Introduction
Docker is an application virtualization platform that simplifies application development, testing, and deployment. The central unit of a Docker deployment is a container, an image-based abstraction that comprises application code and all the dependencies necessary for the code to run.
This article compares Docker images and containers, explains how they are related, and outlines their differences.
What Is a Docker Image?
A Docker image is a read-only (immutable) file that contains the source code, libraries, dependencies, tools, and other files needed for an application to run inside a Docker container. An image can be created from scratch or built on top of a previously existing image. For example, the official Nginx image contains a base OS image (Alpine Linux) with an additional layer containing an Nginx installation.
Users can create and store Docker images locally. However, a more frequent approach is to publish images in a public or private Docker registry, where other team members or end-users can easily access them.
How Does a Docker Image Work?
Docker images are snapshots of an application and its virtual environment. To create an image, the user lists the components in a text file called Dockerfile and then executes the docker build command. After the build process finishes, the image is ready to serve as a base for a container.
A typical Docker image consists of a base image layer and any additional image layers modifying the base. Once the user runs the docker run or docker create command, Docker adds a writable layer on top of the image and creates a container.
Although it is part of the container, the image content remains read-only. Conversely, the container layer has read and write permissions and allows modifications.
The user can transfer the modifications recorded in the container layer to a new image using the docker commit command. During this procedure, Docker converts the container layer into an image layer and places it on top of the previous image layers.
Note: Learn how to use the docker save command to package the content of one or more Docker images and their metadata into a TAR file.
What Is a Docker Container?
A Docker container is a virtualized runtime environment where a user can run an application isolated from the host system. It is a compact, portable unit that provides a quick and practical way to launch apps.
Containers ensure that an application launches in an identical environment regardless of the system that runs it. This property provides consistency and simplifies sharing.
How Does a Docker Container Work?
A user creates a container using the docker run or docker create command on a Docker image. For example, the following command runs a container named example based on an ubuntu image:
docker run -it --name example -d ubuntu:latestEach created container receives a unique ID.
A running container communicates with the Docker engine, the underlying container management platform. The engine helps users manage containers by providing a CLI interface, a REST API, and a daemon (dockerd).
Unlike virtual machines (VMs), which offer hardware-level virtualization, containers virtualize the application layer. This property makes the container a more lightweight solution, which is especially important when deploying microservices.
As shown in the diagram above, virtual machines need a guest OS to run apps because they are entirely isolated from the host OS. On the other hand, the Docker engine connects containers with the host operating system's kernel, thus eliminating significant resource overhead.
Note: If you want to learn more about the difference between virtual machines and containers and decide which is better for you, refer to our article Containers vs. Virtual Machines (VMs): What's the Difference?
Docker Image vs. Container
Images and containers are closely related but distinct Docker objects. Below are some of the essential differences between images and containers:
- Images provide a template for containers and facilitate application sharing and distribution. Containers provide a consistent and isolated environment for apps to run in.
- Images can exist without containers, whereas a container needs to run an image to exist. Therefore, containers depend on images to construct a runtime environment and run an application.
- While images are strictly read-only, containers allow modifications while running.
- Containers support attaching other Docker objects, such as volumes and networks, while images do not.
- Users can share images in various ways, while containers cannot be shared before they have been converted back to images. A running container is limited to the host that runs it.
The following table offers a summed-up list of differences between images and containers.
| Docker Image | Docker Container |
|---|---|
| Used to distribute an app consistently across environments. | Used to run an app in an isolated environment. |
| Represents a snapshot of an application's code and dependencies. | Represents a Docker image instance. |
| Independent object. | Requires an image. |
| Cannot be modified (read-only). | Allows modifications (read-write). |
Created using a Dockerfile and the docker build command. | Created using the docker run or docker create command. |
| Does not support attaching volumes and networks. | Supports attaching volumes and networks. |
| Shareable. | Only shareable if saved as an image. |
| Stored locally or in a Docker registry. | Stored on the host that runs it. |
Conclusion
After reading this article, you should have a basic understanding of Docker images and containers. The article explained their roles in a Docker deployment and provided an overview of their differences.
For more information about Docker images, read How to Create Docker Image from Dockerfile.
