Docker Initially docCloud Company founder Solomon Hykes An internal project initiated while in France , It is based on docCloud The company has innovated cloud service technology for many years , And in 2013 year 3 Month after month Apache 2.0 License open source , The main project code is in GitHub upkeep .
Dokcer It's an open source commercial product ,Docker Divided into community version (Community Edition, CE) And enterprise (Enterprise Edition, EE). among Docker Community Edition is an open source software , The source code is located in https://github.com/docker/docker-ce, be based on Go Language development , be based on Linux Kernel cgroup、namespace, as well as OverlayFS Class Union FS Technology , Encapsulate and isolate processes , Virtualization technology at the operating system level .License by Apache-2.0, The latest stable version is 19.03.13, On 2020 year 9 month 18 Promulgated by the , Support Linux、Windows and Mac operating system , It's an open platform , For developing applications 、 deliver (shipping) application 、 Run the application . Because the isolated process is independent of the host and other isolated processes , So it's also called a container . The initial implementation is based on LXC, from 0.7 The version begins to remove LXC, Turn to self-developed libcontainer, from 1.11 Start , Then it further evolved to use runC and containerd.
Docker Allow users to put infrastructure (Infrastructure) The applications in are separated separately , Form smaller particles ( Containers ), To speed up the delivery of software .Docker Containers are similar to virtual machines , But they are different in principle . Containers are virtualization of the operating system layer , Virtual machines are virtualization hardware , So the container is more portable 、 Efficient use of servers . Containers are more used to represent a standardized unit of software . Because of the standardization of containers , So it can ignore differences in infrastructure , Deploy anywhere .
Docker Is a for development 、 An open platform for publishing and running applications .Docker Enables you to separate applications from infrastructure , So you can quickly deliver software . With the help of Docker, You can manage the infrastructure in the same way that you manage applications . By using Docker Methods for rapid delivery 、 Testing and deployment , You can greatly reduce the delay between writing code and running it in a production environment .
Docker utilize Linux The resource separation mechanism in the core , for example cgroups, as well as Linux Core namespace (namespaces), To create a separate container (containers). This can be done in a single Linux Under the entity operation , Avoid the extra burden of booting a virtual machine .
Docker Provides in a loosely isolated environment (loosely isolated environment)( It's called a container ) The ability to package and run applications in . Isolation and security allow you to run multiple containers simultaneously on a given host . Containers are lightweight , Because they don't need a hypervisor (hypervisor) The extra burden of , It runs directly in the host's kernel . This means that compared to using virtual machines , More containers can be run on a given combination of hardware . You can even run it on a host that is actually a virtual machine Docker Containers .
Docker Is an open source application container engine , Let developers package their applications and dependencies into a lightweight package 、 In a portable container , Then post to any popular Linux Machine or Windows On the machine , You can also implement virtualization . Containers are completely sandboxed using the sandbox mechanism , There will be no interface between them , More importantly, the container performance overhead is minimal .
and VMware Virtual machines are compared to ,Docker Using containers to host applications , Instead of using an operating system , So it costs very little , A high performance . however ,Docker Application isolation is not as thorough as virtual machines , So it can't completely replace VMware.
Docker It's a container based platform , Allow highly portable workloads .Docker The container can be on the developer's native machine 、 On physical or virtual machines in the data center 、 Running on a cloud service or in a hybrid environment .Docker Portability and lightweight features , It also makes it easy for you to complete the dynamic management workload , And according to the business requirements , Expand or dismantle applications and services in real time .
Linux Containers (Linux Containers, Abbreviation for LXC)： A virtualization technology , It's not simulating a complete operating system , It's about isolating the process . For processes in the container , All the resources it touches are virtual , So as to realize the isolation from the underlying system . Because the container is process level , There are many advantages over virtual machines ：
(1). Fast start ： Applications in containers , Directly is a process of the underlying system , Instead of processes inside the virtual machine . therefore , Starting the container is equivalent to starting a process on the machine , Instead of starting an operating system , It's a lot faster .
(2). Container takes only needed resources , Do not occupy the resources that are not used ; Virtual machine is a complete operating system , It's inevitable to occupy all resources . in addition , Multiple containers can share resources , Virtual machines are exclusive resources .
(3). Small volume ： The container only needs to contain the components used , Virtual machine is the package of the whole operating system , So container files are much smaller than virtual machine files .
Traditional virtual machine technology is the virtual out of a set of hardware , Run a full operating system on it , The required application processes are then run on the system ; Application processes in the container run directly from the host kernel , There is no kernel of its own in the container , And there is no hardware virtualization . Containers are therefore more portable than traditional virtual machines .
Docker engine (Docker Engine) Is a client with the following main components ---- Server application (client----server application)：
(1). The server ： It's a long-running program , Called daemons (daemon process)(dockerd command ).
(2).REST API： It specifies the interface that a program can use to communicate with the daemons and indicate its operation .
(3). client ： Command line interface (command line interface, CLI)(docker command ).
We write commands through the client , The client then sends the command to the daemons , The daemons then return the results of the command execution to the client , This allows us to view the execution results through commands , The image is the source code of the container , The container is started by mirroring , Use the repository to hold the user built image . Daemons create and manage Docker object , For example, mirror image 、 Containers 、 Network and volume .
Docker The engine is the core software used to run and manage containers , Usually people simply refer to it as Docker or Docker platform .
CLI Use Docker REST API By script or directly CLI To command or control with Docker Daemons interact . Many others Docker Applications use the basics API and CLI.
Docker framework ：Docker Using client ---- Server architecture , As shown in the figure below .Docker The client and Docker Daemon (daemon) A dialogue , The daemons complete the build 、 Operation and distribution Docker The heavy work of the container .Docker Clients and daemons can run on the same system , Or you can put Docker Clients connect to remote Docker Daemon .Docker Clients and daemons are in UNIX Use on socket or network interface REST API communicate .
(1).Docker Daemon (Docker daemon)： Listen Docker API Request and manage Docker object , For example, mirror image 、 Containers 、 Network and volume . Daemons can also communicate with other daemons to manage Docker service .
Docker The daemons accept requests from clients as servers , And process those requests ( establish 、 function 、 Distribution of the container ). Both the client and the server can run on the same machine , Can also pass socket perhaps REST API To communicate .Docker Daemons usually run in the background of the host , Wait to receive a message from the client .Docker The client provides the user with a series of executable commands , The user implements the following with these commands Docker Daemons interact .
(2). Docker client (Docker client)： It's a lot of Docker Users and Docker Main ways of interaction . When you use something like docker run Orders like that , The client will send these commands to dockerd, Then execute them . docker Command to use Docker API.Docker The client can communicate with multiple daemons . Both the client and the server can run on the same machine , Can also pass socket perhaps RESTful API To communicate .Docker daemon Generally runs in the background of the host host , Wait to receive a message from the client .Docker The client provides the user with a series of executable commands , The user implements the following with these commands Docker daemon Interaction .
(3).Docker Registry Center (Docker registry)： Storage Docker Mirror image .Docker Hub It's a public registry that anyone can use , And by default ,Docker Configured to be in Docker Hub Find the image on . You can even run your own private registry . Use docker pull or docker run On command , The required image will be extracted from the configured registry . Use docker push On command , The image is pushed to the configured registry .
After the mirror is built , Can be easily run on the current host , however , If you need to use this image on another server , We just need a centralized store 、 A service that distributes images ,Docker Registry That's the service .
One Docker Registry Can contain multiple warehouses in (Repository); Each warehouse can contain multiple labels (Tag); Each label corresponds to an image . Usually , A warehouse will contain images of different versions of the same software , And tags are often used for different versions of corresponding software . We can go through < Warehouse, >:< label > To specify which version of the image of the software . If you don't give a label , Will be with latest As default label .
With Ubuntu Image as an example ,ubuntu It's the name of the warehouse , It contains different version labels , Such as 16.04、18.04. We can go through ubuntu:16.04, perhaps ubuntu:18.04 To specify which version of the image you want . If the label is ignored , such as ubuntu, That would be considered ubuntu:latest.
Warehouse names often appear in the form of a two-phase path , such as jwilder/nginx-proxy, The former often means Docker Registry User name in multi-user environment , The latter is often the corresponding software name . But this is not absolute , Depends on the specific... Used Docker Registry Software or services .
Docker Registry Open service ： It is open to users 、 Allow users to manage mirrored Registry service . Generally, such public services allow users to upload for free 、 Download public images , And may provide charging service for users to manage private image . Most commonly used Registry Public service is official Docker Hub, This is also the default Registry, And has a large number of high-quality official images . in addition to , also Red Hat Of Quay.io;Google Of Google Container Registry, Kubernetes This service is used for the image of .
For some reason , Visiting these services in China may be slow . Some cloud service providers in China have provided solutions for Docker Hub Image services (Registry Mirror), These image services are called accelerators . The common ones are Alibaba cloud accelerators 、DaoCloud Accelerator, etc . There are also some cloud service providers in China that provide similar services Docker Hub Public service . For example, Netease cloud image service 、 Alibaba cloud image library, etc .
private Docker Registry： In addition to using public services , Users can also set up private businesses locally Docker Registry.Docker The official provided Docker Registry Mirror image , Can be used directly as private Registry service .
Don't do it without configuration Docker APT Use directly in the case of source apt Command to install Docker.
(4).Docker object (Docker objects)： Refer to Images、Containers、Networks、Volumes、Plugins wait .
A. Mirror image (Images)： Is a read-only template , It includes creating Docker Description of the container . Usually , One mirror is based on another image , And do some other customization . for example , You can build based on ubuntu Mirror image of mirror image , But installation Apache Web Server and your application , And the configuration details needed to run the application . You can create your own image , You can also just use images created by others and published in the registry . Build your own mirror image , You can create one with simple syntax Dockerfile, To define the steps required to create the image and run it . Dockerfile Each instruction in creates a layer in the image . When you change Dockerfile And rebuild the mirror image , Rebuild only those layers that have changed . Compared with other virtualization technologies , This is what makes the mirror so light 、 Part of the reason for being small and fast . Image layering (layers) structure Of , And the files that define these levels are called Dockerfile.
The operating system is divided into kernel and user space . about Linux for , After kernel startup , Will mount root File system provides user space support for it . and Docker Mirror image , It's like one root file system . For example, the official image ubuntu:18.04 It includes a complete set Ubuntu 18.04 Minimum system root file system .
Docker A mirror is a special file system , In addition to providing the required programs for the container runtime 、 library 、 resources 、 Configuration and other files outside , It also contains some configuration parameters for the runtime ( Such as anonymous volume 、 environment variable 、 The user etc. ). The mirror does not contain any dynamic data , Its content is not changed after construction .
Because the image contains the complete operating system root file system , Its volume is often huge , So in Docker When the design , Just make the most of Union FS Technology , Design it as a tiered storage architecture . So strictly speaking , Mirror image is not like a ISO Packing files like that , Image is just a virtual concept , It's not really a document , It's a set of file systems , Or say , It is composed of multiple file systems . When the image is built , It will be built layer by layer , The former layer is the foundation of the latter layer . After each layer is built, it will not change , Any change on the latter layer only happens on its own layer . When building images , Need extra care , Each layer should contain only what it needs to add , Anything extra should be cleaned up before the layer is built . The characteristics of tiered storage also enable the reuse of images 、 Customization becomes easier . You can even use the previously constructed image as the base layer , Then add a new layer , To customize what you need , Building a new mirror .
Docker Put the application and its dependencies , Packaged in a mirror file . Only through this document , Can be created Docker Containers . Image files can be seen as templates for containers .Docker Create an instance of the container from the image file . The same image file , You can generate multiple container instances running at the same time . Images are binary files . In development , A mirror file often inherits another image file , Add some personalization to create .
Image files are generic , Copy the image file of one machine to another , Still usable . Generally speaking , To save time , We should try to use the image files made by others , Instead of making it yourself . Even if you want to customize , Should also be based on other people's image file processing , Not from scratch . For the convenience of sharing , After the image file is made , It can be uploaded to the warehouse on the Internet .Docker The official warehouse of Docker Hub Is the most commonly used image warehouse .
Use the image to create a container , The mirror image must be associated with Docker Host system architecture is consistent , for example Linux x86_64 Architecture system can only use Linux x86_64 Image creation container of .Windows、Mac With the exception of , It USES binfmt_misc Provides a variety of architecture support , stay Windows、Mac On the system (x86_64) Can run arm And other architectures .
When the user gets an image ,Docker The engine will first look for whether the image has manifest list , If any Docker The engine will follow Docker Running environment ( System and Architecture ) Find the corresponding image . If not, the image will be obtained directly .
Each mirror is made up of many layers ,Docker Use Union FS Combine these different layers into a mirror image . Usually Union FS There are two uses , On the one hand, it can be realized without the help of LVM、RAID Will be multiple disk Hang to the same directory , A more common branch that can be written together with another read-only branch .
B. Containers (Containers)： It's an application or set of applications that run independently , It's the entity of the mirror runtime . You can use Docker API or CLI establish 、 start-up 、 stop it 、 Move or delete containers . You can connect containers to one or more networks , Connect storage to it , Even create a new image based on its current state . By default , The isolation between the container and other containers and their hosts is relatively high . You can control the network of containers 、 The degree to which storage or other underlying subsystems are isolated from other containers or hosts . A container is defined by its image and any configuration options that are provided to it at creation or startup . After deleting the container , State changes that are not stored in permanent storage will disappear .Docker Container by Docker Image to create .
The relationship between image and container , It's like classes and instances in object-oriented programming , Image is a static definition , Containers are entities that mirror the runtime . Containers can be created 、 start-up 、 stop it 、 Delete 、 Pause and wait . Closing the container does not delete the container file , It's just that the container stops running . Terminate the running container file , It will still occupy the hard disk space .
The essence of a container is a process , But unlike processes that execute directly on the host , Container processes run in their own separate namespace . So you can have your own container root file system 、 Own network configuration 、 Own process space 、 Even their own users ID Space . The process in the container is running in an isolated environment , Use up , It's like operating on a host independent system .
The mirror uses tiered storage , So is the container . Each container runs , It's a mirror based layer , Create a storage layer on it for the current container , We can call this storage layer prepared for container read-write at runtime as container storage layer . The lifetime of the container storage layer is the same as that of the container , When the container dies , The container storage layer also dies . therefore , Any information saved in the container storage layer will be lost with the deletion of the container .
according to Docker Best practice requirements , The container should not write any data to its storage layer , Container storage layer should be kept stateless . All file write operations , Data volume should be used (Volume)、 Or bind the host Directory , Reading and writing at these locations skips the container storage layer , Directly to the host ( Or networked storage ) Reading and writing happen , Its performance and stability are higher . The lifetime of a data volume is independent of the container , The container dies , Data volumes don't die . therefore , After using the data volume , After the container is removed or re run , Data is not lost .
Docker You need to have a local image before running the container , If the image does not exist locally ,Docker The image will be downloaded from the image repository . Containers are based on mirrors , Add another layer of container storage , To make such a multi-layer storage structure to run . So if the image is dependent on this container , Then deletion must lead to failure . If these containers are not needed , They should be deleted first , And then delete the image .
When we run a container ( If you don't use volumes ), Any file changes we make will be recorded in the container storage layer . and Docker Provides a ”docker commit” command , You can save the storage layer of the container as a mirror . let me put it another way , On the basis of the original image , Add the storage layer of the container , And form a new image . When we run this new image in the future , Will have the last file change of the original container .
There are two ways to start a container , One is to create a new container based on the image and start it , The other one is going to be in the terminate state (stopped) Restart the container of . because Docker The container is so lightweight , Most of the time, users delete and create containers at any time .
Docker Container and LXC The container is very similar , The security features provided are similar . When used docker run When you start a container , Backstage Docker Create a separate set of namespace and control groups for the container . The namespace provides the most basic and direct isolation , Processes running in containers are not discovered and acted upon by processes running on the host and other containers . Each container has its own unique network stack , Means they can't access other containers sockets Or interface . however , If the corresponding settings are made on the host system , Containers can interact with other containers just as they interact with hosts . When specifying a public port or using links To connect 2 When it's a container , The containers can communicate with each other ( Policies that can be configured to limit communication ).
Mirror image can be understood as a construction time (build-time) structure , A container can be understood as a runtime (run-time) structure . You can start one or more containers from a single mirror .
C. service (Services)： So you can be in more than one Docker Extending containers between daemons , These daemons can all work with multiple managers and staff . colony (swarm) Every member of is Docker Daemon , All daemons use Docker API communicate . Services allow you to define the required state , For example, the number of copies of a service that must be available at any given time . By default , The service is load balanced across all work nodes (load-balanced) Of . For consumers ,Docker The service seems to be a separate application .Docker Engine stay Docker 1.12 Cluster mode is supported in and above (swarm mode).
Docker host (Host)： A physical or virtual machine is used to execute Docker Daemons and containers .
Docker The underlying technology ：Docker Yes, it is Go Programming language , utilize Linux Several features of the kernel to deliver its functionality .
(1). Namespace (Namespaces)：Docker Use a technique called a namespace to provide an isolated workspace called a container . When running the container ,Docker A set of namespace is created for the container . These provide a layer of isolation . Each aspect of the container runs in a separate namespace , And access to it is limited to the namespace . The namespace is Linux A powerful feature of the kernel . Each container has its own separate namespace , The applications running in it are like running in a separate operating system . The namespace ensures that containers do not affect each other .Docker Engine stay Linux Use the following namespace on ：
A.pid Namespace ： Process isolation (PID： process ID).
B.net Namespace ： Manage network interfaces (NET： The Internet ).
Docker Allows network services to be provided through external access to containers or container interconnections . Some network applications can run in the container , Make these applications accessible to the outside world , Can pass -P or -p Parameter to specify the port mapping .
By default , Containers can actively access connections to external networks , But the external network cannot access the container . Container all connections to external networks , The source address will be NAT Local system IP Address . This is the use of iptables The source address camouflage operation of .
C.ipc Namespace ： Management is right IPC Access to resources (IPC： Interprocess communication ).
D.mnt Namespace ： Managing file system mount points (MNT：mount).
E.uts Namespace ： Isolate kernel and version identifier (UTS：Unix Time sharing system ).
(2). Control group (Control groups, cgroups)：Linux Upper Docker The engine also relies on another technology called control groups .cgroup Limit the application to a specific set of resources . The control group allowed Docker Engine Sharing available hardware resources to containers , And selectively impose restrictions and constraints . for example , You can limit the memory available for a particular container .
The control group is Linux Another key component of the container mechanism , Responsible for the audit and limitation of resources . It provides a lot of useful features , And make sure that each container can share the host's memory fairly 、CPU、 disk IO And so on , Of course , what's more , The control group ensures that the host system is not compromised when the use of resources in the container is under pressure .
(3). Federated file system (Union file systems, or UnionFS)： By creating layers (layers) The file system that operates , Make it very light and fast .Docker Engine Use UnionFS Provide building blocks for containers .Docker Engine Multiple can be used UnionFS variant , Include AUFS、btrfs、vfs and DeviceMapper.
UnionFS It's a kind of layering 、 Lightweight and high performance file system , It supports changes to the file system as a single commit layer upon layer , At the same time, you can mount different directories to the same virtual file system (unite several directories into a single virtual filesystem). The federated file system is Docker The foundation of the mirror . Images can be inherited by layering , Based on the basic image ( No father image ), Can make a variety of specific application image . in addition , Different Docker Containers can share some of the underlying file system layers , At the same time, add their own unique change layer , Greatly improve the efficiency of storage .
(4). Container format (Container format)：Docker Engine Put the namespace 、 Control group and UnionFS Combined into a wrapper called container format . The default container format is libcontainer. future ,Docker It can be done through BSD Jails or Solaris Zones To support other container formats .
Docker Compose： Is used to define and run multiple containers Docker Application tools . adopt Compose, You can use YAML File to configure all the services the application needs , And then by using a command , You can create and start all services .Compose Three steps to use ：
(1). Use Dockerfile Define the environment of the application ;
(2). Use docker-compose.yml Define the services that make up the application , So they can run together in an isolated environment ;
(3). Last , perform docker-compose up Command to start and run the entire application .
Docker Compose yes Docker Official layout (Orchestration) One of the project , Responsible for rapid deployment of distributed applications .Compose Location is ” Define and run multiple Docker Application of containers (Defining and running multi-container Docker applications)”, Its predecessor is open source project Fig.Compose Allow users to pass through a single docker-compose.yml Template file (YAML Format ) To define a set of associated application containers as a project (project).Compose Support Linux、Mac、Windows10 Three platforms .Compose Can pass Python Package management tools pip Installation , You can also download the compiled binary file directly , Even directly in Docker Running in the container .
Docker Swarm： yes Docker Cluster management tool , Its main function is to turn a number of Docker The host is abstracted as a whole , And manage these through a single portal Docker All kinds of things on the mainframe Docker resources . It will Docker The host pool becomes a single virtual Docker host .Docker Swarm Provided with standard Docker API, All that has been associated with Docker Tools for daemons to communicate can be used Swarm Easily scale to multiple hosts .Swarm The cluster is managed by the node (manager) And work nodes (work node) constitute ：
(1).swarm manager： Responsible for the management of the whole cluster, including cluster configuration 、 Service management and all the work related to cluster .
(2).work node： It is mainly responsible for running the corresponding services to perform tasks (task).
Swarm Mode： Refer to Docker Cluster management and choreography functions embedded in the engine . When you initialize a swarm(cluster) Or add nodes to a swarm when , Its Docker The engine will start with swarm mode Form operation .Swarm Mode built-in kv Storage function , There are many new features , such as ： Decentralized design with fault tolerance 、 Built in service discovery 、 Load balancing 、 Routing grid 、 Dynamic scaling 、 Scroll to update 、 Secure transmission, etc .
Docker Machine： yes Docker Official layout (Orchestration) One of the project , Responsible for fast installation on multiple platforms Docker Environmental Science , It's a simplification Docker Command line tools installed , It can be installed on the corresponding platform through a simple command line Docker, And can be used docker-machine Command to manage the host .Docker Machine You can also centrally manage all of docker host , For example, give quickly 100 Server installation docker.Docker Machine The managed virtual host can be on-board , It can also be a cloud provider , Such as ali cloud 、 Tencent cloud . Use docker-machine command , You can start 、 Check 、 Stop and restart the managed host , You can also upgrade Docker Clients and daemons , As well as the configuration Docker The client communicates with your host .
install Docker Machine It needs to be installed before Docker, Can be in accordance with the https://github.com/docker/machine/releases Install according to the instructions in .
Docker Hub： Warehouse (Repository) It's a place where images are centrally stored . at present Docker The government maintains a public warehouse Docker Hub. More than Docker Hub, It's just that remote service providers are different , The operation is the same . Most of the requirements can be met through Docker Hub Download the image directly to realize . step ：
(1). register ： stay https://hub.docker.com Sign up for a free Docker account number ;
(2). Login and logout ： Login requires a user name and password , After successful login , We can go from Docker Hub Pull up and get all the images under your account ：
Sign in ：$ docker login
sign out ：$ docker logout
Can pass docker search Command to find the image in the official warehouse , Such as ubuntu Search for keywords ：$ docker search ubuntu
utilize docker pull Command to download it locally ：$ docker pull ubuntu
After logging in , It can be done by docker push Command to push your own image to Docker Hub, among username For their own Docker Account name ：$ docker push username/ubuntu:18.04
Docker There are two file formats ：Dockerfile and Compose file.Dockerfile Defines the contents of a single container and the behavior at startup .Compose file Defines a multi container application .
(1).Dockerfile：Docker According to Dockerfile The content of , Build images automatically .Dockerfile It's the text that contains all the commands the user wants to build the image .
Dockerfile It's a text file , It contains a line of instructions (Instruction), Each instruction builds a layer , So the content of each instruction , That describes how the layer should be built .
(2).Compose file ： It's a YAML file , Defined Services (service)、 The Internet 、 volume (volume).
Docker By default , All files will be stored in a writable container layer in the container (container layer). Containers have two ways of permanent storage ： volume (volumes) And binding mount (bind mounts). in addition ,Linux Users can also use tmpfs Mount ;Windows Users can also use the command pipeline (named pipe). In the container , Whatever kind of permanent storage , The form of expression is the same .
(1). volume (volumes)： Is part of the host machine's file system , from Docker Conduct management ( stay Linux, Store in /var/lib/docker/volumes/). Not Docker The program should not modify these files .Docker It is recommended to use volumes to persist data . Volume can support volume drive (volume drivers), The driver allows users to store data to a remote host or cloud service provider (cloud provider) Or other . A volume without a name is called an anonymous volume (anonymous volume), A volume with a name is called a named volume (named volume). The anonymous volume doesn't have a clear name , When initialized , Will be given a random name .
A volume is a special directory that can be used by one or more containers , It bypasses UFS, There are many useful features available ：A. Volumes can be shared and reused between containers ;B. Changes to the volume will take effect immediately ;C. Updating the volume , It doesn't affect the mirror image ;D. By default, the volume will always exist , Even if the container is deleted .
The use of volumes , Be similar to Linux Proceed to the directory or file below mount, The files in the directory designated as mount point in the image are copied to the volume ( Copy only when the volume is empty ). Volumes are designed to persist data , Its lifecycle is independent of the container ,Docker The volume is not automatically deleted after the container is deleted , And there's no garbage collection mechanism to handle volumes that don't have any container references .
(2). Bind mount (bind mounts)： By mounting the path of the host machine into the container , Thus data persistence , So a bind mount can store data anywhere in the host machine's file system . Not Docker The program can modify these files . Binding mount is Docker Early on , Compared to rolling up , Binding mount is very simple and straightforward . Developing Docker When applied , Named volumes should be used (named volume) Mount instead of binding , Because the user cannot mount the binding Docker CLI The command operation .
Binding mount is often used for ：A. Synchronize profile , Such as ： Will host host host's DNS The configuration file (/etc/resolv.conf) Synchronize to the container ;B. When developing programs , Source code or Artifact Synchronize to the container . This usage is similar to Vagrant similar .
(3).tmpfs mount (tmpfs mouts)： It's just stored in memory , Does not operate the host machine's file system ( Not persistent on disk ). It can be used to store some non persistent state 、 sensitive data .
(4). name pipes (named pipes)： adopt npipe The form of mounting , send Docker Host and container can communicate with each other . A common use case is to run a third-party tool within a container , And use named pipes to connect to Docker Engine API.
(5). Cover the problem ： When mounting an empty volume into a directory , The contents of the directory are copied into the volume ( Will not cover ). If you mount a non empty volume or bind to a directory , Then the contents of the directory will be hidden (obscured), When unloaded, the content will be displayed again .
journal ： Under default configuration ,Docker Log ( Such as ：docker logs、docker service log) What is recorded is the output of the command line (STDOUT and STDERR). and STDOUT and STDERR The corresponding file paths are /dev/stderr and /dev/stdout. in addition , You can also view the container log on the host .
All of the above are from the network , Main reference ：