The modern container revolution started with Docker and its eponymous Docker Engine. Docker Engine is the runtime and tooling that enables container applications, defined by a dockerfile, to run on top of a host operating system in an isolated “container” section.
“We are here because of docker engine,” Maink Taneja, Sr Product Manager at Docker said in a session at the Dockercon Europe conference.
The Docker Engine in 2018 isn’t the same technology it was when Docker first started. Rather, it has evolved significantly in recent years and is now based on the containerd container runtime at the core.
So what actually is the modern Docker Engine architecture?
As per the above image, the most basic level of Docker Engine today is runc, which is an open-source implementation of the Open Container Initiative (OCI) runtime. On top of runc is containerd, a project that is now hosted by the Cloud Native Computing Foundation (CNCF), which is also the home of the Kubernetes container orchestration project.
Beyond just a basic runtime that enables container applications to run, the Docker Engine also includes SwarmKit, which is Docker’s own container orchestration system. Additionally, Docker Content Trust, powered by the CNCF Notary project, is part of the engine and provides a system for cryptography signing and authorizing container images.
Networking is directly included via the libnetwork plugin, and storage management is a directly integrated feature as is log management.
Breaking Down containerd
Within containerd itself, there are three core elements: container execution, image management and the container filesystem.
The most recent version of containerd that is part of Docker Engine is version 1.2. Among the features added in containerd 1.2 is a runtime shim that enables different runtimes to be operated from containerd.
Docker Engine 18.09
In the latest Docker Engine 18.09 Community Edition update there have been multiple build improvements, including performance boosts that enable parallel application build stages.
Additionally, Docker 18.09 now supports build-time secrets. Secrets are defined passwords and access tokens needed for different services. With build-time secrets there is now the option to provide secrets to the container at build time when needed. The secrets are never stored directly in the container, and the secrets are not leaked to the rest of the container cluster either.
The stable version of Docker Engine Community Edition is released twice a year, while the Enterprise edition is updated once a year.
The most recent Docker Engine CE release is version 18.09, with the next scheduled releases set to come in March 2018 with Docker Engine CE 19.03, which also aligns with the next Enterprise Edition update.
Each Docker Engine CE release is supported for one month after the successive release, while each Enterprise Edition update is supported for 18 months after the next release.
Sean Michael Kerner is a senior editor at ServerWatch and InternetNews.com. Follow him on Twitter @TechJournalist.