摘要:你甚至可以運(yùn)行自己的私有注冊表。當(dāng)你使用或命令時(shí),所需的鏡像將從配置的注冊表中拉取。本節(jié)簡要概述其中的一些對象。這允許運(yùn)行的容器在其本地文件系統(tǒng)中創(chuàng)建或修改文件和目錄。啟動(dòng)容器并執(zhí)行開啟容器內(nèi)的終端。輸入以終止命令,容器停止,但未被刪除。
Docker是什么
Docker是一個(gè)開源的應(yīng)用容器引擎,讓開發(fā)者可以打包他們的應(yīng)用以及依賴包到一個(gè)可移植的容器中,然后發(fā)布到任何流行的Linux機(jī)器上,也可以實(shí)現(xiàn)虛擬化。容器是完全使用沙箱機(jī)制,相互之間不會(huì)有任何接口。
上面的描述引用自百度百科,簡單的來說Docker就是容器引擎,非常輕量,使用Docker可以新建很多容器,且容器之間是完全隔離互不干擾的,我們可以把我們的應(yīng)用打包成一個(gè)鏡像來實(shí)例化容器來運(yùn)行應(yīng)用
傳統(tǒng)部署方式的問題運(yùn)維工作量大:當(dāng)我們要部署應(yīng)用的時(shí)候,首先需要很多臺服務(wù)器,例如要在web服務(wù)器上部署Apache、Nginx等應(yīng)用,要在應(yīng)用服務(wù)器上部署多個(gè)Tomcat、Jetty、Undertow等中間件,在數(shù)據(jù)庫服務(wù)器上部署Mysql、Redis等應(yīng)用,以及還要部署各種Zookeeper、RabbitMQ等等應(yīng)用,那運(yùn)維就需要在這些服務(wù)器上安裝配置應(yīng)用所需要的環(huán)境,并進(jìn)行一系列的調(diào)試、檢查服務(wù)器之間的網(wǎng)絡(luò)連接等工作,這是非常麻煩且巨大的工作量
服務(wù)的擴(kuò)展伸縮麻煩:而且隨著業(yè)務(wù)量的增大,需要增加服務(wù)器來做集群,運(yùn)維對于新增的服務(wù)器又需要進(jìn)行配置與網(wǎng)絡(luò)調(diào)試,增加了重復(fù)的工作量,而當(dāng)一些業(yè)務(wù)減少乃至廢棄后又會(huì)導(dǎo)致服務(wù)器閑置造成不必要的損失
服務(wù)的相互影響:當(dāng)我們在同一臺服務(wù)器上部署多個(gè)應(yīng)用時(shí),有時(shí)可能因?yàn)橐恍?yīng)用的出錯(cuò)導(dǎo)致CPU、內(nèi)存占用過高,或是存在過多的日志打印占用了過多的磁盤空間導(dǎo)致磁盤緊張等一系列未知原因?qū)е路?wù)器崩了,從而影響到這臺服務(wù)器上部署的所有應(yīng)用
Docker部署方式的好處減輕運(yùn)維工作量:Docker使用鏡像來創(chuàng)建容器,鏡像就像是類,而一個(gè)容器就是類的一個(gè)具體實(shí)例化對象。因此創(chuàng)建容器只需要在Docker倉庫下載指定應(yīng)用的鏡像,在這基礎(chǔ)上做屬于自己的定制
服務(wù)的彈性伸縮:Docker只需要新增服務(wù)器后創(chuàng)建容器就能實(shí)現(xiàn)快速擴(kuò)展
服務(wù)相互不受影響:Docker容器使用沙箱機(jī)制,完全隔離,每個(gè)容器有分配的硬件資源,一個(gè)容器掛了不會(huì)影響到其他容器,即使整個(gè)服務(wù)器掛了也可以通過部署高可用的Docker集群來解決
Docker的分層結(jié)構(gòu)Docker容器在本質(zhì)上是宿主機(jī)上的一個(gè)進(jìn)程,通過Bootfs和Rootfs加載系統(tǒng)內(nèi)核與標(biāo)準(zhǔn)目錄,LXC技術(shù)來實(shí)現(xiàn)進(jìn)程與資源的隔離,AUFS文件系統(tǒng)來分層并把不同物理位置的目錄合并到同一個(gè)目錄中,使得每個(gè)容器感覺就像一個(gè)獨(dú)立的操作系統(tǒng)
LXC為Linux Container的簡寫,一種內(nèi)核虛擬化技術(shù),可以提供輕量級的虛擬化,以便隔離進(jìn)程和資源。且與宿主機(jī)使用同一個(gè)內(nèi)核,性能損耗小
Bootfs為Boot File System的簡寫,包含Boot loader和Kernel(內(nèi)核),Bootloader主要引導(dǎo)加載Kernel, 整個(gè)內(nèi)核加載進(jìn)內(nèi)存后,Bootfs會(huì)被卸載掉從而釋放出所占用的內(nèi)存
Rootfs為Root File System的簡寫,包含典型的目錄結(jié)構(gòu),包括/dev、/proc、/bin、/etc等標(biāo)準(zhǔn)目錄和文件
對于不同的Linux發(fā)行版, Bootfs基本是一致的, 但Rootfs會(huì)有差別, 因此不同的發(fā)行版可以公用Bootfs
鏡像的最底層是一個(gè)Base Image,提供了一個(gè)基本的操作系統(tǒng)環(huán)境,通常為Linux發(fā)行版(即以Linux為內(nèi)核的系統(tǒng))的鏡像,例如:Centos、Ubuntu等
可以在Base Image的基礎(chǔ)上添加各種應(yīng)用,例如Emacs編輯器、Apache服務(wù)器,上層的Image的父引用是下層的Image即依賴于下層的Image,鏡像層都是只讀的,最上層是容器層,是可寫的
Docker architectureDocker uses a client-server architecture. The Docker client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers. The Docker client and daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon. The Docker client and daemon communicate using a REST API, over UNIX sockets or a network interface.
Docker使用客戶端-服務(wù)器架構(gòu)。Docker客戶端與Docker守護(hù)進(jìn)程進(jìn)行對話,該守護(hù)進(jìn)程負(fù)責(zé)構(gòu)建、運(yùn)行和分發(fā)Docker容器。Docker客戶端和守護(hù)進(jìn)程可以在同一個(gè)系統(tǒng)上運(yùn)行,也可以將Docker客戶端連接到遠(yuǎn)程Docker守護(hù)進(jìn)程。Docker客戶端和守護(hù)進(jìn)程通過UNIX套接字或網(wǎng)絡(luò)接口使用REST API進(jìn)行通信。
Docker守護(hù)進(jìn)程The Docker daemonThe Docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. A daemon can also communicate with other daemons to manage Docker services.
Docker守護(hù)進(jìn)程(dockerd)監(jiān)聽Docker API請求,并管理Docker對象,如鏡像、容器、網(wǎng)絡(luò)和卷。守護(hù)進(jìn)程還可以與其他守護(hù)進(jìn)程通信,以管理Docker服務(wù)。
Docker客戶端The Docker clientThe Docker client (docker) is the primary way that many Docker users interact with Docker. When you use commands such as docker run, the client sends these commands to dockerd, which carries them out. The docker command uses the Docker API. The Docker client can communicate with more than one daemon.
Docker客戶端(Docker)是許多Docker用戶與Docker交互的主要方式。當(dāng)你使用諸如docker run之類的命令時(shí),客戶端將這些命令發(fā)送給dockerd, dockerd執(zhí)行這些命令。docker命令使用docker API。Docker客戶端可以與多個(gè)守護(hù)進(jìn)程通信。
Docker注冊表Docker registriesA Docker registry stores Docker images. Docker Hub and Docker Cloud are public registries that anyone can use, and Docker is configured to look for images on Docker Hub by default. You can even run your own private registry. If you use Docker Datacenter (DDC), it includes Docker Trusted Registry (DTR).
When you use the docker pull or docker run commands, the required images are pulled from your configured registry. When you use the docker push command, your image is pushed to your configured registry.
Docker store allows you to buy and sell Docker images or distribute them for free. For instance, you can buy a Docker image containing an application or service from a software vendor and use the image to deploy the application into your testing, staging, and production environments. You can upgrade the application by pulling the new version of the image and redeploying the containers.
Docker注冊表存儲Docker鏡像。Docker Hub和Docker Cloud是任何人都可以使用的公共注冊中心,Docker默認(rèn)配置在Docker Hub上查找鏡像。你甚至可以運(yùn)行自己的私有注冊表。如果你使用Docker Datacenter (DDC),它包括Docker可信注冊表(DTR)。
當(dāng)你使用docker pull或docker run命令時(shí),所需的鏡像將從配置的注冊表中拉取。當(dāng)你使用docker push命令時(shí),你的鏡像將被推到配置的注冊表中。
Docker商店允許你購買和出售Docker鏡像或免費(fèi)分發(fā)。例如,你可以從軟件供應(yīng)商購買包含應(yīng)用程序或服務(wù)的Docker鏡像,并使用該映像將應(yīng)用程序部署到你的測試、演示和生產(chǎn)環(huán)境中。你可以通過提取鏡像的新版本并重新部署容器來升級應(yīng)用程序。
Docker objectsWhen you use Docker, you are creating and using images, containers, networks, volumes, plugins, and other objects. This section is a brief overview of some of those objects.
當(dāng)你使用Docker時(shí),你正在創(chuàng)建和使用鏡像、容器、網(wǎng)絡(luò)、卷、插件和其他對象。本節(jié)簡要概述其中的一些對象。
鏡像IMAGESAn image is a read-only template with instructions for creating a Docker container. Often, an image is based on another image, with some additional customization. For example, you may build an image which is based on the ubuntu image, but installs the Apache web server and your application, as well as the configuration details needed to make your application run.
You might create your own images or you might only use those created by others and published in a registry. To build your own image, you create a Dockerfile with a simple syntax for defining the steps needed to create the image and run it. Each instruction in a Dockerfile creates a layer in the image. When you change the Dockerfile and rebuild the image, only those layers which have changed are rebuilt. This is part of what makes images so lightweight, small, and fast, when compared to other virtualization technologies.
鏡像是具有創(chuàng)建Docker容器的指令的只讀模板。通常,一個(gè)鏡像基于另一個(gè)鏡像,并進(jìn)行一些額外的定制。例如,你可以構(gòu)建一個(gè)基于ubuntu鏡像的鏡像,在此基礎(chǔ)上定制安裝Apache web服務(wù)器和應(yīng)用程序,以及使應(yīng)用程序運(yùn)行所需的配置。
你可以創(chuàng)建自己的鏡像,也可以只使用其他人創(chuàng)建并在注冊表中發(fā)布的鏡像。要構(gòu)建自己的鏡像,需要?jiǎng)?chuàng)建一個(gè)Dockerfile,并使用簡單的語法定義創(chuàng)建和運(yùn)行鏡像所需的步驟。Dockerfile中的每個(gè)指令都在鏡像中創(chuàng)建一個(gè)層。當(dāng)你更改Dockerfile并重新構(gòu)建鏡像時(shí),只會(huì)重新構(gòu)建已更改的層。與其他虛擬化技術(shù)相比,這是使映像如此輕量級、小型和快速的部分原因。
CONTAINERS
A container is a runnable instance of an image. You can create, start, stop, move, or delete a container using the Docker API or CLI. You can connect a container to one or more networks, attach storage to it, or even create a new image based on its current state.
By default, a container is relatively well isolated from other containers and its host machine. You can control how isolated a container’s network, storage, or other underlying subsystems are from other containers or from the host machine.
A container is defined by its image as well as any configuration options you provide to it when you create or start it. When a container is removed, any changes to its state that are not stored in persistent storage disappear.
Example docker run command
The following command runs an ubuntu container, attaches interactively to your local command-line session, and runs /bin/bash.
$ docker run -i -t ubuntu /bin/bash
When you run this command, the following happens (assuming you are using the default registry configuration):
If you do not have the ubuntu image locally, Docker pulls it from your configured registry, as though you had run docker pull ubuntu manually.
Docker creates a new container, as though you had run a docker container create command manually.
Docker allocates a read-write filesystem to the container, as its final layer. This allows a running container to create or modify files and directories in its local filesystem.
Docker creates a network interface to connect the container to the default network, since you did not specify any networking options. This includes assigning an IP address to the container. By default, containers can connect to external networks using the host machine’s network connection.
Docker starts the container and executes /bin/bash. Because the container is running interactively and attached to your terminal (due to the -i and -t flags), you can provide input using your keyboard while the output is logged to your terminal.
When you type exit to terminate the /bin/bash command, the container stops but is not removed. You can start it again or remove it.
容器是鏡像的可運(yùn)行實(shí)例。你可以使用Docker API或CLI創(chuàng)建、啟動(dòng)、停止、移動(dòng)或刪除容器。你可以將容器連接到一個(gè)或多個(gè)網(wǎng)絡(luò),將存儲附加到它,甚至可以根據(jù)其當(dāng)前狀態(tài)創(chuàng)建新的鏡像。
默認(rèn)情況下,容器與其他容器及其主機(jī)相對獨(dú)立。你可以控制容器的網(wǎng)絡(luò)、存儲或其他底層子系統(tǒng)與其他容器或主機(jī)的隔離程度。
容器是由它的鏡像以及在創(chuàng)建或啟動(dòng)它時(shí)提供給它的任何配置選項(xiàng)定義的。當(dāng)一個(gè)容器被刪除時(shí),對其狀態(tài)的任何更改都不會(huì)被存儲在持久性存儲中。
演示docker命令:
下面的命令運(yùn)行ubuntu容器,交互地連接到本地命令行會(huì)話,然后運(yùn)行/bin/bash
$ docker run -i -t ubuntu /bin/bash
當(dāng)你運(yùn)行此命令時(shí),會(huì)發(fā)生以下情況(假設(shè)你正在使用默認(rèn)的注冊表配置)
如果你沒有本地的ubuntu鏡像,Docker會(huì)從你配置的注冊表中提取它,就像你已經(jīng)手動(dòng)運(yùn)行Docker一樣。
Docker創(chuàng)建一個(gè)新的容器,就好像你已經(jīng)手動(dòng)運(yùn)行了Docker容器創(chuàng)建命令一樣。
Docker將一個(gè)讀寫文件系統(tǒng)分配給容器,作為它的最后一層。這允許運(yùn)行的容器在其本地文件系統(tǒng)中創(chuàng)建或修改文件和目錄。
Docker創(chuàng)建一個(gè)網(wǎng)絡(luò)接口,將容器連接到默認(rèn)網(wǎng)絡(luò),因?yàn)槟銢]有指定任何網(wǎng)絡(luò)選項(xiàng)。這包括為容器分配IP地址。默認(rèn)情況下,容器可以使用主機(jī)的網(wǎng)絡(luò)連接連接到外部網(wǎng)絡(luò)。
Docker啟動(dòng)容器并執(zhí)行/bin/bash開啟容器內(nèi)的終端。
輸入exit以終止/bin/bash命令,容器停止,但未被刪除。您可以重新啟動(dòng)或刪除它。
服務(wù)SERVICESServices allow you to scale containers across multiple Docker daemons, which all work together as a swarm with multiple managers and workers. Each member of a swarm is a Docker daemon, and the daemons all communicate using the Docker API. A service allows you to define the desired state, such as the number of replicas of the service that must be available at any given time. By default, the service is load-balanced across all worker nodes. To the consumer, the Docker service appears to be a single application. Docker Engine supports swarm mode in Docker 1.12 and higher.
服務(wù)允許你跨多個(gè)Docker守護(hù)進(jìn)程擴(kuò)展容器,這些守護(hù)進(jìn)程都作為一個(gè)集群與多個(gè)管理人員和工作人員一起工作。群集的每個(gè)成員都是Docker守護(hù)進(jìn)程,守護(hù)進(jìn)程都使用Docker API進(jìn)行通信。服務(wù)允許你定義所需的狀態(tài),例如在任何給定時(shí)間必須可用的服務(wù)的副本數(shù)量。默認(rèn)情況下,服務(wù)是跨所有worker節(jié)點(diǎn)的負(fù)載均衡。對于使用者來說,Docker服務(wù)似乎是一個(gè)多帶帶的應(yīng)用程序。Docker 1.12和更高的版本支持集群模式。
參考文章http://www.uml.org.cn/pzgl/20...
https://www.cnblogs.com/sammy...
https://docs.docker.com/engin...
文章版權(quán)歸作者所有,未經(jīng)允許請勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除。
轉(zhuǎn)載請注明本文地址:http://m.specialneedsforspecialkids.com/yun/27400.html
摘要:查看,則可以看到成功了一個(gè)執(zhí)行命令則可以查看鏡像的層級執(zhí)行命令鏡像標(biāo)簽名則可以生成一個(gè)運(yùn)行程序。 Docker容器 概述 1、之前項(xiàng)目的部署方式的缺點(diǎn) 通過物理機(jī)方式部署,如圖所示 showImg(https://segmentfault.com/img/bVbfn8z?w=1366&h=668); 部署非常慢 成本非常高 資源浪費(fèi) 難于遷移和擴(kuò)展 可能會(huì)被限定硬件廠商 2、虛擬化...
閱讀 3114·2023-04-26 01:58
閱讀 958·2021-11-24 09:38
閱讀 3291·2021-09-03 10:29
閱讀 721·2021-08-21 14:10
閱讀 1494·2019-08-30 15:44
閱讀 3094·2019-08-30 14:10
閱讀 3218·2019-08-29 16:32
閱讀 1484·2019-08-29 12:48