Understanding Docker’s Architecture: A Deep Dive into Its Core Components

Docker Overall Architecture

Docker follows a classic client‑server (C/S) model. Users issue commands through the Docker client, which establishes communication with the Docker daemon (server). The daemon receives, schedules, and dispatches requests, orchestrating jobs that involve image retrieval, container creation, networking, and resource management.

Key Components

Docker Client

The Docker client is the command‑line executable ( docker) that users invoke. It builds request strings (e.g., docker images) and can communicate with the daemon via three transports: tcp://host:port, unix://path-to-socket, or fd://socketfd. After sending a request, the client waits for the daemon’s response and then terminates.

Docker Daemon (Server)

The daemon is the core of Docker’s backend. It implements the Docker Server functionality, accepting client requests, routing them through a gorilla/mux router, and invoking the appropriate handler. Each request is processed in a separate goroutine, where it is parsed, matched to a route, and the corresponding handler executes the operation.

Docker Engine

The Engine is the execution core that runs Jobs—atomic units of work such as pulling an image, creating a container, or serving the API. Handlers for each Job (e.g., {"create": daemon.ContainerCreate}) map job names to Go functions that perform the actual work.

Docker Registry

The Registry is a storage service for container images, analogous to a cloud‑based image repository. Images are identified by [repository]:[tag]. The daemon interacts with the registry to search, pull, or push images, using Jobs named “search”, “pull”, and “push”. Registries can be public (Docker Hub) or private.

Graph (Docker’s Internal Database)

Graph stores metadata about downloaded images and their relationships. A Repository groups images of the same type (e.g., Ubuntu), each distinguished by tags. The GraphDB is a lightweight SQLite‑based database that records nodes (images) and edges (relationships), enabling fast look‑ups of image layers and sizes.

Drivers

Drivers implement specific low‑level functions:

Graphdriver manages image storage and retrieval on the host filesystem.

Networkdriver creates and configures container networking, including bridge creation, virtual NIC allocation, IP/port assignment, and firewall rules.

Execdriver (defaulting to the native driver) handles namespace creation, resource accounting, and the actual execution of processes inside containers.

Libcontainer

Libcontainer is a Go library that provides a thin abstraction over kernel container primitives (namespaces, cgroups, AppArmor, network devices). Docker calls Libcontainer directly to set up container isolation without relying on external tools like LXC.

Docker Container

A Docker container is the final delivery unit. Users specify an image (rootfs), resource quotas, network settings, and the command to run. The container runs as an isolated process group managed by the drivers and Libcontainer, providing a lightweight, portable runtime environment.