Detailed explanation of the principle of Docker image layering

Base image

The base image has two meanings:

• Does not depend on other images, build from scratch
• Other images can be expanded upon

Therefore, base images are generally Docker images of various Linux distributions, such as Ubuntu, Debian or CentOS.

The base image provides the Linux distribution with the minimum installation.

Most of our images will be built based on the base image. Therefore, the officially released base image is usually used. It can be found in Docker Hub. For example, centos: https://hub.docker.com/_/centos

We can build a docker base image ourselves, or we can directly use an existing base image. For example, centos. We can pull it directly from docker hub.
Pull

docker pull centos

Check

docker images centos 
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 1e1148e4cc2c 2 months ago 202MB

You can see that the latest centos image is only 200mb. Do you think it is too small? This is because the Docker image directly uses the kernel of the Docker host machine when it runs.

The Linux operating system consists of user space and kernel space.

The kernel space is kernel, and the user space is rootfs. The difference between different distributions is mainly rootfs. For example, Ubuntu 14.04 uses upstart to manage services and apt to manage software packages, while CentOS 7 uses systemd and yum. These are differences in user space, and the kernel does not differ much.

Therefore, Docker can support multiple Linux images at the same time and simulate different operating system environments.

The base image only has the same user space and release version, and the kernel space uses the kernel of the Docker host machine.

Storage Structure

The above shows how to download a base image. We usually build our own image based on this base image. For example, add an nginx load balancing in centos. First of all, you need to understand what the structure of the image is.

Official documentation: https://docs.docker.com/storage/storagedriver/

Docker image layer structure

When you start an image, a new writable layer is loaded on top of the image. This layer is usually called the "container layer", below which is the "image layer".

The container layer can be read and written, and all file changes and writes in the container occur at this layer. The image layer only allows reading, read-only.

Copy-on-write

Docker uses a modification-time copy strategy to ensure the security of the base image, as well as higher performance and space utilization.

• When the container needs to read a file

Start from the top image layer and search downwards. After finding it, read it into the memory. If it is already in the memory, you can use it directly. In other words, Docker containers running on the same machine share the same files at runtime.

• When the container needs to modify the file

Search from top to bottom, and copy it to the container layer after finding it. For the container, you can see the file in the container layer, but not the file in the image layer. Then you can directly modify the file in the container layer.

• When the container needs to delete a file

Search from top to bottom, and record the deletion in the container after finding it. This is not a real deletion, but a soft deletion. This causes the image size to only increase, not decrease.

When the container needs to add files, it is added directly to the top-level container writable layer without affecting the image layer.

Streamlining and optimization of images

Optimizing the base image

When selecting a base image, choose a suitable smaller image. Commonly used Linux system images include Ubuntu, CentOs, Alpine, etc.

Chaining Dockerfile instructions

In a Dockerfile, each instruction creates an image layer, which increases the size of the image. Modifications to the current layer will not affect the previous layer.

• Use && to chain instructions (in RUN instructions)
• Remember to clean after installing the software

Specific examples are as follows:

Custom Dockerfile:

FROM ubuntu:14.04
#Basic source image MAINTAINER xiongkun
#Describe the creator of the image, name and email WORKDIR /home
RUN dd if=/dev/zero of=50M.file bs=1M count=50
#Create a test file of size 50M RUN rm -rf 50M.file
#Delete the file

Optimized Dockerfile:

FROM ubuntu:14.04
#Basic source image MAINTAINER xiongkun
#Describe the creator of the image, name and email WORKDIR /home
RUN dd if=/dev/zero of=50M.file bs=1M count=50 && rm -rf 50M.file
#Create a file and delete it at the same layer

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.