Key Concepts

• Image vs Container
• Layers and caching
• Networks and volumes
• Dockerfile best practices

Quick Start

docker version
docker build -t my-app .
docker run --rm -p 3000:3000 my-app
docker ps
docker logs <container>

A Practical Dockerfile Pattern

# Example Node.js pattern (multi-stage)
FROM node:20-alpine AS deps
WORKDIR /app
COPY package*.json ./
RUN npm ci

FROM node:20-alpine AS build
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
RUN npm run build

FROM node:20-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production
COPY --from=build /app/.next ./.next
COPY --from=build /app/public ./public
COPY --from=build /app/package.json ./package.json
COPY --from=build /app/node_modules ./node_modules
EXPOSE 3000
CMD ["npm","run","start"]

Common Mistakes

• Copying everything before npm ci (breaks build cache).
• Storing secrets in images.
• Running as root in production without reason.
• Huge images: not using multi-stage builds.

Why We Use Docker

Teams use Docker to improve speed, reliability, and consistency. It reduces repetitive manual work, lowers failure risk, and makes collaboration easier across development and operations.

Where It Fits In DevOps

It standardizes runtime behavior from developer machine to production cluster and enables scalable deployment patterns.

Key Concepts

• Images
• Containers
• Networks

Concept Deep Dive

Images

Images is a core idea you’ll use repeatedly while working with Docker.

Why it matters: Understanding Images helps you design safer workflows and troubleshoot issues faster.

Practice:

• Explain Images in your own words (1 minute rule).
• Find where Images appears in real docs/configs for Docker.
• Create a small example that uses Images, then break it and fix it.

Containers

Containers is a core idea you’ll use repeatedly while working with Docker.

Why it matters: Understanding Containers helps you design safer workflows and troubleshoot issues faster.

Practice:

• Explain Containers in your own words (1 minute rule).
• Find where Containers appears in real docs/configs for Docker.
• Create a small example that uses Containers, then break it and fix it.

Networks

Networks is a core idea you’ll use repeatedly while working with Docker.

Why it matters: Understanding Networks helps you design safer workflows and troubleshoot issues faster.

Practice:

• Explain Networks in your own words (1 minute rule).
• Find where Networks appears in real docs/configs for Docker.
• Create a small example that uses Networks, then break it and fix it.

Core Workflow

1. Foundations

Start with core Docker concepts and basic setup so you can use it safely in day-to-day work.

Goals:

• Understand Docker fundamentals
• Set up local/dev environment
• Run first working example

2. Team Workflow

Integrate Docker into real team practices with repeatable conventions and collaboration patterns.

Goals:

• Adopt standards and naming conventions
• Integrate with repositories and CI/CD
• Create reusable templates

3. Production Operations

Use Docker in production with observability, security, and rollback plans.

Goals:

• Monitor behavior and failures
• Secure access and secrets
• Define incident and rollback flow

4. Scale and Optimization

Continuously improve reliability, performance, and cost while standardizing usage across services.

Goals:

• Improve performance and cost
• Automate compliance checks
• Document best practices for the team

Quick Start

1. Build image

docker build -t my-app .

1. Run container

docker run -p 3000:3000 my-app

1. List containers

docker ps

Tutorial Series

A tutorial-style sequence (like a handbook). Do these in order to build skill from beginner to production.

Tutorial 1: Build Your First Image

Goal: Package an app and run it in a container reliably.

Steps:

1. Verify you understand what the tool does and what problem it solves.
2. Install or enable it on your machine (or in a sandbox environment).
3. Run the smallest working example and write down what happened.
4. Build an image and run it locally.
5. Expose a port and verify it responds.

Checkpoints:

• You know image vs container
• You can map ports and read logs

Exercises:

• Reduce image size (multi-stage, slim base)
• Add a health check

Tutorial 2: Volumes and Persistence

Goal: Keep data safe across container restarts.

Steps:

1. Create a named volume and mount it.
2. Restart the container and confirm data remains.

Checkpoints:

• You understand what is ephemeral vs persistent
• You can inspect volumes

Exercises:

• Back up a volume to a tar file
• Restore the volume into a new container

Tutorial 3: Networking and Debugging

Goal: Debug common container issues: DNS, ports, env vars.

Steps:

1. Break one thing intentionally and practice debugging from logs/output.
2. Write a short checklist: what to check first, second, third.
3. Inspect networking and resolve a name (service discovery/DNS).
4. Exec into a container and validate environment variables.

Checkpoints:

• You can identify why a container cannot reach a dependency
• You can debug crash loops quickly

Exercises:

• Build a compose with app + db
• Write a checklist for container startup failures

Command Cheatsheet

• docker version: Show client/server version.
• docker info: Show runtime details (storage driver, cgroups).
• docker build -t my-app:dev .: Build an image from Dockerfile.
• docker build --no-cache -t my-app:dev .: Build without cache (debug build issues).
• docker history my-app:dev: Inspect image layers (size + commands).
• docker run --rm -p 3000:3000 my-app:dev: Run container and remove it on exit.
• docker run -it --rm my-app:dev sh: Start an interactive shell in the image.
• docker ps: List running containers.
• docker ps -a: List all containers.
• docker logs <container>: Show container logs.
• docker logs -f <container>: Follow logs (tail).
• docker exec -it <container> sh: Open shell in a running container.
• docker inspect <container>: Inspect container details (env, mounts, network).
• docker stop <container>: Stop a running container.
• docker rm <container>: Remove a container.
• docker rmi <image>: Remove an image.
• docker images: List local images.
• docker tag my-app:dev myrepo/my-app:1.0.0: Tag image for pushing.
• docker login: Login to a registry.
• docker push myrepo/my-app:1.0.0: Push image to registry.
• docker pull nginx:alpine: Pull an image from a registry.
• docker network ls: List networks.
• docker network inspect <net>: Inspect network config.
• docker volume ls: List volumes.
• docker volume inspect <vol>: Inspect a volume.
• docker compose up -d: Start services in background.
• docker compose ps: Show Compose service status.
• docker compose logs -f: Follow Compose logs.
• docker compose down -v: Stop services and remove volumes (dev reset).
• docker system df: Show disk usage by Docker objects.
• docker system prune: Clean unused docker resources.

Learning Path

• Dockerfile basics
• Compose multi-service apps
• Image optimization

Beginner To Advanced Path

Beginner Path (Foundations)

What to learn:

• Learn Docker terminology and the “why” behind it
• Install/setup and run a first working example
• Understand the main components and the default workflow
• Learn safe debugging: where to look when something fails
• Build a small checklist for your own repeatable setup
• Write notes (commands, errors, fixes) while learning

Hands-on labs:

• Follow a hello-world style tutorial and document every step
• Break one config intentionally and fix it (learn error patterns)
• Write a 10-command cheat sheet you can reuse later
• Create a simple diagram of the tool’s flow in your own words

Milestones:

• You can explain the tool in 2 minutes
• You can reproduce a working setup from scratch
• You can troubleshoot the top 3 common failures
• You can share a clean quick-start with someone else

Intermediate Path (Real Workflows)

What to learn:

• Use the tool inside a realistic DevOps workflow
• Create reusable templates/configs and standard naming conventions
• Add security basics: secrets handling and least privilege
• Reduce toil: automate repeated steps and build confidence
• Make the workflow faster and safer (cache, validations, checks)
• Document the workflow as if onboarding a new teammate

Hands-on labs:

• Integrate it with a CI pipeline (lint/build/test/deploy style flow)
• Parameterize config for dev/stage/prod environments
• Create a runbook: steps to validate and roll back a change
• Add a preflight validation step that blocks unsafe changes

Milestones:

• You can onboard another person with your docs
• You can run the tool consistently across environments
• You can explain tradeoffs (speed vs safety, flexibility vs complexity)
• You can debug failures using logs/outputs without guesswork

Advanced Path (Production & Scale)

What to learn:

• Operate the tool safely in production with guardrails
• Add observability: metrics/logs/traces and meaningful alerts
• Optimize performance/cost and standardize across multiple services
• Design failure modes and recovery (rollback, restore, incident flow)
• Create upgrade strategy and test it (versioning, compatibility)
• Create ownership: docs, alerts, dashboards, and operational SLAs

Hands-on labs:

• Add policy checks (security scans, approvals, protected environments)
• Load test or scale test the workflow and measure bottlenecks
• Create an incident simulation and write a postmortem template
• Automate audits: drift checks, compliance checks, and reports

Milestones:

• You can detect failures quickly and recover safely
• You can maintain the setup long-term (upgrade strategy, docs, ownership)
• You can explain architecture decisions and alternatives
• You can standardize patterns across multiple services/teams

Hands-On Labs

Beginner Labs

• Build and run a Docker container for a simple web app
• Expose ports correctly and verify health
• Mount a volume and verify persistence
• Debug a crash loop using logs and entrypoint changes

Intermediate Labs

• Create a multi-service compose setup (app + db)
• Implement multi-stage build and reduce image size
• Add non-root user and confirm permissions
• Add health checks and restart policies

Advanced Labs

• Benchmark startup time and optimize layers/caching
• Run vulnerability scanning and fix findings
• Add image signing / provenance (if your stack supports it)
• Build an incident playbook for container failures

Advanced Topics

• Layer caching strategy and reproducible builds
• Distroless/minimal base images and non-root runtime
• Multi-arch builds (amd64/arm64) and buildx
• Runtime security: seccomp, capabilities, read-only FS
• Production debugging patterns for Docker

Production Patterns

• Multi-stage builds, pinned base images, minimal runtime images
• Non-root containers (when possible) + read-only filesystem patterns
• Health checks and proper signal handling
• Standard image tagging (git sha) and registry hygiene for Docker
• Resource limits/requests in orchestrators

Real-World Scenarios

• Package an app with Docker so it runs the same locally and in production.
• Optimize image size and caching to speed up builds and reduce costs.
• Debug a container crash: entrypoint, environment variables, ports, and logs.

Troubleshooting

• Reproduce the issue with the smallest possible example
• Check logs/output first, then configuration, then permissions/credentials
• Validate inputs (versions, environment variables, file paths, network access)
• Rollback to last known-good state if production is affected
• Write down the root cause and add a guardrail so it does not repeat

Runbook Templates

Use these templates to make your docs feel like real production documentation.

Deploy Runbook

• Purpose
• Preconditions (secrets, access, approvals)
• Steps to deploy (exact commands)
• Post-deploy verification (health checks)
• Rollback steps
• Owner and escalation

Incident Triage Runbook

• Impact assessment (who is impacted?)
• Current signals (errors, latency, saturation)
• Recent changes (deploys, config, infra)
• First checks (logs, health endpoints, dependencies)
• Mitigation steps (rate limiting, rollback, scale)
• Follow-up actions (postmortem, guardrails)

Checklist (Copy/Paste)

• What changed since it last worked?
• What do logs say at the exact failure time?
• Is the service reachable on the expected port and DNS?
• Are credentials/permissions valid?
• Is disk full, memory exhausted, or CPU pegged?
• Do we have a safe rollback plan and is it tested?

Security & Best Practices

• Never hardcode secrets in code or commits
• Use least privilege (roles, scopes, minimal permissions)
• Prefer reproducible builds/configs over manual steps
• Add validations before applying changes (lint/validate/plan/dry-run)
• Keep documentation and runbooks updated
• Version pin critical dependencies and plan upgrades

Common Error Patterns

Symptom

Container starts then exits immediately

Likely cause: Wrong command/entrypoint, missing env var, or app crash

Fix steps:

• Check container logs first
• Run an interactive shell and inspect files/env
• Confirm ports and startup command

Symptom

Image is huge and builds are slow

Likely cause: No multi-stage build, poor layer caching, copying too much

Fix steps:

• Use multi-stage builds
• Copy dependency manifests first to improve caching
• Add .dockerignore and prune dev deps in runtime

FAQ

What is Docker used for?

Docker is used to standardize and automate parts of delivery and operations so teams can ship faster and more reliably.

How long does it take to learn Docker?

You can get productive in days with fundamentals, but production mastery comes from building workflows, debugging failures, and operating it over time.

What should I learn before Docker?

Learn basic Linux + Git first, then follow the prerequisites section. Fundamentals make every advanced topic easier.

How do I use Docker safely in production?

Add guardrails: least privilege, validation before apply/deploy, monitoring, and a tested rollback plan.

Common Mistakes

• Using defaults in production without security hardening
• Skipping monitoring and post-deployment validation
• No rollback strategy for failed changes
• Over-complex setup before mastering fundamentals

Production Readiness Checklist

• Access control and least privilege applied
• Secrets managed securely
• Monitoring and alerting enabled
• Rollback and recovery process tested
• Documentation updated for team onboarding

Mini Projects

• Build a small project that uses Docker in a realistic workflow
• Write a checklist for production usage
• Create a troubleshooting runbook for common failures
• Create a one-page internal doc: setup, usage, debugging, rollback

Interview Questions

• Explain what Docker is and where it fits in DevOps.
• Describe a real problem you solved using Docker.
• What can go wrong in production, and how do you detect and recover?
• What is the difference between an image and a container?
• How do you reduce image size and speed up builds?
• How do you debug a container that crashes immediately?

References

• Official documentation
• Video learning