Home>Article> Since Docker is restricted and included in the "Entity List", let's talk about why Docker is so important?

Since Docker is restricted and included in the "Entity List", let's talk about why Docker is so important?

青灯夜游
青灯夜游 forward
2020-08-19 14:07:13 5250browse

News:

On August 13, Docker updated its website service agreement to prohibit organizations and individuals from embargoed countries and those included in multiple lists such as the U.S. "Entity List" from using the service. The protocol's Docker website and all related websites.

This includes: Huawei, Hikvision, Dahua Technology, iFlytek, Megvii Technology, SenseTime and many other technology companies, as well as universities such as Harbin Institute of Technology and Harbin Engineering University.

Since Docker is restricted and included in the Entity List, lets talk about why Docker is so important?

In this article, we will explore the mysterious world of Docker, master the basic principles and practical operations of Docker from scratch, and understand why Docker is so important. [Related recommendations:Docker Video Tutorial]

In the rich Web era, applications are becoming more and more powerful, and at the same time, they are becoming more and more complex. Cluster deployment, isolation environment, grayscale release and dynamic expansion are all indispensable, and containerization has become a necessary bridge in the middle.

Tell a story

In order to better understand what Docker is, let’s tell a story first:

I I needed to build a house, so I moved rocks, chopped wood, drew drawings, and built the house. After a lot of work, the house was finally built.

Since Docker is restricted and included in the Entity List, lets talk about why Docker is so important?

# As a result, after living there for a while, I suddenly wanted to move to the beach. At this time, according to the previous method, I can only go to the beach, move stones, cut wood, draw drawings, and build a house again.

Since Docker is restricted and included in the Entity List, lets talk about why Docker is so important?

#When I was troubled, a magician came and taught me a magic. This magic can make a copy of the house I built, make it a "mirror image", and put it in my backpack.

Since Docker is restricted and included in the Entity List, lets talk about why Docker is so important?

When I get to the beach, I will use this "mirror" to copy a house and move in.

Isn’t it amazing? Corresponding to our project, the house is the project itself, the mirror is the copy of the project, and the backpack is the mirror warehouse.

If you want to dynamically expand the capacity, just take out the project image from the warehouse and copy it as you like. Build?once,Run?anywhere!

No need to worry about version, compatibility, deployment and other issues, completely solving the embarrassment of "crashing once online and building endlessly".

Virtual machines and containers

Before we start, let’s do some basic knowledge reserve:

①Virtual machine: virtualization hardware

Virtual machine Virtual Machine refers to a complete computer system with complete hardware system functions simulated by software and running in a completely isolated environment. Everything that can be done on a physical computer can be done on a virtual machine.

When creating a virtual machine on a computer, you need to use part of the hard disk and memory capacity of the physical machine as the hard disk and memory capacity of the virtual machine.

Each virtual machine has an independent CMOS, hard disk and operating system, and can operate the virtual machine just like a physical machine. Before container technology, the biggest influencer in the industry was virtual machines.

The representatives of virtual machine technology are VMWare and OpenStack.

②Container: virtualizes the operating system layer and is a standard software unit

Its characteristics are as follows:

  • Run anywhere: Containers can package code with configuration files and related dependent libraries to ensure consistent operation in any environment.

  • High resource utilization: Containers provide process-level isolation, so the CPU and memory usage can be set more granularly, thereby making better use of the server's computing resources.

  • Rapid expansion: Each container can run as a separate process and can share the system resources of the underlying operating system, which can speed up the efficiency of starting and stopping the container.

③ Differences and connections:

  • Although a virtual machine can isolate many "children" Computer", but takes up more space and starts slower. Virtual machine software may also cost money, such as VMWare.

  • Container technology does not need to virtualize the entire operating system, but only needs to virtualize a small-scale environment, similar to a "sandbox".

  • Running space, virtual machines generally require several GB to dozens of GB of space, while containers only require MB or even KB level.

Let’s take a look at the comparative data:

Since Docker is restricted and included in the Entity List, lets talk about why Docker is so important?

Virtual machines are virtualization technologies, and Docker is Container technology is lightweight virtualization.

Compared to virtual machines, containers are lighter and faster because they leverage the underlying Linux operating system to run in an isolated environment.

A virtual machine's hypervisor creates a very strong boundary to prevent applications from breaching it, whereas a container's boundary is not as strong.

Get to know Docker

Since Docker is restricted and included in the Entity List, lets talk about why Docker is so important?

## Docker is an open source application container engine that allows developers to package their The application and dependency packages are put into a portable container and then published to any popular Linux machine, which can also be virtualized. Containers completely use the sandbox mechanism and will not have any interfaces with each other.

The three core concepts of Docker technology are:

  • Mirror Image

  • Container Container

  • Warehouse Repository

What is the reason why Docker is lightweight? I believe you will also have this doubt: Why does Docker start so quickly? How to share the kernel with the host?

When we request Docker to run a container, Docker will set up a resource isolation environment on the computer.

Then copy the packaged application and associated files to the file system within the Namespace. At this time, the configuration of the environment is completed. Docker will then execute the command we specified in advance to run the application.

The image does not contain any dynamic data, and its content will not be changed after it is built.

Core concepts

The core concepts are as follows:

  • Build, Ship and Run (Build, transportation, operation).

  • Build once, Run anywhere.

  • Docker itself is not a container, it is a tool for creating containers and an application container engine.

  • Docker’s three core concepts are: Image, Container, and Repository.

  • Docker technology uses the Linux kernel and kernel features such as Cgroups and namespaces to separate processes so that they can run independently of each other.

  • Since the Namespace and Cgroups features are only available on Linux, containers cannot run on other operating systems. So how does Docker run on macOS or Windows? Docker actually uses a trick and installs a Linux virtual machine on a non-Linux operating system and then runs the container inside the virtual machine.

  • An image is an executable package that contains the code, runtime, libraries, environment variables, and configuration files required to run an application. The container is the runtime instance of the image.

For more about the principles of Docker, you can check out "Docker Working Principles and Containerization Simple Guide", which will not be repeated here:

http:// dockone.io/article/8788


Install Docker

①Command line installation

Homebrew's Cask already supports Docker for Mac, so you can easily use Homebrew Cask to install, execute the following command:

brew cask install docker

For more installation methods, please check the official documentation:

https://www.docker.com/get-started

②View the version

The command is as follows:

docker -v

③Configure image acceleration

Set Docker Engine Write configuration:

{ registry-mirrors: [ http://hub-mirror.c.163.com/, https://registry.docker-cn.com ], insecure-registries:[], experimental: false, debug: true }

④Install desktop side

Since Docker is restricted and included in the Entity List, lets talk about why Docker is so important?

The operation on the desktop is very simple. First go to the official website to download [1]. Through the Docker desktop, we can easily operate:

  • clone: Clone a project.

  • build: Package image.

  • run: Run the instance.

  • share: share the image.

Okay, the preparations are ready, now you can show off your skills!

Quick Start

After installing Docker, we first make an image of the actual project and learn while using it.

①First of all, we need to have a general understanding of the 11 commands we will use

As shown below:

Since Docker is restricted and included in the Entity List, lets talk about why Docker is so important?

②New project

For the sake of speed, we directly use Vue scaffolding to build the project:

vue create docker-demo

Try to start it:

yarn serve

Access address: http://localhost:8080/. The project is ready, we then package the project:

yarn build

At this time, the Dist in the project directory is the static resource we want to deploy, and we continue to the next step.

Note: Front-end projects are generally divided into two categories, one is static deployment using Nginx directly, and the other requires starting the Node service. In this section we only consider the first type. Regarding the Node service, I will explain it in detail later.

③新建 Dockerfile

命令如下:

cd docker-demo && touch Dockerfile

此时的项目目录如下:

. ├── Dockerfile ├── README.md ├── babel.config.js ├── dist ├── node_modules ├── package.json ├── public ├── src └── yarn.lock

可以看到我们已经在 docker-demo 目录下成功创建了 Dockerfile 文件。

④准备 Nginx 镜像

运行你的 Docker 桌面端,就会默认启动实例,我们在控制台拉取 Nginx 镜像:

docker pull nginx

控制台会出现如下信息:

Using default tag: latest latest: Pulling from library/nginx 8559a31e96f4: Pull complete 8d69e59170f7: Pull complete 3f9f1ec1d262: Pull complete d1f5ff4f210d: Pull complete 1e22bfa8652e: Pull complete Digest: sha256:21f32f6c08406306d822a0e6e8b7dc81f53f336570e852e25fbe1e3e3d0d0133 Status: Downloaded newer image for nginx:latest docker.io/library/nginx:latest

如果你出现这样的异常,请确认 Docker 实例是否正常运行。

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

镜像准备 OK,我们在根目录创建 Nginx 配置文件:

touch default.conf

写入:

server { listen 80; server_name localhost; #charset koi8-r; access_log /var/log/nginx/host.access.log main; error_log /var/log/nginx/error.log error; location / { root /usr/share/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }

⑤配置镜像

打开 Dockerfile ,写入如下内容:

FROM nginx COPY dist/ /usr/share/nginx/html/ COPY default.conf /etc/nginx/conf.d/default.conf

我们逐行解释一下代码:

  • FROM nginx 指定该镜像是基于 nginx:latest 镜像而构建的。

  • COPY dist/ /usr/share/nginx/html/ 命令的意思是将项目根目录下 dist 文件夹中的所有文件复制到镜像中 /usr/share/nginx/html/ 目录下。

  • COPY default.conf /etc/nginx/conf.d/default.conf 将 default.conf 复制到 etc/nginx/conf.d/default.conf,用本地的 default.conf 配置来替换 Nginx 镜像里的默认配置。

⑥构建镜像

Docker 通过 build 命令来构建镜像:

docker build -t jartto-docker-demo .

按照惯例,我们解释一下上述代码:

  • -t 参数给镜像命名 jartto-docker-demo。

  • . 是基于当前目录的 Dockerfile 来构建镜像。

执行成功后,将会输出:

Sending build context to Docker daemon 115.4MB Step 1/3 : FROM nginx ---> 2622e6cca7eb Step 2/3 : COPY dist/ /usr/share/nginx/html/ ---> Using cache ---> 82b31f98dce6 Step 3/3 : COPY default.conf /etc/nginx/conf.d/default.conf ---> 7df6efaf9592 Successfully built 7df6efaf9592 Successfully tagged jartto-docker-demo:latest

镜像制作成功!我们来查看一下容器:

docker image ls | grep jartto-docker-demo

可以看到,我们打出了一个 133MB 的项目镜像:

jartto-docker-demo latest 7df6efaf9592 About a minute ago 133MB

镜像也有好坏之分,后续我们将介绍如何优化,这里可以先暂时忽略。

⑦运行容器

命令如下:

docker run -d -p 3000:80 --name docker-vue jartto-docker-demo

这里解释一下参数:

  • -d 设置容器在后台运行。

  • -p 表示端口映射,把本机的 3000 端口映射到 container 的 80 端口(这样外网就能通过本机的 3000 端口访问了。

  • --name 设置容器名 docker-vue。

  • jartto-docker-demo 是我们上面构建的镜像名字。

补充一点:在控制台,我们可以通过 docker ps 查看刚运行的 Container 的 ID:

docker ps -a

控制台会输出:

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ab1375befb0b jartto-docker-demo /docker-entrypoint.… 8 minutes ago Up 7 minutes 0.0.0.0:3000->80/tcp docker-vue

如果你使用桌面端,那么打开 Docker Dashboard 就可以看到容器列表了,如下图:

Since Docker is restricted and included in the Entity List, lets talk about why Docker is so important?

⑧访问项目

因为我们映射了本机 3000 端口,所以执行:

curl -v -i localhost:3000

或者打开浏览器,访问:localhost:3000。

⑨发布镜像

如果你想为社区贡献力量,那么需要将镜像发布,方便其他开发者使用。

发布镜像需要如下步骤:

  • 登陆 dockerhub[2],注册账号。

  • 命令行执行 docker login,之后输入我们的账号密码,进行登录。

  • 推送镜像之前,需要打一个 Tag,执行 docker tag / :

全流程结束,以后我们要使用,再也不需要「搬石头、砍木头、画图纸、盖房子」了,拎包入住。这也是 Docker 独特魅力所在。

常规操作

到这里,恭喜你已经完成了 Docker 的入门项目!如果还想继续深入,不妨接着往下看看。

①参数使用

FROM:

  • 指定基础镜像,所有构建的镜像都必须有一个基础镜像,且 FROM 命令必须是 Dockerfile 的第一个命令

  • FROM[AS ] 指定从一个镜像构建起一个新的镜像名字

  • FROM[: ] [AS ] 指定镜像的版本 Tag

  • 示例:FROM mysql:5.0 AS database

MAINTAINER:

  • 镜像维护人的信息

  • MAINTAINER

  • 示例:MAINTAINER Jartto Jartto@qq.com

RUN:

  • 构建镜像时要执行的命令

  • RUN

  • 示例:RUN [executable, param1, param2]

ADD:

  • Add and copy local files to the container, the compressed package will be decompressed, you can access the files on the network, and they will be automatically downloaded

  • ADD

  • Example: ADD *.js /app Add js files to the app directory in the container

COPY:

  • The function is the same as ADD, it just copies, and does not decompress or download the file

CMD:

  • The command executed after starting the container is different from RUN. RUN is the command to be run when building the image.

  • When used When docker run runs the container, this can be overridden on the command line

  • Example: CMD [executable, param1, param2]

ENTRYPOINT:

  • is also an execution command, the same as CMD, except that this command will not be overwritten by the command line

  • ENTRYPOINT [executable , param1, param2]

  • ##Example: ENTRYPOINT [donnet, myapp.dll]

##LABEL: Add metadata to the image, key-value form

    LABEL = = ...
  • Example: LABEL version=1.0 description=This is a web application
ENV: Set environment variables, some containers will require certain environment variables when running

    ENV Set one environment variable at a time
  • ##ENV = = = Set multiple environment variables
  • Example: ENV JAVA_HOME /usr/java1.8/
  • EXPOSE: Exposed port to the outside world (the port of the program inside the container, although it will be the same as the host, is actually two ports)

EXPOSE
  • Example: EXPOSE 80
  • When the container is running, you need to use -p to map the external port to access the container The port inside
  • VOLUME: Specifies the directory for data persistence. The official language is called mount

VOLUME /var /log specifies the directory that needs to be mounted in the container. This directory will be mapped to a random directory on the host to achieve data persistence and synchronization.
  • VOLUME [/var/ log,/var/test....] Specify multiple directories in the container that need to be mounted. These directories will be mapped to multiple random directories on the host to achieve data persistence and synchronization
  • VOLUME /var/data var/log specifies the var/log directory in the container to be mounted to the /var/data directory on the host. In this form, the directory on the host can be manually specified
  • WORKDIR: Set the working directory. After setting, the working directories of RUN, CMD, COPY, and ADD will be changed simultaneously

WORKDIR
  • Example: WORKDIR /app/test
  • USER: Specify the user to use when running the command, For the sake of security and permissions, select different users according to the commands to be executed

##USER :[ ]

  • Example: USER test

  • ARG: Set the parameters to be passed to build the image

ARG [= ]

  • ARG name=sss

  • For more operations, please go to the official documentation [3]:

##https://docs.docker.com/


Best Practices

After mastering the regular operations of Docker, we can easily create the project image we want.However, the images produced by different operations are also very different. What exactly causes the mirroring differences? We might as well continue to explore.

The following are the best practices compiled in the process of applying Docker. Please try to follow the following guidelines:

Require Clear: What image is required.

  • Step streamlining: Steps with fewer changes are prioritized.

  • Clear version: The image is named clearly.

  • Documentation: The entire image packaging step can be reproduced.

  • Summary

Containerization technology will definitely be one of the indispensable skills in the cloud era, and Docker is just drop in the ocean. Along with this comes technologies such as cluster container management Kubernetes, Service Mesh, and Istio.

Open the door of Docker, continue to peel off the cocoons, and go deeper layer by layer, you will feel the infinite charm of containerization.

Related links:

  • https://www.docker.com/products/docker-desktop

  • https://hub.docker.com/

  • https://docs.docker.com/

Original address: http://jartto.wang/2020/07/04/learn-docker

Author: jartto

If you want to know more related knowledge, please visit:Docker usage tutorial! !

Statement:
This article is reproduced at:weixin. If there is any infringement, please contact admin@php.cn delete