Mastering Docker – Key Interview Questions and Answers

Whether you're gearing up for an interview or simply looking to solidify your Docker expertise, this comprehensive guide provides you with the essential insights and answers to excel in your DevOps journey.

1. What is the difference between an Image, Container, and Engine?

• Image: A Docker image is a read-only template used to create containers. It includes the application code, runtime, libraries, and environment variables. Images are built from a Dockerfile.

• Container: A container is a runnable instance of a Docker image. Containers are isolated from each other and the host system, but they can interact through well-defined channels.

• Engine: Docker Engine is the core component of Docker, consisting of a server, REST API, and a command-line interface (CLI). It is responsible for creating, running, and managing Docker containers.

2. What is the difference between the Docker command COPY vs ADD?

• COPY: The COPY command copies files and directories from the host filesystem to the Docker image. It does not support URL extraction or automatic decompression.

• ADD: The ADD command is similar to COPY but has additional functionalities. It can copy files from URLs and automatically extract compressed files (like .tar).

3. What is the difference between the Docker command CMD vs RUN?

• CMD: The CMD command specifies the default command to run when a container starts. It can be overridden by providing a command when running the container.

• RUN: The RUN command executes commands during the image build process. It is used to install software packages and configure the environment inside the image.

4. How will you reduce the size of a Docker image?

• Minimize the number of layers: Combine multiple commands into a single RUN statement to reduce the number of layers.

• Use a smaller base image: Start with a minimal base image like alpine if possible.

• Remove unnecessary files: Clean up temporary files and caches within the same RUN command to avoid keeping them in the image.

• Use multi-stage builds: Separate the build environment from the runtime environment to include only the necessary artifacts in the final image.

5. Why and when should you use Docker?

• Consistency: Docker ensures that applications run consistently across various environments by encapsulating them in containers.

• Isolation: Containers isolate applications and dependencies, reducing conflicts and enabling multiple applications to run on the same host.

• Portability: Docker containers can be easily moved between different environments, such as development, testing, and production.

• Efficiency: Containers are lightweight and use system resources more efficiently compared to traditional virtual machines.

6. Explain the Docker components and how they interact with each other.

• Docker Daemon: Runs on the host machine and manages Docker containers and images.

• Docker CLI: Provides commands to interact with Docker Daemon, including creating and managing containers and images.

• Docker Images: Blueprints for containers, specifying the software and environment needed.

• Docker Containers: Instances of Docker images that run the application code.

• Docker Registry: Stores Docker images (e.g., Docker Hub or private registries).

7. Explain the terminology: Docker Compose, Dockerfile, Docker Image, Docker Container.

• Docker Compose: A tool for defining and running multi-container Docker applications using a YAML file (docker-compose.yml).

• Dockerfile: A text file containing instructions to build a Docker image.

• Docker Image: A static snapshot of a file system and configuration used to create containers.

• Docker Container: A running instance of a Docker image, isolated from other containers and the host system.

8. In what real scenarios have you used Docker?

• Microservices Architectures: Containerized microservices to ensure consistency and isolation between services.

• Continuous Integration/Continuous Deployment (CI/CD): Used Docker to create reproducible build and test environments.

• Development Environments: Set up isolated development environments for different projects or teams to ensure consistency.

• Legacy Application Modernization: Containerized legacy applications to facilitate deployment and scaling on modern infrastructure.

9. Docker vs Hypervisor?

• Docker: Provides containerization by isolating applications at the process level. Containers share the host OS kernel and are more lightweight and faster to start.

• Hypervisor: Provides virtualization by creating and managing virtual machines (VMs) that run a full OS. VMs are more isolated but have higher overhead compared to containers.

10. What are the advantages and disadvantages of using Docker?

• Advantages:

  • Portability: Run the same container across different environments.

  • Efficiency: Faster startup times and lower overhead compared to VMs.

  • Consistency: Ensures consistent environments from development to production.

• Disadvantages:

  • Security: Containers share the host OS kernel, which can pose security risks if not managed properly.

  • Complexity: Managing multiple containers and networks can become complex.

  • Persistence: Handling persistent data can be challenging.

11. What is a Docker namespace?

• Docker Namespace: Provides isolation for containers by partitioning the system resources (e.g., process IDs, network interfaces) so that containers have their own isolated views of these resources.

12. What is a Docker registry?

• Docker Registry: A repository where Docker images are stored and distributed. Docker Hub is a popular public registry, while organizations can also set up private registries.

13. What is an entry point?

• ENTRYPOINT: Defines the default executable that runs when a container starts. Unlike CMD, ENTRYPOINT cannot be overridden at runtime.

14. How to implement CI/CD in Docker?

• Build Docker images: Use a Dockerfile to create images for different stages of the pipeline.

• Push to Registry: Push images to a Docker registry as part of the build process.

• Deploy Containers: Deploy containers to a staging or production environment using orchestration tools or deployment scripts.

• Automate with CI/CD tools: Integrate with CI/CD tools like Jenkins, GitLab CI, or GitHub Actions to automate the build, test, and deployment processes.

15. Will data on the container be lost when the Docker container exits?

• Non-Persistent Data: Yes, any data stored within the container’s writable layer will be lost when the container exits.

• Persistent Data: Use Docker volumes or bind mounts to persist data across container restarts or exits.

16. What is a Docker swarm?

• Docker Swarm: A native clustering and orchestration tool for Docker that manages a cluster of Docker engines and allows for the deployment, scaling, and management of containerized applications across multiple nodes.

17. What are the Docker commands for the following:

• Viewing running containers: docker ps

• Running a container under a specific name: docker run --name <name> <image>

• Exporting a Docker image: docker save -o <filename>.tar <image>

• Importing an existing Docker image: docker load -i <filename>.tar

• Deleting a container: docker rm <container_id>

• Removing all stopped containers, unused networks, build caches, and dangling images: docker system prune

18. What are the common Docker practices to reduce the size of Docker images?

• Use minimal base images: Opt for lightweight base images like alpine.

• Minimize layers: Combine commands in a single RUN statement.

• Clean up unnecessary files: Remove temporary files and caches within the same RUN command.

• Use .dockerignore: Exclude unnecessary files from the build context.

19. How do you troubleshoot a Docker container that is not starting?

• Check logs: Use docker logs <container_id> to view container logs.

• Inspect container: Use docker inspect <container_id> to get detailed information about the container.

• Verify Dockerfile: Ensure there are no errors in the Dockerfile or entry point commands.

• Check resource constraints: Verify that the container has enough CPU and memory resources.

20. Can you explain the Docker networking model?

• Bridge Network: Default network for containers on the same host, allowing them to communicate with each other.

• Host Network: Containers share the host's network stack, providing better performance but less isolation.

• Overlay Network: Allows containers on different hosts to communicate over a virtual network, often used in Docker Swarm or Kubernetes.

• Macvlan Network: Assigns a unique MAC address to each container, allowing them to appear as physical devices on the network.

21. How do you manage persistent storage in Docker?

• Volumes: Create Docker volumes that are managed by Docker and persist data outside the container’s filesystem.

• Bind Mounts: Mount host directories into containers, allowing direct access to the host filesystem.

• Named Volumes: Use named volumes for easy management and persistence of data.

22. How do you secure a Docker container?

• Least Privilege: Run containers with the least privileges necessary.

• User Namespaces: Use user namespaces to map container users to non-root users on the host.

• Image Scanning: Regularly scan images for vulnerabilities.

• Network Isolation: Use Docker’s networking features to isolate containers and control traffic flow.

• Updates: Regularly update Docker and base images to patch known vulnerabilities.

23. What is Docker overlay networking?

• Overlay Networking: A network driver that enables communication between Docker containers across different hosts in a Docker Swarm or Kubernetes cluster, using an