From the left, we see multiple read-only layers, which overlap. All layers except the bottom layer have a pointer to the next layer. These layers are the internal implementation details of Docker and can be accessed in the file system of the host. Union file system technology can integrate different layers into a file system, providing a unified perspective for these layers, thus hiding the existence of multiple layers. From the user's point of view, there is only one file system. We can see the form of this perspective on the right side of the figure.
You can find files about these tiers on your host file system. It should be noted that these layers are not visible in the running container.
/var/lib/docker/
├── aufs
-container
├-Figure
├-Initialization
├ ── Link graph. db
-knowledge base
├── tmp
-Trust
└── Volume
7 directories, 2 files
The definition of container is almost the same as that of image, and it is also a unified perspective of a pile of layers. The only difference is that the top layer of the container is readable and writable.
The definition of a container does not mention whether the container is running or not.
Important: container = mirror image+readable layer. And the definition of the container does not mention whether to run the container.
A running container is defined as a read-write unified file system plus an isolated process space and the processes contained therein. The following figure shows the container in operation.
It is the file system isolation technology that makes Docker a promising technology. Processes in the container can modify, delete and create files, and these changes will be applied to the read-write layer. This behavior is shown below.
Even if the ubuntu container is no longer running, new files can still be found in the host's file system.
/var/lib/docker/aufs/diff/860 a7b...889/happy . txt
In order to integrate scattered data, we put forward the concept of image layer. The following figure depicts a mirror layer. From the pictures, we can find that a layer not only contains the changes of the file system, but also contains other important information.
Metadata is additional information about this layer, which not only enables Docker to obtain information at runtime and build time, but also includes the hierarchical information of the parent layer. It should be noted that both the read-only layer and the read-write layer contain metadata.
In addition, each layer contains a pointer to the parent layer. If a layer does not have this pointer, it means it is at the bottom.
Metadata location:
On my own host, the metadata of the image layer is saved in a file named "json", for example:
/var/lib/docker/graph/e809f 156 DC 985.../json
E809f 156dc985 ... is the id of this floor.
The metadata of a container seems to be divided into many files, but it can be found in /var/lib/docker/containers/
Reference docker container and mirror differences