Basic principle of docker

Posted by joshbb on Tue, 08 Feb 2022 13:27:12 +0100

1. What is docker?

  • 1.docker is the most widely used open source container engine
    • Container:
      • 1) Container is a virtualization technology at the operating system level. Running a container is like running a process
      • 2) Containers rely on Linux kernel features: Namespace (resource isolation) and Cgroups (resource restriction)
  • 2. A basic virtualization technology of operating system
    • The VMware virtual machine we usually use is virtualization technology
    • Under one operating system, virtual machines of other operating systems
  • 3. A simple application packaging tool
  • 4. Rely on Linux kernel features namespace (resource isolation) and Cgroup (resource restriction)
docker run -itd -p 91:80 nginx

1.1 resource isolation and resource limitation

  • Resource isolation
    • 1) The Linux Namespaces mechanism provides a resource isolation scheme, and each namespace looks like a separate Linux system.
    • 2) PID, IPC (process communication), Network and other system resources are no longer global, but belong to a specific Namespace.
    • 3) Resources in each namespace are transparent and invisible to resources in other namespaces.
    • 4) Two processes with process numbers 0, 1 and 2 can exist in the system at the same time. Because they belong to different namespace s, they do not conflict.
    • 5) At the user level, you can only see the resources belonging to the user's own namespace. For example, using the ps command can only list the processes in your own namespace.
    • 6) In this way, each namespace looks like a separate Linux system.
  • Resource constraints
    • 1) In order to make the processes in the container more controllable, docker uses Linux cgruops to limit the system resources allowed by the processes in the container
    • 2) You can specify that each container can use network, disk, CPU, and memory when you start the container

2. Installing docker for Ubuntu

Installation of docker

# 1. Uninstall the old version
sudo apt-get remove docker docker-engine containerd runc

# 2. Update the apt source index of ubuntu
# Modify the domestic source of apt to the source of China University of science and technology
sudo cp /etc/apt/sources.list /etc/apt/sources.list.bak
sudo sed -i 's/' /etc/apt/sources.list
sudo apt update

#3. The installation package allows apt to use the warehouse through HTTPS
sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \

#4. Add Docker official GPG key
curl -fsSL | sudo apt-key add -

#5. Set up Docker stable version warehouse (domestic sources are used for domestic use)
#5.1 setting alicloud
sudo add-apt-repository "deb [arch=amd64] $(lsb_release -cs) stable"
#5.2 setting the use of official, very slow (not recommended)
sudo add-apt-repository \
   "deb [arch=amd64] \
   $(lsb_release -cs) \
#6. Update apt source index after adding warehouse
sudo apt-get update

#7. Install the latest version of Docker CE (community version)
sudo apt-get install docker-ce

#8. Check whether the docker is installed correctly
sudo docker run hello-world

2.2docker defaults to foreign image sources and can be replaced with domestic image sources

root@linux-node1 django-docker]# vim /etc/docker/daemon.json    # Set docker image source
    "registry-mirrors": [""]
    "registry-mirrors": [""]

[root@linux-node2 ~]# systemctl daemon-reload                   # Reload file
[root@linux-node2 ~]# systemctl restart docker                  # Restart docker to take effect

2.3 dock startup configuration

# Start Docker service and set startup
systemctl start docker
systemctl enable docker

2.4 simple use of docker

# 1. Create an nginx container
 docker run -it nginx
 # 2. Check the container in which docker runs (you can get the ID of this container)
 docker ps
 # 3. Access this container
 # Enter the nginx container (the file system entered is completely isolated from the host, and has its own independent file system)
 docker exec -it 73877e65c07d bash
 # 4. View the IP address of the current container
 docker inspect 73877e65c07d   # 73877e65c07d is the container ID viewed through docekr ps
 curl               # Test whether the nginx container can be accessed

Topics: Docker