Shulou(Shulou.com)06/02 Report--

Docker Brief

Docker is an OS virtualization technology and an open source application container engine. It allows developers to package applications into a portable container that can run on almost any linux system (windows 10 is currently natively supported, and windows 10 requires a built-in virtual machine), which is called "once packaged, run everywhere."

Docker containers operate as a complete sandbox mechanism, and there is no correlation between them (unless they are clustered in series). Network, storage, processes and other resources are not only isolated from each other for different containers, but also directly isolated from hosts and containers, unless you manually map exposed ports or mount storage volumes.

Many people don't understand the difference between Docker and virtual machines.

From these two structure diagrams, Docker has one layer less virtual machine operating system than virtual machines, and Docker applications run directly on Docker engines. Because virtual machines require a layer of operating system, it will lead to a very large virtual machine volume, usually between a few G to a dozen G. And usually a virtual machine, more than one application, so for the overall virtual cluster management is not very friendly, more difficult to achieve flexible allocation.

The size of a Docker image is about tens of M to hundreds of M. Generally, an image only packages one application, which consists of multiple images to form a complete project. Moreover, the image is easy to copy and can run across platforms, which can make the deployment management of the project more flexible. So Docker is above virtual machines in terms of resource consumption, management, and usage, so why not use such containerization technology?

The learning of containerization technology can be said to be as deep as the sea. From basic mirroring and container operations, to packaging and deployment of mirrors, to enterprise production-level container cluster management technology (Docker official Swarm, Google Kubernetes), there are so many content that not all technicians can learn in one day. However, other than the difficulty of production-level cluster management technology, the other content is actually very simple from the perspective of learning and using. Moreover, things like K8s are rarely accessible to ordinary developers.

Speaking of which, there may still be many people who think this is a company-level, operation-level operation, not very understanding Docker for ordinary development, what does it mean, what benefits do we have?

Multi-office environment, one-click deployment. If you have a development environment in the company and a development environment at home, when your company's development environment changes, the environment at home will change. If you use Docker, package some dependent applications, such as Redis, ZK, Mysql and other edge services in Docker. No matter where you change the content, as long as you update the mirror at runtime, you can implement the latest content without a manual installation and adaptation. Testing without relying on others. When the backend completes the external interface, package the backend application into docker, so that no matter the frontend, test, anywhere, you can start the container for joint debugging test, without manually building the backend environment step by step.

Here is a step-by-step explanation of the Docker knowledge required for ordinary development.

Concept Introduction

To learn Docker, you must first understand the following basic concepts:

Host, the physical machine where Docker runs, is the system environment where Docker runs. Image is equivalent to a program template, through which many similar containers can be generated. It can be understood as a class in Java, which does not have the ability to execute itself, and is an abstract template of an object. Each image can have multiple versions, distinguished by tags. Mirrors can be constructed using Dockerfiles. Container, Container, Docker The smallest unit object to run on. It is a runnable object instantiated by mirroring. Changes to a container can be committed to react to the mirror, updating the template for that container. Repository, a repository for storing and managing images, similar to the repository for git management code, which can manage multiple versions of images.

The relationship between mirror, container and repository is as follows:

In a word, pull the mirror from the repository and use the mirror to generate containers.

basic operation

After understanding the basic concepts of Docker, let's start to learn the following basic operations. Omit all Docker installation process here, go to the official website to download it yourself, basically a fool installation.

pull images from the nearest region

The docker pull ${image_uri}:${image_tag} command pulls the desired image from a remote repository (Docker Hub by default).

You can search for images and versions you need on Docker Hub. Ubuntu, for example, offers several versions.

Let's pull up the ubuntu image for version 16.04. Then check the local image saved by docker images command and find that there is one more ubuntu image.

Container creation, start, stop, login

Once you have an image, you can create and launch a container with docker run -it ${image_id}.

image_id is the id of the image, which can be viewed through docker images, or the image name (REPOSITORY:TAG).

-it allows you to connect to the container terminal after startup. After connecting to the terminal, you can freely manipulate the contents of the container inside.

After exiting the container, the container automatically stops. But the container still exists, just "shut down." (You can log out of the container by ctrl+p,ctrl+q without closing the container)

Docker ps -a shows that our container has been Exited.

With docker start ${container_id}, we start the container again. By docker ps(plus-a to include unstarted containers), you can see that the container's status is UP.

Similarly, we can stop the container by docker stop ${container_id},

When using docker start command, if you do not add-a parameter, the container will not be connected by default. However, we can log in to the container by docker attach ${container_id} after start.

Through the above basic operations, you can basically use docker as a virtual machine to use. If you want to connect the network and storage of containers and virtual machines, you can search online to learn about container settings such as network and volume mount.

update image

In the example above, we pulled down just an original image of ubuntu, without much content. Below we install a jdk inside this mirrored container.

This way we have a jdk in our container, but if we create another container with this ubuntu original image, it will not use this jdk. So we need to commit the contents of this container to the mirror.

Submit container content locally to the image via docker commit ${container_id} ${repository}:${tag}. Then you can have an ubuntu image with jdk.

Later we can use this mirror to generate containers with jdk.

The above updates are limited to local mirrors, if you want to push containers to the cloud you need to use the docker push command. Assuming you're logged in to the repository and have access.

image registry

As mentioned above, by default, the repository uses Docker Hub. We pull and push both on Docker Hub, but there is no need to use Docker Hub if the image is for internal private use, one is network slow, the other is private security issues.

In view of the above problems, there are two solutions, one is to build private services by themselves, and the other is to use the mirror management platform of cloud services (such as Alibaba Cloud's "container mirror service"). The former is not necessary for general developers, but also to engage in certification, more troublesome, not detailed here. The following describes how to use Alibaba Cloud services as your own private repository.

First create a mirror repository on Alibaba Cloud and obtain a repository address, such as registry.cn-shenzhen.aliyuncs.com/zackku/jdk. Here is a repository address, corresponding to a mirror (tag different).

Use docker login to log in to Alibaba Cloud services first.

Then tag the jdk image above (in fact, it is also the process of changing the repository source)

Finally, push the mirror to Alibaba Cloud.

After pushing, you can see this image on Alibaba Cloud's warehouse.

By building a private repository, we can completely ignore the host environment, build a good mirror, and run everywhere.

Dockerfile Build Mirrors

From the above, we have learned how to pull an image, modify the container contents, and commit the image to build the image we need. But through these operations to build a mirror, one is too cumbersome, the other problem is not clear, there is no way to intuitively understand the composition of the mirror.

Dockerfile can solve this problem very well. It can be a one-stop shop for building mirrors by writing a build process. Here is the same ubuntu-based image, install jdk to build a new image as an example, see how Dockerfile is written.

Then execute docker build -t registry.cn-shenzhen.aliyuncs.com/zackku/jdk2:1.0. We can build the mirror.

Dockerfile Advanced Skills

The above is the basic use of Dockerfile, but in practice we don't build mirrors as described above (or more than that). Here are two common usage principles.

Layered construction. Docker's images are hierarchical. Look back at the example of pushing to a remote repository.

In the red box is the submission of mirror layers. If this layer has been built locally, there is no need to build it next time. Similarly, if this layer has been built remotely, there is no need to push this layer. And this layering can be shared between different mirrors, for example, different Java projects are dependent on the JDK runtime environment, so they can share JDK this layer mirror content.

Therefore, based on such characteristics, we should build mirrors in layers, abstract mirror commonalities. For specific operations, we can roughly build the image twice, first build a base image for the bottom layer of different images, such as all the basic runtime environments of Java projects, and then build the application image of the develop surface layer through the base image. This is equivalent to packaging applications into the develop layer. And this layer tells Docker how to run the program.

Build as small a base layer as possible. The size of the image is also an important factor to consider when using Docker, because if the image size is too large, it will be inefficient to update the image and pull the image. Especially in the base layer just mentioned, if the base layer is too big and too bloated, there are too many programs inside, not only the size is large, but also the CPU, network and other resources are consumed too much. In fact, when we use Docker, a container generally contains only one program project. The monitoring and health of this program are done outside the container through cluster management such as k8s, so the container itself only needs to ensure that its own program can run.

As for the operating system I use ubuntu as the base, it is redundant. It is recommended to use only the apline operating system as the lowest level image of the program. It is a lightweight Linux distribution. The system size and runtime resource consumption are quite low. It is very suitable for Docker containers. Based on the apline operating system, we add our own environment, such as installing a Tomcat, JDK, etc., to build a base image.

The base image mentioned above, in fact, does not need to write a layer of Dockfile, docker official directly provides a variety of languages, the environment of the basic image, in github docker-library inside. If you have your own team's operating environment requirements, you can add modifications to this Dockerfile, or abstract one more layer.

As for how to write Dockfile and what the grammar is, there are a lot of detailed instructions on the Internet. Due to space problems, it will not be expanded here.

docker-compose Start cluster

We've already explained how a single container is built and launched, but our projects often don't have only one container, and packaging all programs in one container is not the right approach. So how do we manage to start so many containers is a compulsory topic. At the enterprise level, there are K8S and Swarm, which are container orchestration management tools, but they are slightly more complex and not necessary for personal use.

Docker official docker-compose is recommended here, which can write all the container layout methods in a file, and then through the docker-compose up command, you can start a set of containers according to your layout.

Services in this example contains configuration for each container, where redis, mongodb use the default mirror, default configuration, myproject is our own project. With this arrangement, we were able to connect our projects to redis and mongodb. Finally, through docker-compose up, the mirror image will be automatically pulled and run according to the arrangement.

The specific syntax is not repeated, the key is the container volume mount, network configuration, port exposure, container dependencies. If you use this set of things, you will naturally understand it slowly. The important thing is to do it again and try it.

More technical articles, wonderful dry goods, please pay attention

Blog: zackku.com

Weixin Official Accounts: Zack

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.