Docker helps you ship code faster, test faster, deploy faster, and shorten the cycle between writing code and running code. Docker does this by combining a lightweight container virtualization platform with workflows and tooling
At its core, Docker provides a way to run almost any application securely isolated in a container.
Surrounding the container virtualization are tooling and a platform which can help you in several ways:
- getting your applications (and supporting components) into Docker containers
- distributing and shipping those containers to your teams for further development and testing
- deploying those applications to your production environment, whether it be in a local data center or the Cloud.
What can I use Docker for? Faster delivery of your applications Docker is perfect for helping you with the development lifecycle. Docker allows your developers to develop on local containers that contain your applications and services. It can then integrate into a continuous integration and deployment workflow.
Deploying and scaling more easily
Docker's container-based platform allows for highly portable workloads. Docker containers can run on a developer's local host, on physical or virtual machines in a data center, or in the Cloud.
Docker is lightweight and fast. It provides a viable, cost-effective alternative to hypervisor-based virtual machines. But it is also useful for small and medium deployments where you want to get more out of the resources you have.
What is Docker's architecture? Docker uses a client-server architecture. The Docker client talks to the Docker daemon The Docker client and daemon communicate via sockets or through a RESTful API.
Inside Docker To understand Docker's internals, you need to know about three components:
- Docker images.
- Docker registries.
- Docker containers.
Docker images A Docker image is a read-only template. Images are used to create Docker containers. Docker images are the build component of Docker.
Docker Registries Docker registries hold images Docker containers
Docker containers are similar to a directory. A Docker container holds everything that is needed for an application to run Each container is created from a Docker image.
Docker containers are the run component of Docker.
So how does Docker work? So far, we've learned that:
- You can build Docker images that hold your applications.
- You can create Docker containers from those Docker images to run your applications.
- You can share those Docker images via Docker Hub or your own registry.
How does a Docker Image work? Docker makes use of union file systems to combine these layers into a single image. Union file systems allow files and directories of separate file systems, known as branches, to be transparently overlaid, forming a single coherent file system.
When you change a Docker image—for example, update an application to a new version— a new layer gets built. Thus, rather than replacing the whole image or entirely rebuilding, as you may do with a virtual machine, only that layer is added or updated. Each instruction creates a new layer in our image:called a Dockerfile.
How does a container work?The Docker image is read-only. When Docker runs a container from an image, it adds a read-write layer on top of the image (using a union file system as we saw earlier) in which your application can then run. What happens when you run a container? Either by using the docker binary or via the API, the Docker client tells the Docker daemon to run a container. $ sudo docker run -i -t ubuntu /bin/bash
- What Docker image to build the container from, here ubuntu, a base Ubuntu image;
- The command you want to run inside the container when it is launched, here /bin/bash, to start the Bash shell inside the new container.
Some of the namespaces that Docker uses are:
- The pid namespace: Used for process isolation (PID: Process ID).
- The net namespace: Used for managing network interfaces (NET: Networking).
- The ipc namespace: Used for managing access to IPC resources (IPC: InterProcess Communication).
- The mnt namespace: Used for managing mount-points (MNT: Mount).
- The uts namespace: Used for isolating kernel and version identifiers. (UTS: Unix Timesharing System).
Next Step https://docs.docker.com/userguide/
Docker web app about PORT Note: We'll learn more about how to expose ports in Docker images when we learn how to build images.
一方、準仮想化式のハイパーバイザは、ゲストOSのカーネル、正確には、カーネルが物理ハードウェアを制御するために発信する「システムコール」に 手を加えることで運用が可能となる方法です。この、ハイパーバイザによって手を加えられたシステムコールを「ハイパーバイザコール」と呼んで区別します。 最適化されたハイパーバイザコールの恩恵により、高速な処理を行うことが可能となります。 仮想か