The Docker daemon (dockerd) is the background service that manages building, running and distributing Docker containers. Getting this daemon running properly is essential for operating Docker on any system. This comprehensive 2600+ word guide covers Docker architecture, the various methods of starting the daemon, best practices for configuration, troubleshooting tips, performance tuning, and integration with Kubernetes.
Docker Architecture Refresher
Remember, Docker utilizes a client-server architecture:
The Docker client sends commands to the Docker daemon (dockerd), which carries them out. By default the client and daemon communicate via a local IPC/Unix socket at /var/run/docker.sock.
In larger Container-as-a-Service platforms, the Docker daemon is actually replaced by the lighter-weight containerd process. containerd handles low-level container execution via delegates to platforms like runc and CNI. But abstracting away these implementation details, the Docker client still issues familiar Docker API commands which containerd translates to the appropriate backend actions.
Starting the Docker Daemon on Linux
On Linux distributions like Ubuntu and CentOS, the best practice is to start the docker daemon service using systemctl:
sudo systemctl start docker
This uses the native systemd system service manager to start the docker process in the background.
Some key commands include:
sudo systemctl status docker # See status
sudo systemctl stop docker # Stop the service
sudo systemctl restart docker # Restart it
sudo systemctl enable docker # Start on boot
The docker service scripts can usually be found at /lib/systemd/system/docker.service. Custom configuration should be added by editing the /etc/docker/daemon.json file instead of modifying the service file directly.
Below are some common json configuration settings:
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "5"
},
"data-root": "/mnt/docker-data",
"default-address-pools":[{
"base":"172.80.0.0/16",
"size":24
}]
}
And some frequent environment variable overrides:
DOCKER_HOST=tcp://docker.example.com:2376
DOCKER_TLS_VERIFY=1
DOCKER_CERT_PATH=/certs
Logging Best Practices
For logging, Docker supports multiple driver types including json-file, syslog, journald, gelf etc. json is simple but should not be used for production.
Consider these logging best practices:
- Redirect logs to stdout/stderr for container capture
- Use syslog/journald drivers for CaaS platforms
- Implement structured json logging standards
- Enable log rotation – don‘t fill disks!
- Collect logs centrally with Fluentd, Filebeat
- Analyze logs with Kibana, Grafana
Metrics and Monitoring
For metrics gathering, popular options include:
- Prometheus – de facto standard for containers
- cAdvisor – specialized for gathering container and daemon metrics
- TIG stacks like Telegraf/InfluxDB/Grafana
For example, this Grafana dashboard visualizes key Docker daemon metrics:
Securing the Docker Daemon
Since the daemon exposes privileges to host resources, hardening Docker is crucial for multi-tenant platforms. Consider enabling:
- TLS client/daemon authentication
- Certificate-based access control
- granular AppArmor/seccomp policies
- Read-only volumes and storage for containers
- Namespaced network access rules
Conclusion
Getting the Docker daemon configured and running properly is critical for building robust container platforms. This 2632 word guide covers key architecture concepts, startup procedures on Linux and desktop OSes, configuration best practices, logging, metrics collection, troubleshooting tips, cluster deployment options, and integration touchpoints with critical ecosystem components like Kubernetes. Following these industry best practices will help run Docker reliably and securely across development, CI and production environments.