Introduction to Docker

Docker is an open-source platform that automates the deployment of applications inside lightweight, portable
containers. Containers bundle an application and all its dependencies into a single package, ensuring consistent
behavior across development, testing, and production environments. Developed to solve the “works on my
machine” problem, Docker has become a cornerstone of modern software workflows.

What Is Docker?

Docker provides an engine and tooling to build, ship, and run containers. Containers share the host operating
system kernel but remain isolated from one another, making them more efficient than full virtual machines.
With Docker, developers can package code, libraries, and configuration files into an immutable image that runs
identically on any system where Docker is installed.

Why Use Docker?

 Portability across environments without modification

 Consistency in application behavior from development to production
 Resource efficiency by sharing the host OS kernel instead of running multiple full OS instances
 Rapid scalability and orchestration with tools like Kubernetes or Docker Swarm
 Simplified dependency management and rapid provisioning of development sandboxes

Key Components of Docker

 Docker Engine: The core runtime that builds and runs containers
 Docker Images: Read-only templates defining the contents of a container
 Docker Containers: Runtime instances of images, encapsulating applications and their dependencies
 Docker Registry (e.g., Docker Hub): Centralized repositories for publishing and sharing images

Traditional Deployment vs Docker Deployment

Feature Traditional Deployment Docker Deployment

Environment Works on developer machine, may Runs identically on any Docker-enabled host
Consistency fail elsewhere
Resource Usage Requires separate full OS per app Shares host kernel; containers are
lightweight
Scalability Manual scaling; time-consuming Automated scaling with orchestration tools
Setup Time Complex configuration; lengthy Preconfigured containers; fast startup
setup
Dependency Prone to version conflicts Encapsulated dependencies within each
Management container
Portability Limited by OS and hardware Platform-agnostic; runs on any system with
Docker installed

History

Docker emerged in 2013 as a project of dotCloud (later renamed Docker, Inc.) to simplify application shipping
and deployment. It introduced containerization based on Linux kernel features—namespaces and cgroups—to
package applications with all their dependencies into portable, self-sufficient units called containers. Docker’s
first public release, Engine 0.1.0, debuted in March 2013, followed by rapid ecosystem growth including Docker
Compose, Swarm, and the official Docker Hub registry.

Geographic Reach

Docker has seen global adoption across all major regions—North America, Europe, Asia-Pacific, Latin
America, and Africa. Its cross-platform support for Linux, Windows, and macOS makes it accessible to
developers everywhere. Major cloud providers (AWS, Azure, GCP) offer native Docker integrations and
managed container services, enabling organizations to deploy Docker workloads in any data center or region
with minimal changes.

Benefits

 Consistent & isolated environments that eliminate “works on my machine” conflicts and ensure clean
teardown without leftover artifacts
 Portability that allows containers to move between on-premises servers, cloud instances, or developer
laptops without reconfiguration
 Resource efficiency by sharing the host OS kernel, enabling higher workload density with lower
overhead
 Scalability & rapid deployment—spinning up or down containers takes seconds, supporting dynamic
scaling and continuous delivery
 Rich ecosystem & tooling, including Compose for multi-container apps, Swarm/Kubernetes for
orchestration, and Docker Hub for image distribution

Why It’s Widely Used

 Solves environment drift by packaging code with libraries and configurations once, running the same
everywhere
 Accelerates CI/CD by enabling automated pipelines to build, test, and deploy container images
consistently
 Enables microservices by breaking monoliths into independently deployable services for better
maintainability and fault isolation
 Aligns with cloud-native architectures and serverless platforms through lightweight, stateless
containers
 Benefits from a broad open-source community and enterprise-grade container platforms and registries

Docker Architecture

Overview

Docker employs a client–server architecture to build, ship, and run containers. The Docker client issues
commands (build, pull, run) via a REST API to the Docker daemon, which performs the heavy lifting—creating
and managing containers—and coordinates with other daemons for multi-host orchestration.

Key Components

1. Docker Client The primary user interface (docker <command>). Sends API requests over a UNIX
socket or network to one or more Docker daemons (e.g., docker build, docker pull, docker
run).
2. Docker Daemon (Engine) A background service (dockerd) that listens for API requests. Manages
images, containers, networks, and volumes on the host and coordinates multi-host setups via Swarm or
Kubernetes integrations.
3. Docker Host The physical or virtual machine running the Docker daemon, including the Docker
Engine, image cache, running containers, user-defined networks, and storage volumes.
4. Docker Registry A repository for storing and distributing container images. Public registries (Docker
Hub) and private registries are supported.
o docker pull fetches images
o docker push uploads images
5. Docker Objects
o Images: Read-only templates composed of filesystem layers and metadata
o Containers: Runtime instances of images with a writable layer
o Networks: Virtual networks that enable container-to-container and container-to-host
communication
o Volumes: Persistent storage mounted into containers for data retention beyond container
lifecycles
Visual Architecture Diagram

text
+-------------------+ +-------------------+ +--------------------+
| Docker Client | --> | Docker Daemon | <-> | Docker Registry |
| (docker CLI) | HTTP| (dockerd) | API | (Docker Hub/ECR) |
+-------------------+ +-------------------+ +--------------------+
|
v
+----------------------------------------------+
| Docker Objects |
| +-----------+ +------------+ +----------+ |
| | Images | | Containers | | Volumes | |
| | (Layers) | | (Process) | | (Storage)| |
| +-----------+ +------------+ +----------+ |
| +---------------------------+ |
| | Networks | |
| | (bridge/host/overlay) | |
| +---------------------------+ |
+----------------------------------------------+

How Components Work Together

When you run:

bash
docker run -p 8080:80 nginx

1. The Docker Client sends the run command to the Docker Daemon.
2. The Daemon checks its local image cache; if nginx isn’t available locally, it pulls the image from
Docker Hub.
3. The Daemon creates a new container by allocating filesystem layers, network interfaces, and
CPU/RAM quotas, and maps host port 8080 to container port 80.
4. The container starts running in isolation from other containers and the host unless otherwise
configured.

What Is Docker Used For?

Docker is an open-source platform for creating, distributing, and running applications in containers. It ensures
that applications run reliably from one environment to another, simplifies scaling, and streamlines collaboration
by encapsulating dependencies and configurations.

Kubernetes vs Docker: The Difference You Must Know

Docker Container Kubernetes

Tool to deploy containers Container orchestration tool
Operates on a single node Operates across a cluster
No built-in auto-scaling or Provides auto-scaling & failover for containerized apps
failover
Excels in containerization Excels in orchestration
Basic networking functionality Sophisticated networking: service discovery, load balancing, policies

Docker Daemon

The Docker daemon (dockerd) is a persistent background process and the core component of the Docker
Engine. It listens for Docker API requests and manages images, containers, networks, and volumes.
Key functions of the Docker daemon:

 Listens for API requests from the Docker CLI and other clients
 Creates, starts, stops, and deletes containers; builds and pulls images; manages networks and volumes
 Communicates with other daemons in a Swarm setup to manage services
 Persists data (container configurations, image layers, volume data) under /var/lib/docker on
Linux
 Caches downloaded images to optimize subsequent container creation

Users interact with the Docker daemon indirectly through the Docker CLI, which sends commands via the
Docker API.

Docker CLI

The Docker Command-Line Interface (CLI) is the primary tool for interacting with the Docker daemon and
managing Docker resources. It provides commands for containers, images, networks, volumes, and other
components.

Docker Image Architecture

Image Layers (The Layered Filesystem)

Each Docker image is built from a series of immutable layers, stacked on top of each other using a union
filesystem and copy-on-write (CoW).

Key concepts:

 Layer: A filesystem change (e.g., adding a file, running a command).

 Union Filesystem: Combines all layers into a single unified filesystem.
 Copy-on-Write (CoW): Container changes create new layers, leaving the base image untouched.

Example:

dockerfile
FROM ubuntu:22.04 # Base layer (Layer 1)
RUN apt-get update # Layer 2
RUN apt-get install -y curl# Layer 3
COPY [Link] /app/ # Layer 4
CMD ["python", "[Link]"] # Layer 5 (metadata)

Image Components

Component Description
Base Image The starting point (e.g., ubuntu:22.04, alpine)
Intermediate Layers Changes applied on top of the base image (RUN, COPY)
Image Manifest JSON file listing layers, architecture, and metadata
Image Config Defines container settings (CMD, ENTRYPOINT, environment)

How Docker Builds Images

1. Reads the Dockerfile and starts with the FROM instruction.

2. Creates a temporary container and executes each instruction.
3. Generates a new layer for each successful step.
4. Removes the temporary container, keeping only the layers.
5. Finalizes the image by combining all layers and metadata.
Example build flow:

dockerfile
FROM python:3.9-slim # Pulls base image (if not cached)
WORKDIR /app # Creates a directory (new layer)
COPY . . # Adds files (new layer)
RUN pip install -r [Link] # Installs deps (new layer)
CMD ["python", "[Link]"] # Sets default command (metadata)

Image Storage & Caching

 Storage locations:
o Linux: /var/lib/docker/overlay2/ (default)
o Windows: C:\ProgramData\docker\windowsfilter\
 Layer caching: Docker caches each layer during build. If a step hasn’t changed, Docker reuses the
cached layer. Changing any instruction invalidates subsequent layers.

Optimization tip:

dockerfile
# Bad: cache busts if any file changes
COPY . .
RUN pip install -r [Link]

# Good: cache-friendly (install deps first)

COPY [Link] .
RUN pip install -r [Link]
COPY . .

Image Distribution (Registries)

Docker Hub (Default Registry)

Stores public and private images.

bash
docker pull nginx:latest # Pull an image
docker tag my-image user/repo:tag
docker push user/repo:tag # Push an image

Private Registries

 Self-hosted: Harbor, AWS ECR, Google Container Registry

 Enterprise: JFrog Artifactory, Nexus

Image vs. Container

Docker Image Docker Container

Read-only template Runnable instance of an image
Composed of immutable layers Adds a writable layer (ephemeral)
Stored in registries or on disk Lives in memory while running
Created via docker build Created via docker run

Key Commands for Image Management

Command Description
 docker build -t my-image . Builds an image from a Dockerfile
docker images Lists local images
docker rmi <image> Deletes a local image
docker history <image> Shows image layers
docker save -o [Link] my-image Exports image as a tar file
docker load -i [Link] Imports image from a tar file

Visual Representation: Docker Image Layers

text
+---------------------+
| Layer 4 | (CMD ["python", "[Link]"])
+---------------------+
| Layer 3 | (COPY [Link] /app/)
+---------------------+
| Layer 2 | (RUN pip install -r [Link])
+---------------------+
| Layer 1 | (FROM python:3.9-slim)
+---------------------+

Image → Container:

+---------------------------+
| Container Layer | (Writable, stores runtime changes)
+---------------------------+
| Image Layers (immutable) |
+---------------------------+

Working of Docker Images

text
[ Docker CLI ] ── sends “docker build/pull/run”
↓
[ Docker Daemon ] ── orchestrates build, storage, runtime
↓
[ Local Image Store ] ←── cached layers & manifests
↓
[ Container Runtime ] ── applies union FS, spins up containers

The Ultimate Dockerfile Guide: Complete Reference & Best Practices

Table of Contents

1. Basic Structure
2. Instructions Breakdown
3. Multi-Stage Builds
4. Best Practices
5. Complete Example

1. Basic Structure

A Dockerfile is a text file containing sequential commands to build a Docker image.

dockerfile
# Comment
INSTRUCTION arguments
Instruction Purpose
FROM Sets base image or names a build stage
 ARG Declares a build-time variable
ENV Defines environment variables
LABEL Attaches metadata to the image
SHELL Configures the shell for RUN instructions
WORKDIR Sets working directory for subsequent instructions
ADD Copies files, directories, or remote URLs and auto-extracts archives
COPY Copies files and directories
RUN Executes commands inside the image
ONBUILD Registers instructions to run in child images
EXPOSE Documents container ports
VOLUME Specifies mount points for persistent or shared data
HEALTHCHEC Defines a command to verify container health
K
STOPSIGNAL Sets the system call signal for container termination
USER Switches user for subsequent instructions
ENTRYPOINT Configures a fixed command that always runs on container start
CMD Provides default arguments to the ENTRYPOINT command

2. Instructions Breakdown

FROM

dockerfile
FROM <image>[:<tag>] [AS <name>]

 Purpose: Sets the base image

 Best Practices: Use official images (e.g., python:3.9-slim); specify exact versions instead of
latest

RUN

dockerfile
RUN <command> # shell form
RUN ["executable","param"] # exec form

 Purpose: Executes commands during build

 Best Practices: Chain commands with && to reduce layers; clean up after installs

CMD vs ENTRYPOINT

Instruction Format Overridable? Purpose

CMD CMD ["exec","param"] Yes Default container command
ENTRYPOINT ENTRYPOINT ["exec","param"] Harder Container's main executable

Combination example:

dockerfile
ENTRYPOINT ["python"]
CMD ["[Link]"] # Overridable: docker run my-image [Link]

COPY vs ADD

Instructio Capabilities When to Use

n
COPY Basic file copying Most cases
ADD URL downloads, tar extraction When needed
dockerfile
COPY . /app
ADD [Link] /tmp

WORKDIR

dockerfile
WORKDIR /path/to/dir

 Purpose: Sets working directory for subsequent instructions

 Best Practices: Use absolute paths; set early in the Dockerfile

EXPOSE

dockerfile
EXPOSE <port> [<port>/<protocol>]

 Purpose: Documents which ports the container listens on (does not publish ports)
 Note: Use -p with docker run to publish ports

ENV

dockerfile
ENV KEY=value ...

 Purpose: Sets environment variables

 Best Practices: Use for configuration; group related variables

ARG

dockerfile
ARG <name>[=<default>]

 Purpose: Build-time variables (not available in runtime containers)

VOLUME

dockerfile
VOLUME ["/data"]

 Purpose: Declares persistent storage locations

 Best Practices: Use for databases and logs; prefer docker run -v for flexibility

USER

dockerfile
USER <user>[:<group>]

 Purpose: Runs subsequent commands as the specified user

 Best Practices: Avoid running as root; create a dedicated user

HEALTHCHECK

dockerfile
HEALTHCHECK [OPTIONS] CMD <command>
  Purpose: Container health monitoring

LABEL

dockerfile
LABEL key="value" [key="value" ...]

 Purpose: Adds metadata to images

3. Multi-Stage Builds

Multi-stage builds reduce final image size by discarding build dependencies.

dockerfile
# Stage 1: Build
FROM node:18 AS builder
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build

# Stage 2: Runtime
FROM nginx:alpine
COPY --from=builder /app/dist /usr/share/nginx/html
EXPOSE 80

Benefits:

 Final image contains only runtime essentials

 Smaller size = faster deployments
 Better security by excluding build tools

Dockerfile Template

dockerfile
# syntax=docker/dockerfile:1.4
ARG BASE_IMAGE=node:18-alpine
FROM ${BASE_IMAGE} AS builder

LABEL maintainer="Vaibhav <vaibhav@[Link]>"

LABEL version="1.0"
LABEL description="Example multi-stage Dockerfile covering all
instructions"

ARG APP_ENV=production
ARG API_URL
ARG BUILDKIT_INLINE_CACHE=1

ENV NODE_ENV=${APP_ENV}
ENV API_URL=${API_URL:-[Link]

SHELL ["/bin/bash","-o","pipefail","-c"]

WORKDIR /app

ADD [Link] /tmp/

RUN tar -xzf /tmp/[Link] -C /etc/myapp
COPY [Link] [Link] ./
RUN npm ci --only=production && npm cache clean --force

COPY . .

ONBUILD COPY . /usr/src/app

ONBUILD RUN echo "Running ONBUILD for environment: $NODE_ENV"

EXPOSE 3000/tcp
VOLUME ["/data"]

HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \

CMD curl -f [Link] || exit 1

STOPSIGNAL SIGTERM

RUN addgroup --system appgroup && adduser --system appuser --ingroup

appgroup
USER appuser

ENTRYPOINT ["npm", "start"]

CMD ["--", ""]

Docker Cheatsheet

A quick reference for essential Docker CLI commands.

1. Container Management

Command Description
docker run --name myapp -d nginx:alpine Create and start a container in detached mode
docker run -it ubuntu bash Run a container interactively with a terminal
docker start <container> Start an existing container
docker stop <container> Stop a running container
docker restart <container> Restart a container
docker rm <container> Remove a stopped container
docker rm -f <container> Force remove a running container
docker ps List running containers
docker ps -a List all containers (including stopped)
docker logs <container> View container logs
docker logs -f <container> Follow container logs in real time
docker exec -it <container> bash Enter a running container
docker cp <container>:<path> <host> Copy files from container to host
docker stats <container> Live container resource usage

2. Image Management

Command Description
docker build -t myapp:1.0 . Build an image from a Dockerfile
docker pull node:18-alpine Download an image from a registry
docker push myrepo/myapp:latest Upload an image to a registry
docker images List local images
docker rmi <image> Remove a local image
docker image prune -a Remove unused images
docker save -o [Link] myapp:1.0 Save an image as a tar file
docker load -i [Link] Load an image from a tar file
docker history <image> Show an image’s layer history
 docker tag myapp:1.0 myrepo/myapp:2.0 Tag an image

3. Network Management

Command Description
docker network ls List all Docker networks
docker network create mynet Create a custom network
docker network rm mynet Remove a network
docker network inspect bridge Inspect a network’s details
docker run --network mynet myapp Connect a container to a network

4. Volume Management

Command Description
docker volume ls List all volumes
docker volume create myvol Create a named volume
docker volume rm myvol Remove a named volume
docker run -v myvol:/data myapp Mount a named volume into a
container
docker run -v /host/path:/container/path Bind-mount a host directory
myapp

5. Docker Compose

Example [Link]:

yaml
version: '3.8'
services:
web:
image: nginx
ports:
- "80:80"
db:
image: postgres
environment:
POSTGRES_PASSWORD: secret
Command Description
docker compose up -d Start services in the background
docker compose down Stop and remove containers
docker compose logs View service logs
docker compose build Rebuild images defined in Compose

6. System Cleanup

Command Description
docker system prune Remove unused containers and networks
docker system prune -a Remove unused containers, networks, and images
docker volume prune Remove unused volumes

7. Dockerfile Essentials

Sample optimized Dockerfile:

dockerfile
FROM python:3.9-slim
WORKDIR /app
COPY [Link] .
RUN pip install --no-cache-dir -r [Link]
COPY . .
CMD ["python", "[Link]"]

Key instructions:

 FROM – Base image

 COPY – Add files
 RUN – Execute commands
 EXPOSE – Document ports
 CMD – Default command