Docker Learning Curriculum

Container Platform for Everyone

3 Weeks - 15 Days - Complete Guide

Docker adalah platform untuk mengembangkan, mengirim, dan menjalankan aplikasi dalam container

Overview

Tujuan Pembelajaran

Goals

Memahami konsep container dan Docker
Mampu menggunakan Docker commands dengan baik
Membuat Dockerfile untuk aplikasi
Menggunakan Docker Compose untuk multi-container
Mengerti Docker networking dan volumes
Docker orchestration dasar

Keunggulan Docker

Portability - Jalan di mana saja sama
Isolation - App terisolasi satu sama lain
Lightweight - Lebih ringan dari VM
Fast Deployment - Cepat deploy dan scale

Minggu 1

Dasar-Dasar Docker

Jadwal Minggu 1

Hari	Topik	Praktik
1	Pengenalan Docker	Apa itu Docker?
2	Instalasi	Install Docker di Linux/Windows
3	Docker Commands	Dasar commands
4	Images	Cari, pull, run image
5	Containers	Create, start, stop container

Minggu 1 - Hari 1

Apa itu Docker?

Definisi: Docker adalah platform open-source yang menggunakan containerization untuk menjalankan aplikasi dengan isolasi dan portabilitas.

Container vs VM

Container:OS-level virtualization, berbagi kernel host
VM: Hardware-level virtualization, punya OS sendiri

Istilah Penting

Image - Template readonly untuk container
Container - Instance dari image yang berjalan
Dockerfile - Blueprint untuk build image
Registry - Tempat menyimpan image (Docker Hub)

Minggu 1 - Hari 2

Instalasi Docker

Ubuntu/Debian

# Update apt
sudo apt update

# Install dependencies
sudo apt install -y ca-certificates curl gnupg

# Add Docker GPG key
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

# Add repository
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Install Docker
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Verify

docker --version
docker run hello-world

Minggu 1 - Hari 3

Docker Commands Dasar

Commands Penting

# Info dan Version
docker --version
docker info
docker ps

# Container
docker run hello-world
docker run -it ubuntu bash
docker ps -a
docker start <container_id>
docker stop <container_id>
docker rm <container_id>

# Images
docker images
docker pull nginx:latest
docker rmi <image_id>

Run Options

-d  # Detached mode (background)
-i  # Interactive
-t  # TTY
-p  # Port mapping
-v  # Volume
--name  # Nama container
-e  # Environment variable

Minggu 1 - Hari 4

Docker Images

Image adalah template readonly yang digunakan untuk membuat container.

Cari dan Pull Image

# Cari image
docker search nginx

# Pull image
docker pull nginx:latest
docker pull ubuntu:22.04

# List images
docker images
docker images -a

Hapus Image

# Hapus by ID
docker rmi <image_id>

# Hapus dangling images
docker image prune

# Hapus semua unused images
docker image prune -a

Image Layers

# Lihat layers
docker history nginx:latest

Minggu 1 - Hari 5

Mengelola Containers

Container Lifecycle

# Create dan start container
docker run -d --name myapp nginx

# Stop container
docker stop myapp

# Start container
docker start myapp

# Restart container
docker restart myapp

# Hapus container
docker rm myapp

# Force remove
docker rm -f myapp

Logs dan Exec

# Lihat logs
docker logs myapp
docker logs -f myapp
docker logs --tail 100 myapp

# Exec into container
docker exec -it myapp bash
docker exec myapp ls /app

Minggu 2

Docker Lanjutan

Jadwal Minggu 2

Hari	Topik	Praktik
1	Dockerfile	Membuat custom image
2	Build Image	Build dari Dockerfile
3	Volumes	Data persistence
4	Networking	Docker networks
5	Docker Compose	Multi-container apps

Minggu 2 - Hari 1

Dockerfile

Dockerfile adalah script yang berisi instruksi untuk build Docker image.

Contoh Dockerfile

# Use base image
FROM node:18-alpine

# Set working directory
WORKDIR /app

# Copy files
COPY package*.json ./

# Install dependencies
RUN npm install

# Copy source
COPY . .

# Expose port
EXPOSE 3000

# Start command
CMD ["node", "index.js"]

Instructions Penting

FROM - Base image
RUN - Execute commands
COPY - Copy files
WORKDIR - Working directory
EXPOSE - Port
CMD - Default command

Minggu 2 - Hari 2

Build Docker Image

Build Command

# Build dari Dockerfile
docker build -t myapp:latest .

# Build dengan context
docker build -t myapp:latest -f ./Dockerfile.prod .

# Tag image
docker tag myapp:latest myregistry.com/myapp:v1

# Push ke registry
docker push myregistry.com/myapp:v1

Best Practices

Gunakan multi-stage builds untuk size optimization
Order instructions dari yang jarang berubah ke sering berubah
Gunakan .dockerignore
Hapus cache dan temporary files

.dockerignore

node_modules
npm-debug.log
.git
.gitignore
README.md
.env
dist

Minggu 2 - Hari 3

Volumes

Volumes digunakan untuk persist data di luar container.

Jenis Volume

Named volumes: Managed by Docker
Bind mounts: Map host directory
tmpfs: In-memory storage

Named Volumes

# Create volume
docker volume create mydata

# Mount ke container
docker run -v mydata:/app/data nginx

# List volumes
docker volume ls

# Inspect volume
docker volume inspect mydata

Bind Mounts

# Mount current directory
docker run -v $(pwd):/app nginx

# Read-only
docker run -v $(pwd):/app:ro nginx

Minggu 2 - Hari 4

Docker Networking

Network Types

bridge: Default network
host: Share host network
overlay: Multi-host networking
none: No networking

Commands

# Create network
docker network create mynetwork

# Connect container ke network
docker network connect mynetwork mycontainer

# List networks
docker network ls

# Inspect network
docker network inspect bridge

# Disconnect
docker network disconnect mynetwork mycontainer

Port Mapping

# Map port 8080 host ke 80 container
docker run -p 8080:80 nginx

# Multiple ports
docker run -p 8080:80 -p 443:443 nginx

# Random port
docker run -p 80 nginx

Minggu 2 - Hari 5

Docker Compose

Docker Compose adalah tool untuk mendefinisikan dan menjalankan multi-container applications.

docker-compose.yml

services:
  web:
    image: nginx
    ports:
      - "80:80"
    volumes:
      - ./html:/usr/share/nginx/html
    networks:
      - frontend

  app:
    build: .
    ports:
      - "3000:3000"
    environment:
      - NODE_ENV=production
    depends_on:
      - db
    networks:
      - frontend
      - backend

  db:
    image: postgres:15
    volumes:
      - dbdata:/var/lib/postgresql/data
    networks:
      - backend

networks:
  frontend:
  backend:

volumes:
  dbdata:

Commands

docker compose up -d
docker compose down
docker compose logs -f
docker compose build

Minggu 3

Docker Production

Jadwal Minggu 3

Container health

Hari	Topik	Praktik
1	Multi-stage Builds	Optimize image size
2	Health Checks
3	Resource Limits	CPU dan memory limits
4	Security	Best practices
5	Monitoring	Logs dan metrics

Minggu 3 - Hari 1

Multi-stage Builds

Multi-stage builds memungkinkan menggunakan multiple FROM statements untuk build aplikasi dalam beberapa stage.

Contoh Node.js

# Build stage
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

# Production stage
FROM node:18-alpine AS production
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
EXPOSE 3000
CMD ["node", "dist/index.js"]

Contoh Go

# Build
FROM golang:1.21 AS builder
WORKDIR /app
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -o main .

# Run
FROM alpine:latest
COPY --from=builder /app/main /main
CMD ["/main"]

Minggu 3 - Hari 2

Health Checks

HEALTHCHECK instructs Docker how to test a container to check it is still working.

Dockerfile HEALTHCHECK

FROM nginx:latest
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD curl -f http://localhost/ || exit 1

# Untuk PostgreSQL
HEALTHCHECK --interval=10s --timeout=3s --start-period=10s \
  CMD pg_isready -U postgres || exit 1

Docker Compose Healthcheck

services:
  web:
    image: nginx
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost/"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

Cek Status

docker inspect --format='{{.State.Health.Status}}' container_name

Minggu 3 - Hari 3

Resource Limits

Memory Limits

# Batasi memory 512MB
docker run -m 512m nginx

# Memory reservation
docker run -m 512m --memory-reservation=256m nginx

CPU Limits

# Batasi 1 CPU
docker run --cpus=1 nginx

# Batasi CPU quota
docker run --cpu-quota=50000 nginx

# CPU set
docker run --cpuset-cpus="0,1" nginx

Docker Compose

services:
  app:
    image: nginx
    deploy:
      resources:
        limits:
          cpus: '1'
          memory: 512M
        reservations:
          cpus: '0.5'
          memory: 256M

Minggu 3 - Hari 4

Docker Security Best Practices

Image Security

Scan images dengan docker scout atau trivy
Gunakan official images
Update images regularly
Hapus unnecessary packages

Container Security

# Jangan jalanin sebagai root
docker run -u 1000 myapp

# Read-only root filesystem
docker run --read-only myapp

# Drop all capabilities
docker run --cap-drop ALL myapp

# Specific capabilities only
docker run --cap-add NET_BIND_SERVICE myapp

# No new privileges
docker run --security-opt=no-new-privileges myapp

Docker Scout

docker scout cves myimage:latest
docker scout recommendations myimage:latest

Important: Jangan pernah store secrets di dalam image!

Final

Cheat Sheet

Commands Recap

# Images
docker images, docker pull, docker rmi

# Containers
docker run, docker ps, docker stop, docker rm

# Logs & Exec
docker logs, docker exec -it

# Volumes
docker volume create, docker volume ls

# Networks
docker network create, docker network ls

# Compose
docker compose up -d, docker compose down

Dockerfile Instructions

FROM, RUN, COPY, WORKDIR, EXPOSE, ENV, CMD, ENTRYPOINT

Selamat! Anda telah menyelesaikan Docker Learning Curriculum.

Lanjutan

Multi-Stage Builds

Multi-stage builds menggunakan multiple FROM statements untuk build aplikasi dalam beberapa stage, menghasilkan image lebih kecil.

Contoh: Node.js

# Build stage
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

# Production stage
FROM node:18-alpine AS production
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
EXPOSE 3000
CMD ["node", "dist/index.js"]

Contoh: Go

# Build
FROM golang:1.21 AS builder
WORKDIR /app
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -o main .

# Run
FROM alpine:latest
COPY --from=builder /app/main /main
CMD ["/main"]

Lanjutan

.dockerignore

.dockerignore berfungsi seperti .gitignore — mengexclude file dari build context.

Contoh .dockerignore

node_modules
npm-debug.log
.git
.gitignore
README.md
.env
.env.*
dist
coverage
*.log
.DS_Store

Kenapa Penting?

Mencegah credential leak (.env, .git)
Mengurangi build context size
Build lebih cepat
Image lebih kecil

Tanpa .dockerignore, file .env akan terbungkus dalam image — security risk!

Lanjutan

Health Checks

HEALTHCHECK instruksi Docker untuk test container agar tahu kapan container perlu restart.

Dockerfile HEALTHCHECK

FROM nginx:latest
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD curl -f http://localhost/ || exit 1

Docker Compose Healthcheck

services:
  web:
    image: nginx
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost/"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

Cek Status

docker inspect --format='{{.State.Health.Status}}' container_name

Lanjutan

Docker Registry

Registry tempat menyimpan dan mendistribusikan Docker images.

Public Registry: Docker Hub

# Login
docker login

# Pull
docker pull nginx:latest

# Tag
docker tag myapp:latest myregistry.com/myapp:v1

# Push
docker push myregistry.com/myapp:v1

# Logout
docker logout

Private Registry

# Jalankan registry sendiri
docker run -d -p 5000:5000 --name registry registry:2

# Push ke private registry
docker tag myapp:latest localhost:5000/myapp:latest
docker push localhost:5000/myapp:latest

# Pull dari private registry
docker pull localhost:5000/myapp:latest

Docker Scout (Security Scanning)

docker scout cves myimage:latest
docker scout recommendations myimage:latest

Docker Learning Curriculum

Tujuan Pembelajaran

Goals

Keunggulan Docker

Dasar-Dasar Docker

Jadwal Minggu 1

Apa itu Docker?

Container vs VM

Istilah Penting

Instalasi Docker

Ubuntu/Debian

Verify

Docker Commands Dasar

Commands Penting

Run Options

Docker Images

Cari dan Pull Image

Hapus Image

Image Layers

Mengelola Containers

Container Lifecycle

Logs dan Exec

Docker Lanjutan

Jadwal Minggu 2

Dockerfile

Contoh Dockerfile

Instructions Penting

Build Docker Image

Build Command

Best Practices

.dockerignore

Volumes

Jenis Volume

Named Volumes

Bind Mounts

Docker Networking

Network Types

Commands

Port Mapping

Docker Compose

docker-compose.yml

Commands

Docker Production

Jadwal Minggu 3

Multi-stage Builds

Contoh Node.js

Contoh Go

Health Checks

Dockerfile HEALTHCHECK

Docker Compose Healthcheck

Cek Status

Resource Limits

Memory Limits

CPU Limits

Docker Compose

Docker Security Best Practices

Image Security

Container Security

Docker Scout

Cheat Sheet

Commands Recap

Dockerfile Instructions

Multi-Stage Builds

Contoh: Node.js

Contoh: Go

.dockerignore

Contoh .dockerignore

Kenapa Penting?

Health Checks

Dockerfile HEALTHCHECK

Docker Compose Healthcheck

Cek Status

Docker Registry

Public Registry: Docker Hub

Private Registry

Docker Scout (Security Scanning)

Kuis: Docker