Why it matters for DevOps
Containers are the universal deployment artifact of modern software. CI/CD pipelines build them, Kubernetes runs them, registries store them. Every DevOps engineer needs to be fluent with Docker.
🐳 What is Docker and Why Containers Over VMs
Understand what a container is, why Docker revolutionized software delivery, and why every DevOps team uses containers over traditional virtual machines.
🧒 Simple Explanation (ELI5)
Imagine you are a chef sending your recipe to restaurants worldwide. With VMs, you ship the entire kitchen — oven, fridge, counters, walls. With Docker, you ship just a lunchbox — your recipe, your exact ingredients, in a self-contained box that works in any kitchen.
Docker containers package your application and everything it needs (code, runtime, libraries, config) into a single, portable unit that runs identically on your laptop, a CI server, and production.
💡
🔧 Technical Explanation
Containers vs Virtual Machines
VM vs Container Architecture
Virtual Machine
App A
Guest OS (2–4 GB)
Hypervisor
Host OS + Hardware
vs
Container
App A
App Libs & Deps
Docker Engine
Host OS Kernel (shared)
Containers share the host OS kernel using Linux namespaces (process/network isolation) and cgroups (CPU/memory limits). There is no guest OS to boot — that is why containers start in milliseconds and use megabytes, while VMs need minutes and gigabytes.
Core Docker Objects
- Image — a read-only snapshot of your app + dependencies, stored as layers. Like a class in OOP.
- Container — a running instance of an image, with a writable layer. Like an object instantiated from a class.
- Dockerfile — a script that defines how to build an image, step by step.
- Registry — a storage service for images (Docker Hub, Azure Container Registry).
- Layer — each Dockerfile instruction adds a cached, reusable layer to the image.
💻 Essential Commands
bash
# Pull an image from Docker Hub docker pull nginx:latest # Run a container (detached, port mapped, named) docker run -d -p 8080:80 --name my-nginx nginx:latest # List running containers docker ps # See ALL containers (including stopped) docker ps -a # View container logs docker logs my-nginx # Follow logs in real time (like tail -f) docker logs -f my-nginx # Stop and remove docker stop my-nginx docker rm my-nginx # Remove an image docker rmi nginx:latest
💡
80% of daily usage
docker run, docker ps, docker logs, and docker stop cover the vast majority of day-to-day container work. Get comfortable with these four first.
🌍 Real-World Use Case
A Node.js API depends on Node 18, specific npm packages, and environment variables. Without Docker, different developers have different Node versions and the CI server has yet another — causing mysterious failures. With Docker, everyone runs docker run myapp:1.0 and gets identical behavior. The same image is promoted from dev → staging → production with zero changes.
🧪 Hands-on Exercises
- Run
docker run hello-worldto verify Docker is installed and working. - Run nginx on port 8080:
docker run -d -p 8080:80 nginx, then visithttp://localhost:8080. - Open a shell inside a running container:
docker exec -it <container_id> /bin/sh - Pull
alpine:latestand inspect its layers:docker image inspect alpine - Watch live resource usage:
docker stats
⚠️
Containers are ephemeral
When a container stops, its filesystem changes are lost. Any data you need to persist must go in a Docker volume or bind mount — covered in Lesson 5.
🐛 Debugging Scenario
Problem: docker run myapp exits immediately and you see nothing.
bash
# Step 1: check exit code docker ps -a # see exit code column # Step 2: read the logs docker logs <container_id> # check stdout/stderr # Step 3: override CMD to get a shell docker run -it myapp /bin/sh # debug manually inside # Common causes: # - App crashes on startup (check logs for stack trace) # - CMD/ENTRYPOINT wrong (no long-running process) # - Missing env var (app exits with config error)
🎯 Interview Questions
What is the difference between a Docker image and a container?
An image is a read-only template — a snapshot of your app and dependencies stored on disk. A container is a running instance of that image with a live process and a writable layer. Many containers can run from one image. Think: image = class, container = object.
Why are containers faster and lighter than VMs?
Containers share the host OS kernel via Linux namespaces and cgroups. There is no guest OS to boot. VMs require a full OS per machine (2–4 GB+, minutes to start). Containers start in milliseconds and use MB of memory vs. GB for VMs.
What is Docker Hub and when would you use Azure Container Registry instead?
Docker Hub is a public registry. Use it for public/community images and pulling official base images. Azure Container Registry (ACR) is a private registry integrated with Azure AD identity, geo-replication, and AKS. Use ACR for production workloads where images contain proprietary code and you need fine-grained RBAC access control.
Scenario: Your app works locally but fails in CI. How do you debug it?
1. Check if Docker versions differ between local and CI. 2. Verify environment variables — CI likely does not have your local .env secrets. 3. Run the CI image locally: docker run -it <ci-image> /bin/sh. 4. Check build args — CI often passes different values. 5. Inspect the image: docker image inspect to compare layers and entrypoint config.
📋 Summary
- Docker packages apps + dependencies into portable containers that run identically anywhere.
- Containers share the host kernel — much lighter and faster than VMs.
- Core objects: Image (template), Container (running instance), Dockerfile (build script), Registry (image store).
- Essential commands:
docker run,docker ps,docker logs,docker stop.