This post is part of a three post series on Docker

The concept of containers has been on the making for some time. Docker is currently available in two primary flavors namely, Docker for Linux and Docker for Windows based on the platform on which it is running. Docker for Mac is a version of Docker for Linux. It is also available on all cloud platforms such as Azure, AWS, Google Cloud and others. The Docker architecture is different based on the platform on which it is running.

Docker for Linux – Kernel Architecture

Docker for Linux – Architecture

Docker for Linux uses a bunch of Linux constructs to enable containerization of applications. Some of these are


CGroups or control groups provides a mechanism to place a resource limit on a group of processes in Linux. These processes can be organized hierarchically as a tree of process groups, subgroups etc. Limits can be placed on shared resources such as CPU, Memory, network or Disk IO. CGroups also allow for accounting, checkpointing and restarting groups of processes. CGroups were originally implemented by the Engineers at Google in 2006 and was merged into the Linux kernel version 2.6.24, released in January 2008. 

Namespaces – A namespace is an abstraction of a global resource such as filesystems, network access, process tree or user IDs. Linux namespaces are used to create process that are isolated from the rest of the system without the need to use low level virtualization technology. This provides a way to have varying views of the system for different processes.

Union File System ( UFS) – The Union file system also called a Union Mount allows multiple file systems to be overlaid, appearing as a single files System to the user. Docker supports several UFS implementations AUFS, BTRFS, ZFS and others. The installed UFS system can be identified by running the Docker info command and checking the storage information. On my system the storage driver is aufs. Docker images are made up of multiple layers.. Each instruction adds a layer on top the existing layers. when a container is built , Docker adds a read write file system on top of these layers along with other settings.


The combination of the above technologies allowed the development of Linux Containers(LXC) which is a precursor to Docker.

Docker has two man components based on client server design communicating using HTTP. It also has an image store/repository.

Docker CLI – The Docker client or CLI is used to operate or control the Docker Daemon. The client may run on the container host or on remote client connected to the container host through http.

Docker Daemon – The Docker daemon is the middleware that runs, monitors and orchestrates containers.It works with the Docker CLI to build, ship and run containers. The user interacts with the Docker daemon through the Docker clinet

Docker Registry – This is a registry of images. It contains images, layers and metadata about the images.   Docker hub is a public registry which hosts thousands of public images.