Operation and MaintenanceDockerDocker image principle: joint file system and layered understanding (detailed examples)Docker image principle: joint file system and layered understanding (detailed examples)
This article brings you relevant knowledge about the joint file system and layered understanding of Docker image principles, including issues related to joint file systems, hierarchical structures and layered practices. I hope it will be helpful to everyone.
Docker——Union file system and layered understanding of mirroring principle
1. Union file system
UnionFS( Union File System)
UnionFS (Union File System): Union File System (UnionFS) is a hierarchical, lightweight and high-performance file system that supports modifications to the file system as One submission can be applied layer by layer, and different directories can be mounted to the same virtual file system (unite several directories into a single virtual file system). The Union file system is the basis of Docker images. Images can be inherited through layering. Based on the base image (without a parent image), various specific application images can be produced.
In addition, different Docker containers can share some basic file system layers, and at the same time add their own unique change layers, greatly improving storage efficiency.
The AUFS (AnotherUnionFS) used in Docker is a union file system. AUFS supports setting readonly, readwrite, and whiteout-able permissions for each member directory (similar to Git branches). At the same time, AUFS has a concept similar to hierarchies. For read-only permissions, Permission branches can be logically modified incrementally (without affecting the read-only part).
Docker currently supports joint file system types including AUFS, btrfs, vfs and DeviceMapper.
Features: Load multiple file systems at the same time, but from the outside, only one file system can be seen. Joint loading will superimpose each layer of file systems, so that the final file system will include all underlying files. files and directories.
base mirror
base mirror simply means that it does not depend on any other mirror. It is built completely from scratch. Other mirrors are built on top of it. It can be compared to the foundation of a building and the origin of docker mirroring.
The base image has two meanings: (1) It does not depend on other images and is built from scratch; (2) Other images can be expanded based on it.
So, what can be called a base image are usually Docker images of various Linux distributions, such as Ubuntu, Debian, CentOS, etc.
Docker image loading principle
Docker's image is actually composed of layer by layer file systems, and this layer of file system is UnionFS.
Typical Linux requires two FSs to start and run, bootfs rootfs:
bootfs (boot file system) mainly includes bpotloader and kernel, and bootloader mainly Boot loading kernel, Linux will load the bootfs file system when it first starts. The bottom layer of the Docker image is bootfs. This layer is the same as our typical Linux/Unix system, including the boot loader bootloader and kernel kernel. When the boot loading is completed, the entire kernel is in the memory. At this time, the right to use the memory has been transferred from bootfs to the kernel. At this time, the system will also uninstall bootfs.
rootfs (root file system), on top of bootfs. Contains standard directories and files such as /dev, /proc, /bin, /etc and so on in typical Linux systems. Roots are various operating system distributions, such as Ubuntu, Centos, etc.
Why is there no kernel in the Docker image?
In terms of image size, a relatively small image is only a little over 1KB, or a few MB, while the kernel file requires several Ten MB, so there is no kernel in the image. After being started as a container, the image will directly use the host's kernel, and the image itself only provides the corresponding rootfs, which is the user space file system necessary for the normal operation of the system, such as /dev/, /proc, /bin, /etc and other directories, so there is basically no /boot directory in the container, and /boot stores files and directories related to the kernel.
Since the container starts and runs directly using the host's kernel and does not directly call the physical hardware, it does not involve hardware drivers, so the kernel and drivers are not used. And if virtual machine technology, each virtual machine has its own independent kernel
2. Hierarchical structure
Docker image is a hierarchical structure, each layer is built on other layers Above, to achieve the function of incrementally adding content, the Docker image is also downloaded in layers. Take downloading the redis image as an example:
As you can see, the new image is generated layer by layer from the base image. Each time you install a piece of software, you add a layer to the existing image.
Why does Docker image adopt this hierarchical structure?
The biggest benefit is resource sharing. For example, if multiple images are built from the same Base image, then the host only needs to keep one base image on the disk, and only one base image needs to be loaded into the memory, so that it can serve all containers. , and each layer of the image can be shared.
Writable container layer
Docker images are read-only. When the container starts, a new writable layer is loaded into Mirror top.
This new layer is the writable container layer, and everything below the container is called the mirror layer.
Docker uses a copy-on-write strategy to ensure the security of the base image, as well as higher performance and space utilization.
- When the container needs to read a file
Start from the top image layer and search downwards. After finding it, read it into the memory. If it is already in the memory, , can be used directly. In other words, Docker containers running on the same machine share the same files at runtime.
- When the container needs to modify a file
Search from top to bottom and copy it to the container layer after finding it. For the container, what you can see is the container layer For this file, you cannot see the files in the image layer, and then directly modify the files in the container layer.
- When the container needs to delete a file
Search from top to bottom, and after finding it, record the deletion in the container. It is not a real deletion, but a soft deletion. This causes the image size to only increase, not decrease.
- When the container needs to add files
Add them directly to the topmost container writable layer without affecting the image layer.
All changes to the container, whether adding, deleting, or modifying files, will only occur in the container layer. Only the container layer is writable, and all image layers below the container layer are read-only, so the image can be shared by multiple containers.
3. Layering practice - commit to submit the image
Create a container through the image, then operate the container layer, keep the image layer unchanged, and then package the container layer and image layer after the operation Submit as a new image.
docker commit: Create a new image with a container.
Syntax:
docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
OPTIONS Description:
- **-a*The mirror author submitted;
- **-c *Use Dockerfile instructions to create the image;
- **-m *Descriptive text when submitting;
- **-p *Pause the container when committing.
Usage example: Create a container through an image, then operate the container layer, and then package the operated container layer and image layer into a new image for submission.
1. First download the tomcat image
2. Create and run the tomcat container through the tomcat image:
docker run -d --name="tomcat01" tomcat
3. Enter the running tomcat container:
docker exec -it tomcat01 /bin/bash
4. Copy the files in the tomcat container webapps.dist directory to the webapps directory:
cp -r webapps.dist/* webapps
5. Docker commit commit image
Save the container dc904437d987 as a new image, And add the submitter information and description information. The submitted image is named tomcatplus and the version is 1.0:
docker commit -a="wanli" -m="add webapps files" dc904437d987 tomcatplus:1.0
You can see that the new tomcat image size after commit is larger than the original one. The tomcat image is a little larger because we copy files in the container layer.
Recommended learning: "docker video tutorial"
The above is the detailed content of Docker image principle: joint file system and layered understanding (detailed examples). For more information, please follow other related articles on the PHP Chinese website!
Docker on Linux: Best Practices and TipsApr 13, 2025 am 12:15 AMBest practices for using Docker on Linux include: 1. Create and run containers using dockerrun commands, 2. Use DockerCompose to manage multi-container applications, 3. Regularly clean unused images and containers, 4. Use multi-stage construction to optimize image size, 5. Limit container resource usage to improve security, and 6. Follow Dockerfile best practices to improve readability and maintenance. These practices can help users use Docker efficiently, avoid common problems and optimize containerized applications.
Using Docker with Linux: A Comprehensive GuideApr 12, 2025 am 12:07 AMUsing Docker on Linux can improve development and deployment efficiency. 1. Install Docker: Use scripts to install Docker on Ubuntu. 2. Verify the installation: Run sudodockerrunhello-world. 3. Basic usage: Create an Nginx container dockerrun-namemy-nginx-p8080:80-dnginx. 4. Advanced usage: Create a custom image, build and run using Dockerfile. 5. Optimization and Best Practices: Follow best practices for writing Dockerfiles using multi-stage builds and DockerCompose.
Docker Monitoring: Gathering Metrics and Tracking Container HealthApr 10, 2025 am 09:39 AMThe core of Docker monitoring is to collect and analyze the operating data of containers, mainly including indicators such as CPU usage, memory usage, network traffic and disk I/O. By using tools such as Prometheus, Grafana and cAdvisor, comprehensive monitoring and performance optimization of containers can be achieved.
Docker Swarm: Building Scalable and Resilient Container ClustersApr 09, 2025 am 12:11 AMDockerSwarm can be used to build scalable and highly available container clusters. 1) Initialize the Swarm cluster using dockerswarminit. 2) Join the Swarm cluster to use dockerswarmjoin--token:. 3) Create a service using dockerservicecreate-namemy-nginx--replicas3nginx. 4) Deploy complex services using dockerstackdeploy-cdocker-compose.ymlmyapp.
Docker with Kubernetes: Container Orchestration for Enterprise ApplicationsApr 08, 2025 am 12:07 AMHow to use Docker and Kubernetes to perform container orchestration of enterprise applications? Implement it through the following steps: Create a Docker image and push it to DockerHub. Create Deployment and Service in Kubernetes to deploy applications. Use Ingress to manage external access. Apply performance optimization and best practices such as multi-stage construction and resource constraints.
Docker Troubleshooting: Diagnosing and Resolving Common IssuesApr 07, 2025 am 12:15 AMDocker FAQs can be diagnosed and solved through the following steps: 1. View container status and logs, 2. Check network configuration, 3. Ensure that the volume mounts correctly. Through these methods, problems in Docker can be quickly located and fixed, improving system stability and performance.
Docker Interview Questions: Ace Your DevOps Engineering InterviewApr 06, 2025 am 12:01 AMDocker is a must-have skill for DevOps engineers. 1.Docker is an open source containerized platform that achieves isolation and portability by packaging applications and their dependencies into containers. 2. Docker works with namespaces, control groups and federated file systems. 3. Basic usage includes creating, running and managing containers. 4. Advanced usage includes using DockerCompose to manage multi-container applications. 5. Common errors include container failure, port mapping problems, and data persistence problems. Debugging skills include viewing logs, entering containers, and viewing detailed information. 6. Performance optimization and best practices include image optimization, resource constraints, network optimization and best practices for using Dockerfile.
Docker Security Hardening: Protecting Your Containers From VulnerabilitiesApr 05, 2025 am 12:08 AMDocker security enhancement methods include: 1. Use the --cap-drop parameter to limit Linux capabilities, 2. Create read-only containers, 3. Set SELinux tags. These strategies protect containers by reducing vulnerability exposure and limiting attacker capabilities.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Atom editor mac version download
The most popular open source editor
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
Dreamweaver CS6
Visual web development tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
