What is Docker

Docker is an open-source platform for building, shipping, and running applications inside containers.
Uses Linux kernel features (namespaces and cgroups) to isolate processes - containers share the host kernel but run in isolated user spaces.
Solves the “works on my machine” problem by packaging the app and all its dependencies into a single portable unit.
Predated by LXC (Linux Containers), which virtualized an entire OS including init and system tools. Docker shifted the model to application containers - single-purpose, minimal, and fast.

Docker vs Virtual Machines

Containers trade some isolation for drastically lower overhead and faster startup. Use VMs when you need full OS-level isolation or a different kernel.

Docker Engine: The runtime that builds and runs containers. Consists of the Docker daemon (dockerd) and the Docker CLI client.
Docker Image: A read-only, layered filesystem snapshot containing everything needed to run an application. Built from a Dockerfile.
Docker Container: A running instance of an image. Ephemeral by default - all runtime writes are lost when the container is removed unless a volume is attached.
Docker Registry: A storage service for images. Docker Hub is the default public registry. Private registries (ACR, ECR, GCR, Harbor) are used for internal images.
Docker Compose: A tool for defining and running multi-container applications using a docker-compose.yml file.

Docker originally used its own runtime, but the ecosystem standardized around the OCI (Open Container Initiative) spec.
OCI defines the image format and runtime spec, meaning OCI-compliant images built with Docker run identically on containerd, CRI-O, or Podman.
Practical consequence: Kubernetes dropped direct Docker support in v1.24 (dockershim removal), but OCI images built with Docker still run on Kubernetes - the runtime underneath changed, not the image format.