Docker Image Definition

It’s a collection of filesystems, namely => rootfs, user fs, application fs

These filesystems are represented as layers. Therefore each docker image has multiple filesystems, that is, each docker image has multiple layers

Each layer is identified by a uuid, which is sha256 encoded.

The lowest layer is the root filesystem. That is, it contains files under root directory

The upper most layer is the only layer which is writeable, rest all layers are readonly

Whenever you create any new files, the files are reflected in uppermost layer of the image

While mounting an image to a container, all the layers in the image are merged to create a single merged layer

The preferred storage driver for linux is overlay2. So all the layers are visible in the following location: /var/lib/docker/overlay2

You can see the layers your docker image has by looking in the “RootFS” header when you do “docker inspect imagename”

The files that you add, which are added to the uppermost layer get added to two locations /var/lib/docker/<layer-uuid>/merged and /var/lib/docker/<layer-uuid>/diff

It is possible to create a container by selectively removing the top few layers of an image. This can be done to undo the changes that have been made in a layer.

docker inspect <image-name>