It is essential to get a good understanding of Docker architecture. Docker is used for developing, shipping and running applications in an isolated runtime. This isolated runtime (just liked JVM) is called Docker container. Docker uses containerd at its core. Isolation allows you to run multiple containers on a single Host machine. Docker has several components which work together to provide you many powerful capabilities which are also easy to use.
Docker Engine and Docker daemon (
dockerd) can be used interchangeably. Docker Daemon is the boss and it is a background process that manages Docker images, containers, networks, and storage volumes. One dockerd can communicate with other daemons to manage docker services. Docker daemon exposes REST api using which other daemons and docker cli communicate with it.
Docker Client – Docker CLI
A user interacts with Docker Engine (dockerd) Using Docker CLI (Docker client). The client uses REST API to talk to dockerd. Docker client can communicate with more than one docker daemon.
Docker client is basically a CLI (terminal or command line) tool as shown below.
Docker registry is the central repo where Docker images are stored. Docker hub is a public docker repo just like GitHub. When you run
docker pull or
docker run , docker images gets downloaded from docker registry to your local machine.
Images are the read-only template with instructions for creating a Docker container. Use
docker images --help to know the commands to manage images. You can inherit and reuse an image as a base-image to create a new/custom image based on your need. To build your own image, you create a
Dockerfile with some instructions, the run
docker build .
As an example, I can reuse CentOS base image to create my custom tomcat_docker_image with Java8 + Maven + Tomcat. We will look into all these later in images with example section.
Docker container is a runnable instance of the Docker image. Use
docker container --help to know the commands to start, stop, move and delete a container. By default, a docker container runs in isolation of other containers and host. However, you can configure
Dockerfile or pass certain params while running Docker container to open up ports, to make it communicate with other containers, to attach a Volume (storage) and much more.
Controlling the isolation is an important part of this tutorial, which is covered later. This page only covers the components from an Architecture perspective.
The Docker host is the machine that has docker installed. It comprises of the Docker daemon, Images, Containers, Networks, and Storage.
For a developer, if you using docker on your Laptop, your laptop is the Docker Host. Basically, the system where Docker is installed becomes the host.
Other Docker components
Docker architecture explains about the Docker core (Docker engine). Docker ecosystem also comes with many handy tools other than docker engine, this is explained below.
Docker compose is loved by developers, to define and run multi-container docker applications. Usually, use
docker-compose.yml to define the containers and use
docker-compose --help commands to build, run and manage the containers. Docker compose is production ready.
Docker Machine is a tool for provisioning and managing your Dockerized hosts (hosts with Docker Engine on them). Typically, you install Docker Machine on your local system. Docker Machine has its own command line client
docker-machine --help and the Docker Engine client,
docker-machine commands to start, inspect, stop, and restart a managed host, upgrade the Docker client and daemon, and configure a Docker client to talk to your host.
Docker Swarm Mode
Docker uses swarm mode to manage clusters of docker-engines. Cluster is also known as Swarm. Use
docker swarm --help to know the commands to manage a swarm. The popular tool Kubernetes somewhat killed this tool but will discuss this in the later part of the tutorial when I touch upon scaling part of Docker.
Apart from the above discussed primary components, Docker also makes use of popular tools like Notary for signing arbitrary collections. In the next tutorial, let’s run the famous, most complex (just kidding) docker image,