Docker GitHub 網站中 以技術者的角度翻譯

Docker 是一個開源的輕量級容器項目,用於讓你的應用在它上面打包、集裝和運行。
Docker 運行的環境既包含未知硬件也包含未知操做系統。這句話的意思是它能夠運行在任何地方,小到你的筆記本大到一個大型的雲計算實體,除此以外也不須要你掌握或用到任何特定的開發語言、框架或者打包系統。這使得他們可以在不依賴任何特定堆棧或者提供者的狀況下部署可擴展的web應用程序、數據庫或者後臺服務。
Docker 的前身是dotCloud旗下的一款開源的部署引擎的實現,一款很受歡迎接口服務平臺。它成功直接收益於積累了多年的大規模操做和支持數十萬應用程序和數據庫
一個共同的方法是用虛擬機去構建應用程序和沙箱環境去運行驗證。典型的虛擬機格式是VMware的VMDK,Oracle VirtualBox的VDI,和亞馬遜的EC2 AMI。從理論上講,這些格式須要容許每個開發者將他們的應用程序自動打包成一個「machine」,以便分發和部署;實際狀況是,有一些因數讓這幾乎不會實現:
四、硬件中心:VMs設計之初更多的考慮操做系統層面,並非軟件開發層面。所以,他們提供了極少的、用於建立、測試、運行開發軟件的工具給開發人員。舉個例子,VMs 沒有提供設施和工具用於應用程序版本控制,監控、配置、日誌和服務發現。
經過對比,Docker經過依賴不一樣的沙箱方法來實現集裝箱。不像傳統的虛擬化,集裝箱在內核級運行,大多數現代操做系統內核如今支持必要的集裝箱的原語,這些操做系統包括Linux 的 openvz,vserver 和最近的 lxc,Solaris 的 zones,和 FreeBSD的jails.
Docker給開發者一個簡單的方法來在一個地方表達本身全部的應用程序的依賴關係解決相依性地獄的問題,同時簡化組裝過程。若是這讓你以爲XKCD 927,別擔憂。Docker不會取代你最喜歡的包裝系統。它只是協調他們的使用在一個簡單的和可重複的方式。它是怎麼作到的?在層級間嗎。

FROM ubuntu:12.04
RUN apt-get update && apt-get install -y python python-pip curl
RUN curl -sSL | tar -xzv
RUN cd helloflask-master && pip install -r requirements.txtios



Docker is an open source project to pack, ship and run any application as a lightweight container.web

Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest cloud compute instance and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider.docker

Docker began as an open-source implementation of the deployment engine which powered dotCloud, a popular Platform-as-a-Service. It benefits directly from the experience accumulated over several years of large-scale operation and support of hundreds of thousands of applications and


Security Disclosure

Security is very important to us. If you have any issue regarding security, please disclose the information responsibly by sending an email to and not by creating a GitHub issue.數據庫

Better than VMs

A common method for distributing applications and sandboxing their execution is to use virtual machines, or VMs. Typical VM formats are VMware's vmdk, Oracle VirtualBox's vdi, and Amazon EC2's ami. In theory these formats should allow every developer to automatically package their application into a "machine" for easy distribution and deployment. In practice, that almost never happens, for a few reasons:express

  • Size: VMs are very large which makes them impractical to store and transfer.
  • Performance: running VMs consumes significant CPU and memory, which makes them impractical in many scenarios, for example local development of multi-tier applications, and large-scale deployment of cpu and memory-intensive applications on large numbers of machines.
  • Portability: competing VM environments don't play well with each other. Although conversion tools do exist, they are limited and add even more overhead.
  • Hardware-centric: VMs were designed with machine operators in mind, not software developers. As a result, they offer very limited tooling for what developers need most: building, testing and running their software. For example, VMs offer no facilities for application versioning, monitoring, configuration, logging or service discovery.

By contrast, Docker relies on a different sandboxing method known as containerization. Unlike traditional virtualization, containerization takes place at the kernel level. Most modern operating system kernels now support the primitives necessary for containerization, including Linux with openvz, vserver and more recently lxc, Solaris with zones, and FreeBSD with Jails.編程

Docker builds on top of these low-level primitives to offer developers a portable format and runtime environment that solves all four problems. Docker containers are small (and their transfer can be optimized with layers), they have basically zero memory and cpu overhead, they are completely portable, and are designed from the ground up with an application-centric design.

Perhaps best of all, because Docker operates at the OS level, it can still be run inside a VM!

Plays well with others

Docker does not require you to buy into a particular programming language, framework, packaging system, or configuration language.

Is your application a Unix process? Does it use files, tcp connections, environment variables, standard Unix streams and command-line arguments as inputs and outputs? Then Docker can run it.

Can your application's build be expressed as a sequence of such commands? Then Docker can build it.

Escape dependency hell

A common problem for developers is the difficulty of managing all their application's dependencies in a simple and automated way.

This is usually difficult for several reasons:

  • Cross-platform dependencies. Modern applications often depend on a combination of system libraries and binaries, language-specific packages, framework-specific modules, internal components developed for another project, etc. These dependencies live in different "worlds" and require different tools - these tools typically don't work well with each other, requiring awkward custom integrations.

  • Conflicting dependencies. Different applications may depend on different versions of the same dependency. Packaging tools handle these situations with various degrees of ease - but they all handle them in different and incompatible ways, which again forces the developer to do extra work.

  • Custom dependencies. A developer may need to prepare a custom version of their application's dependency. Some packaging systems can handle custom versions of a dependency, others can't - and all of them handle it differently.

Docker solves the problem of dependency hell by giving the developer a simple way to express all their application's dependencies in one place, while streamlining the process of assembling them. If this makes you think of XKCD 927, don't worry. Docker doesn't replace your favorite packaging systems. It simply orchestrates their use in a simple and repeatable way. How does it do that? With layers.

Docker defines a build as running a sequence of Unix commands, one after the other, in the same container. Build commands modify the contents of the container (usually by installing new files on the filesystem), the next command modifies it some more, etc. Since each build command inherits the result of the previous commands, the order in which the commands are executed expresses dependencies.

Here's a typical Docker build process:

FROM ubuntu:12.04
RUN apt-get update && apt-get install -y python python-pip curl
RUN curl -sSL | tar -xzv RUN cd helloflask-master && pip install -r requirements.txt

Note that Docker doesn't care how dependencies are built - as long as they can be built by running a Unix command in a container.
