Docker image explanation


What is mirroring

Image is a lightweight and executable independent software package, which is used to package the software running environment and the software developed based on the running environment. It contains all the contents required to run a software, including code, runtime, library, environment variables and configuration files.

All applications can run directly by directly packaging the docker image

How to get the image:

  • Remote warehouse
  • Make an image dockerfile by yourself

Principle of docker image loading

Unionfs (Federated file system)

Union fs (Federated file system): Union file system (Union FS) is a layered, lightweight and high-performance file system. It supports the modification of file system
As a layer by layer superposition of one submission, different directories can be mounted under the same virtual file system (unit severe directories into a single virtual)
filesystem)。 The union file system is the foundation of docker image. Images can be inherited through hierarchy. Based on the basic image (without parent image), each image can be made
A specific application image.

Features: multiple file systems are loaded at the same time, but from the outside, only one file system can be seen. Joint loading will stack the file systems of each layer, so that the final
The file system contains all the underlying files and directories

Docker image loading principle

The image of docker is actually composed of a layer by layer file system, which is called unionfs

Bootfs (boot file system) mainly includes bootloader and kernel. Bootloader is mainly used to boot and load the kernel. Bootfs file system will be loaded when Linux starts up. Bootfs is at the bottom of docker image. This - layer is the same as our typical Linux / unix system, including boo loader and kernel. After the boot is loaded, the whole kernel is in memory. At this time, the right to use the memory has been transferred from bootfs to the kernel. At this time, the system will also uninstall bootfs

Rootfs (root file system), above bootfs. It contains standard directories and files such as / dev, / proc, / bin, / etc in a typical Linux system. Rootfs is a variety of operating system distributions, such as Ubuntu, CentOS and so on.

Docker image explanation

Usually, the CentOS installed into the virtual machine are several gigabytes. Why is docker only 200MB

Docker image explanation

For a streamlined OS, rootfs can be very small. It only needs to contain the most basic commands, tools and program libraries. Because the underlying layer directly uses the host kernel, it only needs to provide rootfs. Therefore, for different Linux distributions, bootfs are basically the same, and rootfs will be different. Therefore, different distributions can share bootfs.

Hierarchical understanding

Tiered mirroring

We can download an image and observe the log output of the download. We can see that it is downloading layer by layer.

Docker image explanation

Why does the docker image adopt this hierarchical structure

The biggest advantage is resource sharing. For example, if multiple images are built from the same base image, the host only needs to keep one base image on the disk, and only one base image needs to be loaded in memory. In this way, it can serve all containers, and each layer of the image can be shared.

You can view the hierarchy of a mirror throughdocker image inspectCommand.

$  docker image inspect redis:latest
        "RootFS": {
            "Type": "layers",
            "Layers": [
        "Metadata": {
            "LastTagTime": "0001-01-01T00:00:00Z"
  • understand
All docker images start from a basic image layer. When modifying or adding new content, a new image layer will be created on top of the current image layer.

For a simple example, if you create a new image based on Ubuntu Linux 16.04, this is the first layer of the image; If a python package is added to the image, a second image layer will be created above the basic image layer; If you continue to add a security patch, a third mirror layer will be created.

The image currently contains three image layers, as shown in the figure below (this is just a simple example for demonstration)

Docker image explanation

While adding additional image layers, it is very important to understand that the image always maintains the combination of all current images. The following figure gives a simple example. Each image layer contains 3 files, and the image contains 6 files from two image layers.

Docker image explanation

The image layer in the above figure is slightly different from that in the previous figure, mainly for the convenience of displaying files.
The following figure shows a slightly complex three-tier image. Externally, there are only 6 image files, because the top-level file 7 is an updated version of file 5.

Docker image explanation

In this case, the files in the upper mirror layer overwrite the files in the lower mirror layer. This allows the updated version of the file to be added to the image as a new image layer.
Docker implements the image layer stack through the storage engine (the new version adopts the snapshot mechanism), and ensures that multiple image layers are displayed as a unified file system.

The storage engines available on Linux include aufs, overlay2, device mapper, Btrfs and ZFS. As the name suggests, each storage engine is based on the corresponding in Linux
File system or block device technology, and each storage engine has its unique performance characteristics.

Docker only supports a Windows filter storage engine on windows, which implements layering and cow based on NTFS file system [1].
The following figure shows the same three-tier image as the system display. All mirror layers are stacked and merged to provide a unified view.

Docker image explanation


Docker images are read-only. After the container is started, a new writable layer is loaded to the top of the image!

This layer is what we usually call the container layer. All the layers below the container layer intersect the mirror layer.

All our operations are based on container operations.

Docker image explanation

In this figure, we can see that the life cycle of docker container is divided into five states, which respectively represent:
    Created: the container has been created, the relevant resources required by the container are ready, but the program in the container is not running.
    Running: the container is running, that is, the applications in the container are running.
    Paused: the container has been paused, which means that all programs in the container are suspended (not stopped).
    Stopped: the container is in the stopped state, the occupied resources and sandbox environment still exist, but the applications in the container have been stopped.
    Deleted: the container has been deleted, and the related resources and management information stored in docker have been released and removed.

Commit image

The docker commit submission container becomes a new copy

#The command works similarly to GIT
$docker commit - M = "submitted description" - a = "author" container ID target image name: [tag]

Actual test

1. Start Tomcat

$  docker run -it --name tomcat02 -p 8080:8080 tomcat:9.0

Docker image explanation

2. Enter Tomcat container

$ docker exec -it tomcat02 /bin/bash

Docker image explanation

3. Submit the operated container as an image through commit! We can then use the modified image, which is our modified image

$ docker commit -a="hudu" -m="add webapps app" a44a58b7174b tomcat02:1.0

Docker image explanation

If you want to save the state of the current container, you can commit through commit to obtain an image, just like the snapshot of the previous VM

This work adoptsCC agreement, reprint must indicate the author and the link to this article

Recommended Today

SQL statement of three-level linkage of provinces, cities and counties

The first is the table creation statement Copy codeThe code is as follows: CREATE TABLE `t_address_province` ( `id` INT AUTO_ Increment primary key comment ‘primary key’,`Code ` char (6) not null comment ‘province code’,`Name ` varchar (40) not null comment ‘province name’)Engine = InnoDB default charset = utf8 comment = ‘province information table’; CREATE TABLE […]