Day 21 Task: Important Docker Interview Questions

Essential Docker Interview Questions for DevOps Engineers

1. What is the difference between an Image, Container, and Engine?

• Image: A lightweight, standalone, and executable package that includes everything needed to run a piece of software (code, runtime, libraries).

• Container: A running instance of a Docker image. It is an isolated environment where an application executes.

• Engine: The Docker Engine (daemon) runs the containers and manages the container lifecycle on a host machine.

2. What is the difference between COPY vs ADD in Docker?

• COPY: Used to copy files/directories from the local system to the Docker image.

• ADD: Works like COPY but can also:

  • Extract tar archives automatically.

  • Fetch remote URLs and add them to the image.
    Best Practice: Prefer COPY over ADD unless you need its extra features.

3. What is the difference between CMD vs RUN in Docker?

• RUN: Executes commands at build time and creates a new layer in the image.

• CMD: Defines the default command that runs when the container starts.
  Best Practice: Use CMD for default behavior and RUN for setup tasks during image creation.

4. How will you reduce the size of a Docker image?

• Use a minimal base image like alpine.

• Combine multiple RUN commands using && to reduce layers.

• Remove unnecessary files using rm -rf inside a RUN statement.

• Use .dockerignore to exclude unnecessary files.

• Use multi-stage builds to discard intermediate files.

5. Why and when should you use Docker?

• Portability: Works across different environments.

• Scalability: Easily scale applications using Docker Swarm or Kubernetes.

• Isolation: Containers run independently, preventing conflicts.

• Efficiency: Uses fewer resources than VMs since containers share the host OS.

• DevOps Integration: Works well with CI/CD pipelines.

6. Explain Docker components and how they interact with each other.

• Docker Client: CLI tool to interact with the Docker Daemon.

• Docker Daemon (Engine): Runs containers and manages resources.

• Docker Image: Blueprint for creating containers.

• Docker Container: A running instance of an image.

• Docker Registry: Stores and distributes images (e.g., Docker Hub).

7. Explain the terminology: Docker Compose, Dockerfile, Docker Image, Docker Container.

• Dockerfile: A script that defines how an image is built.

• Docker Image: A packaged version of an application.

• Docker Container: A running instance of an image.

• Docker Compose: A tool to define and run multi-container applications using a docker-compose.yml file.

8. In what real-world scenarios have you used Docker?

• Running microservices in isolated environments.

• Setting up development environments quickly.

• Deploying CI/CD pipelines to automate testing and deployments.

• Running applications on cloud platforms like AWS, Azure, or GCP.

---

Advanced Docker Topics

9. Docker vs Hypervisor – What are the differences?

10. What are the advantages and disadvantages of using Docker?

Advantages:

• Faster deployment

• Efficient resource utilization

• Scalability

• Portability

• Easier dependency management

Disadvantages:

• Security risks if not managed properly

• Performance overhead compared to native execution

• Data persistence requires manual handling

11. What is a Docker namespace?

A namespace isolates system resources (processes, networking, mount points, etc.) in a container, ensuring it doesn’t interfere with other containers or the host system.

12. What is a Docker registry?

A Docker registry is a storage system for Docker images. Examples:

• Public: Docker Hub

• Private: AWS ECR, Google Container Registry

13. What is an entry point in Docker?

ENTRYPOINT in a Dockerfile defines the main executable of a container.
Example:

dockerfileCopyEditENTRYPOINT ["python", "app.py"]

14. How to implement CI/CD in Docker?

• Use Docker containers for build, test, and deploy stages.

• Implement Jenkins, GitHub Actions, or GitLab CI/CD with Docker images.

• Deploy applications using Kubernetes or Docker Swarm.

15. Will data on a container be lost when the Docker container exits?

Yes, unless:

• Volumes (docker volume create) or

• Bind mounts (-v /host/path:/container/path) are used for persistent storage.

16. What is Docker Swarm?

Docker Swarm is Docker’s native clustering tool, allowing multiple Docker hosts to work together as a single system.

---

Docker Commands You Must Know

• Viewing running containers: docker ps

• Running a container under a specific name: docker run --name my_container image_name

• Exporting a Docker image: docker save -o image.tar image_name

• Importing an existing Docker image: docker load -i image.tar

• Deleting a container: docker rm container_id

• Removing all stopped containers, unused networks, and build caches:

    docker system prune -a
  

---

Troubleshooting & Best Practices

17. How do you troubleshoot a Docker container that is not starting?

• Check logs: docker logs container_id

• Inspect container: docker inspect container_id

• View running processes: docker top container_id

• Check exited containers: docker ps -a

18. Can you explain the Docker networking model?

Docker supports multiple networking modes:

• Bridge (default): Containers can communicate within the same host.

• Host: Container shares the host’s network stack.

• Overlay: Used for multi-host networking in Docker Swarm.

• None: No networking.

19. How do you manage persistent storage in Docker?

• Volumes: Stored in Docker-managed directories (/var/lib/docker/volumes/).

• Bind Mounts: Maps host directories to containers.

20. How do you secure a Docker container?

• Use official images from trusted sources.

• Limit container privileges (--cap-drop ALL).

• Enable user namespaces for isolation.

• Scan images for vulnerabilities (docker scan).

21. What is Docker overlay networking?

Overlay networks enable communication between containers on different Docker hosts, mainly used in Docker Swarm.

22. How do you handle environment variables in Docker?

• Using the -e flag:

    docker run -e ENV_VAR=value image_name
  

• Using .env files and docker-compose.