Docker:基本映像 [英] Docker: base image
问题描述
我试图理解Docker概念,但是我无法理解的一件事:
I am trying to understand Docker concepts but one thing I can not catch:
据我所知,映像(因此是一个容器)可以从不同的Linux发行版中实例化。 ,例如Ubuntu,CentOS等。
As I understand image (consequently - a container) can be instantiated from different linux distributives, such as Ubuntu, CentOS and others.
在主机上运行标准的Ubuntu 14.04,
Let's say on host machine I run standard Ubuntu 14.04,
- 如果我使用未从相同发行版实例化的容器,会发生什么?
- 不是14.04吗?
- 不是Ubuntu(或其他任何基于Debian的)吗?
- 使用所使用图像的不同基础图像有哪些缺点? (假设我使用将Ubuntu用作基础映像的映像A,将Debian用作基础映像的映像B,将CentOS用作基础映像的映像C)?
奖金问题:如果开发人员未在Docker集线器说明中指定该基本映像,该如何判断该映像使用的基本映像?
Bonus question: How can I tell what base image used for an image if developer didn't specified it in a Docker hub description?
谢谢!
推荐答案
Docker不会 >使用LXC(不是从Docker开始0.9 )但libcontainer(现在
runc
),这是一个内置的执行驱动程序,可以以一致且可预测的方式操纵名称空间,控制组,功能,防护配置文件,网络接口和防火墙规则,而无需依赖LXC或任何其他方式其他userland软件包。Docker does not use LXC (not since Docker 0.9) but libcontainer (now
runc
), a built-in execution driver which manipulates namespaces, control groups, capabilities, apparmor profiles, network interfaces and firewalling rules – all in a consistent and predictable way, and without depending on LXC or any other userland package.码头er image表示一组绞盘,它们将在访问主机内核时作为容器运行在它们自己的内存,磁盘和用户空间中。
这不同于VM,VM不访问主机内核,但是访问主机内核。通过管理程序包括自己的硬件/软件堆栈。
一个容器只需在主机中设置限制(磁盘,内存,CPU)。实际的VM必须构建一个全新的主机。A docker image represents a set of files winch will run as a container in their own memory and disk and user space, while accessing the host kernel.
This differs from a VM, which does not access the host kernel but includes its own hardware/software stack through its hypervisor.
A container has just to set limits (disk, memory, cpu) in the host. An actual VM has to build an entire new host.该docker映像(文件组)可以是任何东西,只要:
That docker image (group of files) can be anything, as long as:
- 它不依赖主机库(由于它被隔离在自己的磁盘空间中,因此无法访问主机文件,除非已装入卷)
- 它仅执行系统调用:请参阅 Docker中共享内核的含义是什么?
- it does not depends on host libraries (since it is isolated in its own disk space, it does not have access to hosts files, unless volumes are mounted)
- it does only system calls: see "What is meant by shared kernel in Docker?"
这意味着映像可以是任何东西:另一个Linux发行版,甚至单个可执行文件。例如,可以使用go( https://golang.org/ )编译的任何可执行文件都打包在其自己的docker中没有任何Linux发行版的映像:
That means an image can be anything: another linux distro, or even a single executable file. Any executable compile in go (https://golang.org/) for instance, could be packaged in its own docker image without any linux distro:
FROM scratch COPY my_go_exe / ENTRYPOINT /my_go_exe
从头开始
是空映像,并且是go可执行文件是静态链接的,因此它是独立的,仅取决于对内核的系统调用。scratch
is the "empty" image, and a go executable is statically linked, so it is self-contained and only depends on system calls to the kernel.这篇关于Docker:基本映像的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!