What is a Docker container?

Short answer

A Docker container is a runnable instance of a Docker image that executes in an isolated environment on a host machine. It packages the application and its dependencies while sharing the host kernel for efficient resource usage.

How it works

When you run a container, Docker creates an isolated process space using Linux namespaces for process isolation, network interfaces, and mount points. Control groups (cgroups) limit and account for resource usage such as CPU, memory, and disk I/O. The container has its own filesystem layer on top of the read-only image layers.

Example

Run an Nginx container in detached mode with port mapping:

docker run -d --name web -p 80:80 nginx:alpine

List running containers:

docker ps

Why it matters

Containers provide process-level isolation without the overhead of full virtualization. They start in seconds, use fewer resources than VMs, and can be easily created, destroyed, and replicated. This makes containers ideal for microservices, CI/CD pipelines, and elastic scaling in cloud environments.