Introduction to Docker,from Jitendra Kumar Patel
- 2015-11-05 14:00:00
- 先知 转贴
- 14322
Jitendra Patel
M.Tech from International Institute of Information Technology, Bangalore (Pursuing)
Experience in Teaching
Expertise in Ethical Hacking, Network Security, Reverse Engineering, Wireless Security, Technical Analysis
Working as a Offline Instructor at Innobuzz Knowledge Solutions
Tech Enthusiast
DOCKER HISTORY
A dotCloud (PAAS provider) project
Initial commit January 18, 2013
Docker 0.1.0 released March 25, 2013
18,600+ github stars, 3800+ forks,740 Contributors…. and continues
dotCloud pivots to docker inc. October 29, 2013
What is Docker ?
Open platform for developers and sysadmins to build, ship and run distributed applications
Can run on popular 64-bit Linux distributions with kernel 3.8 or later
Supported by several cloud platforms including Amazon EC2, Google Compute Engine, and Rackspace.
Features
Light-Weight
Minimal overhead (cpu/io/network)
Based on Linux containers
Uses layered filesystem to save space (AUFS/LVM)
Uses a copy-on-write filesystem to track changes
Portable
Can run on any Linux system that supports LXC (today).
0.7 release includes support for RedHat/Fedora family.
Raspberry pi support.
Future plans to support other container tools (lmctfy, etc.)
Possible future support for other operating systems (Solaris, OSX, Windows?)
Self-sufficient
A Docker container contains everything it needs to run
Minimal Base OS
Libraries and frameworks
Application code
A docker container should be able to run anywhere that Docker can run.
The Challenge
The Matrix From Hell
Cargo Transport Pre-1960
Also a Matrix from Hell
Solution: Intermodal Shipping Container
Docker is a Container System for Code
Docker Eliminates the Matrix from Hell
Why it Works: Separation of Concerns
Docker Architecture
Docker Engine
–CLI
–Docker Daemon
–Docker Registry
Docker Hub
–Cloud service
• Share Applications
• Automate workflows
• Assemble apps from components
Docker images
Docker containers
NOT A VHD
NOT A FILESYSTEM
uses a Union File System
a read-only Layer
do not have state
Basically a tar file
Has a hierarchy • Arbitrary depth
Fits into the Docker Registry
Containers before Docker
Containers after Docker
How does Docker work ?
You can build Docker images that hold your applications
You can create Docker containers from those Docker images to run your applications
You can share those Docker images via Docker Hub or your own registry
Virtual Machine Versus Container
Docker Container Lifecycle
• The Life of a Container
– Conception
• BUILD an Image from a Dockerfile
– Birth
• RUN (create+start) a container
– Reproduction
• COMMIT (persist) a container to a new image
• RUN a new container from an image
– Sleep
• KILL a running container
– Wake
• START a stopped container
– Death
• RM (delete) a stopped container
• Extinction
– RMI a container image (delete image)
Linux Cgroups
• Kernel Feature
• Groups of processes
• Control resource allocations
– CPU
– Memory
– Disk
– I/O
• May be nested
Linux Kernel Namespaces
• Kernel Feature
• Restrict your view of the system
– Mounts (CLONE_NEWNS)
– UTS (CLONE_NEWUTS)
• uname() output
– IPC (CLONE_NEWIPC)
– PID (CLONE_NEWPID)
– Networks (CLONE_NEWNET)
– User (CLONE_NEWUSER)
• Not supported in Docker yet
• Has privileged/unprivileged modes today
• May be nested
Dockerfile
• Like a Makefile (shell script with keywords)
• Extends from a Base Image
• Results in a new Docker Image
• Imperative, not Declarative
A Docker file lists the steps needed to build an images
• docker build is used to run a Docker file
• Can define default command for docker run, ports to expose, etc
Docker CLI Commands (v1.1.2)
Contributing to Docker
Want to hack on Docker ?
Reporting Security Issues
Design and Cleanup Proposals
Reporting Issues
Build Environment
SUMMARY
Easy to build, run & share containers
Rapidly expanding ecosystem
Better performance vs. VMs
Layered file system gives us git-like control of images
Reduces complexity of system builds
Red Hat - Project Atomic Host, and certifications - containerized applications, Geard and OpenShift.
Google is expected to tightly integrate containers with its IaaS and PaaS offerings.
发表评论
文章分类
联系方式
联系人: | 王春生 |
---|---|
Email: | chunsheng@cnezsoft.com |