MASTER YOUR
CONTAINERS

// Ship software anywhere.

DOCKER CHANGED HOW WE DEPLOY SOFTWARE.

Containers package applications with their dependencies, ensuring consistency across environments. From development to production, Docker eliminates "it works on my machine" and enables true DevOps workflows.

WHY DOCKER?

Docker containers are lightweight, fast, and isolated. They share the host OS kernel, making them more efficient than virtual machines. Package once, run anywhere—on your laptop, servers, or cloud.

BECOME A CONTAINER NATIVE.

Learn Dockerfiles, images, volumes, networking, and orchestration. Join millions of developers who ship faster with containers.

BEGIN YOUR JOURNEY →

// The Path to Mastery

12 lessons. Complete Docker control.

LESSON 01

Introduction to Docker

Containerize applications for consistent deployment

Beginner
LESSON 02

Images & Containers

Build images and manage running containers

Beginner
LESSON 03

Dockerfile Basics

Write Dockerfiles to automate image creation

Beginner
LESSON 04

Managing Data with Volumes

Persist data beyond container lifecycle

Intermediate
LESSON 05

Docker Networking

Connect containers and expose services

Intermediate
LESSON 06

Docker Compose

Orchestrate multi-container applications

Intermediate
LESSON 07

Container Management

Start, stop, inspect, and manage containers

Intermediate
LESSON 08

Image Management

Build, tag, push, and pull Docker images

Intermediate
LESSON 09

Best Practices

Security, optimization, and production guidelines

Advanced
LESSON 10

Debugging Containers

Logs, exec, and troubleshooting techniques.

Intermediate
LESSON 11

Docker Registry

Push images to Docker Hub and private registries.

Advanced
LESSON 12

Production Considerations

Swarm, Kubernetes, and scaling strategies.

Advanced

// Why Docker

Docker was released in 2013 by Solomon Hykes and the team at dotCloud. It revolutionized software deployment by introducing containerization—a way to package applications with all their dependencies into portable units.

Unlike virtual machines, containers share the host operating system kernel, making them incredibly lightweight. A container can start in seconds and uses a fraction of the resources of a VM.

Today, Docker powers modern DevOps workflows. Companies use it for continuous integration, microservices architecture, and cloud-native development. Kubernetes orchestrates containers at scale.

The future of deployment is containers. Own it.

// Tools & References

📖 Docker Docs

Official Documentation

docs.docker.com

🐳 Docker Hub

Image Registry

hub.docker.com

🐙 Dockerfiles

Best Practices

Best Practices

⚡ Docker Compose

Multi-Container Apps

compose docs

☸️ Kubernetes

Container Orchestration

kubernetes.io

🛠️ Docker Desktop

Local Development

docker desktop

// Introduction to Docker

×

What is Docker?

Docker is an open platform for developing, shipping, and running applications using containerization technology. Containers package an application with all its dependencies, ensuring consistent behavior across environments.

Why Docker?

  • Consistent: Same environment from dev to production
  • Lightweight: Share OS kernel, start in seconds
  • Portable: Run anywhere Docker is installed
  • Isolated: Each container has its own resources
  • Versioned: Images can be versioned and rolled back
DOCKER'S PHILOSOPHY: "Build once, run anywhere." Containers are to software what shipping containers were to global trade—standardized units that work everywhere.

Installing Docker

$ docker --version Docker version 24.0.7, build 311b9ff

Docker Components

# Docker Daemon (dockerd) - runs in background # Docker CLI - command line interface # Docker Registry (Docker Hub) - stores images

Your First Container

$ docker run hello-world Hello from Docker! This message shows that your installation appears to be working correctly.

Quiz

1. Docker uses _____ technology.

Hint: Packaging method

2. Docker containers share the host _____.

Hint: Core of OS

3. Docker stores images in _____.

Hint: Docker Hub

4. dockerd is the Docker _____.

Hint: Background service

5. The CLI controls Docker through the _____.

Hint: Background process

6. Containers are more _____ than VMs.

Hint: Less resource usage

7. Docker enables _____ dev-to-prod workflows.

Hint: Same everywhere

8. Run your first container with docker _____.

Hint: Command

Show Answers

Answers

  1. containerization
  2. OS kernel
  3. registry
  4. daemon
  5. daemon
  6. lightweight
  7. consistent
  8. run

// Images & Containers

×

What are Images?

Docker images are read-only templates used to create containers. They contain the application code, runtime, libraries, and dependencies.

# List local images docker image ls # Pull an image from Docker Hub docker pull ubuntu:22.04 # Remove an image docker rmi ubuntu:22.04

What are Containers?

Containers are running instances of images. They're lightweight and ephemeral—you can create, start, stop, and delete them.

# Run a container (creates from image) docker run ubuntu:22.04 # Run in interactive mode with terminal docker run -it ubuntu:22.04 /bin/bash # List running containers docker ps # List all containers (including stopped) docker ps -a

Container Lifecycle

# Start a stopped container docker start container_id # Stop a running container docker stop container_id # Remove a container docker rm container_id # View container logs docker logs container_id # Execute command in running container docker exec -it container_id /bin/bash

Container Naming

# Name a container docker run --name my-webserver nginx # Remove container on exit (--rm) docker run --rm -it ubuntu /bin/bash

Quiz

1. Images are _____ templates.

Hint: Cannot be modified

2. Containers are _____ instances of images.

Hint: Active

3. docker ps shows _____ containers.

Hint: Active ones

4. docker ps -a shows _____ containers.

Hint: Including stopped

5. docker run creates a new _____.

Hint: From image

6. --name flag assigns a _____.

Hint: Label

7. --rm removes container on _____.

Hint: When stopped

8. docker exec runs commands in _____.

Hint: Running instance

Show Answers

Answers

  1. read-only
  2. running
  3. running
  4. all
  5. container
  6. name
  7. exit
  8. container

// Dockerfile Basics

×

What is a Dockerfile?

A Dockerfile is a script containing instructions to build a Docker image. Each instruction creates a layer in the image.

# Example Dockerfile FROM ubuntu:22.04 RUN apt-get update && apt-get install -y nginx COPY index.html /var/www/html/ EXPOSE 80 CMD ["nginx", "-g", "daemon off;"]

Common Instructions

# FROM - base image (required) FROM python:3.11-slim # RUN - execute commands during build RUN pip install flask # COPY - copy files from context COPY ./app /app # WORKDIR - set working directory WORKDIR /app # ENV - environment variables ENV NODE_ENV=production # EXPOSE - document port EXPOSE 3000 # CMD - default command CMD ["node", "server.js"]

Building an Image

$ docker build -t myapp:1.0 . Sending build context to Docker daemon 2.048kB Step 1/5 : FROM python:3.11-slim ---> abc123def456 ... Successfully built d789abc12345 Successfully tagged myapp:1.0

Multi-stage Builds

# Build stage FROM node:18 AS builder WORKDIR /app COPY package*.json ./ RUN npm ci COPY . . RUN npm run build # Production stage FROM node:18-slim WORKDIR /app COPY --from=builder /app/dist ./dist CMD ["node", "server.js"]

Quiz

1. Dockerfile instructions create _____.

Hint: Image structure

2. FROM sets the _____ image.

Hint: Starting point

3. RUN executes during _____.

Hint: Image creation

4. COPY copies from the _____.

Hint: Build directory

5. -t flags the _____ image.

Hint: Name/version

6. CMD is the _____ command.

Hint: Runs if no cmd given

7. Multi-stage builds reduce _____.

Hint: Final image

8. WORKDIR sets the _____ directory.

Hint: Current directory

Show Answers

Answers

  1. layers
  2. base
  3. build
  4. context
  5. tag
  6. default
  7. size
  8. working

// Managing Data with Volumes

×

Why Volumes?

Containers are ephemeral—data is lost when they're deleted. Volumes persist data outside the container's filesystem.

# Named volumes - managed by Docker docker volume create mydata docker run -v mydata:/data myapp # Bind mounts - host directory docker run -v /host/path:/container/path myapp # Read-only mount docker run -v mydata:/data:ro myapp

Volume Types

# Anonymous volume (created automatically) docker run -v /data myapp # Named volume (persistent) docker run -v postgres-data:/var/lib/postgresql/data postgres # Bind mount for development docker run -v $(pwd):/app -w /app node:18 npm start # tmpfs mount (in memory) docker run --tmpfs /tmp myapp

Managing Volumes

$ docker volume ls DRIVER VOLUME NAME local mydata local postgres-data $ docker volume inspect mydata [ { "Mountpoint": "/var/lib/docker/volumes/mydata/_data", "Name": "mydata" } ] $ docker volume rm mydata

Sharing Data Between Containers

# Create shared volume docker volume create shared-data # Container 1 writes to volume docker run -v shared-data:/data writer # Container 2 reads from same volume docker run -v shared-data:/data reader

Quiz

1. Volumes persist data _____ containers.

Hint: Not inside

2. -v flag creates a _____.

Hint: Filesystem link

3. Named volumes are managed by _____.

Hint: The platform

4. Bind mounts link _____ directory.

Hint: Local filesystem

5. :ro makes mount _____.

Hint: Cannot write

6. tmpfs stores data in _____.

Hint: RAM

7. docker volume ls lists all _____.

Hint: Storage units

8. Container data is lost on _____.

Hint: When removed

Show Answers

Answers

  1. outside
  2. mount
  3. Docker
  4. host
  5. read-only
  6. memory
  7. volumes
  8. deletion

// Docker Networking

×

Docker Network Drivers

Docker provides different network drivers for various use cases.

# bridge - default, for standalone containers # host - removes network isolation # overlay - connects containers across hosts # macvlan - assigns MAC address to container # none - disables networking

Creating Networks

$ docker network create mynetwork $ docker network ls NETWORK ID NAME DRIVER SCOPE abc123 bridge bridge local def456 host host local ghi789 mynetwork bridge local jkl012 none null local

Connecting Containers

# Run container on custom network docker run --network mynetwork --name web nginx # Connect existing container to network docker network connect mynetwork web # Disconnect from network docker network disconnect mynetwork web

Container Communication

# DNS-based service discovery # Containers on same network can reach each other by name # From web container, reach database docker run --network mynetwork --name web nginx docker run --network mynetwork --name db postgres # In web container, connect to db:5432

Port Mapping

# Map host port to container port docker run -p 8080:80 nginx # Random host port docker run -P nginx # UDP port docker run -p 53:53/udp dns-server

Quiz

1. bridge is the _____ network driver.

Hint: Standard

2. docker network create makes a _____.

Hint: Isolated layer

3. Containers on same network communicate via _____.

Hint: Name resolution

4. -p flag maps _____.

Hint: Network ports

5. 8080:80 means host port _____ to container 80.

Hint: Left side

6. -P maps to _____ host ports.

Hint: Automatic

7. host driver removes _____.

Hint: Network separation

8. none disables _____.

Hint: All connectivity

Show Answers

Answers

  1. default
  2. network
  3. DNS
  4. ports
  5. 8080
  6. random
  7. isolation
  8. networking

// Docker Compose

×

What is Docker Compose?

Docker Compose is a tool for defining and running multi-container applications. With a single command, you can start your entire stack.

# docker-compose.yml version: '3.8' services: web: build: . ports: - "3000:3000" volumes: - .:/app" environment: - NODE_ENV=development" db: image: postgres:15 environment: POSTGRES_PASSWORD: secret volumes: - postgres-data:/var/lib/postgresql/data volumes: postgres-data:

Common Commands

$ docker-compose up -d Starting web ... done Starting db ... done $ docker-compose ps $ docker-compose logs -f $ docker-compose down $ docker-compose build

Service Dependencies

services: web: build: . depends_on: - db - redis healthcheck: test: ["CMD", "curl", "-f", "http://localhost:3000"] interval: 30s timeout: 10s retries: 3

Environment Variables

# .env file POSTGRES_PASSWORD=secret POSTGRES_DB=myapp # docker-compose.yml services: db: image: postgres:15 environment: POSTGRES_PASSWORD: \${POSTGRES_PASSWORD} POSTGRES_DB: \${POSTGRES_DB}

Quiz

1. Docker Compose manages _____ containers.

Hint: More than one

2. docker-compose.yml defines _____.

Hint: Application components

3. docker-compose up starts the _____.

Hint: All services

4. depends_on defines _____.

Hint: What starts first

5. docker-compose down stops and _____ containers.

Hint: Cleans up

6. Environment variables can come from _____ file.

Hint: Dot env

7. build key specifies the _____.

Hint: Image source

8. ports maps host to _____ ports.

Hint: Service ports

Show Answers

Answers

  1. multi
  2. services
  3. stack
  4. dependencies
  5. removes
  6. .env
  7. Dockerfile
  8. container

// Container Management

×

Inspecting Containers

$ docker inspect container_id { "Id": "abc123...", "Created": "2024-01-15T10:30:00Z", "State": { "Status": "running", "Running": true }, "Config": { "Image": "nginx:latest" }, "NetworkSettings": { "IPAddress": "172.17.0.2" } }

Container Stats

$ docker stats CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O abc123 web 0.05% 50MiB / 512MiB 9.77% 1.2MB / 800KB 10MB / 0B def456 db 0.12% 120MiB / 1GiB 11.72% 500KB / 1.5MB 50MB / 0B

Container Logs

# View logs docker logs container_id # Follow logs in real-time docker logs -f container_id # Show last N lines docker logs --tail 100 container_id # Show timestamps docker logs -t container_id # Since timestamp docker logs --since 2024-01-15T10:00:00Z container_id

Process Inspection

$ docker top container_id UID PID PPID C STIME TTY TIME CMD root 1234 1230 0 10:30 ? 00:00:00 nginx: master www 1250 1234 0 10:30 ? 00:00:00 nginx: worker

Resource Limits

# Limit memory docker run -m 512m nginx # Limit CPU docker run --cpus=1.5 nginx # Limit specific CPU cores docker run --cpuset-cpus=0,2 nginx # Restart policy docker run --restart=unless-stopped nginx

Quiz

1. docker inspect shows _____.

Hint: Full container info

2. docker stats shows _____ usage.

Hint: CPU/memory

3. -f flag follows _____.

Hint: Real-time

4. --tail shows last N _____.

Hint: Output lines

5. -m flag limits _____.

Hint: RAM

6. --cpus limits _____.

Hint: Processing power

7. docker top shows running _____.

Hint: Programs

8. unless-stopped is a _____ policy.

Hint: Auto-recovery

Show Answers

Answers

  1. details
  2. resource
  3. logs
  4. lines
  5. memory
  6. CPU
  7. processes
  8. restart

// Image Management

×

Image Layers

Docker images consist of multiple read-only layers. Each instruction in a Dockerfile creates a new layer.

$ docker history nginx:latest IMAGE CREATED SIZE latest 2 days ago 187MB <missing> 2 days ago 187MB ADD file:... <missing> 2 days ago 185MB CMD ["nginx"...] <missing> 2 days ago 54MB EXPOSE 80 <missing> 3 weeks ago 54MB ENV NGINX_VERSION=...

Tagging Images

$ docker tag myapp:latest myregistry.io/myapp:v1.0 $ docker tag myapp:1.0 myapp:latest

Pushing & Pulling

$ docker push myregistry.io/myapp:v1.0 v1.0: Pushing from cache ... latest: Pushing from cache $ docker pull myapp:latest

Pruning

# Remove unused images docker image prune # Remove all unused images docker image prune -a # Remove stopped containers docker container prune # Remove unused volumes docker volume prune # Remove unused networks docker network prune # Clean everything docker system prune

Saving & Loading

$ docker save -o myapp.tar myapp:latest $ docker load -i myapp.tar

Quiz

1. Docker images consist of _____ layers.

Hint: Many

2. docker history shows image _____.

Hint: Build history

3. docker tag creates an _____.

Hint: Additional name

4. docker push uploads to _____.

Hint: Docker Hub

5. docker prune removes _____ resources.

Hint: Not needed

6. docker save creates a _____ file.

Hint: Archive

7. -a flag means _____.

Hint: Everything

8. docker system prune cleans _____.

Hint: All types

Show Answers

Answers

  1. multiple
  2. layers
  3. alias
  4. registry
  5. unused
  6. tar
  7. all
  8. everything

// Best Practices

×

Dockerfile Optimization

# BAD - Multiple RUN layers FROM ubuntu RUN apt-get update RUN apt-get install -y nginx RUN apt-get clean # GOOD - Single layer FROM ubuntu RUN apt-get update && \ apt-get install -y nginx && \ apt-get clean && \ rm -rf /var/lib/apt/lists/*

Layer Caching

# Put rarely changing instructions first FROM python:3.11-slim WORKDIR /app # Copy dependencies first (caches) COPY requirements.txt . RUN pip install --no-cache-dir -r requirements.txt # Copy code last (changes often) COPY . .

Security Best Practices

# Run as non-root user FROM node:18-alpine RUN addgroup -S appgroup && adduser -S appuser -G appgroup USER appuser # Use specific versions, not latest FROM node:18.17.0-alpine3.18 # Scan for vulnerabilities # docker scan myimage # Don't expose secrets in image # Use runtime environment variables

Image Size

# Use Alpine base images FROM node:18-alpine # Multi-stage builds FROM node:18 AS builder RUN npm ci && npm run build FROM node:18-alpine COPY --from=builder /app/dist ./dist # Combine and remove unnecessary files RUN apk add --no-cache python3 && \ script.sh && \ rm -rf /var/cache/apk/*

Quiz

1. Combine RUN commands to reduce _____.

Hint: Image structure

2. Put rarely changing instructions _____.

Hint: At top of Dockerfile

3. USER directive switches to _____ user.

Hint: Regular user

4. Use _____ versions in production.

Hint: Not latest

5. Alpine images are _____.

Hint: Minimal size

6. Multi-stage builds reduce _____.

Hint: Final image

7. Don

Hint: Passwords/keys

8. npm ci is faster than npm _____.

Hint: Package manager

Show Answers

Answers

  1. layers
  2. first
  3. non-root
  4. specific
  5. smaller
  6. size
  7. secrets
  8. install

// Debugging Containers

×

Interactive Debugging

$ docker run -it --entrypoint /bin/bash myapp $ docker exec -it container_id /bin/bash # Alpine images use sh, not bash $ docker exec -it container_id /bin/sh

Container Exit Codes

# 0 - normal exit # 1 - general error # 125 - docker daemon error # 126 - command not executable # 127 - command not found # 130 - terminated by Ctrl+C # Check exit code docker inspect container_id --format='{{.State.ExitCode}}'

Health Checks

# Dockerfile with HEALTHCHECK FROM nginx HEALTHCHECK --interval=30s --timeout=3s \ --start-period=5s --retries=3 \ CMD curl -f http://localhost/ || exit 1 # docker-compose.yml services: web: image: nginx healthcheck: test: ["CMD", "curl", "-f", "http://localhost"] interval: 30s timeout: 3s retries: 3

Common Issues

# Container exits immediately # Check logs: docker logs container_id # Port already in use # Change host port: -p 8081:80 # Permission denied # Fix ownership: chown -R user:group /path # No space left # Prune: docker system prune

Troubleshooting Network

$ docker exec -it container_id cat /etc/hosts $ docker exec -it container_id ip addr $ docker exec -it container_id ping other-container $ docker network inspect bridge

Quiz

1. docker exec runs commands in _____ container.

Hint: Active

2. Alpine uses _____ shell.

Hint: Not bash

3. Exit code 0 means _____ exit.

Hint: Success

4. HEALTHCHECK reports container _____.

Hint: Status

5. docker logs shows _____.

Hint: Stdout/stderr

6. Port conflict uses another _____.

Hint: Network port

7. Permission denied needs _____.

Hint: User permissions

8. --interval sets health check _____.

Hint: How often

Show Answers

Answers

  1. running
  2. sh
  3. normal
  4. health
  5. output
  6. port
  7. ownership
  8. frequency

// Docker Registry

×

Docker Hub

Docker Hub is the default public registry for Docker images.

$ docker login Login Succeeded $ docker push username/myapp:latest $ docker logout

Private Registry

# Run local registry docker run -d -p 5000:5000 --name registry registry:2 # Tag for local registry docker tag myapp:latest localhost:5000/myapp:latest # Push to local registry docker push localhost:5000/myapp:latest # Pull from local registry docker pull localhost:5000/myapp:latest

Authentication

# Login to registry docker login registry.example.com # Store credentials (Linux) cat ~/.docker/config.json # Logout docker logout registry.example.com

Image Naming

# [registry]/[username/]image[:tag] # Official image nginx:latest # Docker Hub user image username/nginx:latest # Private registry registry.example.com:5000/myapp:v1.0 # Docker Hub organization myorg/webapp:latest

Quiz

1. Docker Hub is the _____ registry.

Hint: Standard

2. docker login authenticates to _____.

Hint: Image server

3. localhost:5000 is a _____ registry.

Hint: On your machine

4. Image format: registry/_____.

Hint: Name

5. docker push uploads the _____.

Hint: To registry

6. Credentials stored in _____ config.

Hint: Directory

7. Tag specifies _____.

Hint: Image version

8. Organizations use their _____ name.

Hint: Group

Show Answers

Answers

  1. default
  2. registry
  3. local
  4. image
  5. image
  6. docker
  7. version
  8. org

// Production Considerations

×

Logging Strategy

# JSON logging driver docker run --log-driver=json-file --log-opt max-size=10m --log-opt max-file=3 myapp # Syslog driver docker run --log-driver=syslog myapp # Splunk/Elasticsearch docker run --log-driver=splunk --log-opt splunk-token=TOKEN --log-opt splunk-url=https://splunk:8088 myapp

Resource Limits

# docker-compose.yml services: web: image: nginx deploy: resources: limits: cpus: '0.5' memory: 256M' reservations: cpus: '0.25' memory: 128M'

Health Checks in Production

services: api: image: myapp healthcheck: test: ["CMD", "curl", "-f", "http://localhost/health"] interval: 30s timeout: 10s retries: 3 start_period: 40s restart_policy: condition: on-failure delay: 5s max_attempts: 3 window: 120s

Secrets Management

# docker-compose.yml services: db: image: postgres:15 secrets: - db_password secrets: db_password: file: ./secrets/db_password.txt # Or use Docker Swarm secrets echo "mypassword" | docker secret create db_password -

Update Strategy

# Rolling update docker service update --image myapp:2.0 myservice # Rolling with health check docker service update --update-delay 10s --update-parallelism 1 myservice # Rollback docker service rollback myservice

Quiz

1. JSON logging driver writes to _____.

Hint: Disk

2. Memory limits use _____ suffix.

Hint: Units

3. start_period waits before _____ health.

Hint: Initial

4. Docker secrets store _____ data.

Hint: Passwords/keys

5. Rolling update replaces _____ instances.

Hint: One by one

6. docker service _____ reverts changes.

Hint: Undo

7. update-delay is between _____.

Hint: Service updates

8. Syslog sends logs to _____.

Hint: System logger

Show Answers

Answers

  1. files
  2. M or G
  3. checking
  4. sensitive
  5. gradual
  6. rollback
  7. updates
  8. system