Docker Engine Architecture
Docker Engine is the heart of the container and it consists of 3 core elements:Docker CLI
A command line interface that the user will use to run commands to manage Docker objects.
REST API
Enables communication between applications and Docker and gives Dockerd instructions.
Docker Daemon (dockerd)
The server responsible for creating and managing objects. It’s the heart of Docker.
containerd
What is Open Container Initiative (OCI)?A set of open industry standards around container formats and runtime. OCI created two specifications to make the creation of container standards more efficient:
- Runtime-spec
- Image-spec
libcontainer / runC
At the very beginning, Docker had a monolithic architecture and used LXC (Linux Container) technology to build environments for applications. After a while, the architecture of Docker was modified to a modular design, allowing for quicker innovation. They also replaced LXC with libcontainer as the default execution environment, now known as runC.cgroups — Resource allocation for a given process can be easily monitored and managed via Linux OS, and resource limits can be set for memory, CPU, and network resources.namespaces — Isolating processes from one another. In each container, processes will run in their own namespace and won’t be able to access anything outside of its namespace. Docker containers have network isolation (via libnetwork), allowing separate virtual interfaces and IP addresses for each container.Docker uses namespaces to isolate:
- Process Id (pid) — Two processes cannot have the same process ID; with namespaces, each process can have multiple process IDs associated with it.
- Unix Timesharing Systems (UTS)
- Mount (mnt)
- Inter-Process Communication (IPC)
- Network (net)
- It will interact with the cgroups and namespaces on the kernel level to create and run a container.
- In each execution,
/tmp/docker/[uuid]/is created as the container’s root file system.
containerd-shim
containerd-shim is mainly used to make containers daemonless, monitor the state of the container, and handle input (STDIN) and output (STDOUT) while notifying the Docker Daemon about the exit status. It mainly takes care of containers when the daemon is down or restarted. That means containers will run in the background and will be attached back to the daemon when it comes back online. How containerd-shim makes a container daemonless:Docker Objects
Docker Objects consist of 4 core elements:Images
A read-only template with a set of instructions to build a Docker container. Built from a Dockerfile using
docker build.Containers
An instance of an image running as a process. A standalone executable package with everything needed to run an application.
Volumes
Used to persist and share container data across containers. Host folders are mounted into containers as volumes.
Networks
Enables containers to communicate with each other. Creates an isolated environment for Docker containers.
Images
What is a Dockerfile? A Dockerfile is a text file that creates a custom Docker image from a set of commands or instructions. Each instruction in the Dockerfile represents a layer of the Docker image.
docker build command.
Networks
Example Docker network drivers:- Bridge
- Host
- None
- Overlay
- Macvlan
Registry
Docker Enterprise Edition provides a private trusted registry known as Docker Trusted Registry (DTR).
docker push, which enables sharing and publishing of images either publicly or within a private organization.
Example registries: