1. 概念解释
1.1. Docker
Docker是一个用于在集中式平台上创建、部署和运行应用程序的开源工具。这使得主机的操作系统通过容器运行具有相同Linux内核的应用程序,而不是创建一个完整的虚拟机。使用docker容器不需要考虑Ram和磁盘空间的分配。它能够自己处理这些需求。
Docker只提供了应用程序的虚拟化,通过cgroup、namespace实现资源隔离,资源限制配置参见resource_constraints。
Docker容器将应用和其依赖环境全部打包到一个单一对象中,在不包含完整的操作系统的情况下就能运行普通应用,更加轻量级,可移植性更好。所以它成为了PaaS(比如Kubernates)平台的基石
Docker提供的特性:
- Docker is Fast and Easy configurable【快速且易于配置】.
- Technical feasibility and increased productivity.
- Secure services【安全服务】 through commands like secret inspect and secret create, etc.
- Provides application isolation and no container is dependent on any other.【提供应用程序隔离,且容器不依赖于任何其他容器】
1.2. LXC
LXC是Linux容器的缩写,Linux容器是一种操作系统,用于通过单个Linux内核在受控主机上虚拟运行多个Linux系统。
LXC与内核的cgroup捆绑在一起,为进程和网络空间提供功能,而不是创建一个完整的虚拟机,并为应用程序提供一个隔离的环境。
LXC代表Linux容器,它是一种用于操作系统虚拟化的工具。通过使用LXC,可以在虚拟环境中而不是在物理系统中操作任何软件或应用程序。虚拟环境功能使LXC更加安全,成本也更低。LXC很容易操作,因为它带有控制组【Control groups Cgroups】功能。
LXC为提供了完整的操作系统虚拟化,
操作系统级虚拟化是一种服务器虚拟化方法,在这种方法中,操作系统的内核允许存在多个孤立且隔离的用户空间实例,而不是只有一个
LCX就是一种轻量级虚拟化,将linux进程沙盒化,使用的是linux中的namespace技术进行资源隔离,
- pid namespace隔离了进程,
- mount namespace隔离了文件系统,
- network namespace隔离了网络
LXC提供的特性:
- 它提供了内核名称空间【Kernel namespaces】,如IPC、挂载【mount】、PID、网络和用户。
- 它提供了内核功能【Kernel capabilities】。
- Control groups (Cgroups).
- Seccomp profiles
1.3. LXD
LXD代表Linux Daemon,它是一个扩展,主要用于指导LXC。它用于向LXC提供新的属性和功能,以便以更有效的方式使用LXC。LXD和LXC之间的通信是通过使用内置库完成的,liblxc就是这样一个库。
2. 区别2.1. docker与LXC/LXD容器的区别
- LXD/LXC是一个系统级容器。Docker是一个应用程序容器,
- LXC不能跨机器上进行移植,而Docker可以跨机器甚至跨平台移植。
比较点 | LXC | Docker |
Developed by | LXC was created by IBM, Virtuozzo, Google and Eric Biederman. | Docker was created by Solomon Hykes in 2003. |
Data Retrieval | LXC does not support data retrieval after it is processed. | Data retrieval is supported in Docker. |
Usability | It is a multi-purpose solution for virtualization. | It is single purpose solution. |
Platform | LXC is supported only on Linux platform. | Docker is platform dependent. |
Virtualization | LXC provides us full system virtualization. | Docker provides application virtualization. |
Cloud support | There is no need for cloud storage as Linux provides each feature. | The need of cloud storage is required for a sizeable ecosystem. |
Popularity | Due to some constraints LXC is not much popular among the developers. | Docker is popular due to containers and it took containers to a next level. |
Speed Of Deployment | LXC is not lightweight and consumes a lot of time . | Docker Containers are lightweight and fast. |
2.2. LXC与LXD区别
- LXD可以看作是LXC的升级版。LXD的管理命令和LXC的管理命令大多相同。
- LXC起源于cgroup和namespaces,使得进程之间相互隔离,即进程虚拟化。
- LXC有一些缺点,比如无法有效支持跨主机之间的容器迁移、管理复杂。而LXD很好地解决了这些问题。
- LXC/LXD和docker不同的地方在于LXC/LXD中包含完整的操作系统。
LXC | LXD |
LXC is a virtual environment creation tool, it was built by Google, IBM etc. | LXD is an add on for the LXC to provide advanced features and functionalities. |
Multiple processes are needed for multiple containers and hence it is not flexible. | LXD makes it flexible by providing a single process for multiple containers. |
Snapshots, Live Migration【快照和动态迁移】 etc are some of the features which are not supported by LXC. | LXD supports snapshots and lives migration features. |
Scalability functionality is not provided by LXC and hence users shift to other virtual solutions. | With the use of LXD, scalability is achieved in LXC. |
Management capabilities are poor, especially in the case of network and storage. | It has better management capabilities like storage pooling. |
It is not user friendly and needs the expertise to handle the processes. | It provides a user-friendly interface. |
After data processing, the data cannot be retrieved. | Data retrieval functionality after data processing is provided in LXD. |
C API is used by the LXC. | LXD uses REST API. |
2.3. 传统的虚拟机与操作系统虚拟化的区别
- 传统的虚拟机使用了一种叫做hypervisor的东西,它运行在内核之上,该管理程序通过监视其资源使用情况和访问模式,为在其上运行的应用程序提供虚拟化。这会导致大量开销,导致不必要的性能损失。
- 操作系统级虚拟化的工作方式不同。它使用namespace和cgroup来限制应用程序的功能,包括资源的使用,这是linux内核提供的一个特性,几乎没有开销。
