Docker & Kubernetesrirfditf

128 topics across 7 chapters

Chapter 1

Foundations (Linux + container fundamentals)

How containers work (namespaces, cgroups, runtimes)

3 subtopics

Understand namespaces and cgroups at a high level

Image vs container mental model (immutability, layers, lifecycle)

OCI images and container runtimes (containerd/CRI-O) overview

Linux CLI essentials for container/K8s work

3 subtopics

Practice Bash + coreutils (grep/sed/awk/find/xargs) for debugging

File permissions and ownership (UID/GID), and why they matter in containers

Processes and logs (ps/top/journalctl) basics for troubleshooting nodes

Networking fundamentals (TCP/IP, DNS, HTTP/TLS)

3 subtopics

TCP vs UDP, ports, NAT, and common diagnostics

DNS basics: records, recursion, caching, and typical failure modes

HTTP and TLS basics: certificates, SNI, and handshake troubleshooting

YAML/JSON for manifests and automation

3 subtopics

YAML syntax essentials: indentation, lists/maps, anchors, and pitfalls

JSON tooling for ops: jq and JSONPath basics

Labels/annotations/selectors basics (foundation for queries and automation)

Chapter 2

Docker Essentials

Docker basics: install, run, inspect, troubleshoot

3 subtopics

Install Docker (or Docker Desktop) and understand daemon vs client

Use docker run/exec/logs/inspect and basic troubleshooting patterns

Registries: pull/push, tags, digests, and auth basics

Images & Dockerfiles

3 subtopics

Write efficient Dockerfiles (layering, caching, .dockerignore)

Multi-stage builds to reduce image size and attack surface

Image scanning and SBOM basics (what to scan, what to fix)

Volumes & data management

2 subtopics

Bind mounts vs named volumes: when and why

Back up and restore Docker volume data

Container networking (ports, bridge networks, DNS)

3 subtopics

Port mapping and basic service discovery patterns

Troubleshoot DNS/MTU/iptables issues in container networking

Know common Docker network drivers (bridge/host/overlay) at a high level

Docker Compose & local development workflows

3 subtopics

Use docker compose up/down, env files, and healthchecks

Compose overrides and profiles for dev/test/prod parity

Dev containers pattern: reproducible local dev environments

Chapter 3

Kubernetes Fundamentals

Kubernetes architecture & core components

2 subtopics

Control plane components: API server, etcd, controller-manager, scheduler

Node components overview: kubelet, kube-proxy, CNI plugins

↗ YAML/JSON for manifests and automation (see Chapter 1)

Workloads: Pods, Deployments, Jobs

3 subtopics

Create a Deployment and practice rollout/rollback strategies

Health checks: readiness/liveness/startup probes and lifecycle hooks

Jobs and CronJobs: batch processing patterns

Service discovery: Services, DNS, endpoints

3 subtopics

Service types: ClusterIP, NodePort, LoadBalancer (and tradeoffs)

CoreDNS basics: names, search domains, and debugging

Endpoints vs EndpointSlices: what changes and why it matters

Configuration & storage in Kubernetes

3 subtopics

ConfigMaps and Secrets: patterns and pitfalls

Storage basics: PVs, PVCs, StorageClasses

StatefulSets: stable identity, ordered rollout, and storage implications

Scheduling, resources & autoscaling

3 subtopics

Requests/limits and QoS classes: avoid noisy-neighbor issues

Autoscaling overview: HPA/VPA/Cluster Autoscaler concepts

Placement controls: taints/tolerations, affinity/anti-affinity

Chapter 4

Packaging, Delivery & CI/CD

↗ YAML/JSON for manifests and automation (see Chapter 1)

Build pipelines for container images

4 subtopics

Build in CI with BuildKit/buildx and reproducible builds basics

Image tagging strategy (semver, git sha) and provenance basics

Registry caching and dependency management for faster pipelines

Software supply chain basics: provenance/SLSA concepts (high level)

Helm and templating

3 subtopics

Helm chart structure: Chart.yaml, templates/, values.yaml

Values and templating: common patterns (helpers, conditionals, loops)

Helm vs Kustomize vs Helmfile: when to use what

GitOps and release management

3 subtopics

GitOps controllers (Argo CD / Flux) concepts and workflow

Progressive delivery: canary and blue/green deployments

Versioning & promotion: dev→stage→prod release flow

CI quality gates: testing, linting, policy checks

3 subtopics

Spin up ephemeral clusters in CI (kind/minikube) and run smoke tests

Lint/validate manifests (yamllint, kubeconform) to catch errors early

Test Helm charts (template tests and basic integration tests)

Chapter 5

Networking, Ingress & Traffic

↗ Networking fundamentals (TCP/IP, DNS, HTTP/TLS) (see Chapter 1)

↗ Container networking (ports, bridge networks, DNS) (see Chapter 2)

Kubernetes networking model

3 subtopics

CNI basics and pod-to-pod connectivity (routing vs overlay)

NetworkPolicies: restrict traffic safely and test the rules

Service mesh overview (what it solves, what it costs)

Ingress, Gateway API & TLS

3 subtopics

Ingress controllers (NGINX/Traefik) basics and common misconfigs

Gateway API concepts and when to prefer it over Ingress

TLS in Kubernetes: termination, cert-manager, and renewal basics

Network troubleshooting toolkit

3 subtopics

Use curl/dig/tcpdump from pods/nodes to diagnose connectivity

Debug with ephemeral containers and common kubectl debug patterns

Traffic tracing patterns: port-forward, exec, sidecars, and logs

Chapter 6

Observability & Operations (Day-2)

Logging

3 subtopics

Container logging basics: stdout/stderr, log drivers, rotation

Centralize logs with an agent (Fluent Bit/Vector) and route to a backend

Kubernetes events and audit logs: what they tell you (and what they don’t)

Metrics & alerting

3 subtopics

Prometheus basics: scraping, labels, and cardinality awareness

Grafana dashboards: build useful panels for latency/errors/saturation

Alertmanager basics: routing, grouping, and noise reduction

Distributed tracing

2 subtopics

OpenTelemetry concepts: traces, spans, context propagation

Tracing backends overview: Jaeger/Tempo and common gotchas

Day-2 operations: upgrades, backups, maintenance

3 subtopics

Cluster upgrade strategy: versions, node pools, and safe rollouts

Backups/restore: etcd and apps (e.g., Velero) basics

Resource cleanup and cost controls (requests/limits hygiene, bin-packing)

Reliability patterns

3 subtopics

100

PodDisruptionBudgets and safe maintenance windows

101

SLO mindset: error budgets and aligning probes with real availability

102

Chaos testing basics: what to simulate and how to learn safely

Chapter 7

Security & Governance

103

Container image security

3 subtopics

↗ Image scanning and SBOM basics (what to scan, what to fix) (see Chapter 2)

104

Least-privilege images: non-root user, minimal base, read-only filesystem

105

Sign and verify images (cosign) at a high level

106

Kubernetes authentication & authorization

3 subtopics

107

Kubeconfig files, contexts, and safe access habits

108

RBAC: Roles/ClusterRoles, (Cluster)RoleBindings, and common mistakes

109

OIDC integration concepts and mapping identities to RBAC

110

Pod security & runtime hardening

3 subtopics

111

SecurityContext: capabilities, seccomp, fsGroup, and common defaults

112

Pod Security Standards and admission control basics

113

Runtime detection overview (Falco) and what signals to alert on

114

Supply chain security & secrets management

3 subtopics

115

Secrets delivery patterns: External Secrets Operator / CSI driver basics

↗ Software supply chain basics: provenance/SLSA concepts (high level) (see Chapter 4)

116

Secret rotation patterns and minimizing secret blast radius

117

Governance and multi-tenancy

3 subtopics

118

Namespaces, quotas, and LimitRanges for safe multi-team clusters

119

Tenant isolation using NetworkPolicies and separate ingress paths

120

Policy as code basics (OPA Gatekeeper / Kyverno) and enforcement strategy