Docker Getting Started Guide — Core Concepts with Source Code Reference
Docker has become the de facto standard for container technology. It leverages Linux kernel features such as Namespaces and Cgroups to implement lightweight virtualization. With the evolution of the open-source ecosystem, Docker has split into multiple independent components with improved modularity. This article, based on the latest Docker ecosystem in 2025, walks you through its core principles along with corresponding source code locations, helping you understand its implementation in depth.
I. Core Concepts Behind Docker
1. Namespace
- Purpose: Isolates process IDs, network interfaces, mount points, hostnames, etc., to provide container-level isolation.
- Source Code:
runc/libcontainer/nsenter
2. Cgroups (Control Groups)
- Purpose: Limits container resource usage (CPU, memory, IO), ensuring fair allocation.
- Source Code:
Now maintained as an independent project:
containerd/cgroups
3. Union Filesystem (OverlayFS)
- Purpose: Combines multiple layers (read-only + writable) via copy-on-write to enable efficient storage and image builds.
- Source Code:
moby/moby/daemon/graphdriver/overlay2
4. chroot (Filesystem Isolation)
- Purpose: Restricts access to the root directory, improving security.
- Source Code:
runc/libcontainer/rootfs_linux.go
5. Container Runtime & Lifecycle Management
- containerd: Manages container lifecycle.
- runc: Handles container process creation and isolation.
-
Docker daemon: Exposes user-facing APIs and coordinates actions.
- Source Code:
6. Networking (libnetwork)
- Purpose: Handles virtual bridge networking, port mapping, and container communication.
- Source Code:
docker/libnetwork
II. Installation and Environment Setup
1. Prerequisites
- Linux kernel with Namespace and Cgroup support.
- Recommended distributions: CentOS, Ubuntu, Arch Linux, etc.
2. Installation Example (CentOS)
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io
sudo systemctl start docker
sudo systemctl enable docker
3. Configure User Permissions
Add the current user to the docker group to avoid using sudo:
sudo usermod -aG docker your_username
III. Recommended Mirror Registries (China)
IV. Common Docker Commands
docker run -it --rm alpine:3.4 # Launch an interactive temporary container
docker exec -it container_id sh # Enter a running container shell
docker ps # List running containers
docker images # List local images
docker pull image_name # Pull image from registry
docker push image_name # Push image to registry
docker rm container_id # Remove container
docker rmi image_name # Remove image
docker build -t myapp . # Build image from Dockerfile
V. Basic Dockerfile Example
FROM alpine:3.4
LABEL maintainer="your_email@example.com"
RUN apk add --no-cache curl
ENV MY_VAR=hello
COPY ./app /app
WORKDIR /app
EXPOSE 8080
CMD ["./app"]
VI. Docker Container Startup Workflow with Source Code Mapping
| Step | Description | Source Code |
|---|---|---|
docker run executed |
Docker daemon parses command, calls containerd | moby/moby |
| Container creation | Managed by containerd | containerd/containerd |
| Process isolation | runc sets up Namespace, Cgroups, chroot | opencontainers/runc |
| Filesystem mounting | OverlayFS stack setup | moby/moby/daemon/graphdriver/overlay2 |
| Network configuration | Handled by libnetwork | docker/libnetwork |
VII. Conclusion
Docker is fundamentally built on Linux container technology, powered by several modular and collaborative open-source projects including containerd, runc, and libnetwork. Its architecture is cleanly separated into components. Understanding the underlying source code improves your ability to operate and extend Docker effectively.