Docker Fundamentals
Core concepts of Docker containerization — the essential prerequisite for Kubernetes and CKA.
What is Docker?
Docker is an open-source platform for developing, shipping, and running applications inside lightweight, portable containers. It solves the “it works on my machine” problem by packaging code with all its dependencies into a standardized unit.
VMs vs. Containers
| Aspect | Virtual Machines | Containers |
|---|---|---|
| Architecture | Heavy — each VM includes a full OS kernel | Lightweight — shares the host OS kernel |
| Boot Time | Minutes | Seconds |
| Resource Usage | High (GBs of RAM per VM) | Low (MBs of RAM per container) |
| Isolation | Hardware-level (Hypervisor) | OS-level (cgroups + namespaces) |
| Portability | Hard to move across environments | Packaged as images, runs anywhere |
| Use Case | Multi-OS environments, legacy apps | Microservices, CI/CD, cloud-native apps |
Docker Architecture
┌─────────────────┐
│ Docker Client │ ← `docker` CLI commands
│ (docker) │
└────────┬────────┘
│ REST API
┌────────▼────────┐
│ Docker Daemon │ ← `dockerd` — manages images, containers, networks, volumes
│ (dockerd) │
└────────┬────────┘
│
┌────────▼────────┐
│ Docker Registry │ ← Docker Hub, ECR, GCR, private registries
│ (docker hub) │
└─────────────────┘
- Docker Client (
dockerCLI): The command-line interface users interact with. - Docker Daemon (
dockerd): The background service that builds, runs, and distributes containers. - Docker Registry: Stores and distributes Docker images (public Docker Hub or private registries).
- Docker Image: A read-only template containing application code, libraries, and environment settings.
- Docker Container: A runnable instance of an image — isolated, portable, and ephemeral.
The Docker Workflow
- Write a
Dockerfile— defines the image blueprint (base OS, dependencies, code, entrypoint). - Build an image —
docker build -t myapp:1.0 . - Run a container —
docker run -d -p 8080:80 myapp:1.0 - Push to registry —
docker push myapp:1.0 - Pull & deploy —
docker pull myapp:1.0
Essential Docker Commands
| Command | Purpose | Example |
|---|---|---|
docker run | Create and start a container | docker run -d -p 80:80 nginx |
docker ps | List running containers | docker ps |
docker ps -a | List all containers | docker ps -a |
docker stop | Gracefully stop a container | docker stop <container_id> |
docker start | Start a stopped container | docker start <container_id> |
docker rm | Remove a stopped container | docker rm <container_id> |
docker images | List local images | docker images |
docker rmi | Remove an image | docker rmi <image_id> |
docker logs | View container logs | docker logs <container_id> |
docker exec | Execute a command inside a running container | docker exec -it <id> /bin/sh |
docker build | Build an image from a Dockerfile | docker build -t myapp:1.0 . |
docker pull | Download an image from a registry | docker pull nginx:latest |
docker push | Upload an image to a registry | docker push myapp:1.0 |
Container Lifecycle
docker create
┌──────────────┐
│ CREATED │
└──────┬───────┘
│ docker start / docker run
┌──────▼───────┐
│ RUNNING │◄────────────────┐
└──────┬───────┘ │
│ docker pause │ docker restart
┌──────▼───────┐ │
│ PAUSED │─────────────────┘
└──────┬───────┘
│ docker unpause
│ docker stop
┌──────▼───────┐
│ STOPPED │
└──────┬───────┘
│ docker rm
┌──────▼───────┐
│ DELETED │
└──────────────┘
Docker & Kubernetes Relationship
- Kubernetes is a container orchestrator — it manages Docker containers at scale.
- Kubernetes does not run containers directly; it instructs a Container Runtime Interface (CRI) like containerd or CRI-O.
containerdwas originally part of Docker but is now an independent CNCF project — the runtime Kubernetes uses under the hood.- Understanding Docker helps you debug Kubernetes pods:
kubectl describe pod,kubectl logs,kubectl exec. - Docker alone lacks auto-healing and replication. Kubernetes solves this with Deployments and ReplicaSets that continuously recreate failed containers. Source: CKA Day 8