I. Docker version selection
Docker did not distinguish between versions before, but it launched (renamed docker) a new project Moby, GitHub in early 2017. Address: https://github.com/moby/moby , Moby project is a new upstream docker of docker project. Docker will be a sub product of Moby, and later versions will be divided into CE Version (community version) and EE Version (enterprise charging version), Both CE community version and EE enterprise version release a new version every quarter, but the EE version provides post security maintenance for 1 year, while the CE version is 4 months.
When combined with kubernetes, the docker version that has passed the official test of kubernetes should be installed to avoid unknown and unpredictable problems such as incompatibility. The docker version tested by juberbetes can be queried in github, as follows:
https://github.com/kubernetes/kubernetes/blob/master/build/dependencies.yaml
II. Docker installation
Official documents: https://docs.docker.com/engine/install/
2.1 ubuntu installing docker
2.1.1 installing docker dependency
root@ubuntu:~# apt-get -y install apt-transport-https ca-certificates curl software-properties-common
2.1.2 installation of GPG certificate
root@ubuntu:~# curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - OK
2.1.3 write software source information
root@ubuntu:~# add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
2.1.4 find docker CE version
Click to view the coderoot@ubuntu:~# apt-cache madison docker-ce docker-ce | 5:20.10.10~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:20.10.9~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:20.10.8~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:20.10.7~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:20.10.6~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:20.10.5~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:20.10.4~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:20.10.3~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:20.10.2~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:20.10.1~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:20.10.0~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.15~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.14~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.13~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.12~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.11~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.10~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.9~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.8~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.7~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.6~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.5~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.4~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.3~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.2~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.1~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:19.03.0~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:18.09.9~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:18.09.8~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:18.09.7~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:18.09.6~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:18.09.5~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:18.09.4~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:18.09.3~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:18.09.2~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:18.09.1~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 5:18.09.0~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 18.06.3~ce~3-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 18.06.2~ce~3-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 18.06.1~ce~3-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 18.06.0~ce~3-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages docker-ce | 18.03.1~ce~3-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
2.1.5 installing docker CE
Click to view the coderoot@ubuntu:~# apt-get -y install docker-ce=5:19.03.15~3-0~ubuntu-bionic After this operation, 391 MB of additional disk space will be used. Get:1 http://mirrors.ucloud.cn/ubuntu bionic/universe amd64 pigz amd64 2.4-1 [57.4 kB] Get:2 http://mirrors.ucloud.cn/ubuntu bionic/universe amd64 aufs-tools amd64 1:4.9+20170918-1ubuntu1 [104 kB] Get:3 http://mirrors.ucloud.cn/ubuntu bionic/universe amd64 cgroupfs-mount all 1.4 [6,320 B] Get:4 http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 containerd.io amd64 1.4.11-1 [23.7 MB] Get:5 http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 docker-ce-cli amd64 5:20.10.10~3-0~ubuntu-bionic [38.8 MB] Get:6 http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 docker-ce amd64 5:19.03.15~3-0~ubuntu-bionic [22.8 MB] Get:7 http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 docker-scan-plugin amd64 0.9.0~ubuntu-bionic [3,518 kB] Selecting previously unselected package pigz. (Reading database ... 77629 files and directories currently installed.) Preparing to unpack .../0-pigz_2.4-1_amd64.deb ... Unpacking pigz (2.4-1) ... Selecting previously unselected package aufs-tools. Preparing to unpack .../1-aufs-tools_1%3a4.9+20170918-1ubuntu1_amd64.deb ... Unpacking aufs-tools (1:4.9+20170918-1ubuntu1) ... Selecting previously unselected package cgroupfs-mount. Preparing to unpack .../2-cgroupfs-mount_1.4_all.deb ... Unpacking cgroupfs-mount (1.4) ... Selecting previously unselected package containerd.io. Preparing to unpack .../3-containerd.io_1.4.11-1_amd64.deb ... Unpacking containerd.io (1.4.11-1) ... Selecting previously unselected package docker-ce-cli. Preparing to unpack .../4-docker-ce-cli_5%3a20.10.10~3-0~ubuntu-bionic_amd64.deb ... Unpacking docker-ce-cli (5:20.10.10~3-0~ubuntu-bionic) ... Selecting previously unselected package docker-ce. Preparing to unpack .../5-docker-ce_5%3a19.03.15~3-0~ubuntu-bionic_amd64.deb ... Unpacking docker-ce (5:19.03.15~3-0~ubuntu-bionic) ... Selecting previously unselected package docker-scan-plugin. Preparing to unpack .../6-docker-scan-plugin_0.9.0~ubuntu-bionic_amd64.deb ... Unpacking docker-scan-plugin (0.9.0~ubuntu-bionic) ... Setting up aufs-tools (1:4.9+20170918-1ubuntu1) ... Setting up containerd.io (1.4.11-1) ... Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service. Setting up docker-scan-plugin (0.9.0~ubuntu-bionic) ... Setting up cgroupfs-mount (1.4) ... Setting up docker-ce-cli (5:20.10.10~3-0~ubuntu-bionic) ... Setting up pigz (2.4-1) ... Setting up docker-ce (5:19.03.15~3-0~ubuntu-bionic) ... Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service. Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket. Processing triggers for libc-bin (2.27-3ubuntu1.4) ... Processing triggers for systemd (237-3ubuntu10.51) ... Processing triggers for man-db (2.8.3-2ubuntu0.1) ... Processing triggers for ureadahead (0.100.0-21) ...
2.1.5 delete docker CE
root@ubuntu:~# apt purge docker-ce root@ubuntu:~# rm -rf /var/lib/docker
III. view docker related information
3.1 viewing docker version
Click to view the coderoot@ubuntu:~# docker version Client: Docker Engine - Community Version: 20.10.10 API version: 1.40 Go version: go1.16.9 Git commit: b485636 Built: Mon Oct 25 07:42:57 2021 OS/Arch: linux/amd64 Context: default Experimental: trueServer: Docker Engine - Community
Engine:
Version: 19.03.15
API version: 1.40 (minimum version 1.12)
Go version: go1.13.15
Git commit: 99e3ed8919
Built: Sat Jan 30 03:15:20 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.11
GitCommit: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc:
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2
docker-init:
Version: 0.18.0
GitCommit: fec3683
3.2 view docker details
Click to view the coderoot@ubuntu:~# docker info Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Build with BuildKit (Docker Inc., v0.6.3-docker) scan: Docker Scan (Docker Inc., v0.9.0)Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.15
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc version: v1.0.2-0-g52b36a2
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-161-generic
Operating System: Ubuntu 18.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 985MiB
Name: ubuntu
ID: SCQL:4CVE:RNUG:KOSE:P3QB:I3WQ:5C5Z:VD6X:ESEQ:6NPV:TARW:KFOM
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: falseWARNING: No swap limit support
3.3 viewing docker network card information
Click to view the coderoot@ubuntu:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1452 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:87:29:22 brd ff:ff:ff:ff:ff:ff
inet 172.16.10.248/24 brd 172.16.10.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe87:2922/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:14:9a:a1:3e brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever3.4 docker storage engine
3.4.1 introduction to docker storage engine
At present, the default storage engine of docker is overlay 2. Different storage engines need corresponding system support. For example, when disk partition is required, d-type file layering function needs to be passed, that is, kernel parameters need to be passed to specify the function when formatting disk.
Storage driver type:
- AUFS (another Union FS) is a Union FS, which is a file level storage driver. The so-called Union FS is to merge directories from different physical locations into the same directory. Simply put, it supports mount ing different directories to the file system under the same virtual file system. This file system can overlay and modify files layer by layer. No matter how many underground layers are read-only, only the top-level file system is writable. When a file needs to be modified, AUFS creates a copy of the file, uses COW to copy the file from the read-only layer to the writable layer for modification, and the results are also saved in the writable layer. In Docker, the lower read-only layer is image and the writable layer is container. It is the preferred storage driver for Docker 18.06 and earlier
- Overlay: a Union FS file system supported by Linux kernel after 3.18.
- Overlay 2: an upgraded version of overlay, which is the storage type recommended by all linux distributions so far.
- devicemapper: it is the recommended storage driver for centos and rhel. Because the previous kernel version does not support overlay 2, but the current newer versions of centos and rhel now support overlay 2, it is recommended to use overlay 2
- ZFS/btrfs: not widely used at present.
- vfs: used to test the environment. It is applicable to the case where the copy on write file system cannot be used. This storage driver has poor performance and is generally not recommended for production.
3.4.2 modifying the docker storage engine
Official documents: https://docs.docker.com/storage/storagedriver/overlayfs-driver/
If the docker data directory is a separate disk partition and is in xfs format, you need to add the parameter - n ftype=1 during formatting, otherwise an error will be reported later when starting the container, and d-type is not supported.
Modifying the storage engine will result in the loss of all containers, so back up before modifying.
root@ubuntu:~# vim /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -s overlay2 -H fd:// --containerd=/run/containerd/containerd.sockroot@ubuntu:~# systemctl daemon-relaod
root@ubuntu:~# systemctl restart docker
IV. docker service process
4.1 viewing host process tree
Click to view the coderoot@ubuntu:~# pstree -p
systemd(1)─┬─ModemManager(1031)─┬─{ModemManager}(1058)
│ └─{ModemManager}(1062)
├─NetworkManager(1018)─┬─{NetworkManager}(1074)
│ └─{NetworkManager}(1077)
├─accounts-daemon(1029)─┬─{accounts-daemon}(1037)
│ └─{accounts-daemon}(1046)
├─agetty(1132)
├─atd(1024)
├─ceph-crash(1025)
├─chronyd(1103)
├─containerd(7510)─┬─containerd-shim(11079)─┬─sh(11106)
│ │ ├─{containerd-shim}(11080)
│ │ ├─{containerd-shim}(11081)
│ │ ├─{containerd-shim}(11082)
│ │ ├─{containerd-shim}(11083)
│ │ ├─{containerd-shim}(11084)
│ │ ├─{containerd-shim}(11085)
│ │ ├─{containerd-shim}(11086)
│ │ └─{containerd-shim}(11087)
│ ├─{containerd}(7514)
│ ├─{containerd}(7515)
│ ├─{containerd}(7516)
│ ├─{containerd}(7517)
│ ├─{containerd}(7529)
│ ├─{containerd}(7530)
│ ├─{containerd}(7546)
│ └─{containerd}(9800)
├─cron(1028)
├─dbus-daemon(988)
├─dockerd(9151)─┬─docker-proxy(11074)─┬─{docker-proxy}(11075)
│ │ ├─{docker-proxy}(11076)
│ │ ├─{docker-proxy}(11077)
│ │ └─{docker-proxy}(11078)
│ ├─{dockerd}(9171)
│ ├─{dockerd}(9172)
│ ├─{dockerd}(9173)
│ ├─{dockerd}(9174)
│ ├─{dockerd}(9180)
│ ├─{dockerd}(9181)
│ ├─{dockerd}(9204)
│ ├─{dockerd}(9682)
│ └─{dockerd}(9696)4.2 viewing containerd process relationships
Four processes related to docker
- dockerd: the server program, which is directly accessed by the client, and its parent process is the systemd daemon of the host.
- Docker proxy: each process docker proxy implements a container that needs network communication, manages the port mapping between the host and the container, and its parent process is dockerd. If the container does not need network, it does not need to be started.
- containerd: called by the docker process to interact with runc.
- Container d-ship: the carrier that actually runs containers. Each container corresponds to a container ship process, and its parent process is container D
root@ubuntu:~# ps -ef | grep containerd root 7510 1 0 13:14 ? 00:00:16 /usr/bin/containerd root 9151 1 0 14:07 ? 00:00:04 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock root 11079 7510 0 16:45 ? 00:00:00 containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/427f20a455226581ee9724fe01872ac1a91b9a2499c500b15c0ec20f9d433ec2 -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runcroot@ubuntu:~# ps -ef | grep docker-proxy
root 11074 9151 0 16:45 ? 00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.17.0.2 -container-port 9000
4.3 container creation and management process
- Dockerd communicates with containerd module through grpc. libcontainerd is responsible for exchanging dockerd with containerd. Dockerd communicates with containerd. Socket file: / var / run / containerd / containerd.socket.
- Containerd is started when dockerd is started, and then containerd starts grpc request listening. Containerd processes grpc requests and takes corresponding actions according to the requests.
- If it is a run,start or exec container, containerd pulls up a container shim and performs corresponding operations.
- After the container ship is pulled up, start/exec/create pulls up the runC process, communicates with containerd through exit, control file, and monitors the process status in the container through parent-child process relationship and sigcld.
- Throughout the container life cycle, container monitors container files and container events through epoll.