When we talk about containers a big name that comes into picture is docker. Docker is a leading container platform and provides all the functionalities required in the life cycle of a container. In this article, we will talk about docker components and how they work together.
Docker consists of the following components.
Docker Daemon:
Docker Daemon runs as dockerd and is a continuous running process. This daemon helps you in connecting docker-cli to containers itself. Docker talks to containerd using gRPC protocol.
You can see by typing below command in your Linux machine.
ps aux | grep docker
/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
You can see the output contains dockerd and also tells that it is using containerd.
Containerd:
Containerd daemon runs and expose gRPC API to interact with it. It handles all the low-level container management tasks, storage, image distribution, network attachment, etc. If you wanna see this you can type below command.
ps aux| grep container
0:01 /usr/bin/containerd
This shows you that containerd daemon is running and no containerd-shim is running.
Containerd-ctr:
A lightweight CLI to directly communicate with containerd. You can control containerd using this cli tool.
runc:
It is used for actually running containers. This binary deal with the low-level things like cgroups and namespaces that are required to create a container.
Whenever you run any container this process will come into the picture. To see this in action. Run the below commands in two different terminals.
watch 'ps aux| grep runc'
And then this
docker run image_name
You will see a process will appear, create the container and then exit.
containerd-shim:
Once runc launches containers it exits. This means there is no long-running process for this container. The flow is containerd asked containerd-shim to launch container which calls runc to create container and then exits leaving a few of the things like file descriptors so that container can pass essential signals to containerd-shim.
If your container is running you can see containerd-shim is running like below
root 16097 1.0 0.0 10612 4912 ? Sl 22:03 0:00 containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/61fd4688eae0b6b938aa07d609f55150cf0231af2d6043cd01d29cee5ee63d14 -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
So here is a glance of how docker components talk to each other.
Docker instruct containerd to launch a container, containerd tell containerd-shim to launch a container, containerd uses runc to launch the container and then keep the signals line open with it while runc exits.
Recommended books for devops and linux adminThis was how docker components interact with each other. To know more about Docker and Kubernetes keep following my blog. A lot of such articles will be coming soon.
Please share and subscribe.