Docker deployment of docker

Keywords: Docker

I. Docker version selection

        Docker did not distinguish between versions before, but it launched (renamed docker) a new project Moby, GitHub in early 2017. Address: , Moby project is a new upstream docker of docker project. Docker will be a sub product of Moby, and later versions will be divided into CE Version (community version) and EE Version (enterprise charging version), Both CE community version and EE enterprise version release a new version every quarter, but the EE version provides post security maintenance for 1 year, while the CE version is 4 months.

        When combined with kubernetes, the docker version that has passed the official test of kubernetes should be installed to avoid unknown and unpredictable problems such as incompatibility. The docker version tested by juberbetes can be queried in github, as follows:

II. Docker installation

        Official documents:

2.1 ubuntu installing docker

2.1.1 installing docker dependency

root@ubuntu:~# apt-get -y install apt-transport-https ca-certificates curl software-properties-common

2.1.2 installation of GPG certificate

root@ubuntu:~# curl -fsSL | sudo apt-key add -

2.1.3 write software source information

root@ubuntu:~# add-apt-repository "deb [arch=amd64] $(lsb_release -cs) stable"

2.1.4 find docker CE version

Click to view the code
root@ubuntu:~# apt-cache madison docker-ce
 docker-ce | 5:20.10.10~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:20.10.9~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:20.10.8~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:20.10.7~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:20.10.6~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:20.10.5~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:20.10.4~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:20.10.3~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:20.10.2~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:20.10.1~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:20.10.0~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.15~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.14~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.13~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.12~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.11~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.10~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.9~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.8~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.7~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.6~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.5~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.4~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.3~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.2~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.1~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:19.03.0~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:18.09.9~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:18.09.8~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:18.09.7~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:18.09.6~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:18.09.5~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:18.09.4~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:18.09.3~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:18.09.2~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:18.09.1~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 5:18.09.0~3-0~ubuntu-bionic | bionic/stable amd64 Packages
 docker-ce | 18.06.3~ce~3-0~ubuntu | bionic/stable amd64 Packages
 docker-ce | 18.06.2~ce~3-0~ubuntu | bionic/stable amd64 Packages
 docker-ce | 18.06.1~ce~3-0~ubuntu | bionic/stable amd64 Packages
 docker-ce | 18.06.0~ce~3-0~ubuntu | bionic/stable amd64 Packages
 docker-ce | 18.03.1~ce~3-0~ubuntu | bionic/stable amd64 Packages

2.1.5 installing docker CE

Click to view the code
root@ubuntu:~# apt-get -y install docker-ce=5:19.03.15~3-0~ubuntu-bionic
After this operation, 391 MB of additional disk space will be used.
Get:1 bionic/universe amd64 pigz amd64 2.4-1 [57.4 kB]
Get:2 bionic/universe amd64 aufs-tools amd64 1:4.9+20170918-1ubuntu1 [104 kB]
Get:3 bionic/universe amd64 cgroupfs-mount all 1.4 [6,320 B]
Get:4 bionic/stable amd64 amd64 1.4.11-1 [23.7 MB]
Get:5 bionic/stable amd64 docker-ce-cli amd64 5:20.10.10~3-0~ubuntu-bionic [38.8 MB]
Get:6 bionic/stable amd64 docker-ce amd64 5:19.03.15~3-0~ubuntu-bionic [22.8 MB]                                                                              
Get:7 bionic/stable amd64 docker-scan-plugin amd64 0.9.0~ubuntu-bionic [3,518 kB]   
Selecting previously unselected package pigz.
(Reading database ... 77629 files and directories currently installed.)
Preparing to unpack .../0-pigz_2.4-1_amd64.deb ...
Unpacking pigz (2.4-1) ...
Selecting previously unselected package aufs-tools.
Preparing to unpack .../1-aufs-tools_1%3a4.9+20170918-1ubuntu1_amd64.deb ...
Unpacking aufs-tools (1:4.9+20170918-1ubuntu1) ...
Selecting previously unselected package cgroupfs-mount.
Preparing to unpack .../2-cgroupfs-mount_1.4_all.deb ...
Unpacking cgroupfs-mount (1.4) ...
Selecting previously unselected package
Preparing to unpack .../3-containerd.io_1.4.11-1_amd64.deb ...
Unpacking (1.4.11-1) ...
Selecting previously unselected package docker-ce-cli.
Preparing to unpack .../4-docker-ce-cli_5%3a20.10.10~3-0~ubuntu-bionic_amd64.deb ...
Unpacking docker-ce-cli (5:20.10.10~3-0~ubuntu-bionic) ...
Selecting previously unselected package docker-ce.
Preparing to unpack .../5-docker-ce_5%3a19.03.15~3-0~ubuntu-bionic_amd64.deb ...
Unpacking docker-ce (5:19.03.15~3-0~ubuntu-bionic) ...
Selecting previously unselected package docker-scan-plugin.
Preparing to unpack .../6-docker-scan-plugin_0.9.0~ubuntu-bionic_amd64.deb ...
Unpacking docker-scan-plugin (0.9.0~ubuntu-bionic) ...
Setting up aufs-tools (1:4.9+20170918-1ubuntu1) ...
Setting up (1.4.11-1) ...
Created symlink /etc/systemd/system/ → /lib/systemd/system/containerd.service.
Setting up docker-scan-plugin (0.9.0~ubuntu-bionic) ...
Setting up cgroupfs-mount (1.4) ...
Setting up docker-ce-cli (5:20.10.10~3-0~ubuntu-bionic) ...
Setting up pigz (2.4-1) ...
Setting up docker-ce (5:19.03.15~3-0~ubuntu-bionic) ...
Created symlink /etc/systemd/system/ → /lib/systemd/system/docker.service.
Created symlink /etc/systemd/system/ → /lib/systemd/system/docker.socket.
Processing triggers for libc-bin (2.27-3ubuntu1.4) ...
Processing triggers for systemd (237-3ubuntu10.51) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-21) ...

2.1.5 delete docker CE

root@ubuntu:~# apt purge docker-ce
root@ubuntu:~# rm -rf /var/lib/docker

III. view docker related information

3.1 viewing docker version

Click to view the code
root@ubuntu:~# docker version
Client: Docker Engine - Community
 Version:           20.10.10
 API version:       1.40
 Go version:        go1.16.9
 Git commit:        b485636
 Built:             Mon Oct 25 07:42:57 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
Version: 19.03.15
API version: 1.40 (minimum version 1.12)
Go version: go1.13.15
Git commit: 99e3ed8919
Built: Sat Jan 30 03:15:20 2021
OS/Arch: linux/amd64
Experimental: false
Version: 1.4.11
GitCommit: 5b46e404f6b9f661a205e28d59c982d3634148f8
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2
Version: 0.18.0
GitCommit: fec3683

3.2 view docker details

Click to view the code
root@ubuntu:~# docker info
 Context:    default
 Debug Mode: false
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
  scan: Docker Scan (Docker Inc., v0.9.0)

Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.15
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc version: v1.0.2-0-g52b36a2
init version: fec3683
Security Options:
Profile: default
Kernel Version: 4.15.0-161-generic
Operating System: Ubuntu 18.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 985MiB
Name: ubuntu
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
Live Restore Enabled: false

WARNING: No swap limit support

3.3 viewing docker network card information

Click to view the code
root@ubuntu:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1452 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:87:29:22 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe87:2922/64 scope link 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:14:9a:a1:3e brd ff:ff:ff:ff:ff:ff
    inet brd scope global docker0
       valid_lft forever preferred_lft forever

3.4 docker storage engine

3.4.1 introduction to docker storage engine

At present, the default storage engine of docker is overlay 2. Different storage engines need corresponding system support. For example, when disk partition is required, d-type file layering function needs to be passed, that is, kernel parameters need to be passed to specify the function when formatting disk.

Storage driver type:

  • AUFS (another Union FS) is a Union FS, which is a file level storage driver. The so-called Union FS is to merge directories from different physical locations into the same directory. Simply put, it supports mount ing different directories to the file system under the same virtual file system. This file system can overlay and modify files layer by layer. No matter how many underground layers are read-only, only the top-level file system is writable. When a file needs to be modified, AUFS creates a copy of the file, uses COW to copy the file from the read-only layer to the writable layer for modification, and the results are also saved in the writable layer. In Docker, the lower read-only layer is image and the writable layer is container. It is the preferred storage driver for Docker 18.06 and earlier
  • Overlay: a Union FS file system supported by Linux kernel after 3.18.
  • Overlay 2: an upgraded version of overlay, which is the storage type recommended by all linux distributions so far.
  • devicemapper: it is the recommended storage driver for centos and rhel. Because the previous kernel version does not support overlay 2, but the current newer versions of centos and rhel now support overlay 2, it is recommended to use overlay 2
  • ZFS/btrfs: not widely used at present.
  • vfs: used to test the environment. It is applicable to the case where the copy on write file system cannot be used. This storage driver has poor performance and is generally not recommended for production.

3.4.2 modifying the docker storage engine

Official documents:

If the docker data directory is a separate disk partition and is in xfs format, you need to add the parameter - n ftype=1 during formatting, otherwise an error will be reported later when starting the container, and d-type is not supported.

Modifying the storage engine will result in the loss of all containers, so back up before modifying.

root@ubuntu:~# vim /lib/systemd/system/docker.service 
ExecStart=/usr/bin/dockerd -s overlay2 -H fd:// --containerd=/run/containerd/containerd.sock

root@ubuntu:~# systemctl daemon-relaod
root@ubuntu:~# systemctl restart docker

IV. docker service process

4.1 viewing host process tree

Click to view the code
root@ubuntu:~# pstree -p
           │                    └─{ModemManager}(1062)
           │                      └─{NetworkManager}(1077)
           │                       └─{accounts-daemon}(1046)
           │                  │                        ├─{containerd-shim}(11080)
           │                  │                        ├─{containerd-shim}(11081)
           │                  │                        ├─{containerd-shim}(11082)
           │                  │                        ├─{containerd-shim}(11083)
           │                  │                        ├─{containerd-shim}(11084)
           │                  │                        ├─{containerd-shim}(11085)
           │                  │                        ├─{containerd-shim}(11086)
           │                  │                        └─{containerd-shim}(11087)
           │                  ├─{containerd}(7514)
           │                  ├─{containerd}(7515)
           │                  ├─{containerd}(7516)
           │                  ├─{containerd}(7517)
           │                  ├─{containerd}(7529)
           │                  ├─{containerd}(7530)
           │                  ├─{containerd}(7546)
           │                  └─{containerd}(9800)
           │               │                     ├─{docker-proxy}(11076)
           │               │                     ├─{docker-proxy}(11077)
           │               │                     └─{docker-proxy}(11078)
           │               ├─{dockerd}(9171)
           │               ├─{dockerd}(9172)
           │               ├─{dockerd}(9173)
           │               ├─{dockerd}(9174)
           │               ├─{dockerd}(9180)
           │               ├─{dockerd}(9181)
           │               ├─{dockerd}(9204)
           │               ├─{dockerd}(9682)
           │               └─{dockerd}(9696)

4.2 viewing containerd process relationships

Four processes related to docker

  • dockerd: the server program, which is directly accessed by the client, and its parent process is the systemd daemon of the host.
  • Docker proxy: each process docker proxy implements a container that needs network communication, manages the port mapping between the host and the container, and its parent process is dockerd. If the container does not need network, it does not need to be started.
  • containerd: called by the docker process to interact with runc.
  • Container d-ship: the carrier that actually runs containers. Each container corresponds to a container ship process, and its parent process is container D
Click to view the code
root@ubuntu:~# ps -ef | grep containerd
root      7510     1  0 13:14 ?        00:00:16 /usr/bin/containerd
root      9151     1  0 14:07 ?        00:00:04 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root     11079  7510  0 16:45 ?        00:00:00 containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/427f20a455226581ee9724fe01872ac1a91b9a2499c500b15c0ec20f9d433ec2 -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc

root@ubuntu:~# ps -ef | grep docker-proxy
root 11074 9151 0 16:45 ? 00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip -host-port 80 -container-ip -container-port 9000

4.3 container creation and management process

  1. Dockerd communicates with containerd module through grpc. libcontainerd is responsible for exchanging dockerd with containerd. Dockerd communicates with containerd. Socket file: / var / run / containerd / containerd.socket.
  2. Containerd is started when dockerd is started, and then containerd starts grpc request listening. Containerd processes grpc requests and takes corresponding actions according to the requests.
  3. If it is a run,start or exec container, containerd pulls up a container shim and performs corresponding operations.
  4. After the container ship is pulled up, start/exec/create pulls up the runC process, communicates with containerd through exit, control file, and monitors the process status in the container through parent-child process relationship and sigcld.
  5. Throughout the container life cycle, container monitors container files and container events through epoll.

Posted by webdzine on Thu, 04 Nov 2021 21:45:34 -0700