Learn Docker Roadmap

A practical roadmap to go from zero Docker knowledge to confidently containerizing apps, composing multi-service environments, and shipping images in CI/CD pipelines.

study, coding, productivity

by Morris

Container Concepts

Before touching the CLI, understand what containers are and why they exist. Most Docker confusion comes from skipping this.

  • Understand the problem Docker solves
  • Learn the difference between VMs and containers
  • Understand the key terms: image, container, layer, registry, Dockerfile
  • Understand why containers are ephemeral by default
  • Read the official "Docker overview" documentation page

Docker Installation and CLI Basics

Install Docker and learn the essential commands to run and inspect containers.

  • Install Docker Desktop (Mac/Windows) or Docker Engine (Linux)
  • Run your first container with docker run
  • Learn the essential container lifecycle commands
  • Learn image management commands
  • Inspect a running container's metadata and config

Working with Images

Images are the core unit of Docker. Understanding layers and tags is essential for efficient workflows.

  • Understand image layers and why they matter for caching
  • Understand image tags and the latest trap
  • Pull images from Docker Hub and explore available tags
  • Build an image and tag it
  • Inspect image layers with docker history
  • Push an image to Docker Hub

Writing Dockerfiles

The Dockerfile is the recipe for your image. Learning its instructions and best practices directly affects image size, build speed, and security.

  • Learn the core Dockerfile instructions
  • Understand CMD vs ENTRYPOINT
  • Order Dockerfile instructions to maximize layer cache hits
  • Create a .dockerignore file
  • Build a multi-stage Dockerfile to produce a minimal production image
  • Choose minimal base images: prefer alpine or distroless over full OS images

Container Management

Day-to-day commands for working with running containers.

  • Map container ports to host ports
  • Pass environment variables to containers
  • Execute commands inside a running container
  • Name containers for easier management
  • Understand container restart policies

Volumes and Data Persistence

Containers are ephemeral - data written inside is lost on removal. Volumes solve this.

  • Understand the two main persistence mechanisms: named volumes and bind mounts
  • Know when to use each type
  • Persist a PostgreSQL database with a named volume
  • List, inspect, and remove volumes
  • Use bind mounts for live code reloading during development

Networking Between Containers

Containers need to talk to each other. Docker networking makes this safe and straightforward.

  • Understand the default bridge network and its limitations
  • Create a custom bridge network for container name resolution
  • Expose ports vs publish ports
  • Connect a container to multiple networks
  • Inspect network configuration with docker network inspect

Docker Compose

Compose lets you define and run multi-container apps with a single YAML file. It is the standard tool for local development environments.

  • Write a docker-compose.yml for a simple web app with a database
  • Learn the essential Compose commands
  • Use an env file with Compose to avoid hardcoding secrets
  • Understand depends_on and service health checks
  • Use Compose profiles to separate dev-only services (e.g., a DB admin UI)
  • Override compose config for different environments with compose.override.yml

Docker in CI/CD Pipelines

Using Docker in CI ensures your tests run in the same environment as production.

  • Build and push a Docker image in a GitHub Actions workflow
  • Use multi-stage builds to keep CI images small
  • Cache Docker layers in CI to speed up builds
  • Run tests inside a container in CI to match the production environment
  • Tag images with the git commit SHA for full traceability

Security Best Practices

Default Docker configurations are convenient but not secure. These changes matter most.

  • Never run containers as root
  • Use minimal base images to reduce the attack surface
  • Scan images for vulnerabilities with docker scout or trivy
  • Never put secrets in Dockerfiles or image layers
  • Set the filesystem to read-only where possible
  • Use Docker Content Trust to verify image authenticity

Registry and Image Distribution

Publishing and consuming images from registries - the last step before deployment.

  • Push an image to Docker Hub
  • Use GitHub Container Registry (ghcr.io) for private images
  • Design a tagging strategy for production deployments
  • Pull and run an image from a private registry
  • Set up automated image builds on push with GitHub Actions

Real-World Project

Containerize a complete multi-service application to apply everything from this roadmap.

  • Choose a project: containerize an existing app or build a new one
  • Write a production-grade Dockerfile with multi-stage build and non-root user
  • Write a docker-compose.yml for the full local development environment
  • Add a .dockerignore file and verify the image size is reasonable
  • Set up a GitHub Actions workflow to build and push the image on each push to main
  • Deploy the container to a cloud service (Fly.io, Railway, Render, or a VPS)
  • Scan the final image for vulnerabilities and fix any critical findings