这两天闲来无事,简单入门了一下Docker。主要参考的有阮一峰老师的两篇文章——Docker 入门教程Docker 微服务教程和 yeasy的开源项目Docker — 从入门到实践,照葫芦画瓢简单入门,不过离真正理解认清楚容器的特点、必要性,如何实践在持续交付和部署以及容器云等实际的运维应用还有很长的路要走。当我看到Docker 的OS image例如CentOS/Fedora、Busybox、Alphine等镜像的时候,不禁怀疑,既然我可以docker pull一个很简单命令就可以实现如Nginx, mysql等微服务的启动和部署,那为什么还会存在这些OS image, 这些OS image 的作用是什么?

在解决这个问题之前,首先需要明白几个和容器以及OS相关的定义,英文比较简单,直接从Understanding Docker “Container Host” vs. “Container OS” for Linux and Windows Containers粘过来了,也强烈建议看看这篇文章,对于理解”OS”很有帮助。

Container Host: Also called the Host OS. The Host OS is the operating system on which the Docker client and Docker daemon run. In the case of Linux and non-Hyper-V containers, the Host OS shares its kernel with running Docker containers. For Hyper-V each container has its own Hyper-V kernel.
Container OS: Also called the Base OS. The base OS refers to an image that contains an operating system such as Ubuntu, CentOS, or windowsservercore. Typically, you would build your own image on top of a Base OS image so that you can take utilize parts of the OS. Note that windows containers require a Base OS, while Linux containers do not.
Operating System Kernel: The Kernel manages lower level functions such as memory management, file system, network and process scheduling.

菜鸟回答

基于以上信息,已经可以给出我这种菜鸟回答了:Docker的每一个镜像都必须有一个Base OS, 这个Base OS 可以是 Linux 的发行版,也可以是windows的,上边已经提到,这个Base OS 在Host OS 是Linux的时候可以“不必要”,其实,是一种特殊的Base OS 叫做scratch,文章Create a base image给出了如何基于scratch创建一个Base Image(Base image 和 Base OS image 不是一样的概念!)。

我们所使用的常见的image,基本上都是以一个Host OS image为base的, 暨Dockerfile中都会有类似FROM debian:stretch-slim的基于OS image的语句。以nginx 为例,nginx既有基于debian也有基于alpine的镜像,tag分别是nginx:version和nginx:version-alpine,查看其Dockerfile可以看出,最大的不同点在于一个是FROM debian:stretch-slimFROM alpine:3.7。下载镜像,可以看出其大小的区别,不得不说,基于alpine的和基于debian的镜像大小确实不是一个量级的。文章Docker Base Image OS Size Comparison对不同的Base OS image大小做了一个对比,感兴趣的可以看一看。

1
2
3
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx 1.13.10-alpine 91ce6206f9d8 10 days ago 18MB
nginx 1.13.10 7f70b30f2cc6 10 days ago 109MB

再进一步

文章Operating System Containers vs. Application Containers讲述了虚拟机和容器的实现上的区别,可以很明白地看到,容器是直接基于Host OS kernel的,这也就是为什么在Mac和Windows上的Docker Client是基于Linux VM的[5]。在文章[4]也可以看到,如果是Windows类型的容器,是必须建立在Winndows type的Base image上,或者是一个完整的“虚拟机容器”。

os-virtualization.jpg

Stackoverflow 上有一个回答挺不错的,解释了为什么会有Base image,同样贴出原文,可以很明白的看到,Base image 提供的正式容器运行需要的 root filesystem

Now you should wonder how is it possible to get a process runing inside a linux base image different from the linux distribution your host is running with. For an OS to run you basically need :

  • A boot filesystem : contains the bootloader and the kernel that will reside in memory once loaded. We don’t care about this in the case of Docker containers because the kernel is shared with the host and is the common part between all linux distributions.
  • A root filesystem : contains the filesystem structure. It may be different from one linux distribution to another. It’s read-only until the boot sequence has finished.

如果从Docker的分层架构上来看[8],为什么需要Base image也会明朗许多。 在另一个 Stackoverflow上同样有一个不错的回答,这个回答中说的是userland,感兴趣的也可以看一下。

docker-la<x>yers.png

参考

  1. Docker 入门教程
  2. Docker 微服务教程
  3. Docker — 从入门到实践
  4. Understanding Docker “Container Host” vs. “Container OS” for Linux and Windows Containers
  5. Create a base image
  6. Docker Base Image OS Size Comparison
  7. Operating System Containers vs. Application Containers
  8. OS docker container: what is the difference with a VM then?
  9. Why do we use a OS Base Image with Docker if containers have no Guest OS?