Unlock Docker: Core Concepts, Architecture, and Practical Commands

What is Docker?

Docker is an open‑source container engine developed by Docker Inc., built on LXC technology, written in Go, and released under the Apache 2.0 license.

Developers can build an application once and run it consistently anywhere; operations teams can configure a server once and run any application on it.

Docker Architecture

Docker follows a client‑server model. The Docker client communicates with the Docker daemon, which performs the heavy lifting of building, running, and distributing containers. Both can run on the same host or the client can connect to a remote daemon via sockets or a RESTful API.

Difference from Traditional Virtual Machines

Traditional VMs virtualize hardware and include a full operating system for each instance, making them larger and fewer per host. Docker containers share a single OS kernel, are much lighter, and allow hundreds of isolated environments on a single host.

Advantages and Features

Standardized application delivery across platforms.

Fast deployment and startup (seconds vs. minutes).

Facilitates SOA/micro‑service architectures through service orchestration.

Lightweight and low‑cost; thousands of containers per host.

Seamless integration with continuous integration pipelines.

Secure isolation of execution environments.

Separate file systems for each container.

Resource isolation via cgroups (CPU, memory, etc.).

Network isolation with virtual interfaces and namespaces.

Rich ecosystem of public images.

Key Concepts and Terminology

Docker Client : User interface that talks to the Docker daemon.

Docker Daemon : Core background process handling container operations.

Docker Index : Central registry for public and private images.

Docker Containers : Runtime instances containing the application, its files, and metadata.

Docker Images : Read‑only templates used to create containers.

Dockerfile : Script of instructions to automatically build an image.

Installation

Docker Engine is available for Windows, macOS, and most Linux distributions.

Example installation script (Ubuntu/CentOS): curl -sSL https://get.daocloud.io/docker | sh Enable and start the service:

sudo chkconfig docker on

sudo systemctl start docker

Repositories

A repository stores image files. Registries host multiple repositories, each containing many tagged images. Repositories can be public (e.g., Docker Hub) or private. Chinese mirrors such as 时速云, 网易云, 阿里云, and DaoCloud can accelerate pulls.

Users can create private repositories and push/pull images with docker push and docker pull.

Images

An image is a collection of files, not a full operating system. It can be as small as a single compiled binary or as large as a base Linux distribution. Images are built from a Dockerfile and serve as the foundation for containers.

Common Docker Commands

docker images

– List local images. docker info – Show system information. docker commit -m -a – Commit changes to an image. docker build – Build an image from a Dockerfile. docker import – Import a local image. docker search – Search images in a registry. docker push – Push an image to a registry. docker pull – Pull an image from a registry. docker save -o <file> <image> – Export an image. docker load < <file> – Load an exported image. docker rmi – Remove an image. docker attach – Attach to a running container’s stdin. docker history – Show image history.

Dockerfile Instructions

Dockerfile is a plain‑text file containing a series of instructions used by docker build to create an image. Key instructions include:

FROM FROM <image>[:<tag>] – Set the base image (must be first line).

MAINTAINER MAINTAINER <name> – Specify the image author.

RUN RUN <command> – Execute a command in a new intermediate container and commit the result.

CMD CMD ["executable", "param1"] – Default command executed when the container runs.

EXPOSE EXPOSE <port> – Document the ports the container listens on.

ENV ENV <key> <value> – Set environment variables.

ADD ADD <src> <dest> – Copy files or URLs into the image.

COPY COPY <src> <dest> – Copy files from the build context (no URL support).

ENTRYPOINT ENTRYPOINT ["executable", "param1"] – Set the container’s entry point.

VOLUME VOLUME ["path"] – Define a mount point for external storage.

USER USER <username|uid> – Specify the user for subsequent commands.

WORKDIR WORKDIR /path/to/dir – Set the working directory.

ONBUILD ONBUILD [INSTRUCTION] – Register instructions to run when the image is used as a base for another build.

Containers

A container is an instance of an image plus a writable layer. Containers are isolated, secure, and can be started, stopped, migrated, or removed.

Common container commands include: docker run – Create and start a container. docker stop – Stop a running container. docker restart – Restart a container. docker rm – Remove a stopped container. docker ps -a – List all containers. docker logs – View container logs. docker exec – Run a command in a running container. docker cp – Copy files between host and container. docker inspect – Show detailed container information.

Volumes and Volume Containers

Volumes provide persistent storage independent of a container’s lifecycle. They are mounted into containers at specified paths.

Example to create a data volume container:

docker run -d -v /var/www/:/dbdata --name dbdata debian:jessie

Other containers can share this volume:

docker run -d --volumes-from dbdata --name db1 debian:jessie

To back up a volume:

docker run --volumes-from dbdata -v $(pwd):/backup debian:jessie tar cvf /backup/backup.tar /dbdata

To restore:

# Create an empty volume container

docker run -v /dbdata --name dbdata2 debian:jessie /bin/bash

# Restore the backup

docker run --volumes-from dbdata2 -v $(pwd):/backup debian:jessie tar xvf /backup/backup.tar