docker 關於管理數據
storage overview
The data won’t persist(持久) when that container is no longer running, and it can be difficult困難 to get the data out of the container容器裏 if another process needs it.
A container’s writable layer is tightly緊密的 coupled耦合 to the host machine where the container is running. You can’t easily輕易的 move the data somewhere else.
Writing into a container’s writable layer requires a storage driver to manage the filesystem. The storage driver provides a union filesystem, using the Linux kernel. This extra abstraction(抽象) reduces performance as compared to using data volumes, which write directly to the host filesystem.與使用直接寫到主機文件系統的數據量相比,這種額外的抽象降低了性能。
mount data into a container(three way):
volumes, bind mounts, or tmpfs volumes.volumes are almost always the right choice.
Choose the right type of mount
No matter which type of mount you choose to use, the data looks the same from within the container. It is exposed as either(任何一個) a directory or an individual(個別的) file in the container’s filesystem.
An easy way to visualize(顯現) the difference(差別) among volumes, bind mounts, and tmpfs mounts is to think about where the data lives on the Docker host(可以考慮數據在Docker主機上的位置)
.
Volumes are stored in a part of the host filesystem which is managed by Docker (/var/lib/docker/volumes/ on Linux). Non-Docker processes非docker進程 should not modify this part of the filesystem. Volumes are the best way to persist持久 data in Docker.
Bind mounts may be stored anywhere任何地方 on the host system. They may even be important 重要system files or directories. Non-Docker processes on the Docker host or a Docker container can modify them at any time.
tmpfs mounts are stored in the host system’s memory only, and are never written to the host system’s filesystem.
More details about mount types
Volumes: Created and managed by Docker. You can create a volume explicitly(明確的) using the docker volume create command, or Docker can create a volume during container or service creation.
When you create a volume, it is stored within a directory on the Docker host. When you mount the volume into a container, this directory is what is mounted into the container. This is similar to the way that bind mounts work, except that volumes are managed by Docker and are isolated from the core functionality of the host machine(主機的核心功能跟李出來).bind mount 是和我們平時掛載文件是一樣的。出來這個是由docker管理的
A given volume can be mounted into multiple containers simultaneously(同時). When no running container is using a volume, the volume is still available(可用) to Docker and is not removed automatically. You can remove unused volumes using docker volume prune.
When you mount a volume, it may be named(命名) or anonymous(匿名). Anonymous volumes are not given an explicit(指定) name when they are first mounted into a container, so Docker gives them a random(隨機的) name that is guaranteed(保證) to be unique(獨一無二) within a given Docker host. Besides the name, named and anonymous volumes behave in the same ways. 匿名和命名卷都是一樣的,只是出來名字之外。
Volumes also support the use of volume drivers, which allow you to store your data on remote hosts or cloud providers, among other possibilities.
Bind mounts: Available(使用) since the early days of Docker. Bind mounts have limited functionality compared to volumes. When you use a bind mount, a file or directory on the host machine is mounted into a container. The file or directory is referenced(引用) by its full path(完整路徑) on the host machine. The file or directory does not need to exist on the Docker host already. It is created on demand(需求) if it does not yet exist. Bind mounts are very performant(高性能), but they rely on the host machine’s filesystem having a specific directory structure(結構) available(可用). If you are developing開發 new Docker applications, consider using named volumes instead. You can’t use Docker CLI commands to directly(直接) manage bind mounts.
警告:使用綁定掛載的副作用之一是,您可以通過在容器中運行的進程更改主機文件系統,包括創建、修改或刪除重要的系統文件或目錄。這是一種強大的功能,可以對安全產生影響,包括對主機系統的非docker進程產生影響。
tmpfs mounts: A tmpfs mount is not persisted on disk, either on the Docker host or within a container(不是在docker主機或者一個容器). It can be used by a container during the lifetime(生命周期) of the container, to store non-persistent state or sensitive(敏感) information. For instance, internally(在內部), swarm services use tmpfs mounts to mount secrets into a service’s containers.
Bind mounts and volumes can both mounted into containers using the -v or --volume flag, but the syntax(語法) for each is slightly different(略有不同). For tmpfs mounts, you can use the --tmpfs flag. However, in Docker 17.06 and higher, we recommend using the --mount flag for both containers and services, for bind mounts, volumes, or tmpfs mounts, as the syntax is more clear.
Good use cases for volumes
Volumes are the preferred(優先的) way to persist data in Docker containers and services. Some use cases for volumes include:
Sharing data among multiple running containers. If you don’t explicitly create it, a volume is created the first time it is mounted into a container. When that container stops or is removed, the volume still exists.
When the Docker host is not guaranteed to have a given directory or file structure. Volumes help you decouple the configuration of the Docker host from the container runtime.(當Docker主機不保證擁有給定的目錄或文件結構時。卷幫助您將Docker主機的配置與容器運行時分離。)
When you want to store your container’s data on a remote host or a cloud provider, rather than locally.
When you need to be able to back up, restore, or migrate data from one Docker host to another, volumes are a better choice. You can stop containers using the volume, then back up the volume’s directory (such as /var/lib/docker/volumes/<volume-name>).
Good use cases for bind mounts
In general, you should use volumes where possible. Bind mounts are appropriate for the following types of use case:
Sharing configuration files from the host machine to containers. This is how Docker provides DNS resolution to containers by default, by mounting /etc/resolv.conf from the host machine into each container.
Good use cases for tmpfs mounts
tmpfs mounts are best used for cases when you do not want the data to persist either on the host machine or within the container. This may be for security reasons or to protect the performance of the container when your application needs to write a large volume of non-persistent state data.當你不想數據持久性。tmpfs掛載最好用於情況。當您的應用程序需要編寫大量非持久狀態數據時,這可能是出於安全考慮,也可能是為了保護容器的性能。
Tips for using bind mounts or volumes
如果您將一個空卷裝入容器中,在這個容器中存在文件或目錄,那麽這些文件或目錄將被傳播(復制)到卷中。類似地,如果您啟動一個容器並指定一個尚未存在的卷,則為您創建一個空卷。這是預填充另一個容器需要的數據的好方法。
如果你掛載一個綁定掛載或非空卷成目錄的容器一些文件或目錄存在,這些文件或目錄被掛載,就像如果你保存文件到/ mnt Linux主機上然後u盤掛載到/ mnt。在USB驅動器被卸載之前,/mnt的內容會被USB驅動器的內容所掩蓋。模糊的文件沒有被刪除或修改,但是在綁定掛載或卷安裝時不可訪問。
本文出自 “11716212” 博客,請務必保留此出處http://11726212.blog.51cto.com/11716212/1975341
docker 關於管理數據