Earlier this week I took a Docker class at work. Having used Docker before I already knew some of the material, but that was a good thing because it gave me more of a chance to understand how Docker works. In this post I want to write about the idea of a union file system and how that relates to Docker images.
An image is made up of layers. Each layer is based on one line in a Dockerfile or one commit of a changed container. This means that doing multiple commands joined by "&&" on one Dockerfile line is a way of collapsing multiple layers into one. Images are also immutable. Changing an image results in a new layer, not a changed image. That new layer only contains the change, though, and not a whole new image.
To combine layers into an image Docker uses union file systems. The file systems from each layer are overlaid into one file system. The layers making up an image could modify the same files so later layers would have a higher priority over the beginning layers.
The layers of the image are read-only, but Docker adds a read-write layer when running a container. That allows the container file system to appear writable even though it isn't, which is known as copy-on-write. I didn't understand this when first using Docker, but it means that multiple running containers from the same image are sharing the same file system until one of them changes a file.