Docker¶
The industry-standard container engine that packages applications and dependencies into portable, isolated OCI-compliant containers.
Overview¶
Docker is the de facto containerization platform that introduced the modern container workflow to the software industry. It provides tools to build, ship, and run applications inside lightweight, portable containers. Docker Engine is the core runtime; Docker Desktop provides the developer experience layer on macOS, Windows, and Linux.
Repository & Community¶
| Attribute | Detail |
|---|---|
| Repository | github.com/moby/moby (Moby Project) |
| Stars | ~70k+ ⭐ |
| Latest Version | Engine v29.4.0 (April 7, 2026) |
| Language | Go |
| License | Apache 2.0 (Engine/Moby), Proprietary (Desktop for >250 employees) |
| Company | Docker, Inc. |
Evaluation¶
-
Why it's better: Pioneered the container workflow. Massive ecosystem (Docker Hub: 15M+ images). OCI-standard images work everywhere. BuildKit provides the fastest build pipeline. Docker Compose simplifies multi-container development.
-
When it fits (Applicability):
- Local development and testing
- CI/CD build pipelines (image building)
- Single-host container deployment
- Application packaging and distribution
-
Microservices development workflow
-
Pros and Cons:
| Pros | Cons |
|---|---|
| Ubiquitous — every developer knows it | Desktop license costs for large enterprises |
| Massive image ecosystem (Docker Hub) | Not an orchestrator (needs K8s/Swarm) |
| OCI-standard, portable containers | Docker Swarm deprecated in favour of K8s |
| BuildKit: fast, cacheable builds | daemonful architecture (rootful by default) |
| Docker Compose for local multi-service | Alternatives exist (Podman, nerdctl) |
| Excellent documentation | Security: root daemon attack surface |
Architecture¶
flowchart TB
subgraph Client["Docker Client"]
CLI["docker CLI"]
Compose["Docker Compose"]
API_C["Docker API\n(REST)"]
end
subgraph Daemon["Docker Daemon (dockerd)"]
direction TB
ImgMgmt["Image Management"]
NetMgmt["Network Management\n(bridge, overlay, host)"]
VolMgmt["Volume Management"]
BuildKit_D["BuildKit\n(image builds)"]
end
subgraph Runtime["Container Runtime Stack"]
Containerd["containerd\n(high-level runtime)"]
Shim["containerd-shim\n(per-container)"]
RunC["runc\n(OCI low-level runtime)"]
end
subgraph Kernel["Linux Kernel"]
NS["Namespaces\n(pid, net, mnt, uts, ipc, user)"]
CG["cgroups\n(CPU, memory, I/O limits)"]
UFS["Union FS\n(overlay2)"]
end
CLI -->|"REST API"| Daemon
Compose -->|"REST API"| Daemon
Daemon -->|"gRPC"| Containerd
Containerd -->|"exec"| Shim
Shim -->|"exec"| RunC
RunC -->|"syscalls"| Kernel
style Daemon fill:#0db7ed,color:#fff
style Runtime fill:#1565c0,color:#fffKey Features¶
| Feature | Detail |
|---|---|
| Container Engine | Build, run, stop, remove containers |
| Image Building | Dockerfile + BuildKit (multi-stage, cache mounts) |
| Docker Compose | YAML-based multi-service orchestration |
| Docker Hub | Public registry with 15M+ images |
| Networking | bridge, host, overlay, macvlan, ipvlan |
| Volumes | Named volumes, bind mounts, tmpfs |
| BuildKit | Parallel builds, cache exports, multi-platform |
| Docker Scout | Supply chain security, SBOM, CVE scanning |
| Docker Init | Auto-generate Dockerfiles for projects |
| Wasm Support | Experimental WebAssembly container runtime |
Pricing¶
| Tier | Cost | Notes |
|---|---|---|
| Docker Engine (Moby) | Free (Apache 2.0) | CLI + daemon, unlimited use |
| Docker Desktop — Personal | Free | <250 employees, <$10M revenue |
| Docker Desktop — Pro | $9/user/mo | CI/CD features, vulnerability scanning |
| Docker Desktop — Team | $15/user/mo | Centralized management, SSO |
| Docker Desktop — Business | $24/user/mo | SCIM, hardened desktop, air-gapped |
| Docker Hub | Free → $24/mo | Rate-limited (free), unlimited pulls (paid) |
Compatibility¶
| Dimension | Support |
|---|---|
| Host OS | Linux (native), macOS, Windows (via VM) |
| Container runtime | containerd + runc (default), crun, Kata, gVisor |
| Image format | OCI Image Spec, Docker Image Manifest V2 |
| CPU architecture | amd64, arm64, arm/v7, s390x, ppc64le |
| Storage drivers | overlay2 (default), btrfs, zfs, fuse-overlayfs |
| Network modes | bridge, host, overlay, macvlan, ipvlan, none |