What Is Docker? A Deep Dive into Its Architecture and Core Concepts

1. Understanding Docker’s Predecessor LXC

LXC (Linux Container) is a lightweight kernel virtualization technology that isolates processes and resources, similar to chroot but operating at the OS level.

2. Relationship Between LXC and Docker

Docker is not a replacement for LXC; it uses LXC underneath to sandbox Linux processes, providing isolation and resource control, while adding higher‑level functionality.

3. What Is Docker?

Docker is an open‑source application container engine written in Go and released under the Apache 2.0 license. It lets developers package applications into portable containers that can run on any Linux host.

Containers are isolated sandboxed environments with minimal overhead.

4. Comparison with Traditional VMs

Containers start and stop in seconds, far faster than VMs.

Containers consume far fewer system resources, allowing thousands per host.

Docker uses simple commands (similar to Git) for image distribution and updates.

Dockerfiles enable automated creation and deployment.

Containers use minimal extra resources beyond the running application.

Docker implements strict isolation, security options, and image signing.

5. Related Concepts

Image and Container

An image is a read‑only template containing all files needed to run an application (code, runtime, libraries, environment variables, etc.). A container is a running instance of an image.

Container vs. Virtual Machine

Containers share the host kernel and run as isolated processes, whereas VMs run a full guest OS and require more resources.

6. Docker Versions

Docker Community Edition (CE) – free, open‑source version.

Docker Enterprise Edition (EE) – commercial version with additional features.

7. Docker vs. OpenStack

Comparison chart (image omitted).

8. Kernel Technologies Used by Docker

Docker relies on namespaces for resource isolation, cgroups for resource limiting, and copy‑on‑write for efficient file operations.

Namespaces

Control Groups (cgroup)

Cgroup provides a pseudo‑filesystem API for fine‑grained resource management, allowing limits at the thread level and dynamic creation/destruction of groups.

9. Three Important Docker Concepts

1) Image – a read‑only template for containers.

2) Container – a running instance created from an image, isolated from other containers.

3) Repository – a storage location for images, with public (Docker Hub) and private options.

10. Main Uses of Docker

Package, deploy, and manage application lifecycles consistently across environments.

Enable rapid, automated provisioning of production environments.

Improve resource utilization and simplify migration.

Streamline management and operations.

11. What Docker Changed

Product delivery.

Simplified development environment setup.

Multi‑version testing.

Consistent operations.

Automated scaling for micro‑services.

Docker Architecture Overview

1. Overall Architecture

Key modules: Docker Client, Docker Daemon, Docker Registry, Graph, Driver, libcontainer, Docker container.

2. Docker Client

The client communicates with the daemon via TCP, Unix socket, or file descriptor, and can use TLS for secure transport.

3. Docker Daemon

The daemon runs as a background service, receives requests from the client, and dispatches them to appropriate handlers.

4. Docker Server

The server handles HTTP routing using gorilla/mux, creating a http.Server to serve requests.

5. Engine

The engine is the core execution component, managing containers and images through jobs.

6. Job

A job is the smallest execution unit in Docker (e.g., creating a container, pulling an image).

7. Docker Registry

The registry stores container images; Docker can use public Docker Hub or private registries.

8. Graph

Graph manages local image storage and relationships, using a lightweight SQLite‑based graph database.

9. Driver

Drivers (graphdriver, networkdriver, execdriver) handle storage, networking, and execution aspects of containers.

10. libcontainer

libcontainer is a Go library that directly accesses kernel APIs for namespaces, cgroups, AppArmor, networking, and firewall rules, enabling Docker to operate without LXC.

11. Docker Container

Containers are the final delivery form, customized with specific images, resource quotas, network settings, and commands.