This article brings you relevant knowledge about docker file layering. This article uses a docker container example to describe some principles of docker file layering. I hope it will be helpful to everyone.
Knowledge Preparation
- Docker actually uses some features of the Linux Kernel to achieve resource isolation, and the file system is one of them. However, in order to enable resources to be utilized more efficiently, Docker adopts a hierarchical file system structure to implement the container's file system.
- Personally, I think the principle is a bit like the concept of parallel universes. Some people believe that there are parallel universes in our universe, that is, the different choices we make will distribute different universes and continue to run. To dream is to travel among these parallel universes. It is somewhat similar here. After we package an image and run it through docker run, a different universe is actually created on this basis. As the container continues to run, the content of the container will be the same as that of the original image. Things will have many deviations and diffs, and gradually form a universe of their own.
Docker file system
The file system layering status of each container can be obtained from docker inspect [container-id] --format={{.GraphDriver}}
{map[LowerDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b-init/diff:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/diff MergedDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b/merged UpperDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b/diff WorkDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b/work] overlay2}
There are mainly four types
LowerDir
This is that all containers based on this image will point to the same file system, which is the image layer, and all containers will use it. this layer.
So where does this layer come from? We can look at the image we use
MergedDir
This is a different container that combines the Lower layer and the Upper layer , to provide the final file system in the container
UpperDir
This is to record the operations of different containers, and then through the comparison of the Lower layer, a Merge layer can be generated
WorkDir
Not yet understood in depth
Example
docker run -d alpine:latest
View the file system information of the mirror layer
docker inspect alpine --format={{.GraphDriver}}
{map[MergedDir:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/merged UpperDir:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/diff WorkDir:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/work] overlay2}
Notice UpperDir, this is the upper layer of the mirror , that is, we can make modifications at this level, which will affect the container created later
View the file system information of the container
docker inspect 9a118484ba --format={{.GraphDriver}}
{map[LowerDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14-init/diff:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/diff MergedDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14/merged UpperDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14/diff WorkDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14/work] overlay2}
You can see the Lower layer of the container, which is the mirror In the upper layer, the modifications we make to the container will be reflected in the upper layer, and the merged layer will be organized and displayed to the container.
We can use the command line to check the changes in the container file system
docker diff 9a118484ba
Since we have not operated the container, there is no difference between the container and the image now
We Start another container and let it sleep for 300 seconds, and then go into the container to modify some file information
# docker exec -it ca91bb /bin/sh / # echo "helloWorld" > /tmp/hello.txt
Check the changes in the container file system
docker diff ca91bbffb801 C /root C /root/.ash_history C /tmp A /tmp/hello.txt
You can see that we have done something to the file system These changes have been recorded
These contents are actually in the directory of UpperDir
tree -L 1 diff/ diff/ ├── root └── tmp2 directories, 0 files
Modify the container content from the host
-
From From the above experiment, we can know that the upper layer is the added content. It is merged with the lower layer to reflect the changes in the container. So can we directly modify the upper layer to operate the container?
We add a directory demo in the directory where upper is located, and touch a file in it
# tree -L 2 ./ ./ ├── demo │ └── mytest.log ├── root └── tmp └── hello.txt
We see if we can see the file we created from the container
/demo # pwd /demo /demo # ls mytest.log
You can see that it has taken effect, so if we want to initialize this container, we can directly delete all the contents of the upper layer.
Application
-
Find software installation traces
In the process of previous projects, customers always needed us to provide, We have never found a better way to provide customers with exactly what content our agent software will modify. Judging from the application of this docker layered file, we can deploy the agent on a container, and then it can be seen clearly at a glance Discover which directories and files the software will modify.
Quickly restore container
Quickly interact with the container file system
Protect the underlying file system Not destroyed
Save host space
Recommended study: "docker video tutorial"
The above is the detailed content of An in-depth analysis of docker file layering (detailed examples). For more information, please follow other related articles on the PHP Chinese website!

Docker simplifies application deployment and management on Linux. 1) Docker is a containerized platform that packages applications and their dependencies into lightweight and portable containers. 2) On Linux, Docker uses cgroups and namespaces to implement container isolation and resource management. 3) Basic usages include pulling images and running containers. Advanced usages such as DockerCompose can define multi-container applications. 4) Debug commonly used dockerlogs and dockerexec commands. 5) Performance optimization can reduce the image size through multi-stage construction, and keeping the Dockerfile simple is the best practice.

Docker is a Linux container technology-based tool used to package, distribute and run applications to improve application portability and scalability. 1) Dockerbuild and dockerrun commands can be used to build and run Docker containers. 2) DockerCompose is used to define and run multi-container Docker applications to simplify microservice management. 3) Using multi-stage construction can optimize the image size and improve the application startup speed. 4) Viewing container logs is an effective way to debug container problems.

Docker container startup steps: Pull the container image: Run "docker pull [mirror name]". Create a container: Use "docker create [options] [mirror name] [commands and parameters]". Start the container: Execute "docker start [Container name or ID]". Check container status: Verify that the container is running with "docker ps".

The methods to view Docker logs include: using the docker logs command, for example: docker logs CONTAINER_NAME Use the docker exec command to run /bin/sh and view the log file, for example: docker exec -it CONTAINER_NAME /bin/sh ; cat /var/log/CONTAINER_NAME.log Use the docker-compose logs command of Docker Compose, for example: docker-compose -f docker-com

You can query the Docker container name by following the steps: List all containers (docker ps). Filter the container list (using the grep command). Gets the container name (located in the "NAMES" column).

Create a container in Docker: 1. Pull the image: docker pull [mirror name] 2. Create a container: docker run [Options] [mirror name] [Command] 3. Start the container: docker start [Container name]

Four ways to exit Docker container: Use Ctrl D in the container terminal Enter exit command in the container terminal Use docker stop <container_name> Command Use docker kill <container_name> command in the host terminal (force exit)

Methods for copying files to external hosts in Docker: Use the docker cp command: Execute docker cp [Options] <Container Path> <Host Path>. Using data volumes: Create a directory on the host, and use the -v parameter to mount the directory into the container when creating the container to achieve bidirectional file synchronization.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool

Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

SublimeText3 Linux new version
SublimeText3 Linux latest version

MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.