Docker Demystified

Learn Docker through mental models, not memorization

← Back to Portfolio

Containers Are Not VMs

You've seen the diagrams. Neat little boxes labeled "container" sitting on top of Docker. You've heard people call them "lightweight VMs." You've nodded along, thinking you understood.

Here's what they didn't tell you: containers aren't VMs at all. They're something much simpler — and much more elegant.

A container is just a process. A regular Linux process with some clever isolation. That's it.

The Real Difference

Virtual Machine

App
Bins/Libs
Guest OS Kernel
Hypervisor
Host OS
Hardware

Each VM runs its own kernel. Heavy, slow to start.

Container

App (Process)
Bins/Libs
Container Runtime
Host OS Kernel
Hardware

Containers share the host kernel. Light, instant start.

Why This Matters

When you run docker run nginx, Docker doesn't spin up a virtual machine. It starts a process on your host with some isolation applied. The nginx process thinks it's alone on the machine, but it's actually sharing the kernel with everything else.

This is why containers start in milliseconds instead of minutes. There's no OS to boot — just a process to spawn.

🐧

Shared Kernel

All containers share the host's Linux kernel

📦

Process Isolation

Namespaces make processes think they're alone

📊

Resource Limits

Cgroups control CPU, memory, and I/O

What You'll Learn

  • How images are built from layers (and why order matters)
  • What happens when you run a container (spoiler: it's just fork + exec)
  • The 6 Linux namespaces that create the isolation illusion
  • How Docker networking actually works (bridges, port mapping, DNS)
  • Why container data disappears (and how volumes fix it)
  • Build cache optimization (stop waiting for npm install)

Ready to see what's really happening when you build and run containers?
Let's start with the foundation: image layers.