I would start with understanding what containers are. Read up on what namespaces and cgroups are. Understand first what a container is, what it gives you and how Docker (vs other containerizers) fits into the picture. The first fundamental thing to understand is that containers are merely processes that have some sandboxing and perhaps limits applied to them, mem_cg, CFQ throttling, etc.

Once you have that under your belt it's not hard to work out how Docker itself works and how you can use it to fulfill the sort of CI/CD objectives you have outlined. Docker itself isn't important, the semantics of containerization are.

Something that Docker (and Docker like things) take massive advantage of are overly filesystems like AUFS and overlayfs, you would do good to understand these (atleast skin deep).

Finally networking becomes really important when you start playing with network namespaces, you should be somewhat familiar with atleast the Linux bridge infrastructure and how Linux routing works.

Good luck!

Docker implemented in around 100 lines of bash: https://github.com/p8952/bocker

This is the most mindblowing example for enterprise security teams that think Docker is a new threat on a single tenant Linux host.

No, buddies, all this stuff is already there. If you were fine with your visibility before*, you're still fine. Go find a real problem while people play with their developer dopamine.

* NARRATOR: They shouldn't have been.