Docker Architecture Diagram

官方網(wǎng)站： https://docs.docker.com/get-started/overview/

The Docker daemon

Docker daemon (dockerd) 監(jiān)聽 Docker API 請求并管理 Docker 對象，例如鏡像、容器绕娘、網(wǎng)絡(luò)和卷缴啡。 守護(hù)進(jìn)程還可以與其他守護(hù)進(jìn)程通信以管理 Docker 服務(wù)。
The Docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. A daemon can also communicate with other daemons to manage Docker services.

The Docker client

Docker 客戶端 (docker) 是許多 Docker 用戶與 Docker 交互的主要方式撵溃。 當(dāng)您使用諸如 docker run 之類的命令時(shí)，客戶端會將這些命令發(fā)送到 dockerd，后者會執(zhí)行這些命令梧却。 docker 命令使用 Docker API。 Docker 客戶端可以與多個(gè)守護(hù)進(jìn)程通信桃煎。
The Docker client (docker) is the primary way that many Docker users interact with Docker. When you use commands such as docker run, the client sends these commands to dockerd, which carries them out. The docker command uses the Docker API. The Docker client can communicate with more than one daemon.

Docker registries

Docker registry存儲 Docker 鏡像篮幢。 Docker Hub 是一個(gè)任何人都可以使用的公共注冊中心，Docker 默認(rèn)配置為在 Docker Hub 上查找鏡像为迈。 您也可以運(yùn)行自己的私有注冊表三椿。當(dāng)您使用 docker pull 或 docker run 命令時(shí)，所需的圖像將從您配置的Docker registry中提取葫辐。 當(dāng)您使用 docker push 命令時(shí)搜锰，您的圖像將被推送到您配置的Docker registry。
A Docker registry stores Docker images. Docker Hub is a public registry that anyone can use, and Docker is configured to look for images on Docker Hub by default. You can even run your own private registry. When you use the docker pull or docker run commands, the required images are pulled from your configured registry. When you use the docker push command, your image is pushed to your configured registry.

Docker objects

使用 Docker 時(shí)耿战，您是在創(chuàng)建和使用鏡像、容器狈涮、網(wǎng)絡(luò)歌馍、卷、插件和其他對象暴浦。
When you use Docker, you are creating and using images, containers, networks, volumes, plugins, and other objects. This section is a brief overview of some of those objects.

Images

Image是一個(gè)只讀模板歌焦，其中包含創(chuàng)建 Docker 容器的說明独撇。 通常窟社，一個(gè)Image基于另一個(gè)Image灿里，并進(jìn)行了一些額外的自定義。 例如儒拂，您可以構(gòu)建一個(gè)基于 ubuntu Image的Image色鸳，但安裝 Apache 網(wǎng)絡(luò)服務(wù)器和您的應(yīng)用程序命雀，以及使您的應(yīng)用程序運(yùn)行所需的配置詳細(xì)信息。 您可以創(chuàng)建自己的Image吏砂，也可以僅使用其他人創(chuàng)建并在Docker Registry中發(fā)布的映像。 要構(gòu)建您自己的Image淀歇，您可以使用簡單的語法創(chuàng)建一個(gè) Dockerfile匈织，用于定義創(chuàng)建和運(yùn)行Image所需的步驟牡直。 Dockerfile 中的每條指令都會在Image中創(chuàng)建一個(gè)層碰逸。 當(dāng)您更改 Dockerfile 并重建映像時(shí)花竞，只會重建那些已更改的層掸哑。 與其他虛擬化技術(shù)相比苗分，這是使映像如此輕巧摔癣、小巧和快速的部分原因择浊。
An image is a read-only template with instructions for creating a Docker container. Often, an image is based on another image, with some additional customization. For example, you may build an image which is based on the ubuntu image, but installs the Apache web server and your application, as well as the configuration details needed to make your application run. You might create your own images or you might only use those created by others and published in a registry. To build your own image, you create a Dockerfile with a simple syntax for defining the steps needed to create the image and run it. Each instruction in a Dockerfile creates a layer in the image. When you change the Dockerfile and rebuild the image, only those layers which have changed are rebuilt. This is part of what makes images so lightweight, small, and fast, when compared to other virtualization technologies.

Containers

容器是Image的可運(yùn)行實(shí)例琢岩。 您可以使用 Docker API 或 CLI 創(chuàng)建师脂、啟動(dòng)、停止吃警、移動(dòng)或刪除容器糕篇。 您可以將容器連接到一個(gè)或多個(gè)網(wǎng)絡(luò)酌心，為其附加存儲拌消，甚至可以根據(jù)其當(dāng)前狀態(tài)創(chuàng)建新的Image安券。 默認(rèn)情況下墩崩，容器與其他容器及其主機(jī)相對隔離完疫。 您可以控制容器的網(wǎng)絡(luò)泰鸡、存儲或其他底層子系統(tǒng)與其他容器或主機(jī)之間的隔離程度。 容器由其映像以及您在創(chuàng)建或啟動(dòng)它時(shí)提供給它的任何配置選項(xiàng)定義壳鹤。 當(dāng)容器被移除時(shí)盛龄，未存儲在持久存儲中的對其狀態(tài)的任何更改都會消失。
A container is a runnable instance of an image. You can create, start, stop, move, or delete a container using the Docker API or CLI. You can connect a container to one or more networks, attach storage to it, or even create a new image based on its current state. By default, a container is relatively well isolated from other containers and its host machine. You can control how isolated a container’s network, storage, or other underlying subsystems are from other containers or from the host machine. A container is defined by its image as well as any configuration options you provide to it when you create or start it. When a container is removed, any changes to its state that are not stored in persistent storage disappear.

Volumes

卷提供了將容器的特定文件系統(tǒng)路徑連接回主機(jī)的能力余舶。 如果掛載了容器中的目錄，則主機(jī)上也會看到該目錄中的更改赠制。 如果我們在容器重新啟動(dòng)時(shí)掛載相同的目錄挟憔，我們會看到相同的文件政恍。
Volumes provide the ability to connect specific filesystem paths of the container back to the host machine. If a directory in the container is mounted, changes in that directory are also seen on the host machine. If we mount that same directory across container restarts, we’d see the same files.