Graphical docker architecture


General architecture of docker

Graphical docker architecture

Docker is a C / S mode architecture, the back-end is a loosely coupled architecture, and each module performs its own duties.

  • The user uses the docker client to establish communication with the docker daemon and send a request to the latter.
  • As the main part of the docker architecture, docker daemon first provides the function of server to make it accept the request of docker client;
  • The engine performs a series of tasks within the docker, each of which exists in the form of a job.
  • In the running process of job, when the container image is needed, the image is downloaded from docker registry, and the downloaded image is stored in the form of graph by driving graphdriver through image management;
  • When it is necessary to create a network environment for docker, the docker container network environment is created and configured through the network management driver networkdriver;
  • When it is necessary to restrict the docker container to run resources or execute user instructions, it is done through the execdriver.
  • Libcontainer is an independent container management package. Both networkdriver and execdriver operate on containers through libcontainer.

Analysis of docker modules

Docker client [initiate request]
  • Docker client is the client that establishes communication with docker daemon. The executable file used by the user is docker (a command similar to an executable script). The docker command is followed by parameters to implement a complete request command (for example, docker images, where the command is immutable and the parameters are variable).
  • Docker client can establish communication with docker Daemon in the following three ways: tcp://host :port, unix://path_ to_ Socket and FD: / / socketfd.
  • After the docker client sends the container management request, the docker daemon accepts and processes the request. When the docker client receives the returned request and simply processes it, the complete life cycle of the docker client ends( A complete request: send request → process request → return result), which is no different from the traditional C / S architecture request process.
Docker daemon

Graphical docker architecture

Docker server [dispatch distribution request]
  • Architecture diagram of docker server

Graphical docker architecture

  • Docker server is equivalent to the server of C / S architecture. The function is to accept and dispatch requests sent by docker client. After accepting the request, the server finds the corresponding handler to execute the request through routing and distribution scheduling.
  • During the startup process of docker, a mux.router is created through the package gorilla / mux to provide the routing function of requests. In golang, gorilla / mux is a powerful URL router and scheduling distributor. Many routing items are added to the MUX. Router, and each routing item is composed of HTTP request method (put, post, get or delete), URL and handler.
  • After creating MUX. Router, docker takes the listening address of server and MUX. Router as parameters, creates an httpsrv = http. Server {}, and finally executes httpsrv. Serve() to serve the request.
  • In the process of server service, the server accepts the access request of docker client on the listener and creates a new goroutine to serve the request. In goroutine, first read the request content, then do the parsing work, then find the corresponding routing item, then call the corresponding Handler to process the request. Finally, Handler reply the request after processing the request.
  • Engine is not only the running engine in docker architecture, but also the core module of docker running. It plays the role of docker container repository, and manages these containers by executing jobs.
  • In the design and implementation of engine data structure, there is a handler object. The handler object stores the handler processing access of many specific jobs. For example, if there is an item in the handler object of engine: {“create”: daemon. Containercreate,}, it means that when the job named “create” is running, the handler of daemon. Containercreate is executed.
  • A job can be considered as the most basic work execution unit in the engine of docker architecture. Every job that docker can do can be abstracted as a job. For example, run a process inside the container, which is a job; Create a new container, which is a job. The running process of docker server is also a job called serveapi.
  • The designer of the job designed the job to be similar to the UNIX process. For example: job has a name, parameters, environment variables, standard input and output, error handling, return status, etc.

Docker registry

  • Docker registry is a repository (Registry) for storing container images, which can be understood as a cloud image repository. It is classified by repository, and docker pull is classified by[repository]:[tag]To precisely define an image.
  • During the operation of docker, docker daemon will communicate with docker registry and realize three functions: search image, Download Image and upload image. The job names corresponding to these three functions are “search”, “pull” and “push”.
  • It can be divided into docker hub and private warehouse.

Graph [docker internal database]

  • Graph architecture

Graphical docker architecture

  • Repository
  • The custodian of the downloaded image (including the downloaded image and the image constructed by dockerfile).
  • A repository represents the repository of a certain type of image (for example, Ubuntu). Images in the same repository are distinguished by tags (representing different labels or versions of the same type of image). A registry contains multiple repositories, and a repository contains multiple images of the same type.
  • The storage types of images include aufs, devicemapper, Btrfs, VFS, etc. The storage type of device mapper is used in CentOS system.
  • At the same time, in the local directory of graph, the specific storage information about each container image includes the metadata of the container image, the size information of the container image, and the specific rootfs represented by the container image.
  • GraphDB
  • The logger of the relationship between the downloaded container images.
  • Graphdb is a small graph database built on SQLite, which realizes the naming of nodes and the recording of the relationship between nodes


Driver is a driver module in docker architecture. Through driver driver, docker can customize the execution environment of docker container. In other words, the graph is responsible for the storage of the image, and the driver is responsible for the execution of the container.

  • Graphdriver architecture diagram

Graphical docker architecture

  • Graphdriver is mainly used to complete the management of container image, including storage and acquisition.
  • Storage: the image downloaded by docker pull is stored in the local specified directory (graph) by graphdriver.
  • Get: when docker run (create) creates a container with an image, the graphdriver gets the image from the local graph.
  • Architecture diagram of networkdriver

Graphical docker architecture

The purpose of networkdriver is to complete the configuration of docker container network environment, including

  • When docker starts, create a bridge for the docker environment;
  • When the docker container is created, an exclusive virtual network card device is created for it;
  • Docker container allocates IP and port, maps port with host, and sets container firewall policy.
  • Architecture diagram of execdriver

Graphical docker architecture

  • As the execution driver of docker container, execdriver is responsible for creating container running namespace, statistics and restriction of container resource usage, and real running of internal processes.
  • Now the execdriver uses native driver by default and does not rely on LxC.

Libcontainer [function library]

The architecture of libcontainer

Graphical docker architecture

  • Libcontainer is a library designed and implemented in go language in docker architecture. The original intention of the design is that the library can directly access the container related API in the kernel without any dependency.
  • Docker can directly call libcontainer, and finally manipulate the container’s namespace, cgroups, APP arm, network devices and firewall rules.
  • Libcontainer provides a set of standard interfaces to meet the requirements of upper layer for container management. In other words, libcontainer blocks the direct management of the container by the upper layer of docker.

Docker container [final form of service delivery]

Container architecture

Graphical docker architecture

Docker container is the final manifestation of service delivery in docker architecture.

Docker customizes the corresponding docker container according to the user’s requirements and instructions

  • By specifying the container image, the docker container can customize rootfs and other file systems;
  • The user makes the docker container use the specified computing resources by specifying the quota of computing resources;
  • Users configure the network and its security policy to make the docker container have an independent and secure network environment;
  • The user makes the docker container execute the specified work by specifying the running command.

Author: Hu Weihuang\_/article/details/71308236

Graphical docker architecture