Docker has revolutionized containerization technology. The virtualization platform lets developers build self-sufficient, lightweight, and portable software containers that make creating, testing, and deploying applications easy and fast.
While Docker is relatively easy to master, there are two of its key facets that may be difficult to grasp at first: Docker images vs. Docker containers.
This blog post will break the concepts down so that you can understand how things in the Docker world work.
What Exactly Is A Docker Image?
A Docker image is a read-only, inert template that comes with instructions for deploying containers. In Docker, everything basically revolves around images.
An image consists of a collection of files (or layers) that pack together all the necessities—such as dependencies, source code, and libraries—needed to set up a completely functional container environment.
Images are stored on a Docker registry, such as the Docker Hub, or on a local registry.
For example, here is a bash image that has been downloaded from Docker Hub:
A Docker image is made up of multiple layers. The bash image above consists of a series of layers, such as 188c0c94c7c5, 94387ca39817, and others.
The image layers are stacked to one another. Although the layers may be different from each other, every one of them may depend on the one immediately below it.
These layers, also called intermediate images, are essentially read-only files that a container layer will be added on top of them after setting up a virtualized environment.
You can use the docker images command to view an image’s details on your system.
Here is an example:
As you can see from the output above, the image has the following attributes:
- Tag—identifies the image by its tag, such as version number.
- Image ID—is a unique image identity.
- Created—the period of time since it was created.
- Size—the image’s virtual size.
Furthermore, you can also use the docker history command to see all the layers that make up the downloaded image.
Here is an example:
What Exactly Is A Docker Container?
A Docker container is a virtualized runtime environment that provides isolation capabilities for separating the execution of applications from the underpinning system. It’s an instance of a Docker image.
Containers are the ultimate utility of the Docker technology—they provide a portable and lightweight environment for deploying applications.
Each container is autonomous and runs in its own isolated environment, ensuring it does not disrupt other running applications or its underlying system. This greatly improves the security of applications.
Docker defines several container states, such as created, restarting, running, paused, exited, and dead. Since several states are possible, and a container is just an instance of the image, a container does not need to be running.
Here is an example of how to launch a container based on the latest version of a bash image:
Then, to view its details on your system, you can use either the docker ps command (outputs only running containers) or docker ps -a command (outputs both running and stopped containers).
Here is an example:
Every time Docker creates a container from an image, it places a thin read-write layer on top of the image. This writable layer allows for changes to be made to the container, as the lower layers in the image are unchangeable. It also stores any changes made to the container during its entire runtime.
If you want to keep the changes made to the initial image for future use, you can take a screenshot to save the current state of the container. This will add a container layer atop the image, eventually creating a new immutable image.
Furthermore, it’s possible to launch multiple container instances simultaneously from the same image. Every container layer will maintain its own individual state safely atop the underlying image. The containers will have different IDs, but arise from the same image.
For example, let’s use the docker run command to start a container:
docker run bash:5.0
Again, let’s start another container from the same image:
docker run bash:5.0
Now, if we check the containers, we notice that there are two containers with different IDs, but based on the same image:
From the output above, you can notice that both containers are deployed on top of the same bash image. The thin writable layer of the Docker containers is residing atop the bash image.
Creating multiple containers from the same image can be very beneficial. For example, it increases the availability of an application—in case one container fails, the others will ensure the application is still up and running. Duplicate containers also help in scaling up an application in case demand surges upwards.
What Is The Difference Between Docker Images And Docker Containers?
Docker images and containers work together to let you unleash the full potential of the innovative Docker technology. However, they have subtle differences that may be difficult to notice, especially for a beginner.
A simple analogy that compares their differences is to think of a Docker image as a recipe and a container as the cake prepared from that recipe.
The recipe sets out the instructions for baking the cake. You cannot enjoy eating the cake if you do not put the instructions into action.
You need to follow the recipe to prepare the cake and eat it. Similarly, you should follow the instructions in the Docker image to create and start a container, and enjoy the benefits of Docker.
You can bake as many cakes as possible from a single recipe—just like an image can create multiple containers. However, if you change the recipe, the taste of your existing cakes will not change.
Only newly baked cakes will use the modified recipe. Likewise, if you make changes to a container image, you’ll not affect the already running containers.
Here is a table that points out the differences between Docker images and containers:
Understanding the differences between Docker images and Docker containers will help you in designing better Docker applications.
Docker images are read-only templates used to build containers. Containers are deployed instances created from those templates. Images and containers are closely related, and are essential in powering the Docker software platform.
Are you letting open-source vulnerabilities go undetected?
Mend Bolt is a powerful free extension that operates in real-time to provide visibility over your open source components within Azure Pipelines or GitHub.
- Get real-time alerts on security vulnerabilities
- Ensure the license compliance of open source components.
- Receive automated open-source inventory reports for every build or project.
Get it now and join thousands of developers who’ve already gained full visibility over their open-source components.