Docker core concepts¶

Docker is a platform designed to enable developers to package applications and their dependencies into a lightweight, portable container, which can then be published to any popular Linux machine or used for virtualization^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].

Core concepts¶

Docker's functionality relies on three primary concepts: Images, Containers, and Repositories^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].

Images (镜像)¶

An Image is a read-only template that serves as the foundation for creating containers^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].

Structure: Image names typically follow the format ${registry_name}/${repository_name}/${image_name}:${tag_name}^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md]. For example, docker.io/library/alpine:3.10.1.
Layered Storage: Images are composed of multiple layers. When pushing or pulling images, only the changed layers are transferred, rather than the entire image^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].
Management: Common operations include listing local images with docker images or docker image ls, tagging images with docker tag, and removing images with docker rmi^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].

Containers (容器)¶

A Container is a runnable instance of an image^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].

Isolation: Docker uses containers (often described as sandboxes) to isolate applications, ensuring consistency across development, testing, and production environments^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].
Lifecycle: Users can create and start containers using docker run^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md]. Running processes can be viewed with docker ps, while all containers (including stopped ones) are listed with docker ps -a^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].
Persistence: By default, file system changes inside a container are ephemeral. To persist data or share files between the host and the container, data volumes are mounted using the -v flag^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].

Repositories (仓库)¶

A Repository is a place used to store and distribute Docker images^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].

Registry: Docker Hub (docker.io) is the default public registry^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].
Operations: Users can search for images using docker search, download images using docker pull, and upload local images to a remote repository using docker push^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].
Access Management: Publishing images typically requires logging into the registry via docker login^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].

Networking types¶

Docker supports several networking modes to control how containers communicate with each other and the outside world^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md]:

Bridge (NAT): The default mode where the container receives an IP address from a private internal network, utilizing Network Address Translation to connect to the outside^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].
Host (Open): The container shares the host's network stack, removing isolation between the container and the host's network interfaces^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].
None (Close): Networking is disabled for the container^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].
Container (Join): The container shares the network namespace with another specific container^[400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md].

Dockerfile
[[Virtualization]]
[[Microservices]]

Sources¶

400-devops__06-Kubernetes__k8s-paas__01.Docker（已熟悉的可以从第二章开始）.md