If you feel overwhelmed by the breakdown of technologies Docker is built on, here is a cheat list to ease the pain 🙂
Just take a look at the new structure of the Docker platform. Many of its components are now offered as generalized components any one can use to build a new container framework and yet are used to build any new release of Docker open source free tools, as well as enterprise paid products.
This new structure is part of the OCI – Open Container Initiative driven projects.
Users of Docker tools should not experience any change in their work flows, yet system builders now have common stardard hooks they can use to stack their solutions into Docker and other container based frameworks.
- Moby is a standard framework for system builders to create customized containers based on Docker or other engines. Moby container images are called Assemblies and they usually contain a specific set of components such Infrakit, Linuxkit, Containerd, JDK, Java App.
- InfraKit is a toolkit for creating and managing self-healing infrastructure. InfraKit is designed to support setup and management of base infrastructure. For example, it can help you manage a system like a cluster or container orchestrator
- LinuxKit, a toolkit for building custom minimal, immutable Linux distributions. Linuxkit is a hardened minimized Linux image as the basis for building container images – based on minimized read-only Alpine Linux that is cryptographically verified and used for the initialization of a container. Linuxkit include a timer counter that triggers the refresh of your container image so you always run the latest most secure baseline and also reverse any changes an attacker may have caused to your container
- Containerd is the open source generalized replacement for dockerd daemon. It takes care of image retrieval, network name spaces, launching runC. Containerd includes a daemon exposing gRPC API over a local UNIX socket – much more robust that the REST API previous versions of Dockerd daemon was using.
- RunC is a CLI that activates the actual container engine required for our image: Docker, Rkt or others
- Notary is the mechanism that signs an verifies cryptographically the images in its registry.
- SwarmKit is a toolkit for orchestrating distributed systems at any scale. It includes primitives for node discovery, raft-based consensus, task scheduling and more. Swarmkit takes care of cluster maintenance including rotation of certificates.