Block content missing — regenerate
The pipeline produced this intro block with insufficient content. The course shouldn't ship like this.
Floor failed: intro.title empty
Re-run the course pipeline at /admin/pipeline — the backend's content lint catches this on the next attempt.
Block content missing — regenerate
The pipeline produced this concept block with insufficient content. The course shouldn't ship like this.
Floor failed: concept.title empty
Re-run the course pipeline at /admin/pipeline — the backend's content lint catches this on the next attempt.
Block content missing — regenerate
The pipeline produced this diagram block with insufficient content. The course shouldn't ship like this.
Floor failed: diagram.nodes empty
Re-run the course pipeline at /admin/pipeline — the backend's content lint catches this on the next attempt.
Block content missing — regenerate
The pipeline produced this code block with insufficient content. The course shouldn't ship like this.
Floor failed: code.body empty
Re-run the course pipeline at /admin/pipeline — the backend's content lint catches this on the next attempt.
Block content missing — regenerate
The pipeline produced this cheatsheet block with insufficient content. The course shouldn't ship like this.
Floor failed: cheatsheet missing items[] AND sections[]
Re-run the course pipeline at /admin/pipeline — the backend's content lint catches this on the next attempt.
Block content missing — regenerate
The pipeline produced this minigame block with insufficient content. The course shouldn't ship like this.
Floor failed: minigame.payload missing
Re-run the course pipeline at /admin/pipeline — the backend's content lint catches this on the next attempt.
Block content missing — regenerate
The pipeline produced this exit block with insufficient content. The course shouldn't ship like this.
Floor failed: exit.body empty
Re-run the course pipeline at /admin/pipeline — the backend's content lint catches this on the next attempt.
Real skills, real career delta.
Skills you'll gain
10- Multi-stage Dockerfile authoringProduction
Students write multi-stage Dockerfiles that separate build and runtime layers, apply .dockerignore, set non-root USER, and reduce images from 900 MB to under 50 MB using BuildKit 0.29.0 cache mounts.
- BuildKit layer cache optimizationWorking
Students order COPY and RUN instructions to maximize cache hits, use --mount=type=cache for package managers, and measure rebuild times before and after reordering.
- Docker Compose multi-service orchestrationProduction
Students write Compose files with service dependencies, healthcheck directives, named volumes, env_file secrets, and override files to achieve dev/prod parity across a Node API, PostgreSQL, and Redis stack.
- Container networking: user-defined bridge and DNS discoveryWorking
Students create user-defined bridge networks, verify DNS-based service resolution between containers, and isolate services across multiple networks — replacing the deprecated --links flag.
- Named volume and bind mount lifecycle managementWorking
Students distinguish named volume persistence from bind mount behavior, implement a PostgreSQL backup script using volume mounts, and reproduce a deliberate data-loss scenario to understand container-restart semantics.
- Docker Scout CVE scanning and image hardeningProduction
Students run docker scout cves against a full-OS base image, migrate to a distroless or Alpine base, apply read-only filesystems, drop Linux capabilities, and set no-new-privileges — measuring CVE count reduction at each step.
- GitHub Actions CI/CD pipeline for container imagesProduction
Students build a GitHub Actions workflow that runs docker buildx build for multi-platform targets, executes Docker Scout policy gates, pushes semver-tagged and SHA-pinned images to GHCR, and includes a digest-pinned rollback step.
- Container image tagging and registry managementWorking
Students apply semver and SHA digest tagging strategies, push and pull from GHCR using Organization Access Tokens, and pin production deployments to immutable digest references rather than mutable tags.
- Prometheus + cAdvisor + Grafana observability stackWorking
Students deploy cAdvisor to expose container CPU, memory, and network metrics, configure a Prometheus scrape job, build a Grafana dashboard from those metrics, and wire an alert rule that fires on memory threshold breach.
- Traefik reverse proxy with TLS termination and label-based routingWorking
Students configure Traefik v3 via Docker labels to route HTTP traffic to multiple containerized services, provision Let's Encrypt TLS certificates automatically via ACME, and add basic-auth middleware — all without modifying application code.
Career & income delta
- Title yourself credibly as 'container platform engineer' or 'DevOps engineer – containerization' on LinkedIn and résumés, targeting the mid-market of companies migrating from VM-based deployments to Docker/Kubernetes stacks — a role segment where Docker proficiency is the primary hiring filter per LinkedIn Workforce Insights Q1 2025
- Qualify for 'site reliability engineer (SRE)' postings that list Docker, Prometheus, and Grafana as required skills — the observability stack built in this course (cAdvisor + Prometheus + Grafana) maps directly to the monitoring requirements listed in SRE job descriptions on LinkedIn as of Q2 2025
- Position for 'DevSecOps engineer' roles by citing hands-on Docker Scout CVE scanning, distroless base images, read-only filesystems, and dropped capabilities from the security-hardening-lab project — skills explicitly named in DevSecOps postings on ZipRecruiter as of May 2025
- Advance from junior to mid-level DevOps or platform engineering by adding the cicd-pipeline-docker GitHub Actions project to your portfolio — GitHub Actions + Docker build/push/deploy is the most frequently listed CI/CD skill combination in DevOps job postings on LinkedIn Workforce Insights, Q1 2025
- DevOps engineer (mid-level, US): Levels.fyi reported a median total compensation of $157,000–$185,000 for mid-level DevOps/platform engineers at mid-size tech companies in 2024, with Docker listed as a core required skill in the role definition (Levels.fyi DevOps compensation data, accessed January 2025)
- Site reliability engineer (SRE, US): ZipRecruiter reported an average SRE salary of $136,000–$168,000 annually in the United States as of April 2025, with Prometheus, Grafana, and container orchestration skills cited as the top compensation-driving qualifications in the posting analysis
- DevSecOps engineer (US): LinkedIn Workforce Insights (Q1 2025) reported median advertised salaries for DevSecOps engineers of $145,000–$175,000 in the United States, with container security scanning (Docker Scout, Trivy) and hardened image workflows listed as premium skills commanding the upper end of that range
- Container/platform engineer (entry-to-mid transition, US): ZipRecruiter reported advertised salaries for 'container engineer' and 'platform engineer' roles ranging from $110,000 to $148,000 as of March 2025, with multi-stage Dockerfile proficiency, Docker Compose, and GitHub Actions CI/CD cited as the skills that move candidates from the $110K floor to the $140K+ band
- OCI-standard container image authoring (multi-stage builds, layer caching, non-root USER, minimal base images) — the OCI Image Specification is runtime-agnostic; these skills transfer directly to Podman, containerd, Buildah, and any future OCI-compliant runtime regardless of whether Docker Engine remains dominant
- Declarative multi-service orchestration via YAML (Docker Compose syntax, healthchecks, named volumes, secrets) — the mental model of declaring service graphs, dependencies, and health conditions is directly transferable to Kubernetes manifests, Helm charts, and any future declarative orchestration layer
- Supply-chain security practices (CVE scanning, SBOM generation, distroless/minimal base images, read-only filesystems, capability dropping) — these practices are mandated by NIST SSDF, EO 14028, and emerging EU Cyber Resilience Act requirements, making them durable compliance skills independent of any specific scanning tool
- Metrics-based observability instrumentation (Prometheus scrape targets, Grafana dashboard design, alerting rules, cAdvisor container metrics) — the Prometheus data model and PromQL are the de facto standard for cloud-native observability; these skills transfer to managed services (AWS Managed Prometheus, Google Cloud Managed Prometheus) and any OpenMetrics-compatible future stack