Docker Container and Image Fundamentals: Concepts, Commands, and Layer Management

Docker containers are built from an image plus a writable layer, forming a running container that isolates processes and file‑system changes.

Basic concepts : an image consists of a stack of read‑only layers; a container adds a read‑write layer on top of the image. The relationship can be expressed as container = image + read‑write layer .

Each layer contains metadata (size, creation command, parent pointer) and the topmost layer is mutable. The layered file system enables efficient storage and reuse of common layers across containers.

Common Docker commands (illustrated with screenshots in the source):

$ docker create
$ docker start
$ docker run
$ docker ps               # list running containers
$ docker ps -a            # list all containers
$ docker images           # list top‑level images
$ docker images -a        # list all images (including intermediate layers)
$ docker image prune
WARNING! This will remove all dangling images.
Are you sure you want to continue? [y/N] y
$ docker image prune -a   # remove all unused images
$ docker commit
# turn a container’s writable layer into a new read‑only image
$ docker save -o myimage.tar
$ docker load -i myimage.tar
$ docker export
# export container as a tar without metadata
$ docker import
# import a tar as an image
$ docker history
# show the build history of an image
$ docker build -t myapp -f Dockerfile .
$ docker exec -it
/bin/sh   # run a command inside a running container
$ docker rm
# remove a stopped container

Dockerfile example (excerpt from the source):

FROM csighub.tencentyun.com/medipedia/medi-saas-go:latest
RUN mkdir -p /app/logs/
ADD pop-admin-server /usr/local/services/pop-admin-server/
COPY script/supervisord.ini /etc/supervisord.d/
COPY script/kick_start.sh /etc/kickStart.d/
RUN mkdir -p /usr/local/services/pop-admin-server/importfile
RUN mkdir -p /usr/local/services/pop-admin-server/upload
ENV GOLANG_PROTOBUF_REGISTRATION_CONFLICT warn
ENV LANG en_US.UTF-8

Each Dockerfile instruction creates a new read‑only layer; the final image consists of all these layers plus a top writable layer when a container is started.

Inspecting layers : the docker history command lists each layer’s creation command, size, and comment, helping to understand why many <none> entries appear in docker images -a .

Backup and migration : a container can be committed to an image, saved as a tar file, transferred to another host, and loaded back:

docker commit mynginx mynginx_i
docker save -o mynginx.tar mynginx_i
docker load -i mynginx.tar

These steps illustrate how Docker’s layered architecture supports efficient image reuse, versioning, and portable deployment.