Docker Core Concepts

This chapter will deeply explain Docker's core concepts, helping you understand Docker's working principles and architectural design.

Docker Architecture Overview

Overall Architecture Diagram

┌─────────────────────────────────────────────────────────────┐
│                    Docker Architecture                      │
├─────────────────────────────────────────────────────────────┤
│  Docker Client                                              │
│  ┌─────────────┐    ┌─────────────┐    ┌─────────────┐     │
│  │ docker build│    │ docker pull │    │ docker run  │     │
│  └─────────────┘    └─────────────┘    └─────────────┘     │
└─────────────────────┬───────────────────────────────────────┘
                       │ REST API
┌─────────────────────▼───────────────────────────────────────┐
│                Docker Daemon                                │
│  ┌─────────────┐    ┌─────────────┐    ┌─────────────┐     │
│  │   Images    │    │ Containers  │    │  Networks   │     │
│  └─────────────┘    └─────────────┘    └─────────────┘     │
│  ┌─────────────┐    ┌─────────────┐                        │
│  │   Volumes   │    │   Plugins   │                        │
│  └─────────────┘    └─────────────┘                        │
└─────────────────────┬───────────────────────────────────────┘
                       │
┌─────────────────────▼───────────────────────────────────────┐
│                Docker Registry                              │
│  ┌─────────────────────────────────────────────────────────┐│
│  │                Docker Hub                               ││
│  │  ┌─────────────┐    ┌─────────────┐                    ││
│  │  │   nginx     │    │   ubuntu    │    ...             ││
│  │  └─────────────┘    └─────────────┘                    ││
│  └─────────────────────────────────────────────────────────┘│
└─────────────────────────────────────────────────────────────┘

Core Components

1. Docker Client: Interface for users to interact with Docker
2. Docker Daemon: Docker's core service
3. Docker Registry: Service for storing and distributing images

Images

What is a Docker Image?

A Docker image is a read-only template used to create Docker containers. Images contain everything needed to run an application:

• Application code
• Runtime environment
• Library files
• Environment variables
• Configuration files

Layered Structure of Images

Docker images use a layered storage architecture:

┌─────────────────────────────────────┐
│        Application Layer            │  ← Writable layer
├─────────────────────────────────────┤
│         Dependencies Layer          │  ← Read-only layer
├─────────────────────────────────────┤
│          Runtime Layer              │  ← Read-only layer
├─────────────────────────────────────┤
│          Base OS Layer              │  ← Read-only layer
└─────────────────────────────────────┘

Advantages of Layering:

• Storage Efficiency: Same layers can be shared by multiple images
• Transfer Efficiency: Only need to transfer changed layers
• Build Efficiency: Can cache unchanged layers

Image Naming Convention

[registry_host[:port]/]username/repository[:tag]

Examples:

# Official images
nginx:1.21.6
ubuntu:20.04

# User images
myuser/myapp:v1.0

# Private registry images
registry.company.com:5000/team/app:latest

Image Operation Commands

# List local images
docker images
docker image ls

# View detailed image information
docker image inspect nginx:latest

# View image history
docker image history nginx:latest

# Remove image
docker image rm nginx:latest
docker rmi nginx:latest

# Clean unused images
docker image prune

# Export image
docker image save nginx:latest -o nginx.tar

# Import image
docker image load -i nginx.tar

# Tag image
docker image tag nginx:latest myregistry/nginx:v1.0

Containers

What is a Docker Container?

A container is a running instance of an image. It's a lightweight, independent executable package containing everything needed to run an application.

Relationship Between Containers and Images

Image     →     Container
    ↓                      ↓
  Read-only template      Running instance
  Static files            Dynamic processes
  Stored on disk          Running in memory

Analogy:

• Image = Class
• Container = Object

Container Lifecycle

Created → Running → Paused → Stopped → Removed
   ↑         ↓        ↑         ↓         ↓
   └─────────┴────────┴─────────┴─────────┘

State Description:

• Created: Container created but not started
• Running: Container is running
• Paused: Container is paused
• Stopped: Container is stopped
• Removed: Container is deleted

Container Operation Commands

# Create container
docker create --name mycontainer nginx

# Start container
docker start mycontainer

# Run container (create and start)
docker run --name mycontainer nginx

# Stop container
docker stop mycontainer

# Restart container
docker restart mycontainer

# Pause container
docker pause mycontainer

# Resume container
docker unpause mycontainer

# Remove container
docker rm mycontainer

# Force remove running container
docker rm -f mycontainer

# View detailed container information
docker inspect mycontainer

# View container logs
docker logs mycontainer

# Enter container
docker exec -it mycontainer /bin/bash

# Copy files from container
docker cp mycontainer:/path/to/file ./local/path

# Copy files to container
docker cp ./local/file mycontainer:/path/to/destination

Registry

What is a Docker Registry?

A Docker registry is a service for storing and distributing Docker images. It's similar to a code repository but stores images instead of source code.

Registry Hierarchy

Registry (Registry Service)
├── Repository (Image Repository)
│   ├── Tag 1 (Tag/Version)
│   ├── Tag 2
│   └── Tag 3
└── Repository
    ├── Tag 1
    └── Tag 2

Common Registry Services

1. Docker Hub: Official public registry
2. Alibaba Cloud Container Registry Service: Domestic image acceleration
3. Tencent Cloud Container Registry Service: Enterprise-level image registry
4. Harbor: Open-source enterprise-level registry
5. Private Registry: Self-built registry service

Registry Operation Commands

# Login to registry
docker login
docker login registry.company.com

# Search images
docker search nginx

# Pull image
docker pull nginx:latest
docker pull registry.company.com/nginx:latest

# Push image
docker push myuser/myapp:v1.0

# Logout from registry
docker logout

Data Management

Challenges of Data Persistence

Containers are temporary; when a container is deleted, data inside the container is also lost. Docker provides several data persistence solutions:

1. Data Volumes

Data volumes are Docker-managed persistent storage, stored in Docker's data directory.

# Create data volume
docker volume create myvolume

# List data volumes
docker volume ls

# View detailed data volume information
docker volume inspect myvolume

# Use data volume
docker run -v myvolume:/data nginx

# Remove data volume
docker volume rm myvolume

# Clean unused data volumes
docker volume prune

Characteristics of Data Volumes:

• Fully managed by Docker
• Can be shared between containers
• Support data volume drivers
• Can be backed up and restored

2. Bind Mounts

Bind mounts mount host filesystem directories or files into containers.

# Bind mount directory
docker run -v /host/path:/container/path nginx

# Read-only mount
docker run -v /host/path:/container/path:ro nginx

# Use absolute path
docker run -v $(pwd)/data:/app/data nginx

Characteristics of Bind Mounts:

• Direct access to host filesystem
• Better performance
• Depends on host filesystem structure
• May have security risks

3. tmpfs Mounts

tmpfs mounts store data in host memory; data disappears when container stops.

# Create tmpfs mount
docker run --tmpfs /tmp nginx

# Specify size and options
docker run --tmpfs /tmp:rw,size=100m nginx

Data Management Best Practices

# 1. Use data volumes to store application data
docker run -v app-data:/var/lib/app myapp

# 2. Use bind mounts for development code
docker run -v $(pwd):/workspace node:16

# 3. Use tmpfs to store temporary data
docker run --tmpfs /tmp myapp

# 4. Backup data volumes
docker run --rm -v app-data:/data -v $(pwd):/backup ubuntu tar czf /backup/backup.tar.gz -C /data .

# 5. Restore data volumes
docker run --rm -v app-data:/data -v $(pwd):/backup ubuntu tar xzf /backup/backup.tar.gz -C /data

Network Management

Docker Network Modes

Docker provides multiple network modes to meet different needs:

1. Bridge Network (Default)

# View network list
docker network ls

# Create custom bridge network
docker network create mynetwork

# Run container in specified network
docker run --network mynetwork nginx

# Connect container to network
docker network connect mynetwork container_name

# Disconnect container from network
docker network disconnect mynetwork container_name

2. Host Network

# Use host network
docker run --network host nginx

3. None Network

# Disable network
docker run --network none nginx

4. Container Network

# Share another container's network
docker run --network container:other_container nginx

Port Mapping

# Map single port
docker run -p 8080:80 nginx

# Map multiple ports
docker run -p 8080:80 -p 8443:443 nginx

# Map to specific IP
docker run -p 127.0.0.1:8080:80 nginx

# Map UDP port
docker run -p 8080:80/udp nginx

# Map to random port
docker run -P nginx

# View port mapping
docker port container_name

Container-to-Container Communication

# Create custom network
docker network create app-network

# Run database container
docker run -d --name database --network app-network postgres

# Run application container, can access database by container name
docker run -d --name webapp --network app-network myapp

# In application, can use "database" as hostname to connect to database

Resource Limits

CPU Limits

# Limit CPU usage (0.5 = 50%)
docker run --cpus="0.5" nginx

# Limit number of CPU cores
docker run --cpuset-cpus="0,1" nginx

# Set CPU weight
docker run --cpu-shares=512 nginx

Memory Limits

# Limit memory usage
docker run -m 512m nginx
docker run --memory=1g nginx

# Set swap limit
docker run -m 512m --memory-swap=1g nginx

# Disable swap
docker run -m 512m --memory-swap=512m nginx

Disk I/O Limits

# Limit read speed (bytes/second)
docker run --device-read-bps /dev/sda:1mb nginx

# Limit write speed
docker run --device-write-bps /dev/sda:1mb nginx

# Limit IOPS
docker run --device-read-iops /dev/sda:1000 nginx

Environment Variables and Configuration

Environment Variables

# Set single environment variable
docker run -e NODE_ENV=production node

# Set multiple environment variables
docker run -e NODE_ENV=production -e PORT=3000 node

# Read environment variables from file
docker run --env-file .env node

# Pass host environment variables
docker run -e HOME node

Configuration File Management

# Mount configuration file
docker run -v /host/config.conf:/app/config.conf nginx

# Use ConfigMap (in Kubernetes)
docker run -v config-volume:/etc/config nginx

Chapter Summary

This chapter deeply explained Docker's core concepts:

Key Points:

• Images: Read-only templates using layered storage structure
• Containers: Running instances of images with complete lifecycle
• Registry: Service for storing and distributing images
• Data Management: Three methods: data volumes, bind mounts, tmpfs
• Network Management: Multiple network modes and port mapping
• Resource Limits: CPU, memory, disk I/O control

Importance of Understanding These Concepts:

• Foundation for learning Dockerfile and container orchestration
• Helps you design better containerized application architecture
• Improves efficiency and security of container usage

In the next chapter, we will learn basic container operations, including detailed methods for creating, managing, and monitoring containers.

Further Reading

• Docker Storage Drivers Detailed Guide
• Docker Networking Detailed Guide
• Docker Resource Limits Best Practices