Container Fundamentals

• Container architecture: How containers work at a technical level
• Linux primitives: Namespaces, cgroups, and union filesystems
• OCI specifications: Industry standards for container formats and runtimes
• Container isolation: Process, network, and filesystem boundaries
• Container lifecycle: Creation, running, pausing, stopping, and removal

Working with Containers

• Container commands: Mastering the Docker CLI
• Interactive shells: Connecting to running containers
• Container inspection: Viewing metadata and runtime information
• Resource constraints: Setting CPU, memory, and other limits
• Privileged containers: Use cases and security implications
• Container networking basics: Exposing ports and basic connectivity

Dockerfile Mastery

• Dockerfile syntax: Commands, arguments, and best practices
• Base images: Selecting and creating minimal base images
• Layer optimization: Minimizing image size and build time
• Build context: Understanding what gets sent to the Docker daemon
• Multi-stage builds: Separating build and runtime environments
• BuildKit features: Enhanced building capabilities

Image Management

• Image tagging: Versioning strategies and conventions
• Image inspection: Analyzing image contents and metadata
• Image storage: Local and remote registries
• Image signing: Ensuring supply chain integrity
• Caching strategies: Optimizing builds with layer caching
• Image cleanup: Managing disk space and removing unused images

Networking

• Network drivers: Bridge, host, overlay, macvlan, and none
• User-defined networks: Creating isolated network environments
• Container DNS: Service discovery within Docker networks
• Network topologies: Common patterns and their use cases
• Container-to-container communication: Direct links and networks
• Exposing services: Port publishing and routing mesh
• Network security: Isolation and access controls

Storage & Volumes

• Volume types: Named volumes, bind mounts, and tmpfs mounts
• Volume drivers: Local and remote storage options
• Data persistence: Strategies for stateful applications
• Backup and restore: Protecting volume data
• Shared storage: Accessing the same data across containers
• Storage performance: Optimizing I/O for containerized applications

Docker Compose

• Compose file structure: YAML configuration for multi-container apps
• Service definitions: Configuring container options declaratively
• Dependencies: Managing startup order and service relationships
• Environment variables: Configuration and secrets management
• Networks & volumes: Defining persistent resources
• Scaling services: Running multiple instances of containers
• Compose extensions: Reusing configuration with extensions

Advanced Topics

• Docker contexts: Managing multiple Docker environments
• Docker content trust: Signed image verification
• Resource monitoring: Tracking container performance
• Logging drivers: Configuring container log management
• Health checks: Implementing container health monitoring
• Docker security scanning: Finding vulnerabilities in images
• Docker Swarm: Built-in orchestration capabilities

Architecture & Components

• Control plane: API Server, etcd, Scheduler, Controller Manager
• Worker nodes: kubelet, container runtime, kube-proxy
• Cluster models: Single node, multi-node, high availability
• Communication patterns: How components interact
• API versioning: Understanding Kubernetes API evolution
• Kubernetes distributions: Differences between implementations

Pods & Workloads

• Pods: The fundamental unit of deployment
• Multi-container pods: Sidecar, adapter, and ambassador patterns
• Pod lifecycle: Creation, scheduling, termination
• Deployments: Managing replica sets and rollouts
• StatefulSets: Running stateful applications
• DaemonSets: Node-level services and agents
• Jobs & CronJobs: Batch processing and scheduled tasks
• ReplicaSets: Low-level pod replication controllers

Configuration

• ConfigMaps: Managing configuration data
• Secrets: Storing sensitive information
• Environment variables: Pod configuration injection
• Resource requests & limits: CPU and memory specifications
• Pod disruption budgets: Ensuring availability during updates
• Namespaces: Logical isolation of resources
• Labels & annotations: Metadata for organization and tooling

Networking Fundamentals

• Kubernetes networking model: Key principles and requirements
• Pod networking: How pods communicate
• Services: Stable endpoints for pod access
• Service types: ClusterIP, NodePort, LoadBalancer, ExternalName
• Network policies: Pod-level firewalls
• DNS resolution: Service discovery mechanisms
• CNI plugins: Configuring the cluster network

Advanced Deployment

• Rolling updates: Progressive application rollouts
• Blue/green deployments: Zero-downtime environment switching
• Canary releases: Testing with partial traffic
• Feature flags: Decoupling deployment from release
• Helm charts: Packaging Kubernetes applications
• Kustomize: Configuration customization without templates
• GitOps workflows: Git-centered deployment patterns

Storage & Persistence

• Persistent Volumes (PV): Cluster-level storage resources
• Persistent Volume Claims (PVC): Storage requests
• Storage Classes: Dynamic provisioning
• Volume snapshot & restore: Data protection strategies
• StatefulSet storage: Stable storage for stateful apps
• CSI drivers: Pluggable storage integration
• Storage performance: Optimizing for different workloads

Advanced Networking

• Ingress controllers: HTTP/HTTPS routing to services
• Ingress resources: Route configuration
• Service mesh: Istio, Linkerd, and similar technologies
• Mutual TLS: Service-to-service encryption
• East-west traffic: Internal service communication
• North-south traffic: External client communication
• Load balancing algorithms: Traffic distribution strategies

Observability & Operations

• Logging architecture: Cluster and application logs
• Metrics collection: Prometheus integration
• Visualization: Grafana dashboards
• Distributed tracing: Understanding request flows
• Alerting: Proactive notification systems
• Debugging techniques: Troubleshooting pods and services
• Resource monitoring: Capacity and utilization tracking

Docker Security

• Container isolation: Security boundaries and limitations
• Rootless containers: Running without root privileges
• Security scanning: Finding vulnerabilities in images
• Runtime security: Monitoring for suspicious behavior
• Secrets management: Protecting sensitive data
• Docker Bench for Security: Applying best practices
• Content trust: Signing and verifying images

Kubernetes Security

• Authentication mechanisms: Certificates, tokens, OIDC
• Authorization: RBAC, ABAC, Node, Webhook
• Admission controllers: Validating and mutating requests
• Pod security standards: Baseline, restricted, privileged
• Pod security context: User IDs, group IDs, capabilities
• Network policies: Microsegmentation
• Secret encryption: Protecting sensitive data at rest
• Security scanning: Vulnerability management

Extending Kubernetes

• Custom Resource Definitions (CRDs): Extending the API
• Operators: Automating application operations
• Custom controllers: Implementing business logic
• Webhooks: Modifying and validating API requests
• API aggregation: Adding custom API servers
• Operator SDK: Building operators efficiently
• Kubernetes Gateway API: Next-gen networking

Production Readiness

• High availability configurations: Resilient control planes
• Multi-cluster management: Federation and fleet management
• Disaster recovery: Backup and restore strategies
• Upgrade strategies: Minimizing downtime during upgrades
• Resource optimization: Right-sizing workloads
• Cost management: Controlling cloud expenses
• Compliance: Meeting regulatory requirements

Advanced Autoscaling

• Horizontal Pod Autoscaler: Scaling based on metrics
• Vertical Pod Autoscaler: Automatic resource adjustment
• Cluster Autoscaler: Dynamic node provisioning
• Custom metrics: Scaling on business metrics
• Predictive scaling: Anticipating load changes
• Multi-dimensional autoscaling: Combining approaches
• Scale to zero: Serverless patterns in Kubernetes