docker container

docker is similar to the virtual machine software we use on computers, such as VMware, but it is very different from the traditional virtual technology. The biggest difference is that the traditional virtual technology is to cut out the resources needed by the virtual machine from the existing hardware resources, and the hardware resources of the host and the virtual machine are not crossed.
docker's virtualization belongs to the virtualization technology at the operating system level, which only realizes the isolation of file system, network and process between the host and container. The host and multiple containers belong to a state of dynamic sharing of hardware resources.
docker is lighter and faster than virtual machine technology.
The background and other related knowledge of Docker will not be repeated here. If you want to know more about Docker, you can take a look at Docker - from introduction to practice.

Kernel support for docker

Docker is developed and implemented in Go language introduced by Google, which is based on Linux kernel
cgroup, namespace, and Union FS of AUFS. Therefore, the kernel needs to support these functions before the system can run docker.
You can use check config SH checks the configuration of the kernel. The script can be obtained from the following link:

https://gitee.com/zouchao/shell/blob/master/check-config.sh

There are Necessary and Optional options that must be configured. The options that must be configured must be enabled. If they are missing, you need to modify the kernel configuration file to add them.

e.g.
forlinx@forlinx:~$ sudo ./check-config.sh                                    
warning: /proc/config.gz does not exist, searching other paths for kernel config ...
info: reading kernel config from /usr/src/linux/.config ...

Generally Necessary:
- cgroup hierarchy: properly mounted [/sys/fs/cgroup]
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_CPUACCT: enabled
- CONFIG_CGROUP_DEVICE: enabled
- CONFIG_CGROUP_FREEZER: enabled
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_CPUSETS: enabled
- CONFIG_MEMCG: enabled
- CONFIG_KEYS: enabled
- CONFIG_VETH: enabled
- CONFIG_BRIDGE: enabled
- CONFIG_BRIDGE_NETFILTER: enabled (as module)
- CONFIG_NF_NAT_IPV4: enabled
- CONFIG_IP_NF_FILTER: enabled
- CONFIG_IP_NF_TARGET_MASQUERADE: enabled
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled
- CONFIG_NETFILTER_XT_MATCH_IPVS: enabled
- CONFIG_IP_NF_NAT: enabled
- CONFIG_NF_NAT: enabled
- CONFIG_NF_NAT_NEEDED: enabled
- CONFIG_POSIX_MQUEUE: enabled
- CONFIG_DEVPTS_MULTIPLE_INSTANCES: enabled

Optional Features:
- CONFIG_USER_NS: enabled
- CONFIG_SECCOMP: enabled
- CONFIG_CGROUP_PIDS: enabled
- CONFIG_MEMCG_SWAP: enabled
- CONFIG_MEMCG_SWAP_ENABLED: enabled
    (cgroup swap accounting is currently enabled)
- CONFIG_MEMCG_KMEM: missing
- CONFIG_BLK_CGROUP: enabled
- CONFIG_BLK_DEV_THROTTLING: enabled
- CONFIG_IOSCHED_CFQ: enabled
- CONFIG_CFQ_GROUP_IOSCHED: enabled
- CONFIG_CGROUP_PERF: enabled
- CONFIG_CGROUP_HUGETLB: missing
- CONFIG_NET_CLS_CGROUP: enabled
- CONFIG_CGROUP_NET_PRIO: enabled
- CONFIG_CFS_BANDWIDTH: enabled
- CONFIG_FAIR_GROUP_SCHED: enabled
- CONFIG_RT_GROUP_SCHED: enabled
- CONFIG_IP_NF_TARGET_REDIRECT: enabled
- CONFIG_IP_VS: enabled
- CONFIG_IP_VS_NFCT: enabled
- CONFIG_IP_VS_PROTO_TCP: enabled
- CONFIG_IP_VS_PROTO_UDP: enabled
- CONFIG_IP_VS_RR: enabled
- CONFIG_EXT4_FS: enabled
- CONFIG_EXT4_FS_POSIX_ACL: enabled
- CONFIG_EXT4_FS_SECURITY: enabled
- Network Drivers:
  - "overlay":
    - CONFIG_VXLAN: enabled
    - CONFIG_BRIDGE_VLAN_FILTERING: enabled
      Optional (for encrypted networks):
      - CONFIG_CRYPTO: enabled
      - CONFIG_CRYPTO_AEAD: enabled
      - CONFIG_CRYPTO_GCM: enabled
      - CONFIG_CRYPTO_SEQIV: enabled
      - CONFIG_CRYPTO_GHASH: enabled
      - CONFIG_XFRM: enabled
      - CONFIG_XFRM_USER: enabled
      - CONFIG_XFRM_ALGO: enabled
      - CONFIG_INET_ESP: enabled
      - CONFIG_INET_XFRM_MODE_TRANSPORT: enabled
  - "ipvlan":
    - CONFIG_IPVLAN: enabled
  - "macvlan":
    - CONFIG_MACVLAN: enabled
    - CONFIG_DUMMY: enabled
  - "ftp,tftp client in container":
    - CONFIG_NF_NAT_FTP: enabled
    - CONFIG_NF_CONNTRACK_FTP: enabled
    - CONFIG_NF_NAT_TFTP: enabled
    - CONFIG_NF_CONNTRACK_TFTP: enabled
- Storage Drivers:
  - "aufs":
    - CONFIG_AUFS_FS: missing
  - "btrfs":
    - CONFIG_BTRFS_FS: enabled
    - CONFIG_BTRFS_FS_POSIX_ACL: enabled
  - "devicemapper":
    - CONFIG_BLK_DEV_DM: enabled
    - CONFIG_DM_THIN_PROVISIONING: enabled
  - "overlay":
    - CONFIG_OVERLAY_FS: enabled
  - "zfs":
    - /dev/zfs: missing
    - zfs command: missing
    - zpool command: missing

Limits:
- /proc/sys/kernel/keys/root_maxkeys: 1000000

ubuntu18.04 installing docker

install docker-ce

sudo apt-get update
sudo apt-get  install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=arm64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update
apt-cache madison docker-ce
sudo apt-get -y install docker-ce=18.06.3~ce~3-0~ubuntu

Operation steps of container

Pull image
sudo docker pull ubuntu:16.04
 View mirror
sudo docker image ls
 Run container
sudo docker run -itd --name ok3399_android_ubuntu16 --privileged=true  --cap-add=SYS_ADMIN -v /home/forlinx:/root/workspace/rk3399  -p 10600:22 af680e64f655 bin/bash
 View the container from the previous step
sudo docker container ls
 Enter container
sudo docker exec -it 90d263119866 bash

When executing the command to run the container, pay attention to the mapping between the external path and the internal path of the container, and the mapping between the host network port and the container network port:
1. - i interactive operation
2. - t terminal
When you need to enter bash, execute some commands and view the returned results, you need an interactive terminal.
3. - d background operation
4. – name naming
5. – privileged=true, the container will be allowed to directly configure the network stack of the host
6,–cap-add=SYS_ADMIN grants permissions to the container
7. - v mount a volume
8. Specify the port mapping with the - P or - P parameter
When the container is mapped to a random port of - 49000 ~ 49000, it will be mapped to a random port
Open network port.
-p can specify the port to be mapped, and only one container can be bound on a specified port.
The supported formats are ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort.