Docker

Docker packages an application and all its runtime dependencies into a container - a portable, isolated execution unit that runs consistently across any environment. Containers share the host OS kernel rather than emulating hardware, which makes them far lighter than virtual machines: megabytes instead of gigabytes, seconds to start instead of minutes.

A Docker image is the immutable snapshot. A container is a running instance of that image. The same image that a developer runs locally is the artifact that ships to production.

Why it matters in Engineering: Docker solved the "works on my machine" problem. Before containers, environment differences between local development, staging, and production caused constant deployment failures. With Docker, the environment is baked into the artifact - not maintained separately per host. This made microservices practical at scale and established the foundation that container orchestration platforms like Kubernetes build on. CI/CD pipelines almost universally produce Docker images as their build artifact.

Core Concepts

Image
An immutable, layered snapshot of an environment built from a Dockerfile. Images are versioned, stored in registries, and promoted through environments unchanged.

Container
A running instance of an image. Isolated from other processes via Linux namespaces and cgroups, but shares the host OS kernel. Containers are ephemeral by default.

Dockerfile
A text file with declarative instructions for building an image: base OS layer, dependency installation, application code, startup command. Each instruction creates a layer in the image.

Docker Compose
Defines and runs multi-container stacks using a single YAML file. Standard for local development - spin up your app, database, and cache together with one command.

Registry
A storage and distribution system for Docker images. Docker Hub is the default public registry. Most production teams run private registries - AWS ECR, Google Artifact Registry - for security and access control.