Docker: The Definitive Guide for Engineers

Date: 2025-11-24 Tags: DevOps, Containers, Infrastructure Author: Wissam Ztaoui

Introduction

Docker has revolutionized software delivery by standardizing the unit of deployment: the container. Containers package code and its dependencies together, ensuring consistency across development, testing, and production environments. This guide provides a deep dive into Docker architecture, image creation, and orchestration with Docker Compose.

1. Core Concepts

• Image: A read-only template with instructions for creating a Docker container. It is built from a Dockerfile.
• Container: A runnable instance of an image. It is isolated from the host system but shares the host OS kernel.
• Volume: A mechanism for persisting data generated by and used by Docker containers.
• Network: A layer that allows containers to communicate with each other and the outside world.

2. Installation (macOS)

For development on macOS, Docker Desktop is the standard tool. It includes the Docker Engine, Docker CLI, and Docker Compose.

1. Download Docker Desktop for Mac (Apple Silicon) from docker.com.
2. Install and launch the application.
3. Verify installation:

docker --version
docker-compose --version

3. The Dockerfile

The Dockerfile is the blueprint for your image. Below is an example for a Python application.

# Base image
FROM python:3.11-slim

# Set working directory
WORKDIR /app

# Copy requirements and install dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Copy application code
COPY . .

# Expose port
EXPOSE 8000

# Command to run the application
CMD ["python", "main.py"]

Building the Image

docker build -t my-python-app:v1 .

4. Docker Compose

Docker Compose simplifies the management of multi-container applications. Instead of running multiple CLI commands, you define the entire stack in a docker-compose.yml file.

version: '3.8'

services:
  web:
    build: .
    ports:
      - "8000:8000"
    volumes:
      - .:/app
    depends_on:
      - db
    networks:
      - app-network

  db:
    image: postgres:15-alpine
    environment:
      POSTGRES_USER: user
      POSTGRES_PASSWORD: password
      POSTGRES_DB: mydb
    volumes:
      - db-data:/var/lib/postgresql/data
    networks:
      - app-network

volumes:
  db-data:

networks:
  app-network:
    driver: bridge

Managing the Stack

• Start: docker-compose up -d (Detached mode)
• Stop: docker-compose down
• Logs: docker-compose logs -f

5. Networking Deep Dive

Docker provides several network drivers:

1. Bridge: The default driver. Containers on the same bridge network can communicate via IP or container name.
2. Host: Removes network isolation between the container and the Docker host.
3. None: Disables all networking.
4. Overlay: Used for multi-host networking (Swarm/Kubernetes).

To create a custom bridge network:

docker network create my-net

6. Best Practices

1. Minimize Image Size: Use lightweight base images (e.g., Alpine) and multi-stage builds.
2. Least Privilege: Avoid running containers as root. Use the USER instruction in Dockerfile.
3. Ephemeral Containers: Containers should be disposable. Store persistent data in Volumes, not the container layer.
4. Secrets Management: Never hardcode secrets in Dockerfiles. Use environment variables or Docker Secrets.

Conclusion

Mastering Docker is essential for modern software engineering. It enables microservices architectures, simplifies CI/CD, and eliminates “works on my machine” issues.