Docker Architecture Overview and Component Analysis

01 Docker Overall Architecture

Docker follows a client‑server (C/S) model where the client communicates with the Docker Daemon, which coordinates loosely coupled modules. The diagram below shows the overall architecture.

1. The Docker Client establishes communication with the Docker Daemon and sends requests.

2. The Docker Daemon provides server functionality, accepting client requests.

3. Docker Engine performs internal work, each unit represented as a Job.

4. When a Job needs an image, it pulls the image from the Docker Registry and stores it via the Graphdriver.

5. When a network environment is required, Networkdriver creates and configures the container network.

6. Execdriver handles resource limits and command execution for containers.

7. Libcontainer is an independent container‑management library used by Networkdriver and Execdriver.

02 Docker Component Analysis

2.1 Docker Client – Initiating Requests

Docker Client is the command‑line executable (docker) that communicates with the Daemon via tcp://host:port, unix://path, or fd://socketfd. Users issue commands such as docker images; the client sends the request, the Daemon processes it, and the client receives the response.

2.2 Docker Daemon (Server)

Docker Server accepts and dispatches client requests. It creates a mux.Router (using gorilla/mux) that maps HTTP methods and URLs to Handlers, builds an http.Server, and serves each request in a separate goroutine.

2.3 Docker Engine

Docker Engine is the core runtime that manages containers as Jobs. Handlers map job names (e.g., "create") to functions such as daemon.ContainerCreate. A Job is the smallest executable unit, analogous to a Unix process.

2.4 Docker Registry

Docker Registry stores container images. The Jobs "search", "pull", and "push" correspond to image lookup, download, and upload. Registries can be public (Docker Hub) or private.

2.5 Graph – Internal Database

Graph stores metadata about downloaded images and repositories. A Repository groups related images; tags differentiate versions. GraphDB, built on SQLite, records relationships between images.

2.6 Drivers – Execution Layer

Graphdriver manages image storage and retrieval.

Networkdriver configures container networking (bridge creation, veth devices, IP allocation, port mapping, firewall policies).

Execdriver creates namespaces, enforces resource limits, and runs container processes (default Native driver, no LXC dependency).

2.7 Libcontainer

Libcontainer is a Go library that directly interfaces with kernel container APIs, providing namespaces, cgroups, AppArmor, networking, and firewall management without external dependencies.

2.8 Docker Container – Final Service Artifact

Docker Container is the deliverable unit. Users specify the image (rootfs), resource quota, network and security policies, and the command to run, resulting in an isolated, reproducible runtime environment.

Note: This article is organized based on the “Docker source code analysis” series.