Docker 简明教程

Docker - Overview

目前,Docker 占容器化技术市场的份额超过 32%,并且这个数字只会增长。一般来说,任何容器化软件都允许你在不启动整个虚拟机的情况下运行。

Currently, Docker accounts for over 32 percent market share of the containerization technologies market, and this number is only expected to grow. In general, any containerization software allows you to run without launching an entire virtual machine.

Docker 使重复和耗时的配置任务变得冗余。这使桌面和云环境中的应用程序能够快速高效地开发。但是,为了适应 Docker,重要的是对其底层架构和其他基础有清晰的了解。

Docker makes repetitive and time-consuming configuration tasks redundant. This allows for quick and efficient development of applications both on desktop and cloud environments. However, to get comfortable with Docker, it’s important to get a clear understanding of its underlying architecture and other underpinnings.

在本章中,让我们浏览 Docker 的概述,了解 Docker 的各个组件如何工作以及如何相互交互。

In this chapter, let’s explore the overview of Docker and understand how various components of Docker work and interact with each other.

What is Docker?

Docker 是一个用于开发、交付和运行应用程序的开源平台。它使应用程序脱离基础设施变得更加容易,从而确保快速的软件交付。Docker 通过协调基础设施管理和应用程序处理来缩短代码创建和部署之间的时间。

Docker is an open-source platform for developing, delivering, and running applications. It makes it easier to detach applications from infrastructure, which guarantees quick software delivery. Docker shortens the time between code creation and deployment by coordinating infrastructure management with application processing.

应用程序被打包并运行在 Docker 生态系统中称为容器的松散隔离环境中。由于这种隔离,更多容器可以在单个主机上同时运行,从而提高安全性。 поскольку它们轻量级,容器通过封装应用程序执行所需的所有内容来消除对主机设置的需求。由于容器在共享环境中保持不变,因此协作很顺利。

Applications are packaged and run inside what are known as containers which are loosely isolated environments in the Docker ecosystem. Because of this isolation, more containers can run concurrently on a single host, improving security. As they are lightweight, containers eliminate the need for host setups by encapsulating all requirements for application execution. Since containers are constant across shared environments, collaboration is smooth.

Docker 为我们提供了全面的工具和管理容器生命周期的平台 −

Docker provides us with comprehensive tooling and a platform for managing the container lifecycle −

  1. You can develop applications and support their components using containers.

  2. You can use containers as the distribution and testing unit for all your applications.

  3. Docker allows you to deploy applications into all environments seamlessly and consistently, whether on local data centers, cloud platforms, or hybrid infrastructures.

Why is Docker Used?

Rapid Application Development and Delivery

Docker 通过提供标准化环境(以本地容器的形式)来加速应用程序开发周期。这些容器是 CI/CD 工作流的组成部分,它们确保快速且一致的应用程序交付。

Docker speeds up application development cycles by providing standardized environments in the form of local containers. These containers are integral to CI/CD workflows and they ensure fast and consistent application delivery.

考虑以下示例场景 −

Consider the following example scenario −

  1. The developers in your team write programs in their local system. They can share their work with their teammates using Docker containers.

  2. Then, they can use Docker to deploy their applications into a test environment where they can run automated or manual tests.

  3. If a bug is found, they can fix it in the development environment, verify the build, and redeploy it to the test environment for further testing.

  4. After the testing is done, deploying the application to the production environment and getting the feature to the customer is as simple as pushing the updated image to the production environment.

Responsive Deployment and Scaling

由于 Docker 是一个基于容器的平台,它促进了高度可移植的工作负载。这允许你跨各种环境无缝运行应用程序。它的可移植性和轻量级特性允许动态工作负载管理。随后,企业可以根据需求实时扩展应用程序。

Since Docker is a container-based platform, it facilitates highly portable workloads. This allows you to run applications seamlessly across various environments. Its portability and lightweight nature allow for dynamic workload management. Subsequently, businesses can scale applications in real time as per demand.

Maximizing Hardware Utilization

Docker是一种经济实惠的传统虚拟机替代品。这让服务器容量使用率更高。它允许你创建高密度环境和执行更小的部署。这让企业能够利用有限资源实现更大价值。

Docker is a cost-effective alternative to traditional virtual machines. This enables higher server capacity utilization. It allows you to create high-density environments and perform smaller deployments. This allows businesses to achieve more with limited resources.

Docker Containers vs Virtual Machines

虚拟机(VM)和Docker容器是两种在现代计算环境中广泛使用的技术,虽然它们有不同的用途和优点。对特定用例选择哪种技术进行明智的选择,需要了解它们之间的差异。

Virtual machines (VMs) and Docker containers are two widely used technologies in modern computing environments, although they have different uses and benefits. Making an informed choice on which technology to choose for a given use case requires an understanding of their differences.

docker overview

Architecture

Docker Containers − Docker容器是轻量且可移植的,并且它们共享主机OS内核。它们运行在主机操作系统之上,并且封装了应用程序及其依赖项。

Docker Containers − Docker containers are lightweight and portable, and they share the host OS kernel. They run on top of the host OS and encapsulate the application and its dependencies.

Virtual Machines − 另一方面,虚拟机在管理程序之上模仿全功能硬件,包括客户操作系统。每个虚拟机运行自己的操作系统实例,该实例独立于主机操作系统。

Virtual Machines − On the other hand, Virtual Machines imitate full-fledged hardware, including the guest OS, on top of a hypervisor. Each VM runs its own OS instance which is independent of the host OS.

Resource Efficiency

Docker Containers − 在资源利用方面,Docker容器非常高效,因为它们共享主机操作系统内核,并且与虚拟机相比,需要的资源更少。

Docker Containers − In terms of resource utilization, Docker Containers are highly efficient since they share the host OS kernel and require fewer resources compared to VMs.

Virtual Machines − 虚拟机消耗更多资源,因为它们需要模仿整个操作系统,包括内存、磁盘空间和CPU。

Virtual Machines − VMs consume more resources since they need to imitate an entire operating system, including memory, disk space, and CPU.

Isolation

Docker Containers − 容器提供进程级隔离。这意味着它们共享相同的操作系统内核,但有独立的文件系统和网络。这是通过命名空间和控制组实现的。

Docker Containers − Containers provide process-level isolation. This means that they share the same OS kernel but have separate filesystems and networking. This is achieved through namespaces and control groups.

Virtual Machines − 相比较而言,虚拟机提供更强的隔离,因为每个虚拟机都运行自己的内核,并有其专用的资源。因此,虚拟机更安全,但更重。

Virtual Machines − Comparatively, VMs offer stronger isolation since each VM runs its kernel and has its dedicated resources. Hence, VMs are more secure but also heavier.

Portability

Docker Containers − 只要在一个环境中安装了Docker,容器就能在不同的环境中一致地运行,不管是开发还是生产。这使得它们具有高度可移植性。

Docker Containers − As long as Docker is installed in an environment, Containers can run consistently across different environments, development or production. This makes them highly portable.

Virtual Machines − 由于底层硬件和管理程序配置上的差异,与容器相比,虚拟机的灵活性较差。但是,通过磁盘映像,它们在一定程度上可以移植。

Virtual Machines − VMs are less flexible compared to containers due to differences in underlying hardware and hypervisor configurations. However, they can be portable to some extent through disk images.

Startup Time

Docker Containers − 容器几乎可以立即启动,因为它们利用主机操作系统内核。因此,它们最适合微服务架构和快速扩展。

Docker Containers − Containers spin up almost instantly since they utilize the host OS kernel. Hence, they are best suitable for microservices architectures and rapid scaling.

Virtual Machines − 虚拟机通常需要更长时间才能启动,因为它们需要启动整个操作系统。这导致启动时间比容器慢。

Virtual Machines − VMs typically take longer to start because they need to boot an entire OS. This results in slower startup times compared to containers.

Use Cases

Docker Containers − Docker容器最适合微服务架构、CI/CD管道以及需要快速部署和扩展的应用程序。

Docker Containers − Docker Containers are best suited for microservices architectures, CI/CD pipelines, and applications that require rapid deployment and scaling.

Virtual Machines − 对于运行对安全性有严格要求并且需要强隔离的遗留应用程序,虚拟机更合适。

Virtual Machines − VMs are preferred for running legacy applications that have strict security requirements where strong isolation is necessary.

Docker Architecture

Docker使用客户端-服务器架构。Docker客户端与Docker守护进程进行通信,后者构建、管理和分发你的Docker容器。Docker守护进程负责所有繁重的工作。

Docker uses a client-server architecture. The Docker client communicates with the Docker daemon, which builds, manages, and distributes your Docker containers. The Docker daemon does all the heavy lifting.

Docker客户端还可以连接到远程Docker守护进程,或者守护进程和客户端可以在同一台机器上运行。它们通过REST API、UNIX套接字或网络接口进行通信。

A Docker client can also be connected to a remote Docker daemon, or the daemon and client can operate on the same machine. They communicate over a REST API, over UNIX sockets, or a network interface.

docker architecture

Docker Daemon

Docker守护进程(也称为dockerd)管理Docker对象,如容器、映像、卷、网络等。它为此侦听Docker API请求。为了管理Docker服务,它还可以与其他守护进程进行通信。

The Docker daemon also known as dockerd manages the Docker objects like containers, images, volumes, networks, etc. It listens to the Docker API requests for this. To manage Docker services, it can communicate with other daemons as well.

Docker Client

为了与Docker进行交互,大多数用户使用诸如CLI的Docker客户端。在命令行中,当你运行诸如Docker run的Docker命令时,它会将命令发送到dockerd执行。Docker客户端可以与多个守护进程通信。

To interact with Docker, most of the users use Docker clients such as CLI. In the command line, when you run Docker commands like Docker run, it sends the command to the dockerd to execute. The Docker client can communicate with multiple daemons.

Docker Desktop

Docker桌面是访问Docker的简单方式。它是一个可以在Windows、Mac和Linux上运行的应用程序。它允许你执行所有与Docker相关的功能。Docker Desktop内置守护进程、客户端、compose、Kubernetes等内容。

Docker desktop is an easy way to access Docker. It’s an application that can run on Windows, Mac, as well as Linux. It allows you to perform all the Docker-related functionalities. Docker Desktop comes with daemon, client, compose, Kubernetes, and much more packed into it.

Docker Registries

Docker 注册表中存储了 Docker 镜像。最受欢迎的公共 Docker 注册表是 Docker Hub,任何人都可以使用。默认情况下,Docker 在 Docker Hub 上查找镜像。

A Docker registry has Docker images stored in it. The most popular public Docker registry is the Docker Hub which anyone can use. By default, Docker looks for images on Docker Hub.

当你执行 docker pull 或 run 命令时,dockerd 会从注册表中拉取所需的镜像。Docker push 命令也是如此。

When you execute a docker pull or run command, the dockerd pulls the required images from the registry. The same goes for the Docker push command as well.

Docker Objects

Docker 有一些镜像、容器、网络、卷、插件和其他对象与之关联,你将在整个 Docker 旅程中使用它们。让我们简要概述一下其中的一些对象。

Docker has images, containers, networks, volumes, plugins, and other objects associated with it that you will use throughout the Docker journey. Let’s look at a brief overview of some of those objects.

镜像是一个只读模板,其中包含 Docker 容器创建说明。镜像通常是从另一个镜像中继承的,并进行了一些额外的修改。例如,你可以创建一个建立在 Ubuntu 基础镜像之上的 Docker 镜像,而在此之上,你可以拥有 Apache Web 服务器、你的应用程序以及一些特定于你的应用程序的配置。

An image is a read-only template that contains Docker container creation instructions. An image is usually inherited from another image with some additional modifications. For example, you can create a Docker image built on top of the Ubuntu base image, and on top of that, you have an Apache web server, your application, as well as some configurations specific to your application.

你可以创建自己的镜像,也可以从注册表中使用其他人创建的镜像。为了构建定制镜像,你可以使用包含构建镜像所需的所有说明和步骤的 Dockerfile。Dockerfile 中的指令是在基础镜像之上的一个镜像层。

You can create your own image or you can use the ones created by others from registries. To build customized images, you can use Dockerfile with all the instructions and steps required to build the image. An instruction in a Dockerfile is an image layer on top of the base image.

在重建 Dockerfile 时,只重建与那些已更改指令关联的层。这正是 Docker 镜像如此轻量级、快速和精简的原因。

On rebuilding a Dockerfile, only the layers associated with those instructions that have changed are rebuilt. That’s what makes Docker images so lightweight, fast, and small.

Docker 容器是 Docker 镜像的一个正在运行的实例。Docker 允许你创建、运行、终止、移动或删除容器。Docker 容器基于关联的镜像以及你在启动容器时提供的配置。当你停止或删除容器时,未持久化到持久存储(例如卷等)的更改将丢失。

A Docker container is a running instance of a Docker image. Docker allows you to create, run, kill, move, or delete a container. A Docker container is based on the associated image and the configurations provided when you start the container. When you stop or remove a container, changes that were not persisted to persistent storage such as volumes, etc. would be lost.

用于创建 Docker 容器的一个示例命令是 −

An example command to create a Docker container is −

docker run -i -t ubuntu /bin/bash

当你运行此命令时,会发生以下情况 −

The following happens when you run this command −

  1. Docker pulls the Ubuntu image from Dockerhub if you haven’t already pulled it before in your local by internally executing the Docker pull command.

  2. It then creates a new container by internally executing the Docker create command.

  3. As a final layer, it allocates a read-write filesystem to the container. It also creates a default network interface.

  4. Once the container is started, it executes the /bin/bash command. The -i and -t flags run the container interactively and attach a terminal for you to run further commands.

多亏了 Docker 网络,容器可以彼此通信。虽然容器默认是分开的,但你可以使用 Docker 构建虚拟网络,使容器能够彼此安全地通信。这些网络的复杂程度范围从简单到复杂,不同的驱动程序选项提供了不同的功能。

Containers can communicate with each other thanks to Docker networks. Although containers are separated by default, you can use Docker to build virtual networks that let containers safely communicate with one another. These networks can range in complexity from simple to complex, with different driver options providing varied functionalities.

对于基本连接,你可以使用默认网桥网络,或为你的应用创建定制网络。Docker 网络简化了构建多容器应用程序,在其中服务需要彼此通信。

For basic connectivity, you can utilize the default bridge network or create customized networks for your apps. Building multi-container applications where services need to communicate with one another is made simple by Docker networks.

传统应用程序依赖于为主机提供支持的存储系统。借助卷,Docker 提供了一种更适应性更强的使用方法。存储在容器本身之外的数据的目录称为卷。这确保了无论容器是停止还是还原,你的数据都是安全的。

Conventional applications depend on the storage system that powers the host. With volumes, Docker provides a more adaptable method. Directories that store data outside of the container itself are called volumes. This makes sure your data is safe whether the container is stopped or restored.

对于持久存储需求,你可以从主机计算机绑定装载特定目录或构建命名卷来管理应用程序数据。Docker 卷使数据管理变得更容易,并且通过将应用程序的数据与容器生命周期分离开来,确保了持久性。

For persistent storage requirements, you can bind-mount particular directories from the host computer or construct named volumes to manage application data. Docker volumes make data management easier and it ensures permanence by separating your application’s data from the container lifecycle.

Conclusion

总之,对于寻求简化应用程序开发、部署和管理的公司来说,Docker 的容器化技术提供了一个有力的选择。

In conclusion, companies looking to simplify application development, deployment, and management will find that Docker’s containerization technology presents a strong option.

Docker 的方法加速了开发周期,促进了扩展性和可移植性,并最大限度地利用了硬件资源。企业可以通过利用 Docker 容器来提高其软件交付流程的敏捷性、效率和成本效益。

Docker’s methodology accelerates development cycles, facilitates scalability and portability, and maximizes the use of hardware resources. Businesses can increase the agility, efficacy, and cost-effectiveness of their software delivery processes by utilizing Docker containers.

Frequently Asked Questions

Q1. What is the core concept of Docker?

容器化是 Docker 背后的基本思想。它将你的程序及其所有依赖项编译到一个容器中,这是一个自包含的实体。此容器与其他容器隔离运行,确保在不同环境中行为一致。可以将其视为一个预配置的容器,其中包含无论身在何处应用程序正常运行所需的一切。

Containerization is the fundamental idea behind Docker. It compiles your program and all of its dependencies into a container, which is a self-contained entity. This container operates in isolation from other containers, guaranteeing consistent behavior in different environments. Consider it as a pre-configured box that comes with everything your application needs to function properly, wherever it is.

Q2. What is Docker best used for?

Docker 是一个用于更快速地管理、部署和开发应用程序的出色工具。其轻量级容器有助于更轻松、更快速地构建。

Docker is a great tool for managing, deploying, and developing applications more quickly. Its lightweight containers facilitate easier and faster construction.

此外,它们支持在各种上下文中轻松扩展和移动应用程序。此外,通过允许共享容器化应用程序,Docker 简化了团队合作。

Additionally, they support applications' easy scaling and mobility in a variety of contexts. Furthermore, by allowing the sharing of containerized apps, Docker streamlines teamwork.

Q3. What is the lifecycle of a Docker?

Docker 容器的生命周期从创建映像开始,该映像用作蓝图。接下来,使用此映像启动容器的实例。

The lifespan of a Docker container begins with the creation of an image, which serves as a blueprint. Next, instances of the container are started using this image.

可以根据需要启动、停止、暂停和重新启动容器。最后,一旦不再需要它们,就可以删除容器。

Containers can be started, stopped, paused, and restarted as needed. Lastly, once they are no longer needed, containers can be removed.

Q4. Is Docker a PaaS or IAAS?

Docker 不是基础设施即服务 (IaaS) 或平台即服务 (PaaS)。它专注于容器化、独特的应用程序打包和运行技术。

Docker is not an infrastructure-as-a-service (IaaS) or platform-as-a-service (PaaS). It focuses on containerization, distinctive application packaging, and running technology.

IaaS 提供虚拟化计算机资源,而 PaaS 提供完整的开发和部署环境。Docker 可以与 IaaS 和 PaaS 解决方案很好地协同工作。

IaaS delivers virtualized computer resources, but PaaS offers a full development and deployment environment. Docker works nicely with IaaS and PaaS solutions alike.

Q5. What is a Dockerfile?

Dockerfile 是一个文本文档,其中包含有关如何创建 Docker 映像的说明。它指定映像中必须存在的库、应用程序代码和操作系统。可以将其视为一本食谱,它准确地指导 Docker 完成组件和操作,以便为应用程序生成有效的容器映像。

A Dockerfile is a text document that has instructions on how to create a Docker image. It specifies the libraries, application code, and operating system that must be present in the image. Consider it a cookbook that instructs Docker on precisely the components and actions to do in order to produce a working container image for your application.