Docker is a platform for building, shipping, and running applications inside containers — lightweight, isolated environments that package your code together with everything it needs to run (libraries, config, runtime). This means your app behaves the same whether it’s running on your laptop, a colleague’s machine, or a production server.
The core problem Docker solves: “It works on my machine.” By bundling the application and its environment together, Docker eliminates dependency conflicts and environment drift.
The Component Processes of Docker
Docker has three main component layers:
You
│
▼
[docker CLI] ← you type commands here
│
▼
[dockerd daemon] ← does the actual work (runs as a background service)
│
▼
[Registry] ← remote store for images (e.g. Docker Hub)
- CLI (
docker) — the interface you interact with - Daemon (
dockerd) — the engine that manages containers, images, networking, and storage - Registry — a repository of pre-built images you can pull down and run
Docker Fundamentals
There are 4 primitives in docker:
- Images - immutable, read-only filesystem and config
- Containers - running instance of image
- Volumes - persistent storage for containers
- Networks - linking containers in networks
Images — The Templates
An image is an immutable, read-only package containing your application’s filesystem and configuration. Think of it as a snapshot or template.
| Concept | What it is |
|---|---|
| Image | The static package — code, runtime, dependencies |
| Dockerfile | The recipe that defines how to build the image |
| Layer | Each Dockerfile instruction creates a cached filesystem diff; layers stack to form the image |
| Base image | The starting point (FROM ubuntu:22.04) — usually an OS or runtime |
| Tag | A human-readable label (nginx:1.25) — mutable, can be reassigned |
| Digest | The true identity — a content hash (sha256:abc123) that never changes |
Key commands:
docker build -t myapp:latest . # build from Dockerfile in current directory
docker pull nginx:1.25 # download an image
docker push myapp:latest # upload to a registry
docker images # list local images
docker image rm myapp:latest # delete a local imageSee also: docker images under the hood, dockerfile
Containers — The Running Processes
A container is a live, running instance of an image. You can run many containers from the same image simultaneously.
| Concept | What it is |
|---|---|
| Container | An isolated, running process with its own filesystem, network, and PID namespace |
| PID 1 | The main process inside the container — if it exits, the container stops |
| Lifecycle | create → start → stop → rm |
Key commands:
docker run nginx # create and start a container
docker run -d -p 8080:80 nginx # detached, with port mapping
docker ps # list running containers
docker ps -a # include stopped containers
docker stop <container> # stop gracefully (SIGTERM → SIGKILL)
docker exec -it <container> bash # open a shell inside a running container
docker logs -f <container> # stream container output
docker rm <container> # delete a stopped containerSee also: docker containers under the hood
Volumes — Storage
Containers are ephemeral by default — any data written inside is lost when the container is removed. Docker provides three ways to persist or share data:
| Type | Description | Use when |
|---|---|---|
| Volume | Docker-managed storage (/var/lib/docker/volumes) | Default choice — portable and easy to back up |
| Bind mount | Maps a host path directly into the container | Local development — see live file changes |
| tmpfs | RAM-only, disappears on stop | Sensitive or temporary data you don’t want on disk |
docker volume create mydata
docker run -v mydata:/app/data nginx # named volume
docker run -v /host/path:/app/data nginx # bind mountSee also: docker volumes under the hood
Networks — Connecting Containers
Docker provides several network drivers depending on how containers need to communicate:
| Driver | Description |
|---|---|
| Bridge (default) | Containers on the same bridge can reach each other by name; isolated from host |
| Host | Removes network isolation — container shares the host’s network stack directly |
| Overlay | Spans multiple Docker hosts; used in Swarm/cluster deployments |
Port mapping exposes a container’s port on the host:
docker run -p 8080:80 nginx # HOST:CONTAINER port mapping
docker network create mynet
docker run --network mynet nginxSee also: docker networks under the hood
Inspection & Operations
| Command | What it does |
|---|---|
docker inspect <target> | Dumps full JSON config for a container, image, or network |
docker stats | Live view of CPU, memory, and network usage per container |
docker system df | Shows disk usage broken down by images, containers, and volumes |
docker system prune | Remove all stopped containers, unused networks, dangling images |
| docker system prune -a | Also remove unused images (not just dangling ones) |