Docker
Docker is an open-source container management platform
- A standardized tool that helps run applications quickly and consistently, built on Linux container (LXC) technology
- Allows you to reproduce the same environment anywhere with a single command, without manually configuring complex setups.
- Almost all companies use Docker lol
- Connected to DevOps, cloud, etc
- Used a lot because Docker fundamentally solves the environment mismatch problem across Dev → Test → Stage → Prod.
- Key Components
- Image: A template that packages the entire runtime environment as code
- (Docker) Container: An isolated process environment running based on an image
- Dockerfile: A declarative script used to build images
- Docker CLI / Daemon: Tools for building images, running containers, mounting volumes, managing networks, and more
- After testing, remove all related images, they take sm space
- Docker Commands
- Docker Desktop (GUI)
- a desktop application that helps developers run and manage Docker containers in a local environment
- features
- provides both Docker CLI + GUI tools
- visualization
- Includes features like Kubernetes, Volumes, and Networks
- Offers an interface for resource limits, logs, and image management
- But not used that often → CLI is more useful
- Automation, writing scripts + full control
- CI/CD pipelines, complex setups, etc
- So GUI is mostly used for monitoring/quick checks
Before Docker (Problems)
| Issue Item | Description | Practical Risk |
|---|---|---|
| Environment Dependency | Mismatch between production and development environments. | High chance of failures after deployment. |
| Installation Complexity | Manual installation and configuration of all components on each server. | Missing configurations, difficult handover, inconsistent environments. |
| Resource Inefficiency & Scalability | Manual server expansion makes it difficult to respond to traffic changes. Automation is complex. | Slow response to traffic spikes, difficult to scale out quickly. |
| Repetitive Deployment Tasks | Manual transfer and execution of code for every update or new server. | Risk of omission, human error, wasted effort. |
| Lack of Automation | No deployment history tracking, reliance on manual processes and testing. | Bug propagation, difficult log tracing. |
Java and Docker
- Java application lifecycle
- First you write your code in Java. For the computer to understand it, this code must be compiled into a format that the Java Virtual Machine (JVM) can read. This compiled format is called Java bytecode, which is stored in
.classfiles. - However, a real-world project isn’t just one file. It’s a collection of many
.classfiles, along with other necessary components like a web server (e.g., Tomcat) and various dependencies (external libraries your code needs to run). All of these components are bundled together into a single, executable file called a JAR (Java Archive) file.- A crucial command to know is how to run this file from the terminal:
java -jar [your-jar-file-name].jar
- A crucial command to know is how to run this file from the terminal:
- First you write your code in Java. For the computer to understand it, this code must be compiled into a format that the Java Virtual Machine (JVM) can read. This compiled format is called Java bytecode, which is stored in
- The Problem
- Now, you have your
.jarfile. The problem arises when you try to share this file with others or deploy it to a server. The new computer might have:- A different version of Java installed.
- Missing dependencies.
- Conflicting software configurations.
- This creates a painful situation where developers waste a lot of time setting up the correct environment just to run the application, instead of actually building things… Older tech such as FTP and SCP exist but doesn’t really solve the core issue of environment inconsistency
- Now, you have your
- Solution: Docker
- Docker solves this problem by packaging your application (the
.jarfile) along with all of its dependencies—including the correct Java version (JRE), the application server, and any other required libraries—into a single, isolated container - acts like a self-contained, portable little computer that has everything your application needs to run, guaranteed
- You can then share and run this container on any machine that has Docker installed, and it will work exactly the same way, every single time
- Docker solves this problem by packaging your application (the
Docker Container
Overview
A ‘Docker container’ is a specific type of container created and managed by the Docker platform.
- A runnable instance of a Docker image
- “Container - Web browser” VS “Docker container - Google Chrome”
- Docker is a company and a project that took the underlying concept of containers and built an entire platform around it, making it incredibly easy for anyone to use.
- Also an isolated process running on the host machine’s kernel!
- Just like how classes are only useful if you make instances of them, you cannot have a container without an image
- Characteristics
- Created from Docker images
- Provide isolation from other containers and the host
- Lightweight, fast, and resource-efficient
- Packaged at the application level (not the full system)
- Example: Run Nginx in Docker
$ docker run -d -p 8080:80 nginx- This single command launches an
Nginxserver in a new containerized environment, without manual installation, setup, or firewall configuration.
- You can have multiple containers (isolated environments / filesystems / network ports etc)
[Host OS]
└── docker-engine
├── container-1 (/var/lib/docker/containers/abc123)
└── container-2 (/var/lib/docker/containers/def456)
Advantages
- Portability of Runtime Environment
- A single image can run consistently on Windows, macOS, Linux, or in the Cloud Engineering.
- Developers only need Docker installed to replicate an environment nearly identical to production locally.
- Fast Container Startup
- Unlike VMs, containers don’t require OS booting, so they start within seconds.
- Ideal for CI pipelines where test containers need to be quickly spun up and torn down.
- Lightweight and Resource-Efficient
- Containers share the host OS kernel, so they use less RAM and disk space, allowing dozens of containers to run on a single server.
- Excellent Integration with Automation Tools + CI/CD
- Works seamlessly with GitHub Actions, Jenkins, GitLab CI, etc., enabling full automation from image build → testing → deployment.
- AWS CodePipeline/AWS CodeBuild ⇒ good but expensive, so usually github actions is more used
- (Now we will have to use CI/CD pipeline within our projects..)
- Perfect for Microservices
- Microservice Architecture (MSA)
- Running each service in its own container allows independent deployment, rollback, and scaling.
- Kinda requires Kubernetes (k8s)
- Open Ecosystem and Community
Tips
- When writing Dockerfiles, structure
COPY,RUN, andCMDclearly to make the best use of build caching. - Use a
.dockerignorefile to exclude unnecessary files from your Git repository (e.g.,node_modules,.git) and improve build performance. - Leverage multi-stage builds to separate development dependencies from runtime binaries, reducing image size.
- For Docker image security, enable vulnerability scanning in registries like Docker Hub or Harbor.
- For team collaboration, standardize the development environment using
docker-compose.
Docker Registries
| Registry Type | Description |
|---|---|
| Docker Hub | Official registry provided by Docker; the most widely used public registry |
| Private Registry | A self-hosted registry within an organization, with authentication and security features |
| Public Registry | Open registry accessible by anyone; requires security and integrity checks |
- Private Registry - A self-hosted registry within an organization, with authentication and security features
- Public Registry - Open registry accessible by anyone; requires security and integrity checks
Docker Hub (Official Registry)
What
Docker’s official image registry
- Default cloud library for Docker images
- Like github ⇒ it’s a platform for sharing and collaborating on container images
- excellent place to find and learn from official images for almost any software!
- Stuff you can do
- A repository to pull/push images
- Differentiation between Official Images and User Images
- Automated builds (integration with GitHub)
- Image versioning and tag management
- Collaboration features for teams and organizations (including private repositories)
- Running an nginx image from Docker Hub
$ docker pull nginx # Download the image
$ docker run -d -p 80:80 nginx # Run the containerdocker pull nginx- If you don’t specify a repository, Docker Hub is the default
- This is the same as typing
docker pull docker.io/library/nginx
- This is the same as typing
- If you don’t specify a tag,
:latestis the defaultdocker pull nginx:latest
- If you don’t specify a repository, Docker Hub is the default
Components
| Component | Description |
|---|---|
| Repository | The unit for storing images (e.g., library/nginx) |
| Tag | Identifies image versions (e.g., latest, 1.21)- Essential! - if not provided, the default tag is :latest |
| Official Image | High-quality, trusted images maintained by Docker |
| User Image | Custom images uploaded by users |
| Automated Build | Automatically builds images via GitHub integration |
| Organization | Team-based image management functionality |
Official Images vs. User Images
- Official Image
- Built and security-verified directly by (and only by) Docker
- primarily hosted on Docker Hub ⇒ Stored under the
library/namespace; can be used by just specifying the name. - Examples:
nginx,redis,postgres - Used for infrastructure setup
# 'nginx' is actually interpreted as 'library/nginx'
$ docker pull nginx- User Image
- Images pushed by individual users to their Docker Hub accounts.
- Can be uploaded to any registry (Docker Hub, public/private)
- Security and quality may be lower than official images, so verification is recommended.
- Example:
username/my-custom-app:latest - Used for internal testing, deployment, etc
Docker Hub tips
- You can search and pull images without logging into Docker Hub, but a Docker account is required to push images.
- Official images are well-maintained with security patches, but don’t always rely on the latest tag (
tag:latest). It’s good practice to specify a version. - Use Alpine versions to reduce image size.
- Examples:
node:18-alpine,python:3.11-alpine
- Examples:
- Automate
docker login → build → pushin GitHub Actions or Jenkins to maximize deployment efficiency. - Be careful not to push images containing sensitive information to public repositories.
- In CI/CD pipelines, use Access Token-based login to enhance authentication security.
- For team usage, leverage Organization features to manage repository permissions systematically.