Learning Trajectory
Prerequisites
- Basic command-line familiarity (Linux/Windows/Mac)
- Understanding of fundamental IT concepts (processes, networking, storage)
- A computer with at least 8GB RAM and virtualization enabled (optional but recommended)
Phase 1: Docker Fundamentals (Beginner)
Goal: Understand what containers are, install Docker, and run your first container.
| Module | Topics | Hands-On Tasks | Resources |
|---|---|---|---|
| 1.1 Introduction to Containerization | - What are containers? - Containers vs. Virtual Machines - Benefits of Docker | - None (conceptual) | Docker Overview |
| 1.2 Installing Docker | - Docker Desktop (Windows/Mac) - Docker Engine on Linux - Verify installation | - Install Docker - Run docker --version - Run docker run hello-world | Install Docker |
| 1.3 Docker Architecture | - Docker daemon, client, registries - Images, containers, layers - Basic workflow | - Explore docker info - Understand CLI vs daemon | Docker Architecture |
| 1.4 Working with Images | - Pulling images (docker pull) - Listing images ( docker images) - Image tags - Removing images | - Pull Ubuntu, Nginx images - Explore different tags | Docker Images |
| 1.5 Running Containers | - docker run basics (detached, interactive) - Container lifecycle (start, stop, restart, rm) - Inspecting containers ( docker ps, docker logs) | - Run an interactive Ubuntu container - Run a detached Nginx container - View logs and stop containers | docker run reference |
TIP
Estimated time: 2–3 days (4–6 hours total)
Phase 2: Building Custom Images (Beginner–Intermediate)
Goal: Learn to create your own Docker images using Dockerfiles.
| Module | Topics | Hands-On Tasks | Resources |
|---|---|---|---|
| 2.1 Dockerfile Basics | - FROM, RUN, CMD, ENTRYPOINT - Build context - Building an image ( docker build) | - Create a simple Dockerfile for a Python/Node.js app - Build and run it | Dockerfile reference |
| 2.2 Layering and Caching | - How layers work - Layer caching for faster builds - Best practices for Dockerfile | - Modify a Dockerfile and observe build caching - Optimize a Dockerfile | Best practices |
| 2.3 Environment Variables and Arguments | - ENV vs ARG - Passing build-time variables - Using env vars in containers | - Create a Dockerfile that accepts a build argument - Run container with custom env vars | ARG and ENV |
| 2.4 Multi-stage Builds | - Why multi-stage? - Reducing image size - Build patterns (e.g., builder pattern) | - Convert a single-stage Dockerfile to multi-stage - Compare image sizes | Multi-stage builds |
| 2.5 Tagging and Pushing Images | - Tagging images locally - Docker Hub and private registries - docker push | - Tag an image and push to Docker Hub - Pull from another machine | Share images on Docker Hub |
TIP
Estimated time: 3–4 days (6–8 hours)
Phase 3: Data Persistence & Storage (Intermediate)
Goal: Understand how to manage data in containers.
| Module | Topics | Hands-On Tasks | Resources |
|---|---|---|---|
| 3.1 Container Storage Basics | - Writable layer - Ephemeral nature of containers - Need for volumes | - Run a container, create a file, stop and remove it – file disappears | Storage overview |
| 3.2 Volumes | - Creating and managing volumes - Mounting volumes into containers - Volume drivers | - Create a volume and mount it to an Nginx container - Persist web content | Volumes |
| 3.3 Bind Mounts | - Mounting host directories - Use cases (development, config) - Differences from volumes | - Use bind mount for live code reload during development - Modify files from host and see changes in container | Bind mounts |
| 3.4 tmpfs Mounts | - In-memory storage - Use cases (sensitive data, temporary files) | - Run a container with tmpfs mount - Verify data is not persisted | tmpfs mounts |
| 3.5 Backup and Restore | - Backing up volumes - Restoring from backup | - Create a backup of a volume using a helper container | Community tutorials |
TIP
Estimated time: 2–3 days (4–6 hours)
Phase 4: Networking in Docker (Intermediate)
Goal: Understand container networking, communication between containers, and external access.
| Module | Topics | Hands-On Tasks | Resources |
|---|---|---|---|
| 4.1 Docker Network Basics | - Network drivers (bridge, host, none) - Default networks | - Inspect default networks (docker network ls) - Run containers on different networks | Networking overview |
| 4.2 Bridge Networks | - User-defined bridge networks - Automatic DNS resolution - Container-to-container communication | - Create a bridge network - Run two containers on that network, ping by name | Bridge network |
| 4.3 Host and None Networks | - Host network performance - When to use none | - Run a container with --net=host - Compare port binding behavior | Host network |
| 4.4 Exposing Ports | - Publishing ports (-p) - Port mapping to host | - Run a web app and access from browser via mapped port | Container ports |
| 4.5 Container Network Models (CNM) | - How Docker implements networking - Plugins and overlays (conceptual) | - Explore with docker network inspect | CNM |
TIP
Estimated time: 2–3 days (4–6 hours)
Phase 5: Docker Compose (Intermediate)
Goal: Manage multi-container applications with Docker Compose.
| Module | Topics | Hands-On Tasks | Resources |
|---|---|---|---|
| 5.1 Introduction to Compose | - What is Compose? - docker-compose.yml structure - Services, networks, volumes | - Write a simple Compose file for a web app + database | Compose overview |
| 5.2 Compose Commands | - docker-compose up/down - docker-compose logs, ps, exec - Building with Compose | - Start and stop the multi-container app - View logs and run commands inside a service | Compose CLI |
| 5.3 Environment Variables in Compose | - Using .env files - Variable substitution - environment vs env_file | - Parameterize your Compose file with env vars | Environment variables in Compose |
| 5.4 Compose Networking | - Automatic network creation - Service discovery via service name | - Verify that services can communicate using service names | Networking in Compose |
| 5.5 Compose for Development vs Production | - Override files - Profiles - Best practices | - Create separate dev and prod override files | Compose in production |
| 5.6 Project: Full-stack app with Compose | - Example: WordPress + MySQL, or React + Node + MongoDB | - Build a complete application stack using Compose | Sample apps |
TIP
Estimated time: 4–5 days (8–10 hours)
Phase 6: Docker in Development & Production (Intermediate–Advanced)
Goal: Learn best practices for using Docker in real-world scenarios.
| Module | Topics | Hands-On Tasks | Resources |
|---|---|---|---|
| 6.1 Docker for Development | - Using bind mounts for live reload - Debugging inside containers - Development-specific images | - Set up a development environment with hot reload | Use containers for development |
| 6.2 Docker for Testing | - Isolated test environments - Running tests in CI pipelines | - Create a test script that runs in a container | Docker in CI |
| 6.3 Optimizing Images for Production | - Minimize layers - Use slim/base images - Security scanning | - Analyze image with docker scan or Trivy - Reduce image size | Docker security scanning |
| 6.4 Logging and Monitoring | - Logging drivers - Container logs with docker logs - Integrating with ELK/Prometheus | - Configure a container to use json-file or syslog driver - View logs | Configure logging drivers |
| 6.5 Resource Constraints | - Limiting CPU and memory - Understanding docker stats - OOM killer | - Run containers with memory/cpu limits - Monitor with docker stats | Resource constraints |
TIP
Estimated time: 3–4 days (6–8 hours)
Phase 7: Docker Security (Advanced)
Goal: Understand security best practices and how to secure Docker environments.
| Module | Topics | Hands-On Tasks | Resources |
|---|---|---|---|
| 7.1 Security Overview | - Attack surface - Docker daemon security - Container isolation (namespaces, cgroups) | - Explore namespaces with lsns (on Linux) | Docker security |
| 7.2 Image Security | - Trusted base images - Vulnerability scanning - Content trust (Docker Notary) | - Enable Docker Content Trust - Scan an image | Docker Content Trust |
| 7.3 Runtime Security | - Running containers as non-root - Dropping capabilities - Read-only root filesystem | - Create a Dockerfile that runs as non-root - Run a container with limited capabilities | Runtime security |
| 7.4 Secrets Management | - Using Docker secrets (Swarm) - Alternatives (Hashicorp Vault, environment files) | - (If Swarm) Create and use a secret - Or use bind-mounted secrets | Manage sensitive data |
| 7.5 Security Benchmarks | - Docker Bench Security - CIS benchmarks | - Run Docker Bench Security and review findings | Docker Bench |
TIP
Estimated time: 3–4 days (6–8 hours)
Phase 8: Orchestration with Docker Swarm (Advanced)
Goal: Learn basic container orchestration using Docker's native swarm mode.
| Module | Topics | Hands-On Tasks | Resources |
|---|---|---|---|
| 8.1 Introduction to Swarm | - Swarm mode overview - Managers and workers - Raft consensus | - Initialize a single-node swarm (docker swarm init) | Swarm mode overview |
| 8.2 Services and Tasks | - Deploying services - Replicated vs global services - Scaling services | - Deploy an Nginx service with 3 replicas - Scale up/down | Deploy services |
| 8.3 Swarm Networking | - Overlay networks - Routing mesh (ingress) - Service discovery | - Create an overlay network - Deploy services across it | Swarm networking |
| 8.4 Stacks and Compose | - Deploying a stack from a Compose file - docker stack deploy | - Convert a Compose app to a stack and deploy to swarm | Deploy a stack |
| 8.5 Rolling Updates and Rollbacks | - Update strategies - Health checks - Rollback on failure | - Perform a rolling update of a service - Trigger a rollback | Update a service |
| 8.6 Swarm Security | - Secrets in Swarm - Encrypted networks - RBAC (swarm join tokens) | - Create and use Docker secrets in a service | Swarm security |
TIP
Estimated time: 4–5 days (8–10 hours)
Phase 9: Introduction to Kubernetes (Advanced – Optional but Recommended)
Goal: Understand how Kubernetes extends container orchestration beyond Swarm.
| Module | Topics | Hands-On Tasks | Resources |
|---|---|---|---|
| 9.1 Kubernetes vs Swarm | - High-level comparison - When to use which | - Conceptual only | Kubernetes vs Swarm |
| 9.2 Kubernetes Basics | - Pods, deployments, services - kubectl basics - Minikube or kind | - Install Minikube/kind - Deploy a simple nginx pod | Kubernetes Basics |
| 9.3 Running Docker Containers in K8s | - Container images - YAML manifests - Port mapping | - Write a deployment YAML and expose with a service | K8s deployment |
| 9.4 K8s Volumes and ConfigMaps | - Persistent volumes - ConfigMaps and secrets | - Mount a ConfigMap as environment variables or volume | Configure a Pod |
| 9.5 Helm Basics | - What is Helm? - Charts, repositories, releases | - Install a Helm chart (e.g., WordPress) | Helm |
TIP
Estimated time: 5–7 days (10–14 hours)
Phase 10: Advanced Docker Internals & Performance (Expert)
Goal: Deep dive into Docker internals, performance tuning, and contributing.
| Module | Topics | Hands-On Tasks | Resources |
|---|---|---|---|
| 10.1 Docker Internals | - runc, containerd, shim - OCI specifications - Namespaces and cgroups deep dive | - Explore /sys/fs/cgroup on Linux - Use runc directly | Docker architecture deep dive |
| 10.2 Image Internals | - Image manifest - Layers and content-addressable storage - Building images without Docker (jib, buildah) | - Inspect an image with docker image inspect - Use dive to analyze layers | Image specification |
| 10.3 Performance Tuning | - Storage drivers (overlay2, devicemapper) - Network performance - Tuning daemon options | - Change Docker storage driver (if possible) - Run benchmarks | Performance tuning |
| 10.4 Debugging and Troubleshooting | - docker events, docker system df - Debugging containers with nsenter - Common issues and solutions | - Simulate a container that hangs and debug | Troubleshooting |
| 10.5 Extending Docker | - Docker API - Writing Docker plugins - Contributing to Docker open source | - Try a simple API call with curl - Explore plugin SDK | Docker API |
| 10.6 CI/CD Integration | - Docker in Jenkins/GitLab CI - Building and pushing images in pipelines - Caching strategies | - Set up a simple CI pipeline that builds and pushes an image | Docker + CI/CD |
TIP
Estimated time: 5–6 days (10–12 hours)
Phase 11: Capstone Projects (Expert)
Goal: Apply all knowledge in realistic projects.
| Project | Description | Key Concepts Covered |
|---|---|---|
| 1. Microservices Application | Build a multi-service app (e.g., online store) with frontend, backend, database, cache, and message queue. Use Docker Compose for dev, Swarm or K8s for prod. | Compose, networking, volumes, orchestration, secrets |
| 2. Custom Docker Registry | Set up a private Docker registry with authentication, TLS, and garbage collection. | Registries, security, certificates |
| 3. CI/CD Pipeline with Docker | Create a full pipeline: code commit triggers build, test, and deployment to a staging environment. | CI/CD, Docker in CI, orchestration |
| 4. Docker Security Hardening | Take an existing vulnerable application and apply security best practices: non-root, read-only fs, capability dropping, image scanning. | Security, Dockerfile best practices |
| 5. Contribute to an Open Source Project | Pick a Docker-related project (e.g., Moby, Compose) and contribute a small fix or documentation. | Community, internals |
TIP
Estimated time: 2–3 weeks (depending on pace)
Additional Resources
- Official Documentation: docs.docker.com
- Books: "Docker Deep Dive" by Nigel Poulton, "The Docker Book" by James Turnbull
- Online Courses: Docker Mastery (Udemy), A Cloud Guru, Coursera
- Labs: Play with Docker (labs.play-with-docker.com), Katacoda scenarios
- Community: Docker Community Slack, Stack Overflow, Reddit r/docker
Suggested Study Plan
| Week | Focus |
|---|---|
| 1 | Phases 1–2 (Fundamentals, Images) |
| 2 | Phases 3–4 (Storage, Networking) |
| 3 | Phases 5–6 (Compose, Dev/Prod) |
| 4 | Phase 7 (Security) |
| 5 | Phase 8 (Swarm) |
| 6 | Phase 9 (Kubernetes intro) |
| 7 | Phase 10 (Advanced Internals) |
| 8+ | Phase 11 (Projects) |
TIP
Adjust based on your pace. The key to expertise is consistent practice and building real projects. Good luck on your Docker journey!