
---

# 🐳 **Docker**

---

## ⚙️ 0. Core Components

* **Engine** → main platform (daemon + CLI)
* **Daemon (`dockerd`)** → manages containers/images
* **CLI (`docker`)** → command-line client
* **Image** → blueprint for containers
* **Container** → running instance of image
* **Dockerfile** → script to build images
* **Registry (Hub/Private)** → image store
* **Volumes** → persistent data storage
* **Networks** → communication between containers

---

## 🔰 1. Introduction

* **What & Why** → portable, fast, lightweight apps
* **VM vs Docker** → VMs = heavy, Docker = lightweight
* **Image vs Container** → blueprint vs running app
* **Architecture** → Engine · Daemon · CLI · Registry

---

## 📦 2. Installation & Setup

* **Desktop (Win/Mac)** → GUI + CLI + Compose
* **Linux** → install via `apt`/`yum`
* **Verify** → `docker --version`, `docker run hello-world`
* **Login** → `docker login`

---

## 🏗️ 3. Images & Containers

* Pull → `docker pull nginx`
* Run → `docker run -d -p 8080:80 nginx`
* Manage → `docker ps`, `docker stop`, `docker rm`
* Inspect → `docker logs`, `docker exec -it <c> sh`
* Ports → `-p host:container`
* Volumes → `-v vol:/data`

---

## 🛠️ 4. Dockerfile & Builds

* Common commands → `FROM`, `RUN`, `COPY`, `CMD`, `EXPOSE`
* Multi-stage builds → smaller images
* Best practices → slim base, `.dockerignore`, non-root user

---

## 📂 5. Volumes & Bind Mounts

* **Anonymous** → temporary
* **Named** → reusable (prod)
* **Bind mount** → host folder ↔ container (dev)
* Commands → `docker volume create/ls/inspect/rm`

---

## 🌐 6. Networking

* **Bridge** → default single-host net
* **User-defined bridge** → DNS by name (recommended)
* **Host** → share host net (Linux)
* **None** → isolated
* **Overlay** → multi-host (Swarm)

---

## 🧩 7. Docker Compose

* Define multi-container apps in `compose.yaml`
* Run → `docker compose up -d`
* Stop → `docker compose down`
* Logs → `docker compose logs -f`
* Good for dev/test, not production scale

---

## 🔄 8. Image Management

* Tag → `docker tag myapp user/myapp:v1`
* Push → `docker push user/myapp:v1`
* Save/Load → `docker save` · `docker load`
* Cleanup → `docker image prune`, `docker system prune`

---

## 🔒 9. Security Basics

* Run as **non-root**
* Drop privileges: `--cap-drop ALL`
* Lock resources → `--memory`, `--cpus`, `--pids-limit`
* Verify signed images (`DOCKER_CONTENT_TRUST=1`)
* Scan → `docker scan myimage`

---

## 🚀 10. Advanced Topics

* **Contexts** → manage local/remote Docker
* **BuildKit** → faster, smarter builds
* **Multi-arch** → build for ARM/AMD64
* **Healthcheck** → mark container healthy/unhealthy
* **Rootless Docker** → least privilege

---

## ☸️ 11. Docker + Kubernetes

* **Pod** = 1+ containers (shared IP/volumes)
* **Deployments** → replicas & rollouts
* **Services** → stable IPs
* **Ingress** → HTTP routing
* Compose → K8s (Deployment + Service + PVC)

---

## 🔁 12. CI/CD Integration

* Tools → GitHub Actions, GitLab CI, Jenkins
* Steps → **Build → Push → Test**
* Optimize → cache layers, use BuildKit

---

## 🗃️ 13. Private Registries

* Docker Hub vs Private Registry
* Local registry setup → `registry:2` image
* Enterprise → Harbor
* Auth via `docker login`

---

## 🧪 14. Testing & Debugging

* Debug inside → `docker exec -it <c> sh`
* Throwaway → `docker run --rm -it alpine sh`
* Logs → `docker logs -f <c>`
* Stats → `docker stats`, `docker top`
* Inspect → `docker inspect`, `docker diff`

---

## 📈 15. Monitoring & Logging

* Built-in → `docker stats`, `docker logs`, `docker events`
* Metrics → Prometheus + Grafana + cAdvisor
* Logs → ELK/EFK or Fluent Bit
* Add **HEALTHCHECK** in images

---
