Docker Overview: What It Is, Architecture, Core Concepts, and Practical Usage Guide

What is Docker?

Docker is an open‑source application container engine written in Go. It allows developers to package an application and its dependencies into a portable image that can run on any Linux or Windows host.

Docker Architecture

Namespace

Namespaces isolate kernel resources such as process IDs, network interfaces, mount points, etc. Docker uses six namespaces (pid, net, mnt, ipc, uts, user) to achieve process isolation.

Cgroups

Cgroups (control groups) limit and prioritize CPU, memory, and I/O resources for a group of processes. Docker uses cgroups to enforce resource quotas on containers.

Union File System

The union file system provides layered, copy‑on‑write storage. Each Dockerfile instruction creates a read‑only layer; a writable layer is added on top when a container runs.

FROM busybox

COPY test /tmp/test

RUN mkdir /tmp/testdir

Client/Server Model

The Docker client (docker CLI or REST API) talks to the Docker daemon (dockerd). dockerd communicates with containerd via gRPC; containerd manages runC, which creates and runs OCI‑compatible containers.

Docker vs. Traditional Virtualization

Docker provides OS‑level virtualization, which is lighter and faster than hypervisor‑based VMs. Containers share the host kernel, start in seconds, and use resources on demand.

Core Concepts

Image

An image is a read‑only filesystem containing everything needed to run a container. Images can be built locally or pulled from registries.

Container

A container is a running instance of an image, consisting of a writable layer on top of the image’s read‑only layers.

Copy‑On‑Write

When a container modifies a file, the changed data is copied to the writable layer, leaving the original image unchanged.

Lifecycle

Containers go through create → start → pause → stop → delete states. Deleting an image requires that no container is using it.

Installation

Docker Desktop provides a Linux environment on macOS and Windows. Users can configure image accelerators (Aliyun, 163, Baidu) in the Docker Engine JSON.

Hello World Example (Koa Server)

Steps to create a simple Koa application, write a Dockerfile, build the image, and run the container.

# Create project folder
mkdir koa-server
cd koa-server
npm init -y
npm i koa
touch app.js
# app.js content
const Koa = require('koa')
const app = new Koa()
app.use(ctx => { ctx.body = 'hello koa' })
app.listen(3000, () => { console.log('run server__') })

# Dockerfile
FROM node:12.20.1
COPY . /app
WORKDIR /app
RUN npm i
EXPOSE 3000

# Build image
docker image build -t koa-server-image .
# Run container
docker container run -p 3000:3000 -it koa-server-image /bin/bash

Container Migration

Export a container with docker export to a tar file and import it on another host, turning it into an image that can be run again.

docker export busybox > busybox.zip
docker import busybox.zip busybox:test
docker run -it busybox:test sh