Docker is the container runtime and orchestration engine.
- Enterprise Edition (EE) and Community Edition (CE)
- Moby is the Open Source project of Docker — Moby consists of modular components.
When to use Docker
- Simplifying Configuration – Put the configuration and environment settings in the code
- Application Isolation
- Server Consolidation
- Dev/Production environment are the same
- Debugging – Bugs in production can be replicated in Development easily
Docker is a client-server architecture.
- Clients communicate with the Docker daemon (server) using REST APIS through UNIX sockets or Network Interfaces.
- Docker daemon (dockerd) handles building, running, and distribute containers.
- dockerd manages the following docker objects: Images, Containers, Networks, and Volumes.
- Docker client (Docker) sends the user commands to dockerd.
- Docker Registries store docker images.
- Private Registry
- Public Registry such as DockerHub
Docker image is a read-only template and contains instructions for creating a Docker container.
- An Image can be based on other images – multiple layers -.
- Each layer represents an instruction in the image’s Dockerfile.
- Each layer is read-only, except the last one.
- Each layer has only a set of differences from the layer before it.
- Containers add new writable layers on top of the underlying layers.
A container is a runnable instance of an image.
- Containers can connect to networks and can attach persistent storages.
- A new image can be created based on the container’s current state.
- Containers are isolated from other containers and the host machine.
- All changes are stored in the writable layer, and the writable layer is deleted when the container is deleted. The image remains unchanged.
- Services can scale containers across multiple Docker daemons.
- Services define and manage the desired state.
- Service is load-balanced.
- Multiple Docker daemons (Master and Workers) are working together.
- The daemons all communicate using the Docker API
- Supported in Docker 1.12 and higher
Docker engine is base on open-standards by the Open Container Initiative (OCI) and modular in design.
- Initial Release of Docker: Docker daemon + LXC (Lightweight Linux container)
- LXC was replaced with libcontainer
Docker became more modular:
- Implementation of the OCI container-runtime-spec
- CLI wrapper for libcontainer
- Responsible to create containers
- Manages Container lifecycle: start, stop, pause, delete
- Implementation of daemon-less Containers
docker container run -it --name <NAME> <IMAGE>:<TAG>
Creating a Container
- Executing a command using CLI
- Docker client uses the appropriate API payload and POSTs to the correct API endpoint
- Docker daemon receives requests
- Docker daemon calls ‘containerd‘ to start a new container
- ‘containerd‘ creates an OCI bundle from the Docker image
- ‘containerd‘ instructs ‘runc‘ to create a container using the OCI bundle
- ‘runc’ interfaces with the OS kernel to get the constructs needed to create a container (namespaces, cgroups, etc.)
- Container process starts as a child process
- ‘runc‘ exits once the container starts
- Container is running