Skip to main content

Overview

There are many terms related to containers, such as Docker, images, Kubernetes, build, and run, to name a few. This guide assumes you have a basic understanding of what containers are. You have probably heard of them and have pulled an image and run a container from it.

Let's say you have an app that you want to ship for your customers to use. You can create an image that contains all the code and required dependencies. This is called an image. There are standard images set by the Open Container Initiative. When you actually want to run your application, you use the image and run it as a container.

There are several tools you can use with images and containers, such as Docker, Docker Swarm, Kubernetes, ACA, and Docker Desktop. Docker is used to build your image, which you can then push to a container registry. You can use an orchestrator tool like Kubernetes, ACA, or Docker Desktop to pull the image from the container registry and run it as a container. People are starting to move to using Podman instead of Docker because Podman does not require a daemon to run containers, which can improve security and resource efficiency. But if are using OCI Images you can easily switch between the two.

  • Docker: A platform used to build, ship, and run containers. It uses a daemon to manage containers.
  • Docker Desktop: An application for MacOS and Windows machines for the building and sharing of containerized applications and microservices.
  • Docker Swarm: A native clustering and scheduling tool for Docker containers.
  • Kubernetes: An open-source system for automating the deployment, scaling, and management of containerized applications.
  • ACA (Azure Container Apps): A fully managed serverless container service for building and deploying modern apps at scale.
  • Podman: A daemonless container engine for developing, managing, and running OCI Containers on your Linux System. It is considered more secure and resource-efficient compared to Docker because it does not require a running daemon.

As mentioned earlier, an image read-only container template can include all the application code, supporting dependencies, and the base operating system. So images are a bunch of layers and manifest file.When you pull an image from a registry, it retrieves the manifest to determine which layers to download, then proceeds to pull each layers with corresponding image. Each image is hashed so you can check if the image has been modified. When a container is created, it uses a storage driver to merge layers together. Typically, this involves using OverlayFS or Block. For example, the host machine could be running Ubuntu, while the base layer might use Alpine. Additional layers, such as application code, dependencies, and configuration, are stacked on top. The storage driver then merges these layers into a single unified file system within the container. Think of images as definitions of what layers make up a image.These images can be executed by an orchestrator tool, which runs them as containers.

Basic Overview of Images