Understanding Docker’s Architecture: A Deep Dive into Its Core Components

Docker Overall Architecture

Docker follows a client‑server (C/S) model. The Docker Client communicates with the Docker Daemon, which coordinates a set of loosely coupled modules to handle container lifecycle, image management, networking, and resource control.

Key Components

Docker Client

The client is the docker command‑line executable. It builds a request (e.g., docker images) and sends it to the daemon via one of three transports: tcp://host:port, unix://path/to/socket, or fd://socketfd. After the daemon processes the request, the client receives and displays the response.

Docker Daemon (Server)

The daemon acts as the server side, accepting and routing client requests. It creates a mux.Router (from the Gorilla/mux package) that maps HTTP methods and URLs to specific handlers. An http.Server instance runs Serve() to listen for connections, spawning a goroutine per request to parse, route, and invoke the appropriate handler.

Docker Engine

The engine is the execution core. Work is expressed as “Jobs” (e.g., creating a container, pulling an image). Each job is handled by a handler object stored in a map such as {"create": daemon.ContainerCreate}. Jobs are designed similarly to Unix processes, with name, arguments, environment, I/O, error handling, and exit status.

Docker Registry

The registry stores container images. Docker Daemon interacts with it to search, pull, and push images. Registries can be public (Docker Hub) or private.

Graph and GraphDB

Graph is Docker’s internal metadata store for downloaded images, tracking repository, tags, size, and root filesystem. GraphDB, built on SQLite, records relationships between images.

Drivers

Drivers implement low‑level operations:

Graphdriver manages image storage and retrieval.

Networkdriver creates bridge networks, virtual NICs, IP allocation, port mapping, and firewall rules for containers.

Execdriver (default Native driver) creates namespaces, tracks resource usage, and runs container processes without relying on LXC.

Libcontainer

Libcontainer is a Go library that provides direct access to kernel container APIs (namespaces, cgroups, AppArmor, networking, etc.) without external dependencies. Docker calls libcontainer to set up containers and expose a stable interface to higher‑level components.

Docker Container

A container is the final delivery unit. Users specify an image, resource limits, network configuration, and the command to run. Docker assembles these specifications into an isolated runtime environment.