Docker Core Concepts
This chapter will deeply explain Docker's core concepts, helping you understand Docker's working principles and architectural design.
Docker Architecture Overview
Overall Architecture Diagram
┌─────────────────────────────────────────────────────────────┐
│ Docker Architecture │
├─────────────────────────────────────────────────────────────┤
│ Docker Client │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ docker build│ │ docker pull │ │ docker run │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
└─────────────────────┬───────────────────────────────────────┘
│ REST API
┌─────────────────────▼───────────────────────────────────────┐
│ Docker Daemon │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Images │ │ Containers │ │ Networks │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ ┌─────────────┐ ┌─────────────┐ │
│ │ Volumes │ │ Plugins │ │
│ └─────────────┘ └─────────────┘ │
└─────────────────────┬───────────────────────────────────────┘
│
┌─────────────────────▼───────────────────────────────────────┐
│ Docker Registry │
│ ┌─────────────────────────────────────────────────────────┐│
│ │ Docker Hub ││
│ │ ┌─────────────┐ ┌─────────────┐ ││
│ │ │ nginx │ │ ubuntu │ ... ││
│ │ └─────────────┘ └─────────────┘ ││
│ └─────────────────────────────────────────────────────────┘│
└─────────────────────────────────────────────────────────────┘
Core Components
- Docker Client: Interface for users to interact with Docker
- Docker Daemon: Docker's core service
- Docker Registry: Service for storing and distributing images
Images
What is a Docker Image?
A Docker image is a read-only template used to create Docker containers. Images contain everything needed to run an application:
- Application code
- Runtime environment
- Library files
- Environment variables
- Configuration files
Layered Structure of Images
Docker images use a layered storage architecture:
┌─────────────────────────────────────┐
│ Application Layer │ ← Writable layer
├─────────────────────────────────────┤
│ Dependencies Layer │ ← Read-only layer
├─────────────────────────────────────┤
│ Runtime Layer │ ← Read-only layer
├─────────────────────────────────────┤
│ Base OS Layer │ ← Read-only layer
└─────────────────────────────────────┘
Advantages of Layering:
- Storage Efficiency: Same layers can be shared by multiple images
- Transfer Efficiency: Only need to transfer changed layers
- Build Efficiency: Can cache unchanged layers
Image Naming Convention
[registry_host[:port]/]username/repository[:tag]
Examples:
# Official images
nginx:1.21.6
ubuntu:20.04
# User images
myuser/myapp:v1.0
# Private registry images
registry.company.com:5000/team/app:latest
Image Operation Commands
# List local images
docker images
docker image ls
# View detailed image information
docker image inspect nginx:latest
# View image history
docker image history nginx:latest
# Remove image
docker image rm nginx:latest
docker rmi nginx:latest
# Clean unused images
docker image prune
# Export image
docker image save nginx:latest -o nginx.tar
# Import image
docker image load -i nginx.tar
# Tag image
docker image tag nginx:latest myregistry/nginx:v1.0
Containers
What is a Docker Container?
A container is a running instance of an image. It's a lightweight, independent executable package containing everything needed to run an application.
Relationship Between Containers and Images
Image → Container
↓ ↓
Read-only template Running instance
Static files Dynamic processes
Stored on disk Running in memory
Analogy:
- Image = Class
- Container = Object
Container Lifecycle
Created → Running → Paused → Stopped → Removed
↑ ↓ ↑ ↓ ↓
└─────────┴────────┴─────────┴─────────┘
State Description:
- Created: Container created but not started
- Running: Container is running
- Paused: Container is paused
- Stopped: Container is stopped
- Removed: Container is deleted
Container Operation Commands
# Create container
docker create --name mycontainer nginx
# Start container
docker start mycontainer
# Run container (create and start)
docker run --name mycontainer nginx
# Stop container
docker stop mycontainer
# Restart container
docker restart mycontainer
# Pause container
docker pause mycontainer
# Resume container
docker unpause mycontainer
# Remove container
docker rm mycontainer
# Force remove running container
docker rm -f mycontainer
# View detailed container information
docker inspect mycontainer
# View container logs
docker logs mycontainer
# Enter container
docker exec -it mycontainer /bin/bash
# Copy files from container
docker cp mycontainer:/path/to/file ./local/path
# Copy files to container
docker cp ./local/file mycontainer:/path/to/destination
Registry
What is a Docker Registry?
A Docker registry is a service for storing and distributing Docker images. It's similar to a code repository but stores images instead of source code.
Registry Hierarchy
Registry (Registry Service)
├── Repository (Image Repository)
│ ├── Tag 1 (Tag/Version)
│ ├── Tag 2
│ └── Tag 3
└── Repository
├── Tag 1
└── Tag 2
Common Registry Services
- Docker Hub: Official public registry
- Alibaba Cloud Container Registry Service: Domestic image acceleration
- Tencent Cloud Container Registry Service: Enterprise-level image registry
- Harbor: Open-source enterprise-level registry
- Private Registry: Self-built registry service
Registry Operation Commands
# Login to registry
docker login
docker login registry.company.com
# Search images
docker search nginx
# Pull image
docker pull nginx:latest
docker pull registry.company.com/nginx:latest
# Push image
docker push myuser/myapp:v1.0
# Logout from registry
docker logout
Data Management
Challenges of Data Persistence
Containers are temporary; when a container is deleted, data inside the container is also lost. Docker provides several data persistence solutions:
1. Data Volumes
Data volumes are Docker-managed persistent storage, stored in Docker's data directory.
# Create data volume
docker volume create myvolume
# List data volumes
docker volume ls
# View detailed data volume information
docker volume inspect myvolume
# Use data volume
docker run -v myvolume:/data nginx
# Remove data volume
docker volume rm myvolume
# Clean unused data volumes
docker volume prune
Characteristics of Data Volumes:
- Fully managed by Docker
- Can be shared between containers
- Support data volume drivers
- Can be backed up and restored
2. Bind Mounts
Bind mounts mount host filesystem directories or files into containers.
# Bind mount directory
docker run -v /host/path:/container/path nginx
# Read-only mount
docker run -v /host/path:/container/path:ro nginx
# Use absolute path
docker run -v $(pwd)/data:/app/data nginx
Characteristics of Bind Mounts:
- Direct access to host filesystem
- Better performance
- Depends on host filesystem structure
- May have security risks
3. tmpfs Mounts
tmpfs mounts store data in host memory; data disappears when container stops.
# Create tmpfs mount
docker run --tmpfs /tmp nginx
# Specify size and options
docker run --tmpfs /tmp:rw,size=100m nginx
Data Management Best Practices
# 1. Use data volumes to store application data
docker run -v app-data:/var/lib/app myapp
# 2. Use bind mounts for development code
docker run -v $(pwd):/workspace node:16
# 3. Use tmpfs to store temporary data
docker run --tmpfs /tmp myapp
# 4. Backup data volumes
docker run --rm -v app-data:/data -v $(pwd):/backup ubuntu tar czf /backup/backup.tar.gz -C /data .
# 5. Restore data volumes
docker run --rm -v app-data:/data -v $(pwd):/backup ubuntu tar xzf /backup/backup.tar.gz -C /data
Network Management
Docker Network Modes
Docker provides multiple network modes to meet different needs:
1. Bridge Network (Default)
# View network list
docker network ls
# Create custom bridge network
docker network create mynetwork
# Run container in specified network
docker run --network mynetwork nginx
# Connect container to network
docker network connect mynetwork container_name
# Disconnect container from network
docker network disconnect mynetwork container_name
2. Host Network
# Use host network
docker run --network host nginx
3. None Network
# Disable network
docker run --network none nginx
4. Container Network
# Share another container's network
docker run --network container:other_container nginx
Port Mapping
# Map single port
docker run -p 8080:80 nginx
# Map multiple ports
docker run -p 8080:80 -p 8443:443 nginx
# Map to specific IP
docker run -p 127.0.0.1:8080:80 nginx
# Map UDP port
docker run -p 8080:80/udp nginx
# Map to random port
docker run -P nginx
# View port mapping
docker port container_name
Container-to-Container Communication
# Create custom network
docker network create app-network
# Run database container
docker run -d --name database --network app-network postgres
# Run application container, can access database by container name
docker run -d --name webapp --network app-network myapp
# In application, can use "database" as hostname to connect to database
Resource Limits
CPU Limits
# Limit CPU usage (0.5 = 50%)
docker run --cpus="0.5" nginx
# Limit number of CPU cores
docker run --cpuset-cpus="0,1" nginx
# Set CPU weight
docker run --cpu-shares=512 nginx
Memory Limits
# Limit memory usage
docker run -m 512m nginx
docker run --memory=1g nginx
# Set swap limit
docker run -m 512m --memory-swap=1g nginx
# Disable swap
docker run -m 512m --memory-swap=512m nginx
Disk I/O Limits
# Limit read speed (bytes/second)
docker run --device-read-bps /dev/sda:1mb nginx
# Limit write speed
docker run --device-write-bps /dev/sda:1mb nginx
# Limit IOPS
docker run --device-read-iops /dev/sda:1000 nginx
Environment Variables and Configuration
Environment Variables
# Set single environment variable
docker run -e NODE_ENV=production node
# Set multiple environment variables
docker run -e NODE_ENV=production -e PORT=3000 node
# Read environment variables from file
docker run --env-file .env node
# Pass host environment variables
docker run -e HOME node
Configuration File Management
# Mount configuration file
docker run -v /host/config.conf:/app/config.conf nginx
# Use ConfigMap (in Kubernetes)
docker run -v config-volume:/etc/config nginx
Chapter Summary
This chapter deeply explained Docker's core concepts:
Key Points:
- Images: Read-only templates using layered storage structure
- Containers: Running instances of images with complete lifecycle
- Registry: Service for storing and distributing images
- Data Management: Three methods: data volumes, bind mounts, tmpfs
- Network Management: Multiple network modes and port mapping
- Resource Limits: CPU, memory, disk I/O control
Importance of Understanding These Concepts:
- Foundation for learning Dockerfile and container orchestration
- Helps you design better containerized application architecture
- Improves efficiency and security of container usage
In the next chapter, we will learn basic container operations, including detailed methods for creating, managing, and monitoring containers.
Further Reading