Understanding the Docker
For several months now I have been using docker to structure the process of developing / delivering web projects. I offer the readers of "Habrakhabr" a translation of the introductory article about docker - "Understanding docker" .
Docker is an open platform for developing, delivering and operating applications. Docker is designed to quickly lay out your applications. With docker, you can separate your application from your infrastructure and treat the infrastructure as a managed application. Docker helps to lay out your code faster, test faster, spread applications faster and reduce the time between writing code and running code. Docker does this with a lightweight container virtualization platform, using processes and utilities that help manage and share your applications.
In its core, docker allows you to run almost any application that is safely isolated in a container. Secure isolation allows you to run multiple containers on the same host at the same time. The lightweight nature of the container, which runs without the additional load of the hypervisor, allows you to get more from your hardware.
Platform and container virtualization tools can be useful in the following cases:
Docker is great for organizing the development cycle. Docker allows developers to use local containers with applications and services. What subsequently allows to integrate with the process of continuous integration and deployment (continuous integration and deployment workflow).
')
For example, your developers write code locally and share their development stack (a set of docker images) with their colleagues. When they are ready, they poison the code and containers to the test site and run any necessary tests. From the test site, they can send code and images to the production.
A docker container based platform makes it easy to port your payload. Docker containers can work on your local machine, both real and virtual in the data center, and in the cloud.
The portability and lightweight nature of the docker makes it easy to dynamically manage your load. You can use docker to deploy or redeem your application or services. The speed docker allows you to do this almost in real time.
Docker is lightweight and fast. It provides a robust, cost-effective alternative to hypervisor-based virtual machines. It is especially useful under high load conditions, for example, when creating your own cloud or platform-as-service. But it is also useful for small and medium applications when you want to get more from the available resources.
Docker consists of two main components:
Note! Docker is distributed under the Apache 2.0 license.
As shown in the diagram, the daemon starts up on the host machine. The user does not interact with the server directly, but uses the client to do this.
Docker-client, docker program - the main interface to Docker. It receives commands from the user and interacts with the docker daemon.
To understand what docker consists of, you need to know about three components:
A docker image is a read-only template. For example, an image may contain Ubuntu OSes with Apache and an application on it. Images are used to create containers. Docker makes it easy to create new images, update existing ones, or you can download images created by other people. Images is a component of the docker build.
Docker-registry stores images. There are public and private registries from which you can download or download images. The public Docker registry is Docker Hub . There is a huge collection of images. As you know, images can be created by you or you can use images created by others. Registries are a component of distribution.
Containers are like directories. Containers contain everything you need for the application to work. Each container is created from an image. Containers can be created, started, stopped, transferred or deleted. Each container is isolated and is a secure platform for the application. Containers are a work component.
For now we know that:
Let's see how these components fit together.
We already know that the image is the read-only template from which the container is created. Each image consists of a set of levels. Docker uses the union file system to combine these levels into one image. The Union file system allows files and directories from different file systems (different branches) to overlap transparently, creating a coherent file system.
One of the reasons why docker is lightweight is the use of such levels. When you change the image, for example, update the application, a new level is created. So, without replacing the entire image or rebuilding it, as you may have to do with the virtual machine, only the level is added or updated. And you do not need to distribute the entire new image, only the update is distributed, which allows you to distribute the images easier and faster.
At the core of each image is the base image. For example, ubuntu, the base image of Ubuntu, or fedora, the base image of the Fedora distribution. You can also use images as a base for creating new images. For example, if you have an apache image, you can use it as a base image for your web applications.
Note! Docker usually takes images from the Docker Hub registry.
These instructions are stored in the
The registry is a docker repository of images. After creating an image, you can publish it on the Docker Hub public registry or on your personal registry.
With the help of the docker client, you can search for already published images and download them to your machine with a docker to create containers.
Docker Hub provides public and private image repositories. Search and download images from public repositories is available to all. The content of private vaults does not fit into the search result. And only you and your users can receive these images and create containers from them.
The container consists of the operating system, user files and metadata. As we know, each container is created from an image. This image tells the docker that it is in the container, which process to start, when the container and other configuration data is launched. Docker image is read only. When the docker launches the container, it creates a read / write layer on top of the image (using the union file system, as mentioned earlier), in which the application can be launched.
Either using the
Let's deal with this team. The client is started using the
What happens under the hood when we run this command?
Docker, in order, does the following:
You now have a working container. You can manage your container, interact with your application. When you decide to stop the application, remove the container.
The docker is written in Go and uses some of the features of the Linux kernel to implement the above functionality.
Docker uses
It creates an isolated layer, every aspect of the container is running in its own namespace, and does not have access to an external system.
A list of some namespaces that docker uses:
Docker also uses
Union File Sysem or UnionFS is a file system that works creating levels, making it very lightweight and fast. Docker uses UnionFS to create the blocks from which the container is built. Docker can use several UnionFS options including: AUFS, btrfs, vfs, and DeviceMapper.
Docker combines these components into a wrapper, which we call the container format. The default format is called
What is a docker?
Docker is an open platform for developing, delivering and operating applications. Docker is designed to quickly lay out your applications. With docker, you can separate your application from your infrastructure and treat the infrastructure as a managed application. Docker helps to lay out your code faster, test faster, spread applications faster and reduce the time between writing code and running code. Docker does this with a lightweight container virtualization platform, using processes and utilities that help manage and share your applications.
In its core, docker allows you to run almost any application that is safely isolated in a container. Secure isolation allows you to run multiple containers on the same host at the same time. The lightweight nature of the container, which runs without the additional load of the hypervisor, allows you to get more from your hardware.
Platform and container virtualization tools can be useful in the following cases:
- packaging your application (and also used components) in docker containers;
- distribution and delivery of these containers to your teams for development and testing;
- putting these containers on your productions, both in data centers and in clouds.
What can I use docker for?
Fast posting your apps
Docker is great for organizing the development cycle. Docker allows developers to use local containers with applications and services. What subsequently allows to integrate with the process of continuous integration and deployment (continuous integration and deployment workflow).
')
For example, your developers write code locally and share their development stack (a set of docker images) with their colleagues. When they are ready, they poison the code and containers to the test site and run any necessary tests. From the test site, they can send code and images to the production.
Easier laying out and unfolding
A docker container based platform makes it easy to port your payload. Docker containers can work on your local machine, both real and virtual in the data center, and in the cloud.
The portability and lightweight nature of the docker makes it easy to dynamically manage your load. You can use docker to deploy or redeem your application or services. The speed docker allows you to do this almost in real time.
High loads and more payloads
Docker is lightweight and fast. It provides a robust, cost-effective alternative to hypervisor-based virtual machines. It is especially useful under high load conditions, for example, when creating your own cloud or platform-as-service. But it is also useful for small and medium applications when you want to get more from the available resources.
Docker Main Components
Docker consists of two main components:
- Docker: an open source virtualization platform;
- Docker Hub: our platform-as-a-service for distributing and managing docker containers.
Note! Docker is distributed under the Apache 2.0 license.
Docker architecture
Docker uses a client-server architecture. The Docker client communicates with the Docker daemon, which takes the brunt of creating, launching, distributing your containers. Both the client and the server can work on the same system, you can connect the client to the remote docker daemon. The client and server communicate through a socket or through a RESTful API.
Docker demon
As shown in the diagram, the daemon starts up on the host machine. The user does not interact with the server directly, but uses the client to do this.
Docker client
Docker-client, docker program - the main interface to Docker. It receives commands from the user and interacts with the docker daemon.
Inside the docker
To understand what docker consists of, you need to know about three components:
- images (images)
- registry (registries)
- containers
Images
A docker image is a read-only template. For example, an image may contain Ubuntu OSes with Apache and an application on it. Images are used to create containers. Docker makes it easy to create new images, update existing ones, or you can download images created by other people. Images is a component of the docker build.
Registry
Docker-registry stores images. There are public and private registries from which you can download or download images. The public Docker registry is Docker Hub . There is a huge collection of images. As you know, images can be created by you or you can use images created by others. Registries are a component of distribution.
Containers
Containers are like directories. Containers contain everything you need for the application to work. Each container is created from an image. Containers can be created, started, stopped, transferred or deleted. Each container is isolated and is a secure platform for the application. Containers are a work component.
So how does Docker work?
For now we know that:
- we can create images in which our applications are located;
- we can create containers from images to run applications;
- we can distribute images via Docker Hub or another image registry.
Let's see how these components fit together.
How does the image work?
We already know that the image is the read-only template from which the container is created. Each image consists of a set of levels. Docker uses the union file system to combine these levels into one image. The Union file system allows files and directories from different file systems (different branches) to overlap transparently, creating a coherent file system.
One of the reasons why docker is lightweight is the use of such levels. When you change the image, for example, update the application, a new level is created. So, without replacing the entire image or rebuilding it, as you may have to do with the virtual machine, only the level is added or updated. And you do not need to distribute the entire new image, only the update is distributed, which allows you to distribute the images easier and faster.
At the core of each image is the base image. For example, ubuntu, the base image of Ubuntu, or fedora, the base image of the Fedora distribution. You can also use images as a base for creating new images. For example, if you have an apache image, you can use it as a base image for your web applications.
Note! Docker usually takes images from the Docker Hub registry.
Docker images can be created from these basic images, the description steps for creating these images we call instructions. Each instruction creates a new image or level. Instructions will be the following:
- command launch
- add file or directory
- creating an environment variable
- instructions on what to run when the container of this image starts
These instructions are stored in the
Dockerfile file. The Docker reads this Dockerfile when you build the image, executes these instructions, and returns the final image.How does the docker registry work?
The registry is a docker repository of images. After creating an image, you can publish it on the Docker Hub public registry or on your personal registry.
With the help of the docker client, you can search for already published images and download them to your machine with a docker to create containers.
Docker Hub provides public and private image repositories. Search and download images from public repositories is available to all. The content of private vaults does not fit into the search result. And only you and your users can receive these images and create containers from them.
How does a container work?
The container consists of the operating system, user files and metadata. As we know, each container is created from an image. This image tells the docker that it is in the container, which process to start, when the container and other configuration data is launched. Docker image is read only. When the docker launches the container, it creates a read / write layer on top of the image (using the union file system, as mentioned earlier), in which the application can be launched.
What happens when the container starts?
Either using the
docker program, or using the RESTful API, the docker client tells the docker daemon to start the container.$ sudo docker run -i -t ubuntu /bin/bash
Let's deal with this team. The client is started using the
docker , with the run option, which says that the new container will be launched. The minimum requirements for running a container are the following attributes:- what image to use to create the container. In our case,
ubuntu - the command you want to run when the container is running. In our case
/bin/bash
What happens under the hood when we run this command?
Docker, in order, does the following:
- downloads the ubuntu image: docker checks for the presence of the
ubuntuimage on the local machine, and if not, then download it from the Docker Hub . If there is an image, it uses it to create a container; - creates a container: when an image is received, docker uses it to create a container;
- initializes the file system and mounts the read-only level: the container is created in the file system and the read-only level is added to the image;
- initializes the network / bridge: creates a network interface that allows docker to communicate with the host machine;
- Setting the IP address: finds and sets the address;
- Starts the specified process: starts your application;
- It processes and outputs the output of your application: it connects and logs the standard input, output and error stream of your application so that you can track how your application works.
You now have a working container. You can manage your container, interact with your application. When you decide to stop the application, remove the container.
Used technologies
The docker is written in Go and uses some of the features of the Linux kernel to implement the above functionality.
Namespaces
Docker uses
namespaces technology to organize isolated workspaces, which we call containers. When we run the container, docker creates a set of namespaces for this container.It creates an isolated layer, every aspect of the container is running in its own namespace, and does not have access to an external system.
A list of some namespaces that docker uses:
- pid: to isolate the process;
- net: to manage network interfaces;
- ipc: for managing IPC resources. (ICP: InterProccess Communication);
- mnt: to control mount points;
- utc: to isolate the kernel and control version generation (UTC: Unix timesharing system).
Control groups (control groups)
Docker also uses
cgroups or control groups. The key to the application in isolation, providing the application only those resources that you want to provide. This ensures that the containers are good neighbors. Control groups allow you to share the available iron resources and, if necessary, set limits and restrictions. For example, limit the amount of memory available to the container.Union file system
Union File Sysem or UnionFS is a file system that works creating levels, making it very lightweight and fast. Docker uses UnionFS to create the blocks from which the container is built. Docker can use several UnionFS options including: AUFS, btrfs, vfs, and DeviceMapper.
Container Formats
Docker combines these components into a wrapper, which we call the container format. The default format is called
libcontainer . Docker also supports the traditional container format in Linux using LXC . In the future, Docker will probably support other container formats. For example, integrating with BSD Jails or Solaris Zones.Source: https://habr.com/ru/post/253877/
All Articles