Understanding Docker: Architecture, Images, Containers, Compose, Swarm and Their Relationship to Kubernetes

As a programmer, installing a simple tool like vim requires different commands on different Linux distributions (e.g., apt-get install vim on Ubuntu, yum install vim on CentOS). Deploying your own code to various servers involves even more environment‑specific dependencies, making manual scripts cumbersome.

The solution is to add an intermediate layer: Docker . Docker provides a container layer that packages both the application and its runtime environment.

Docker containers are essentially isolated processes that share the host kernel but contain their own user‑space libraries and configurations.

What is Docker?

Programmers often encounter the problem "the program works on my machine but not on yours" because the program depends on the operating system and its libraries, collectively referred to as the environment . Docker packages the program together with a consistent environment, eliminating this discrepancy.

What is a Base Image?

A base image is a minimal filesystem that includes only the essential operating‑system components and language runtimes needed for an application. By selecting a base OS (e.g., Ubuntu or CentOS) and the required language runtime (e.g., Python, Java), you create a reusable foundation for building images.

What is a Dockerfile?

A Dockerfile is a plain‑text list of commands that describe how to assemble an image. It specifies the base image, copies files, installs dependencies, and defines the command to run the application. Example:

# Specify base image
FROM python:3.9

# Set working directory
WORKDIR /app

# Copy dependency file
COPY requirements.txt .

# Install additional packages
RUN yum install gcc
RUN pip install --no-cache-dir -r requirements.txt

# Copy application source
COPY . /app

# Define container start command
CMD ["python", "app.py"]

When you run docker build , Docker reads the Dockerfile and builds the image layer by layer.

What is a Container Image?

After building, Docker produces a container image , a portable package that can be transferred to any server. The image can be pulled and run, providing the exact environment the application needs.

What is a Registry?

A registry stores and distributes images. You push images with docker push and pull them with docker pull . Public registries like DockerHub or private ones (e.g., TUNA at Tsinghua University) serve this purpose.

What is a Container?

Running docker pull retrieves an image, and docker run creates an isolated container from that image, giving you a self‑contained environment and application process.

Docker vs. Virtual Machines

Unlike traditional VMs that bundle a full OS, containers only include the necessary user‑space components and share the host kernel. Namespaces provide isolation, while cgroups limit resource usage.

Docker Architecture

Docker follows a client‑server model. The Docker CLI parses commands and talks to the Docker daemon via a RESTful API. The daemon consists of a server layer (HTTP API) and an engine layer that creates jobs to perform tasks.

docker build

The build job reads the Dockerfile and constructs the image layer by layer, similar to stacking onion skins.

docker pull / push

These jobs interact with a Docker Registry to download or upload images.

docker run

The run job invokes containerd and runC to create and start a container from an image.

What is Docker Compose?

Docker Compose lets you define multiple containers, their startup order, and resource limits in a single YAML file. Example:

version: "3.8"

services:
  A:
    image: "some-image-for-a"
    deploy:
      resources:
        limits:
          cpus: "0.50"   # limit CPU to 50%
          memory: 256M    # limit memory to 256 MB

  B:
    image: "some-image-for-b"
    depends_on:
      - A

  C:
    image: "some-image-for-c"
    depends_on:
      - B

Running docker-compose up parses the YAML and launches the containers in the defined order, deploying an entire service stack with a single command.

What is Docker Swarm?

Docker Swarm extends Docker Compose to multiple hosts, providing clustering, high‑availability, and scaling. If one node fails, services are redeployed on another node.

Docker and Kubernetes Relationship

Kubernetes (k8s) also orchestrates containers across clusters. Docker containers become Pods in Kubernetes, and Docker Compose stacks correspond to single Pods. Swarm and k8s are competing orchestration solutions, with k8s offering broader support for different container runtimes.

Summary

Docker packages programs and their environments into portable containers, which are isolated processes using the host kernel.

Dockerfile describes dependencies; docker build creates images; docker push/pull handle distribution; docker run starts containers.

Docker solves single‑container deployment, Docker Compose handles multi‑container services, Docker Swarm manages multi‑host clusters, and Kubernetes provides a more feature‑rich, vendor‑agnostic orchestration platform.

The article condenses a large amount of Docker knowledge into a concise, easy‑to‑understand guide.