Docker

Docker revolutionized software deployment by making containers accessible to developers, enabling consistent environments from development laptops to production servers.

Why it matters

• Eliminates "works on my machine" problems by packaging applications with their complete runtime environment.
• Enables microservices architectures by making it trivial to deploy isolated, single-purpose services.
• Dramatically improves resource utilization compared to virtual machines—containers share the host kernel.
• Accelerates development cycles with instant container startup times (seconds vs. minutes for VMs).

Key concepts

• Image: Read-only template containing application code, runtime, libraries, and configuration.
• Container: Running instance of an image with its own isolated filesystem, networking, and process space.
• Dockerfile: Text file with instructions for building an image layer by layer.
• Docker Compose: Tool for defining and running multi-container applications with a YAML file.
• Registry: Repository for storing and distributing images (Docker Hub, Amazon ECR, GitHub Container Registry).

Common commands

• docker build: Create an image from a Dockerfile.
• docker run: Start a container from an image.
• docker ps: List running containers.
• docker compose up: Start all services defined in docker-compose.yml.

Security considerations

• Use minimal base images (Alpine, distroless) to reduce attack surface.
• Never run containers as root—use USER directive in Dockerfiles.
• Scan images for vulnerabilities before deployment.
• Don't embed secrets in images—use environment variables or secret management tools.
• Enable content trust to verify image signatures.

Best practices

• Keep images small by using multi-stage builds.
• Pin specific versions in FROM statements rather than using :latest.
• Use .dockerignore to exclude unnecessary files from build context.
• Implement health checks for production containers.
• Follow the one-process-per-container principle.