eolas/zk/Docker_architecture.md

---
categories:
  - DevOps
tags: [docker, containerization]
---

# Docker architecture

## Overview

![](/img/dock-architecture.png)

- The Docker Client is a thin API for making
  [REST API](RESTful_APIs.md) to the Docker Server. Any CLI
  command beginning `docker...` is an API request to the server.
- The internal process name for the server is `dockerd`.
- On `docker run...`, `dockerd` calls `containerd`. This process starts the
  container runtimes and configures container-level storage and networking.
- This then spawns `container-shim` procecesses which takes any output from you
  container and puts it in a logfile. (A redirection of `stdout` and `stderr`)
  One shim is spawned for each container.
- The shim then launches a container runtime called `runc`. The `runc` performs
  all the complex configuration of cgroups and namespaces to create the
  container environment.
- `containerd` is purely a bootstrapper. Once it has fulfilled its function by
  initiating `runc`, the Docker instance is up and running and the kernel takes
  it from there. It is like a launch scaffold that can be discarded.

> If you are running Docker desktop on Mac or Windows, Docker creates a Linux
> virtual machine, since it cannot run natively on Windows or Mac. In these
> cases the the Docker Server runs inside this VM adding an additional layer of
> abstraction.

> Docker server also creates an internal virtual network and assigns IP
> addresses to the containers. (This can be used to get containers to
> communicate to each other over TCP/IP, since they are isolated by default.)

## Images

Containers are created from images stored in a registry (either the public
Docker Hub or privately). `containerd` uses the image to tell `runc` how to
construct and build the image.

```sh
docker run [image_name]
```

The images you have pulled from the registry are stored in a local registry on
your machine.

When you run `docker run`, Docker will look first for the image in your local
registry. If it cannot find it there, it will attempt to pull it from the remote
registry.

This assumes you are using a third-party image. You can also create your own
images by writing a Dockerfile:

```sh
docker build [docker_file]
docker run [resulting_image]
```
more docker notes 2023-04-25 08:17:48 +01:00			`---`
			`categories:`
			`- DevOps`
			`tags: [docker, containerization]`
			`---`

			`# Docker architecture`

			`## Overview`

chore: change img paths 2024-02-16 16:14:01 +00:00			`![](/img/dock-architecture.png)`
more docker notes 2023-04-25 08:17:48 +01:00
reformat all files to 80 char line length 2024-02-02 15:58:13 +00:00			`- The Docker Client is a thin API for making`
chore: restructure link paths 2024-02-17 11:57:44 +00:00			`[REST API](RESTful_APIs.md) to the Docker Server. Any CLI`
reformat all files to 80 char line length 2024-02-02 15:58:13 +00:00			command beginning `docker...` is an API request to the server.
more docker notes 2023-04-25 08:17:48 +01:00			- The internal process name for the server is `dockerd`.
reformat all files to 80 char line length 2024-02-02 15:58:13 +00:00			- On `docker run...`, `dockerd` calls `containerd`. This process starts the
			`container runtimes and configures container-level storage and networking.`
			- This then spawns `container-shim` procecesses which takes any output from you
			container and puts it in a logfile. (A redirection of `stdout` and `stderr`)
			`One shim is spawned for each container.`
			- The shim then launches a container runtime called `runc`. The `runc` performs
			`all the complex configuration of cgroups and namespaces to create the`
			`container environment.`
			- `containerd` is purely a bootstrapper. Once it has fulfilled its function by
			initiating `runc`, the Docker instance is up and running and the kernel takes
			`it from there. It is like a launch scaffold that can be discarded.`

			`> If you are running Docker desktop on Mac or Windows, Docker creates a Linux`
			`> virtual machine, since it cannot run natively on Windows or Mac. In these`
			`> cases the the Docker Server runs inside this VM adding an additional layer of`
			`> abstraction.`

			`> Docker server also creates an internal virtual network and assigns IP`
			`> addresses to the containers. (This can be used to get containers to`
			`> communicate to each other over TCP/IP, since they are isolated by default.)`
more docker notes 2023-04-25 08:17:48 +01:00
			`## Images`

reformat all files to 80 char line length 2024-02-02 15:58:13 +00:00			`Containers are created from images stored in a registry (either the public`
			Docker Hub or privately). `containerd` uses the image to tell `runc` how to
			`construct and build the image.`
more docker notes 2023-04-25 08:17:48 +01:00
			```sh
			`docker run [image_name]`
			```

reformat all files to 80 char line length 2024-02-02 15:58:13 +00:00			`The images you have pulled from the registry are stored in a local registry on`
			`your machine.`
more docker notes 2023-04-25 08:17:48 +01:00
reformat all files to 80 char line length 2024-02-02 15:58:13 +00:00			When you run `docker run`, Docker will look first for the image in your local
			`registry. If it cannot find it there, it will attempt to pull it from the remote`
			`registry.`
more docker notes 2023-04-25 08:17:48 +01:00
reformat all files to 80 char line length 2024-02-02 15:58:13 +00:00			`This assumes you are using a third-party image. You can also create your own`
			`images by writing a Dockerfile:`
more docker notes 2023-04-25 08:17:48 +01:00
			```sh
			`docker build [docker_file]`
			`docker run [resulting_image]`
			```