Docker image vs container: What are the differences?
Senior Technical Content Marketing Manager
If you are new to Docker, you may wonder how a Docker image differs from a Docker container. Although Docker images and containers have a similar purpose (to package and deploy software efficiently), they have different uses.
An image is a snapshot of an environment, while a container runs the software.
Think of a container as a shipping container for software — it holds important content like files and programs so that an application can be delivered efficiently from producer to consumer. An image is more like a read-only manifest or schematic of what will be inside the container. Docker uses images to create containers and containers to run the applications.
This article will explore the differences between Docker images and containers, to help you understand how and when to use each.
Docker overview
One of the biggest benefits of containerization is that it helps developers to package their apps with all dependencies needed to run on any Linux distribution. Tools like Docker, Flatpak, and Snaps all have the same goal of making it easier to build, manage, and distribute containerized software.
Docker is similar to virtual machines in the way it creates multiple instances of an operating system. However, Docker lets you create containers that run on the same operating system. So, more containers than virtual machines can run on a given hardware combination. Multiple containers can run simultaneously, each based on the same or different images.
Docker containers can even run within virtual machines. Docker provides an additional layer of abstraction and automation versus creating a virtual machine, making it easier to use. You can learn more about containers and virtual machines in Containers vs virtual machines (VMs): What is the difference?
Docker’s popularity has increased among developers and system administrators because it encompasses the application’s complete filesystem with all its dependencies. This setup enables immutable infrastructure. It guarantees that deployments are idempotent — they will stay exactly the same no matter how many times you repeat the operation.
A Docker daemon runs in the background to manage images, containers, and more. A client and the daemon communicate using sockets or through a RESTful API.
What is a Docker image?
Images are read-only templates containing instructions for creating a container. A Docker image creates containers to run on the Docker platform.
Think of an image like a blueprint or snapshot of what will be in a container when it runs.
An image is composed of multiple stacked layers, like layers in a photo editor, each changing something in the environment. Images contain the code or binary, runtimes, dependencies, and other filesystem objects to run an application. The image relies on the host operating system (OS) kernel.
For example, to build a web server image, start with an image that includes Ubuntu Linux (a base OS). Then, add packages like Apache and PHP on top.
You can manually build images using a Dockerfile, a text document containing all the commands to create a Docker image. You can also pull images from a central repository called a registry, or from repositories like Docker Hub using the command docker pull [name].
When a Docker user runs an image, it becomes one or multiple container instances. The container’s initial state can be whatever the developer wants — it might have an installed and configured web server, or nothing but a bash shell running as root. In practice, though, most images include some preconfigured software and configuration files.
Docker images are immutable, so you cannot change them once they are created. If you need to change something, you’ll have to start with a new container that includes your updates, and then save these updates as a new image. Alternatively, you can use an existing image to start a new container and make your changes in this new container.
After successfully building an application, Docker can further export images into other images. Images derived from each other are usually called parent and child images.
To distinguish related images, you can use tags like ubuntu:latest or ubuntu:14.04, for example. An image may have multiple tags, but each tag is unique.
Images themselves do not run, but you can create and run containers from a Docker image.
What is a container?
A container is an isolated environment where an application runs without affecting the rest of the system and without the system impacting the application.
Because they are isolated, containers are well-suited for securely running software like databases or web applications that need access to sensitive resources, without giving access to every user on the system.
Since the container runs natively on Linux and shares the host machine’s kernel, it is lightweight, so it doesn’t use more memory than other executables. If you stop a container, it will not automatically restart unless you configure it that way.
Containers can be much more efficient than virtual machines because they don’t need the overhead of an entire operating system. They share a single kernel with other containers and boot in seconds instead of minutes.
You can use containers for packaging an application with all the components it needs, then ship it all out as one unit. This approach is popular because it eliminates the friction between development, QA, and production environments, enabling teams to ship software faster.
Building and deploying applications inside software containers eliminates “it works on my machine” problems when collaborating on code with fellow developers. Since containers ensure consistency across various computing environments, users can rest assured that their application will run the same way everywhere, regardless of where it is deployed.
Docker containers can also run on any infrastructure and in any cloud. You can isolate applications and their underlying infrastructure from other applications, giving you enhanced security and control.
Docker images vs. containers
A Docker image is a blueprint of code that is executed in a Docker container. To use Docker, you add layers of core functionalities to a Docker image that are then used to create a running container.
In other words, a Docker container is a running instance of a Docker image. You can create many containers from the same image, each with its own unique data and state.
Using containers standardizes and simplifies development, operations, and testing. To use containers effectively, make sure developers, operations engineers, and testers create consistent environments.
One of the best ways to ensure consistency across development, testing, and production environments is to automate building, testing, and deployment processes with continuous integration and continuous delivery (CI/CD).
With a CI/CD platform like CircleCI, you can automatically build Docker images as part of your development process. This ensures that every code commit triggers an automated workflow that includes building a Docker image, running automated testing on the image, and, if the tests pass, pushing the image to a Docker registry.
This automation not only speeds up the development cycle but also improves the reliability and consistency of the software being deployed.
CircleCI offers features such as Docker layer caching, which can significantly reduce build times by reusing the unchanged layers of your Docker images across builds. This is particularly useful when working with large images or when frequently updating images with small changes.
For example, CircleCI can build Docker images and push them to a container image registry like Docker Hub. From there, it can instantiate the images into containers in Kubernetes, OpenShift, or elsewhere.
The flow works like this:
- You commit changes to your Git repo.
- This commit triggers a CircleCI build job that checks out the source code from Git and runs unit tests on the code.
- If the unit tests pass, CircleCI pushes the built image to Docker Hub.
- If the unit tests fail, CircleCI alerts the developer and stops the workflow.
Features like Docker layer caching and test splitting can also help you build and test your images faster, speeding time to deployment. To learn more about the benefits of using a continuous integration platform to orchestrate your Docker builds, tests, and deploys, visit How to build a CI/CD pipeline with Docker.
Conclusion
Understanding the distinction between Docker images and containers is essential for developers and system administrators aiming to leverage Docker’s capabilities for efficient software deployment. While Docker images serve as the static blueprints for creating containers, it’s the containers themselves that bring these blueprints to life, running applications in isolated, consistent environments across different infrastructures.
Now that you understand the differences between Docker images and containers, you can make the most of the Docker platform. Automating with Docker helps you to deliver software faster and free up developer time to create new application features. Learn more about how CircleCI’s Docker and Kubernetes integrations can improve the efficiency of your software development process, and sign up for a free account to start optimizing your deployment strategies today.
