Day 03 / 30

๐Ÿณ Docker

What containers are, how Docker works, images vs containers, Dockerfile, volumes, networking & docker-compose. Pure concepts โ€” no fluff.

What is Docker VM vs Container Images & Containers Dockerfile Volumes Networking Docker Compose Docker in DevOps
01
What is Docker?

Docker is a platform that lets you package your application along with everything it needs โ€” code, runtime, libraries, configs โ€” into a single unit called a container. That container runs the same way everywhere โ€” your laptop, a server, the cloud.

Created in 2013 by Solomon Hykes at dotCloud. Open-sourced and became one of the fastest-adopted tools in software history. Today it's the standard for packaging and shipping applications.

๐Ÿ’ก Simple definition: Docker is a "shipping container" for software. Just like a physical container carries goods safely across ships/trucks/trains, Docker carries your app safely across machines and environments.

The problem Docker solves

"It works on my machine" โ€” the classic developer problem. Code runs fine locally but fails on the server. Reason: different OS, different library versions, different configs. Docker eliminates this by bundling everything together.

Without Docker
App works locally. Fails on server. Hours debugging "missing dependency". Different Python versions. Different OS configs. Painful deployments.
With Docker
Package once. Run anywhere. Same container on laptop โ†’ server โ†’ AWS โ†’ CI/CD pipeline. Zero "works on my machine" problems.
02
VM vs Container

Both VMs and containers isolate applications โ€” but they do it very differently.

Virtual Machine (VM)
Has its own full OS โ€” kernel, OS files, everything. Runs on top of a Hypervisor (VMware, VirtualBox). Heavy โ€” takes GBs of disk space and minutes to start. Strong isolation.
Container
Shares the host OS kernel. Only packages the app + its dependencies. Lightweight โ€” MBs of disk, starts in seconds. Slightly less isolated but far more efficient.
Virtual Machine App A + Guest OS + Libs App B + Guest OS + Libs Hypervisor Host OS + Hardware Docker Containers App A + Libs (no OS needed) App B + Libs (no OS needed) Docker Engine (shared kernel) Host OS + Hardware (shared with containers)
โšก Key takeaway: A VM boots a whole OS per app โ€” heavy. A container shares the host kernel โ€” lightweight. 10 containers can run on a machine where only 2-3 VMs would fit.
03
Images & Containers

Docker Image

A read-only template that contains everything needed to run an app โ€” OS layer, runtime, libraries, app code. Think of it as a blueprint or recipe. Images are built from a Dockerfile. They are stored in registries like Docker Hub.

Docker Container

A running instance of an image. Like a class vs object in programming โ€” image is the class, container is the object. You can run multiple containers from the same image. Containers are isolated from each other and the host.

๐Ÿ“ธ Analogy: Image = a cookie cutter. Container = the actual cookie. One cutter, many cookies. Change the cutter (image) and all future cookies change.

Docker Hub โ€” the registry

Like GitHub for Docker images. Thousands of official images available โ€” nginx, postgres, node, python, ubuntu. Pull and run instantly. Push your own images too.

Image layers โ€” how images are built

Images are made of layers โ€” each instruction in a Dockerfile adds a layer. Layers are cached and reused. If only your app code changes, Docker reuses all previous layers (OS, deps) โ€” making builds fast.

L1
Base OS layer
ubuntu:22.04 โ€” the foundation. Cached forever once pulled.
L2
Runtime layer
Install Python / Node / Java. Cached unless runtime changes.
L3
Dependencies layer
pip install / npm install. Cached unless requirements.txt changes.
L4
App code layer
COPY your app code. This changes most often โ€” only this layer rebuilds.
04
Dockerfile

A Dockerfile is a text file with instructions to build a Docker image. Each instruction becomes a layer. Docker reads it top to bottom and builds the image.

Dockerfile โ€” Python app example
FROM python:3.11-slim # base image โ€” slim = smaller size
WORKDIR /app # set working directory inside container
COPY requirements.txt . # copy deps file first (layer caching!)
RUN pip install -r requirements.txt # install deps
COPY . . # copy rest of app code
EXPOSE 8000 # document which port app uses
CMD ["python", "app.py"] # default command when container starts

Key Dockerfile instructions

FROM
Base image to build on. Every Dockerfile starts with FROM. FROM scratch = empty base.
RUN
Execute command during build. Use for installing packages. Each RUN = new layer.
COPY
Copy files from host into image. COPY src dest. Use ADD only for archives/URLs.
WORKDIR
Set working directory. All subsequent commands run from here. Like cd.
ENV
Set environment variables inside container. ENV PORT=8000
EXPOSE
Document which port the app listens on. Doesn't actually open port โ€” just metadata.
CMD
Default command when container starts. Can be overridden. Only one CMD per Dockerfile.
ENTRYPOINT
Like CMD but cannot be easily overridden. Use for fixed executable, CMD for arguments.
โš ๏ธ CMD vs ENTRYPOINT: CMD is the default command โ€” easy to override at runtime. ENTRYPOINT locks the executable. Common pattern: ENTRYPOINT for the binary, CMD for default args.
05
Essential Docker Commands
build & run
$docker build -t myapp:v1 . # build image from Dockerfile
$docker run -d -p 8080:8000 myapp:v1 # run container detached
$docker run -it ubuntu bash # interactive shell inside container
$docker run --name mycontainer myapp:v1 # give container a name
manage containers
$docker ps # list running containers
$docker ps -a # list all containers (including stopped)
$docker stop mycontainer # graceful stop
$docker rm mycontainer # remove container
$docker logs mycontainer # see container logs
$docker exec -it mycontainer bash # shell into running container
images
$docker images # list local images
$docker pull nginx:latest # download image from Docker Hub
$docker push username/myapp:v1 # push image to Docker Hub
$docker rmi myapp:v1 # remove image
$docker system prune # cleanup unused containers/images
06
Volumes โ€” Persistent Storage

By default, containers are stateless โ€” when a container stops, all data inside it is lost. This is a problem for databases, logs, uploads. Volumes solve this by storing data outside the container on the host machine.

๐Ÿ’พ Analogy: Container = a hotel room. Volumes = your personal locker outside the room. Even if you check out (container stops), your belongings (data) are safe in the locker.

Types of mounts

Named Volume
Managed by Docker. docker volume create mydata. Best for production databases. Docker decides the location on host.
Bind Mount
You specify exact host path. Maps host folder โ†’ container folder. Great for development โ€” edit code on host, see changes instantly in container.
tmpfs Mount
In-memory only. Not persisted. Useful for sensitive temporary data. Linux only.
volume commands
$docker volume create mydata
$docker run -v mydata:/app/data myapp # named volume
$docker run -v /home/user/code:/app myapp # bind mount
$docker volume ls # list all volumes
$docker volume rm mydata
07
Docker Networking

Containers are isolated โ€” they can't talk to each other by default. Docker networking allows containers to communicate securely with each other and the outside world.

Port mapping โ€” -p flag

-p hostPort:containerPort โ€” maps a port on the host to a port inside the container. Example: -p 8080:80 means visiting localhost:8080 sends traffic to port 80 inside the container.

Network types

bridge (default)
Default network. Containers can talk to each other by IP. Not by name (use custom bridge for that). External access via port mapping.
custom bridge
User-created network. Containers can refer to each other by name. Best practice โ€” use this instead of default bridge. Automatic DNS resolution.
host
Container shares host's network directly. No isolation. No port mapping needed. Only on Linux.
none
No networking. Completely isolated. For high-security workloads.
network commands
$docker network create mynetwork
$docker run --network mynetwork myapp
$docker network ls # list networks
$docker network inspect mynetwork
08
Docker Compose

Real apps have multiple services โ€” web server, database, cache (Redis), message queue. Running and connecting all these manually is painful. Docker Compose lets you define all services in one YAML file and start them all with a single command.

๐ŸŽป Analogy: If Docker is a musician, Docker Compose is the conductor โ€” it coordinates all musicians (containers) to play together in harmony.
docker-compose.yml โ€” web app + database
version: '3.8'
services:
web:
build: .
ports:
- "8080:8000"
depends_on: [db]
environment:
DB_HOST: db # refer to db service by name!
db:
image: postgres:15
volumes:
- pgdata:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: secret
volumes:
pgdata: # named volume declaration
compose commands
$docker compose up -d # start all services (detached)
$docker compose down # stop and remove containers
$docker compose logs -f # follow logs of all services
$docker compose ps # status of all services
$docker compose build # rebuild images
09
Docker in DevOps

Docker is not just a tool โ€” it's the foundation of modern DevOps. Every major DevOps concept builds on top of containers.

CI/CD Pipelines
GitHub Actions, Jenkins โ€” build Docker images on every push. Test in containers. Ship to production.
Kubernetes
Orchestrates thousands of containers. Docker creates the containers โ€” Kubernetes manages them at scale.
Microservices
Each microservice = one container. Independent deploy, scale, and update. Docker makes this practical.
Cloud
AWS ECS, Azure Container Instances, GCP Cloud Run โ€” all run Docker containers natively.
Dev Environments
Onboard new devs instantly โ€” just docker compose up. No more "install this, configure that" setup docs.
Security
Containers isolate apps from each other. Limit blast radius if one service is compromised.
๐Ÿš€ Bottom line: Git tracks code. Linux runs servers. Docker packages and ships apps. Together these 3 form the core trio of DevOps. Day 01 + Day 02 + Day 03 = foundation complete.
10
Quick Cheatsheet โ€” All Commands
docker build -t name .build image
docker run -d -p 80:80run detached
docker psrunning containers
docker ps -aall containers
docker imageslist images
docker pull nginxdownload image
docker stop namestop container
docker rm nameremove container
docker rmi imageremove image
docker logs nameview logs
docker exec -itshell inside
docker volume createcreate volume
docker network createcreate network
docker compose up -dstart all services
docker compose downstop all
docker system prunecleanup all
30 Days of DevOps  ยท  Day 03  ยท  Docker & Containers