说明
- 非科班出身,学习途径基本通过物联网,肯定会有很多概念理解错误或举例不当,烦请指教;
- 只作为自己的学习笔记,仅供一同学习的伙伴参考;
- 许多文字是借鉴的,没别的意图,只是它让我理解了相关知识,在这里拿过来供大家学习。
Docekr的三个核心概念
1、镜像:可以理解为是一个可执行的包,其中包括运行应用程序所需要的所有内容包含代码,运行时的库、环境变量和配置文件,同时它也是个母体模板可以被重复使用创建容器;
2、容器:容器是通过镜像创建的,可理解为容器是运行状态的镜像实例,类似类和对象的关系;
3、仓库:存放东西的地方,但是docker的仓库存放的是镜像;
Docker的体系结构
docker使用客户端-服务器的结构体系。docker的客户端与docker的守护进程通信,docker守护进程负责构建、运行和分发docker容器。docker客户端和守护程序可以在同一个系统上运行,也可以将docker客户端连接到远程docker守护程序。docker客户端和守护进程使用RESTAPI通过UNIX套接字或网络接口进行通信。另一方面,docker客户端是Docker Compose(组成),它允许您使用由一组容器组成的应用程序。【守护进程:个人理解守护进程和普通进程区别是指:将后台程序变成一种服务,比如说:用命令行输入启动程序,如果不是守护进程的话,一旦命令行窗口关闭,程序就终止了;而如果启动守护进程,则退出命令行窗口之后,服务一直处于运行状态。】
docker的客户端是用户和docker服务互动的桥梁,用户通过使用客户端发送命令给服务器,真正提供服务的其实就是服务器。docker服务器又是以守护进程的形式存在的,即dockerd。
The Docker Damon(守护进程)
The Docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. A daemon can also communicate with other daemons to manage Docker services.
翻译:docker守护进程(dockerd)监听docker api请求并管理docker对象,例如镜像、容器、网络、卷。一个守护进程还可以和其他守护进程通信以管理docker服务。
The Docker Client(docker客户端)
The Docker client (docker) is the primary way that many Docker users interact with Docker. When you use commands such as docker run, the client sends these commands to dockerd, which carries them out. The docker command uses the Docker API. The Docker client can communicate with more than one daemon.
翻译:docker客户端是用户和docker互动的一种重要方式。当你使用docker命令,例如docker run,客户端发送这些命令到dockerd(守护进程),dockerd来执行它们。docker命令通过使用docker api的方式。客户端可以和多个守护进程通信。
Docker registries(注册表)
A Docker registry stores Docker images. Docker Hub is a public registry that anyone can use, and Docker is configured to look for images on Docker Hub by default. You can even run your own private registry.
When you use the docker pull or docker run commands, the required images are pulled from your configured registry. When you use the docker push command, your image is pushed to your configured registry.
翻译:registry(注册表)存放docker镜像。Docker Hub(可理解为公共仓库)是一个每个人都可以用的注册表,并且dockers默认是在Docker Hub上寻找镜像的。你甚至可以运行你自己私有的注册表。当你使用docker pull或者docker run命令时,将从配置的注册表中获取镜像。当你使用docker push命令时,镜像将被推送到配置的注册表中。
Registry和仓库Repository有啥联系?为什么一会儿说Registries是仓库,一会儿又说Repository
registry是仓库主从服务器,可以理解为github这样的托管服务。一个Docker Registry中可以包含多个仓库(Repository),每个仓库可以包含多个标签(Tag),每个标签对应一个镜像。通常,一个仓库会包含同一个软件不同版本的镜像,而标签就常用于对应该软件的各个版本。我们可以通过 <仓库名>:<标签> 的格式来指定具体是这个软件哪个版本的镜像。如果不给出标签,将以 latest 作为默认标签。
仓库分为两种:公有参考和私有仓库。最大的公开仓库是docker Hub,存放了数量庞大的镜像供用户下载,国内的docker pool,这里仓库的概念与Git类似,registry可以理解为github这样的托管服务。
Docker objects(docker对象)摘自官方文档
Images
An image is a read-only template with instructions for creating a Docker container. Often, an image is based on another image, with some additional customization. For example, you may build an image which is based on the ubuntu image, but installs the Apache web server and your application, as well as the configuration details needed to make your application run.
You might create your own images or you might only use those created by others and published in a registry. To build your own image, you create a Dockerfile with a simple syntax for defining the steps needed to create the image and run it. Each instruction in a Dockerfile creates a layer in the image. When you change the Dockerfile and rebuild the image, only those layers which have changed are rebuilt. This is part of what makes images so lightweight, small, and fast, when compared to other virtualization technologies.
翻译:镜像是一个创建容器时只读模式的包含说明的模板。通常一个镜像基于另一个带有一些额外自定义的镜像创建。举个例子,你可以基于Ubuntu镜像创建一个镜像,除了安装了Apache web服务和你的程序,还有一些你的应用程序运行时需要的配置详情信息。
你可以创建自己的镜像或者你可以使用别人创建好的并已经发布在仓库的镜像。要构建自己的镜像的话,你可以创建一个其中包含简单语法的Dockerfile文件,用于定义创建镜像和运行镜像所需要的步骤。Dockerfile中的每一条命令都会在镜像中创建一层。更改Dockerfile并重建镜像时,仅重建已更改的图层。与其他虚拟化技术相比,这是使镜像变得如此轻量级、小型和快速的部分原因。(后面两句我自己理解不了,因为涉及镜像层和容器层,这个后续会学习)
Containers
A container is a runnable instance of an image. You can create, start, stop, move, or delete a container using the Docker API or CLI. You can connect a container to one or more networks, attach storage to it, or even create a new image based on its current state.
By default, a container is relatively well isolated from other containers and its host machine. You can control how isolated a container’s network, storage, or other underlying subsystems are from other containers or from the host machine.
A container is defined by its image as well as any configuration options you provide to it when you create or start it. When a container is removed, any changes to its state that are not stored in persistent storage disappear.
翻译:一个容器是一个镜像的可运行的实例。你可以通过Docker Api或者CLI创建、开始、停止、移动或者删除容器。你可以将容器连接到一个或多个网络,将存储连接到容器,甚至可以基于其当前状态创建新的镜像。
默认情况下,容器与其他容器及其主机的隔离相对较好。您可以控制容器的网络、存储或其他底层子系统与其他容器或主机的隔离程度。
一个容器是由它的镜像以及在创建时或启动时你提供给它的配置选项定义的。当一个镜像被移除后,没有被存储在持久储存中的任何修改都消失。
Example docker run command(以docker run命令举例说明,命令的背后发生了什么)
The following command runs an ubuntu container, attaches interactively to your local command-line session, and runs /bin/bash.
翻译:以下命令运行ubuntu容器,以交互方式连接到本地命令行会话,并运行/bin/bash。【其实可以这样理解,docker run ubuntu创建并运行Ubuntu容器,以什么方式运行?-i,以交互的方式;通过什么媒介进行交互呢?-t,终端窗口(相当于借尸还魂,用你当前的终端窗口,建立与Ubuntu容器的对话,如果理解不了这句话就不要琢磨这句话的意思了,当我没写);此时你已经与Ubuntu容器通过终端交互的方式链接在了一起,那相互之间用什么语言呢?/bin/bash,指定交互语言;当你输入exit时,实际是从Ubuntu容器中链接断开回到了实际的服务器本地的终端窗口】
$docker run -i -t ubuntu /bin/bash
When you run this command, the following happens (assuming you are using the default registry configuration):
1、If you do not have the ubuntu image locally, Docker pulls it from your configured registry, as though you had run docker pull ubuntu manually.
2、Docker creates a new container, as though you had run a docker container create command manually.
3、Docker allocates a read-write filesystem to the container, as its final layer. This allows a running container to create or modify files and directories in its local filesystem.
4、Docker creates a network interface to connect the container to the default network, since you did not specify any networking options. This includes assigning an IP address to the container. By default, containers can connect to external networks using the host machine’s network connection.
5、Docker starts the container and executes /bin/bash. Because the container is running interactively and attached to your terminal (due to the -i and -t flags), you can provide input using your keyboard while the output is logged to your terminal.
6、When you type exit to terminate the /bin/bash command, the container stops but is not removed. You can start it again or remove it.
翻译:当你运行这个命令,会发生接下来的事情(默认你使用的是默认的注册表)
1、如果你在本地没有Ubuntu镜像,Docker会从你配置的注册表中拉取它,就像你手动运行了docker pull ubuntu。
2、Docker创建一个新容器,就像你手动运行Docker容器创建命令一样。
3、Docker将读写文件系统分配给容器,作为容器的最后一层。这允许正在运行的容器在其本地文件系统中创建或修改文件和目录。
4、Docker创建一个网络接口以将容器连接到默认网络,因为您没有指定任何网络选项。这包括为容器分配IP地址。默认情况下,容器可以使用主机的网络连接连接到外部网络。
5、Docker启动容器并执行/bin/bash。由于容器以交互方式运行并连接到终端(由于-i和-t选项),因此当输出打印到终端时你可使用键盘输入。
6、键入exit终止/bin/bash命令时,容器将停止,但不会被删除。您可以重新启动或删除它。
The underlying technology(底层技术)还没学
Docker is written in the Go programming language and takes advantage of several features of the Linux kernel to deliver its functionality. Docker uses a technology called namespaces to provide the isolated workspace called the container. When you run a container, Docker creates a set of namespaces for that container.
These namespaces provide a layer of isolation. Each aspect of a container runs in a separate namespace and its access is limited to that namespace.
翻译:Docker是用Go编程语言编写的,它利用Linux内核的几个特性来提供其功能。Docker使用一种称为名称空间的技术来提供称为容器的隔离工作空间。运行容器时,Docker会为该容器创建一组名称空间。
这些名称空间提供了一个隔离层。容器的每个方面都在一个单独的名称空间中运行,其访问仅限于该名称空间。