An in-depth analysis of docker file layering (detailed examples)

This article brings you relevant knowledge about docker file layering. This article uses a docker container example to describe some principles of docker file layering. I hope it will be helpful to everyone.

Knowledge Preparation

• Docker actually uses some features of the Linux Kernel to achieve resource isolation, and the file system is one of them. However, in order to enable resources to be utilized more efficiently, Docker adopts a hierarchical file system structure to implement the container's file system.
• Personally, I think the principle is a bit like the concept of parallel universes. Some people believe that there are parallel universes in our universe, that is, the different choices we make will distribute different universes and continue to run. To dream is to travel among these parallel universes. It is somewhat similar here. After we package an image and run it through docker run, a different universe is actually created on this basis. As the container continues to run, the content of the container will be the same as that of the original image. Things will have many deviations and diffs, and gradually form a universe of their own.

Docker file system

The file system layering status of each container can be obtained from docker inspect [container-id] --format={{.GraphDriver}}

{map[LowerDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b-init/diff:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/diff MergedDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b/merged UpperDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b/diff WorkDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b/work] overlay2}

There are mainly four types

LowerDir

This is that all containers based on this image will point to the same file system, which is the image layer, and all containers will use it. this layer.

So where does this layer come from? We can look at the image we use

MergedDir

This is a different container that combines the Lower layer and the Upper layer , to provide the final file system in the container

UpperDir

This is to record the operations of different containers, and then through the comparison of the Lower layer, a Merge layer can be generated

WorkDir

Not yet understood in depth

Example

docker run -d alpine:latest

View the file system information of the mirror layer

docker inspect alpine --format={{.GraphDriver}}

{map[MergedDir:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/merged UpperDir:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/diff WorkDir:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/work] overlay2}

Notice UpperDir, this is the upper layer of the mirror , that is, we can make modifications at this level, which will affect the container created later

View the file system information of the container

docker inspect 9a118484ba --format={{.GraphDriver}}

{map[LowerDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14-init/diff:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/diff MergedDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14/merged UpperDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14/diff WorkDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14/work] overlay2}

You can see the Lower layer of the container, which is the mirror In the upper layer, the modifications we make to the container will be reflected in the upper layer, and the merged layer will be organized and displayed to the container.

We can use the command line to check the changes in the container file system

docker diff 9a118484ba

Since we have not operated the container, there is no difference between the container and the image now

We Start another container and let it sleep for 300 seconds, and then go into the container to modify some file information

# docker exec -it ca91bb /bin/sh

/ # echo "helloWorld" > /tmp/hello.txt

Check the changes in the container file system

docker diff ca91bbffb801

C /root
C /root/.ash_history
C /tmp
A /tmp/hello.txt

You can see that we have done something to the file system These changes have been recorded

These contents are actually in the directory of UpperDir

tree -L 1 diff/

diff/
├── root
└── tmp2 directories, 0 files

Modify the container content from the host

• From From the above experiment, we can know that the upper layer is the added content. It is merged with the lower layer to reflect the changes in the container. So can we directly modify the upper layer to operate the container?

  We add a directory demo in the directory where upper is located, and touch a file in it

  # tree -L 2 ./
  
  ./
  ├── demo
  │   └── mytest.log
  ├── root
  └── tmp
      └── hello.txt

  We see if we can see the file we created from the container

  /demo # pwd
  /demo
  /demo # ls
  mytest.log

  You can see that it has taken effect, so if we want to initialize this container, we can directly delete all the contents of the upper layer.

Application

• Find software installation traces

  In the process of previous projects, customers always needed us to provide, We have never found a better way to provide customers with exactly what content our agent software will modify. Judging from the application of this docker layered file, we can deploy the agent on a container, and then it can be seen clearly at a glance Discover which directories and files the software will modify.

• Quickly restore container

• Quickly interact with the container file system

• Protect the underlying file system Not destroyed

• Save host space

Recommended study: "docker video tutorial"

The above is the detailed content of An in-depth analysis of docker file layering (detailed examples). For more information, please follow other related articles on the PHP Chinese website!