Skip to main content

Top 20 Docker FAQS

 

Top 20 Docker Interview FAQs

  1. What is Docker, and how is it different from a virtual machine?

  2. Explain the architecture of Docker (Client, Daemon, Images, Containers, Registries).

  3. What is the difference between a Docker image and a Docker container?

  4. How do you create a Docker image? What are best practices for writing a Dockerfile?

  5. What is the difference between CMD and ENTRYPOINT in a Dockerfile?

  6. What are Docker volumes, and how do they differ from bind mounts?

  7. How do you persist data in Docker containers?

  8. What is the difference between Docker Compose and Docker Swarm?

  9. How does Docker handle networking? Explain different network drivers (bridge, host, overlay).

  10. How do you share environment variables and secrets in Docker containers securely?

  11. What are multi-stage builds in Docker, and why are they useful?

  12. How do you optimize the size of a Docker image?

  13. What happens when you run docker run internally?

  14. How do you troubleshoot a failing Docker container (logs, exec, inspect)?

  15. What is the difference between COPY and ADD in Dockerfile?

  16. How do you handle container security best practices in Docker?

  17. How do you manage Docker images in production (clean-up, pruning, tagging, versioning)?

  18. How do you scale containers in Docker? Difference between Docker Compose scale and Kubernetes?

  19. What is the difference between Docker Swarm and Kubernetes? Which one is better?

  20. Can you explain a real-world scenario where you used Docker in CI/CD pipelines?

Let us understand the answers.

1. What is Docker, and how is it different from a virtual machine?

Answer:

  • Docker is a containerization platform that packages applications and their dependencies in a lightweight, portable container.

  • Difference from VM:

    • VM: Needs full OS → Heavy, slower startup.

    • Docker: Shares host kernel → Lightweight, faster startup.

  • Scenario: Instead of running 5 separate VMs for microservices, you run 5 Docker containers on the same host, saving resources.

2. Explain the architecture of Docker.

Answer:

  • Components:

    • Docker Client: CLI (docker run, docker build).

    • Docker Daemon: Runs containers, manages images.

    • Docker Images: Read-only templates.

    • Docker Containers: Running instances of images.

    • Registry (Docker Hub / Private): Stores images.

  • Scenario: Developer pushes image to Docker Hub → Production server pulls image → Container runs.

3. Difference between a Docker image and container.

Answer:

  • Image: Blueprint (like a class in OOP).

  • Container: Running instance of an image (like an object).

  • Scenario: An nginx:latest image → when run → becomes a container serving HTTP traffic.

4. How do you create a Docker image? Best practices?

Answer:

  • Create using Dockerfile with instructions (FROM, COPY, RUN, etc.).

  • Best practices:

    • Use lightweight base image (e.g., alpine).

    • Minimize layers.

    • Use .dockerignore.

    • Multi-stage builds.

  • Scenario: Instead of a 1GB Node.js image, using Alpine reduces it to 150MB → faster builds.

5. Difference between CMD and ENTRYPOINT.

Answer:

  • CMD: Provides default command, can be overridden.

  • ENTRYPOINT: Defines the executable, harder to override.

  • Scenario:

    • CMD ["npm", "start"] → can be replaced.

    • ENTRYPOINT ["python"] → ensures container always runs Python.

6. What are Docker volumes vs bind mounts?

Answer:

  • Volumes: Managed by Docker, stored under /var/lib/docker/volumes.

  • Bind mounts: Map host directory → container path.

  • Scenario:

    • Volume for DB data persistence.

    • Bind mount for developers editing code locally.

7. How do you persist data in Docker?

Answer:

  • Using volumes (recommended) or bind mounts.

  • Scenario: MySQL container stores data in /var/lib/mysql. If no volume used → data lost on restart. With volume → data persists.

8. Difference between Docker Compose and Docker Swarm.

Answer:

  • Compose: Defines multi-container apps (local dev/test).

  • Swarm: Docker’s native orchestration for scaling & clustering.

  • Scenario:

    • Compose: Run docker-compose up for a dev environment.

    • Swarm: Deploy same app in production with scaling, load balancing.

9. How does Docker networking work?

Answer:

  • Drivers:

    • Bridge: Default, containers talk via IP.

    • Host: Shares host’s network stack.

    • Overlay: Used for multi-host networking (Swarm).

  • Scenario: Two microservices (web and db) connected via bridge network → web uses db:3306 instead of IP.

10. How do you share environment variables and secrets securely?

Answer:

  • Use --env-file in Docker run.

  • Use Docker Secrets (in Swarm/K8s).

  • Avoid storing secrets in Dockerfile.

  • Scenario: Database password stored in .env file instead of hardcoding → secure CI/CD pipelines.

11. What are multi-stage builds in Docker?

Answer:

  • Feature to reduce image size by separating build & runtime.

  • Scenario:

    • Stage 1: Build app using golang:latest.

    • Stage 2: Copy binary to alpine.

    • Final image is only 20MB instead of 1GB.

12. How do you optimize Docker image size?

Answer:

  • Use lightweight base images.

  • Combine RUN commands.

  • Remove unnecessary files.

  • Multi-stage builds.

  • Scenario: FROM ubuntu:20.04 (200MB) → replace with FROM alpine (5MB).

13. What happens when you run docker run internally?

Answer:

  1. Docker client sends request to daemon.

  2. Daemon checks image locally → pulls from registry if missing.

  3. Creates container from image.

  4. Sets up filesystem, network, mounts.

  5. Runs default command.

  • Scenario: docker run nginx → pulls nginx → starts web server.

14. How do you troubleshoot a failing container?

Answer:

  • docker logs <container> → check logs.

  • docker exec -it <container> /bin/bash → debug inside.

  • docker inspect <container> → metadata.

  • Scenario: App container crashes → check logs → missing env variable → fix in Dockerfile.

15. Difference between COPY and ADD in Dockerfile.

Answer:

  • COPY: Copies files from host to container.

  • ADD: Does the same but also supports remote URLs & auto-extraction of tar files.

  • Best practice: Use COPY unless ADD features required.

16. How do you ensure Docker security?

Answer:

  • Use official images.

  • Scan images for vulnerabilities (trivy, docker scan).

  • Run containers as non-root.

  • Limit container capabilities.

  • Scenario: Running an Nginx container as root → security risk. Instead, set user in Dockerfile.

17. How do you manage Docker images in production?

Answer:

  • Tag images properly (app:1.0, not latest).

  • Clean up unused images (docker image prune).

  • Use private registry (Harbor, ECR, ACR).

  • Automate builds in CI/CD.

18. How do you scale containers in Docker?

Answer:

  • Use docker-compose scale or Swarm mode.

  • For large scale → Kubernetes.

  • Scenario: 1 container of Node.js can’t handle load → scale to 5 containers behind load balancer.

19. Docker Swarm vs Kubernetes.

Answer:

  • Swarm: Simple, Docker-native, easier setup.

  • K8s: Advanced orchestration, auto-healing, rich ecosystem.

  • Scenario:

    • Swarm → small apps with few nodes.

    • Kubernetes → enterprise-grade clusters with monitoring & scaling.

20. Real-world scenario: Using Docker in CI/CD.

Answer:

  • Build app → create Docker image → push to registry → deploy via pipeline.

  • Example:

    • Jenkins pipeline builds Spring Boot app.

    • Creates myapp:1.0 image.

    • Pushes to Azure Container Registry.

    • Deploys to AKS using Helm.

Labels:

Comments

Post a Comment

Popular posts from this blog

AKS Architecture - High-Level Workflow

High-Level AKS Workflow User/DevOps Engineer interaction You use kubectl , Azure CLI, Terraform, or the Azure Portal to submit a request (e.g., deploy a pod, scale replicas, expose a service). The request goes to the Kubernetes API Server (running in the AKS control plane). Control Plane Processing API Server validates the request and stores the desired state in etcd (the cluster database). Scheduler checks for available resources (CPU, memory, taints, affinities) across worker nodes and decides where to place the pod. Controller Manager ensures the cluster continuously matches the desired state. Example: If you ask for 5 replicas but only 3 exist, it will create 2 more. Worker Node Execution The Kubelet on the chosen worker node receives instructions from the API server. Container Runtime (containerd) pulls the required container image (from ACR, Docker Hub, etc.) and runs the container inside a pod . Kube-proxy updates networking rules...
Post a Comment
Read more

AKS Architecture Overview

 AKS is a managed Kubernetes service in Azure where Microsoft manages the control plane and you (the customer) manage the worker nodes and workloads . At a high level, it consists of: Control Plane (Master Components) – managed by Azure. Worker Nodes (Agent Nodes) – managed by you (inside your subscription). Supporting Azure Resources – networking, storage, monitoring, identity, etc. 🔹 1. Control Plane (Managed by Azure) This is the brain of the cluster, hosted and managed by Azure. You don’t pay directly for the control plane; it’s included in the service. Key components: API Server – entry point for kubectl, Azure CLI, and Azure portal requests. etcd – distributed key-value store to keep cluster state (pods, secrets, config, etc.). Scheduler – places pods on the right worker nodes based on resources/constraints. Controller Manager – ensures the desired state matches actual state (e.g., replicas). Cloud Controller Manager – integrates Kub...
Post a Comment
Read more