github.com/akashshinde/docker@v1.9.1/docs/introduction/understanding-docker.md (about) 1 <!--[metadata]> 2 +++ 3 title = "Understand the architecture" 4 description = "Docker explained in depth" 5 keywords = ["docker, introduction, documentation, about, technology, understanding"] 6 [menu.main] 7 parent = "mn_use_docker" 8 +++ 9 <![end-metadata]--> 10 11 # Understand the architecture 12 **What is Docker?** 13 14 Docker is an open platform for developing, shipping, and running applications. 15 Docker is designed to deliver your applications faster. With Docker you can 16 separate your applications from your infrastructure AND treat your 17 infrastructure like a managed application. Docker helps you ship code faster, 18 test faster, deploy faster, and shorten the cycle between writing code and 19 running code. 20 21 Docker does this by combining a lightweight container virtualization platform 22 with workflows and tooling that help you manage and deploy your applications. 23 24 At its core, Docker provides a way to run almost any application securely 25 isolated in a container. The isolation and security allow you to run many 26 containers simultaneously on your host. The lightweight nature of containers, 27 which run without the extra load of a hypervisor, means you can get more out of 28 your hardware. 29 30 Surrounding the container virtualization are tooling and a platform which can 31 help you in several ways: 32 33 * getting your applications (and supporting components) into Docker containers 34 * distributing and shipping those containers to your teams for further development 35 and testing 36 * deploying those applications to your production environment, 37 whether it be in a local data center or the Cloud. 38 39 ## What can I use Docker for? 40 41 *Faster delivery of your applications* 42 43 Docker is perfect for helping you with the development lifecycle. Docker 44 allows your developers to develop on local containers that contain your 45 applications and services. It can then integrate into a continuous integration and 46 deployment workflow. 47 48 For example, your developers write code locally and share their development stack via 49 Docker with their colleagues. When they are ready, they push their code and the 50 stack they are developing onto a test environment and execute any required 51 tests. From the testing environment, you can then push the Docker images into 52 production and deploy your code. 53 54 *Deploying and scaling more easily* 55 56 Docker's container-based platform allows for highly portable workloads. Docker 57 containers can run on a developer's local host, on physical or virtual machines 58 in a data center, or in the Cloud. 59 60 Docker's portability and lightweight nature also make dynamically managing 61 workloads easy. You can use Docker to quickly scale up or tear down applications 62 and services. Docker's speed means that scaling can be near real time. 63 64 *Achieving higher density and running more workloads* 65 66 Docker is lightweight and fast. It provides a viable, cost-effective alternative 67 to hypervisor-based virtual machines. This is especially useful in high density 68 environments: for example, building your own Cloud or Platform-as-a-Service. But 69 it is also useful for small and medium deployments where you want to get more 70 out of the resources you have. 71 72 ## What are the major Docker components? 73 Docker has two major components: 74 75 76 * Docker: the open source container virtualization platform. 77 * [Docker Hub](https://hub.docker.com): our Software-as-a-Service 78 platform for sharing and managing Docker containers. 79 80 81 > **Note:** Docker is licensed under the open source Apache 2.0 license. 82 83 ## What is Docker's architecture? 84 Docker uses a client-server architecture. The Docker *client* talks to the 85 Docker *daemon*, which does the heavy lifting of building, running, and 86 distributing your Docker containers. Both the Docker client and the daemon *can* 87 run on the same system, or you can connect a Docker client to a remote Docker 88 daemon. The Docker client and daemon communicate via sockets or through a 89 RESTful API. 90 91 ![Docker Architecture Diagram](../article-img/architecture.svg) 92 93 ### The Docker daemon 94 As shown in the diagram above, the Docker daemon runs on a host machine. The 95 user does not directly interact with the daemon, but instead through the Docker 96 client. 97 98 ### The Docker client 99 The Docker client, in the form of the `docker` binary, is the primary user 100 interface to Docker. It accepts commands from the user and communicates back and 101 forth with a Docker daemon. 102 103 ### Inside Docker 104 To understand Docker's internals, you need to know about three components: 105 106 * Docker images. 107 * Docker registries. 108 * Docker containers. 109 110 #### Docker images 111 112 A Docker image is a read-only template. For example, an image could contain an Ubuntu 113 operating system with Apache and your web application installed. Images are used to create 114 Docker containers. Docker provides a simple way to build new images or update existing 115 images, or you can download Docker images that other people have already created. 116 Docker images are the **build** component of Docker. 117 118 #### Docker registries 119 Docker registries hold images. These are public or private stores from which you 120 upload or download images. The public Docker registry is provided with the 121 [Docker Hub](http://hub.docker.com). It serves a huge collection of existing 122 images for your use. These can be images you create yourself or you can use 123 images that others have previously created. Docker registries are the 124 **distribution** component of Docker. 125 126 #### Docker containers 127 Docker containers are similar to a directory. A Docker container holds everything that 128 is needed for an application to run. Each container is created from a Docker 129 image. Docker containers can be run, started, stopped, moved, and deleted. Each 130 container is an isolated and secure application platform. Docker containers are the 131 **run** component of Docker. 132 133 ## So how does Docker work? 134 So far, we've learned that: 135 136 1. You can build Docker images that hold your applications. 137 2. You can create Docker containers from those Docker images to run your 138 applications. 139 3. You can share those Docker images via 140 [Docker Hub](https://hub.docker.com) or your own registry. 141 142 Let's look at how these elements combine together to make Docker work. 143 144 ### How does a Docker image work? 145 We've already seen that Docker images are read-only templates from which Docker 146 containers are launched. Each image consists of a series of layers. Docker 147 makes use of [union file systems](http://en.wikipedia.org/wiki/UnionFS) to 148 combine these layers into a single image. Union file systems allow files and 149 directories of separate file systems, known as branches, to be transparently 150 overlaid, forming a single coherent file system. 151 152 One of the reasons Docker is so lightweight is because of these layers. When you 153 change a Docker image—for example, update an application to a new version— a new layer 154 gets built. Thus, rather than replacing the whole image or entirely 155 rebuilding, as you may do with a virtual machine, only that layer is added or 156 updated. Now you don't need to distribute a whole new image, just the update, 157 making distributing Docker images faster and simpler. 158 159 Every image starts from a base image, for example `ubuntu`, a base Ubuntu image, 160 or `fedora`, a base Fedora image. You can also use images of your own as the 161 basis for a new image, for example if you have a base Apache image you could use 162 this as the base of all your web application images. 163 164 > **Note:** Docker usually gets these base images from 165 > [Docker Hub](https://hub.docker.com). 166 167 Docker images are then built from these base images using a simple, descriptive 168 set of steps we call *instructions*. Each instruction creates a new layer in our 169 image. Instructions include actions like: 170 171 * Run a command. 172 * Add a file or directory. 173 * Create an environment variable. 174 * What process to run when launching a container from this image. 175 176 These instructions are stored in a file called a `Dockerfile`. Docker reads this 177 `Dockerfile` when you request a build of an image, executes the instructions, and 178 returns a final image. 179 180 ### How does a Docker registry work? 181 The Docker registry is the store for your Docker images. Once you build a Docker 182 image you can *push* it to a public registry such as the one provided by [Docker 183 Hub](https://hub.docker.com) or to your own registry running behind your 184 firewall. 185 186 Using the Docker client, you can search for already published images and then 187 pull them down to your Docker host to build containers from them. 188 189 [Docker Hub](https://hub.docker.com) provides both public and private storage 190 for images. Public storage is searchable and can be downloaded by anyone. 191 Private storage is excluded from search results and only you and your users can 192 pull images down and use them to build containers. You can [sign up for a storage plan 193 here](https://hub.docker.com/plans). 194 195 ### How does a container work? 196 A container consists of an operating system, user-added files, and meta-data. As 197 we've seen, each container is built from an image. That image tells Docker 198 what the container holds, what process to run when the container is launched, and 199 a variety of other configuration data. The Docker image is read-only. When 200 Docker runs a container from an image, it adds a read-write layer on top of the 201 image (using a union file system as we saw earlier) in which your application can 202 then run. 203 204 ### What happens when you run a container? 205 Either by using the `docker` binary or via the API, the Docker client tells the Docker 206 daemon to run a container. 207 208 $ docker run -i -t ubuntu /bin/bash 209 210 Let's break down this command. The Docker client is launched using the `docker` 211 binary with the `run` option telling it to launch a new container. The bare 212 minimum the Docker client needs to tell the Docker daemon to run the container 213 is: 214 215 * What Docker image to build the container from, here `ubuntu`, a base Ubuntu 216 image; 217 * The command you want to run inside the container when it is launched, 218 here `/bin/bash`, to start the Bash shell inside the new container. 219 220 So what happens under the hood when we run this command? 221 222 In order, Docker does the following: 223 224 - **Pulls the `ubuntu` image:** Docker checks for the presence of the `ubuntu` 225 image and, if it doesn't exist locally on the host, then Docker downloads it from 226 [Docker Hub](https://hub.docker.com). If the image already exists, then Docker 227 uses it for the new container. 228 - **Creates a new container:** Once Docker has the image, it uses it to create a 229 container. 230 - **Allocates a filesystem and mounts a read-write _layer_:** The container is created in 231 the file system and a read-write layer is added to the image. 232 - **Allocates a network / bridge interface:** Creates a network interface that allows the 233 Docker container to talk to the local host. 234 - **Sets up an IP address:** Finds and attaches an available IP address from a pool. 235 - **Executes a process that you specify:** Runs your application, and; 236 - **Captures and provides application output:** Connects and logs standard input, outputs 237 and errors for you to see how your application is running. 238 239 You now have a running container! From here you can manage your container, interact with 240 your application and then, when finished, stop and remove your container. 241 242 ## The underlying technology 243 Docker is written in Go and makes use of several kernel features to 244 deliver the functionality we've seen. 245 246 ### Namespaces 247 Docker takes advantage of a technology called `namespaces` to provide the 248 isolated workspace we call the *container*. When you run a container, Docker 249 creates a set of *namespaces* for that container. 250 251 This provides a layer of isolation: each aspect of a container runs in its own 252 namespace and does not have access outside it. 253 254 Some of the namespaces that Docker uses on Linux are: 255 256 - **The `pid` namespace:** Used for process isolation (PID: Process ID). 257 - **The `net` namespace:** Used for managing network interfaces (NET: 258 Networking). 259 - **The `ipc` namespace:** Used for managing access to IPC 260 resources (IPC: InterProcess Communication). 261 - **The `mnt` namespace:** Used for managing mount-points (MNT: Mount). 262 - **The `uts` namespace:** Used for isolating kernel and version identifiers. (UTS: Unix 263 Timesharing System). 264 265 ### Control groups 266 Docker on Linux also makes use of another technology called `cgroups` or control groups. 267 A key to running applications in isolation is to have them only use the 268 resources you want. This ensures containers are good multi-tenant citizens on a 269 host. Control groups allow Docker to share available hardware resources to 270 containers and, if required, set up limits and constraints. For example, 271 limiting the memory available to a specific container. 272 273 ### Union file systems 274 Union file systems, or UnionFS, are file systems that operate by creating layers, 275 making them very lightweight and fast. Docker uses union file systems to provide 276 the building blocks for containers. Docker can make use of several union file system variants 277 including: AUFS, btrfs, vfs, and DeviceMapper. 278 279 ### Container format 280 Docker combines these components into a wrapper we call a container format. The 281 default container format is called `libcontainer`. Docker also supports 282 traditional Linux containers using [LXC](https://linuxcontainers.org/). In the 283 future, Docker may support other container formats, for example, by integrating with 284 BSD Jails or Solaris Zones. 285 286 ## Next steps 287 ### Installing Docker 288 Visit the [installation section](../installation/#installation). 289 290 ### The Docker user guide 291 [Learn Docker in depth](../userguide/). 292 293