Docker Architecture Overview and Module Functions

Docker runs as a service (Docker Engine) on the host OS, allowing multiple isolated containers to share the host's hardware and network resources.

Docker关键技术回顾

Key isolation techniques include filesystem isolation via namespaces, resource isolation with cgroups, network isolation with separate network namespaces, copy‑on‑write filesystems, logging, change management, interactive shells, and public/private registries for image storage.

Docker实现持续部署

Docker integrates with DevOps tools such as Git, Jenkins, and Maven to automate build, push, pull, and container launch, enabling continuous delivery without manual operations.

Docker总架构图

The client/server model separates Docker Client, Docker Daemon, and internal Engine; communication occurs via sockets or RESTful APIs, and each operation is represented as a Job.

Docker Client模块

The Docker CLI (docker command) interacts with the Daemon, optionally using TLS for secure transport, and each command initiates a new client lifecycle.

Docker Daemon模块

The Daemon runs as a background process, receiving requests from the Client, routing them to appropriate Handlers, and orchestrating Jobs.

Docker Server子模块

Implemented in Go, the Server uses the gorilla/mux router to map HTTP methods and URLs to Handlers, creating a new goroutine for each request.

Engine子模块

The Engine drives Jobs, managing container storage, networking, and execution.

Job任务子模块

Jobs are the basic execution units, analogous to Unix processes, encapsulating command, arguments, environment, I/O, and exit status.

Docker Registry模块

Registries store container images; Docker Hub is the public registry, while private registries enable internal image distribution.

Graph模块

Graph stores downloaded images and their relationships, using a lightweight SQLite‑based GraphDB to record metadata and filesystem layers.

Driver模块

Drivers (graphdriver, networkdriver, execdriver) handle image storage, network configuration, and container execution, supporting drivers such as aufs, btrfs, vfs, and devmapper.

Libcontainer模块

Libcontainer provides Go‑based APIs for namespaces, cgroups, AppArmor, and networking, allowing Docker to manage containers without relying on external tools like LXC.

Docker container模块

Containers encapsulate applications with isolated filesystems, resource quotas, network policies, and command execution, realized through Jobs and the underlying libcontainer infrastructure.

引用文献: Docker源码分析(1)—Docker架构 作者: 孙宏亮