本文翻譯自docker官網(wǎng):https://docs.docker.com/get-started/overview/#docker-architecture
Docker overview
Docker is an open platform for developing, shipping, and running applications.
Docker enables you to separate your applications from your infrastructure so
you can deliver software quickly. With Docker, you can manage your infrastructure
in the same ways you manage your applications. By taking advantage of Docker's
methodologies for shipping, testing, and deploying code quickly, you can
significantly reduce the delay between writing code and running it in production.
Docker是一個用于開發(fā)赫蛇、發(fā)布、運行程序的開放平臺。
Docker可以讓你將應(yīng)用程序和基礎(chǔ)結(jié)構(gòu)分開,以便快速交付軟件。
使用Docker,你可以用管理應(yīng)用程序相同的方法來管理基礎(chǔ)設(shè)施。
通過利用Docker的方法快速發(fā)布果复、測試和代碼,
你可以明顯減少編寫代碼和在生產(chǎn)環(huán)境中運行代碼之間的延遲唉地。
The Docker platform
Docker provides the ability to package and run an application in a loosely isolated
environment called a container. The isolation and security allow you to run many
containers simultaneously on a given host. Containers are lightweight and contain
everything needed to run the application, so you do not need to rely on what is
currently installed on the host. You can easily share containers while you work,
and be sure that everyone you share with gets the same container that works in the
same way.
Docker提供了在稱為容器(container)的松散隔離環(huán)境中打包盒運行程序的能力据悔。
隔離和安全性允許你一個給定的主機上同時運行多個容器。
容器是輕量級的耘沼,包含運行應(yīng)用程序所需要的所有內(nèi)容极颓,因此不需要主機上當(dāng)前安裝的內(nèi)容。
你可以輕松地在工作時共享容器群嗤,并確保分享于每個人的都可以獲得相同的容器菠隆,并以相同的方式工作。
Docker provides tooling and a platform to manage the lifecycle of your containers:
Docker提供工具和平臺來管理你的容器生命周期:
- Develop your application and its supporting components using containers.
使用容器開發(fā)應(yīng)用程序機器支持組建。
- The container becomes the unit for distributing and testing your application.
容器成為分發(fā)和測試應(yīng)用程序的單元骇径。
- When you're ready, deploy your application into your production environment,
as a container or an orchestrated service. This works the same whether your
production environment is a local data center, a cloud provider, or a hybrid
of the two.準(zhǔn)備好后躯肌,將應(yīng)用程序作為一個容器或者一個編排的服務(wù)部署到生產(chǎn)環(huán)境中。
無論你的生產(chǎn)環(huán)境是本地數(shù)據(jù)中心破衔、云提供商或者兩者的混合體清女,都一樣的工作。
What can I use Docker for?
Fast, consistent delivery of your applications
快速晰筛、一致地交付你的應(yīng)用程序
Docker streamlines the development lifecycle by allowing developers to work in
standardized environments using local containers which provide your applications
and services. Containers are great for continuous integration and continuous
delivery (CI/CD) workflows.
Docker通過允許開發(fā)人員在標(biāo)準(zhǔn)化的環(huán)境中使用本地容器(這些容器提供你的應(yīng)用程序和服務(wù))來簡化開發(fā)生命周期嫡丙。
容器非常適合于連續(xù)集成和連續(xù)交付(DI/CD)工作流。
Consider the following example scenario:
考慮以下示例場景:
-
Your developers write code locally and share their work with their colleagues
using Docker containers.你的開發(fā)人員在本地編寫代碼读第,并使用Docker容器與同事共享他們的工作曙博。
-
They use Docker to push their applications into a test environment and execute
automated and manual tests.他們使用Docker將應(yīng)用程序推入測試環(huán)境并執(zhí)行自動和手動測試。
-
When developers find bugs, they can fix them in the development environment
and redeploy them to the test environment for testing and validation.當(dāng)開發(fā)人員發(fā)現(xiàn)bug時怜瞒,他們可以在開發(fā)環(huán)境中修復(fù)它們父泳,并將它們重新部署到測試環(huán)境中進(jìn)行測試和驗證。
-
When testing is complete, getting the fix to the customer is as simple as
pushing the updated image to the production environment.測試完成后吴汪,向客戶提供修復(fù)就如同將更新的鏡像推送到生產(chǎn)環(huán)境一樣簡單惠窄。
Responsive deployment and scaling
快速部署和擴展
Docker's container-based platform allows for highly portable workloads. Docker
containers can run on a developer's local laptop, on physical or virtual
machines in a data center, on cloud providers, or in a mixture of environments.
Docker基于容器的平臺允許高度可移植的工作負(fù)載。
Docker容器可以在開發(fā)人員的本地筆記本電腦浇坐、數(shù)據(jù)中心的物理或虛擬機睬捶、云提供商或多種環(huán)境中運行黔宛。
Docker's portability and lightweight nature also make it easy to dynamically
manage workloads, scaling up or tearing down applications and services as
business needs dictate, in near real time.
Docker的可移植性和輕量級特性還使得動態(tài)管理工作負(fù)載近刘、根據(jù)業(yè)務(wù)需求以近乎實時的方式擴展或者刪除應(yīng)用程序和服務(wù)變得非常容易
Running more workloads on the same hardware
在同一個硬件上運行更多工作負(fù)載
Docker is lightweight and fast. It provides a viable, cost-effective alternative
to hypervisor-based virtual machines, so you can use more of your compute
capacity to achieve your business goals. Docker is perfect for high density
environments and for small and medium deployments where you need to do more with
fewer resources.
Docker是輕量級并且快速的。它是基于hypervisor的虛擬機提供了一個可行的臀晃、經(jīng)濟(jì)高效的替代方案觉渴,
因此你可以使用更多的計算能力來實現(xiàn)業(yè)務(wù)目標(biāo)。
Docker非常適合于高密度環(huán)境和中小型部署徽惋,在這些環(huán)境中案淋,你需要用更少的資源做更多的工作。
Docker architecture
Docker uses a client-server architecture. The Docker client talks to the
Docker daemon, which does the heavy lifting of building, running, and
distributing your Docker containers. The Docker client and daemon can
run on the same system, or you can connect a Docker client to a remote Docker
daemon. The Docker client and daemon communicate using a REST API, over UNIX
sockets or a network interface. Another Docker client is Docker Compose,
that lets you work with applications consisting of a set of containers.
Docker使用客戶機-服務(wù)器的架構(gòu)险绘。
Docker客戶端和Docker守護(hù)進(jìn)程通信踢京,后者負(fù)責(zé)構(gòu)建、運行和分發(fā)Docker容器宦棺。
Docker客戶端和守護(hù)進(jìn)程可以可以運行在同一個系統(tǒng)上瓣距,也可以將Docker客戶端鏈接到遠(yuǎn)程的Docker守護(hù)進(jìn)程。
Docker客戶端和守護(hù)進(jìn)程使用RESTAPI通過UNIX套接字或網(wǎng)絡(luò)接口進(jìn)行通訊代咸。
另一個Docker客戶端是Docker Compose蹈丸,它允許你處理由一組容器組成的應(yīng)用程序。
[圖片上傳失敗...(image-17b2f-1618407573391)]
The Docker daemon
The Docker daemon (dockerd) listens for Docker API requests and manages Docker
objects such as images, containers, networks, and volumes. A daemon can also
communicate with other daemons to manage Docker services.
Docker守護(hù)進(jìn)程(
dockerd)監(jiān)聽Docker API請求并管理對象,如鏡像逻杖、容器奋岁、網(wǎng)絡(luò)和卷。
守護(hù)進(jìn)程還可以與其它守護(hù)進(jìn)程通訊來管理Docker服務(wù)荸百。
The Docker client
The Docker client (docker) is the primary way that many Docker users interact
with Docker. When you use commands such as docker run, the client sends these
commands to dockerd, which carries them out. The docker command uses the
Docker API. The Docker client can communicate with more than one daemon.
Docker客戶端(
docker)是許多用戶與Docker交互的主要方式闻伶。
當(dāng)你使用如docker run之類的指令時,客戶端將這些指令發(fā)送到dockerd够话,由dockerd執(zhí)行這些指令虾攻。
docker指令使用Docker API。Docker客戶端可以與多個守護(hù)進(jìn)程通訊更鲁。
Docker registries
A Docker registry stores Docker images. Docker Hub is a public
registry that anyone can use, and Docker is configured to look for images on
Docker Hub by default. You can even run your own private registry.
用于存儲Docker鏡像的registry霎箍。
Docker Hub是一個任何人都可以使用的公共registry,默認(rèn)情況下澡为,
Docker配置為在Docker Hub上查找鏡像漂坏。
你甚至可以運行自己私有的registry。
When you use the docker pull or docker run commands, the required images are
pulled from your configured registry. When you use the docker push command,
your image is pushed to your configured registry.
當(dāng)你使用
docker pull或docker run指令時媒至,將從配置的registry中提取所需的鏡像顶别。
當(dāng)你使用docker push指令時,鏡像將被推送到配置的registry中拒啰。
Docker objects
When you use Docker, you are creating and using images, containers, networks,
volumes, plugins, and other objects. This section is a brief overview of some
of those objects.
當(dāng)你使用Docker驯绎,你要創(chuàng)建和使用鏡像、容器谋旦、網(wǎng)絡(luò)剩失、卷和其它對象。
本節(jié)簡要概述了其中一些對象册着。
Images
An image is a read-only template with instructions for creating a Docker
container. Often, an image is based on another image, with some additional
customization. For example, you may build an image which is based on the ubuntu
image, but installs the Apache web server and your application, as well as the
configuration details needed to make your application run.
鏡像(image)是一個只讀模板拴孤,其中包含創(chuàng)建Docker容器的說明。
通常情況下甲捏,一個鏡像是基于另外一個景象演熟,并進(jìn)行了一些額外的定制。
例如司顿,你可以構(gòu)建一個給予ubuntu鏡像的鏡像芒粹,但是安裝了Apache web服務(wù)器和應(yīng)用程序,
以及運行應(yīng)用程序所需要的配置細(xì)節(jié)大溜。
You might create your own images or you might only use those created by others
and published in a registry. To build your own image, you create a Dockerfile
with a simple syntax for defining the steps needed to create the image and run
it. Each instruction in a Dockerfile creates a layer in the image. When you
change the Dockerfile and rebuild the image, only those layers which have
changed are rebuilt. This is part of what makes images so lightweight, small,
and fast, when compared to other virtualization technologies.
你可以創(chuàng)建你自己的鏡像化漆,也可以只使用別人創(chuàng)建好的并發(fā)布到registry的鏡像。
要構(gòu)建自己的鏡像猎提,可以使用簡單的語法創(chuàng)建Dockerfile获三,用于定義創(chuàng)建和運行鏡像所需的步驟旁蔼。
Dockerfile中每一個指令都會在鏡像中創(chuàng)建一個layer(層).
當(dāng)你改變Dockerfile并且重建鏡像時,只會重新構(gòu)建那些改變的layer疙教。
與其他虛擬化技術(shù)相比棺聊,這是使鏡像輕量級、小型和快速的原因之一贞谓。
Containers
A container is a runnable instance of an image. You can create, start, stop,
move, or delete a container using the Docker API or CLI. You can connect a
container to one or more networks, attach storage to it, or even create a new
image based on its current state.
容器(container)是鏡像的可運行實例限佩。你可以使用Docker API或CLI來創(chuàng)建、啟動裸弦、停止祟同、移動或刪除容器。
你可以將容器鏈接到一個或多個網(wǎng)絡(luò)理疙,將存儲鏈接到容器晕城,甚至可以基于當(dāng)前狀態(tài)創(chuàng)建一個新的鏡像。
By default, a container is relatively well isolated from other containers and
its host machine. You can control how isolated a container's network, storage,
or other underlying subsystems are from other containers or from the host
machine.
默認(rèn)情況下窖贤,容器和其他容器以及主機是相對隔離的砖顷。
你可以控制容器的網(wǎng)絡(luò)、存儲或其它底層子系統(tǒng)與其它容器或主機的隔離程度赃梧。
A container is defined by its image as well as any configuration options you
provide to it when you create or start it. When a container is removed, any changes to
its state that are not stored in persistent storage disappear.
容器由它的鏡像以及你在創(chuàng)建或者啟動時提供給它的任何配置項定義滤蝠。
當(dāng)容器移除是,對其狀態(tài)的任何未存儲在持久化存儲中的更改都將消失授嘀。
Example docker run command
The following command runs an ubuntu container, attaches interactively to your
local command-line session, and runs /bin/bash.
下面的指令運行一個
ubuntu指令物咳,以交互方式鏈接到本地命令行會話,并運行/bin/bash蹄皱。
$ docker run -i -t ubuntu /bin/bash
When you run this command, the following happens (assuming you are using
the default registry configuration):
當(dāng)你執(zhí)行這個指令览闰,發(fā)生以下情況(假設(shè)你使用的是默認(rèn)registry配置):
-
If you do not have the
ubuntuimage locally, Docker pulls it from your
configured registry, as though you had rundocker pull ubuntumanually.如果你本地沒有
ubuntu鏡像,Docker會從你配置的registry中獲取它夯接,
就像你手動運行docker pull ubuntu一樣 -
Docker creates a new container, as though you had run a
docker container create
command manually.Docker創(chuàng)建一個新的容器焕济,就像你手動運行
docker container create -
Docker allocates a read-write filesystem to the container, as its final
layer. This allows a running container to create or modify files and
directories in its local filesystem.Docker分配一個
read-write文件系統(tǒng)給容器纷妆,作為其最后一層盔几。
這允許正在運行的容器在其本地文件系統(tǒng)中創(chuàng)建或修改文件和目錄。 -
Docker creates a network interface to connect the container to the default
network, since you did not specify any networking options. This includes
assigning an IP address to the container. By default, containers can
connect to external networks using the host machine's network connection.Docker將創(chuàng)建一個網(wǎng)絡(luò)接口掩幢,將容器鏈接到默認(rèn)網(wǎng)絡(luò)逊拍,因為你沒有制定任何網(wǎng)絡(luò)選項。
這包含為容器分配IP地址际邻。
默認(rèn)情況下芯丧,容器可以使用主機的網(wǎng)絡(luò)鏈接到外部網(wǎng)絡(luò)。 -
Docker starts the container and executes
/bin/bash. Because the container
is running interactively and attached to your terminal (due to the-iand-t
flags), you can provide input using your keyboard while the output is logged to
your terminal.Docker啟動容器并執(zhí)行
/bin/bash世曾。
由于容器以交互方式運行并連接到你的終端(由于 -i和-t標(biāo)志)缨恒,
你可以在將輸出記錄到終端時使用鍵盤提供輸入。 -
When you type
exitto terminate the/bin/bashcommand, the container
stops but is not removed. You can start it again or remove it.當(dāng)你鍵入
exit以終止/bin/bash指令時,容器將停止骗露,但不會被刪除岭佳。
你可以重新啟動或者刪除它。
The underlying technology(底層技術(shù))
Docker is written in the Go programming language and takes
advantage of several features of the Linux kernel to deliver its functionality.
Docker uses a technology called namespaces to provide the isolated workspace
called the container. When you run a container, Docker creates a set of
namespaces for that container.
Docker使用Go變成語言編寫的萧锉,它利用Linux內(nèi)核的一些特性來提供其功能珊随。
Docker使用名為namespace的技術(shù)來提供名為container的隔離工作區(qū)。
當(dāng)你啟動一個容器時柿隙,Docker會為該容器創(chuàng)建一組namespace叶洞。
These namespaces provide a layer of isolation. Each aspect of a container runs
in a separate namespace and its access is limited to that namespace.
這些namespace提供了一層隔離。
容器的每個方面都在一個單獨的namespace中運行禀崖,其訪問權(quán)限僅限于該namespace衩辟。
