Containers
NOTE
A container is an instance of an image.
A container is a lightweight, standalone, and portable software package that includes everything needed to run an application—such as code, libraries, dependencies, and configuration files. Containers share the host operating system's kernel but remain isolated from each other and the host environment.
Containers are somewhat similar to Virtual Machines (VMs), but there are key differences:
- Unlike VMs, containers do not require a full operating system of their own. Instead, they share the host OS. This results in several benefits, including:
- Lower resource utilization (CPU, RAM, and storage).
- Reduced overhead for OS maintenance, such as patching and updates.
- Containers are significantly faster to start compared to VMs, often in seconds or less.
- They are also highly portable, making it easy to move them between systems without compatibility issues.
Containers are great for continuous integration and continuous delivery (CI/CD) workflows.
Linux vs Windows Containers
Containers share the kernel of the host operating system. This means, Linux containers can only run on Linux hosts and Windows containers can only run on Windows hosts.
However, with the introduction of WSL2 (Windows Subsystem for Linux), it's now possible to run Linux containers on Windows systems.
While there are no native Mac containers, you can run Linux containers on macOS using Docker Desktop. It uses a lightweight Linux virtual machine on macOS, which serves as the runtime environment for the containers.
Container Lifecycle
NOTE
A container remains running as long as its main process is active.
Start a container
To start a new container interactively from an image:
docker run -it ubuntu /bin/bashWhen you type
exitor pressCTRL + D, the container stops because the main process (bashin this case) exits.
To start a container in the background (detached mode):
docker run -d <image name>:<image tag>To start a container and expose a port for external access:
docker run -d -p 80:8080 <image name>:<image tag>Here, the port 80 on Docker host maps to the port 8080 inside the container. That is, any request sent to the Docker host's port 80 will be forwarded to port 8080 inside the container.
NOTE
The PID of container's main process is always 1, since the container runs the ENTRYPOINT or CMD when it starts.
Exit a container without stopping it
To detach from an interactive session without stopping the container, press CTRL + PQ on the Keyboard.
Reattach a running container
To reconnect to a running container:
docker attach <Container ID>This connects directly to the container’s main process. Exiting from this session may stop the container if its main process terminates.
If you want to run a new command inside the container without attaching to its main process, use:
docker exec -it <Container ID> <command>Stop a container
To gracefully stop a running container:
docker stop <Container ID>This sends a
SIGTERMsignal to the main process inside the container, allowing it to clean up and exit properly. If the process doesn't exit within the default timeout (10 seconds), Docker sends aSIGKILLto force termination.
If you want to stop the container immediately, use:
docker kill <Container ID>Restart a stopped container
To restart an existing (stopped) container:
docker start <Container ID>Delete a Container
To delete a stopped container:
docker rm <Container ID>To force-remove a running container:
docker rm -f <Container ID>Delete all stopped containers
To remove all stopped containers:
docker container pruneRestart Policy
By default, a container does not restart automatically if it stops. You can set a restart policy using the --restart flag when running a container.
Restart Policy Options
- no (default) – The container won’t restart automatically.
always– The container restarts always, regardless of exit reason.unless-stopped– The container restarts unless manually stopped.on-failure[:max-retries]– The container restarts only if it exits with an error. Default formax-retriesis unlimited.
Example:
docker run -d --restart on-failure:3 myappThis container will restart up to 3 times if it exits with a failure.
It's important to understand how restart policies affect container behavior during a system reboot or when the Docker daemon restarts. The table below outlines how each restart policy affects container restarts:
| Restart Policy | On Container Exit | On Docker Daemon Restart | On System Reboot |
|---|---|---|---|
no | ❌ No | ❌ No | ❌ No |
always | ✅ Yes | ✅ Yes | ✅ Yes |
unless-stopped | ✅ Yes | ✅ Yes (unless manually stopped) | ✅ Yes (unless manually stopped) |
on-failure | ✅ Yes (if it exits with failure) | ✅ Yes (if it exits with failure because of daemon restart) | ❌ No |