HTML
   HTML5
   CSS
   CSS3
   JavaScript
   jQuery
   AngularJS
   Articles
   Tech Articles
   Blog
Google News
logo
Docker Interview Questions
1 .
What is Docker?
Docker is a powerful open-source software that runs on Linux and Windows. Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly. 
 
With Docker, you can manage your infrastructure in the same ways you manage your applications. By taking advantage of Docker’s methodologies for shipping, testing, and deploying code quickly, you can significantly reduce the delay between writing code and running it in production.
2 .
Does Docker run on Linux, macOS and Windows?
You can run both Linux and Windows programs and executables in Docker containers. The Docker platform runs natively on Linux (on x86-64, ARM and many other CPU architectures) and on Windows (x86-64). Docker Inc. builds products that let you build and run containers on Linux, Windows and macOS.
3 .
What can I use Docker for?
Fast, consistent delivery of your applications
 
Docker streamlines the development lifecycle by allowing developers to work in standardized environments using local containers which provide your applications and services. Containers are great for continuous integration and continuous delivery (CI/CD) workflows.
 
Consider the following example scenario :
 
* Your developers write code locally and share their work with their colleagues using Docker containers.

* They use Docker to push their applications into a test environment and execute automated and manual tests.

* When developers find bugs, they can fix them in the development environment and redeploy them to the test environment for testing and validation.
+
* When testing is complete, getting the fix to the customer is as simple as pushing the updated image to the production environment.

Responsive deployment and scaling :  Docker’s container-based platform allows for highly portable workloads. Docker containers can run on a developer’s local laptop, on physical or virtual machines in a data center, on cloud providers, or in a mixture of environments.
 
Docker’s portability and lightweight nature also make it easy to dynamically manage workloads, scaling up or tearing down applications and services as business needs dictate, in near real time.
 
Running more workloads on the same hardware : Docker is lightweight and fast. It provides a viable, cost-effective alternative to hypervisor-based virtual machines, so you can use more of your compute capacity to achieve your business goals. Docker is perfect for high density environments and for small and medium deployments where you need to do more with fewer resources.
4 .
What is the Docker platform?
Docker provides the ability to package and run an application in a loosely isolated environment called a container. The isolation and security allows you to run many containers simultaneously on a given host. Containers are lightweight and contain everything needed to run the application, so you do not need to rely on what is currently installed on the host. You can easily share containers while you work, and be sure that everyone you share with gets the same container that works in the same way.
 
Docker provides tooling and a platform to manage the lifecycle of your containers :
 
* Develop your application and its supporting components using containers.
* The container becomes the unit for distributing and testing your application.
* When you’re ready, deploy your application into your production environment, as a container or an orchestrated service. This works the same whether your production environment is a local data center, a cloud provider, or a hybrid of the two.
5 .
What are Docker's most notable features?
Docker’s most essential features include :
 
* Application agility
* Developer productivity
* Easy modeling
* Operational efficiencies
* Placement and affinity
* Version control
6 .
What is Hypervisor in Docker?
A hypervisor is a software that makes virtualization possible. It is also called Virtual Machine Monitor. It divides the host system and allocates the resources to each divided virtual environment. You can basically have multiple OS on a single host system. There are two types of Hypervisors :
 
Native Hypervisor : This type is also called a Bare-metal Hypervisor and runs directly on the underlying host system which also ensures direct access to the host hardware which is why it does not require base OS.
 
Hosted Hypervisor : This type makes use of the underlying host operating system which has the existing OS installed.
7 .
What is Docker virtualization?
Virtualization is the process of creating a software-based, virtual version of something(compute storage, servers, application, etc.). These virtual versions or environments are created from a single physical hardware system.

Virtualization lets you split one system into many different sections which act like separate, distinct individual systems. A software called Hypervisor makes this kind of splitting possible. The virtual environment created by the hypervisor is called Virtual Machine.
8 .
Explain Docker architecture.
Docker uses a client-server architecture. The Docker client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers. The Docker client and daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon. The Docker client and daemon communicate using a REST API, over UNIX sockets or a network interface. Another Docker client is Docker Compose, that lets you work with applications consisting of a set of containers.
Docker Architecture

The Docker daemon : The Docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. A daemon can also communicate with other daemons to manage Docker services.
 
The Docker client : The Docker client (docker) is the primary way that many Docker users interact with Docker. When you use commands such as docker run, the client sends these commands to dockerd, which carries them out. The docker command uses the Docker API. The Docker client can communicate with more than one daemon.
 
Docker Desktop : Docker Desktop is an easy-to-install application for your Mac, Windows or Linux environment that enables you to build and share containerized applications and microservices. Docker Desktop includes the Docker daemon (dockerd), the Docker client (docker), Docker Compose, Docker Content Trust, Kubernetes, and Credential Helper. For more information, see Docker Desktop.
 
Docker registries : A Docker registry stores Docker images. Docker Hub is a public registry that anyone can use, and Docker is configured to look for images on Docker Hub by default. You can even run your own private registry.
 
When you use the docker pull or docker run commands, the required images are pulled from your configured registry. When you use the docker push command, your image is pushed to your configured registry.
 
Docker objects : When you use Docker, you are creating and using images, containers, networks, volumes, plugins, and other objects. This section is a brief overview of some of those objects.
9 .
What is a Docker Container?
A container is a standard unit of software that is bundled with dependencies to expedite the process of application deployement in a reliable manner between different computing platforms.

A docker can be visualized as big ship i.e. docker which is carrying huge boxes of products i.e. containers. These containers do not require installation of a separate operating system. Docker use the kernel’s resources and functionality to allocate them for CPU and memory and separate namespaces for isolating the application’s view of the operating system.
10 .
What is a docker image?
A Docker image is a read-only template that has a set of instructions for creating containers that can run on Docker. It is an executable package (a collection of files or layers) that bundles together all the necessities such as application code, dependencies, software packages, and more that are required to set up a completely functional container environment. There are two methods to create a Docker image:
 
* Interactive
* Dockerfile
11 .
What is a Dockerfile?
Let’s start by giving a small explanation of Dockerfile and proceed by giving examples and commands to support your arguments.
 
Docker can build images automatically by reading the instructions from a file called Dockerfile. A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. Using docker build, users can create an automated build that executes several command-line instructions in succession.
12 .
How do you create a Docker container from a Docker image?
To create a container from an image, we pull out the image that we want from the Docker repository and create a container. We can use the following command :
$ docker run -it -d <image_name>​
13 .
Can you use JSON instead of YAML for Docker Compose?
Yes, we can use a JSON file instead of a YAML file for the Docker Compose file. To use JSON, we need to specify the filename like this :
$ docker-compose -f docker-compose.json up​
14 .
What is Docker Swarm?
Docker Swarm is native clustering for Docker. It turns a pool of Docker hosts into a single, virtual Docker host. Docker Swarm serves the standard Docker API, any tool that already communicates with a Docker daemon can use Swarm to transparently scale to multiple hosts.
15 .
What is a Docker Namespace?
A namespace is one of the Linux features and an important concept of containers. Namespace adds a layer of isolation in containers. Docker provides various namespaces in order to stay portable and not affect the underlying host system. Few namespace types supported by Docker – PID, Mount, IPC, User, Network.
16 .
What is a Docker Hub?
* It is a public cloud-based registry provided by Docker for storing public images of the containers along with the provision of finding and sharing them.

* The images can be pushed to Docker Hub through the docker push command.
17 .
What command is used to check for the version of docker client and server?
The command used to get all version information of the client and server is the docker version.

To get only the server version details, we can run docker version --format '{{.Server.Version}}'
18 .
What is the differentiate between virtualization and containerization?
Virtualization  Containerization
This helps developers to run and host multiple OS on the hardware of a single physical server. This helps developers to deploy multiple applications using the same operating system on a single virtual machine or server.
Hypervisors provide overall virtual machines to the guest operating systems.  Containers ensure isolated environment/ user spaces are provided for running the applications. Any changes done within the container do not reflect on the host or other containers of the same host.
These virtual machines form an abstraction of the system hardware layer this means that each virtual machine on the host acts like a physical machine. Containers form abstraction of the application layer which means that each container constitutes a different application.
19 .
What about the opposite? Does Docker have any downsides?
Docker isn’t perfect. It comes with its share of drawbacks, including :
 
* Lacks a storage option
* Monitoring options are less than ideal
* You can’t automatically reschedule inactive nodes
* Automatic horizontal scaling set up is complicated
20 .
Name the essential Docker commands and what they do.
The most critical Docker commands are :
 
Build. Builds a Docker image file

Commit. Creates a new image from container changes

Create. Creates a new container

Dockerd. Launches Docker daemon

Kill. Kills a container
21 .
List some of the more advanced Docker commands and what they do.
Some advanced commands include :
 
Docker info. Displays system-wide information regarding the Docker installation

Docker pull. Downloads an image

Docker stats. Provides you with container information

Docker images. Lists downloaded images
22 .
What is memory-swap flag?
Memory-swap is a modified flag that only has meaning if- memory is also set. Swap allows the container to write express memory requirements to disk when the container has exhausted all the RAM which is available to it.
23 .
If you were to exit the Docker Container, will you lose your data?
When a Docker Container is exited, no data loss occurs as all the data is written to the disk by the application for the sole purpose of preservation. This process is consistently repeated until and unless the container is unequivocally deleted. Moreover, the file system for the Docker container persists even after the Docker container is halted.
24 .
How is Docker monitored in production?
To monitor Docker in production, tools such as Docker stats and Docker events are available. Through these tools, one can get reports on important statistics. Once Docker stats are called with a container ID, it returns the container's  CPU and memory usage. It is similar to the top command in Linux. On the other hand, Docker Events are commands to see a list of activities in process in Docker Daemon. Some of these events are attached, commit, rename, destroy, die and more. One also has the option to filter the events they are interested in.
25 .
How to delete a container?
We can follow the below steps for deleting a container :
 
– docker stop <container_id>
– docker rm <container_id>
26 .
What is a Volume in docker?
A data volume is a specially-designated directory that is located outside of the root filesystem of a container (i.e. created on the host), designed to persist data, independent of the container’s life cycle. This allows sharing data within containers by importing volume directory in other containers.
 
Data volumes provide several useful features :
 
* Data volumes persist even if the container itself is deleted.
* Data volumes can be shared and reused among containers.
* Changes to a data volume can be made directly.
* Volumes can be initialized when a container is created.
27 .
Why do my services take 10 seconds to recreate or stop?
A docker-compose stop will attempt to stop a specific Docker container by sending a SIGTERM message. Once this message is delivered, it waits for the default timeout period of 10 seconds and once the timeout period is crossed, it then sends out a SIGKILL message to the container – in order to kill it forcefully. If you are actually waiting for the timeout period, then it means that the containers are not shutting down on receiving SIGTERM signals/messages.
 
In an attempt to solve this issue, the following is what you can do :
 
* You can ensure that you are using the JSON form of the CMD and also the ENTRYPOINT in your docker file.
* Use [“program”, “argument1”, “argument2”] instead of sending it as a plain string as like this – “program argument1 argument2”.
* Using the string form, makes Docker run the process using a bash that can’t handle signals properly. Compose always uses the JSON form.
* If it is possible then modify the application which you intend to run by adding an explicit signal handler for the SIGTERM signal
* Also, set the stop_signal to a proper signal that the application can understand and also know how to handle it.
28 .
What is the difference between up, run, and start?
In any given scenario, you would always want your docker-compose up. Using the command UP, you can start or restart all the services that are defined in a docker-compose.yml file. In the “attached” mode, which is also the default mode – we will be able to see all the log files from all the containers. In the “detached” mode, it exits after starting all the containers, which continue to run in the background showing nothing over in the foreground.
 
Using the docker-compose run command, we will be able to run the one-off or the ad-hoc tasks that are required to be run as per the Business needs and requirements. This requires the service name to be provided which you would want to run and based on that, it will only start those containers for the services that the running service depends on. Using the run command, you can run your tests or perform any of the administrative tasks like removing/adding data to the data volume container. It is also very similar to the docker run –ti command, which opens up an interactive terminal to the containers an exit status that matches with the exit status of the process in the container.
 
Using the docker-compose start command, you can only restart the containers that were previously created and were stopped. This command never creates any new Docker containers on its own.
29 .
What is Docker Engine?
Docker Engine is an open-source containerization technology that facilitates the development, assembling, shipping, and running of applications with the help of the following components:
 
* Docker Daemon
* Docker Engine REST API
* Docker CLI
30 .
Where are Docker images stored?
It depends on which system the Docker is running and the Docker storage driver is being used.
 
For example, on Windows, Docker images are stored by default in :
C:\ProgramData\DockerDesktop
On a Mac, Docker images are stored by default in :
~/Library/Containers/com.docker.docker/Data/vms/0/
31 .
What are the container platforms available other than docker?
According to 2018 reports Docker is the most popular container platform constituting 83% of container space. It’s preferred because of the ease with which the user can work with. Docker also provides greater isolation between the containers on the same host operating system. Few of the other popular ones are CoreOS rkt
 
12 percent of production containers were rkt (pronounced “Rocket”) from CoreOS. rkt supports two types of images: Docker and appc. The main advantage of rkt is its usage with Kubernetes.In Kubernetes, an rkt container runtime can be declared as
“ kubelet --container-runtime=rkt”.
Compared with Docker, rkt has fewer third-party integrations. Red Hat recently acquired CoreOS. Application Container Image or appc is defined by the App Container spec. An ACI contains all necessary files to execute an application and an image.
 
Mesos Containerizer : 4 percent of production containers were Mesos from Apache. Mesos supports both Docker and appc image types. It works better with the frameworks of big data applications.  Mesos is not a standalone container and requires the Mesos framework to make it run.
 
LXC Linux Containers : 1 percent of containers were LXC Linux Containers. LXC also has a great active community around it. The main disadvantage of LXC is its incompatibility with Kubernetes.
32 .
What are the basic actions performed on the docker container?
Basic actions on Docker containers are :
 
Create a docker container : Following command creates the docker container with the required images.
docker create --name <container-name> <image-name>
Run docker container : Following command helps  to execute the container
docker run -it -d --name <container-name> <image-name> bash
Main steps involved in the run command is
 
* Pulls the image from Docker Hub if it’s not present in the running environment
* Creates the container.
* The file system is allocated and is mounted on a read/write layer.
* A network interface is allocated that allows docker to talk to the host.
* Finds an available IP address from pool.
* Runs our application in our case “bash” shell.
* Captures application outputs

Pause container : Processes running inside the container is paused. Following command helps us to achieve this.
docker pause <container-id/name>
Container can’t be removed if in a paused state.
 
Unpause container : Unpause moves the container back to run the state. Below command helps us to do this.
docker unpause <container-id/name>
Start container : If container is in a stopped state, container is started.
docker start <container-id/name>
Stop container : Container with all its processes is stopped with below command.
docker stop <container-id/name>
To stop all the running Docker containers use the  below command
docker stop $(docker ps -a -q)
Restart container : Container along with its processes are restarted
docker restart <container-id/name>
Kill container : A container can be killed with below command
docker kill <container-id/name>
Destroy container : The entire container is discarded. It is preferred to do this when the container is in a stopped state rather than do it forcefully.
docker rm <container-id/name>
33 .
Is there a possibility to include a specific code with COPY/ADD or a volume?
This can be easily achieved by adding either the COPY or the ADD directives in your docker file. This will count to be useful if you want to move your code along with any of your Docker images, for example, sending your code an environment up the ladder – The development environment to the Staging environment or from the Staging environment to the Production environment. 
 
Having said that, you might come across situations where you’ll need to use both approaches. You can have the image include the code using a COPY, and use a volume in your Compose file to include the code from the host during development. The volume overrides the directory contents of the image.
34 .
Will cloud automation overtake containerization any sooner?
Docker containers are gaining popularity each passing day and definitely will be a quintessential part of any professional Continuous Integration / Continuous Development pipelines. Having said that there is equal responsibility on all the key stakeholders at each Organization to take up the challenge of weighing the risks and gains on adopting technologies that are budding up on a daily basis. In my humble opinion, Docker will be extremely effective in Organizations that appreciate the consequences of Containerization.
35 .
What are the disadvantages of Docker?
Like any other technologies, Docker has its own advantages and disadvantages. Docker is not a silver bullet and needs care in architecting and orchestrating docker containers keeping below points in mind.
 
Docker is not so fast compared to bare metal servers. Even though containers are lightweight and so easy to boot up it is subjected to decreased network performance. Performance of the containers are affected as a single operating system caters to multiple containers.

Integrability : Even though Docker is open source some of the container products don’t work with all. This may be due to the competition prevailing in the market. For eg:  OpenShift which is a container-as-a-service platform from Red Hat, only works with the Kubernetes.

Data loss in containers : When the container exits the data will be lost. Data could be saved through volume mounting like Docker Data Volumes but more hard work needs to be done in this space.

Poor or no GUI : Containers were used mainly for deploying server application that doesn't require GUI. There are some methods to run GUI app inside containers but it’s somewhat clumsy these days.

More suitable for applications that use microservices : Generally the docker’s benefit is to ease the application delivery by providing a packaging mechanism but the true benefit comes when we use microservices.

There are other virtualization techniques like unikernels which is based on library operating systems. Unikernels provide improved security, more optimisation and boots faster.
36 .
Shed some light on the workflow of Docker usage.
Below is a brief explanation of the workflow of Docker usage :
 
* Since the Dockerfile is the source code of the image, everything starts with it
* Once it is created, the Dockerfile is used to build the image of the container. This image is only the compiled version of the Dockerfile
* This image is then redistributed using the registry, which is like a repository of images.
* Further, the image can be used to run containers. A container, while it is running, is very similar to a VM without the hypervisor.
37 .
Explain CMD and ENTRYPOINT in a Dockerfile?
In a Dockerfile, both CMD and ENTRYPOINT instructions define which command will be executed while running a container. For their cooperation, there are some rules, such as :
 
* The Dockerfile should specify at least one command from CMD or ENTRYPOINT
* While using the container as an executable, ENTRYPOINT needs to be defined
* When running the container with an alternative argument, CMD will be overridden
38 .
What is the purpose of EXPOSE command in Dockerfile?
When writing your Dockerfiles, the instruction EXPOSE tells Docker the running container listens on specific network ports. This acts as a kind of port mapping documentation that can then be used when publishing the ports.
EXPOSE <port> [<port>/<protocol>...]
You can also specify this within a docker run command, such as :
docker run --expose=1234 my_app
Please note that EXPOSE will not allow communication via the defined ports to containers outside of the same network or to the host machine. To allow this to happen you need to publish the ports.
39 .
Is Routing Mesh a Load Balancer?
Routing Mesh is not Load-Balancer. It makes use of LB concepts.It provides global publish port for a given service. The routing mesh uses port based service discovery and load balancing. So to reach any service from outside the cluster you need to expose ports and reach them via the Published Port. In simple words, if you had 3 swarm nodes, A, B and C, and a service which is running on nodes A and C and assigned node port 30000, this would be accessible via any of the 3 swarm nodes on port 30000 regardless of whether the service is running on that machine and automatically load balanced between the 2 running containers. I will talk about Routing Mesh in separate blog if time permits.
40 .
How does Docker play a role in Continuous Integration?
Continuous Integration is a mechanism used to enable DevOps methodology in development process i.e. helps to obtain immediate feedback on the changes made in the code by executing unit and acceptance tests, as soon as the code changes are checked-in to the repository.
 
A typical process involves developers merging their changes to the branch as often as possible and they are validated by building, running and executing automated tests against the application.
 
Docker plays a key role in enabling CI, as it can seamlessly integrate with any popular CI tools like Jenkins or TeamCity. Also, several Gradle plugins like Palantir, trans mode are available for automating the docker build and publish images by creating respective Gradle tasks.
 
We can then define stages in Jenkins to perform tasks like building Docker images, starting containers using compose and executing Acceptance tests to validate the application changes.
41 .
Explain the purpose of the .dockerignore file.
Whenever a “docker builds” command is executed we see a line that tells uploading context. This refers to the creation of a .tar file by including all files in the directory where the Dockerfile is present and uploading them to docker daemon. Consider if we are putting Dockerfile in home directory entire files in your home and in all subdirectories would be included in the creation of a .tar file. Thus before updating the context docker daemon checks for the .dockerignore file. All files that match the data in the .dockerignore file would be neglected. Hence sensitive information is not sent to the Docker daemon.
 
sample .dockerignore file looks like this :
# comment
*/temp*
*/*/temp*
Temp?
This .dockerignore file ignores all files and directories whose names start with temp in any immediate subdirectory of the root or from any subdirectory that is two levels below the root. It also excludes files and directories in the root directory whose names are a one-character extension of temp. Everything that starts with # is ignored.
42 .
What is CNM?
CNM or Container Network Model is a specification that formally defines the steps needed to provide networking for containers while maintaining abstraction used to support multiple network drivers. CNM is built on three components, namely, sandbox, endpoint, and Network.
43 .
Can you differentiate between Daemon Logging and Container Logging?
* In docker, logging is supported at 2 levels and they are logging at the Daemon level or logging at the Container level.

* Daemon Level : This kind of logging has four levels- Debug, Info, Error, and Fatal.
- Debug has all the data that happened during the execution of the daemon process.
- Info carries all the information along with the error information during the execution of the daemon process.
- Errors have those errors that occurred during the execution of the daemon process.
- Fatal has the fatal errors that occurred during the execution.

* Container Level :
- Container level logging can be done using the command: sudo docker run –it <container_name> /bin/bash
- In order to check for the container level logs, we can run the command : sudo docker logs <container_id>
44 .
What changes are expected in your docker compose file while moving it to production?
These are the following changes you need make to your compose file before migrating your application to the production environment :
 
* Remove volume bindings, so the code stays inside the container and cannot be changed from outside the container.

* Binding to different ports on the host.

* Specify a restart policy

* Add extra services like log aggregator
45 .
How to Use tmpfs mounts in Docker?
Volumes and bind mounts let you share files between the host machine and container so that you can persist data even after the container is stopped.
 
If you’re running Docker on Linux, you have a third option: tmpfs mounts. When you create a container with a tmpfs mount, the container can create files outside the container’s writable layer.
 
As opposed to volumes and bind mounts, a tmpfs mount is temporary, and only persisted in the host memory. When the container stops, the tmpfs mount is removed, and files written there won’t be persisted.
tmpfs mounts
This is useful to temporarily store sensitive files that you don’t want to persist in either the host or the container writable layer.