学习舵轮(kubernetes)和埠(docker) - Docker

以下是学习Docker的笔记，有空加更多中文注释。

正如前文所说的，使用一站式的Kubernetes，离不开docker或其它工具软件来创建container image。前面解释过为什么不为每个服务应用都设置一台计算机，那样的话既占用资源，又费时费力，而且不易扩展调整，复制和复用，维护也很麻烦，成本很高。那么为什么用container 而不用VM？VM和container之间的不同：

• The VM is a hardware abstraction: it takes physical CPUs and RAM from a host, and divides and shares it across several smaller virtual machines. There is an OS and application running inside the VM, but the virtualization software usually has no real knowledge of that. 
• A container is an application abstraction: the focus is really on the OS and the application, and not so much the hardware abstraction. Many customers actually use both VMs and containers today in their environments and, in fact, may run containers inside of VMs. 

Docker是什么？又一个great开源软件，如wikipedia介绍的：Docker is used to run software packages called "containers". Containers are isolated from each other and bundle their own application, tools, libraries and configuration files; they can communicate with each other through well-defined channels. All containers are run by a single operating-system kernel and are thus more lightweight than virtual machines. Containers are created from "images" that specify their precise contents. Images are often created by combining and modifying standard images downloaded from public repositories.

Docker网站这样说：Docker unlocks the potential of every organization with a container platform that brings traditional applications and microservices built on Window, Linux and mainframe into an automated and secure supply chain, advancing dev to ops collaboration.
As a result, organizations report a 300 percent improvement in time to market, while reducing operational costs by 50 percent. Inspired by open source innovation and a rich ecosystem of technology and go-to-market partners, Docker’s container platform and services are used by millions of developers and more than 650 Global 10K commercial customers including ADP, GE, MetLife, PayPal and Societe Generale.

Microsoft在这里也有关于container和Docker的讲解：

Containers are an isolated, resource controlled, and portable runtime environment which runs on a host machine or virtual machine. An application or process which runs in a container is packaged with all the required dependencies and configuration files; It’s given the illusion that there are no other processes running outside of its container.

The container’s host provisions a set of resources for the container and the container will use only these resources. As far as the container knows, no other resources exist outside of what it has been given and therefore the container cannot touch resources which may have been provisioned for a neighboring container.

Docker is the vessel by which container images are packaged and delivered. This automated process produces images (effectively templates) which may then be run anywhere—on premises, in the cloud, or on a personal machine—as a container.

开始学习使用docker, 你最好注册一个免费账号在https://hub.docker.com/ =>类似GitHub，这个hub可以提供docker image存储，share images, automate workflows, and more with a docker ID. 免费账号好像只允许创建一个私有项目，但没有public项目的限制，就是说只要是public project，创建多少个都行。这样就鼓励大家共享design，正是开源之风。For free amount, allow to create one private repository for free (no limit of public repository?), and allow to create an organization, and provide many official images. 
To public a new image of my_project, run: docker login ; docker push my_username/my_project:tagname (use exist tagname but not creating new tag here, otherwise got error:tag does not exist).

开始学习使用docker可以从这开始：https://docs.docker.com/get-started/ => more examples and ideas
一些常用命令：

docker container run hello-world => run hello-world

docker image ls => ls image on system

docker run -it ubuntu bash => run an ubuntu container

Alpine Linux is a lightweight Linux distribution so it is quick to pull down and run, making it a popular starting point for many other images: docker container run alpine ls -l => ls then container exit

docker container run -it alpine /bin/sh => running interactive shell

docker container ls -a

docker container start

docker container exec ls

docker container diff => shows change of the container

docker container commit CONTAINER_ID => commit change

docker image tag ourfiglet => tag ‘ourfiglet’ for image committed by above, run: docker container run ourfiglet figlet hello

一些docker的concept：

• Images - The file system and configuration of our application which are used to create containers. To find out more about a Docker image, run docker image inspect alpine. In the demo above, you used the docker image pull command to download the alpine image. When you run the command docker container run hello-world, it also did a docker image pull behind the scenes to download the hello-world image.
• Containers - Running instances of Docker images — containers run the actual applications. A container includes an application and all of its dependencies. It shares the kernel with other containers, and runs as an isolated process in user space on the host OS. You created a container using docker run which you did using the alpine image that you downloaded. A list of running containers can be seen using the docker container ls command.
• Docker daemon - The background service running on the host that manages building, running and distributing Docker containers.
• Docker client - The command line tool that allows the user to interact with the Docker daemon.
• Docker Store - Store is, among other things, a registry of Docker images. Think of the registry as a directory of all available Docker images.

创建docker image需要一个特殊的文件，文件名是‘Dockerfile'。这个文件就像GNU的Makefile，或一个project的项目文件。例如我创建了一个如下NodeJS code index.js:

var os = require("os");
var hostname = os.hostname();
console.log("hello from " + hostname);

我可以创建如下Dockerfile:

FROM alpine
RUN apk update && apk add nodejs
COPY . /app
WORKDIR /app
CMD ["node","index.js"]

如上的两个文件，短短8行code就可以用docker创建一个运行NodeJS的linux container：

Run: docker image build -t hello:v0.1 . 
then run: docker container run hello:v0.1 => got: hello from 92d79b6de29f

Image actually is built in layers.
docker image history =>show several intermediate IMAGE with CREATED BY etc. Sequential update and make new image may take some cached layers.

docker image pull alpine => pull alpine image;
docker image inspect alpine => check detail of alpine image;
docker image inspect --format "{{ json .RootFS.Layers }}" alpine => to get layers: ["sha256:60ab55d3379d47c1ba6b6225d59d10e1f52096ee9d5c816e42c635ccc57a5a2b"], as alpine is small, so only one layer here; docker image inspect --format "{{ json .RootFS.Layers }}" => shows more layers.

Applications that create and store data (databases, for example) can store their data in a special kind of Docker object called a volume, so that data can persist and be shared with other containers.

• Layers - A Docker image is built up from a series of layers. Each layer represents an instruction in the image’s Dockerfile. Each layer except the last one is read-only.
• Dockerfile - A text file that contains all the commands, in order, needed to build a given image. The Dockerfile reference page lists the various commands and format details for Dockerfiles.
• Volumes - A special Docker container layer that allows data to persist and be shared separately from the container itself. Think of volumes as a way to abstract and manage your persistent data separately from the application itself.

Image names must be unique and are specified in the format /:. Such as “ubuntu” and “alpine”, since there is no repository specified, will pull from a default public repository called “library” which is maintained by us at Docker. And if not specify a tag, the default is to look for a tag named “latest” and use that. The tags generally specify versions (although this is not a requirement).

Docker supplies two tools: Docker Compose and Docker Swarm Mode. The two tools have some similarities but some important differences:

• Compose is used to control multiple containers on a single system. Much like the Dockerfile we looked at to build an image, there is a text file that describes the application: which images to use, how many instances, the network connections, etc.
• Swarm Mode tells Docker that you will be running many Docker engines and you want to coordinate operations across all of them. Swarm mode combines the ability to not only define the application architecture, like Compose, but to define and maintain high availability levels, scaling, load balancing, and more. With all this functionality, Swarm mode is used more often in production environments than it’s more simplistic cousin, Compose.

docker swarm init --advertise-addr $(hostname -i) =>create a Swart manager
to add worker: docker swarm join --token from another node.
To add a manager to this swarm, run 'docker swarm join-token manager'

Run docker node ls on the manager to check nodes.

A stack is a group of services that are deployed together: multiple containerized components of an application that run in separate instances. Each individual service can actually be made up of one or more containers, called tasks and then all the tasks & services together make up a stack.

Dockerfile文件的文法 (refer to https://docs.docker.com/engine/reference/builder):

• FROM specifies the base image to use as the starting point for this new image you’re creating.
• ENV sets the environment variable to the value .
• RUN will execute any commands in a new layer on top of the current image and commit the results.
• COPY copies files from the Docker host into the image, at a known location.
• EXPOSE documents which ports the application uses.
• VOLUME creates a mount point with the specified name. Refer to storage

CMD specifies what command to run when a container is started from the image.