translated

sources/tech/20210831 What is a container image.md

@@ -1,126 +0,0 @@
-[#]: subject: "What is a container image?"
-[#]: via: "https://opensource.com/article/21/8/container-image"
-[#]: author: "Nived V https://opensource.com/users/nivedv"
-[#]: collector: "lujun9972"
-[#]: translator: "geekpi"
-[#]: reviewer: " "
-[#]: publisher: " "
-[#]: url: " "
-
-What is a container image?
-======
-A container image contains a packaged application, along with its
-dependencies, and information on what processes it runs when launched.
-![Shipping containers stacked][1]
-
-Containers are a critical part of today's IT operations. A _container image_ contains a packaged application, along with its dependencies, and information on what processes it runs when launched.
-
-You create container images by providing a set of specially formatted instructions, either as commits to a registry or as a Dockerfile. For example, this Dockerfile creates a container for a PHP web application:
-
-
-```
-FROM registry.access.redhat.com/ubi8/ubi:8.1
-
-RUN yum --disableplugin=subscription-manager -y module enable php:7.3 \
-  && yum --disableplugin=subscription-manager -y install httpd php \
-  && yum --disableplugin=subscription-manager clean all
-
-ADD index.php /var/www/html
-
-RUN sed -i 's/Listen 80/Listen 8080/' /etc/httpd/conf/httpd.conf \
-  && sed -i 's/listen.acl_users = apache,nginx/listen.acl_users =/' /etc/php-fpm.d/www.conf \
-  && mkdir /run/php-fpm \
-  && chgrp -R 0 /var/log/httpd /var/run/httpd /run/php-fpm \
-  && chmod -R g=u /var/log/httpd /var/run/httpd /run/php-fpm
-
-EXPOSE 8080
-USER 1001
-CMD php-fpm & httpd -D FOREGROUND
-```
-
-Each instruction in this file adds a _layer_ to the container image. Each layer only adds the difference from the layer below it, and then, all these layers are stacked together to form a read-only container image.
-
-### How does that work?
-
-You need to know a few things about container images, and it's important to understand the concepts in this order:
-
-  1. Union file systems
-  2. Copy-on-Write
-  3. Overlay File Systems
-  4. Snapshotters
-
-
-
-### Union File Systems (Aufs)
-
-The Union File System (UnionFS) is built into the Linux kernel, and it allows contents from one file system to be merged with the contents of another, while keeping the "physical" content separate. The result is a unified file system, even though the data is actually structured in branches.
-
-The idea here is that if you have multiple images with some identical data, instead of having this data copied over again, it's shared by using something called a _layer_.
-
-![UnionFS][2]
-
-Image CC BY-SA opensource.com
-
-Each layer is a file system that can be shared across multiple containers, e.g., The httpd base layer is the official Apache image and can be used across any number of containers. Imagine the disk space we just saved since we are using the same base layer for all our containers.
-
-These image layers are always read-only, but when we create a new container from this image, we add a thin writable layer on top of it. This writable layer is where you create/modify/delete or make other changes required for each container.
-
-### Copy-on-write
-
-When you start a container, it appears as if the container has an entire file system of its own. That means every container you run in the system needs its own copy of the file system. Wouldn't this take up a lot of disk space and also take a lot of time for the containers to boot? No—because every container does not need its own copy of the filesystem!
-
-Containers and images use a copy-on-write mechanism to achieve this. Instead of copying files, the copy-on-write strategy shares the same instance of data to multiple processes and copies only when a process needs to modify or write data. All other processes would continue to use the original data. Before any write operation is performed in a running container, a copy of the file to be modified is placed on the writeable layer of the container. This is where the _write_ takes place. Now you know why it's called _copy-on-write_.
-
-This strategy optimizes both image disk space usage and the performance of container start times and works in conjunction with UnionFS.
-
-### Overlay File System
-
-An overlay sits on top of an existing filesystem, combines an upper and lower directory tree, and presents them as a single directory. These directories are called _layers_. The lower layer remains unmodified. Each layer adds only the difference (the _diff_, in computing terminology) from the layer below it, and this unification process is referred to as a _union mount_.
-
-The lowest directory or an Image layer is called _lowerdir_, and the upper directory is called _upperdir_. The final overlayed or unified layer is called _merged._
-
-![Layered file system][3]
-
-Image CC BY-SA opensource.com
-
-Common terminology consists of these layer definitions:
-
-  * Base layer is where the files of your filesystem are located. In terms of container images, this layer would be your base image.
-  * Overlay layer is often called the _container layer_, as all the changes that are made to a running container, as adding, deleting, or modifying files, are written to this writable layer. All changes made to this layer are stored in the next layer, and is a _union_ view of the Base and Diff layers.
-  * Diff layer contains all changes made in the Overlay layer. If you write something that's already in the Base layer, then the overlay file system copies the file to the Diff layer and makes the modifications you intended to write. This is called a _copy-on-write_.
-
-
-
-# Snapshotters
-
-Containers can build, manage, and distribute changes as a part of their container filesystem using layers and graph drivers. But working with graph drivers is really complicated and is error-prone. SnapShotters are different from graph drivers, as they have no knowledge of images or containers.
-
-Snapshotters work very similar to Git, such as the concept of having trees, and tracking changes to trees for each commit. A _snapshot_ represents a filesystem state. Snapshots have parent-child relationships using a set of directories. A _diff can_ be taken between a parent and its snapshot to create a layer.
-
-The Snapshotter provides an API for allocating, snapshotting, and mounting abstract, layered file systems.
-
-### Wrap up
-
-You now have a good sense of what container images are and how their layered approach makes containers portable. Next up, I'll cover container runtimes and internals.
-
-* * *
-
-_This article is based on a [techbeatly][4] article and has been adapted with permission._
-
---------------------------------------------------------------------------------
-
-via: https://opensource.com/article/21/8/container-image
-
-作者：[Nived V][a]
-选题：[lujun9972][b]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]: https://opensource.com/users/nivedv
-[b]: https://github.com/lujun9972
-[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/bus-containers.png?itok=d_4QhZxT (Shipping containers stacked)
-[2]: https://opensource.com/sites/default/files/unionfs.png (UnionFS)
-[3]: https://opensource.com/sites/default/files/rect1036.png (Layered file system)
-[4]: https://medium.com/techbeatly/container-part-ii-images-4f2139194775

translated/tech/20210831 What is a container image.md

@@ -0,0 +1,126 @@
+[#]: subject: "What is a container image?"
+[#]: via: "https://opensource.com/article/21/8/container-image"
+[#]: author: "Nived V https://opensource.com/users/nivedv"
+[#]: collector: "lujun9972"
+[#]: translator: "geekpi"
+[#]: reviewer: " "
+[#]: publisher: " "
+[#]: url: " "
+
+什么是容器镜像？
+======
+容器镜像包含一个打包的应用，以及它的依赖关系，还有它在启动时运行的进程信息。
+
+![Shipping containers stacked][1]
+
+容器是当今 IT 运维的一个关键部分。一个_容器镜像_包含了一个打包的应用，以及它的依赖关系，还有它在启动时运行的进程信息。
+
+你通过提供一组特殊格式的指令来创建容器镜像，可以是提交给 Registry，或者是 Dockerfile。 例如，这个 Dockerfile 为 PHP Web 应用创建了一个容器：
+
+
+```
+FROM registry.access.redhat.com/ubi8/ubi:8.1
+
+RUN yum --disableplugin=subscription-manager -y module enable php:7.3 \
+ && yum --disableplugin=subscription-manager -y install httpd php \
+ && yum --disableplugin=subscription-manager clean all
+
+ADD index.php /var/www/html
+
+RUN sed -i 's/Listen 80/Listen 8080/' /etc/httpd/conf/httpd.conf \
+ && sed -i 's/listen.acl_users = apache,nginx/listen.acl_users =/' /etc/php-fpm.d/www.conf \
+ && mkdir /run/php-fpm \
+ && chgrp -R 0 /var/log/httpd /var/run/httpd /run/php-fpm \
+ && chmod -R g=u /var/log/httpd /var/run/httpd /run/php-fpm
+
+EXPOSE 8080
+USER 1001
+CMD php-fpm & httpd -D FOREGROUND
+```
+
+这个文件中的每条指令都会在容器镜像中增加一个_层_。每一层只增加与下面一层的区别，然后，所有这些层叠在一起，形成一个只读的容器镜像。
+
+### 这是怎么做到的？
+
+你需要知道一些关于容器镜像的事情，按照这个顺序理解这些概念很重要：
+
+  1. Union 文件系统
+  2. 写入时复制
+  3. Overlay 文件系统
+  4. SnapShotters
+
+
+
+### Union 文件系统（Aufs）
+
+Union 文件系统（UnionFS）内置于 Linux 内核中，它允许将一个文件系统的内容与另一个文件系统的内容合并，同时保持“物理”内容的分离。其结果是一个统一的文件系统，即使数据实际上是以分支形式组织。
+
+这里的想法是，如果你有多个镜像有一些相同的数据，不是让这些数据再次复制过来，而是通过使用一个叫做_层_的东西来共享。
+
+![UnionFS][2]
+
+图片 CC BY-SA opensource.com
+
+每一层都是一个可以在多个容器中共享的文件系统，例如，httpd 基础层是 Apache 的官方镜像，可以在任何数量的容器中使用。想象一下，由于我们在所有的容器中使用相同的基础层，我们节省了多少磁盘空间。
+
+这些镜像层总是只读的，但是当我们用这个镜像创建一个新的容器时，我们会在它上面添加一个薄的可写层。这个可写层是你创建/修改/删除或进行每个容器所需的其他修改的地方。
+
+### 写时复制
+
+当你启动一个容器时，看起来好像这个容器有自己的整个文件系统。这意味着你在系统中运行的每个容器都需要自己的文件系统副本。这岂不是要占用大量的磁盘空间，而且还要花费大量的时间让容器启动？不是的，因为每个容器都不需要它自己的文件系统副本!
+
+容器和镜像使用写时复制机制来实现这一点。写时复制策略不是复制文件，而是将同一个数据实例分享给多个进程，并且只在一个进程需要修改或写入数据时进行复制。所有其他进程将继续使用原始数据。在运行中的容器中执行任何写操作之前，要修改的文件的副本被放在容器的可写层上。这就是发生_写_的地方。现在你知道为什么它被称为“写时复制”了么。
+
+这种策略既优化了镜像磁盘空间的使用，也优化了容器启动时间的性能，并与 UnionFS 一起工作。
+
+### Overlay 文件系统
+
+Overlay 文件系统位于现有文件系统的顶部，结合了上层和下层的目录树，并将它们作为一个单一的目录来呈现。这些目录被称为_层_。下层保持不被修改。每一层只增加与下一层的差异（计算术语为 _diff_），这种统一的过程被称为 _union 挂载_。
+
+最低的目录或镜像层被称为 _lowerdir_，上面的目录被称为 _upperdir_。最后的覆盖层或统一层被称为 _merged_。
+
+![Layered file system][3]
+
+图片 CC BY-SA opensource.com
+
+常见的术语包括这些层的定义：
+
+  * 基础层是你的文件系统的文件所在的地方。就容器镜像而言，这个层就是你的基础镜像。
+  * Overlay 层通常被称为_容器层_，因为对运行中的容器所做的所有改变，如添加、删除或修改文件，都会写到这个可写层。对这一层所做的所有修改都存储在下一层，是基础层和 Diff 层的 _union_ 视图。
+  * Diff 层包含了在 Overlay 层所作的所有修改。如果你写的东西已经在基础层了，那么 Overlay 文件系统就会把文件复制到 Diff层，并做出你想写的修改。这被称为_写时复制_。
+
+
+
+# SnapShotters
+
+容器可以使用层和图形驱动程序构建、管理和分发更改作为其容器文件系统的一部分。。但是使用图形驱动的工作真的很复杂，而且容易出错。SnapShotters 与图形驱动不同，因为它们不了解镜像或容器。
+
+Snapshotters 的工作方式与 Git 非常相似，比如有树的概念，并跟踪每次提交对树的改变。一个_快照_代表一个文件系统状态。快照有父子关系，使用一组目录。可以在父级和其快照之间进行 _diff_，以创建一个层。
+
+Snapshotter 提供了一个用于分配、快照和挂载抽象的分层文件系统的 API。
+
+### 总结
+
+你现在对什么是容器镜像以及它们的分层方法如何使容器可移植有了很好的认识。接下来，我将介绍容器的运行机制和内部结构。
+
+* * *
+
+_本文基于 [techbeatly][4] 的文章，经许可后改编。_
+
+--------------------------------------------------------------------------------
+
+via: https://opensource.com/article/21/8/container-image
+
+作者：[Nived V][a]
+选题：[lujun9972][b]
+译者：[geekpi](https://github.com/geekpi)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://opensource.com/users/nivedv
+[b]: https://github.com/lujun9972
+[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/bus-containers.png?itok=d_4QhZxT (Shipping containers stacked)
+[2]: https://opensource.com/sites/default/files/unionfs.png (UnionFS)
+[3]: https://opensource.com/sites/default/files/rect1036.png (Layered file system)
+[4]: https://medium.com/techbeatly/container-part-ii-images-4f2139194775