Docker Architecture Diagram
官方网站: https://docs.docker.com/get-started/overview/
The Docker daemon
Docker daemon (dockerd) 监听 Docker API 请求并管理 Docker 对象,例如镜像、容器、网络和卷。 守护进程还可以与其他守护进程通信以管理 Docker 服务。
The Docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. A daemon can also communicate with other daemons to manage Docker services.
The Docker client
Docker 客户端 (docker) 是许多 Docker 用户与 Docker 交互的主要方式。 当您使用诸如 docker run 之类的命令时,客户端会将这些命令发送到 dockerd,后者会执行这些命令。 docker 命令使用 Docker API。 Docker 客户端可以与多个守护进程通信。
The Docker client (docker) is the primary way that many Docker users interact with Docker. When you use commands such as docker run, the client sends these commands to dockerd, which carries them out. The docker command uses the Docker API. The Docker client can communicate with more than one daemon.
Docker registries
Docker registry存储 Docker 镜像。 Docker Hub 是一个任何人都可以使用的公共注册中心,Docker 默认配置为在 Docker Hub 上查找镜像。 您也可以运行自己的私有注册表。当您使用 docker pull 或 docker run 命令时,所需的图像将从您配置的Docker registry中提取。 当您使用 docker push 命令时,您的图像将被推送到您配置的Docker registry。
A Docker registry stores Docker images. Docker Hub is a public registry that anyone can use, and Docker is configured to look for images on Docker Hub by default. You can even run your own private registry. When you use the docker pull or docker run commands, the required images are pulled from your configured registry. When you use the docker push command, your image is pushed to your configured registry.
Docker objects
使用 Docker 时,您是在创建和使用镜像、容器、网络、卷、插件和其他对象。
When you use Docker, you are creating and using images, containers, networks, volumes, plugins, and other objects. This section is a brief overview of some of those objects.
Images
Image是一个只读模板,其中包含创建 Docker 容器的说明。 通常,一个Image基于另一个Image,并进行了一些额外的自定义。 例如,您可以构建一个基于 ubuntu Image的Image,但安装 Apache 网络服务器和您的应用程序,以及使您的应用程序运行所需的配置详细信息。 您可以创建自己的Image,也可以仅使用其他人创建并在Docker Registry中发布的映像。 要构建您自己的Image,您可以使用简单的语法创建一个 Dockerfile,用于定义创建和运行Image所需的步骤。 Dockerfile 中的每条指令都会在Image中创建一个层。 当您更改 Dockerfile 并重建映像时,只会重建那些已更改的层。 与其他虚拟化技术相比,这是使映像如此轻巧、小巧和快速的部分原因。
An image is a read-only template with instructions for creating a Docker container. Often, an image is based on another image, with some additional customization. For example, you may build an image which is based on the ubuntu image, but installs the Apache web server and your application, as well as the configuration details needed to make your application run. You might create your own images or you might only use those created by others and published in a registry. To build your own image, you create a Dockerfile with a simple syntax for defining the steps needed to create the image and run it. Each instruction in a Dockerfile creates a layer in the image. When you change the Dockerfile and rebuild the image, only those layers which have changed are rebuilt. This is part of what makes images so lightweight, small, and fast, when compared to other virtualization technologies.
Containers
容器是Image的可运行实例。 您可以使用 Docker API 或 CLI 创建、启动、停止、移动或删除容器。 您可以将容器连接到一个或多个网络,为其附加存储,甚至可以根据其当前状态创建新的Image。 默认情况下,容器与其他容器及其主机相对隔离。 您可以控制容器的网络、存储或其他底层子系统与其他容器或主机之间的隔离程度。 容器由其映像以及您在创建或启动它时提供给它的任何配置选项定义。 当容器被移除时,未存储在持久存储中的对其状态的任何更改都会消失。
A container is a runnable instance of an image. You can create, start, stop, move, or delete a container using the Docker API or CLI. You can connect a container to one or more networks, attach storage to it, or even create a new image based on its current state. By default, a container is relatively well isolated from other containers and its host machine. You can control how isolated a container’s network, storage, or other underlying subsystems are from other containers or from the host machine. A container is defined by its image as well as any configuration options you provide to it when you create or start it. When a container is removed, any changes to its state that are not stored in persistent storage disappear.
Volumes
卷提供了将容器的特定文件系统路径连接回主机的能力。 如果挂载了容器中的目录,则主机上也会看到该目录中的更改。 如果我们在容器重新启动时挂载相同的目录,我们会看到相同的文件。
Volumes provide the ability to connect specific filesystem paths of the container back to the host machine. If a directory in the container is mounted, changes in that directory are also seen on the host machine. If we mount that same directory across container restarts, we’d see the same files.