thomasabishop/eolas
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
eolas/neuron/233bf7c7-59e9-471c-8275-895571468b75/Docker_architecture.md
thomasabishop ad2123c762 Autosave: 2024-11-13 18:22:06
2024-11-13 18:22:06 +00:00

59 lines
2.2 KiB
Markdown
Raw Blame History

---
tags: [docker, containerization]
---
# Docker architecture
## Overview
![](static/dock-architecture.png)
- The Docker Client is a thin API for making
[REST API](RESTful_APIs.md) to the Docker Server. Any CLI
command beginning `docker...` is an API request to the server.
- The internal process name for the server is `dockerd`.
- On `docker run...`, `dockerd` calls `containerd`. This process starts the
container runtimes and configures container-level storage and networking.
- This then spawns `container-shim` procecesses which takes any output from you
container and puts it in a logfile. (A redirection of `stdout` and `stderr`)
One shim is spawned for each container.
- The shim then launches a container runtime called `runc`. The `runc` performs
all the complex configuration of cgroups and namespaces to create the
container environment.
- `containerd` is purely a bootstrapper. Once it has fulfilled its function by
initiating `runc`, the Docker instance is up and running and the kernel takes
it from there. It is like a launch scaffold that can be discarded.
> If you are running Docker desktop on Mac or Windows, Docker creates a Linux
> virtual machine, since it cannot run natively on Windows or Mac. In these
> cases the the Docker Server runs inside this VM adding an additional layer of
> abstraction.
> Docker server also creates an internal virtual network and assigns IP
> addresses to the containers. (This can be used to get containers to
> communicate to each other over TCP/IP, since they are isolated by default.)
## Images
Containers are created from images stored in a registry (either the public
Docker Hub or privately). `containerd` uses the image to tell `runc` how to
construct and build the image.
```sh
docker run [image_name]
```
The images you have pulled from the registry are stored in a local registry on
your machine.
When you run `docker run`, Docker will look first for the image in your local
registry. If it cannot find it there, it will attempt to pull it from the remote
registry.
This assumes you are using a third-party image. You can also create your own
images by writing a Dockerfile:
```sh
docker build [docker_file]
docker run [resulting_image]
```
Reference in a new issue View git blame Copy permalink