Architecture

Docker Architecture Explained

Docker follows a client-server architecture, where the Docker Client interacts with the Docker Daemon to manage containers.

1. Components of Docker Architecture

1.1 Docker Daemon (dockerd)

• What it does:

  • It runs in the background on the host machine.

  • Manages containers, networks, images, and storage.

  • Listens for API requests from the Docker Client.

• Example Command to Start Daemon Manually:

1.2 Docker Client (docker)

• What it does:

  • A command-line tool that interacts with the Docker Daemon.

  • Converts user commands (docker run, docker build) into API requests.

• Example:

  • This command tells the Docker Daemon to pull and run an Nginx container.

1.3 Docker Engine

• What it does:

  • A core component of Docker.

  • Includes Docker Daemon, REST API, and CLI.

  • Provides the runtime for containers.

• Versions:

  • Docker Engine - Community (CE): Free version.

  • Docker Engine - Enterprise (EE): Paid version with enterprise support.

1.4 Docker Images

• What they are:

  • Read-only templates are used to create containers.

  • Stored in Docker Hub or private registries.

• Example:

  • This command downloads the Ubuntu image.

1.5 Docker Containers

• What they are:

  • Lightweight, isolated running instances of an image.

  • Run applications with their dependencies.

  • Use namespaces and cgroups for isolation.

• Example:

  • Runs an Nginx container in detached mode.

1.6 Docker Registries

• What they are:

  • Storage locations for Docker images.

  • Can be public (Docker Hub) or private (AWS ECR, GitHub Container Registry).

• Example:

  • Pushes an image to a private registry.

1.7 Docker Storage

• Types:

  1. Volumes (Recommended) – Stored data outside the container lifecycle.

  - Stored in /var/lib/docker/volumes)

• It is a managed storage location created and controlled by Docker.

• Use bind mounts when you need direct access to files from both the host and container.

• Use volumes when you want Docker to manage storage securely and portably.

docker volume create mydata docker run -d -v mydata:/container/path nginx

1. Bind Mounts – Directly maps a directory from the host system to a container using -v

• You can directly access and modify the files on the host system because they exist in a specified host directory.

- Host_path:Container_path

1. Tmpfs Mounts – Stored in memory, lost on restart.

• Example (Create and use a volume):

2. High-Level Workflow of Docker

1. Docker Client sends a command (docker run nginx).

2. Docker Daemon processes the request.

3. Docker Daemon pulls the image if not available locally.

4. Docker Daemon creates a container from the image.

5. Docker Networking assigns the container an IP if needed.

6. Container starts running.

3. Scenario-Based Questions on Docker Architecture

Q1: What happens when you run docker run nginx?

• Answer:

  1. Docker Client sends the command to the Docker Daemon.

  2. Docker Daemon checks if the image exists locally.

  3. If missing, the image is pulled from Docker Hub.

  4. A new container is created from the image.

  5. The container starts running.

Q2: How does Docker ensure container isolation?

• Answer:

  • Namespaces: Provides isolated process trees, network, and filesystem.

  • cgroups: Controls resource allocation (CPU, memory).

  • UnionFS: Provides a layered filesystem.

Q3: How can you debug a failing Docker container?

• Answer:

4. Docker Architecture Diagram

5. Best Practices

• Use volumes instead of bind mounts.

• Keep containers stateless for scalability.

• Limit privileged mode for security.

• Use Docker Compose for multi-container apps.

• Scan images for vulnerabilities.

This covers Docker architecture, its components, workflows, and interview questions. 🚀 Let me know if you need more details!