Docker component introduction

Docker Cli
This is a command line tool for users

Listen to docker API requests. Dockerd receives API requests through UNIX, TCP and FD.

UNIX socket is / var / run / docker For sock, you need root or docker group permission to start dockerd

Dockerd will pull up containerd and keep communication with containerd when starting


  • The main responsibility is to manage the life cycle of the container
  • Pull, push image
  • Storage management
  • Run the runc of the container
  • Management network

Containerd contains a daemon service that exposes grpc APIs. These APIs are relatively low-level. Dockerd manages the life cycle of containers through container, and container runs containers through runc

/Usr / bin / docker runc can be regarded as part of containerd, which is a binary tool for running OCI compliant containers.
The container image is packaged in OCI standard format and generally includes config. Config JSON file and system root directory

docker save -o nginx.tar nginx

Save the container as an image tar file, and then decompress it to see the internal structure of the image

The existence of containerd ship enables the container to run independently from containerd. (by default, dockerd is stopped and the container is stopped, but it can be realized through daemon.json configuration. After dockerd is stopped, the container runs as usual.)

As the parent process of container, containerd shim is mainly responsible for the following responsibilities:

  • So that runc can exit after running the container, without starting a runtime resident process for a container
  • Keep the stdio of the container open, so that the container will not exit after receiving SIGPIPE after writing stdio
  • Report the exit status of the container to containerd

The calling order is dockerd — > containerd — > containerd shim — > runc API — > “CMD”

Send a Message