This is a continuation from Introduction to Linux Container / Docker (Part 1).
Docker
OSS container engine provided by Docker. (There is also a paid version)
As mentioned above, LXC isn't very convenient as it has minimal functionality </ u> ** ⇒ Docker ** is an extension of LXC that is wrapped to make it easier to handle.
Docker is a tool that wraps the aforementioned LXC technology and makes it easier to use. The following functions are added.
--Portability, sharing function Docker has the ability to archive containers into tar files and send them to other physical machines or share them via the container registry. As a result, the created container can be diverted to another machine.
--Application focus LXC was originally created from the perspective of a "lightweight VM", but Docker makes it easier to make LXC lighter and easier, making it easier to containerize each application and process.
IaC Files to be created in the container and applications to be installed can be defined in the format of Dockerfile. This makes it possible to define the contents of the container in an IaC manner.
version control Containers created with Docker can be given a version number and can be managed with Docker. As a result, difference management between versions and rollback in case of trouble can be realized.
--Reuse of components Docker creates a container image in the form of adding files and applications to an existing container image using a mechanism called layers. By sharing the parts common to multiple containers, disk capacity and management costs can be reduced.
--Docker Hub… A site that shares Docker containers on the Internet --Docker-Compose… Software that launches multiple containers in cooperation --Kubernetes… Software that allows you to operate containers more flexibly by forming a cluster with many Linux hosts (described later)
In the case of a VM, the image is a template and the instance is the VM that is actually running.
Internally, the instance only references the image, so copying does not occur at startup.
By specifying the image name with the Docker command and run
, the Linux container is actually created.
Docker creates new images by adding files to existing images and executing commands. For major OSS, the official container image is published on a site on the Internet called Docker Hub. When actually using it, it is often the case that a custom image is created and used by adding setting values to the official image.
Dockerfile
The definition for creating an image (what file to add, what command to execute) is described in the text Dockerfile.
Creating a container image using a Dockerfile is called a build
.
--Container image (base image) + Dockerfile => (build) => ** Container image (custom image) ** --Container image => (launch) => ** Container instance **
As shown in the example below, it is basically created by adding a file or executing a command to an existing container image taken from Docker hub or the like. It's not impossible to make a container from scratch, but it's hard and has little merit, so it's better to stop.
Create a container for executing a Python program called app.py as follows. (The package etc. that is included is just written appropriately as an example, there is no particular meaning)
Dockerfile
#Created from official Python image
FROM python:3.7.6-stretch
#Install package with pip
RUN pip install pip --upgrade && \
pip install numpy scipy
#Install package with apt
RUN apt-get update -y && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
sshpass
#Create directory
WORKDIR /work
#Place the program
COPY app.py /work
#Specify the command to be executed first when the container instance is started
ENTRYPOINT python /work/app.py
After writing and saving this, you can build the container by loading it with the docker build
command.
A mechanism for sharing the created container image. Many OSS container images and personally created container images are published on Docker Hub on the Internet. (!) Please note that you do not know what is inside the image published by the individual.
When operating in a closed environment, it is desirable to set up a container registry in the network.
Downloading an image from the registry is called pull
, and uploading it is called push
.
Docker
-** Container image **… Container template. Add (modify) files to an existing image You can create a custom image.
-** Container instance **… The actual execution environment created from the container image. Internally, it only refers to the image, so it's created for a moment. I don't use much storage.
-** Container Registry **… A place to store container images. It's on the internet and can be set up locally.
Recommended Posts