n this article, an overview of an open source platform called Docker that packages applications and libraries that are actually running in a cloud environment, and drives and distributes them as containers.
Docker is a platform that runs and manages containers based on PaaS (Platform as a Service). If you look at the difference between VM and Container as shown below, in the VM (Virutal Machine), the Hypervisor is installed on the Host OS installed on the HW, and the OS requested by the VM user is installed on it. (executable program), the necessary libraries are taken separately for each Guest OS.
Containers, on the other hand, are much lighter than VMs. As shown in the figure below, the Host OS is installed on the HW (Hardware), the Container Engine called Docker is installed on it, and applications (executors) and libraries are created on it.
So, what other advantages do you know other than that the container is lighter than the replacement VM? Let's see the picture below. The figure below shows how far each cloud provider and user are managed in on-premise (server not in cloud environment), Iaas (Infra as a Service), PaaS (Plaform as a Service), and SaaS (Service as a Sercive). This is a picture of what should be done.
The gray part is the part that the actual user needs to manage. Blue is the part managed by the cloud provider.
In the case of VM, you can think of it as IaaS, and Container becomes PaaS. To see the difference further, let's consider the case of a server failure. In the case of VM, the cloud provider only installs the OS on the new VM, and the user has to do the rest, for example, DB installation, application installation. Environment settings, etc. In other words, it takes a lot of time to recover if there is a failure. On the other hand, for containers, the cloud provider is responsible for up to runtime (program execution environment). If the user only restores the previously stored application data, it seems to be a structure in which the service is restored. In other words, the failure recovery time is very short.
Now, let's look at the structure of Docker that creates/distributes/manages these containers. Below is the structure of the Docker platform.
Docker consists of a client, a Docker daemon, and a registry. If we look at their roles one by one - Client: It acts as a UI (User Interface) between the user and the Docker Daemon. that is, the user's It is responsible for forwarding requests to the Docker Daemon. - Docker Daemon: Receives and processes API requests for Docker objects (containers, networks, volumes). - Docker Registry: located on an external server or local computer (user) computer, and as a container This is the storage space to store the images to be executed. Docker is a technology that separates containers for each user, and uses the Linux kernel's Name Space to separate containers. The simple structure is as follows.
The types of Name Space are as follows. - The pid namespace: Process Isolation (PID: Process ID). - The net namespace: Separation of network interfaces (NET: Networking). - The ipc namespace: IPC management (IPC: InterProcess Communication). - The mnt namespace: File system mount management (MNT: Mount). - The uts namespace: Kernel and version control. (UTS: Unix Timesharing System). Now, let's look at the structure of the image created with Docker. Image is a SW bundle including runtime, library, source, etc. to run the container. These images are composed of layers. Let's see the picture below.
In the figure above, if you look at the far left of the image, there is Image 1.0 including the kernel, and in the image where the program called Apache is installed on it, even if a new image is created by adding a SW called Git like the middle of the figure, the new image is from the existing image. Only Layer 1 (GIT) needs to be added. When a new layer is added in this way, the layer is added whenever COPT, FROM, RUN, and commands are executed in the dockerfile.
When these layers are Container or executed, they have the Read/Write Layer property, and the lower layers have the Read Only Layer property.
If you look at the flow of Docker, a new image is created (build) from the dockerfile and the image is created. When you run this image, it is driven in the container and is executed with the top Layer Rear/Write properties.
"이 포스팅은 쿠팡 파트너스 활동의 일환으로, 이에 따른 일정액의 수수료를 제공받습니다."
'Docker' 카테고리의 다른 글
[Cloud] 6. Using Dockerfile (67) | 2023.05.31 |
---|---|
[Cloud] 4. Docker Network (89) | 2023.05.28 |
[Cloud] 5. Docker Registry (36) | 2023.05.26 |
[Cloud] 3. Docker Basic Commands (43) | 2023.05.23 |
[Cloud]2. Configuring your Docker environment (69) | 2023.05.20 |