Skip to main content
HashnodeDocker

Command Palette

Search for a command to run...

🐳 01 Docker Commands — The Underrated, Ultra-Deep, Myth-Busting Guide

Published
5 min read
A
Ashutosh Kumar (Ashu)

🔥 1. docker pull hello-world — The Image Teleporter

🌍 What beginners think

“Bro, this just downloads something.”

🔬 What actually happens

Docker doesn’t download one file. It downloads layers.

Imagine a biryani made of layers — rice + masala + chicken + garnishing.
Docker images = biryani layers
Container = you eating it
Pull = ordering Swiggy

Each layer is:

  • Content-addressable (hashed)

  • Immutable

  • Deduped

  • Shared across images

If you have 10 images with an Ubuntu base → only one Ubuntu layer exists.

🧠 Deep Interview Flex

Docker uses Union File System (overlay2 by default).
Layers stack to present a unified root filesystem.

📌 Thumb Rules

  • If no tag is given, Docker pulls :latest

  • Pull is read-only — it never creates a container

  • Pull happens automatically if a docker run needs it

❌ Myth vs ✔️ Fact

“Pull means full re-download.”
✔️ Docker downloads only missing layers → lightning fast.

🧯 Debug Wisdom

If pull is slow, 96% times the culprit is your DNS, not Docker.

🚢 2. Images vs Containers — The Atomic Truth

This is the core idea your brain must tattoo:

Image = Frozen Pizza

Ready-made. Stored. No changes allowed.

Container = Pizza in the Oven

Warm. Running. Writable. Can burn if you’re careless.

Why you can’t delete an image used by a container

Because a container mounts the image as its root filesystem.
Delete that → instant container blackhole.

Thumb Rule

You can delete containers without deleting images.
But you cannot delete images without deleting containers.

🏃‍♂️ 3. docker run hello-world — The One-Command Trilogy

What people think

“Runs the container.”

What Docker does

docker run =
pull (if needed) + create + start

It:

  1. Checks if image exists

  2. Allocates namespaces

  3. Applies cgroups

  4. Creates container metadata

  5. Mounts image layers

  6. Adds writable container layer

  7. Executes ENTRYPOINT

🎯 Interview Trap

“What is the difference between docker create and docker run?”
Many candidates die here.

✔️ Fact

docker create → Makes container (but doesn’t start it)
docker run → Creates + starts

📋 4. docker ps — The “Who’s Alive?” Scanner

Shows running containers only.

🧠 Deeper engine fact

Docker itself doesn’t run containers.
containerd does.
docker ps just queries containerd’s metadata store (BoltDB).

Thumb Rule

If a container isn't visible here → it’s either dead or in a quantum state.

Myth

“If it's not in ps, it's gone.”
✔️ Stopped containers stay forever unless removed.

⚰️ 5. docker ps -a — The Graveyard of Containers

Shows:

  • Running

  • Exited

  • Stopped

  • Dead

  • Zombie

  • Accidentally-murdered containers from 4 weeks ago

Thumb Rule

If your system storage is full →
docker ps -a has ghosts you didn’t exorcise.

Real-world insight

Dev machines accumulate hundreds of useless stopped containers.
Prod machines rarely do — they’re cleaned via CI/CD scripts.

🛑 6. docker stop <containerId> — Gentle Goodbye

Internal mechanism

  1. Sends SIGTERM

  2. Waits (default: 10 seconds)

  3. If container still alive → sends SIGKILL

  4. Container dies

Myth vs Fact

Stop means force kill.
✔️ Stop is graceful. Only kill is violent.

Interviewer trick

“What if the container process ignores SIGTERM?”
Answer: Docker eventually kills it using SIGKILL.

Thumb Rule

Use stop when debugging.
Use kill only when container behaves like your toxic ex.

🖼️ 7. docker images — The Layer Museum

Shows locally stored images.

Hidden detail

The “IMAGE ID” is not random — it’s a hash of the final layer.

Thumb Rule

Same IMAGE ID = bit-for-bit identical image.

Myth

“Images take too much space.”
✔️ Layers are shared → space is saved heavily.

🧹 8. docker rm <containerId> — The Container Funeral

Removes container metadata + logs + writable layer.

Thumb Rule

Container must be stopped before removal.

Interview trick

“What happens to volumes when you rm a container?”
Answer:
Anonymous volumes → deleted
Named volumes → preserved

🧨 9. docker rmi <imageId> — Image Assassination

Deletes an image, but only if no container references it.

Thumb Rule

If rmi fails →
there is always a container (stopped or running) holding it hostage.

Use:

docker ps -a --filter ancestor=<imageName>

Myth

“Removing an image breaks Docker.”
✔️ Only breaks containers referencing it.

🌙 10. docker run -d busybox — The Detached Ninja Mode

Detached mode means:

  • Container runs silently

  • Your terminal is freed

  • Logs still exist, you just don’t see them

Thumb Rule

Whenever a backend process must keep running → use -d.

Hidden detail

Even detached containers have STDOUT/ERR streams internally captured by Docker’s logging driver.

🧩 11. docker exec -it <containerId> <command> — The Portal Gun

This does NOT create a new container.
It injects a new process into an existing container.

The namespaces you “enter”

  • PID

  • Network

  • Mount

  • IPC

  • Cgroup

Why it feels like SSH

Because you get a pseudo-TTY which behaves like a remote shell.

Thumb Rule

Use exec for debugging.
Use run for launching new workloads.

🧠 Final Wisdom

Docker looks like a command runner.
But in reality it’s:

  • Linux namespaces magician

  • Filesystem layer builder

  • Process isolation master

  • Networking simulator

  • Resource limit enforcer

  • Packaging standard

No engineer becomes elite without knowing these layers.

Comments

Join the discussion

No comments yet. Be the first to comment.