Learn how the dockerfile healthcheck instruction tests a container's health by running a command at intervals, using exit codes to indicate healthy or unhealthy states.

Learn docker health check options like interval, timeout, start period, and retries, with defaults, and validate container health using curl -f and exit codes in docker run and dockerfiles.

Learn how to create a new image from a modified running container using docker commit, including changing commands and environment settings.

Flatten docker images by merging layers into a single layer to reduce image size. Apply export and import to create a smaller ubuntu image and see the single-layer history.

Discover how Docker registries centralize and distribute images, including Docker Hub and private registries like AWS ECR, and learn to push, pull, and tag images.

Push images to Docker Hub or private repositories like ecr through authentication, tagging, and pushing. Log in, tag with your repository name, push or pull, and log out.

Explore how to search Docker images in a registry using the Docker search command, and apply filter and limit options to find official nginx images quickly.

Move docker images across hosts by archiving with docker save and restoring with docker load, transferring a tar file via email or pendrive.

Explore Docker networking by examining bridge, host, overlay, macvlan, and none drivers, docker0 interfaces, and container IP assignment within subnets like 172.17.0.0/16 and 192.168.0.0/16.

Explore how the Docker bridge network driver enables container communication on the same bridge while isolating others, using the docker0 gateway.

Learn how user defined bridge networks enable inter-container communication and automatic DNS resolution, create and inspect custom bridges, and contrast them with the default docker bridge.

Understand docker host networking, where containers share the host's network stack, enabling host traffic monitoring (eth0) for security scenarios like intrusion detection system, with limits like single port 80 usage.

Demonstrate the nun network in Docker by running a container with no IP address, isolating it from all networks and other containers.

Publish all exposed ports of a container using the -P option to auto map container ports to random host ports, as demonstrated with an nginx container on port 80.

Showcases linking containers with the legacy --link option and an alias on the default bridge network, highlighting the move to a custom user-defined bridge and that links are legacy.

Explore how container orchestration automates deployment, management, scaling, networking, and fault tolerance to keep containers running across multiple servers with Kubernetes, Docker Swarm, ECS, and EKS.

Learn a docker swarm overview and set up a three-node lab by installing docker on three vms, configuring hostnames swarm zero one to zero three, and preparing for initialization.

Initialize docker swarm by designating a manager and worker nodes, submit a service definition to run two Nginx containers, and join workers to the swarm using provided commands.

Learn docker swarm basics by defining services, tasks, and containers, setting replicas for nginx, and understanding automatic restart and distribution across nodes.

Scale swarm services with the docker cli by increasing replicas from one to multiple, create and run a service with nginx, and verify tasks using docker service ps.

Scale swarm services with docker service scale or docker service update --replicas to adjust 1 or more services. Compare their differences and see practical examples using nginx containers.

Drain a swarm node to perform maintenance by migrating running containers to active nodes, using docker node update with drain and verifying with docker service ps and docker node ls.

Use docker inspect to retrieve detailed, readable information about swarm services and nodes, including placement constraints, replicas, and node specifications, with the pretty flag for clarity.

Publish and map host ports for swarm tasks by creating a two-replica nginx service and configuring the --publish port mapping, then verify access via external IP or port 8080.

Define and run multi-container docker applications with docker compose using a yaml file. Start and stop all services with docker compose up and down.

Deploy multi-service apps in swarm by using Docker stack deploy with a Docker Compose yaml, enabling cross-node deployment.

Learn how to secure a docker swarm by enabling auto lock, protecting TLS keys and raft logs, and unlocking with a key after restarts.

Troubleshoot swarm service deployments by diagnosing pending tasks caused by drained nodes, insufficient memory or cpu, or placement constraints, using docker service ps and docker inspect to identify constraints.

Mount a docker volume in swarm by mapping source my volume to /my path. Verify persistence by creating a file in the mounted path and noting data remains after removal.

Learn how Docker Swarm controls service placement with replicated and global services, resource constraints, and placement constraints using node labels like region, and how to apply and verify constrained deployments.

Learn how overlay networks create a distributed, secure network across multiple Docker daemon hosts in a swarm, enabling containers on different nodes to communicate seamlessly.

Create a custom overlay network named my network in swarm, deploy an nginx service with three replicas attached to it, and verify cross-node connectivity and cleanup.

Enable encryption for overlay networks by running docker network create --opt encrypted with the overlay driver to secure container traffic via ipsec tunnels between nodes.

Learn how to create swarm services with templates using docker service create, employing placeholders like node.hostname and service.name to set hostnames, with supported flags hostname, mount, and env.

Learn how the split brain occurs when two masters compete due to broken connectivity, and how a three-node quorum with voting prevents data corruption by electing a single master.

Learn how to achieve high availability in Docker Swarm with multiple manager nodes and an odd-number quorum, and how Raft maintains a consistent internal state up to seven managers.

Drain the manager node to run services on workers, demonstrating swarm behavior with nginx replicas and explaining why manager nodes should focus on management tasks to avoid resource contention.

recover from losing quorum in a docker swarm by understanding cluster size, leader management, and raft-based state, then reinitialize the cluster with force new cluster to resume services.

Explore docker system commands, including docker info and docker system info, docker system events, and docker system df. Learn to monitor containers, images, volumes, and build cache with real-time events.

Kubernetes is a production-grade open source container orchestration engine, maintained by CNCF, that uses a control plane and worker nodes to run pods and schedule them according to user requirements.

Explore connectivity options to a Kubernetes cluster: API requests with curl, the kubectl CLI for managing resources, and a GUI dashboard for overview and troubleshooting.

Compare Docker containers and Kubernetes pods, and learn how a pod may host one or more containers sharing the same network and storage, with practical Docker to kubectl command mappings.

Generate a manifest file for Kubernetes objects using kubectl with dry-run=client and -o yaml to validate without creating. This YAML output becomes a version-controlled manifest for pods and objects.

Learn how labels and selectors organize Kubernetes objects like pods and services, using key value pairs to filter resources by environment such as dev and prod.

Attach labels to Kubernetes objects and use selectors to filter pods by environment, such as dev, stage, and prod, for clearer identification and management.

Explore how to create and manage a Kubernetes replica set using a manifest file, including scaling and the role of selectors and labels with practical examples.

Learn how a service acts as a gateway to route front-end requests to backend pods via endpoints, using the service IP address, ports, and optional manual endpoint creation.

Learn to use a selector to register service endpoints by labeling pods with app=backend, then observe endpoints auto populate with pod IPs and update as pods change.

Learn how node port exposes a Kubernetes service to the internet by assigning a port on every worker node, routing external traffic to backend pods, and enabling cluster IP access.

Explore Docker Enterprise Edition, its stability and support advantages over Community Edition, and features like Universal Control Plane, Docker Trusted Registry, image security scanning, and multi-cluster management for production-scale apps.

Install Docker Enterprise edition on CentOS by configuring the Docker E repo, exporting the Docker URL, installing RPM packages, starting Docker, and verifying with Docker info and a BusyBox container.

Explore the universal control plane (UCP) to manage Docker clusters and applications through a single gui. Access a containerized enterprise edition that enables dashboard-based deployment of Swarm and Kubernetes.

Learn to deploy a swarm service with ucp gui, add a worker node, and run a global nginx service, then verify containers and monitor cpu, memory, and disk statistics.

Explore the universal control plan's access model: subjects, rules, and collections enable granular control over containers, nodes, and secrets.

Explore docker trusted registry, an enterprise-grade image storage with a gui, security scanning, image signing, and built-in access control, integrated with the universal control plane.

Install the Docker trusted registry on a worker node managed by the ECP and integrate it with the universal control plane, using the UCP URL and admin credentials.

Uninstall the Docker Trusted Registry by running the provided commands with your UCP URL and admin credentials, then remove the stale entry in UCP using two follow-up commands and verify.

Install the docker trusted registry, configure a trusted ca, update ca trust, fetch the tls certificate, and push a busybox image to the docker trusted registry.

Master the docker backup command for DTR configurations and image metadata via UCP, ensuring no downtime, and that users, organizations, and registry images are not backed up.

Back up DTR images by backing up the DDR registry volume when using local storage, and use cloud backends like S3 or GCP with tar.gz style backups.

Explore swarm routing mesh, where any node accepts published port traffic and redirects requests to containers on nodes, mapping 8080 to 80 even if the container isn’t on that node.

Demonstrates building a swarm routing mesh by creating a web service with port 8080 published to 80 using nginx, deployed on a worker node, accessible via the ingress network.

Configure Docker storage backends with a centralized external storage solution, using cloud or local storage such as S3 and Google Cloud, to achieve high availability and durability for images.

Configure an Amazon S3 storage backend for a Docker trusted registry, creating IAM credentials and an S3 bucket, then push images and optimize region latency.

Explore how Docker Trusted Registry achieves high availability by scaling with replicas, sharing a common object storage like S3 or Azure, and using health endpoints to monitor cluster status.

Explore how the DDR cache speeds docker pulls by caching images near users. See how the primary DDR cluster redirects to regional caches after authentication, no UCP agent required.

UCP supports docker swarm and kubernetes; set the default orchestrator in admin settings, and change a node's orchestrator via cli or node edit (mixed not recommended, workloads may be evicted).

Learn to implement container security scanning with Docker trusted registry, perform on-push and manual scans, view vulnerabilities by layer and CVE, and keep the scanning database in sync.

Enable container security scanning in Docker trusted registry, configure online sync. Push images to DDR to trigger onpush scans and view vulnerability reports with CVE details.

Learn how DTR webhooks trigger post notifications to a webhook URL so Jenkins can pull security-scanned images and run unit tests.

Explore how Docker UCP client bundles, a set of certificates, enable remote swarm command execution from your laptop without logging into UCP.

Learn how to download and configure the UCP client bundle on Linux, set Docker host, install Docker, and deploy a demo Nginx service via the UCP bundle.

Explore federation using a central ldap directory to grant access to multiple services, establishing trust with services like Jenkins, AWS, and HR systems, and simplifying user provisioning and revocation.

Integrate the universal control plane with Ldap to enable Ldap users to log in via a central directory, and manage authentication, authorization, and optional Saml sso settings.

Explore Linux namespaces and how Docker uses them to create isolated containers, with pid, uts, ipc, net, mount, and user namespaces that separate host and container processes.

Explore how Linux control groups (cgroups) limit and isolate CPU and memory for Docker containers. Learn to read memory limits from sysfs cgroups in bytes and why tools may mislead.

Explore how Docker resource constraints protect multi-container hosts by contrasting memory reservation (soft limit) with memory limit (hard limit), and explain how out-of-memory exceptions trigger process termination.

Learn how swarm mutual TLS uses a root certificate authority to encrypt and authenticate communications between swarm nodes, and how join tokens and CA rotation keep the system secure.

Manage Docker secrets in Swarm by centrally storing and encrypting data in transit and at rest, granting access only to specific services and containers.

Enable Docker content trust to verify the integrity and publisher of registry images using digital signatures and trusted CAs, ensuring only signed tags are downloaded.

Learn how non-privileged users run docker commands by adding them to the docker group, enabling docker ps and other tasks via the unix socket without sudo privileges.

Explore linux capabilities and how containers use them to enforce granular access, including default vs added capabilities, cap add and cap drop, and immutable bit use inside docker.

Explore privileged containers that grant host device access and broad capabilities, enabling Docker inside Docker, while noting they bypass defaults and require careful use with AppArmor or SELinux.

Explore docker storage drivers and the copy-on-write mechanism that merges image layers for containers. Understand layer structure and how reads and writes operate across lower, container, and upper layers.

Block storage uses blocks and block addresses for reads and writes. Object storage stores data as objects with metadata and offers API access.

Learn how to change the docker storage driver, with overlay2 as the recommended default. Note how data and containers may become inaccessible after switching drivers.

Learn how Docker volumes persist data beyond container lifecycles, compare bind mounts and temp fs mounts, and map host storage to containers for stateless and stateful apps.

Demonstrate how bind mounts expose host files or directories to containers, contrast them with volumes, and illustrate with nginx examples and read-only options.

Learn to automatically remove a container after its main task ends using the --rm option. With a volume, this also removes the volume, preventing unused disk space.

the device mapper maps physical block devices to logical virtual devices in the linux kernel, enabling raid, encryption, and cache, with direct mode for production and loop mode for testing.

Explore Docker logging drivers, view standard output and error with docker logs, learn default json-file behavior, log paths, and caveats when using centralized or alternative drivers.

Explore how Kubernetes volumes persist data beyond container lifecycles, enable sharing across containers with host path, and other volume types, demonstrated by mounting host /data.

Learn how persistent volumes (PV) and persistent volume claims (PVC) enable dynamic provisioning of storage for Kubernetes pods, with admins provisioning volumes and developers requesting them.

Discover how to perform volume expansion in Kubernetes: enable allow volume expansion on the storage class, resize the PVC, and restart the pod to complete the file system resize.

Learn how Kubernetes reclaim policies determine data fate for persistent volumes after deleting a PVC, covering retain, delete, and recycle, with a demo showing delete removing the PV.

Understand the retain reclaim policy: when a PVC is deleted, the PV stays released with data intact and requires manual reclamation to reuse or delete the underlying storage.

Explore storage classes in Kubernetes, learning how administrators choose standard or premium storage for persistent volumes and how provisioners and reclaim policies govern persistent volume claims and persistent volumes.

Review the docker certified associate exam overview, including remote proctoring and 55 mcqs. Note Windows or Mac requirement with camera and microphone, and being alone in the room.

Get an overview of important pointers for the Docker certified associate exam, emphasizing completing all topics and achieving 100% understanding to ensure readiness.

Explore Docker certified associate exam formats, focusing on discrete option multiple choice (DMC) questions, including 42 DMC and 13 MC questions, with strategies and the official blueprint and practice tests.

Thoroughly master swarm service creation and scaling, including replicated versus global services and placement constraints. Develop skills in troubleshooting, docker stack commands, draining swarm nodes, routing mesh, and service discovery.

Explore image creation and registry management with Docker, mastering dockerfile instructions (add vs copy, env, healthcheck, cmd vs entrypoint), workdir, formatting and filtering outputs, and pushing to private registries.

Master installation and configuration by reviewing backup exclusions for users and organizations, and learning namespaces, cgroups, memory reservation versus limit, immutable tags, and cache.

Explore Docker networking drivers, including bridge, host, user defined bridge, legacy link, and overlay, and learn port publishing with -p and -P, nun network, DNS settings, and network inspection.

Explore security pointers for the DCA exam: UCP client bundles, Docker content trust, and signed images. Learn about secrets, swarm auto lock, mutual TLS, privileged containers, and restricted control roles.

Mount volumes in containers using -v and --mount, map host directories as bind mounts, remove volumes when containers exit, and understand device mapper loop and direct modes.

Master Kubernetes essentials: pods, deployments and rolling updates; configure with config maps and secrets; explore services, cluster IP and NodePort, plus storage via persistent volumes and claims.

Master storage classes, persistent volumes, PVCs, and reclaim policies, and enable volume expansion. Distinguish between volumes and persistent volumes, and understand health check options and multi-stage builds using copy --from.