Docker images vs containers explained
image definition, container definition, image layers, read-only vs read-write layer, image tags, container lifecycle
Images and Containers Are Not the Same Thing
An image is a read-only template โ a snapshot of a filesystem plus metadata. A container is a running instance of that image. The relationship is exactly like a class and an object in OOP: one image can spawn hundreds of containers.
Layered Filesystem
Images are built in layers. Each instruction in a Dockerfile adds one layer. Layers are cached and shared across images, which is why pulling node:20 after already having node:18 is fast โ the base layers are already on disk.
When a container starts, Docker adds a thin read-write layer on top of the image layers. Any files you write inside the container go into this layer. When the container is deleted, that layer is gone too โ images are never mutated.
Image Tags
docker pull nginx:1.25 # specific version
docker pull nginx:latest # latest stable
docker pull nginx:alpine # alpine-based smaller image
Tags are just labels pointing to a specific image digest. latest is just a convention โ it is not guaranteed to be the newest build.
Inspect Images and Containers
docker images # list local images
docker ps # list running containers
docker ps -a # list all containers including stopped ones