Docker学习笔记01-概述

Docker是什么

Docker是一个开源的应用容器引擎，让开发者能够打包他们的应用以及依赖包到一个可移植的容器中，而后发布到任何流行的Linux机器上，也能够实现虚拟化。容器是彻底使用沙箱机制，相互之间不会有任何接口。

上面的描述引用自百度百科，简单的来讲Docker就是容器引擎，很是轻量，使用Docker能够新建不少容器，且容器之间是彻底隔离互不干扰的，咱们能够把咱们的应用打包成一个镜像来实例化容器来运行应用

传统部署方式的问题

• 运维工做量大：当咱们要部署应用的时候，首先须要不少台服务器，例如要在web服务器上部署Apache、Nginx等应用，要在应用服务器上部署多个Tomcat、Jetty、Undertow等中间件，在数据库服务器上部署Mysql、Redis等应用，以及还要部署各类Zookeeper、RabbitMQ等等应用，那运维就须要在这些服务器上安装配置应用所须要的环境，并进行一系列的调试、检查服务器之间的网络链接等工做，这是很是麻烦且巨大的工做量
• 服务的扩展伸缩麻烦：并且随着业务量的增大，须要增长服务器来作集群，运维对于新增的服务器又须要进行配置与网络调试，增长了重复的工做量，而当一些业务减小乃至废弃后又会致使服务器闲置形成没必要要的损失
• 服务的相互影响：当咱们在同一台服务器上部署多个应用时，有时可能由于一些应用的出错致使CPU、内存占用太高，或是存在过多的日志打印占用了过多的磁盘空间致使磁盘紧张等一系列未知缘由致使服务器崩了，从而影响到这台服务器上部署的全部应用

Docker部署方式的好处

• 减轻运维工做量：Docker使用镜像来建立容器，镜像就像是类，而一个容器就是类的一个具体实例化对象。所以建立容器只须要在Docker仓库下载指定应用的镜像，在这基础上作属于本身的定制
• 服务的弹性伸缩：Docker只须要新增服务器后建立容器就能实现快速扩展
• 服务相互不受影响：Docker容器使用沙箱机制，彻底隔离，每一个容器有分配的硬件资源，一个容器挂了不会影响到其余容器，即便整个服务器挂了也能够经过部署高可用的Docker集群来解决

Docker的分层结构

Docker容器在本质上是宿主机上的一个进程，经过Bootfs和Rootfs加载系统内核与标准目录，LXC技术来实现进程与资源的隔离，AUFS文件系统来分层并把不一样物理位置的目录合并到同一个目录中，使得每一个容器感受就像一个独立的操做系统

LXC为Linux Container的简写，一种内核虚拟化技术，能够提供轻量级的虚拟化，以便隔离进程和资源。且与宿主机使用同一个内核，性能损耗小
Bootfs为Boot File System的简写，包含Boot loader和Kernel（内核），Bootloader主要引导加载Kernel, 整个内核加载进内存后，Bootfs会被卸载掉从而释放出所占用的内存
Rootfs为Root File System的简写，包含典型的目录结构，包括/dev、/proc、/bin、/etc等标准目录和文件

对于不一样的Linux发行版, Bootfs基本是一致的, 但Rootfs会有差异, 所以不一样的发行版能够公用Bootfs

镜像的最底层是一个Base Image，提供了一个基本的操做系统环境，一般为Linux发行版（即以Linux为内核的系统）的镜像，例如：Centos、Ubuntu等
能够在Base Image的基础上添加各类应用，例如Emacs编辑器、Apache服务器，上层的Image的父引用是下层的Image即依赖于下层的Image，镜像层都是只读的，最上层是容器层，是可写的

Docker的架构

Docker architecture

Docker uses a client-server architecture. The Docker client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers. The Docker client and daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon. The Docker client and daemon communicate using a REST API, over UNIX sockets or a network interface.

Docker使用客户端-服务器架构。Docker客户端与Docker守护进程进行对话，该守护进程负责构建、运行和分发Docker容器。Docker客户端和守护进程能够在同一个系统上运行，也能够将Docker客户端链接到远程Docker守护进程。Docker客户端和守护进程经过UNIX套接字或网络接口使用REST API进行通讯。

Docker守护进程

The Docker daemon

The Docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. A daemon can also communicate with other daemons to manage Docker services.

Docker守护进程(dockerd)监听Docker API请求，并管理Docker对象，如镜像、容器、网络和卷。守护进程还能够与其余守护进程通讯，以管理Docker服务。

Docker客户端

The Docker client

The Docker client (docker) is the primary way that many Docker users interact with Docker. When you use commands such as docker run, the client sends these commands to dockerd, which carries them out. The docker command uses the Docker API. The Docker client can communicate with more than one daemon.

Docker客户端(Docker)是许多Docker用户与Docker交互的主要方式。当你使用诸如docker run之类的命令时，客户端将这些命令发送给dockerd, dockerd执行这些命令。docker命令使用docker API。Docker客户端能够与多个守护进程通讯。

Docker注册表

Docker registries

A Docker registry stores Docker images. Docker Hub and Docker Cloud are public registries that anyone can use, and Docker is configured to look for images on Docker Hub by default. You can even run your own private registry. If you use Docker Datacenter (DDC), it includes Docker Trusted Registry (DTR).

When you use the docker pull or docker run commands, the required images are pulled from your configured registry. When you use the docker push command, your image is pushed to your configured registry.

Docker store allows you to buy and sell Docker images or distribute them for free. For instance, you can buy a Docker image containing an application or service from a software vendor and use the image to deploy the application into your testing, staging, and production environments. You can upgrade the application by pulling the new version of the image and redeploying the containers.

Docker注册表存储Docker镜像。Docker Hub和Docker Cloud是任何人均可以使用的公共注册中心，Docker默认配置在Docker Hub上查找镜像。你甚至能够运行本身的私有注册表。若是你使用Docker Datacenter (DDC)，它包括Docker可信注册表(DTR)。
当你使用docker pull或docker run命令时，所需的镜像将从配置的注册表中拉取。当你使用docker push命令时，你的镜像将被推到配置的注册表中。
Docker商店容许你购买和出售Docker镜像或免费分发。例如，你能够从软件供应商购买包含应用程序或服务的Docker镜像，并使用该映像将应用程序部署到你的测试、演示和生产环境中。你能够经过提取镜像的新版本并从新部署容器来升级应用程序。

Docker对象

Docker objects

When you use Docker, you are creating and using images, containers, networks, volumes, plugins, and other objects. This section is a brief overview of some of those objects.

当你使用Docker时，你正在建立和使用镜像、容器、网络、卷、插件和其余对象。本节简要概述其中的一些对象。

镜像

IMAGES

An image is a read-only template with instructions for creating a Docker container. Often, an image is based on another image, with some additional customization. For example, you may build an image which is based on the ubuntu image, but installs the Apache web server and your application, as well as the configuration details needed to make your application run.

You might create your own images or you might only use those created by others and published in a registry. To build your own image, you create a Dockerfile with a simple syntax for defining the steps needed to create the image and run it. Each instruction in a Dockerfile creates a layer in the image. When you change the Dockerfile and rebuild the image, only those layers which have changed are rebuilt. This is part of what makes images so lightweight, small, and fast, when compared to other virtualization technologies.

镜像是具备建立Docker容器的指令的只读模板。一般，一个镜像基于另外一个镜像，并进行一些额外的定制。例如，你能够构建一个基于ubuntu镜像的镜像，在此基础上定制安装Apache web服务器和应用程序，以及使应用程序运行所需的配置。
你能够建立本身的镜像，也能够只使用其余人建立并在注册表中发布的镜像。要构建本身的镜像，须要建立一个Dockerfile，并使用简单的语法定义建立和运行镜像所需的步骤。Dockerfile中的每一个指令都在镜像中建立一个层。当你更改Dockerfile并从新构建镜像时，只会从新构建已更改的层。与其余虚拟化技术相比，这是使映像如此轻量级、小型和快速的部分缘由。

容器

CONTAINERS

A container is a runnable instance of an image. You can create, start, stop, move, or delete a container using the Docker API or CLI. You can connect a container to one or more networks, attach storage to it, or even create a new image based on its current state.

By default, a container is relatively well isolated from other containers and its host machine. You can control how isolated a container’s network, storage, or other underlying subsystems are from other containers or from the host machine.

A container is defined by its image as well as any configuration options you provide to it when you create or start it. When a container is removed, any changes to its state that are not stored in persistent storage disappear.

Example docker run command

The following command runs an ubuntu container, attaches interactively to your local command-line session, and runs /bin/bash.

$ docker run -i -t ubuntu /bin/bash

When you run this command, the following happens (assuming you are using the default registry configuration):

1. If you do not have the ubuntu image locally, Docker pulls it from your configured registry, as though you had run docker pull ubuntu manually.
2. Docker creates a new container, as though you had run a docker container create command manually.
3. Docker allocates a read-write filesystem to the container, as its final layer. This allows a running container to create or modify files and directories in its local filesystem.
4. Docker creates a network interface to connect the container to the default network, since you did not specify any networking options. This includes assigning an IP address to the container. By default, containers can connect to external networks using the host machine’s network connection.
5. Docker starts the container and executes /bin/bash. Because the container is running interactively and attached to your terminal (due to the -i and -t flags), you can provide input using your keyboard while the output is logged to your terminal.
6. When you type exit to terminate the /bin/bash command, the container stops but is not removed. You can start it again or remove it.

容器是镜像的可运行实例。你可使用Docker API或CLI建立、启动、中止、移动或删除容器。你能够将容器链接到一个或多个网络，将存储附加到它，甚至能够根据其当前状态建立新的镜像。
默认状况下，容器与其余容器及其主机相对独立。你能够控制容器的网络、存储或其余底层子系统与其余容器或主机的隔离程度。
容器是由它的镜像以及在建立或启动它时提供给它的任何配置选项定义的。当一个容器被删除时，对其状态的任何更改都不会被存储在持久性存储中。

演示docker命令：
下面的命令运行ubuntu容器，交互地链接到本地命令行会话，而后运行/bin/bash
$ docker run -i -t ubuntu /bin/bash
当你运行此命令时，会发生如下状况(假设你正在使用默认的注册表配置)

1. 若是你没有本地的ubuntu镜像，Docker会从你配置的注册表中提取它，就像你已经手动运行Docker同样。
2. Docker建立一个新的容器，就好像你已经手动运行了Docker容器建立命令同样。
3. Docker将一个读写文件系统分配给容器，做为它的最后一层。这容许运行的容器在其本地文件系统中建立或修改文件和目录。
4. Docker建立一个网络接口，将容器链接到默认网络，由于你没有指定任何网络选项。这包括为容器分配IP地址。默认状况下，容器可使用主机的网络链接链接到外部网络。
5. Docker启动容器并执行/bin/bash开启容器内的终端。
6. 输入exit以终止/bin/bash命令，容器中止，但未被删除。您能够从新启动或删除它。

服务

SERVICES

Services allow you to scale containers across multiple Docker daemons, which all work together as a swarm with multiple managers and workers. Each member of a swarm is a Docker daemon, and the daemons all communicate using the Docker API. A service allows you to define the desired state, such as the number of replicas of the service that must be available at any given time. By default, the service is load-balanced across all worker nodes. To the consumer, the Docker service appears to be a single application. Docker Engine supports swarm mode in Docker 1.12 and higher.

服务容许你跨多个Docker守护进程扩展容器，这些守护进程都做为一个集群与多个管理人员和工做人员一块儿工做。群集的每一个成员都是Docker守护进程，守护进程都使用Docker API进行通讯。服务容许你定义所需的状态，例如在任何给定时间必须可用的服务的副本数量。默认状况下，服务是跨全部worker节点的负载均衡。对于使用者来讲，Docker服务彷佛是一个单独的应用程序。Docker 1.12和更高的版本支持集群模式。

参考文章

http://www.uml.org.cn/pzgl/20...
https://www.cnblogs.com/sammy...
https://docs.docker.com/engin...