Docker
The industry-standard container platform - from your first container to production-ready images
Docker
Docker packages applications and their dependencies into containers — lightweight, isolated processes that run the same way on your laptop, in CI, and in production.
Why Docker
| Without containers | With Docker |
|---|---|
| "Works on my machine" | Same image runs everywhere |
| Manual dependency setup per host | Dependencies baked into the image |
| One service per VM (expensive) | Many containers per host |
| Snapshots and rollbacks via VM tools | Immutable image tags + registry |
| Hours to provision a host | Seconds to start a container |
How a Container Differs From a VM
┌─────────────────────────────┐ ┌─────────────────────────────┐
│ App A App B │ │ App A App B │
│ ┌────────┐ ┌────────┐ │ │ ┌────────┐ ┌────────┐ │
│ │ libs │ │ libs │ │ │ │ libs │ │ libs │ │
│ │ guest │ │ guest │ │ │ └────────┘ └────────┘ │
│ │ OS │ │ OS │ │ │ Container runtime │
│ └────────┘ └────────┘ │ │ ──────────────── │
│ Hypervisor │ │ Host OS │
│ ──────────── │ │ ──────────────── │
│ Host OS │ │ Hardware │
└─────────────────────────────┘ └─────────────────────────────┘
VM ContainerA VM ships a whole guest OS; a container shares the host kernel and ships only the userspace differences. That's why containers are ~MB instead of ~GB and start in milliseconds instead of seconds.
Core Vocabulary
| Term | What it is |
|---|---|
| Image | Read-only template (your app + runtime + libs) |
| Container | A running (or stopped) instance of an image |
| Dockerfile | The recipe to build an image |
| Registry | Where images live (Docker Hub, ECR, GHCR, ...) |
| Volume | Persistent storage that outlives a container |
| Network | Virtual network for container-to-container traffic |
Learning Path
Read in this order if you're new — each page builds on the previous one.
1. Getting Started
Install Docker, run your first container, learn the day-to-day CLI
2. Dockerfile
Build your own images: layers, multi-stage builds, .dockerignore, sizing
3. Docker Compose
Define multi-container apps with networks, volumes, and healthchecks
4. Best Practices
Security, image hygiene, registries, signing, production patterns
Docker vs. Alternatives
| Tool | Notes |
|---|---|
| Docker | The default; richest tooling and ecosystem |
| Podman | Daemonless, rootless; near-drop-in docker CLI compatible |
| containerd | The runtime Docker uses internally; what Kubernetes talks to directly |
| nerdctl | Docker-CLI-compatible client for containerd |
| Buildah / Kaniko | Build images without a Docker daemon (handy in CI / K8s) |
Docker is the runtime. Once your images exist, you need somewhere to actually run them — for single-host setups Compose is enough; for multi-host production, move to Kubernetes.