A container is an isolated area of operating system (OS) with some resource limits imposed on it. Even though the terms container became sort of a buzzword recently, these semantics were available in very early versions of *nix operating systems. For example, chroot, FreeBSD jail, Solaris containers and many more.
Like previously mentioned, a container can simply break down into two components; an OS area that is operating in isolation and, a set of rules or limits applied to control/limit resource it can consume and access to it from outside of the isolated area. This essentially provides the flexibility of sharing OS and physical resources effectively among multiple applications and eventually this started becoming a popular way of shipping applications.
But, having only this container support was not very helpful for a few reasons. Building a container manually could be a challenging task and it is easy to misconfigure the container. Therefore, the container ecosystem needed a layer of abstraction.
Docker is one abstraction that is making use of containers very easy. Kernel primitives and Docker engine are the two components that provide this abstraction. As kernel primitives Docker uses namespaces, cgroups and layers of a unified file system.
When creating a container, what would happen is that the daemon will receive a request to create a container using a particular image as a web request. The Docker daemon will invoke a gRPC call in containerd to initialize the container. This task will be done according to Open Container Initiative specification. A runc process will task the responsibility and create the container and it will hand it over to a shim process for continuing it’s operations. As soon as the container is up and running, the runc process will terminate.
Once decent advantage of this decoupled docker architecture is that it is possible to turn off docker daemon and containerd daemon processes without affecting the running container in the machine. This is a huge advantage when it comes to upgrading the docker engine.