Understanding Docker Images, Containers, and Registries

Image Sources and Container Management

Docker images can be categorized into two main types:

  • Base System Images: Minimal operating system templates used as foundations
  • Application Images: Pre-configured service images ready for deployment

Creating base system images from templates:

# Import CentOS 6 minimal template
cat centos-6-x86-minimal.tar.gz | docker import - custom-centos:6.0

# Import CentOS 7 minimal template  
cat centos-7-x86_64-minimal.tar.gz | docker import - custom-centos:7.0

# Import Ubuntu 16.04 template
cat ubuntu-16.04-x86_64.tar.gz | docker import - custom-ubuntu:16.04

Pulling application-specific images:

# Retrieve nginx image version 1.15
docker pull nginx:1.15

# Examine image layers
docker history nginx:1.15

Image-Container Relationship

Containers extend images by adding a writable layer on top of the read-only image layers. When files are modified within a running container:

  • The file is first copied from the read-only image layer to the container's writable layer
  • All modifications occur in this writable layer only
  • The underlying image remains unchanged

This architecture enables multiple containers to share the same base image while maintaining isolation. Each container's changes are independent and temporary - they disappear when the container is removed.

To persist changes, commit the container state to a new image:

# Create a new image from container modifications
docker commit container-id new-image-name:tag

Image Registries

A Docker registry serves as a centralized storage and distribution service for images. Each repository can contain multiple tagged versions of an image. Images are referenced using the format registry/repository:tag.

Registry types include:

  • Public Registries: Docker Hub, Aliyun Contaienr Registry
  • Private Registries: Self-hosted solutions using Registry, Harbor

Example using a private registry:

# Authenticate with private registry
docker login --username=your-user registry.example.com

# Push image to private registry
docker push registry.example.com/namespace/image:tag

Deploying a Local Registry

Setting up a private registry provides benefits including:

  • Reduced network bandwidth consumption
  • Accelerated local image distribution
  • Enhanced security and control
  • Integration with CI/CD pipelines

Deploying a registry v2 instance:

# Acquire the registry image
docker pull registry:2

# Launch registry service
docker run -d \
  --name local-registry \
  --restart=always \
  -p 5000:5000 \
  -v /data/registry:/var/lib/registry \
  registry:2

# Configure Docker to trust the local registry
echo '{"insecure-registries":["host:5000"]}' | sudo tee /etc/docker/daemon.json
sudo systemctl restart docker

# Push image to local registry
docker tag local-image:latest host:5000/local-image:latest
docker push host:5000/local-image:latest

For production environments, consider using Harbor which provides advanced features like role-based access control, vulnerability scanning, and replication policies.

Tags: docker containers images Registry devops

Posted on Tue, 09 Jun 2026 16:43:38 +0000 by minou

Hot Tags

©2026 Freaks City