Containers offer a logical packaging mechanism in which applications can be abstracted from the environment in which they actually run. This decoupling allows container-based applications to be deployed easily and consistently


One implementation of containerisation is Docker. In Docker there are images and there are containers. The two are closely related, but distinct.


An image is an inert, immutable, file that's essentially a snapshot of a container.

  • Image: A Docker image is built up from a series of read only layers
  • Layer: Each layer represents an instruction in the image’s Dockerfile.

The below Dockerfile contains four commands, each of which creates a layer. Each layer is only a set of differences from the layer before it.

FROM ubuntu:16.04

COPY . /app

RUN make /app

CMD python /app/

Images are created with the docker build command, and they'll produce a container when started with docker run. Images are often stored in a registry.


Containers are lightweight and portable encapsulations of an environment in which to run applications.

Its common to this of an image is a class, then a container is an instance of a class—a runtime object. This is a helpful metaphor useful for day to day thinking.

However, it is more useful to know that a container is really an image with an extra layer. When you create a new container, you add a new writable layer on top of the underlying layers. This layer is often called the “container layer”. All changes made to the running container, such as writing new files, modifying existing files, and deleting files, are written to this thin writable container layer. When the container is deleted, the writable layer is also deleted. The underlying image remains unchanged.