Docker image

What is a Docker image?

A Docker image is a file used to execute code in a Docker container. Docker images act as a set of instructions to build a Docker cotainer, such as a template. Docker images also act as the starting point when using Docker. An image is comparable to a snapshot in virtual machine (VM) environments.

Docker is an open source project that's used to create, run and deploy applications in containers. A Docker image contains application code, libraries, tools, dependencies and other files needed to make an application run. When a user runs an image, it can become one or many instances of a container. A Docker daemon operates in the background to oversee images, containers and related tasks. Communication between a client and the daemon is facilitated through sockets or a RESTful API.

Layers of Docker images

Docker images have multiple layers, each originating from the previous layer but different. The layers speed up Docker builds while increasing reusability and decreasing disk use. Layers help to avoid transferring redundant data and skip any build steps that haven't been changed per the Docker cache.

Image layers are also read-only files. Once a container is created, a writable layer is added on top of the unchangeable images, letting a user make changes.

References to disk space in Docker images and containers can be confusing. It's important to distinguish between size and virtual size. Size refers to the disk space that the writable layer of a container uses, while the virtual size is the disk space used for the container and the writeable layer. The read-only layers of an image can be shared between any container started from the same image.

Docker image use cases

A docker image provides a wide range of use cases which provide the following benefits:

  • Development and deployment efficiency. A Docker image has everything needed to run a containerized application, including code, config files, environment variables, libraries and runtimes. When the image is deployed to a Docker environment, it can be executed as a Docker container. The docker run command creates a container from a specific image.
  • Consistency. Docker offers a consistent environment for applications, letting them function consistently across all environments from development to production. Also, Docker's parity feature ensures that images function the same regardless of the server or laptop they're running on, which saves time when configuring environments and troubleshooting issues that are unique to each one.
  • Platform independence. A Docker image is a cross-platform image. For example, it can be created in the Windows environment, submitted to the Docker hub and fetched by users running Linux and other operating systems (OSes).
  • Portability. Docker images are lightweight, small and fast, which makes them extremely portable across all different versions of Linux, laptops or the cloud.
  • Speed and agility. Docker enables users to create and deploy containers instantly, without the need to boot the OS. With the ability to easily create, destroy, stop or start containers and automate deployment through YAML configuration files, Docker streamlines infrastructure scaling. By using container images throughout the pipeline and enabling non-dependent jobs to perform concurrently, it speeds up CI/CD pipelines, resulting in a faster time to market and increased productivity.
  • Isolation and security. Docker images provide isolation by running applications in containers. Because each container has its own filesystem, processes and network stack, dependencies and programs are kept separate from both the host system and each other. This isolation improves security and prevents conflicts between applications.
  • Versioning and rollback. Docker's change-committing and version-controlling capabilities enable instant rollback to previous versions if new changes disrupt the environment.
  • Reusability. Docker images are a reusable asset deployable on any host. Developers can take the static image layers from one project and use them in another. This saves the user time because they don't have to recreate an image from scratch.
  • Scalability. By spinning up several instances of containers, Docker images facilitate easy horizontal application scaling. With the use of orchestration and management options such as Docker Swarm or Kubernetes, organizations can automate load balancing and scaling in response to demand.

Docker container vs. Docker image

Docker containers and Docker images are both fundamental concepts in Docker that execute unique characteristics. The main differences between a Docker container and a Docker image include the following.

Docker container

  • A Docker container is a virtualized runtime environment used in application development.
  • It's used to create, run and deploy applications that are isolated from the underlying hardware.
  • A Docker container can use one machine, share its kernel and virtualize the OS to run more isolated processes. As a result, Docker containers are lightweight.
  • Docker containers can be scaled rapidly to meet the demands of a changing workload. This makes them suitable for microservices architectures and cloud-native applications.

Docker image

  • A Docker image is similar to a snapshot in other types of VM environments. It's a record of a Docker container at a specific point in time.
  • Docker images are also immutable. While they can't be changed, they can be duplicated, shared or deleted. This feature is useful for testing new software or configurations because whatever happens, the image remains unchanged.
  • Containers are dependent on Docker images and need a runable image to exist because images are used to construct runtime environments and are needed to run an application.
  • Docker images are created with the build command and are housed in a Docker registry. Because of their layered structure where multiple layers of images are built upon one another, they require minimal data transfer across networks.

Anatomy of a Docker image

A Docker image has many layers. Each image includes everything needed to configure a container environment, including system libraries, tools, dependencies and other files. The parts of an image include the following:

  • Base image. The user can build this first layer entirely from scratch with the build command. A base image functions as the initial empty layer, facilitating the construction of Docker images from the ground up. While providing full control over image contents, base images are generally tailored for users with advanced Docker skills.
  • Parent image. As an alternative to a base image, a parent image can be the first layer in a Docker image. It's a reused image that serves as a foundation for all other layers. A standard parent image typically consists of a bare-bones Linux distribution or comes with an installed service, such as a content management system or database management system.
  • Layers. Layers are added to the base image using code that enables it to run in a container. Each layer of a Docker image is viewable under /var/lib/docker/aufs/diff or via the Docker history command in the command-line interface (CLI). Docker's default status is to show all top-layer images, including repository, tags and file sizes. Intermediate layers are cached, making top layers easier to view. Docker storage drives manage the image layer contents.
  • Container layer. A Docker image creates not only a new container but also a writable or container layer. This layer hosts changes made to the running container, and it stores newly written and deleted files as well as changes to existing files. This layer is also used to customize containers.
  • Docker manifest. This part of the Docker image is an additional file. It uses JavaScript Object Notation format to describe the image, using information such as image tags, digital signatures and instructions on how to set up the container for various platform types.
Dockerfile showing what's included in the Docker image to run HTTP server.
This shows what an image to run an HTTP server program for Apache might look like.

Docker image repositories

A Docker image repository is a central location where Docker images are stored and managed. The images get stored in private or public repositories, such as those in the Docker Hub registry, from which users can deploy containers and test and share images. Docker Hub's Docker Trusted Registry also provides image management and access control capabilities.

Official images are ones Docker produces, while community images are images Docker users create. Datadog/docker-dd-agent, a Docker container for agents in the Datadog Log Management program, is an example of a community Docker image.

Users can also create new images from existing ones and use the docker push command to upload custom images to the Docker Hub. To ensure the quality of community images, Docker provides feedback to authors prior to publishing. Once the image is published, the author is responsible for updates. Authors must be cautious when sourcing an image from another party because attackers can gain access to a system through copycat images designed to trick a user into thinking they're from a trusted source.

The concept of a latest image can also cause confusion. Docker images tagged with :latest aren't necessarily the latest in an ordinary sense. The latest tag doesn't refer to the most recently pushed version of an image; it's simply a default tag.

How to create a Docker image

Docker images can be created using either an interactive or Dockerfile method.

Interactive method

The interactive method is the easiest way to create docker images. With this method, users run a container from an existing Docker image and manually make any needed changes to the environment before saving the image. This approach is useful for scenarios where a more hands-on, live approach to image creation is preferred, enabling direct manipulation and customization of the container environment.

The following steps are involved in creating a Docker image:

  1. Launch Docker and open a terminal session.
  2. Use the Docker run command image_name:tag_name. This starts a shell session with the container that was launched from the image. If the tag name is omitted, Docker uses the most recent version of the image.
  3. After this, the image should appear listed in results.

Dockerfile method

A Dockerfile is a text-based file with no file extension that contains a script of instructions Docker uses to build a container image. This process is more difficult and time-consuming, but it does well in continuous delivery environments. The method includes creating the Dockerfile and adding the commands needed for the image.

The following are the steps involved in creating a Docker image:

  1. Once the Dockerfile is started, the user sets up a .dockerignore file to exclude any files not needed for the final build. The .dockerignore file is in the root directory.
  2. The Docker build command is used to create a Docker image, and an image name and tag are set.
  3. The Docker images command is used to see the created image.

Docker image commands

There are sets of primary Docker image commands, categorized as child commands; some include the following:

  • Docker image build. Builds an image from a Dockerfile.
  • Docker image inspect. Displays information on one or more images.
  • Docker image load. Loads an image from a tar archive or streams for receiving or reading input. This also known as STDIN.
  • Docker image prune. Removes unused images.
  • Docker image pull. Pulls an image or a repository from a registry.
  • Docker image push. Pushes an image or a repository to a registry.
  • Docker image rm. Removes one or more images.
  • Docker image save. Saves one or more images to a tar archive and is streamed to normal output, or STDOUT, by default.
  • Docker image tag. Creates a tag TARGET_IMAGE that refers to SOURCE_IMAGE.

The Docker CLI provides commands that are used to customize Docker images. Examples of Docker image commands include the following:

  • Docker image history. Shows the history of an image, including changes made to it and its layers.
  • Docker update. Updates the configuration of containers.
  • Docker tag. Creates a tag, such as TARGET_IMAGE, to group and organize container images.
  • Docker search. Looks in Docker Hub for whatever the user needs.
  • Docker save. Saves images to an archive.
  • Docker compose. Handles an environment variable.

Both Docker and OpenShift serve as containerization tools, each with its own set of strengths and weaknesses. Delve into their main differences to make well-informed business decisions.

This was last updated in May 2024

Continue Reading About Docker image

Dig Deeper on Containers and virtualization

Software Quality
App Architecture
Cloud Computing
Data Center