Docker 101

This article is also posted on my blog, feel free to check the latest revision: Docker 101

Docker is a practical tool for everyday use, and like Git, you can learn it in just 30 minutes.

Docker 101

Why docker

Traditionally, it is believed that after the completion of software coding development/testing, the output is a program or executable binary bytecode, such as java. In order to enable these programs to execute smoothly, the development team also has to prepare complete deployment files and a running environment, so that the operation and maintenance team can deploy the application. The emergence of Docker enables the packaging, from bottom to top, of the system environment required to run the application, excluding the operating system kernel, through images.

Docker Concepts

Docker itself is a container runtime carrier or a management engine. Docker is an open source project based on the Go. The main goal of Docker is "Build, Ship and Run Any App, Anywhere", addressing the issues of software containers regarding the running environment and configuration.

image

A Docker Image is a read-only template. Many containers can be created from the image.

You can imagine the image as the class and the container as the instance.

container

Containers can be regarded as a simplified Linux environment, including root user privileges, process space, user space, network space, etc., as well as the applications running within them.

repository

A repository is a centralized place for storing image files. It is similar to a Maven repository, which is where various jar packages are stored, and a GitHub repository, where various Git projects are stored. The official registry provided by Docker, Inc. is called Docker Hub。

Docker Workflow

Docker is a Client-Server structured system. The Docker daemon runs on the host machine and can be accessed from the client via a Socket connection. The daemon receives commands from the client and manages the containers running on the host, similar to MySQL.

Docker is a C/S mode architecture. The backend is a loosely coupled architecture, with numerous modules separated and each performing its own functions.

The basic process of running Docker is as follows:

1. Users use the Docker Client to establish communication with the Docker Daemon and send requests to the latter.
2. The Docker Daemon, as the main part of the Docker architecture, first provides the Docker Server function so that it can accept requests from the Docker Client.
3. The Docker Engine executes a series of internal tasks in Docker, and each task exists in the form of a Job.
4. During the running of a Job, when a container image is needed, the image is downloaded from the Docker Registry, and the downloaded image is stored in the form of a Graph through the image management driver, Graph driver.
5. When creating a network environment for Docker, the Docker container network environment is created and configured through the network management driver, Network driver.
6. When operations such as restricting the running resources of a Docker container or executing user instructions are required, it is completed through the Exec driver.
7. Libcontainer is an independent container management package. Both the Network driver and the Exec driver use Libcontainer to implement specific operations on containers.

Docker components

Before we talk about Docker, we need to understand some basic concepts about linux.

1. bootfs(boot file system): contains the kernel and the bootloader. The bootloader is used to load the OS kernel into memory and start it. Then the bootfs will be unloaded and release some memory space.
2. rootfs(root file system): contains the OS kernel and the root directory. The rootfs is used to store the OS kernel and the root directory, such as /dev, /proc, /bin, /etc, /lib, /usr, and /tmp etc. When starting the system, the rootfs will be mounted as read-only. After the system is started, the rootfs will be mounted as read-write.
3. UnionFS: (below from wiki)

• It allows files and directories of separate file systems, known as branches, to be transparently overlaid, forming a single coherent file system. Contents of directories which have the same path within the merged branches will be seen together in a single merged directory, within the new, virtual filesystem.
• When mounting branches, the priority of one branch over the other is specified. So when both branches contain a file with the same name, one gets priority over the other.
• The different branches may be either read-only or read/write file systems, so that writes to the virtual, merged copy are directed to a specific real file system. This allows a file system to appear as writable, but without actually allowing writes to change the file system, also known as copy-on-write, which means that the modification of the read-only file system can be saved to the writable file system.

The startup process of a computer:

1. POST (Power-On Self-Test), this process is mainly executed by the computer's BIOS (Basic Input/Output System) or UEFI (Unified Extensible Firmware Interface). BIOS/UEFI checks whether the computer's hardware, such as memory, hard disk, CPU, etc., is working properly. After completing POST, the next task of BIOS/UEFI is to find and load the boot loader.
2. The boot loader（such as GRUB - Grand Unified Bootloader） is responsible for loading the kernel(vmlinuz in the /boot) and the rootfs.
3. The kernel init: Device test and driver loading, the memory paging. And then init the first process PID 1, which is init or systemd. Then other services will be started, such as GNOME Display Manager, etc. For the PID 1 and the systemd, you can refer my blog the systemd.

So the docker is based on layers. When docker run a container and do some changes, it will just add the writable layer on the other layers and this layer is so-called container.

The maximum number of UnionFS layers is 127.

In the dockerfile, every RUN command will create a new layer.

So you should use

RUN xxxx && xxxx \
&& xxxx

to reduce the number of layers. And in the end, you should also clean the cache to make this layer as small as possible.

Compare

• Traditional Virtual Machine Technology:

  • A virtual machine (VM) is a solution that includes an environment installation. It can run one operating system within another operating system. A hypervisor (such as VMware) virtualizes a set of OS. It virtualizes a set of hardware, on which a complete operating system runs, and within that system, the required application processes are executed.

• Docker:

  • The application processes inside a container run directly on the host's kernel. The container does not have its own kernel and does not perform hardware virtualization. It directly uses the hardware resources of the physical machine, isolating the processes. Each container is isolated from one another, each having its own file system. Processes in different containers do not affect each other, allowing for the distinction of computing resources.
  • Docker is kernel-level virtualization, which does not require reloading an operating system kernel like a virtual machine. This avoids the time-consuming and resource-intensive process of seeking and loading the operating system kernel.

Docker Installation

Docker is not a universal container tool. It depends on an existing and running Linux kernel environment.

Docker essentially creates an isolated file environment within a running Linux system. As a result, its execution efficiency is nearly equivalent to that of the deployed Linux host.

Therefore, Docker must be deployed on a system with a Linux kernel. If other systems want to deploy Docker, they must install a virtual Linux environment. For example, in Windows, you should run Docker on your VMware Linux images.

The process you can refer to the official docs: https://docs.docker.com/engine/install/

In this process, you run docker run hello-world which will first search the image locally, if not found, it will search the image from the Docker Hub. And docker image pull it automatically, and then run it.

Prequisite

Add current user to docker group

To avoid having to use the sudo command every time you use the docker command, you can add the current user to the docker group created during installation (refer to the official documentation).

Aliyun mirror acceleration

Only domestic developers refer:

https://help.aliyun.com/zh/acr/user-guide/accelerate-the-pulls-of-docker-official-images

mkdir -p /etc/docker

vim /etc/docker/daemon.json

don't forget restart

systemctl daemon-reload
systemctl restart docker

Now you have known the basic of docker, for more commands, you can refer to the docker-cheatsheet.