Introduction to Docker: Architecture, Core Concepts, and Basic Commands

Introduction

Docker is an open‑source container engine built on Go that packages applications and their dependencies into lightweight, portable containers. It originated from Linux Containers (LXC), which provide namespace‑based isolation without full hardware virtualization.

1. From LXC to Docker

LXC (Linux Container) offers lightweight virtualization by sharing the host kernel, avoiding the overhead of full VM emulation. Docker uses LXC (or its own libcontainer implementation) as the underlying sandbox mechanism, extending it with richer features such as image management and a REST API.

2. What is Docker?

Docker enables developers to build, ship, and run applications anywhere by encapsulating them in images. An image is a read‑only template that includes the application code, runtime, libraries, environment variables, and configuration files. A container is a running instance of an image, isolated from other containers and the host.

3. Why Docker Is Popular

Flexibility – even complex applications can be containerized.

Lightweight – containers share the host kernel.

Portability – build locally, deploy to cloud or on‑premise.

Scalability – easy to replicate containers.

Stackability – services can be layered vertically.

4. Docker Architecture Overview

The Docker stack consists of several modules:

Docker Client – CLI used by users to issue commands.

Docker Daemon (dockerd) – background service that receives client requests.

Docker Server – HTTP API layer built with gorilla/mux that routes requests to handlers.

Engine – core execution engine that creates jobs (e.g., container create, image pull).

Job – the smallest unit of work, analogous to a Unix process.

Docker Registry – stores and distributes images (public Docker Hub or private registries).

Graph – tracks image layers and relationships using a lightweight SQLite‑based graph DB.

Driver – includes graphdriver (storage), networkdriver (network), and execdriver (execution).

libcontainer – Go library that directly manipulates kernel namespaces, cgroups, and other container primitives without relying on LXC.

5. Key Kernel Technologies

Docker relies on two fundamental Linux features:

Namespaces – isolate process IDs, network stacks, mount points, etc.

cgroups – limit and account for CPU, memory, and I/O resources.

6. Basic Docker Usage

Below are common commands for installing Docker, managing images, and running containers.

yum install docker -y
systemctl enable docker
systemctl start docker

To edit the service file: vim /usr/lib/systemd/system/docker.service Check Docker version: docker version Search and pull images:

docker search nginx
docker pull nginx

List local images: docker images Run a container interactively: docker run -it alpine sh Run a container in detached mode with a name: docker run -d --name test1 alpine Enter an existing container: docker exec -it mynginx sh Inspect container details (e.g., IP address): docker inspect mynginx View container logs in real time:

docker logs -f mynginx

7. References

Content is compiled from several online articles (Tencent Cloud, Alibaba Cloud, 51CTO, personal blog). All original sources are credited.