Docker is an open platform for developing, shipping, and running applications. Docker allows you to package and run any applications in an isolated environment, called a container. Because of the isolation and security, you can run multiple containers on a single host at the same time.
In this post, we will take a look at the Docker architecture and its components. We'll also look at how each component interacts with one another to make Docker work.
Docker had a monolithic architecture when it was first released. It is now divided into the three major components listed below.
- Docker Engine (dockerd)
- Docker-containerd (containerd)
- Docker-runc (runc)
1. Docker Engine
The Docker engine is made up of the docker daemon, an API interface, and the Docker CLI. Docker daemon (dockerd) is a systemd service that runs continuously. It is in charge of creating Docker images. Dockerd calls the docker-containerd APIs to manage images and run containers.
2. docker-containerd (containerd)
containerd is another system daemon service that is in charge of downloading and running Docker images as containers. It makes its API available in order to receive instructions from the dockerd service.
3. docker-runc
The container runtime runc is in charge of creating the namespaces and cgroups required for a container. The container commands are then executed within those namespaces. The runc runtime is built in accordance with the OCI specification.
Let's look at the Docker workflow using the Docker components now.
The above diagram shows the Docker Architecture. Docker is built on a client-server model. The Docker client communicates with the Docker daemon, which is in charge of building, running, and distributing your Docker containers. Docker client and daemon can run on the same system, or a Docker client can connect to a remote Docker daemon. The Docker client and daemon communicate with one another via a REST API, UNIX sockets, or a network interface. Docker Compose is another Docker client that allows you to work with applications made up of a collection of containers.
1. Docker Daemon
Docker daemon (dockerd) manages Docker objects such as images, containers, networks, and volumes by listening for Docker API requests. To manage Docker services, a daemon can communicate with other daemons.
2. The Docker client
Many Docker users interact with Docker primarily through the Docker client (docker). When you use commands like docker run, the client sends them to dockerd, which executes them. The Docker API is used by the docker command. The Docker client can interact with multiple daemons.
3. Docker Desktop
Docker Desktop is a simple-to-install application for Mac or Windows that allows you to create and share containerized applications and microservices. Docker Desktop includes Dockerd, Docker Client (docker), Docker Compose, Docker Content Trust, Kubernetes, and Credential Helper.
4. Docker registries
It is a repository (storage) for Docker images. A registry can be public or private. Docker Hub is a public registry that anyone can use, and Docker is set up by default to look for images on Docker Hub. You can even set up your own personal registry. Docker hub works similarly to git in that you can build your images locally on your laptop, commit them, and then push them to the Docker hub.
5. Docker objects
Docker allows you to create and use images, containers, networks, volumes, plugins, and other objects. Let's have a high-level overview of some of those objects in this section.
Images
Images are the basic building blocks of Docker. It contains the OS libraries, dependencies, and tools to run an application. It is a read-only template with instructions for creating a Docker container. Usually, an image is based on another image, with some modifications. For example, you could create an image based on the Ubuntu image that installs the Apache web server and your application, as well as the configuration details required to run your application.
DockerFile
To create your own image, you can create a Dockerfile with a simple syntax for defining the steps required to create and run the image. Each instruction in a Dockerfile creates a layer in the image. When you change the Dockerfile and rebuild the image, only those layers which have changed are rebuilt. When compared to other virtualization technologies, this is part of what makes images so lightweight, small, and fast.
The top layer of an image is writable and used by the running container. Other layers in the image are read-only.
Docker Containers
Docker Containers are created from existing images. meaning it's a runnable image instance. The Docker API or CLI can be used to create, start, stop, move, or delete containers. You can attach storage to a container, connect it to one or more networks, or even create a new image based on its current state.
A container is isolated from other containers and its host machine. You can specify how well a container's network, storage, or other underlying subsystems are isolated from other containers or the host machine. A container is defined by its image as well as any configuration options you provide to it when you create or start it. When a container is removed, any state changes that were not saved in persistent storage are lost.
Docker is written in the Go programming language and makes use of several Linux kernel features to provide its functionality. To provide the isolated workspace known as the container, Docker uses a technology known as namespaces. Docker creates a set of namespaces for each container when you run it. These namespaces provide an additional layer of isolation. Each aspect of a container runs in its own namespace, and access to it is restricted to that namespace.
This was a quick walk through Docker Architecture and the fundamental concepts around it.
I hope you would have a good understanding of what Docker is and how it works by this point.
Thank you for reading!
*** Explore | Share | Grow ***
Comments