github.com/akashshinde/docker@v1.9.1/docs/introduction/understanding-docker.md (about)

     1  <!--[metadata]>
     2  +++
     3  title = "Understand the architecture"
     4  description = "Docker explained in depth"
     5  keywords = ["docker, introduction, documentation, about, technology,  understanding"]
     6  [menu.main]
     7  parent = "mn_use_docker"
     8  +++
     9  <![end-metadata]-->
    10  
    11  # Understand the architecture
    12  **What is Docker?**
    13  
    14  Docker is an open platform for developing, shipping, and running applications.
    15  Docker is designed to deliver your applications faster. With Docker you can
    16  separate your applications from your infrastructure AND treat your
    17  infrastructure like a managed application. Docker helps you ship code faster,
    18  test faster, deploy faster, and shorten the cycle between writing code and
    19  running code.
    20  
    21  Docker does this by combining a lightweight container virtualization platform
    22  with workflows and tooling that help you manage and deploy your applications.
    23  
    24  At its core, Docker provides a way to run almost any application securely
    25  isolated in a container. The isolation and security allow you to run many
    26  containers simultaneously on your host. The lightweight nature of containers,
    27  which run without the extra load of a hypervisor, means you can get more out of
    28  your hardware.
    29  
    30  Surrounding the container virtualization are tooling and a platform which can
    31  help you in several ways:
    32  
    33  * getting your applications (and supporting components) into Docker containers
    34  * distributing and shipping those containers to your teams for further development
    35  and testing
    36  * deploying those applications to your production environment,
    37   whether it be in a local data center or the Cloud.
    38  
    39  ## What can I use Docker for?
    40  
    41  *Faster delivery of your applications*
    42  
    43  Docker is perfect for helping you with the development lifecycle. Docker
    44  allows your developers to develop on local containers that contain your
    45  applications and services. It can then integrate into a continuous integration and
    46  deployment workflow.
    47  
    48  For example, your developers write code locally and share their development stack via
    49  Docker with their colleagues. When they are ready, they push their code and the
    50  stack they are developing onto a test environment and execute any required
    51  tests. From the testing environment, you can then push the Docker images into
    52  production and deploy your code.
    53  
    54  *Deploying and scaling more easily*
    55  
    56  Docker's container-based platform allows for highly portable workloads. Docker
    57  containers can run on a developer's local host, on physical or virtual machines
    58  in a data center, or in the Cloud.
    59  
    60  Docker's portability and lightweight nature also make dynamically managing
    61  workloads easy. You can use Docker to quickly scale up or tear down applications
    62  and services. Docker's speed means that scaling can be near real time.
    63  
    64  *Achieving higher density and running more workloads*
    65  
    66  Docker is lightweight and fast. It provides a viable, cost-effective alternative
    67  to hypervisor-based virtual machines. This is especially useful in high density
    68  environments: for example, building your own Cloud or Platform-as-a-Service. But
    69  it is also useful for small and medium deployments where you want to get more
    70  out of the resources you have.
    71  
    72  ## What are the major Docker components?
    73  Docker has two major components:
    74  
    75  
    76  * Docker: the open source container virtualization platform.
    77  * [Docker Hub](https://hub.docker.com): our Software-as-a-Service
    78    platform for sharing and managing Docker containers.
    79  
    80  
    81  > **Note:** Docker is licensed under the open source Apache 2.0 license.
    82  
    83  ## What is Docker's architecture?
    84  Docker uses a client-server architecture. The Docker *client* talks to the
    85  Docker *daemon*, which does the heavy lifting of building, running, and
    86  distributing your Docker containers. Both the Docker client and the daemon *can*
    87  run on the same system, or you can connect a Docker client to a remote Docker
    88  daemon. The Docker client and daemon communicate via sockets or through a
    89  RESTful API.
    90  
    91  ![Docker Architecture Diagram](../article-img/architecture.svg)
    92  
    93  ### The Docker daemon
    94  As shown in the diagram above, the Docker daemon runs on a host machine. The
    95  user does not directly interact with the daemon, but instead through the Docker
    96  client.
    97  
    98  ### The Docker client 
    99  The Docker client, in the form of the `docker` binary, is the primary user
   100  interface to Docker. It accepts commands from the user and communicates back and
   101  forth with a Docker daemon.
   102  
   103  ### Inside Docker 
   104  To understand Docker's internals, you need to know about three components:
   105  
   106  * Docker images. 
   107  * Docker registries. 
   108  * Docker containers.
   109  
   110  #### Docker images
   111  
   112  A Docker image is a read-only template. For example, an image could contain an Ubuntu
   113  operating system with Apache and your web application installed. Images are used to create
   114  Docker containers. Docker provides a simple way to build new images or update existing
   115  images, or you can download Docker images that other people have already created.
   116  Docker images are the **build** component of Docker.
   117  
   118  #### Docker registries
   119  Docker registries hold images. These are public or private stores from which you
   120  upload or download images. The public Docker registry is provided with the
   121  [Docker Hub](http://hub.docker.com). It serves a huge collection of existing
   122  images for your use. These can be images you create yourself or you can use
   123  images that others have previously created. Docker registries are the
   124  **distribution** component of Docker.
   125  
   126  #### Docker containers
   127  Docker containers are similar to a directory. A Docker container holds everything that
   128  is needed for an application to run. Each container is created from a Docker
   129  image. Docker containers can be run, started, stopped, moved, and deleted. Each
   130  container is an isolated and secure application platform. Docker containers are the
   131   **run** component of Docker.
   132  
   133  ## So how does Docker work? 
   134  So far, we've learned that:
   135  
   136  1. You can build Docker images that hold your applications.
   137  2. You can create Docker containers from those Docker images to run your
   138     applications.
   139  3. You can share those Docker images via
   140     [Docker Hub](https://hub.docker.com) or your own registry.
   141  
   142  Let's look at how these elements combine together to make Docker work.
   143  
   144  ### How does a Docker image work? 
   145  We've already seen that Docker images are read-only templates from which Docker
   146  containers are launched. Each image consists of a series of layers. Docker
   147  makes use of [union file systems](http://en.wikipedia.org/wiki/UnionFS) to
   148  combine these layers into a single image. Union file systems allow files and
   149  directories of separate file systems, known as branches, to be transparently
   150  overlaid, forming a single coherent file system.
   151  
   152  One of the reasons Docker is so lightweight is because of these layers. When you
   153  change a Docker image—for example, update an application to a new version— a new layer
   154  gets built. Thus, rather than replacing the whole image or entirely
   155  rebuilding, as you may do with a virtual machine, only that layer is added or
   156  updated. Now you don't need to distribute a whole new image, just the update,
   157  making distributing Docker images faster and simpler.
   158  
   159  Every image starts from a base image, for example `ubuntu`, a base Ubuntu image,
   160  or `fedora`, a base Fedora image. You can also use images of your own as the
   161  basis for a new image, for example if you have a base Apache image you could use
   162  this as the base of all your web application images.
   163  
   164  > **Note:** Docker usually gets these base images from
   165  > [Docker Hub](https://hub.docker.com).
   166  
   167  Docker images are then built from these base images using a simple, descriptive
   168  set of steps we call *instructions*. Each instruction creates a new layer in our
   169  image. Instructions include actions like:
   170  
   171  * Run a command. 
   172  * Add a file or directory. 
   173  * Create an environment variable.
   174  * What process to run when launching a container from this image.
   175  
   176  These instructions are stored in a file called a `Dockerfile`. Docker reads this
   177  `Dockerfile` when you request a build of an image, executes the instructions, and
   178  returns a final image.
   179  
   180  ### How does a Docker registry work?
   181  The Docker registry is the store for your Docker images. Once you build a Docker
   182  image you can *push* it to a public registry such as the one provided by [Docker
   183  Hub](https://hub.docker.com) or to your own registry running behind your
   184  firewall.
   185  
   186  Using the Docker client, you can search for already published images and then
   187  pull them down to your Docker host to build containers from them.
   188  
   189  [Docker Hub](https://hub.docker.com) provides both public and private storage
   190  for images. Public storage is searchable and can be downloaded by anyone.
   191  Private storage is excluded from search results and only you and your users can
   192  pull images down and use them to build containers. You can [sign up for a storage plan
   193  here](https://hub.docker.com/plans).
   194  
   195  ### How does a container work?
   196  A container consists of an operating system, user-added files, and meta-data. As
   197  we've seen, each container is built from an image. That image tells Docker
   198  what the container holds, what process to run when the container is launched, and
   199  a variety of other configuration data. The Docker image is read-only. When
   200  Docker runs a container from an image, it adds a read-write layer on top of the
   201  image (using a union file system as we saw earlier) in which your application can
   202  then run.
   203  
   204  ### What happens when you run a container?
   205  Either by using the `docker` binary or via the API, the Docker client tells the Docker
   206  daemon to run a container.
   207  
   208      $ docker run -i -t ubuntu /bin/bash
   209  
   210  Let's break down this command. The Docker client is launched using the `docker`
   211  binary with the `run` option telling it to launch a new container. The bare
   212  minimum the Docker client needs to tell the Docker daemon to run the container
   213  is:
   214  
   215  * What Docker image to build the container from, here `ubuntu`, a base Ubuntu
   216  image; 
   217  * The command you want to run inside the container when it is launched,
   218  here `/bin/bash`, to start the Bash shell inside the new container.
   219  
   220  So what happens under the hood when we run this command?
   221  
   222  In order, Docker does the following:
   223  
   224  - **Pulls the `ubuntu` image:** Docker checks for the presence of the `ubuntu`
   225  image and, if it doesn't exist locally on the host, then Docker downloads it from
   226  [Docker Hub](https://hub.docker.com). If the image already exists, then Docker
   227  uses it for the new container. 
   228  - **Creates a new container:** Once Docker has the image, it uses it to create a
   229  container. 
   230  - **Allocates a filesystem and mounts a read-write _layer_:** The container is created in 
   231  the file system and a read-write layer is added to the image.
   232  - **Allocates a network / bridge interface:** Creates a network interface that allows the 
   233  Docker container to talk to the local host. 
   234  - **Sets up an IP address:** Finds and attaches an available IP address from a pool. 
   235  - **Executes a process that you specify:** Runs your application, and; 
   236  - **Captures and provides application output:** Connects and logs standard input, outputs 
   237  and errors for you to see how your application is running.
   238  
   239  You now have a running container! From here you can manage your container, interact with
   240  your application and then, when finished, stop and remove your container.
   241  
   242  ## The underlying technology
   243  Docker is written in Go and makes use of several kernel features to
   244  deliver the functionality we've seen. 
   245  
   246  ### Namespaces
   247  Docker takes advantage of a technology called `namespaces` to provide the
   248  isolated workspace we call the *container*.  When you run a container, Docker
   249  creates a set of *namespaces* for that container.
   250  
   251  This provides a layer of isolation: each aspect of a container runs in its own
   252  namespace and does not have access outside it.
   253  
   254  Some of the namespaces that Docker uses on Linux are:
   255  
   256   - **The `pid` namespace:** Used for process isolation (PID: Process ID). 
   257   - **The `net` namespace:** Used for managing network interfaces (NET:
   258   Networking). 
   259   - **The `ipc` namespace:** Used for managing access to IPC
   260   resources (IPC: InterProcess Communication). 
   261   - **The `mnt` namespace:** Used for managing mount-points (MNT: Mount). 
   262   - **The `uts` namespace:** Used for isolating kernel and version identifiers. (UTS: Unix
   263  Timesharing System).
   264  
   265  ### Control groups
   266  Docker on Linux also makes use of another technology called `cgroups` or control groups.
   267  A key to running applications in isolation is to have them only use the
   268  resources you want. This ensures containers are good multi-tenant citizens on a
   269  host. Control groups allow Docker to share available hardware resources to
   270  containers and, if required, set up limits and constraints. For example,
   271  limiting the memory available to a specific container.
   272  
   273  ### Union file systems
   274  Union file systems, or UnionFS, are file systems that operate by creating layers,
   275  making them very lightweight and fast. Docker uses union file systems to provide
   276  the building blocks for containers. Docker can make use of several union file system variants
   277  including: AUFS, btrfs, vfs, and DeviceMapper.
   278  
   279  ### Container format 
   280  Docker combines these components into a wrapper we call a container format. The
   281  default container format is called `libcontainer`. Docker also supports
   282  traditional Linux containers using [LXC](https://linuxcontainers.org/). In the 
   283  future, Docker may support other container formats, for example, by integrating with
   284  BSD Jails or Solaris Zones.
   285  
   286  ## Next steps
   287  ### Installing Docker
   288  Visit the [installation section](../installation/#installation).
   289  
   290  ### The Docker user guide
   291  [Learn Docker in depth](../userguide/).
   292  
   293