Docker Architecture
Docker implements a tiered runtime architecture with high-level and low-level runtimes that work together. The runtime operates at the lowest level and is responsible for starting and stopping containers. Runtime also manages namespaces and cgroups.
The Orchestrator
Manages Docker cluster.
Docker swarm/Kubernetes
Docker Daemon/dockerd
Remote API/Networking/Volumes/Image mgmt
The runtime
containerd: High level runtime, talks to runc instances
runc: Low level runtime. 1 per running container.
Low level runtime called runc communicates with the host OS to start and stop containers. Every running container has a runc instance.
Higher level runtime called containerd manages the entire lifecycle operation ie; start | stop | pause | rm .. etc. It is responsible for pulling images, creating network interfaces and manage the runc instances. A docker installation usually has a single containerd process running.
The docker daemon or the dockerd runs above containerd process. It performs higher level tasks like managing images, managing volumes, managing the network, authentication, security and orchestration..
The orchestrator is the tool used for managing the cluster nodes running docker. Docker swam and kubernetes are some orchestrating tools.
DOCKER ENGINE
The Docker daemon(dockerd), containerd, runc and various plugins such as networking and storage together forms the docker engine. Thus docker engine is responsible to create and run containers.
The above model shows daemonless containers. In the older models where the container runtime logic was implemented in the daemon. This was a limitation for huge environments. Whenever you wanted to upgrade to the new docker version, starting and stopping daemon would kill all the running containers on the host. With the new model, it becomes possible to perform maintenance and upgrades on the docker daemon without impacting the running containers.
The shim helps in the implementation of daemonless containers. While containerd uses runc to create new containers, once each container is created the parent runcprocess exits and the associated containerd-shim process becomes the parent of container.
Container-shim is a software that runs between containerd and runtime (runc). You can spot shim process running on a Linux host with a running docker container.
DOCKER IMAGES
Docker image is a package that contains everything required for an application to run. An image comes with application codes, application dependencies and the OS contructs. In other words think of docker image as a template. It is basically a stopped container.
‘docker image ls’ will display the list of images locally available.
If it is a fresh installation of docker, you wont see any images. It shows the above output.
Downloading images is called ‘pulling’.
$ docker image pull ubuntu:latest
or simply docker image pull ubuntu
will pull latest ubuntu image available from docker hub or docker library.
This ubuntu image we pulled will have a stripped down version of ubuntu filesystem which includes few ubuntu utilities
Each image pulled gets a unique id. You can use the IDs or names to refer it. You can use the 1st few letters of the id to refer it.
DOCKER CONTAINERS
We will create a container using the above ubuntu image we pulled.
docker container run -it 5a81 /bin/bash
5a81 is the image id and specifies which image to use to create the container.
Note the prompt is now changed from ‘[root@localhost ~]#
‘ to 'root@88157be3bdfd:/#
‘. This is because now we are inside the container. Whatever command we run from this prompt will run inside the container.
'docker container run
‘ tells the docker engine to start a new container.
-it
makes the terminal interactive mode with the container thus getting you into the terminal of the container.
Next we mention from which image the container is to be created.
/bin/bash
is the process for bash shell which we want to run inside the container.
You can now run commands inside the container.
The date
command, ps
command or the top
command invokes the respective processes which came along with the ubuntu image we pulled. These are short lived processes which ends soon after the output is served. The ‘/bin/bash’ process will be the only process that keeps running inside the container.
To exit the container use the key board shortcut : Ctrl p q
You wil be back to the terminal of the docker host. Note that even your container will still be running in the background.
Run ‘docker container ls
‘ to check on the running containers.
In order to return to the terminal inside the container:
‘docker container exec -it 881 bash
‘
OR
‘docker container exec -it busy_woznaik bash
‘
881 is the container id. You can also use the container name instead. In this case ‘busy_woznaik’.
‘docker container run --name test -it 5a81 /bin/bash
‘ will create a container using the same image with the name test.
Stopping a Container
docker container stop <container name OR id>
Run ls
command to check for running containers.
Note the difference between the outputs of ls
and ls -a
commands.
To delete the container:
docker container rm <container id OR name>