Docker's Mental Model: Images Are Templates, Containers Are the Running App
The "it works on my machine" problem costs teams hours of debugging environment drift. Docker eliminates that by making the runtime environment itself a versioned artifact, so onboarding a new developer or deploying to production starts from an identical snapshot.
The core Docker workflow turns a Dockerfile into a static image, then runs that image as a container. An image bundles the OS layer, language runtime, dependencies, code, and startup command into a single distributable artifact. Containers are the live instances — you can spin up multiple independent containers from one image, each with its own port mappings and state.
Docker Hub acts as the default public registry, analogous to npm for JavaScript packages, but private registries from Alibaba Cloud, Harbor, or on-premise servers are common inside companies. When a corporate network blocks direct access to Docker Hub, teams work around it with proxies, internal mirrors, or offline image transfers using `docker save` and `docker load`.
The relationship is linear: Dockerfile → build → image → run → container → push → registry → pull → run elsewhere. Understanding this chain before memorizing CLI flags prevents the common confusion between images and containers.
Newcomers often conflate images with containers because both appear in the same CLI workflow, but treating an image as a class and a container as an object clears up most operational mistakes.
Offline image transfer via `docker save` and `docker load` is an underappreciated pattern that sidesteps entire categories of network and registry authentication problems in air-gapped environments.
Docker's analogy to package managers like npm is precise enough to be useful but hides a key difference: images carry an entire OS userspace, not just library code, which is why they solve environment drift so thoroughly.
The jump from "Docker installs things" to "Docker snapshots environments" is the difference between using it as a convenience tool and using it as a deployment primitive.