8 docker knowledge you may not know


Docker has been around for a long time, but there may be many people who are not clear about the concept of docker. So this time, translate 8 docker knowledge you may not know, and introduce the use cases of docker in the production environment.

Since hardware virtualization was widely used in the 1990s, the biggest change for data center is container and container management tools, such as docker. In the past year, docker technology has gradually matured and promoted the development of large start-ups such as twitter and airbnb. It has even won a place in banks, supermarket chains and even NASA’s data center. When I first came to docker a few years ago, I was still skeptical about the future of docker. I think they put the concept of the former Linux container out to the market. But after using docker to successfully carry out several projects such as spantree, I changed my view: docker has helped us save a lot of time and experience, and has become an indispensable tool in our technical team.

Every day, GitHub produces a variety of tools, languages and concepts. If you don’t have the time to test all of them, or even to test docker in person, you can read my article: I will use our experience in docker to tell you what docker is and why docker is so hot.

Docker is a container management tool

Docker is a lightweight, portable and isolated container. It is also an engine that can easily build, transmit and run applications in the container. Different from the traditional virtualization technology, the docker engine does not virtualize a virtual machine, but directly uses the host’s kernel and hardware to run in container applications on the host. Because of this, the performance gap between the application running in the docker container and the application running on the host is almost negligible.

But docker itself is not a container system, but a tool based on the original container tool LxC to create a virtual environment. LxC like tools have been used in production environment for many years. Docker provides more friendly image management tools and deployment tools based on this.

Docker is not a virtualization engine

When docker was first released, many people compared docker with virtual machine VMware, KVM and VirtualBox. Although docker and virtualization technology are similar in terms of function, docker takes a very different approach. Virtual machine is a set of virtual hardware. The disk operation of virtual machine system is actually the operation of virtual disk. When running CPU intensive tasks, the virtual machine “translates” the CPU instructions in the virtual system into the CPU instructions of the host computer and executes them. The memory consumed by two disk layers, two processor schedulers and two operating systems, all of which will bring considerable performance loss. The hardware resources consumed by a virtual machine are equivalent to the corresponding hardware, and the virtual machine running too many on a host will be overloaded. Docker has no such concerns. Docker uses the solution of “container” to run applications: use namespace and CGroup to restrict resources, share the kernel with the host, not virtual disk. All container disk operations are actually correct/var/lib/docker/Operation. In short, docker only runs a limited application on the host.

It is not hard to see from the above that the concept of container and virtual machine are not the same, and container can not replace virtual machine. Where the container force is out of reach, the virtual machine can display its skills. For example: the host computer is Linux, which can only run windows through a virtual machine, and docker cannot. For another example, the host computer is windows. Windows cannot run docker directly. Docker on windows is actually running in the VirtualBox virtual machine.

Docker uses a hierarchical file system

As mentioned earlier, one of the advantages of docker compared with the existing container technology LxC is that docker provides image management. For docker, image is a static, read-only snapshot of the container file system. However, all disk operations in docker are performed on a specific copy on write file system. Here is an example to explain the problem.

For example, if we want to build a container to run Java Web applications, we should use an image with Java installed. In the dockerfile (an instruction file for image generation), you should specify “java image based”, so that docker will go to the docker hub registry to download the java image built in advance. Then in the dockerfile, you can download and unzip the Apache Tomcat software to/opt/tomcatFolder. This command does not have any impact on the original java image, but only adds a change layer on the original image. When a container starts, all the change layers in the container will start, and the container will run from the first layer/usr/bin/javaCommand, and call the/opt/tomcat/binCommand. In fact, every instruction in dockerfile will generate a new change layer, even if only one file is changed. If you have used git, you can understand this more clearly. Every instruction is like every commit, which will leave a record. But for docker, this file system provides more flexibility and can manage applications more easily.

Our spantree team has a self maintained image with Tomcat. Publishing a new version is also very simple: use dockerfile to copy the new version into the image to create a new image, and then label the new image with the version. The difference between different versions of the image is just a 90 MB war file, and they are all based on the same primary image. If you use a virtual machine to maintain these different versions, you need to consume many different disks to store the same system, while using docker requires only a small amount of disk space. Even if we run many instances of this image at the same time, we only need a basic Java / Tomcat image.

Docker saves time

Many years ago, when I was developing software for a chain restaurant, I just needed to write a 12 page word document to describe how to build the environment. For example, local Oracle database, specific version of Java, and other system tools and shared libraries, software packages. The whole construction process wasted almost a day of time for each of our team. If measured by money, it cost us tens of thousands of dollars in time cost. Although customers have become accustomed to this kind of thing, and even think it is the necessary cost to introduce new members, adapt members to the environment, and adapt their employees to our software, we prefer to spend more time on building more business enhancing functions for customers.

If docker was available at that time, the construction environment would be as simple as using the automated build tool puppet / Chef / salt / ansible. We can also shorten the whole build time cycle from one day to a few minutes. However, unlike these tools, docker can not only build the entire environment, but also save the entire environment as a disk file, and then copy it to other places. Do you need to compile node.js from source? Docker can do it. Docker can not only build a node.js environment, but also make the whole environment as a mirror, and then save it anywhere. Of course, because docker is a container, you don’t need to worry about any impact on the host caused by the execution in the container.

Now the new members of our team just need to rundocker-compose upOrder, you can have a cup of coffee, and then start to work.

Docker can save costs

Of course, time is money. In addition to time, docker can save on infrastructure hardware. Research by Gartner and McKinsey shows that data center utilization is about 6% – 12%. Not only that, if you use virtual machines, you also need to passively monitor and set the CPU hard disk and memory utilization of each virtual machine, because static partitioning is used, so resources cannot be fully utilized.. The container can solve this problem: the container can share memory and disk among instances. You can run multiple services on the same host, you can not limit the resources consumed by the container, you can limit the resources, you can stop the container when you don’t need it, and you don’t have to worry about excessive resource consumption when you start a stopped program. At three o’clock in the morning, only a few people will visit your website. At the same time, you need more resources to perform batch processing tasks at night, so you can easily exchange resources.

The memory, hard disk and CPU consumed by the virtual machine are fixed. Generally, the virtual machine needs to be restarted for dynamic adjustment. With docker, you can limit resources. Thanks to CGroup, you can easily adjust resource limits dynamically, and you can also avoid resource restrictions. The application in the docker container is only two isolated applications for the host, not two virtual machines, so the host can also allocate resources by itself.

Docker has a robust image hosting system

As mentioned earlier, this hosting system is called docker hub registry. As of April 29, 2015, there are about 14000 public dockers on the Internet, and most of them are hosted on the docker hub. As GitHub has become a representative of open source projects to a large extent, the official docker hub of docker is already a representative of the public docker image. These images can serve as the basis for your applications and data services.

Thanks to this, you can try the latest technology at will: some people may package the instance of the graphical database as a docker image and host it on it. Another example is gitlab, which is very difficult to build manually. The translator does not recommend ordinary users to build manually. If docker gitlab is used, the image will be built in five seconds. For example, the rails application of a specific Ruby Version, and the. Net application on Linux can be built with a simple docker command.

The official images of docker have official labels, which can ensure the security. However, the security of the third-party image cannot be guaranteed, so please download the third-party image carefully. In the production environment, only the dockerfile provided by the third party can be used to build the image.

About docker GitHub: get a gitlab in 5 seconds

The. Net application and rails application on Linux will be introduced in detail in later articles.

Docker can avoid bugs

Spantree has always been a fan of “immutable infrastructure”. In other words, we try not to upgrade the system or change the settings of the system unless there is a hole such as bleeding from the heart. When adding a new server, we will also build the server system from scratch, import the image directly, put the server into the load balanced cluster, and then perform a health check on the server to be retired, and remove the cluster after the check. Because docker images can be easily imported and exported, we can minimize incompatibilities caused by environment and version problems, and roll back easily even if there are incompatibilities. Of course, with docker, our running environment in production, testing and development is unified. In the past, when collaborative development was carried out, the configuration of computers developed by each person would be different, leading to the situation that “it can run on my computer, how can’t you?” now docker has solved this problem for us.

Docker can only run on Linux at present

As mentioned earlier, docker uses technologies that have been tested in the production environment for a long time. Although these technologies have appeared for a long time, most of them are unique to Linux, such as LxC and CGroup. That is to say, up to now, only services and applications on Linux can be run in the docker container. Microsoft is working closely with docker, and has announced that the next version of windows server will support docker containers, named windows docker. It is estimated that Hyper-V container is the technology used. We are expected to see this version in the next few years.

In addition, tools like boot2docker and docker machine allow us to run docker through virtual machines on MAC and windows.


Quietly, as mentioned in the previous article, the docker installation, docker operation, dockerfile, docker hub, building rails environment, and even. Net environment, segmentfault is organizing to write relevant documents. Welcome to pay attention to us and get more latest tutorials in time.