Shulou(Shulou.com)05/31 Report--

This article introduces the relevant knowledge of "what is the principle of Docker". In the operation process of actual cases, many people will encounter such difficulties. Next, let Xiaobian lead you to learn how to deal with these situations! I hope you can read carefully and learn something!

Docker is an open source application container engine that allows developers to package their applications and dependencies into a portable container and then publish them to any popular Linux machine, which can also be virtualized.

A complete Docker consists of the following parts:

dockerClient

Docker Daemon

Docker Image

DockerContainer

origin

Docker is an LXC-based advanced container engine open sourced by PaaS provider dotCloud. The source code is hosted on Github, based on the go language and open sourced under the Apache 2.0 protocol.

Docker has been hot since 2013, whether it's code activity on github, Redhat's integration of Docker support in RHEL 6.5, or even Google's Compute Engine.

The commercial success of open source software depends largely on three things-a successful user case, a vibrant community, and a good story. dotCloud's own PaaS product is built on docker, long-term maintenance and a large number of users, the community is also very active, let's take a look at docker's story.

Environmental management complexity-from OS to middleware to apps, there are too many things a product needs to care about to succeed as a developer, and it is difficult to manage, a problem that almost all modern IT-related industries need to face.

The advent of cloud computing-the success of AWS, which led developers to move applications to the cloud, solved the problem of hardware management, but the problems related to middleware still exist (so openstack HEAT and AWS cloudformation are working to solve this problem). Developer thinking changes offer possibilities.

Changes in virtualization-standard hardware to reduce costs in the cloud era, virtualization to meet on-demand user needs and availability and isolation. However, both KVM and Xen are wasting resources in docker's view, because users need an efficient runtime environment rather than an OS, GuestOS is both wasteful and difficult to manage, and the lighter LXC is more flexible and fast.

Mobility of LXC- LXC already exists in the kernel of Linux 2.6, but it was not designed for cloud computing at the beginning, lacking standardized description means and container portability, which determines that the environment it builds is difficult to migrate and standardize management (relative to image and snapshot concepts such as KVM). Docker has made substantial innovations on this issue. This is what makes docker unique.

principle

Docker core solves the problem of using LXC to implement VM-like functions, thus providing users with more computing resources with more economical hardware resources. Unlike VM, LXC is not a hardware virtualization approach-it cannot be attributed to any of full virtualization, partial virtualization, or paravirtualization-but rather an operating system level virtualization approach that may not be as intuitive to understand as VM. So let's start with virtualization to the problem docker has to solve and see how it meets the virtualization needs of users.

Users need to consider virtualization methods, especially hardware virtualization methods, which need to solve the following four problems:

Isolation-Each user instance is isolated from each other and does not affect each other. Hardware virtualization methods give VM, LXC gives container, and more specifically kernel namespace.

Quotas/Measurable-Each user instance can provide its compute resources on demand, and the resources used can be metered. Hardware virtualization method Because CPU is virtualized, memory can be easily realized, while LXC mainly uses cgroups to control resources.

Mobility-Instances of users can be easily copied, moved, and rebuilt. Hardware virtualization methods provide snapshot and image to implement, docker(mainly) using AUFS implementation

Security-This topic is relatively large, and the emphasis here is on protecting the container as much as possible from the perspective of the host. Hardware virtualization method Because the level of virtualization is relatively high, user processes are translated and run in KVM and other virtual machine containers, however, for LXC, user processes are child processes of lxc-start processes, only isolated in the kernel namespace, so some kernel patches are needed to ensure that the user's operating environment will not be maliciously invaded from the host, dotcloud(mainly) using kernel grsec patch solution.

"Docker principle is what" content introduced here, thank you for reading. If you want to know more about industry-related knowledge, you can pay attention to the website. Xiaobian will output more high-quality practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.