1, Background of container technology
In the case of linux, the linux operating system has a main process with pid=1, which derives other processes to control different services. For example, PID = 2 -- > Python PID = 3 – > java pid4 – > PHP, the three services may affect each other
Users expect these three different services to run in different runtime environments without affecting each other, and will not increase the server cost.
It extends whether these three services can be encapsulated separately - "KVM virtualization technology", which realizes that one operating system simulates multiple operating systems / different runtime environments.
With the development of technology, virtualization technology costs a lot (for example, as long as you run a python script, you need to install an operating system if you want to use virtualization, which is inconvenient / reasonable)
Extended container technology;
The abstraction layer (user layer) of the virtualization layer is stripped and replaced with docker engine (removed from the guest operating system). As long as the engine can be directly connected to the host operating system, the overhead is greatly reduced.
The docker engine requires a kernel version (at least 3.8 +)
docker requires the resource management function of cgroups (resource management module in Linux kernel state)
2, Introduction to docker Foundation
1.docker overview
Dcoker is a lightweight virtualization solution based on container technology. docker is a container engine that perfectly encapsulates the underlying container technologies such as cgroup and namespaces of linux, and abstracts it to provide users with convenient interfaces (command line Cli, api, etc.) for creating and managing containers
2. Advantages of. Docker
(1) The docker engine unifies the infrastructure environment: the docker environment ------ "image ------ > encapsulates a simple operating system (3.0+G)
(2) Docker engine unifies the packaging application (packing / packaging - similar to container): docker images
(3) Docker engine unifies the runtime environment: docker container - based on image - run as container (runnable environment)
It realizes one-time construction, multiple times and multiple uses
3. Usage scenario of docker
Process: War jar ------ > igithub gitlab private warehouse (code warehouse) -- -- > Jenkins (test)
(application encapsulation / image building) I. operation and maintenance uses image download and container technology for operation / release
Can achieve:
(1) Packaged application simple deployment
(2) It can be migrated arbitrarily away from the underlying hardware (realizing the isolation of applications, splitting and decoupling applications), for example, the server can be migrated from Tencent cloud to Alibaba cloud
(3) Continuous integration and continuous delivery (CI/CD): development to test release
(4) Deploy microservices
(5) The virtual machine providing PAAS products (platform as a service) {OpenStack is similar to Alibaba cloud ECS and belongs to IAAS; Docker (K8S) belongs to PAAS
4. The difference between docker and virtualization
3, docker architecture
Docker uses a client server architecture. Docker client and docker
The daemon talks, and the daemon completes the heavy work of building, running and distributing Docker containers.
Docker is different from traditional virtualization. It does not need virtual hardware resources and directly uses the container engine, so it is fast
Docker Client: client / provides a platform for interacting with users and displaying + a tool for managing and controlling docker server (function)
Docker client (docker) is the main way for many docker users to interact with docker. When you use commands such as docker run, the client will send these commands to dockerd to execute these commands. The docker command uses Docker APT. Docker clients can communicate with multiple daemons.
Docker daemon: daemon
The Docker daemon (dockerd)) listens to Docker API requests and manages Docker objects, such as images, containers, networks, and volumes. Daemons can also communicate with other daemons to manage pocker services.
Docker images: image
The place where the image is stored is found on the public Docker Hub by default, and can be used as a personal warehouse
Containers can be packaged as images
Docker container: container
Docker registry: image warehouse
The place where the image is stored is found on the public Docker Hub by default, and can be used as a personal warehouse
4, docker engine
Docker Engine is a C/S client server application with the following main components:
Server side: the server is a long-running program called daemon process (dockerd command)
CLIENT side: REST API, which specifies the interface that the program can use to communicate with the daemon and indicate its operation
Pass in commands through the client, such as the following:
docker run: run
docker start: Enable
docker rm: delete
Interact with sever end to control the server end to operate according to the command
5, docker three components
1. Mirror image
Formwork; A set of group resources, including application software packages, application related dependent packages, and the basic environment required to run applications (generally refers to the operating system environment), which can be understood as the template of the container
2. Docker container
A runtime state based on mirroring
3. Dock reqistry
Store image image template; Warehouse classification: 1. docker hub of public warehouse, 2. Private warehouse registry harbor
6, Underlying principle
cgroup and namespaces constitute the underlying principle of docker
1. Namespace
The container perfectly implements six name space isolation (namespace resource isolation - encapsulated with containerization Technology)
Mount: file system, mount point
User: the user and user group of the operation process
pid: process number
uts: host name and host domain
ipc: semaphore, message queue, shared memory (understand that different applications should use different memory space when calling)
net: network equipment, network protocol stack, port, etc
2. Control group
Docker engine on Linux also relies on another called control group
(cgroups). cgroup restricts applications to a specific set of resources. The control group allows dockers
The Engine shares the available hardware resources to the container and selectively implements restrictions and constraints. For example, you can limit the memory available for a particular container.
7, docker20 version deployment
1. Environment configuration
[root@localhost ~]# hostnamectl set-hostname docker [root@localhost ~]# su [root@docker ~]# systemctl stop firewalld [root@docker ~]# systemctl disable firewalld.service Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@docker ~]# setenforce 0
2. Install dependent packages
[root@docker ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
3. Set alicloud image
[root@docker ~]# cd /etc/yum.repos.d/ [root@docker yum.repos.d]# ls CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo [root@docker yum.repos.d]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo Plug in loaded: fastestmirror, langpacks adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo grabbing file https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo repo saved to /etc/yum.repos.d/docker-ce.repo [root@docker yum.repos.d]#
4. Install docker CE Community Edition
[root@docker yum.repos.d]# yum install -y docker-ce
5. Set image acceleration
[root@docker yum.repos.d]# mkdir -p /etc/docker
[root@docker yum.repos.d]# tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://3zj1eww1.mirror.aliyuncs.com"]
> }
> EOF
{
"registry-mirrors": ["https://3zj1eww1.mirror.aliyuncs.com"]
}
[root@docker yum.repos.d]# systemctl daemon-reload
[root@docker yum.repos.d]# systemctl restart docker
[root@docker yum.repos.d]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://3zj1eww1.mirror.aliyuncs.com"]
}
[root@docker yum.repos.d]#
6. Network optimization
[root@docker yum.repos.d]# vim /etc/sysctl.conf net.ipv4.ip_forward=1 [root@docker yum.repos.d]# sysctl -p net.ipv4.ip_forward = 1 [root@docker yum.repos.d]# systemctl restart network
7. Start, basic general command
(1) Restart docker
[root@docker yum.repos.d]# systemctl restart docker
(2) View docker version
[root@docker yum.repos.d]# docker -v Docker version 20.10.8, build 3967b7d
(3) View mirror
[root@docker yum.repos.d]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE [root@docker yum.repos.d]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE [root@docker yum.repos.d]#
(4) View container
[root@docker yum.repos.d]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@docker yum.repos.d]# docker ps -aq
(5) View docker system level information
It is used to display the system level information of docker, such as kernel, number of images, number of containers, etc
[root@docker yum.repos.d]# docker info Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Build with BuildKit (Docker Inc., v0.6.1-docker) scan: Docker Scan (Docker Inc., v0.8.0) Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 20.10.8 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: e25210fe30a0a703442421b0f60afac609f950a3 runc version: v1.0.1-0-g4144b63 init version: de40ad0 Security Options: seccomp Profile: default Kernel Version: 3.10.0-957.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 1.777GiB Name: docker ID: 32SA:LEYD:GEQO:NLQH:VOXC:KMPD:DEJS:TRXP:XPCE:PY2V:AFIU:5B2Y Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://3zj1eww1.mirror.aliyuncs.com/ Live Restore Enabled: false WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled