You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Containerisation is a lightweight form of virtualisation that packages an application together with its dependencies, libraries, and configuration into a single, portable unit called a container. This lesson introduces the core concepts behind containers, compares them with traditional virtual machines, and explains the architecture that makes Docker the industry standard.
Before containers, deploying software was plagued by the classic "it works on my machine" problem:
Containers solve all of these by bundling everything an application needs into an isolated, reproducible package.
Virtual machines and containers both provide isolation, but they achieve it in fundamentally different ways.
+--------------------------------------------+
| Virtual Machine Stack |
|--------------------------------------------|
| App A | App B | App C |
| Bins/Libs | Bins/Libs | Bins/Libs |
| Guest OS | Guest OS | Guest OS |
|--------------------------------------------|
| Hypervisor (Type 1 or 2) |
|--------------------------------------------|
| Host OS / Hardware |
+--------------------------------------------+
+--------------------------------------------+
| Container Stack |
|--------------------------------------------|
| App A | App B | App C |
| Bins/Libs | Bins/Libs | Bins/Libs |
|--------------------------------------------|
| Container Runtime (Docker) |
|--------------------------------------------|
| Host OS / Hardware |
+--------------------------------------------+
| Feature | Virtual Machine | Container |
|---|---|---|
| Isolation level | Full OS-level | Process-level (shared kernel) |
| Start-up time | Minutes | Seconds (or less) |
| Size | Gigabytes | Megabytes |
| Resource overhead | High (each VM runs full OS) | Low (shared kernel) |
| Portability | Moderate | Very high |
| Density per host | Low (tens) | High (hundreds to thousands) |
| Use case | Full OS isolation, legacy | Microservices, CI/CD, cloud |
Key insight: Containers share the host kernel, which is why they are so much lighter and faster than VMs. However, this also means the isolation boundary is thinner than a hypervisor.
The Open Container Initiative (OCI) defines industry standards for container technology:
| Standard | Purpose |
|---|---|
| OCI Image Spec | Defines the format of container images |
| OCI Runtime Spec | Defines how to run a container from an image |
| OCI Distribution Spec | Defines how to push/pull images from registries |
These standards ensure interoperability — an image built with Docker can run with Podman, containerd, or any OCI-compliant runtime.
Docker uses a client-server architecture with three main components:
+------------------+ +-------------------+
| Docker CLI | REST | Docker Daemon |
| (docker) | -------> | (dockerd) |
+------------------+ API +-------------------+
|
+---------+---------+
| |
+----------+ +----------+
| Images | |Containers|
+----------+ +----------+
|
+----------+
| Registry |
| (Hub) |
+----------+
The daemon is a background service that manages images, containers, networks, and volumes. It listens for API requests from the Docker CLI or other clients.
The command-line interface is the primary way users interact with Docker. Every docker command sends a REST API call to the daemon.
A registry stores and distributes container images. Docker Hub is the default public registry, but you can also run private registries.
| Concept | Description |
|---|---|
| Image | A read-only template containing the application and its environment |
| Container | A running (or stopped) instance of an image |
| Dockerfile | A text file with instructions to build an image |
| Layer | Each instruction in a Dockerfile creates a layer; layers are cached |
| Tag | A human-readable label for an image version (e.g. nginx:1.25) |
A container goes through several states during its lifetime:
docker create docker start docker stop
+-----------+ ------> +-----------+ ------> +-----------+
| Created | | Running | | Stopped |
+-----------+ <------ +-----------+ <------ +-----------+
docker restart docker start
|
docker rm
|
v
+-----------+
| Removed |
+-----------+
| State | Description |
|---|---|
| Created | Container exists but has not been started |
| Running | Container process is active |
| Paused | Container process is suspended (SIGSTOP) |
| Stopped | Container process has exited |
| Removed | Container and its writable layer are deleted |
Containers are ideal for:
Containers may not be the best fit for: