Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "what are the advantages of Docker containers and container clouds". Many people will encounter this dilemma in the operation of practical cases. Let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

From container to container cloud

1. Benefits of container technology:

Continuous deployment and testing

Cross-cloud platform support

Environmental standardization and version control

High resource utilization and isolation

Cross-platform and mirroring of containers

Easy to understand and easy to use

Apply Image Repository

two。 Container cloud: take the container as the basic unit of resource segmentation and scheduling, encapsulate the entire software runtime environment, and provide a platform for developers and system administrators to build, publish and run distributed applications

II. Docker Foundation

1.docker rmi command deletes the image; docker rm deletes the container; all provide the-f option to force the deletion of the container that exists in the image or in startup.

III. Interpretation of the core principles of Docker

Kernel knowledge behind A.Docker

The 1.Docker container is essentially a process on the host, which realizes resource isolation through namespace, resource restriction through cgroups, and efficient file operation through write-time copy mechanism (copy-on-write).

Namespace resource isolation: UTS (hostname and domain name), IPC (semaphore, message queue and shared memory), PID (process number), Network (network device, network stack, port, etc.), Mount (mount point, file system), User (user and user group)

3.cgroups is a mechanism provided by the Linux kernel, which can integrate (or separate) a series of system tasks and their subtasks into different groups classified by resources according to requirements, so as to provide a unified framework for system resource management, which is essentially a series of hook attached by the kernel to the program. Through the scheduling of resources while the program is running, the corresponding hooks are triggered to achieve the purpose of resource tracking and restriction.

Overview of B.Docker architecture

1.docker/docker.go is the beginning of all commands

In the 2.api directory are all the files related to "how client sends requests" and "how server responds to requests"

The Cmdxxx function is defined in 3.api/client/xxx.go, where the called cli.client.xxx function indicates what kind of HTTP request the command initiates.

4. The handling function of each request corresponds to a daemon/xxx.go file, and daemon uses the corresponding function to process the request.

The Container object used by 5.daemon is container/container_unix.go

C.libcontainer

1.libcontainer itself is mainly divided into three parts of work, one is creation and initialization, the second is container life cycle management, the third is process management, and the caller is execdriver of Docker.

D.Docker Mirror Management

The 1.Docker image is a read-only Docker container template that contains the file system structure and contents needed to start the Docker container, so it is the basis for starting a Docker container. The contents of the image file and some configuration files running the Docker container constitute the static file system runtime environment of the Docker container-- rootfs.

2.rootfs is the file system visible to the internal processes of the Docker container when it is started, that is, the root directory of the Docker container

Main features of 3.Docker image: layering, write-time replication, content addressing, joint mount

4. Key concepts of mirroring: registry, manifest, image and layer, Dockerfile

E.Docker storage management

1. Common storage drivers: aufs, btrfs, zfs, devicemapper, overlay and vfs

F.Docker data Volum

A 1.volume is a specific file or folder that exists in one or more containers, and this directory exists in the host in a form independent of the federated file system, providing the following convenience:

It is initialized when the container is created, and the files can be used when the container is running

Ability to share and reuse between different containers

Operations on the data in volume will take effect immediately

The operation on the data in volume will not affect the mirror itself.

The life cycle of volume is independent of that of the container.

G.Docker network management

1.Docker introduced a complete set of docker Network subcommands and cross-host network support in version 1.9. CNM (Container Network Model) is used in libnetwork. CNM defines a model for building a container virtualized network, and provides standardized interfaces and components that can be used to develop a variety of network drivers.

Three core components of 2.CNM: sandboxie, endpoint, network

Five built-in drivers in 3.libnetwork: bridge driver, host driver, overlay driver, remote driver, null driver

The 4.docker network connect command creates a new network card in the connected container to complete its connection to the specified network

H.Docker and Container Security

1.Docker security issues

Disk resource limitation problem

Container escape problem

Container DoS attacks and traffic restrictions

Super privilege problem

2.Docker security solutions: SELinux, disk quota, host container traffic limit, GRSecurity kernel security enhancement tools

IV. Advanced practical skills of Docker

a. Containerization thinking

1. The essence of a container is a process and the various dependencies needed to run the process

two。 Instead of backing up a container, we should put the data that needs to be backed up in the volume attached to the container or in the database.

B.Dockerfile best practices

Practical experience of 1.Dockerfile: use tags, carefully select basic image, make full use of cache, correctly use ADD and COPY instructions, RUN instructions, CMD and ENTRYPOINT instructions, do not do port mapping in Dockerfile, use Dockerfile to share Docker images

Monitoring means of C.Docker container

1. Monitoring commands: docker ps, docker images, docker stats, docker inspect, docker top, docker port

two。 Common monitoring tools: cAdvisor of Google, Datadog, Prometheus of SoundCloud

d. The foundation of containerized application construction: high availability configuration center

1.etcd is a key-value repository for configuring sharing and service discovery. Features: simple, secure, fast and trusted.

two。 Service discovery is the process and services in the same distributed cluster, perceiving each other and establishing connections.

Build your own container cloud

Focus on arrangement and deployment: three Musketeers and Fleet

a. Choreographed small artifact Fig/Compose

1. Orchestration, or orchestration, determines the order of actions in the deployment process according to the coupling relationship between deployed objects and the dependence of deployed objects on the environment, the storage location and acquisition of dependent files and deployed files required by the deployment process, and how to verify the success of deployment

two。 Deployment, that is, deployment, means that the orchestration specified environment initialization is performed on the target machine according to the content and process specified by the orchestration, the specified dependencies and files are stored, the specified deployment action is run, and finally the deployment is confirmed by the rules in the orchestration.

3.Dockerfile reproduces a container, Compose reproduces the configuration and cluster of the container

Limitations of 4.docker-compose: for single-homed deployment, networking and storage are also tricky

b. Cross-platform hosting environment management tool Machine

1.Machine brings together all kinds of solutions for users to build a Docker environment, which not only makes it clear at a glance but also simplifies the process of building a Docker environment, so that users can continue to invest their time in application development instead of needlessly spending on building the environment.

c. Cluster abstraction tool Swarm

The 1.Swarm maximum program is compatible with Docker's remote API, making it easy for all programs that directly call Docker remote API to replace the back end with Swarm, including Docker official clients, as well as cluster management tools such as Fig, Flynn and Deis that use Docker

d. The show of choreography Fleet

1. Each machine installed with CoreOS is a node of the container cloud, and the operating system provides the functions of container orchestration, deployment, management, operation and maintenance.

To put it bluntly, 2.Fleet is just a management tool for server clusters to control systemd.

Focus on application support and runtime: Flynn and Deis

A.Flynn, a small and beautiful two-tier architecture

1.Flynn, a PaaS-like project with Layer0 and Layer1 two-tier architecture, is strictly a framework for "service publishing"

Layer0: distributed configuration and coordination, task scheduling, service discovery, host abstraction

Layer1:API controller, Git receiver, Buildpacks, routing component

b. Talking about Deis and Flynn

1.Deis is a pure application-oriented publishing architecture, which strictly distinguishes the relationship between "service" and "application". It is a real Docker PaaS cloud that is closer to the application and the classical PaaS platform.

Everything is a container: Kubernetes

1. Borg, a large-scale cluster management tool born within Google, is also a system for managing cross-host containerized applications. It implements a series of basic functions, including application deployment, high availability management and elastic scaling, and is encapsulated into a set of finished, easy-to-use RESTful API objects to provide services.

This is the end of the introduction to "what are the advantages of Docker containers and container clouds". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.