Docker — Visual Notes
This Docker section is a small, focused mini-series about how Docker works under the hood.
No mysticism, no VM myths — just clear mental models, diagrams, and commands you can run to verify what’s happening on the host.
What you’ll get here
A handful of posts that explain Docker from first principles:
- Linux primitives first (namespaces, cgroups, networking, filesystems)
- diagrams you can reuse as mental models
- commands to validate and debug what you see
- practical notes for real-world development environments
Episodes roadmap
Planned topics (less than 10 posts total):
- Docker does not exist - processes and reliability — what Docker actually is (and isn’t)
- Docker does not exist - Namespaces — isolation boundaries (PID/NET/MNT/USER…)
- Docker does not exist - Cgroups — CPU/memory limits, throttling, OOM behavior
- Networking — bridge, veth, NAT, port publishing, DNS
- Images — layers, copy-on-write, cache, digests
- Filesystem — overlayfs, bind mounts vs volumes, permissions, performance
- Docker Compose — multi-service workflows, networks, volumes, common pitfalls
Links will appear here as the matching blog posts are published.
Why this matters even outside DevOps
Even if you work mostly with application code (e.g., Symfony/PHP), Docker internals pay off immediately:
- debugging “works locally but not in container”
- understanding resource limits and performance regressions
- diagnosing networking issues between services
- building reliable multi-service dev setups with Compose
Start here
If you’re new to internals, follow the order above.
If you already use Docker daily, jump straight to Networking and Images — that’s where most production confusion lives.