Docker provides a way to run applications securely isolated in a container, packaged with all its dependencies and libraries.
Docker是什么
Docker is the world’s leading software container platform.
Docker是PaaS供应商dotCloud开源的一个基于LXC(linux container)的高级容器引擎,源代码托管在 GitHub 上,基于Go语言开发并遵从Apache 2.0协议开源。Docker提供了一种在安全、可重复的环境中自动部署软件的方式,它的出现拉开了基于云计算平台发布产品方式的变革序幕。
Docker的应用场景
Docker可以解决虚拟机能够解决的问题,同时也能够解决虚拟机由于资源要求过高而无法解决的问题。
- Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers.
- Operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density.
- Enterprises use Docker to build agile software delivery pipelines to ship new features faster, more securely and with confidence for both Linux, Windows Server, and Linux-on-mainframe apps.
Docker vs Virtual Machines
Virtual Machine diagram
Virtual machines run guest operating systems—note the OS layer in each box. This is resource intensive, and the resulting disk image and application state is an entanglement of OS settings, system-installed dependencies, OS security patches, and other easy-to-lose, hard-to-replicate ephemera.
Container diagram
Containers can share a single kernel, and the only information that needs to be in a container image is the executable and its package dependencies, which never need to be installed on the host system. These processes run like native processes, and you can manage them individually by running commands like docker ps—just like you would run ps on Linux to see active processes. Finally, because they contain all their dependencies, there is no configuration entanglement; a containerized app “runs anywhere.”
虚拟机在底层模拟出各种硬件,cpu、硬盘之类的,而 docker 是在软件层面给资源分组。如果是初次接触Docker,可以把它比作一种轻量级的虚拟机(这样容易理解一点,但是Docker不是虚拟机),它比虚拟机更节省内存,启动更快。
Docker结构及相关概念
结构
- Docker Client:用户界面,它支持用户与Docker Daemon之间通信。
- Docker Daemon:运行于主机上,处理服务请求。
- Docker Registries:中央registry,支持拥有公有与私有访问权限的Docker容器镜像的备份。
概念
- Docker Containers:负责应用程序的运行,包括操作系统、用户添加的文件以及元数据。
- Docker Images:一个只读模板,用来运行Docker容器。
- DockerFile:文件指令集,用来说明如何自动创建Docker镜像。
底层技术
- Namespaces:充当隔离的第一级。确保一个容器中运行一个进程而且不能看到或影响容器外的其它进程。
- Control Groups:LXC的重要组成部分,具有资源核算与限制的关键功能。
- UnionFS(文件系统):作为容器的构建块。为了支持Docker的轻量级以及速度快的特性,它创建了用户层。
- Container format:Docker Engine combines the namespaces, control groups, and UnionFS into a wrapper called a container format. The default container format is libcontainer. In the future, Docker may support other container formats by integrating with technologies such as BSD Jails or Solaris Zones.
Docker安装
Docker is available in two editions: Community Edition (CE) and Enterprise Edition (EE).
个人学习使用Docker CE,Docker最新版原生支持64bit Windows 10和Mac OS X。
Get Docker CE for Mac
https://docs.docker.com/docker-for-mac/install/#install-and-run-docker-for-mac
Get Docker CE for Windows
https://docs.docker.com/docker-for-windows/install/#download-docker-for-windows
Get Docker CE for Ubuntu
sudo apt-get update
sudo apt-get install docker-ce
Get Docker CE for CentOS
sudo yum makecache fast
sudo yum install docker-ce
sudo systemctl start docker
Docker命令
查看Docker相关信息docker info
列出本地主机上的镜像docker images
从镜像仓库下载镜像,默认是从 Docker Hub 公共镜像源下载。
Tips:由于国内网络问题,从Docker Hub访问速度很慢,推荐使用国内镜像源docker pull
docker pull ubuntu:14.04
从Docker Hub镜像中心下载docker pull hub.c.163.com/library/ubuntu:14.04
从网易蜂巢镜像中心下载
从镜像中心搜索镜像docker search
运行镜像,创建容器docker run
查看正在运行的容器docker ps
查看容器内部的标准输出docker logs
查看容器内部运行的进程docker top
停止容器docker stop
启动容器docker start
移除容器,此时容器必须是停止的docker rm
移除镜像docker rmi
更多命令请参考:https://docs.docker.com/engine/reference/commandline/docker/
参考文献
- Docker官网:https://docs.docker.com/get-started
- 深入浅出Docker(一):Docker核心技术预览:http://www.infoq.com/cn/articles/docker-core-technology-preview