment

    Mac:根据您的PC链接安装docker toolbox或docker descktop: ://docs.docker.com/toolbox/overview/并重新启动pc 2-启动容器窗口:从桌面图标linux / mac打开docker终端:打开终端日常工作Open terminalcd ~/docker-...

    docker-templates:unraid的docker模板

    码头工人模板突袭的docker模板鲁恩服务器: : 下一DNS: ://nextdns.ioAdGuardHome: ://adguard.com/en/adguard-home/overview.html

    docker-monitor-mysql:Docker容器来保存MySQL应用程序

    #Overview该项目创建了一个包含的Docker容器。 它为应用程序提供了一种方便的分发机制,旨在与组成应用程序监视模拟的其他Docker容器一起使用。 #先决条件 已安装并正常工作 已安装并正常工作 #Building执行./...

    overview-frame.rar_overview

    随着云计算的发展,Docker和Kubernetes等容器化技术也与Java紧密关联,它们为Java应用提供了更高效的部署和管理方式。 最后,Java的安全性也是其重要特性之一,通过权限控制、加密算法以及安全管理器,Java能够在...

    Linux 应用服务上的 Python 基础映像.zip

    Python base image on Linux App Service Docker image for Python overview This Python Docker image is built for Azure Web App on Linux. Ingredients This Docker image contains the following components ...

    16.16 - Overview.mp4

    Docker技术入门与实战

    31.31 - Overview.mp4

    Docker技术入门与实战

    46.46 - Overview.mp4

    Docker技术入门与实战

    25.25 - Overview.mp4

    Docker技术入门与实战

    38.38 - Overview.mp4

    Docker技术入门与实战

Global site tag (gtag.js) - Google Analytics