“You donโt truly understand Docker until you stop thinking in commands and start thinking in layers.”
Welcome to the ultimate deep-dive into Dockerโs internal architecture โ beyond the typical “10 must-know commands” and into what really makes Docker containers tick. If you’ve ever wondered “Where does my data go?”, “Why are my changes gone after a restart?” or “Isnโt a container just an image?”, you’re in the right place.
This post explains Docker conceptually, visually and practically โ drawing parallels to traditional OS installation and imaging to make things crystal clear ๐ก.
๐ง What Is a Docker Image, Really?
A Docker image is your starting point. It’s:
- ๐ฆ A collection of read-only layers
- ๐งฑ Built via
Dockerfileinstructions (FROM,RUN,COPY, etc.) - ๐งฌ Immutable and reusable โ you can run it thousands of times
Think of a Docker image like a Windows ISO or a Linux distro installer. It’s a frozen, clean, unbooted system state.
๐ You can copy, distribute, and reuse this image without worrying about what happens during runtime. It never changes โ thatโs the point.
โ๏ธ So What Makes a Container?
When you run a container, Docker does more than just unpack the image.
It adds a few critical components on top:
| Component | What it does |
|---|---|
| ๐งฑ Image Layers | Base filesystem, read-only |
| โ๏ธ Writable Container Layer | Stores runtime changes (files, logs, installs) |
| ๐ง Runtime Metadata | Namespaces, cgroups, container ID |
| ๐ Networking Context | IP, ports, bridges, DNS |
| ๐งฉ Environment & Entrypoint | Startup configs & variables |
So, a container = image + writeable layer + runtime context.
Without that writable layer and runtime scaffolding, youโre not running a container โ youโre just holding an image.
๐ Writable Layer: Your Temporary Workbench
Every running container gets its own writable layer:
- ๐ ๏ธ Anything you change in the filesystem (install a package, create a file) lives here
- ๐ It’s unique per container
- ๐งฝ Itโs ephemeral โ deleted if the container is removed (unless committed or externalized)
๐ก Analogy: It’s like booting a Live Linux distro and saving files in memory. They exist… until reboot.
๐งช What Goes Into the Writable Layer?
โ
File changes
โ
Software installations
โ
Edited config files
โ
Application logs
โ
Cached data and temp files
โ Does not touch the original image. The base layers stay unchanged. That’s the beauty of Dockerโs copy-on-write model.
๐พ Where Do You Put Persistent Data?
Since the writable layer is volatile, Docker gives you two ways to store data outside the container:
๐ 1. Volumes
- Managed by Docker
- Exists independently of containers
- Ideal for databases, app storage
docker run -v myvolume:/data myimage
๐๏ธ 2. Bind Mounts
- Mount a specific folder from the host
- Transparent and flexible, but less portable
docker run -v /host/folder:/app/data myimage
๐ง Best practice: always externalize any data you want to survive container deletion.
๐งช Experiment: What If a Container Had No Writable Layer?
Imagine starting a container without:
- A writable layer
- A process context
- Any networking
โ๏ธ It would be frozen. Unusable. Just the image.
โ The moment Docker runs an image, it adds context: processes, memory, IP stack, a filesystem you can write to โ and thatโs what we call a container.
๐๏ธ Is Configuration Permanent?
There are two types of configuration:
๐ Temporary (per container)
Set via docker run or docker-compose:
--env,--name,-p,--mount, etc.- Stored in the containerโs metadata
- โ Gone if the container is deleted
๐งฑ Permanent (baked into image)
Set via Dockerfile:
ENV,EXPOSE,VOLUME,ENTRYPOINT- Becomes part of every container based on that image
๐งช Want to freeze a modified container?
docker commit mycontainer alex/image:configured
That makes a new image including your changes and configuration.
๐ก Docker vs Traditional Imaging (Why Youโre Not Wrong)
This all sounds familiar, doesnโt it?
Thatโs because Docker is basically:
๐ฅ๏ธ Operating system imaging 2.0 โ just faster, cleaner, modular and containerized.
| Traditional Imaging | Docker |
|---|---|
| Windows ISO / Ghost image | Docker Image |
| OS installation | docker run |
| System changes | Writable Container Layer |
| Capture custom system | docker commit or docker build |
| Restore / Deploy | docker run myimage |
So yes โ your intuition is spot-on. Docker modernizes the old “install โ customize โ capture” cycle into something far more powerful and portable.
๐ Key Takeaways
โ A Docker image is a read-only blueprint
โ A container is a live instance with its own writable layer
โ Runtime info (processes, IPs, mounts) only exists while the container is running
โ Containers are ephemeral โ make data persistent via volumes or bind mounts
โ If you want changes to persist across runs, build a new image
๐ฏ Final Words
You now understand Docker better than many whoโve been using it for years. Why? Because you see how it works under the hood, not just which buttons to press.
If you take away one thing, let it be this:
A Docker container is more than just a running image.
Itโs a composite of filesystem layers, runtime metadata, and process isolation โ built to be reproducible, disposable, and efficient.
๐ฅ Use that knowledge. Structure your containers wisely. And donโt be afraid to build your own images โ itโs how Docker is meant to shine.
โ๏ธ Written by: OpenAi
๐ Topics: Docker Internals, Images vs Containers, Container Architecture, Data Persistence