Exploring the Docker Ecosystem: From Chroot to Moby and Beyond

1. A Blooming Container Technology Landscape

Docker has propelled container technology to the forefront, but containers existed long before Docker. Various container implementations have emerged over the years, each offering different isolation mechanisms.

Chroot Jail

FreeBSD Jails

Linux VServer

Solaris Containers

OpenVZ

Process Containers (cgroups)

LXC

Warden

LMCTFY

Docker

RKT

Chroot Jail

Introduced in 1979, Chroot isolates a process's filesystem and is considered one of the earliest containerization techniques.

FreeBSD Jail

FreeBSD Jail provides OS‑level virtualization and was a pioneer in this space.

Linux VServer

Linux VServer implements OS‑level virtualization via kernel extensions.

Solaris Containers

Solaris Containers (Zones) offer resource control and isolation for X86 and SPARC systems.

OpenVZ

OpenVZ enables multiple secure, isolated Linux containers (VPS) on a single host.

Process Containers

Developed by Google engineers, Process Containers are essentially cgroups.

LXC

LXC (Linux Containers) allows multiple independent systems to run on a single Linux kernel.

Warden

Initially used LXC as its runtime; later replaced by Cloud Foundry.

LMCTFY

LMCTFY ("Let Me Contain That For You") is an open‑source Google container stack, now largely superseded by libcontainer.

Docker

Docker packages applications and their dependencies into portable containers that can run on virtually any server.

RKT

RKT (Rocket) is a security‑focused, standards‑compliant application container engine.

2. Important Docker‑Related Concepts

Docker & LXC

Docker initially used LXC as its execution environment; from version 0.9 onward it switched to libcontainer.

Docker & libcontainer

Libcontainer wraps Linux kernel features such as cgroups, namespaces, netlink, and netfilter for Docker.

2015 – Docker & RunC

RunC, a lightweight cross‑platform container runtime, was released in 2015, allowing containers to be run directly via libcontainer.

Docker & OCI

The Open Containers Initiative (OCI) was founded in 2015 by Docker, CoreOS, and other industry leaders to define standards for container runtimes and images.

2016 – Docker & Containerd

Docker split out Containerd as a separate daemon to manage container lifecycles, moving this functionality out of the Docker Engine core.

Docker Components

After the split, Docker consists of several independent components, as shown in the diagram below.

How Docker Runs a Container

Docker Engine creates a container image.

The image is handed to Containerd.

Containerd invokes Containerd‑Shim.

Containerd‑Shim uses RunC to run the container.

Containerd‑Shim exits after the container starts, allowing the runtime to be upgraded without interrupting containers.

2017 – Containers Go Mainstream

In 2017 containers became mainstream, prompting Docker to support many platforms (Mac, Windows, AWS, GCP) and to launch the Moby project.

3. Moby Project

The Moby project is an open‑source initiative that provides a collection of modular components (often likened to LEGO bricks) for building custom container‑based systems.

Key Moby components include:

Containerd

Containerd is Docker’s industry‑standard core container runtime, managing the full lifecycle of containers on Linux and Windows.

Linuxkit

Linuxkit builds secure, minimal, cross‑platform systems for containers, supporting Hyper‑V, VMware, AWS, Azure, and more.

Infrakit

Infrakit provides tools for creating and managing declarative, immutable, self‑healing infrastructure, useful for orchestrators like Docker Swarm and Kubernetes.

Libnetwork

Libnetwork, written in Go, defines a container network model (CNM) and offers a consistent API for container networking.

Docker & Docker Swarm

Docker Swarm, integrated natively since Docker 1.12, enables cluster creation and service deployment via the Docker CLI.

Docker & Kubernetes

Facing competition from Kubernetes, Docker added native support for Kubernetes integration, allowing Docker Compose applications to be deployed as Kubernetes Pods and Services.

Finally, the trend of Docker Hub image pulls from 2013 to 2017 is shown below.

Note: All images are sourced from the internet.

Reference

<An Overall View On Docker Ecosystem — Containers, Moby, Swarm, Linuxkit, containerd, Kubernetes>