Tmp2: Difference between revisions
| Line 67: | Line 67: | ||
Docker uses a ''union filesystem'' to combine all [[#Layer|layers]] within an image into a single coherent filesystem. | Docker uses a ''union filesystem'' to combine all [[#Layer|layers]] within an image into a single coherent filesystem. | ||
Revision as of 06:39, 5 December 2017
tmp2
Docker and State Management
Environment Variables
Containerized applications must avoid maintaining configuration in filesystem files - if they do, it limits the reusability of the container. A common pattern used to handle application configuration is to move configuration state into environment variables that can be passed to the application from the container. Docker supports environment variables natively, they are stored in the metadata that makes up a container configuration, and restarting the container will ensure the same configuration is passed to the application each time.
Storing Files
Storing state into the container's filesystem will not perform well. The space is extremely limited and the state will not be preserved across the container lifecycle.
Application State
The best use case for Docker is an application that can store state in a centralized location that could be accessed regardless of which host the container runs on.
Image
A container image is a read-only template consisting of one or more filesystem layers and metadata describing its needs and capabilities. Together they represent all the files required to run an application - the container image encapsulates all the dependencies of an application and configuration, and it can be deployed on any environment that has support for running containers. The same bundle can be assembled, tested and shipped to production without any change. Container images are a packaging technology.
The image is produced by the build command, as the sole artifact of the build process. When an image needs to be rebuilt, every single layer after the first introduced change will need to be rebuilt. Each image has a tag.
Docker defines its own DSL (Domain Specific Language) for creating Docker images.
Layer
Layered Image
Each set of new changes made during the container build process is laid in top of previous changes. In general, each individual build step used to create the image corresponds to one filesystem layer. Each layer is identified by an unique long hexadecimal number named hash. The hash is usually shortened to 12 digits. If a shared image is updated, all containers that use it must be re-created.
The layers are version controlled.
Image Registry
- Docker Registry https://docs.docker.com/registry/
A Docker registry is a service that is storing Docker images and metadata about those images. Examples:
The local Docker instance is configured with a number of registry it accesses, which can be listed with docker info:
docker info ... Registry: https://registry.access.redhat.com/v1/ Insecure Registries: 172.30.0.0/16 127.0.0.0/8 Registries: registry.access.redhat.com (secure), registry.access.redhat.com (secure), docker.io (secure)
TODO: how is a docker instance configured with specific registries?
Tag
Tag is alphanumeric identifier of the images within a repository. It is a form of Docker revision control. Tags are needed because application develop over time, and a single image name can actually refer to many different versions of the same image.
An image is uniquely identified by its hash and possibly by one or several tags.
Union Filesystem
Docker uses a union filesystem to combine all layers within an image into a single coherent filesystem.