首页 > 代码库 > docker underlying_tech

docker underlying_tech

### Namespaces

 

Docker利用命名域来提供隔离的集装箱.会提供很多命名域给集装箱.

 

* The pid namespace:

Used for process numbering (PID: Process ID)

* The net namespace:

Used for managing network interfaces (NET: Networking)

* The ipc namespace:

Used for managing access to IPC resources (IPC: InterProcess Communication)

* The mnt namespace:

Used for managing mount-points (MNT: Mount)

* The uts namespace:

Used for isolating kernel / version identifiers. (UTS: Unix Timesharing System)

 

### Control groups

 

简称 `cgroups`. 让应用孤立地运行需要包含文件系统和资源。Control groups允许Docker在集装箱之间公平地分享硬件资源,如果需要,还可以设置限制等等。

 

### UnionFS

这是由每个layer构成的文件系统,这会使得每个层都非常的轻巧和快速。

 

### Containers

 

组合所有这些组件的形式,我们称之为`libcontainer`,docker 也支持传统的 Linux containers like LXC。

 

###集装箱如何工作

 

当集装箱运行的时候在read-only的image上套一层readwrite层,使用UnionFS技术,来运行内部的。

 

 

如果运行这条命令

 

`$ docker run -i -t ubuntu /bin/bash`

 

Docker begins with:

 

* Pulling the ubuntu image:

 

Docker checks for the presence of the ubuntu image and if it doesn‘t exist locally on the host, then Docker downloads it from Docker.io

 

* Creates a new container:

Once Docker has the image it creates a container from it.

 

* Allocates a filesystem and mounts a read-write layer:

The container is created in the filesystem and a read-write layer is added to the image.

 

* Allocates a network / bridge interface:

Creates a network interface that allows the Docker container to talk to the local host.

 

* Sets up an IP address:

Intelligently finds and attaches an available IP address from a pool.

 

* Executes a process that you specify:

Runs your application, and;

 

* Captures and provides application output:

Connects and logs standard input, outputs and errors for you to see how your application is running.

 

### 镜像如何工作