码头tsb_码头工人及其内部

码头tsb

Before we start talking about docker, we need to understand the problem which is solved by Docker efficiently and economically. Before Docker gained popularity, Companies used to use virtualization for running multiple applications as the different applications might need different sets of libraries and OS to run.

在开始谈论Docker之前，我们需要了解Docker有效且经济地解决的问题。 在Docker流行之前，公司曾经使用虚拟化来运行多个应用程序，因为不同的应用程序可能需要运行不同的库和操作系统集。

Why do organizations prefer virtual machines instead of provisioning actual servers to host their applications?

为什么组织更喜欢虚拟机而不是配置实际服务器来托管其应用程序？

1. Better response time. Virtualization can improve application performance, and the provisioning of virtual machines takes only minutes, rather than weeks. At progressed levels of implementation, self-provisioning by users is even possible.

   更好的响应时间。 虚拟化可以提高应用程序性能，并且虚拟机的配置仅需数分钟，而不是数周。 在实施的进度级别上，甚至可以由用户自行配置。

2. Improved application availability. When physical servers have problems, need routine maintenance, or require upgrades, the result is costly downtime. With virtual servers, applications can be readily moved between hosts to keep everyone up and running.

   提高了应用程序的可用性。 当物理服务器出现问题，需要例行维护或需要升级时，结果将是昂贵的停机时间。 使用虚拟服务器，可以轻松地在主机之间移动应用程序，以保持所有人的正常运行。

3. Virtualization allows for more efficient use of IT equipment and labor resources.
   虚拟化可以更有效地利用IT设备和劳动力资源。

hypervisor (or virtual machine monitor, VMM, virtualizer) is computer software, firmware or hardware that creates and runs virtual machines. A computer on which a 管理程序 (或虚拟机监视器，VMM，虚拟机)是创建和运行虚拟机的计算机软件，固件或硬件。 系统 hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine 管理程序在其上运行一个或多个虚拟机的计算机称为主机，每个虚拟机称为客户机。

Virtualization also has some shortcomings. Suppose, we need to deploy one application that requires a different OS with a set of configurations. It requires us to provision a new guest OS in order to run the application. Also, Running multiple Virtual Machines in the same host operating system leads to performance degradation. This is because of the guest OS running on top of the host OS, which will have its own kernel and set of libraries and dependencies. This takes up a large chunk of system resources, i.e. hard disk, processor, and especially RAM. Boot up process is also a long process that takes a minute time to boot up which becomes critical in case of real-time applications. There is one more big issue with virtualization as it requires a fixed RAM size to allocate to a VM which leads to unused blocked memory of the host machine. This blocked memory cannot be allocated to a new VM. Here, Containerization comes to rescue us from all these shortcomings.

虚拟化也有一些缺点。 假设我们需要部署一个需要具有一套配置的不同操作系统的应用程序。 它要求我们提供一个新的来宾操作系统以运行该应用程序。 同样，在同一主机操作系统中运行多个虚拟机也会导致性能下降。 这是因为来宾操作系统在主机操作系统之上运行，该操作系统将具有自己的内核以及一组库和依赖项。 这占用了大量系统资源，即硬盘，处理器，尤其是RAM。 启动过程也是一个漫长的过程，需要一分钟的时间才能启动，这对于实时应用程序而言至关重要。 虚拟化还有一个更大的问题，因为它需要固定的RAM大小才能分配给VM，这会导致主机的未使用的阻塞内存。 该阻塞的内存无法分配给新的VM。 在这里，集装箱化可以将我们从所有这些缺点中解救出来。

什么是集装箱化？ (What is containerization?)

Containerization is a technique to bring virtualization to the OS level. Containerization is much more efficient as it does not require guest OS. It uses the same host kernel to run the application. Now, Docker is a containerization platform that packages your application with all its required dependencies in a container to run seamlessly in any environment.

容器化是一种将虚拟化提升到OS级别的技术。 容器化效率更高，因为它不需要来宾操作系统。 它使用相同的主机内核来运行应用程序。 现在， Docker是一个容器化平台，它将您的应用程序及其所有必需的依赖项打包到一个容器中，以在任何环境中无缝运行。

Containers run a host machine using the container engine.

容器使用容器引擎运行主机。

The best part of Containerization is that it is very lightweight as compared to the heavy virtualization. It takes a fraction of seconds to start a new container on a machine. Resources are shared among all the containers to allow the maximum utilization.

与重型虚拟化相比，容器化的最好之处在于它非常轻巧。 在机器上启动新容器只需要几秒钟的时间。 资源在所有容器之间共享，以实现最大利用率。

Docker术语 (Docker terminologies)

1. Docker image: A docker image is a blueprint or read-only template with instructions to create a docker container. We can create our own docker image (on top of other existing images). These images can be saved in a repository (local or global). This repository is known as the docker registry.

   Docker映像：Docker映像是蓝图或只读模板，其中包含创建Docker容器的说明。 我们可以创建自己的docker映像(在其他现有映像之上)。 这些图像可以保存在存储库中(本地或全局 )。 该存储库称为docker注册表。

2. Docker container: A docker container is a running instance of a docker image. It has a writable layer on top of one or more read-only layers. We make changes or execute commands in this writable layer of the container.

   Docker容器：Docker容器是Docker映像的运行实例。 它在一个或多个只读层之上具有可写层。 我们在容器的此可写层中进行更改或执行命令。

3. Docker registry: It is a repository (like maven repository) that stores docker images uploaded by developers to be leveraged by other developers. Container repositories are the specific physical locations where your Docker images are actually stored, whereby each repository comprises a collection of related images with the same name. Each image inside a repository is uniquely identified by a tag. nodejscn/node is one of the repositories on the docker hub with multiple tags.

   Docker注册表：这是一个存储库 (如Maven存储库)，用于存储开发人员上传的Docker映像以供其他开发人员使用。 容器存储库是实际存储Docker映像的特定物理位置，每个存储库都包含一个具有相同名称的相关映像的集合。 存储库中的每个图像都由标签唯一标识。 nodejscn / node是docker hub上具有多个标签的存储库之一。

4. Docker networking: Docker takes care of the networking aspects so that the containers can communicate with other containers and also with the Docker Host. We can see the docker ethernet adaptor using the command ifconfig on the docker host. We can also access applications running in a docker container on the port exposed to the external world.

   Docker网络： Docker负责网络方面，以便容器可以与其他容器以及Docker主机进行通信。 我们可以在docker主机上使用命令ifconfig查看docker ethernet适配器。 我们还可以访问在暴露于外部世界的端口上的docker容器中运行的应用程序。

5. Docker storage: Docker has multiple storage drivers that allow one to work with the underlying storage devices. AUFS, DeviceMapper, Ovelay, ZFS, etc. Docker has data volumes that can be shared across containers. Some of the features of the data volumes:

   Docker存储： Docker有多个存储驱动程序，允许一个驱动程序与基础存储设备一起使用。 AUFS，DeviceMapper，Ovelay，ZFS等。Docker具有可以在容器之间共享的数据量。 数据量的一些功能：

• They are initialized when the container is created.
  它们在创建容器时被初始化。
• They can be shared and also reused amongst many containers.
  它们可以在许多容器之间共享和重用。
• Any changes to the volume itself can be made directly.
  对音量本身的任何更改都可以直接进行。
• They exist even after the container is deleted.
  它们甚至在删除容器后仍然存在。

6. DockerFile: A dockerFile is a simple text file that contains a set of statements to build our own docker image.

6. DockerFile： DockerFile是一个简单的文本文件，其中包含一组用于构建我们自己的Docker映像的语句。

# Each step creates a read-only layer of the image, There will be 6 layers in the image.# For Java 8FROM openjdk:8-jdk-alpine# Refer to Maven build -> finalName
ARG JAR_FILE=target/spring-boot-web.jar# cd /opt/app
WORKDIR /opt/app# cp target/spring-boot-web.jar /opt/app/app.jarCOPY ${JAR_FILE} app.jar# exposing the port on which application runs
EXPOSE 8080# java -jar /opt/app/app.jar
ENTRYPOINT ["java","-jar","app.jar"]

This dockerFile is used to create a docker image for our spring-boot application. Here, OpenJDK is the base image used, on top of which our docker image will be created. Commands to build the docker image:

该dockerFile用于为我们的spring-boot应用程序创建docker映像。 在这里，OpenJDK是使用的基础映像，将在其上创建我们的docker映像。 构建docker映像的命令：

# Command to build docker image
docker build -t {A_TAG_TO_YOUR_IMAGE} .# Try this, if dockerFile is not present in the root folder of your spring-boot project
docker build -t {TAG} -f {PATH_TO_DOCKER_FILE} .# Command to run your application container
docker run -d -p 8080:8080 -t {SAME_TAG_USED_ABOVE}

You might be wondering how does docker help us here? To run a spring-boot application, we would need java to be installed on the machine. But, with spring-boot docker image, None of the dependencies are required to be installed on the host machine. Every single dependency required to run the application embedded in the container. Container can be run on any machine where docker engine is installed.

您可能想知道docker如何在这里帮助我们？ 要运行spring-boot应用程序，我们需要在计算机上安装java。 但是，使用spring-boot docker镜像，不需要在主机上安装任何依赖项。 运行嵌入在容器中的应用程序所需的每个依赖项。 容器可以在安装了docker引擎的任何机器上运行。

7. .dockerignore is the file that is used to ignore some of the unnecessary files from the image. It plays an important role in creating more compact, faster-running containers.

7. .dockerignore是用于忽略映像中某些不必要文件的文件。 它在创建更紧凑，运行速度更快的容器中起着重要作用。

Docker架构 (Docker Architecture)

Docker architecture is a client-server architecture where Docker client talks to the Docker server(host) using REST APIs. It has 2 main components:

Docker体系结构是一种客户端-服务器体系结构，其中Docker客户端使用REST API与Docker服务器(主机)进行对话。 它具有2个主要组件：

1. The client which is a CLI (command-line interface) where we run commands (like build, run, pull, ps, images, container, etc) to interact with docker host.
   客户端是一个CLI(命令行界面)，我们在其中运行命令(例如build，run，pull，ps，images，container等)与Docker主机进行交互。

Docker Architecture

Docker架构

Docker container- running instance of the spring-boot image. Application logs and other things will get added to the writable layer of the container.

Spring启动映像的Docker容器运行实例。 应用程序日志和其他内容将添加到容器的可写层。

The major difference between a container and an image is the top writable layer. All writes to the container that adds new or modifies existing data are stored in this writable layer. The writable layer is also deleted with container. The underlying image remains unchanged. Because each container has its own writable container layer, and all changes are stored in this container layer, multiple containers can share access to the same underlying image and yet have their own data state.

容器和图像之间的主要区别是可写顶层。 所有添加新容器或修改现有数据的容器写入都存储在此可写层中。 可写层也随容器一起删除。 基础图像保持不变。 因为每个容器都有其自己的可写容器层，并且所有更改都存储在该容器层中，所以多个容器可以共享对同一基础映像的访问，但具有自己的数据状态。

Docker命令 (Docker commands)

Docker commands can be found using docker --help command. To know more information about a command, use the commands like:

可以使用docker --help命令找到Docker命令。 要了解有关命令的更多信息，请使用以下命令：

docker container --help

docker container --help

docker image --help

docker image --help

docker build -t {A_TAG_TO_YOUR_IMAGE} . to build an image using dockerFile.

docker build -t {A_TAG_TO_YOUR_IMAGE} . 使用dockerFile构建映像。

docker login to login to hub.docker.com

docker docker login以登录hub.docker.com

docker prune to remove all the stopped containers.

docker prune删除所有停止的容器。

docker run -d -p 8080:8080 -t {TAG} to run a container of an image.

docker run -d -p 8080:8080 -t {TAG}以运行图像容器。

docker management commands

码头工人管理命令

docker commands

码头工人命令

对于容器中的基本OS映像存在误解，即容器会在Docker映像中针对给定OS基本映像在主机OS之上启动完整的来宾OS。 (Misconception about the base OS image in a container that the container launches a full-fledged guest OS on top of host OS for the given OS base image in a docker image.)

Most of the docker files use an OS base image FROM centos:latest.

大多数docker文件使用 FROM centos:latest 的操作系统基础映像 。

Do containers also start guest OS on top of host OS as we do in case of virtualization?It becomes extremely important to understand about base images when we start understanding docker from stratch. This base image of an OS is not full fledged operating system. It is just an OS user space minus the kernel. It uses the kernel space of host machine. Base image is much more lighter than base OS and that’s why docker containers can be really fast. It only installs distro specific (or “userland” ) software.

容器是否也像虚拟化一样在主机OS之上启动来宾OS？ 当我们从stratch开始了解docker时，了解基本映像变得非常重要。 操作系统的此基本映像不是完整的操作系统。 它只是一个OS用户空间减去内核。 它使用主机的内核空间。 基本映像比基本操作系统要轻得多，这就是为什么Docker容器可以非常快的原因。 它仅安装发行版特定的(或“用户国”)软件。

Why do we need a base OS image in our image?The docker containers filesystem is isolated from the host OS. So an application packaged inside a docker image wont be able to see the host filesystem(unless attached as volume) at the time of running as a container. So, imagine the application you have inside the container depends on various OS libraries, so maintaining the isolation if we want to run the application we will have to package those dependencies too inside the Docker Image. It is also possible use host OS directly. FROM scratch

为什么我们的映像中需要基本的OS映像？ docker容器文件系统与主机操作系统隔离。 因此打包在docker映像中的应用程序在作为容器运行时将无法查看主机文件系统(除非作为卷附加)。 因此，想象一下您在容器中拥有的应用程序依赖于各种OS库，因此，如果要运行该应用程序，则必须保持隔离性，我们也必须将这些依赖关系打包在Docker Image中。 也可以直接使用主机OS。 FROM scratch

Can we use any base image in a container to be run on a host OS?To know the answer, we first need to know about linux distros. All linux distros use the same “Linux” kernel, however all distros make slight changes to it in order make the kernel work best for them.

我们可以使用容器中的任何基础映像来在主机OS上运行吗？ 要知道答案，我们首先需要了解linux发行版。 所有Linux发行版都使用相同的“ Linux”内核，但是所有发行版都对其进行了细微更改，以使内核最适合他们。

Suppose, Host OS is ubuntu (one of the Linux distros), then your container could use a base image of OS which is based on Linux only (that’s why docker cannot run FreeBSD or Windows inside Linux). Installing CentOS container inside Ubuntu OS will mean that you will get the userland from CentOS, while still running the same kernel of host OS (from Ubuntu).

假设主机操作系统是ubuntu(Linux发行版之一)，那么您的容器可以使用仅基于Linux的操作系统的基本映像(这就是docker无法在Linux内部运行FreeBSD或Windows的原因)。 在Ubuntu OS中安装CentOS容器将意味着您将从CentOS获得用户身份，同时仍运行与主机OS相同的内核(从Ubuntu)。

使用dockerFile构建映像时要记住的重要要点 (Important key points to remember while building an image using a dockerFile)

1. Most frequent modifying layers should be present towards the end of the dockerFile. Suppose, There are 4 layers(instructions) in a dockerFile, modification in the 2nd instruction builds all the layers from 2nd onwards from scratch.
   最频繁的修改层应出现在dockerFile的末尾。 假设dockerFile中有4层(指令)，对第二条指令的修改将从头开始从第二层开始构建所有层。

2. Layering is a critical thing to keep in mind as it contributes to caching to unmodified layers. Suppose, 2 images are built using the same base image. The 2nd image will use the cached base image from the 1st image. Therefore, the base image does not take double disk space.Image1 — 250 MB, Image2 — 320 MB, Base Image — 150 MB, total disk space used is 320 MB for these 2 images (not 320+250 MB)

   分层是要牢记的关键，因为它有助于缓存到未修改的层。 假设使用相同的基础图像构建2个图像。 第二张图片将使用第一张图片中的缓存基础图片。 因此，基本映像不会占用双倍的磁盘空间。 Image1 — 250 MB, Image2 — 320 MB, Base Image — 150 MB, total disk space used is 320 MB for these 2 images (not 320+250 MB)

3. Use multi-stage dockerFile to build an image, it helps in keeping the image size down.

   使用多阶段 dockerFile构建映像，这有助于减小映像大小。

4. Build images using the BuildKit to see an improvement on performance, storage management, feature functionality, and security.

   使用BuildKit构建映像，以查看性能，存储管理，功能功能和安全性方面的改进。

Thanks for reading!

谢谢阅读！

翻译自: https://medium.com/swlh/docker-and-its-internals-9c7a771be52e

码头tsb