Introduction¶ 简介 ¶
Containers simplify the production, distribution, discoverability, and usage of applications with all of their dependencies and default configuration files. Users test drive or deploy a new application with one or two commands instead of following pages of installation instructions. Here’s how to find your first Container Image:
容器简化了应用程序及其所有依赖项和默认配置文件的生产、分发、发现和使用。用户可以通过一两个命令测试驱动或部署新应用程序,而不是按照安装说明书的页面。以下是如何找到您的第一个容器镜像:
podman search docker.io/busybox
Output: 输出:
NAME DESCRIPTION
docker.io/library/busybox Busybox base image.
docker.io/rancher/busybox
docker.io/openebs/busybox-client
docker.io/antrea/busybox
docker.io/hugegraph/busybox test image
...
The previous command returned a list of publicly available container images on DockerHub. These container images are easy to consume, but of differing levels of quality and maintenance. Let’s use the first one listed because it seems to be well maintained.
前一个命令返回了 DockerHub 上公开可用的容器镜像列表。这些容器镜像易于使用,但质量和维护水平不同。让我们使用列出的第一个,因为它似乎得到了很好的维护。
To run the busybox container image, it’s just a single command:
要运行 busybox 容器映像,只需一个命令:
podman run -it docker.io/library/busybox
Output: 输出:
/ #
You can poke around in the busybox container for a while, but you’ll quickly find that running small container with a few Linux utilities in it provides limited value, so exit out:
您可以在 busybox 容器中查看一段时间,但很快就会发现在其中运行带有少量 Linux 实用程序的小容器提供的价值有限,因此退出:
exit
There’s an old saying that “nobody runs an operating system just to run an operating system” and the same is true with containers. It’s the workload running on top of an operating system or in a container that’s interesting and valuable.
有句古话说:“没有人只是为了运行操作系统而运行操作系统”,对于容器也是如此。有趣且有价值的是在操作系统顶部或容器中运行的工作负载。
Sometimes we can find a publicly available container image for the exact workload we’re looking for and it will already be packaged exactly how we want. But, more often than not, there’s something that we want to add, remove, or customize. It can be as simple as a configuration setting for security or performance, or as complex as adding a complex workload. Either way, containers make it fairly easy to make the changes we need.
有时我们可以找到一个公开可用的容器映像,正好符合我们正在寻找的工作负载,并且它已经按照我们想要的方式打包好了。但更常见的情况是,有些东西我们想要添加、删除或自定义。这可能只是一个用于安全性或性能的配置设置,也可能是添加复杂工作负载。无论哪种方式,容器都可以很容易地进行所需的更改。
Container Images aren’t actually images, they’re repositories often made up of multiple layers. These layers can easily be added, saved, and shared with others by using a Containerfile (Dockerfile). This single file often contains all the instructions needed to build a new container image and can easily be shared with others publicly using tools like GitHub.
容器映像实际上并不是映像,它们通常由多个层组成的仓库。这些层可以通过使用 Containerfile(Dockerfile)轻松添加、保存和与他人共享。这个单一文件通常包含构建新容器映像所需的所有指令,并可以使用像 GitHub 这样的工具轻松地与他人公开共享。
Here’s an example of how to build a Nginx web server on top of a Debian base image using the Dockerfile maintained by Nginx and published in GitHub:
这是一个示例,演示如何在基于 Debian 基础镜像上构建一个 Nginx Web 服务器,使用由 Nginx 维护并在 GitHub 上发布的 Dockerfile:
podman build -t nginx https://git.io/Jf8ol
Once, the image build completes, it’s easy to run the new image from our local cache:
一旦镜像构建完成,就可以轻松地从本地缓存中运行新镜像:
podman run -d -p 8080:80 nginx
curl localhost:8080
Output: 输出:
...
<p><em>Thank you for using nginx.</em></p>
...
Building new images is great, but sharing our work with others lets them review our work, critique how we built them, and offer improved versions. Our newly built Nginx image can be published at quay.io or docker.io to share it with the world. Everything needed to run the Nginx application is provided in the container image. Others can easily pull it down and use it, or make improvements to it.
构建新镜像很棒,但与他人分享我们的工作让他们可以审查我们的工作,批评我们的构建方式,并提供改进版本。我们新构建的 Nginx 镜像可以发布在 quay.io 或 docker.io 上,与世界分享。运行 Nginx 应用程序所需的一切都包含在容器镜像中。其他人可以轻松地拉取并使用它,或对其进行改进。
Standardizing on container images and Container Registries enable a new level of collaboration through simple consumption. This simple consumption model is possible because every major Container Engine and Registry Server uses the Open Containers Initiative (OCI) format. This allows users to find, run, build, share and deploy containers anywhere they want. Podman and other Container Engines like CRI-O, Docker, or containerd can create and consume container images from docker.io, quay.io, an on premise registry or even one provided by a cloud provider. The OCI image format facilitates this ecosystem through a single standard.
标准化容器镜像和容器注册表可以通过简单的消费实现新的协作水平。这种简单的消费模式之所以可能,是因为每个主要的容器引擎和注册表服务器都使用开放容器倡议(OCI)格式。这使用户可以在任何地方找到、运行、构建、分享和部署容器。Podman 和其他容器引擎如 CRI-O、Docker 或 containerd 可以从 docker.io、quay.io、本地注册表甚至云提供商提供的注册表创建和消费容器镜像。OCI 镜像格式通过一个标准促进了这个生态系统。
For example, if we wanted to share our newly built Nginx container image on quay.io it’s easy. First log in to quay:
例如,如果我们想要在 quay.io 上分享我们新构建的 Nginx 容器镜像,这很容易。首先登录到 quay:
podman login quay.io
Input: 输入:
Username: USERNAME
Password: ********
Login Succeeded!
Next, tag the image so that we can push it into our user account:
接下来,给图像打标签,以便我们可以将其推送到我们的用户账户中:
podman tag localhost/nginx quay.io/USERNAME/nginx
Finally, push the image:
最后,推送图像:
podman push quay.io/USERNAME/nginx
Output: 输出:
Getting image source signatures
Copying blob 38c40d6c2c85 done
Copying blob fee76a531659 done
Copying blob c2adabaecedb done
Copying config 7f3589c0b8 done
Writing manifest to image destination
Copying config 7f3589c0b8 done
Writing manifest to image destination
Storing signatures
Notice that we pushed four layers to our registry and now it’s available for others to share. Take a quick look:
请注意,我们已将四个层推送到我们的注册表中,现在可以供他人共享。快速查看一下:
podman inspect quay.io/USERNAME/nginx
Output: 输出:
[
{
"Id": "7f3589c0b8849a9e1ff52ceb0fcea2390e2731db9d1a7358c2f5fad216a48263",
"Digest": "sha256:7822b5ba4c2eaabdd0ff3812277cfafa8a25527d1e234be028ed381a43ad5498",
"RepoTags": [
"quay.io/USERNAME/nginx:latest",
...
To summarize, Podman makes it easy to find, run, build and share containers.
总的来说,Podman 让查找、运行、构建和共享容器变得简单。
Find: whether finding a container on dockerhub.io or quay.io, an internal registry server, or directly from a vendor, a couple of podman search, and podman pull commands make it easy
查找:无论是在 dockerhub.io 或 quay.io 上查找容器,还是在内部注册表服务器上查找,或直接从供应商处获取,几个 podman search 和 podman pull 命令都能轻松实现。Run: it’s easy to consume pre-built images with everything needed to run an entire application, or start from a Linux distribution base image with the podman run command
运行:使用预构建的镜像非常容易,其中包含运行整个应用程序所需的一切,或者可以从 Linux 发行版基础镜像开始,使用 podman run 命令。Build: creating new layers with small tweaks, or major overhauls is easy with podman build
构建:使用 podman build 轻松创建具有微小调整或重大改动的新层Share: Podman lets you push your newly built containers anywhere you want with a single podman push command
共享:Podman 允许您使用单个 podman push 命令将新构建的容器推送到任何地方
For more instructions on use cases, take a look at our Tutorials page.
要了解更多用例说明,请查看我们的教程页面。