BlockBlog
Back to blog
system design

System Design: Docker Fundamentals

#System Design#Docker#Containers#DevOps#Go

A foundational guide to Docker, explaining the core concepts of images, containers, Dockerfiles, and the container lifecycle for modern application development.

Modern software development is built on the idea of creating applications that can run reliably and consistently across different environments. This has historically been a major challenge. An application that works perfectly on a developer's laptop might fail in staging or production due to differences in operating systems, libraries, or configurations.

Docker is a platform that solves this problem by using containerization. It allows you to package an application with all of its dependencies—libraries, system tools, code, and runtime—into a single, isolated unit called a container. This container can then run on any machine that has Docker installed, regardless of the underlying environment. This article covers the fundamental concepts of Docker: images, containers, and Dockerfiles.

The Core Problem: "It Works on My Machine"

Before containers, the common way to deploy applications was using virtual machines (VMs). A VM emulates an entire computer, including the hardware and a full guest operating system. While VMs provide strong isolation, they are slow to start and consume a lot of resources (CPU, RAM, disk space).

Containers, on the other hand, are much more lightweight. They virtualize the operating system instead of the hardware. Multiple containers can run on a single host machine, sharing the host OS kernel but each running in its own isolated user space. This makes them fast, portable, and efficient.

graph TD subgraph Virtual Machines HostOS[Host OS] --> Hypervisor Hypervisor --> GuestOS1[Guest OS 1] --> App1[App A] Hypervisor --> GuestOS2[Guest OS 2] --> App2[App B] end subgraph Containers HostOS_C[Host OS] --> ContainerEngine[Container Engine (Docker)] ContainerEngine --> App1_C[App A] ContainerEngine --> App2_C[App B] ContainerEngine --> App3_C[App C] end note right of App2 VMs are heavy, each with its own OS. end note right of App3_C Containers are lightweight, sharing the host OS kernel. end

Docker's Core Concepts

There are three key concepts you need to understand to work with Docker.

1. The Docker Image: The Blueprint

A Docker image is a read-only template that contains the instructions for creating a container. It's like a blueprint or a recipe for your application environment. An image includes:

  • A minimal operating system layer (e.g., Alpine Linux).
  • The application's source code or compiled binary.
  • All the dependencies required to run the application (e.g., libraries, config files).

Images are built in layers. Each instruction in the build process creates a new layer. This layered approach makes images efficient, as layers can be cached and reused across different images. For example, if multiple images are based on the same ubuntu base image, that layer is only stored once on the host machine.

Images are stored in a Docker registry. Docker Hub is the default public registry, but you can also run your own private registry.

2. The Docker Container: The Running Instance

A container is a runnable instance of an image. You can create, start, stop, move, and delete containers. If an image is the blueprint, a container is the actual house built from that blueprint.

Key characteristics of a container:

  • Isolated: A container has its own isolated filesystem, network, and process space. Processes running inside a container cannot see or affect processes running in another container or on the host machine.
  • Ephemeral: By default, any data written inside a container is lost when the container is removed. To persist data, you need to use Docker volumes, which map a directory on the host machine to a directory inside the container.
  • Lightweight: Containers start almost instantly because they don't need to boot a full OS.

3. The Dockerfile: How to Build the Image

A Dockerfile is a simple text file that contains the step-by-step instructions for building a Docker image. It's the automation script for creating your blueprint.

Here's a breakdown of a simple Dockerfile for a Go application:

# 1. Use a multi-stage build to keep the final image small.
# --- Build Stage ---
FROM golang:1.19-alpine AS builder

# Set the working directory inside the container
WORKDIR /app

# Copy the Go module files and download dependencies
COPY go.mod go.sum ./
RUN go mod download

# Copy the rest of the source code
COPY . .

# Build the Go application.
# CGO_ENABLED=0 creates a static binary.
# -o /app/main creates the output file at /app/main.
RUN CGO_ENABLED=0 go build -o /app/main .

# --- Final Stage ---
# Use a minimal base image for the final container.
FROM alpine:latest

# Set the working directory
WORKDIR /app

# Copy only the compiled binary from the builder stage.
COPY --from=builder /app/main .

# This command will be run when the container starts.
CMD ["./main"]

Key Dockerfile Instructions:

  • FROM: Specifies the base image to start from.
  • WORKDIR: Sets the working directory for subsequent instructions.
  • COPY: Copies files from your local machine into the image.
  • RUN: Executes a command during the image build process (e.g., installing dependencies).
  • CMD: Provides the default command to run when a container is started from the image.

This example uses a multi-stage build, which is a best practice for creating small, secure production images. The first stage (builder) uses a full Go development image to build the application. The second stage starts from a minimal alpine image and copies only the compiled binary from the first stage. This means the final image doesn't contain the Go compiler or any of the source code, making it much smaller and more secure.

The Docker Lifecycle: A Practical Workflow

  1. Write your code and a Dockerfile.
  2. Build the image: 
    # Build an image and tag it with a name (e.g., "my-go-app")
docker build -t my-go-app .
  3. Run the container: 
    # Run the container from the image.
# -p 8080:8080 maps port 8080 on the host to port 8080 in the container.
# --name my-running-app gives the container a custom name.
docker run -p 8080:8080 --name my-running-app my-go-app
  4. Manage the container: 
    # List running containers
docker ps

# Stop the container
docker stop my-running-app

# Remove the container
docker rm my-running-app
  5. Push the image to a registry: 
    # Log in to Docker Hub (or another registry)
docker login

# Tag the image with your registry username
docker tag my-go-app your-username/my-go-app

# Push the image
docker push your-username/my-go-app

Go Example: A Simple Web Server

Here's a simple Go web server that we can containerize.

main.go

package main

import (
	"fmt"
	"log"
	"net/http"
)

func main() {
	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		fmt.Fprintln(w, "Hello, Docker!")
	})

	fmt.Println("Starting server on port 8080")
	log.Fatal(http.ListenAndServe(":8080", nil))
}

With this main.go file and the Dockerfile from the section above, you can build and run a fully containerized Go web application.

Conclusion

Docker has revolutionized how we build, ship, and run software. By providing a consistent and isolated environment, containers eliminate the "it works on my machine" problem and streamline the development-to-production workflow. Understanding the core concepts of images (the blueprint), containers (the running instance), and Dockerfiles (the build script) is the first step toward mastering containerization. This foundation is essential for anyone working with modern cloud-native architectures, microservices, and DevOps practices.