Fading Coder

One Final Commit for the Last Sprint

Home > Tech > Content

Core Docker Operations: Images, Containers, and Runtime Management

Tech Jul 3 1

Docker is a platform for developing, shipping, and running applications inside lightweight, isolated environments called containers. Built on Linux kernel primitives—primarily namespaces and cgroups—it enables process-level isolation without the overhead of full virtualization.

Key Architectural Foundations

Docker leverages two core Linux kernel features:

  • Namespaces: Provide isolation boundaries across six domains:
    • pid: Isolates process IDs
    • net: Separates network interfaces, routing tables, and ports
    • mnt: Encapsulates mount points and filesystem views
    • ipc: Segregates inter-process communication resources (e.g., message queues)
    • uts: Insulates hostname and domain name
    • user: Maps host UIDs/GIDs to container-local identities
  • Cgroups (Control Groups): Enforce resource constraints—CPU shares, memory limits, I/O bandwidth—on containerized workloads.

Core Abstractions

Images

An image is an immutable, layered filesystem snapshot that defines how a container should execute. It includes application binaries, dependencies, configuration, and metadata. Images are built from Dockerfiles or committed from running containers and stored in registries.

Containers

A container is a runnable instance of an image. Each runs as an isolated process tree under the host OS kernel, with its own network stack, filesystem view, and process namespace—but no guest OS.

Registries

Centralized repositories for storing and distributing images. Public options include Docker Hub; private alternatives include Harbor, Amazon ECR, and Alibaba Cloud Container Registry (ACR).

Installation (CentOS 7 Example)

Disable conflicting services and SELinux:

sudo systemctl disable --now firewalld
sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

Configure Aliyun package mirrors:

cd /etc/yum.repos.d
sudo mv local.repo repo.bak
sudo curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

Install prerequisites and Docker CE:

sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo yum install -y docker-ce docker-ce-cli containerd.io
sudo systemctl enable --now docker

Image Lifecycle Management

Search and pull:

docker search redis
docker pull redis:7.2-alpine
docker pull nginx:1.25

List and inspect:

docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedAt}}"
docker inspect redis:7.2-alpine | jq '.[0].RootFS.Layers'

Tag and export:

docker tag redis:7.2-alpine myregistry.example.com/app/redis:stable
docker save -o /tmp/redis-stable.tar redis:7.2-alpine

Import and load:

docker load -i /tmp/redis-stable.tar
cat /tmp/nginx-exported.tar | docker import - nginx:imported

Push to registry:

docker login registry.cn-hangzhou.aliyuncs.com
docker tag nginx:1.25 registry.cn-hangzhou.aliyuncs.com/myteam/nginx:prod
docker push registry.cn-hangzhou.aliyuncs.com/myteam/nginx:prod

Container Orchestration Basics

Create and run:

docker create --name db-redis -p 6379:6379 -d redis:7.2-alpine
docker start db-redis

Or launch directly with run:

docker run -d --name web-nginx -p 8080:80 -v /var/www:/usr/share/nginx/html nginx:1.25

Interact and debug:

docker exec -it web-nginx sh
docker logs -f web-nginx
docker cp ./config.conf web-nginx:/etc/nginx/conf.d/default.conf

Manage state:

docker stop web-nginx
docker rm web-nginx
docker rm $(docker ps -aq --filter "status=exited") -f

Runtime Behavior Notes

Containers remain active only while their PID 1 process is alive. If the main process exits, the container terminates—even if background tasks continue. To keep a container running without foreground activity, use:

docker run -d alpine tail -f /dev/null

The docker run workflow internally perfomrs these steps:

  1. Verifies presence of requested image locally; pulls if missing
  2. Mounts overlay2 layers: read-only image layers + writable top layer
  3. Attaches virtual network interface via docker0 bridge
  4. Assigns IPv4 address from default subnet (172.17.0.0/16)
  5. Executes entrypoint/command, binding stdout/stderr to logging driver
Tags: docker

Related Articles

Understanding Strong and Weak References in Java

Strong References Strong reference are the most prevalent type of object referencing in Java. When an object has a strong reference pointing to it, the garbage collector will not reclaim its memory. F...

Comprehensive Guide to SSTI Explained with Payload Bypass Techniques

Introduction Server-Side Template Injection (SSTI) is a vulnerability in web applications where user input is improper handled within the template engine and executed on the server. This exploit can r...

Implement Image Upload Functionality for Django Integrated TinyMCE Editor

Django’s Admin panel is highly user-friendly, and pairing it with TinyMCE, an effective rich text editor, simplifies content management significantly. Combining the two is particular useful for bloggi...

Leave a Comment

Anonymous

◎Feel free to join the discussion and share your thoughts.