Understanding Docker Runtime Principles: Architecture, Core Technologies, and Execution Flow

Docker is a lightweight containerization technology that lets developers package applications and their dependencies into a portable container that runs consistently across environments.

Docker Runtime Principles

Docker’s runtime can be understood from three perspectives: architecture components, core technologies, and the execution workflow.

Docker Architecture

Docker consists of the following parts:

Docker Client : interacts with the user and forwards commands such as docker run and docker build to the Docker Daemon.

Docker Daemon : the background service that builds, runs, and manages container lifecycles, interfacing with Linux kernel features like namespaces and cgroups.

Docker Registry : stores images (e.g., Docker Hub, private Harbor) and communicates via commands like docker pull and docker push .

Core Technologies

Linux Namespaces : provide isolation for PID, network, mount, UTS, IPC, and user views.

Linux Cgroups : enforce resource limits (CPU, memory, I/O, network) for containers.

UnionFS: a layered filesystem that merges multiple read‑only layers into a single writable view, enabling lightweight images and efficient distribution.

Container Image & Container

Image : a read‑only template containing the application code, runtime, libraries, environment variables, and configuration.

Container : a running instance of an image with its own isolated filesystem, network, and process space.

Docker Execution Flow

User executes
docker run
command.
Docker Client sends the request to Docker Daemon.
Docker Daemon checks if the image exists locally or pulls it from a registry.
Daemon extracts the image layers using UnionFS to create the container’s filesystem.
Daemon sets up namespaces and cgroups to create an isolated environment.
Daemon initializes network, mounts volumes, and applies environment variables.
Daemon invokes
containerd
+
runc
to start the container process.
The container starts; PID 1 becomes the main process inside the container.

In summary, Docker’s operation relies on Linux kernel features (namespaces, cgroups, UnionFS) combined with container runtimes like containerd to deliver a lightweight, efficient container solution.