A Dockerfile is a text document that contains all the commands you would normally execute manually in order to build a Docker image.
Docker can build images automatically by reading the instructions from a Dockerfile.
Docker images are the basis of containers.
An Image is an ordered collection of root filesystem changes and the corresponding execution parameters for use within a container runtime.
An image typically contains a union of layered filesystems stacked on top of each other.
An image does not have state and it never changes.
A base image has no parent image specified in its Dockerfile.
It is created using a Dockerfile with the FROM scratch directive.
An image’s parent image is the image designated in the FROM directive in the image’s Dockerfile.
All subsequent commands are based on this parent image.
In an image, a layer is a modification to the image, represented by an instruction in the Dockerfile.
Layers are applied in sequence to the base image to create the final image.
When an image is updated or rebuilt, only layers that change need to be updated, and unchanged layers are cached locally.
This is part of why Docker images are so fast and lightweight.
The size of the final image is equal to the sum of the sizes of each layer.
A tag is a label applied to a Docker image in a repository.
Tags are how various images in a repository are distinguished from each other.
Note: This label is not related to the key=value labels set for docker daemon.
A container is a runtime instance of a docker image.
A Docker container consists of:
- A Docker image.
- An execution environment.
- A standard set of instructions.
The concept is borrowed from Shipping Containers, which define a standard to ship goods globally.
Docker defines a standard to ship software.
Build is the process of building Docker images using a Dockerfile.
The build uses a Dockerfile and a “context”.
The context is the set of files in the directory in which the image is built.
cgroups is a Linux kernel feature that limits and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes.
Docker relies on cgroups to control and isolate resource limits.
Docker uses a copy-on-write technique and a union file system for both images and containers to optimize resources and speed performance.
Multiple copies of an entity share the same instance and each one makes only specific changes to its unique layer.
Multiple containers can share access to the same image, and make container-specific changes on a writable layer which is deleted when the container is removed.
This speeds up container start times and performance.
Images are essentially layers of filesystems typically predicated on a base image under a writable layer, and built up with layers of differences from the base image.
This minimizes the footprint of the image and enables shared development.
Union file systems implement a union mount and operate by creating layers.
Docker uses union file systems in conjunction with copy-on-write techniques to provide the building blocks for containers, making them very lightweight and fast.
Example implementations of union file systems are UnionFS, AUFS, and Btrfs.
A volume is a specially-designated directory within one or more containers that bypasses the Union File System.
Volumes are designed to persist data, independent of the container’s life cycle.
Docker therefore never automatically deletes volumes when you remove a container, nor will it “garbage collect” volumes that are no longer referenced by a container.
There are three types of volumes: