Overall Architecture

Docker follows a client-server architecture.

In this architecture, users interact with Docker through a client (typically using the command-line interface or CLI).

The client communicates with the Docker server (daemon) via a REST API.

The daemon, in turn, collaborates with the Docker runtime environment to provide the intended output, resulting in a client-server architecture.

This architecture allows users to manage and control Docker containers and services effectively.

Docker Engine Architecture

The Docker Engine architecture involves multiple components working together to manage containers.

Docker Engine is a comprehensive platform that includes:

• the Docker runtime

• Docker daemon

• command-line interface (CLI)

• and more.

Docker Engine provides

• the runtime environment for containers

• and handles image management (It manages the full container lifecycle, from image building to container execution.)

• but it may not be the primary tool for advanced container orchestration in complex, multi-container application scenarios.

Here are some key points about Docker Engine architecture:

1. Client-Server Model: Docker follows a client-server architecture. Users interact with Docker through a client (typically the Docker CLI), which communicates with the Docker server (daemon) using APIs. This separation allows remote management of Docker containers.

2. Containerd Integration: Containerd is a critical component used by Docker. It provides core container runtime functionality. Importantly, containerd is not limited to Docker and is also used in Kubernetes, emphasizing its versatility.

3. gRPC Communication: Docker Engine and containerd communicate using gRPC, a high-performance remote procedure call (RPC) framework. This efficient communication enables Docker operations to be carried out smoothly.

4. Client-Server Communication: For client-server communication, Docker typically uses port 2375 with HTTP, although for security, it's recommended to use TLS (Transport Layer Security) to encrypt the communication between the client and server. This ensures data privacy and security.

In summary, Docker Engine architecture consists of a client-server model with the Docker daemon managing containers. It integrates with containerd for core container runtime functionality and communicates efficiently using gRPC. The use of TLS enhances the security of client-server communication in Docker.

Docker Engine Ecosystem Components:

1. Docker CLI (Command-Line Interface)

   The Docker CLI is the user interface for interacting with Docker. It provides a set of commands and options that users can run from the command line to perform various Docker operations. Users issue commands like docker run, docker build, and docker pull to interact with Docker.

2. Docker Daemon / dockerd

   The Docker daemon is a central component of the Docker Engine.

   It is responsible for managing Docker containers and images, serving as the primary interface for users to interact with Docker. The daemon listens for Docker CLI commands, interprets them, and carries out tasks like container creation, management, and execution.

   The Docker daemon is a background service that manages Docker containers on a host system. It is responsible for container execution, managing images, and handling container communication with the host OS. If the daemon stops, running containers continue to operate, making them "daemonless."

3. Docker Runtime:

   The Docker runtime is responsible for executing and managing Docker containers. It interacts directly with the host operating system to create and manage containers.

   Both Containerd and Runc are container runtimes, but they serve different roles within the container ecosystem.

   1. containerd:

   • containerd is a high-level container runtime that provides a comprehensive framework for container management.

   • It is designed to handle various aspects of containerization, including container creation, execution, monitoring, and management.

   • Manages runc and handles container packaging and image pulling.

   • containerd abstracts many of the complexities of container operations and provides a standardized and efficient interface for managing containers. It serves as a higher-level runtime that can be used by container orchestrators like Docker.

2. Runc: Runc is a low-level container runtime and a command-line tool that is used by containerd (and other container runtimes) to create and run containers. It adheres to the Open Container Initiative (OCI) specifications, which provide standards for container formats and runtimes. Runc is responsible for launching container processes based on OCI-compliant container images. It is a lower-level tool that focuses on the actual execution of containers.

Container Orchestration:

Container orchestration platforms (e.g., Kubernetes, Docker Swarm) manage and coordinate multiple containers in distributed environments. They handle scaling, load balancing, service discovery, and automated deployment.

Container vs. Image:

• Container: It's a running instance of a Docker image, providing an isolated environment for applications. Containers are dynamic and interact with the host OS.

• Image: A static package with all dependencies and configurations for an application. Images are immutable and serve as templates for containers. They are versioned, stored in registries, and reproducible.

Container Image:

A container image is a self-sufficient, portable package containing code, runtime, tools, libraries, and settings. It ensures application consistency across environments.

Dockerfile:

A Dockerfile is a text file specifying image-building instructions, including the base image, code, dependencies, environment variables, and configurations. It automates image creation.

Open Container Initiative (OCI):

OCI is an industry consortium defining container standards for formats and runtimes, promoting compatibility and interoperability.

Docker Registry:

A Docker registry is a repository for storing and sharing container images, facilitating image distribution and sharing. Docker Hub is a popular public registry, while private registries are used for secure image management.

Docker Hub:

Docker Hub is the default public registry hosting a wide range of Docker images. It offers wide range of images, versioning, user-friendly interfaces, public and private repositories, collaboration, integration, and security features.

Docker Runtime, Docker Engine, and Container Orchestration Relation

They are key components in the Docker ecosystem.

The Docker runtime executes and manages containers,

the Docker Engine is a comprehensive platform for container management,

and container orchestration platforms coordinate multiple containers in distributed environments.

Docker Engine uses these runtimes to manage containers

Volume:

In Docker, volumes are a way to store and share data separately from containers, ensuring data persistence, isolation, and the ability to share data among containers. They are essential for managing data in containerized applications, allowing you to preserve data between container runs and share it among multiple containers.

Volumes come into play when you run containers from those images and need a way to manage data outside of the container's file system.

List of binaries:

1. Daemon (Dockerd): The Docker daemon, responsible for managing Docker containers and images.

2. Containerd: The binary for containerd, which is used for container runtime operations.

3. Shim (docker_containerd_shim): Shim is a lightweight intermediary component that assists in running containers with containerd.

4. Runc (docker_runc): Runc is a command-line tool for running containers according to the Open Container Initiative (OCI) specifications.

These binaries work together to enable Docker's containerization functionality.

REFERENCES