docker 关于管理数据

erfsfd

storage   overview

• The data won’t persist（持久） when that container is no longer running, and it can be difficult困难 to get the data out of the container容器里 if another process needs it.
  
• A container’s writable layer is tightly紧密的 coupled耦合 to the host machine where the container is running. You can’t easily轻易的 move the data somewhere else.
  
• Writing into a container’s writable layer requires a storage driver to manage the filesystem. The storage driver provides a union filesystem, using the Linux kernel.  This extra abstraction（抽象） reduces performance as compared to using data volumes, which write directly to the host filesystem.与使用直接写到主机文件系统的数据量相比，这种额外的抽象降低了性能。
  
  

mount  data into a container（three way）：
volumes, bind mounts, or tmpfs volumes.volumes are almost always the right choice.

Choose the right type of mount
No matter which type of mount you choose to use, the data looks the same from within the container. It is exposed as either（任何一个） a directory or an individual（个别的） file in the container’s filesystem.
An easy way to visualize（显现） the difference（差别） among volumes, bind mounts, and tmpfs mounts is to think about where the data lives on the Docker host（可以考虑数据在Docker主机上的位置）
.

Volumes are stored in a part of the host filesystem which is managed by Docker (/var/lib/docker/volumes/ on Linux). Non-Docker processes非docker进程 should not modify this part of the filesystem. Volumes are the best way to persist持久 data in Docker.
Bind mounts may be stored anywhere任何地方 on the host system. They may even be important 重要system files or directories. Non-Docker processes on the Docker host or a Docker container can modify them at any time.
tmpfs mounts are stored in the host system’s memory only, and are never written to the host system’s filesystem.
More details about mount types
Volumes: Created and managed by Docker. You can create a volume explicitly（明确的） using the docker volume create command, or Docker can create a volume during container or service creation.
When you create a volume, it is stored within a directory on the Docker host. When you mount the volume into a container, this directory is what is mounted into the container. This is similar to the way that bind mounts work, except that volumes are managed by Docker and are isolated from the core functionality of the host machine（主机的核心功能跟李出来）.bind  mount  是和我们平时挂载文件是一样的。出来这个是由docker管理的
A given volume can be mounted into multiple containers simultaneously（同时）. When no running container is using a volume, the volume is still available（可用） to Docker and is not removed automatically. You can remove unused volumes using docker volume prune.
When you mount a volume, it may be named（命名） or anonymous（匿名）. Anonymous volumes are not given an explicit（指定） name when they are first mounted into a container, so Docker gives them a random（随机的） name that is guaranteed（保证） to be unique（独一无二） within a given Docker host. Besides the name, named and anonymous volumes behave in the same ways. 匿名和命名卷都是一样的，只是出来名字之外。
Volumes also support the use of volume drivers, which allow you to store your data on remote hosts or cloud providers, among other possibilities.


Bind mounts: Available（使用） since the early days of Docker. Bind mounts have limited functionality compared to volumes. When you use a bind mount, a file or directory on the host machine is mounted into a container. The file or directory is referenced（引用） by its full path（完整路径） on the host machine. The file or directory does not need to exist on the Docker host already. It is created on demand（需求） if it does not yet exist. Bind mounts are very performant（高性能）, but they rely on the host machine’s filesystem having a specific directory structure（结构） available（可用）. If you are developing开发 new Docker applications, consider using named volumes instead. You can’t use Docker CLI commands to directly（直接） manage bind mounts.

警告:使用绑定挂载的副作用之一是，您可以通过在容器中运行的进程更改主机文件系统，包括创建、修改或删除重要的系统文件或目录。这是一种强大的功能，可以对安全产生影响，包括对主机系统的非docker进程产生影响。



tmpfs mounts: A tmpfs mount is not persisted on disk, either on the Docker host or within a container（不是在docker主机或者一个容器）. It can be used by a container during the lifetime（生命周期） of the container, to store non-persistent state or sensitive（敏感） information. For instance, internally（在内部）, swarm services use tmpfs mounts to mount secrets into a service’s containers.


Bind mounts and volumes can both mounted into containers using the -v or --volume flag, but the syntax（语法） for each is slightly different（略有不同）. For tmpfs mounts, you can use the --tmpfs flag. However, in Docker 17.06 and higher, we recommend using the --mount flag for both containers and services, for bind mounts, volumes, or tmpfs mounts, as the syntax is more clear.

Good use cases for volumes
Volumes are the preferred（优先的） way to persist data in Docker containers and services. Some use cases for volumes include:
Sharing data among multiple running containers. If you don’t explicitly create it, a volume is created the first time it is mounted into a container. When that container stops or is removed, the volume still exists.

When the Docker host is not guaranteed to have a given directory or file structure. Volumes help you decouple the configuration of the Docker host from the container runtime.（当Docker主机不保证拥有给定的目录或文件结构时。卷帮助您将Docker主机的配置与容器运行时分离。）


When you want to store your container’s data on a remote host or a cloud provider, rather than locally.

When you need to be able to back up, restore, or migrate data from one Docker host to another, volumes are a better choice. You can stop containers using the volume, then back up the volume’s directory (such as /var/lib/docker/volumes/<volume-name>).

Good use cases for bind mounts
In general, you should use volumes where possible. Bind mounts are appropriate for the following types of use case:
Sharing configuration files from the host machine to containers. This is how Docker provides DNS resolution to containers by default, by mounting /etc/resolv.conf from the host machine into each container.


Good use cases for tmpfs mounts
tmpfs mounts are best used for cases when you do not want the data to persist either on the host machine or within the container. This may be for security reasons or to protect the performance of the container when your application needs to write a large volume of non-persistent state data.当你不想数据持久性。tmpfs挂载最好用于情况。当您的应用程序需要编写大量非持久状态数据时，这可能是出于安全考虑，也可能是为了保护容器的性能。

Tips for using bind mounts or volumes
如果您将一个空卷装入容器中，在这个容器中存在文件或目录，那么这些文件或目录将被传播(复制)到卷中。类似地，如果您启动一个容器并指定一个尚未存在的卷，则为您创建一个空卷。这是预填充另一个容器需要的数据的好方法。
    如果你挂载一个绑定挂载或非空卷成目录的容器一些文件或目录存在,这些文件或目录被挂载,就像如果你保存文件到/ mnt Linux主机上然后u盘挂载到/ mnt。在USB驱动器被卸载之前，/mnt的内容会被USB驱动器的内容所掩盖。模糊的文件没有被删除或修改，但是在绑定挂载或卷安装时不可访问。