Docker: The Complete Guide (Architecture, Internals, Syntax, and Practical Usage)

Introduction

Docker is an open-source containerization platform that allows developers to build, ship, and run applications consistently across environments. It solves the classic problem:

“It works on my machine, but not on production.”

Docker achieves this by packaging an application with its dependencies, libraries, runtime, and configuration into a standardized unit called a container.

---

What Is Containerization?

Containerization is a lightweight virtualization technique that runs applications in isolated user spaces while sharing the host OS kernel.

Containers vs Virtual Machines

Feature	Containers	Virtual Machines
OS	Shared host kernel	Full guest OS
Startup time	Seconds	Minutes
Resource usage	Low	High
Portability	Very high	Moderate
Performance	Near-native	Slower

---

Docker Architecture (High-Level)

Docker follows a client–server architecture.

+-------------------+
| Docker Client     |
| (docker CLI)      |
+---------+---------+
          |
          | REST API
          |
+---------v---------+
| Docker Daemon     |
| (dockerd)         |
+----+------+-------+
     |      |
     |      |
 Images  Containers

---

Core Docker Components

1. Docker Client

• CLI tool: docker
• Sends commands to Docker Daemon
• Examples:

  docker run
  docker build
  docker pull

---

2. Docker Daemon (dockerd)

• Runs on the host machine

• Responsible for:

  • Building images
  • Running containers
  • Managing networks & volumes

---

3. Docker Images

A Docker image is a read-only template used to create containers.

Characteristics:

• Layered
• Immutable
• Built using Dockerfile

Example:

docker pull nginx

---

4. Docker Containers

A container is a running instance of an image.

Characteristics:

• Isolated
• Ephemeral
• Has its own filesystem, process tree, network

Example:

docker run nginx

---

5. Docker Registry

A registry stores Docker images.

• Docker Hub (default)
• Private registries
• GitHub Container Registry

Example:

docker push myimage:latest

---

Docker Internals (Deep Dive)

Linux Kernel Features Used by Docker

Docker relies heavily on Linux kernel primitives:

1. Namespaces (Isolation)

• PID (process isolation)
• NET (network isolation)
• MNT (filesystem isolation)
• IPC
• UTS
• USER

2. cgroups (Control Groups)

• Limit CPU
• Limit memory
• Limit disk I/O

3. Union File Systems

• OverlayFS
• AUFS

---

Docker Image Layers (Internal Structure)

Each Docker image is composed of layers.

Layer 1: Base OS
Layer 2: Runtime
Layer 3: Dependencies
Layer 4: Application Code

Layers are:

• Cached
• Reused
• Immutable

---

Dockerfile (Complete Syntax)

A Dockerfile is a text file that defines how to build an image.

Basic Dockerfile Structure

FROM node:20
WORKDIR /app
COPY package.json .
RUN npm install
COPY . .
EXPOSE 3000
CMD ["npm", "start"]

---

Dockerfile Instructions (ALL)

FROM

FROM ubuntu:22.04

---

RUN

RUN apt update && apt install -y curl

---

CMD

CMD ["node", "index.js"]

---

ENTRYPOINT

ENTRYPOINT ["python"]

---

COPY

COPY src/ /app/src/

---

ADD

ADD archive.tar.gz /app/

---

WORKDIR

WORKDIR /app

---

ENV

ENV NODE_ENV=production

---

ARG

ARG VERSION=1.0

---

EXPOSE

EXPOSE 8080

---

VOLUME

VOLUME /data

---

USER

USER node

---

HEALTHCHECK

HEALTHCHECK CMD curl --fail http://localhost || exit 1

---

Docker Build Process

docker build -t myapp:1.0 .

Build steps:

1. Read Dockerfile
2. Execute instructions line by line
3. Cache layers
4. Produce image

---

Docker Container Lifecycle

docker create
docker start
docker stop
docker restart
docker pause
docker unpause
docker rm

---

Docker Run Syntax (Complete)

docker run [OPTIONS] IMAGE [COMMAND]

Common Options

-d        # detached
-p        # port mapping
-v        # volume
-e        # environment variable
--name    # container name
--rm      # auto remove

Example:

docker run -d -p 3000:3000 --name web myapp

---

Docker Networking

Network Types

Type	Description
bridge	Default
host	No isolation
none	No network
overlay	Multi-host

Create network:

docker network create mynet

---

Docker Volumes

Volumes persist data outside containers.

Types

• Volume
• Bind Mount
• tmpfs

Create volume:

docker volume create mydata

Use volume:

docker run -v mydata:/app/data myapp

---

Docker Compose (Multi-Container)

docker-compose.yml

version: "3.9"
services:
  web:
    image: node:20
    ports:
      - "3000:3000"
    volumes:
      - .:/app
    command: npm start
  db:
    image: postgres

Run:

docker compose up

---

Docker Best Practices

• Use small base images
• Multi-stage builds
• Avoid running as root
• Leverage layer caching
• Use .dockerignore

Example:

# Multi-stage
FROM node:20 AS builder
WORKDIR /app
COPY . .
RUN npm run build

FROM nginx
COPY --from=builder /app/build /usr/share/nginx/html

---

Docker Security

• Scan images
• Use non-root users
• Minimal base images
• Secrets management
• Read-only filesystem

---

Docker Use Cases

• Microservices
• CI/CD pipelines
• Cloud deployments
• Development environments
• Testing & staging

---

Docker vs Kubernetes

Docker	Kubernetes
Container runtime	Orchestration
Single-host focus	Multi-host
Simple	Complex

---

Conclusion

Docker is not just a tool, but a foundational technology in modern software engineering. Understanding Docker’s architecture, internals, syntax, and workflows is essential for:

• Backend developers
• DevOps engineers
• Cloud engineers
• Full-stack developers

Mastering Docker means mastering application portability, scalability, and reliability.