In Docker, what's the difference between a container and an image?

What's the difference between a container and an image in Docker? In the Get started with Docker tutorial these terms are both used, but I do not understand the difference.

Can anybody please shed some light?

Images are frozen immutable snapshots of live containers. Containers are running (or stopped) instances of some image.

Start with the base image called 'ubuntu'. Let's run bash interactively within the ubuntu image and create a file. We'll use the -i and -t flags to give us an interactive bash shell.

$ docker run -i -t ubuntu  /bin/bash
root@48cff2e9be75:/# ls
bin  boot  dev	etc  home  lib	lib64  media  mnt  opt	proc  root  run  sbin  srv  sys  tmp  usr  var
root@48cff2e9be75:/# cat > foo
This is a really important file!!!!
root@48cff2e9be75:/# exit

Don't expect that file to stick around when you exit and restart the image. You're restarting from exactly the same defined state as you started in before, not where you left off.

$ docker run -i -t ubuntu  /bin/bash
root@abf181be4379:/# ls
bin  boot  dev	etc  home  lib	lib64  media  mnt  opt	proc  root  run  sbin  srv  sys  tmp  usr  var
root@abf181be4379:/# exit

But, the container, now no longer running, has state and can be saved (committed) to an image.

$ docker ps -a
CONTAINER ID        IMAGE               COMMAND                CREATED              STATUS                          PORTS                      NAMES
abf181be4379        ubuntu:14.04        /bin/bash              17 seconds ago       Exited (0) 12 seconds ago                                  elegant_ardinghelli    
48cff2e9be75        ubuntu:14.04        /bin/bash              About a minute ago   Exited (0) 50 seconds ago                                  determined_pare        
...

Let's create an image from container ID 48cff2e9be75 where we created our file:

$ docker commit 48cff2e9be75 ubuntu-foo
d0e4ae9a911d0243e95556e229c8e0873b623eeed4c7816268db090dfdd149c2

Now, we have a new image with our really important file:

$ docker run ubuntu-foo /bin/cat foo
This is a really important file!!!!

Try the command docker images. You should see your new image ubuntu-foo listed along with the ubuntu standard image we started with.

An image is an ordered collection of root filesystem changes and the corresponding execution parameters for use within a container runtime. Images are read-only.

• https://docs.docker.com/glossary/?term=image

A container is an active (or inactive if exited) stateful instantiation of an image.

• https://docs.docker.com/glossary/?term=container

Using an object-oriented programming analogy, the difference between a Docker image and a Docker container is the same as that of the difference between a class and an object. An object is the runtime instance of a class. Similarly, a container is the runtime instance of an image.

An object gets created only once when it is instantiated. Similarly, a container can be running or stopped. Containers are created out of an image, though this might not always be the case. The following example creates an Apache server image, runs the image, lists the images and then lists the containers:

1. Create a Dockerfile with the following contents:

   FROM httpd:2.4
   

2. Install Apache server

   sudo docker build -t my-apache2 .
   

3. Run the image

   sudo docker run -it --rm --name my-running-app my-apache2
   

4. List Docker images

   sudo docker images
   

5. List the running Docker containers

   docker ps
   

6. List all containers

   docker ps -a
   

7. List latest created containers

   docker ps -l
   

An image is basically an immutable template for creating a container. It's easier to understand the difference between an image and container by considering what happens to an image to turn it into a container.

The Docker engine takes the image and adds a read-write filesystem on top, then initialises various settings. These settings include network options (IP, port, etc.), name, ID, and any resource limits (CPU, memory). If the Docker engine has been asked to run the container it will also initialise a process inside it. A container can be stopped and restarted, in which case it will retain all settings and filesystem changes (but will lose anything in memory and all processes will be restarted). For this reason a stopped or exited container is not the same as an image.

DockerFile --(Build)--> DockerImage --(run)--> DockerContainer

DockerFile is what you or developer write code to do something (ex- Install)

Docker Image is you get when you build docker file .

Docker Container is you get when you run your Docker image

We can get Docker Image from docker hub by pulling and then run it to get container .

Images [like vm]

• Read only template used to create containers
• Buuilt by you or other Docker users
• Stored in the Docker Hub or your local Registry

Containers [like a runing machine]

• Isolated application platform
• Contains everything needed to run your application
• Based on images

Containers are based on images. An image needs to be passed to the Dockers run command.

Example:

BusyBox image

http://i.stack.imgur.com/eK9dC.png

Here we specify an image called busybox. Docker does not have this image locally and pulls it from a public registry.

A registry is a catalog of Docker images that the Docker client can communicate with and download image from. Once the image is pulled, Docker starts a container and execute the echo hello world command.

In Docker, it all begins with an image. An image is every file that makes up just enough of the operating system to do what you need to do. Traditionally you'd install a whole operating system with everything for each application you do. With Docker you pair it way down so that you have a little container with just enough of the operating system to do what you need to do, and you can have lots and lots of these efficiently on a computer.

Use docker images to see the installed images and docker ps to see the running images. When you type docker run it takes the image, and makes it a living container with a running process. I tend to use:

> docker run -ti <image>:<tag> bash

Lastly, images have their own set of ids and containers have their own set of ids - they don't overlap.

Images: The filesystem and metadata needed to run containers. They can be thought of as an application packaging format that includes all of the dependencies to run the application, and default settings to execute that application. The metadata includes defaults for the command to run, environment variables, labels, and healthcheck command.

Containers: An instance of an isolated application. A container needs the image to define its initial state and uses the read-only filesystem from the image along with a container specific read-write filesystem. A running container is a wrapper around a running process, giving that process namespaces for things like filesystem, network, and PIDs.

When you execute a docker run command, you provide an image on the command line, along with any configurations, and docker returns a container based off of that image definition and configurations you provided.

---

References: to the docker engine, an image is just an image id. This is a unique immutable hash. A change to an image results in creating a new image id. However, you can have one or more references pointing to an image id, not unlike symbolic links. And these references can be updated to point to new image id's. Note that when you create a container, docker will resolve that reference at the time of container creation, so you cannot update the image of a running container. Instead, you create a new image, and create a new container based on that new image.

Layers: Digging a bit deeper, you have filesystem layers. Docker assembles images with a layered filesystem. Each layer is a read-only set of changes to the filesystem, and that layer is represented by a unique hash. Using these read-only layers, multiple images may extend another, and only the differences between those images need to be stored or transmitted over the network. When a Docker container is run, it receives a container specific read-write filesystem layer unique to that container, and all of the image layers are assembled with that using a union filesystem. A read is processed through each layer until the file is found, a deletion is found, or the file is not found in the bottom layer. A write performs a copy-on-write from the image read-only layer to the container specific read-write layer. And a deletion is recorded as a change to the container specific read-write layer. A common step in building images is to run a command in a temporary container based off the previous image filesystem state and save the resulting container specific layer as a layer in the new image.

Docker Images: It contains a list of commands and instruction on how to build and run a container. So basically Images contains all the data and metadata required to fire up a container(also called blueprint).We can't lunch a container without specifying Images.

$docker images centos

List all the available version of centos.

Docker Container: Containers are lunch from Images so we can say container is the running instance of an Images. Container is a runtime construct, unlike Images which is build time construct.

The official difference is that the container is the last layer which is writable whereas the layers below are only readable and they belong to your image. The intuitive difference is that the docker instance is the instance virtualized by your docker daemon and the running your image, it operates within an isolated section of your kernel (this process is hidden from you). The image however is static, it doesn't run, it is just a pile of layers (static files). If we would relate this paradigm to object-oriented programming, the image is your class definition, whereas your docker instance is your class spawned object that resides in memory.

I have written a tutorial to reinforce your docker knowledge intuition:

http://javagoogleappspot.blogspot.com/2018/07/docker-basics.html

Image is the photo made from your phone.
Container is the phone.