Docker Components Explained
- The Open Container Initiative (OCI) is launched in June 2015 by Docker, CoreOS, and other leaders in the container industry.
- The OCI currently contains two specifications: runtime-spec and image-spec
- RunC is the runtime for running containers according to the OCI specification (implements OCI runtime-spec).
- Runc leverages technologies available in Linux Kernel (cgroups and namespaces) to create and run containers.
- containerd is a daemon and it manages the complete lifecycle of a container on the host operating system.
- containerd manages image storage and transfer, container execution and supervision, low-level storage, network attachment, etc.
- containerd uses RunC for creating and running containers from OCI-compatible images.
- dockerd (docker-engine) provides an API for clients via three different types of sockets: unix, tcp, and file.
- dockerd serves all features of Docker platform.
- dockerd leverages containerd gRPC API for managing containers.
- containerd-shim allows daemonless containers and acts as a middleman between containers and containerd.
- Using containerd-shim, runc can exit after creating and starting containers (removes the need for long-running runtime processes for containers).
- containerd-shim also keeps the STDIO and FDs open for containers in case dockerd or containerd dies.
- This also allows updating dockerd or containerd without killing the running containers.
- Docker CLI (docker command) and other Docker clients communicate with dockerd (docker-engine).