dockerd、docker.sock

一、docker的架构 

Docker 使用客户端-服务器 (C/S) 架构模式，使用远程API来管理和创建Docker容器。

二、组件

1、rpm -ql docker-ce

/usr/bin/docker-init
/usr/bin/docker-proxy
/usr/bin/dockerd
/usr/lib/systemd/system/docker.service
/usr/lib/systemd/system/docker.socket

docker-init ：

init为true启用，旨在在容器内运行docker-init进程来处理信号转发和回收进程

docker-proxy：端口映射

ps aux | grep docker
root      1420  0.0  0.6 1973052 101600 ?      Ssl  6月21   0:26 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root      1994  0.0  0.1 973048 17576 ?        Sl   6月21   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8080 -container-ip 172.17.0.2 -container-port 8080
root      2001  0.0  0.0 964596 14704 ?        Sl   6月21   0:00 /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 8080 -container-ip 172.17.0.2 -container-port 8080
root      2017  0.0  0.0 890608 11472 ?        Sl   6月21   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 3000 -container-ip 172.17.0.3 -container-port 3000
root      2024  0.0  0.0 964340 13440 ?        Sl   6月21   0:00 /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 3000 -container-ip 172.17.0.3 -container-port 3000
root      2044  0.0  0.0 964340 13504 ?        Sl   6月21   0:01 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9115 -container-ip 172.17.0.4 -container-port 9115
root      2060  0.0  0.0 964340 13500 ?        Sl   6月21   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.17.0.5 -container-port 80
root      2067  0.0  0.1 898804 17548 ?        Sl   6月21   0:00 /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.17.0.5 -container-port 80
root      2086  0.0  0.0 964340 13436 ?        Sl

dockerd：Docker守护进程（Docker daemon）

# dockerd
INFO[2022-06-23T13:52:14.105179617+08:00] Starting up
failed to start daemon: pid file found, ensure docker is not running or delete /var/run/docker.pid

[root@zjz ~]# dockerd --help

Usage:	dockerd [OPTIONS]

A self-sufficient runtime for containers.

Options:
      --add-runtime runtime                     Register an additional OCI compatible runtime (default [])
      --allow-nondistributable-artifacts list   Allow push of nondistributable artifacts to registry
      --api-cors-header string                  Set CORS headers in the Engine API
      --authorization-plugin list               Authorization plugins to load
      --bip string                              Specify network bridge IP
  -b, --bridge string                           Attach containers to a network bridge
      --cgroup-parent string                    Set parent cgroup for all containers
      --config-file string                      Daemon configuration file (default "/etc/docker/daemon.json")
      --containerd string                       containerd grpc address
      --containerd-namespace string             Containerd namespace to use (default "moby")
      --containerd-plugins-namespace string     Containerd namespace to use for plugins (default "plugins.moby")
      --cpu-rt-period int                       Limit the CPU real-time period in microseconds for the parent cgroup for all containers
      --cpu-rt-runtime int                      Limit the CPU real-time runtime in microseconds for the parent cgroup for all containers
      --cri-containerd                          start containerd with cri
      

docker.service：docker 服务启动配置文件

另外还有一个 docker service，是docker服务，不同于docker容器，容器是独立的且不具备扩缩容能力，服务是集群里的容器，服务可以一键动态的扩缩容。

docker service --help

Usage:  docker service COMMAND

Manage services

Commands:
  create      Create a new service
  inspect     Display detailed information on one or more services
  logs        Fetch the logs of a service or task
  ls          List services
  ps          List the tasks of one or more services
  rm          Remove one or more services
  rollback    Revert changes to a service's configuration
  scale       Scale one or multiple replicated services
  update      Update a service

Run 'docker service COMMAND --help' for more information on a command.

/var/run/docker.sock：docker.sock 是docker client 和docker daemon 在localhost进行通信的socket文件

配置docker.sock

# cat /usr/lib/systemd/system/docker.socket
[Unit]
Description=Docker Socket for the API

[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target

2、rpm -ql docker-ce-rootless-extras

/usr/bin/dockerd-rootless-setuptool.sh
/usr/bin/dockerd-rootless.sh
/usr/bin/rootlesskit
/usr/bin/rootlesskit-docker-proxy

3、rpm -ql docker-ce-cli

/usr/bin/docker
/usr/libexec/docker/cli-plugins/docker-app
/usr/libexec/docker/cli-plugins/docker-buildx
/usr/share/bash-completion/completions/docker
/usr/share/doc/docker-ce-cli-20.10.15
/usr/share/doc/docker-ce-cli-20.10.15/LICENSE
/usr/share/doc/docker-ce-cli-20.10.15/MAINTAINERS
/usr/share/doc/docker-ce-cli-20.10.15/NOTICE
/usr/share/doc/docker-ce-cli-20.10.15/README.md
/usr/share/fish/vendor_completions.d/docker.fish
/usr/share/man/man1/docker-attach.1.gz
/usr/share/man/man1/docker-build.1.gz
/usr/share/man/man1/docker-builder-build.1.gz
/usr/share/man/man1/docker-builder-prune.1.gz
/usr/share/man/man1/docker-builder.1.gz
/usr/share/man/man1/docker-checkpoint-create.1.gz
/usr/share/man/man1/docker-checkpoint-ls.1.gz
/usr/share/man/man1/docker-checkpoint-rm.1.gz
/usr/share/man/man1/docker-checkpoint.1.gz
/usr/share/man/man1/docker-commit.1.gz
/usr/share/man/man1/docker-config-create.1.gz
/usr/share/man/man1/docker-config-inspect.1.gz
/usr/share/man/man1/docker-config-ls.1.gz
/usr/share/man/man1/docker-config-rm.1.gz
/usr/share/man/man1/docker-config.1.gz
/usr/share/man/man1/docker-container-attach.1.gz
/usr/share/man/man1/docker-container-commit.1.gz
/usr/share/man/man1/docker-container-cp.1.gz
/usr/share/man/man1/docker-container-create.1.gz
/usr/share/man/man1/docker-container-diff.1.gz
/usr/share/man/man1/docker-container-exec.1.gz
/usr/share/man/man1/docker-container-export.1.gz
/usr/share/man/man1/docker-container-inspect.1.gz