Docker Introduction

Docker

*Akhil Kumar's photo
*Akhil Kumar
·

5 min read

Run Context Flow of a Request When Executing Docker Commands

When you type a docker command, the request flows through multiple layers before the command is executed. Understanding this flow helps diagnose issues, optimize performance, and improve security.

🔹 Context Flow of a Docker Command Execution

Let's break down what happens when you run a typical Docker command, such as:

shCopyEditdocker run -d -p 8080:80 --name mycontainer myimage

1️⃣ CLI (Command Line Interface) Processing

  • The Docker CLI parses the command and validates syntax.

  • If the command is incorrect, the CLI returns an error immediately.

  • Otherwise, it sends the request to the Docker Daemon.

2️⃣ Communication with Docker Daemon

  • The CLI communicates with the Docker Daemon (dockerd) via:

    • UNIX socket (/var/run/docker.sock) on Linux/macOS.

    • Named pipe (npipe:////./pipe/docker_engine) on Windows.

    • TCP connection if the daemon is remote (DOCKER_HOST is set).

  • The Daemon processes the request and checks:

    • Does the container name (mycontainer) already exist?

    • Is the requested image (myimage) available locally?

    • If not, does it need to pull the image from a registry?

3️⃣ Image Resolution & Pulling

  • If the image (myimage) is not found locally, Docker pulls it from:

    • The Docker Hub (default).

    • A private registry (if configured).

    • A local cache (if available).

  • If the image is available locally, Docker skips the pull and proceeds.

4️⃣ Container Creation & Configuration

Docker prepares the container environment by:

  • Allocating a unique container ID.

  • Assigning a namespace (to isolate processes, networking, and mounts).

  • Setting up networking (bridge, host, or custom).

  • Setting up volumes or bind mounts.

  • Mapping ports (8080 → 80 in this case).

  • Defining environment variables (if passed with -e).

  • Assigning a cgroup for resource limits (CPU, memory).

5️⃣ Container Start & Execution

  • Docker initializes the container runtime (like runc).

  • It creates the root filesystem based on the image layers.

  • The entrypoint or command in the image is executed inside an isolated process.

Example of what happens internally:

shCopyEdit/usr/bin/docker-runc exec -d mycontainer /bin/sh -c "start-command"

6️⃣ Container Lifecycle Management

  • The container is now running.

  • The process runs inside a sandboxed environment.

  • Docker manages logs, health checks, and networking.

  • If the container crashes or stops, Docker follows the defined restart policy (--restart flag).

7️⃣ Output & Response to CLI

  • If the command is successful:

    • The Docker daemon returns the container ID to the CLI.

    • If running in interactive mode (-it), the CLI attaches to the container’s STDOUT/STDERR.

  • If there’s an error, Docker provides an error message (e.g., image not found, port conflict).

🔹 Summary of the Request Flow

  1. CLI Parsing → Validates command and sends request.

  2. Daemon Communication → Sends request over UNIX socket/TCP.

  3. Image Handling → Pulls image if not found locally.

  4. Container Creation → Sets up filesystem, networking, volumes, cgroups.

  5. Container Execution → Runs entrypoint and executes the process.

  6. Lifecycle Management → Monitors logs, crashes, and health.

  7. CLI Response → Returns container ID, logs, or errors.

🔹 Example: Docker Run with Debug Mode

To see this context flow in action, you can use Docker’s debug mode:

shCopyEditDOCKER_HOST=unix:///var/run/docker.sock DOCKER_CLI_TRACE=1 DOCKER_CLI_DEBUG=1 docker run -d -p 8080:80 --name mycontainer myimage

  • DOCKER_CLI_TRACE=1 → Traces CLI-to-daemon communication.

  • DOCKER_CLI_DEBUG=1 → Shows detailed logs of the execution.

💡 Key Takeaways

  • Every docker command flows through the CLI → Daemon → Container Runtime.

  • Docker manages networking, storage, and execution in an isolated environment.

  • Debugging the execution flow can help resolve issues like:

    • Image not found

    • Port conflicts

    • Mounting issues

    • Network failures

Docker Bind Mounts vs. Volumes

Both bind mounts and volumes are used in Docker to persist data, but they have different use cases, benefits, and performance considerations.

1. Bind Mounts

A bind mount is a direct mapping of a file or directory on the host machine to a container.

How It Works

  • Uses an existing directory or file on the host.

  • The container accesses the same data directly from the host’s filesystem.

  • Changes in the container are reflected in the host and vice versa.

Syntax

shCopyEditdocker run -v /host/path:/container/path myimage

or (newer syntax):

shCopyEditdocker run --mount type=bind,source=/host/path,target=/container/path myimage

Pros

✅ Simple and fast since it directly uses the host’s filesystem.
✅ Useful for development when you want files to sync between host and container.

Cons

❌ Tightly coupled to the host machine’s directory structure.
❌ Less portable (paths may not exist on different hosts).
❌ Less secure (gives direct access to host files).

2. Volumes

A volume is a Docker-managed storage system that persists data independently of the container.

How It Works

  • Stored in /var/lib/docker/volumes/ on the host.

  • Not directly tied to a specific host path (Docker manages it).

  • Data persists even if the container is deleted.

Syntax

Creating a volume:

shCopyEditdocker volume create myvolume

Using a volume in a container:

shCopyEditdocker run -v myvolume:/container/path myimage

or (newer syntax):

shCopyEditdocker run --mount type=volume,source=myvolume,target=/container/path myimage

Pros

✅ More portable (works across different hosts).
✅ Better security (isolated from host filesystem).
✅ Docker manages volume lifecycle.

Cons

❌ Slightly more complex than bind mounts.
❌ Takes up disk space even after containers are removed (until manually deleted).

Key Differences

FeatureBind MountsVolumes
Managed by Docker❌ No✅ Yes
Requires existing host path✅ Yes❌ No
Data persists after container removal✅ Yes (if host path exists)✅ Yes
Security❌ Less secure✅ More secure
Performance🔹 Can be slow (depends on filesystem)🚀 Optimized by Docker
Best forDevelopment, host file syncProduction, containerized apps

When to Use What?

  • Use Bind Mounts when:

    • You need real-time sync with files on the host (e.g., development).

    • You want direct control over the files in your host.

  • Use Volumes when:

    • You need persistent storage for a production app.

    • You want portability across different machines.

    • You need better security and performance.

🚨 Important: Avoid sending unnecessary files to the build context (use .dockerignore to exclude files).

docker imagesDockerfiledocker-volumedocker-networkmultistage docker builddistroless image