Home > Article > Operation and Maintenance > An in-depth analysis of docker file layering (detailed examples)
An in-depth analysis of docker file layering (detailed examples)
- WBOYforward
- 2022-01-28 17:09:333714browse
This article brings you relevant knowledge about docker file layering. This article uses a docker container example to describe some principles of docker file layering. I hope it will be helpful to everyone.
Knowledge Preparation
- Docker actually uses some features of the Linux Kernel to achieve resource isolation, and the file system is one of them. However, in order to enable resources to be utilized more efficiently, Docker adopts a hierarchical file system structure to implement the container's file system.
- Personally, I think the principle is a bit like the concept of parallel universes. Some people believe that there are parallel universes in our universe, that is, the different choices we make will distribute different universes and continue to run. To dream is to travel among these parallel universes. It is somewhat similar here. After we package an image and run it through docker run, a different universe is actually created on this basis. As the container continues to run, the content of the container will be the same as that of the original image. Things will have many deviations and diffs, and gradually form a universe of their own.
Docker file system
The file system layering status of each container can be obtained from docker inspect [container-id] --format={{.GraphDriver}}
{map[LowerDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b-init/diff:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/diff MergedDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b/merged UpperDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b/diff WorkDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b/work] overlay2}
There are mainly four types
LowerDir
This is that all containers based on this image will point to the same file system, which is the image layer, and all containers will use it. this layer.
So where does this layer come from? We can look at the image we use
MergedDir
This is a different container that combines the Lower layer and the Upper layer , to provide the final file system in the container
UpperDir
This is to record the operations of different containers, and then through the comparison of the Lower layer, a Merge layer can be generated
WorkDir
Not yet understood in depth
Example
docker run -d alpine:latest
View the file system information of the mirror layer
docker inspect alpine --format={{.GraphDriver}}
{map[MergedDir:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/merged UpperDir:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/diff WorkDir:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/work] overlay2}
Notice UpperDir, this is the upper layer of the mirror , that is, we can make modifications at this level, which will affect the container created later
View the file system information of the container
docker inspect 9a118484ba --format={{.GraphDriver}}
{map[LowerDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14-init/diff:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/diff MergedDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14/merged UpperDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14/diff WorkDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14/work] overlay2}
You can see the Lower layer of the container, which is the mirror In the upper layer, the modifications we make to the container will be reflected in the upper layer, and the merged layer will be organized and displayed to the container.
We can use the command line to check the changes in the container file system
docker diff 9a118484ba
Since we have not operated the container, there is no difference between the container and the image now
We Start another container and let it sleep for 300 seconds, and then go into the container to modify some file information
# docker exec -it ca91bb /bin/sh / # echo "helloWorld" > /tmp/hello.txt
Check the changes in the container file system
docker diff ca91bbffb801 C /root C /root/.ash_history C /tmp A /tmp/hello.txt
You can see that we have done something to the file system These changes have been recorded
These contents are actually in the directory of UpperDir
tree -L 1 diff/ diff/ ├── root └── tmp2 directories, 0 files
Modify the container content from the host
-
From From the above experiment, we can know that the upper layer is the added content. It is merged with the lower layer to reflect the changes in the container. So can we directly modify the upper layer to operate the container?
We add a directory demo in the directory where upper is located, and touch a file in it
# tree -L 2 ./ ./ ├── demo │ └── mytest.log ├── root └── tmp └── hello.txt
We see if we can see the file we created from the container
/demo # pwd /demo /demo # ls mytest.log
You can see that it has taken effect, so if we want to initialize this container, we can directly delete all the contents of the upper layer.
Application
-
Find software installation traces
In the process of previous projects, customers always needed us to provide, We have never found a better way to provide customers with exactly what content our agent software will modify. Judging from the application of this docker layered file, we can deploy the agent on a container, and then it can be seen clearly at a glance Discover which directories and files the software will modify.
Quickly restore container
Quickly interact with the container file system
Protect the underlying file system Not destroyed
Save host space
Recommended study: "docker video tutorial"
The above is the detailed content of An in-depth analysis of docker file layering (detailed examples). For more information, please follow other related articles on the PHP Chinese website!