1. What is the difference between an Image, Container, and Engine?
Image: An image is a lightweight, stand-alone, executable package that includes everything needed to run a piece of software, including the code, runtime, system tools, libraries, and settings. Images are created from a Dockerfile and can be shared and stored in repositories like Docker Hub.
Container: A container is a runtime instance of an image. It is a runnable environment where an image is executed. Containers are isolated from each other and the host system, ensuring consistency across different environments.
Engine: The Docker Engine is the core component of Docker. It is responsible for building, running, and managing containers. It includes both a server and a client. The server listens for Docker API requests, while the client communicates with the server and interacts with containers.
2. What is the difference between the Docker command COPY vs ADD?
COPY: The COPY command is used in a Dockerfile to copy files or directories from the host system into the container's filesystem. It is a straightforward command that copies files without performing any extraction or decompression.
ADD: The ADD command also copies files from the host system to the container, but it has additional functionality. ADD can handle URL resources and automatically unpack compressed files (e.g., tar or zip) during the copy operation. However, it's recommended to use COPY for simple file copying tasks to improve transparency.
3. What is the difference between the Docker command CMD vs RUN?
RUN: The RUN command is used in a Dockerfile to execute a command during the image build process. It runs a command and creates a new image layer with the results. Commonly used for installing software or setting up dependencies.
CMD: The CMD command is used to define the default command that should be executed when a container is run from the image. It is not executed during the image build but specifies what the container should run by default.
4. How Will you reduce the size of the Docker image?
To reduce the size of a Docker image:
Use a minimal base image.
Remove unnecessary files and dependencies.
Optimize layer caching.
Use multi-stage builds.
Minimize the number of layers.
Remove temporary build artifacts.
Avoid installing unnecessary packages.
Clean up after installation.
5. Why and when to use Docker?
Docker is used to create, deploy, and run applications in containers, offering benefits like isolation, portability, scalability, and efficiency. It's valuable when:
Ensuring consistent development, testing, and production environments.
Simplifying application deployment and scaling.
Isolating applications and dependencies.
Accelerating development cycles.
Enhancing resource utilization.
Achieving DevOps and CI/CD automation.
6. Explain the Docker components and how they interact with each other.
Docker components include the Docker Engine (server and client), Images, Containers, Docker Hub (or other registries), Docker Compose, Docker Swarm/Kubernetes (for orchestration), and Dockerfile (for defining images). The Engine runs containers, which are created from images stored in registries. Compose and orchestration tools manage multiple containers, while the Dockerfile defines image construction.
7. Explain the terminology: Docker Compose, Docker File, Docker Image, Docker Container?
Docker Compose: A tool for defining and running multi-container Docker applications using a YAML file.
Dockerfile: A script containing instructions to build a Docker image.
Docker Image: A lightweight, executable package that includes application code, runtime, libraries, and settings.
Docker Container: A runnable instance of a Docker image, isolated from the host system and other containers.
8. In what real scenarios have you used Docker?
Examples include containerizing microservices, deploying web applications, setting up development environments, CI/CD pipelines, running databases, and orchestrating containers in clusters.
9. Docker vs. Hypervisor?
Docker uses containerization to run applications with shared OS resources, leading to lower overhead and efficient resource usage.
Hypervisors create virtual machines (VMs) with dedicated OS instances, incurring higher resource overhead. Docker is more lightweight and provides faster startup times.
10. What are the advantages and disadvantages of using Docker?
Advantages: Portability, scalability, isolation, resource efficiency, easy management, faster deployments.
Disadvantages: Learning curve, limited GUI, potential security risks, challenges with stateful applications.
11. What is a Docker namespace?
Docker uses namespaces to isolate containers from each other and from the host system. Namespaces control access to system resources, such as process IDs or file systems, providing container isolation.
**
12. What is a Docker registry?**
A Docker registry is a repository for storing and distributing Docker images. It's like a central hub where Docker images are hosted and can be accessed by users. Docker Hub is one of the most well-known public Docker registries, but organizations often set up private registries for internal use. These registries allow you to share and manage Docker images, making them available to others for deployment.
13. What is an entry point?
An entry point in Docker refers to the command or script that is run when a container is started. It is often used to define the main executable for the container. When you run a container, the entry point is the first command that is executed within the container. You can specify the entry point in the Dockerfile or override it when starting the container with the docker run
command.
14. How to implement CI/CD in Docker?
Implementing CI/CD (Continuous Integration/Continuous Deployment) in Docker involves integrating Docker into your software development and deployment pipelines. Here's a high-level overview of the process:
Continuous Integration (CI): Developers commit code to a version control system (e.g., Git). CI servers automatically build Docker images from the source code, run tests inside containers, and create artifacts.
Continuous Deployment (CD): After successful CI, CD pipelines push Docker images to a registry. Deployment tools (e.g., Kubernetes, Docker Compose) pull these images and deploy them to production environments.
To implement CI/CD effectively, use tools like Jenkins, GitLab CI/CD, Travis CI, or CircleCI in combination with Docker and container orchestration platforms.
15. Will data on the container be lost when the Docker container exits?
By default, data inside a Docker container is ephemeral, meaning it can be lost when the container exits. This is because containers are designed to be stateless and disposable. To persist data between container runs, you can use Docker volumes or bind mounts to store data outside the container on the host system.
16. What is a Docker swarm?
Docker Swarm is a native clustering and orchestration solution for Docker. It allows you to create and manage a cluster of Docker nodes (machines) as a single entity. Docker Swarm provides features for load balancing, scaling applications, service discovery, and high availability. It makes it easier to deploy and manage containerized applications across a cluster of machines.
17. What are the Docker commands for the following:
View running containers:
docker ps
Command to run the container under a specific name:
docker run --name <container_name> ...
Command to export a Docker image:
docker save -o <output_file>.tar <image_name>
Command to import an already existing Docker image:
docker load -i <input_file>.tar
Commands to delete a container:
docker rm <container_id or container_name>
Command to remove all stopped containers, unused networks, build caches, and dangling images:
docker system prune
18. What are the common Docker practices to reduce the size of Docker Image?
To reduce the size of Docker images, follow these best practices:
Use a minimal base image: Start with a lightweight base image, like Alpine Linux, to minimize the image size.
Remove unnecessary files: Clean up the image by removing unnecessary files and dependencies.
Multi-stage builds: Use multi-stage builds to compile code in one image and copy only the necessary artifacts to the final image.
Minimize layers: Combine multiple RUN commands into a single layer and remove intermediate containers.
Use .dockerignore: Create a
.dockerignore
file to exclude files and directories that shouldn't be included in the image.Optimize dependencies: Install only the necessary dependencies and remove development or build-time dependencies.
19. How do you troubleshoot a Docker container that is not starting?
When troubleshooting a Docker container that isn't starting, follow these steps:
Check Logs: Use
docker logs <container_id>
to view the container's logs and identify any errors.Inspect Container: Use
docker inspect <container_id>
to get detailed information about the container's configuration and environment.Check Resource Limits: Ensure the container has sufficient resources (CPU, memory) to start.
Review Dockerfile: Check the Dockerfile for any misconfigurations or errors in the commands.
Network Issues: Verify that the container's network settings are correct and that it can communicate with required services.
Dependency Checks: Ensure all dependencies and required services are available and properly configured.
System Logs: Check system logs using
journalctl -u docker.service
for any Docker daemon errors.
20. Can you explain the Docker networking model?
The Docker networking model includes several types of networks:
Bridge Network: Default network for standalone containers, allowing communication within the same host.
Host Network: Shares the host's network stack, providing high performance but less isolation.
Overlay Network: Enables communication between containers on different Docker hosts, typically used in Swarm mode.
Macvlan Network: Assigns a MAC address to each container, making it appear as a physical device on the network.
None: Completely isolates the container from any network.
These networks provide various levels of isolation, connectivity, and performance, allowing for flexible networking configurations.
21. How do you manage persistent storage in Docker?
Persistent storage in Docker can be managed using:
Volumes: Created and managed by Docker, stored in
/var/lib/docker/volumes/
on the host. They are the recommended method for persisting data as they are easy to back up, share, and migrate.Bind Mounts: Maps a file or directory on the host to a container. They provide direct access to the host filesystem, useful for development and debugging.
tmpfs Mounts: Stores data in the host's memory, providing fast and temporary storage.
Volumes are preferred for data that needs to persist beyond the container’s lifecycle, while bind mounts are useful for direct access to host files.
22. How do you secure a Docker container?
Securing a Docker container involves:
Use Minimal Base Images: Reduce the attack surface by using lightweight base images like
alpine
.Run as Non-Root User: Avoid running containers as root. Use the
USER
directive in Dockerfile to specify a non-root user.Limit Container Capabilities: Drop unnecessary Linux capabilities using the
--cap-drop
flag.Use Read-Only Filesystems: Mount filesystems as read-only using the
--read-only
flag.Enable Security Features: Use SELinux, AppArmor, or seccomp to enforce security policies.
Scan Images for Vulnerabilities: Regularly scan and update images to fix vulnerabilities.
Isolate Containers: Use Docker network and user namespaces to isolate containers.
23. What is Docker overlay networking?
Docker overlay networking is used to enable communication between containers running on different Docker hosts in a Swarm cluster. It creates a virtual network that spans across multiple hosts, allowing services to communicate securely and efficiently. Overlay networks abstract the underlying network infrastructure, providing simplified connectivity and enabling service discovery and load balancing across the cluster.
24. How do you handle environment variables in Docker?
Environment variables in Docker can be handled using:
ENV Instruction: Set environment variables in the Dockerfile using
ENV VAR_NAME=value
.Run-Time Variables: Pass variables at container runtime using the
-e
or--env-file
options withdocker run
.Docker Compose: Define environment variables in
docker-compose.yml
using theenvironment
key.Secrets Management: Use Docker secrets for sensitive information, ensuring they are stored securely and only accessible by authorized containers.