Devops
How to Use This Series
Welcome to the Docker Compendium - a comprehensive guide for developers who use Docker daily but want to truly understand what's happening under the hood. This isn't a beginner tutorial. We assume you can write Dockerfiles and use docker-compose. What we'll teach you is why things work (or don't), and how to handle Docker in production like an expert.
π At a Glance
| Aspect | Details |
|---|---|
| Series Size | 20 articles, ~25,000 lines |
| Target Audience | Mid to Senior developers using Docker in production |
| Prerequisites | Can write Dockerfiles, use docker-compose, basic Linux knowledge |
| Time Investment | 10-40 hours depending on track |
| Key Outcome | Deep understanding of Docker internals + production expertise |
π― What You'll Learn
After completing this series, you will be able to:
- Understand internals: Know exactly what happens when you run
docker runordocker build - Optimize builds: Reduce build times from 20 minutes to 2 minutes with proper caching
- Debug anything: Fix containers that crash, won't start, or behave unexpectedly
- Secure containers: Harden production containers against common attack vectors
- Run production: Deploy with zero-downtime, monitor effectively, and troubleshoot issues
π₯ Introduction: Why This Series Exists
The Docker Knowledge Gap
I've been conducting technical interviews for years. The pattern I see is troubling:
Most developers use Docker. Few understand Docker.
They can write a Dockerfile, but not explain why their image is 2GB. They use docker-compose, but don't know why services can't communicate. They run containers in production, but panic when one crashes with no logs.
This gap shows up in production:
- 20-minute builds because cache invalidates on every change
- Random OOM kills because memory limits weren't understood
- Security vulnerabilities from running as root with all capabilities
- Hours of debugging because they don't know how to inspect a dead container
- Downtime during deployments because health checks weren't configured
Real Production Impact
Here are real incidents I've witnessed:
The 5GB Node.js Image
Team's Docker image grew to 5GB over 6 months. CI pipeline took 25 minutes just to push. Deployments timed out. Disk filled up. Root cause: No .dockerignore, node_modules copied twice. Fix: 150MB image, 3-minute builds.
The Zombie Apocalypse
Production container accumulated 1,847 zombie processes. Memory usage grew until OOM killer struck. Application had no graceful shutdown. Root cause: Running Node.js as PID 1 without init. Fix: Added --init flag, proper signal handling.
The "Works on My Machine" Classic
Container worked perfectly in development. Crashed immediately in production with exit code 1. No logs, no errors, just dead. Root cause: Missing environment variable, app crashed before logging initialized. Fix: Validate env vars at startup, fail fast with clear message.
This series prevents these incidents. Each article combines:
- Internals knowledge that gives you intuition for how things work
- Production stories showing what happens when things go wrong
- Debugging exercises that train your troubleshooting instincts
- Interview questions that prepare you for senior-level conversations
π§ Mental Model: The Docker Knowledge Pyramid
Think of Docker knowledge as a pyramid with three levels:
TEXT(13 lines)CodeLoading syntax highlighter...
Level 1 (Commands): Most developers live here. They know
docker run -p 8080:8080, can write a basic Dockerfile, and use docker-compose.Level 2 (Patterns): Better developers reach this level. They use multi-stage builds, configure health checks, and follow security best practices.
Level 3 (Internals): This is where expertise lives. Understanding why things work lets you debug anything, optimize effectively, and make informed architectural decisions.
This series focuses on Level 3 - because understanding internals unlocks mastery of Levels 1 and 2.
π¬ Deep Dive: Series Structure
20 Articles Organized by Topic
| # | Category | Articles | Focus |
|---|---|---|---|
| 0 | Introduction | 1 | This guide - how to navigate the series |
| 1-4 | Internals | 4 | Container runtime, images, builds, networking |
| 5-8 | Dockerfile | 4 | Optimization, multi-stage, base images, config |
| 9-13 | Runtime | 5 | Resources, volumes, logging, security, debugging |
| 14-16 | Compose | 3 | Advanced compose, dependencies, dev vs prod |
| 17-19 | Production | 3 | CI/CD, deployment patterns, monitoring |
| 20 | Reference | 1 | Cheatsheet and decision guide |
Article Dependencies
TEXT(48 lines)CodeLoading syntax highlighter...
Each Article Contains
| Section | Purpose | Time |
|---|---|---|
| π At a Glance | Quick overview, prerequisites | 30 sec |
| π― What You'll Learn | Learning objectives | 1 min |
| π₯ Production Story | Real-world incident that motivates the topic | 5 min |
| π§ Mental Model | Visual concept explanation | 5 min |
| π¬ Deep Dive | Technical details with code | 20 min |
| β οΈ Common Mistakes | What NOT to do | 5 min |
| π Debug This | Find-the-bug exercise | 10 min |
| π» Exercises | Hands-on practice (5 exercises) | 30 min |
| π€ Interview Questions | Senior-level Q&A | 10 min |
| π Quick Reference | Bookmarkable summary | 2 min |
| π Review Schedule | Spaced repetition plan | 1 min |
Total per article: ~90 minutes for complete coverage.
π€οΈ Learning Tracks: Choose Your Path
Track 1: Performance & Optimization (8 hours)
Goal: Make builds faster, images smaller, containers more efficient.
TEXT(2 lines)CodeLoading syntax highlighter...
You'll learn:
- Why builds are slow and how to fix it
- How to reduce image size by 90%
- Memory and CPU management for containers
Track 2: Security Focus (6 hours)
Goal: Harden containers for production security requirements.
TEXT(2 lines)CodeLoading syntax highlighter...
You'll learn:
- Security implications of base image choices
- How to handle secrets properly
- Container hardening techniques
Track 3: Production Operations (10 hours)
Goal: Run Docker in production with confidence.
TEXT(2 lines)CodeLoading syntax highlighter...
You'll learn:
- Logging and monitoring strategies
- Debugging production issues
- Zero-downtime deployments
Track 4: Complete Deep Dive (40 hours)
Goal: Master everything - become the Docker expert on your team.
TEXTCodeLoading syntax highlighter...
You'll learn:
- Everything. You'll be able to answer any Docker question.
β οΈ Common Mistakes (When Using This Series)
Mistake 1: Skipping the Internals
Problem: Jumping to Dockerfile optimization without understanding layers.
TEXT(7 lines)CodeLoading syntax highlighter...
Why it matters: Optimization without understanding is just cargo-culting. You need to know how layer caching works to optimize effectively.
Mistake 2: Reading Without Practicing
Problem: Passive reading doesn't build debugging skills.
TEXT(2 lines)CodeLoading syntax highlighter...
Do the exercises. The π Debug This sections are specifically designed to build troubleshooting instincts.
Mistake 3: Skipping Production Stories
Problem: Thinking "that won't happen to me."
TEXT(2 lines)CodeLoading syntax highlighter...
Production stories teach principles, not just specific fixes. The zombie process story teaches about PID namespaces and init responsibilities.
Mistake 4: Not Bookmarking Quick Reference
Problem: Re-reading entire articles when you need a reminder.
TEXT(2 lines)CodeLoading syntax highlighter...
Bookmark the π Quick Reference sections. They're designed for fast lookup.
π Debug This: Are You Ready?
Before starting this series, you should be able to answer these questions. If you can't, that's okay - but consider reviewing basic Docker tutorials first.
Question 1: What's the difference between
RUN, CMD, and ENTRYPOINT?π Check Your Answer
- RUN: Executes during build, creates a layer
- CMD: Default command when container starts, can be overridden
- ENTRYPOINT: Main executable, CMD becomes its arguments
DOCKERFILE(9 lines)CodeLoading syntax highlighter...
Question 2: How do you expose a container's port 8080 on host port 3000?
π Check Your Answer
BASHCodeLoading syntax highlighter...
Format:
-p HOST:CONTAINERThe host port (3000) is what you access from outside. The container port (8080) is what the app listens on inside.
Question 3: What's the difference between
COPY and ADD?π Check Your Answer
- COPY: Simply copies files/directories
- ADD: Copies + can extract archives + can fetch URLs
Best practice: Use
COPY unless you specifically need ADD's features.DOCKERFILE(5 lines)CodeLoading syntax highlighter...
If you answered all three correctly, you're ready for this series!
If you struggled, consider reviewing:
- Docker's official "Get Started" guide
- Basic Dockerfile reference
- docker-compose tutorial
Then come back - we'll be here.
π» Exercises
Exercise 1: Environment Check β
Verify your Docker environment is ready for this series.
BASH(12 lines)CodeLoading syntax highlighter...
β Expected Output
Docker version 24.x or higher Docker Compose version v2.x Hello from Docker! (from hello-world) Successfully built (from build test)
If any command fails, fix your Docker installation before continuing.
Exercise 2: Baseline Assessment ββ
Create a simple multi-stage Dockerfile to verify you understand basics.
DOCKERFILE(12 lines)CodeLoading syntax highlighter...
Questions to answer:
- How many layers does the final image have?
- Why use multi-stage here?
- What's the approximate size difference vs single-stage?
β Answers
-
Layers: The final image has layers from nginx:alpine plus one COPY layer. Node.js and build tools are NOT included.
-
Why multi-stage:
- Build dependencies (Node.js, npm) not needed at runtime
- Only static files go to production image
- Smaller image, smaller attack surface
-
Size difference:
- Single-stage with Node.js: ~1GB
- Multi-stage with nginx: ~25MB
- ~97% reduction
Exercise 3: Find Your Knowledge Gaps βββ
Answer these senior-level questions. Be honest - gaps are what we'll fill.
- What Linux kernel features does Docker use for isolation?
- Why might
docker buildbe slow even when "Using cache" appears? - What happens when a container exceeds its memory limit?
- How would you debug a container that exits immediately with no logs?
- What's the difference between
docker-compose upanddocker compose up?
β Answers
-
Kernel features: Namespaces (PID, NET, MNT, UTS, IPC, USER) for isolation, cgroups for resource limits, overlay filesystem for layers.
-
Slow with cache: Usually the build context. Even with cache hits, Docker must send the entire context to the daemon. Large context = slow start.
-
Memory exceeded: OOM killer terminates the container. Exit code 137 (128 + 9 for SIGKILL). No graceful shutdown.
-
Debug no-logs crash:
docker logs <container>(might be empty)docker inspect <container>(check State.ExitCode, State.Error)- Override entrypoint:
docker run --entrypoint sh <image> - Check events:
docker events
-
compose difference:
docker-compose(v1): Standalone Python tool, deprecateddocker compose(v2): Plugin integrated into Docker CLI, current standard
π€ Interview Questions
Q1: What makes someone a "Docker expert" vs just a "Docker user"?
Answer: A Docker user can write Dockerfiles and run containers. A Docker expert understands:
- Internals: Namespaces, cgroups, layer mechanics
- Optimization: Why builds are slow and how to fix them
- Debugging: How to investigate crashed containers, network issues
- Security: Attack vectors and hardening techniques
- Production: Deployment strategies, monitoring, troubleshooting
The expert can debug novel problems because they understand the underlying mechanics.
Q2: If you had 2 hours to improve a team's Docker practices, what would you focus on?
Answer: Three high-impact areas:
-
Add .dockerignore (~10 min): Often missing, causes huge context uploads and cache problems
-
Fix layer ordering (~30 min): Move dependency installation before code copy to cache effectively
-
Add health checks (~20 min): Prevents cascading failures from unhealthy containers
These three changes typically reduce build times by 50%+ and improve reliability significantly.
Q3: How would you explain Docker to a senior developer who's never used it?
Answer: "Docker lets you package your application with its entire environment - OS libraries, dependencies, configuration - into a single artifact called an image. When you run that image, you get a container, which is an isolated process that behaves identically everywhere: your laptop, CI server, or production.
Under the hood, it's not a VM - there's no hypervisor. Docker uses Linux kernel features (namespaces and cgroups) to isolate processes and limit their resources. This makes containers fast to start (milliseconds vs minutes for VMs) and efficient (no OS overhead per container).
The killer feature is reproducibility: if it works in the container locally, it works the same way in production."
π Summary & Key Takeaways
What We Covered
- Series Philosophy: This is for practitioners who want expertise, not beginners learning basics
- Knowledge Pyramid: Commands β Patterns β Internals (we focus on internals)
- Structure: 20 articles covering internals, Dockerfiles, runtime, compose, and production
- Learning Tracks: Choose based on your goals - optimization, security, operations, or complete mastery
Key Principles
- Internals unlock everything: Understanding how Docker works lets you debug anything
- Production stories teach principles: Real incidents illustrate concepts better than abstract explanations
- Practice builds skill: Reading about debugging isn't the same as debugging
Prerequisites Checklist
- Can write basic Dockerfiles
- Comfortable with docker-compose
- Basic Linux command line knowledge
- Docker 20.10+ installed
- Docker Compose v2 installed
π Quick Reference
Series At a Glance
| Block | Parts | Hours | Focus |
|---|---|---|---|
| Internals | 1-4 | 8 | How Docker really works |
| Dockerfile | 5-8 | 6 | Build optimization & security |
| Runtime | 9-13 | 10 | Operations & debugging |
| Compose | 14-16 | 6 | Multi-container patterns |
| Production | 17-19 | 6 | CI/CD & deployment |
| Reference | 20 | 2 | Cheatsheet |
Learning Track Quick Select
| Goal | Track | Parts | Hours |
|---|---|---|---|
| Faster builds | Performance | 1,3,5,6,9 | 8 |
| Better security | Security | 1,7,8,12 | 6 |
| Production ops | Operations | 1,11,13,15,17-19 | 10 |
| Everything | Complete | All | 40 |
π Review Schedule
Since this is the intro article, here's how to approach the series:
- Day 1: Read this article, complete exercises, identify your track
- Day 2-3: Start Part 1 (Container Internals)
- Weekly: Complete 2-3 articles per week
- After each article: Do the exercises before moving on
- Monthly: Review Quick Reference cards from completed articles
π Series Navigation
This is Part 0 - the series introduction.
Full Series:
- Part 0: How to Use This Series (You are here)
- Part 1: Container Internals
- Part 2: Image Anatomy
- Part 3: Build Process Deep Dive
- Part 4: Networking Internals
- Part 5-8: Dockerfile Mastery
- Part 9-13: Runtime & Operations
- Part 14-16: Docker Compose
- Part 17-19: Production Patterns
- Part 20: Cheatsheet & Decision Guide
Ready to understand Docker at a deeper level? Let's start with Part 1: Container Internals.