What is docker container technology

Docker container technology refers to the fact that Docker is a container run by a program written in the GO language, which implements an application-level isolation; docker is designed for developers and system administrators to publish and an open platform for running distributed applications.

The operating environment of this tutorial: linux7.3 system, docker version 19.03, Dell G3 computer.

What is docker container technology

Docker container technology refers to Docker as a "container" (Linux containers, LXCs) run by a program written in the GO language. Docker implements an application level Isolation, it changes our basic development and operation unit from directly operating the virtual host (VM) to a "container" where the operating program runs.

Docker is an open platform designed for developers and system administrators to publish and run distributed applications. Composed of two parts: Docker Engine: a portable, lightweight runtime environment and package manager.

(Note* Single OS vs Single Thread) Docker Hub: A cloud service created for creating automated workflows and sharing applications. (Note* Cloud image/package management vs npm package management, is it particularly similar to npm?)

From March 20, 2013, the first version of Docker was officially released to Docker 1.0 in June 2014 It took 15 months for it to be officially released. Although its development history is very short, Docker is becoming more and more popular. In fact, Container technology is not an innovation of Docker. Cloud service providers such as HeroKu and NodeJitsu have adopted similar lightweight virtualization technology. However, Docker was the first to open source this Container technology on a large scale and was widely accepted by the community.

Container technology expansion

In the computer world, containers have a long and legendary history. Containers are different from hypervisor virtualization HV. Hypervisor virtualization uses an intermediate layer to virtualize one or more independent machines on physical hardware, while containers run directly on the operating system kernel. user space. Therefore, container virtualization is also called "operating system level virtualization". Container technology allows multiple independent user spaces to run on the same host.

Due to "guesting" in the operating system, the container can only run the same or similar operating system as the underlying host, which does not seem to be very flexible. For example: you can run Redhat Enterprise Linux in an Ubuntu service, but you cannot run Microsoft Windows on an Ubuntu server.

Containers are considered insecure relative to completely isolated hypervisor virtualization. Those who oppose this view believe that because virtual containers virtualize a complete operating system, this undoubtedly increases the scope of attacks, and the potential exposure risk of the hypervisor layer must also be considered.

Despite many limitations, containers are widely deployed in a variety of applications. Container technology is very popular in very large-scale multi-tenant service deployments, lightweight sandboxes, and isolation environments with less stringent security requirements. One of the most common examples is a "chroot jail", which creates an isolated directory environment to run processes. If the process running in the permission isolation prison is breached by an intruder, the intruder will find himself "in jail", trapped in the directory created by the container due to insufficient permissions, and unable to further damage the host machine.

The latest container technology introduces OpenVZ, Solaris Zones and Linux Containers (LXC). With these new technologies, containers are no longer just a simple operating environment. Within its own permission class, a container is more like a complete host. For Docker, it benefits from modern Linux features, such as control group and namespace technology. The isolation between the container and the host is more complete. The container has an independent network and storage stack, and also has Its own resource management capabilities enable multiple containers in the same host to coexist in a friendly manner.

Containers are considered a lean technology because containers require limited overhead. Compared with traditional virtualization and paravirtualization, containers do not require an emulation layer (emulation layer) and a management layer (hypervisor layer), but use the system call interface of the operating system. This reduces the overhead required to run a single container and allows more containers to be run on the host.

Despite their glorious history, containers are still not widely recognized. A very important reason is the complexity of container technology: containers themselves are complex, difficult to install, and difficult to manage and automate. And Docker was born to change all this.

Recommended learning: "docker video tutorial"

The above is the detailed content of What is docker container technology. For more information, please follow other related articles on the PHP Chinese website!