Docker Important Interview Questions and Answers | Day 21 of 90 Days of DevOps

13 min readAug 14, 2023

In this blog, I’ll help you prepare for your Docker interview by answering some of the most important Docker interview questions. Docker is a popular open-source platform that simplifies the process of creating, managing, running, and distributing applications using containers. Docker has become a widely used tool in the DevOps world and has many benefits for developers and operators. Knowing Docker well can give you an edge in your DevOps career.

Let’s start

1. What is the difference between an image, a container, and an engine?

A Docker image is a read-only template that contains the instructions and files needed to create a container. An image can be based on another image or created from scratch using a Dockerfile. An image can be stored in a local or remote repository, such as Docker Hub.
A Docker container is a running instance of an image that is isolated from the host and other containers. A container can be started, stopped, restarted, killed, removed, or paused using Docker commands. A container can also be modified by adding or changing files, but these changes are not persisted unless the container is committed to a new image.
A Docker engine is the core component of Docker that manages the lifecycle of containers. It consists of a daemon process (dockerd) that runs on the host machine and communicates with the client (docker) through a REST API. The engine also uses various components such as drivers, plugins, networks, volumes, etc., to provide additional functionality for containers.

2. What is the difference between the Docker command COPY vs ADD?

The COPY command copies files or directories from the source on the host machine to the destination in the container’s filesystem. The source can be a file or directory relative to the build context or a URL. The destination can be an absolute or relative path in the container.
The ADD command also copies files or directories from the source to the destination, but it has some additional features. If the source is a URL, it will download and copy the file to the destination. If the source is a compressed file (such as tar, gzip, bzip2, etc.), it will automatically extract and copy its contents to the destination.

For example:

# Copy a file from the build context to /tmp/foo.txt in the container
COPY foo.txt /tmp/foo.txt

# Download and copy a file from a URL to /tmp/bar.txt in the container
ADD https://example.com/bar.txt /tmp/bar.txt

# Extract and copy the contents of a tar file from the build context to /tmp in the container
ADD baz.tar /tmp

3. What is the difference between the Docker command CMD vs RUN?

The RUN command executes a command during the build process and commits the result as a new layer in the image. The command can be either in shell form (RUN <command>) or exec form (RUN [“executable”, “param1”, “param2”]). The RUN command is often used to install packages, create directories, set environment variables, etc., in an image.
The CMD command specifies what command to run when a container is started from an image. The command can also be either in shell form or exec form. The CMD command can be overridden by providing a different command when running a container. The CMD command is often used to run an application or service in a container.

For example:

# Install curl and jq packages in an ubuntu image
RUN apt-get update && apt-get install -y curl jq

# Run a shell script when a container is started from this image
CMD ["./script.sh"]

4. How will you reduce the size of the Docker image?

There are several ways to reduce the size of the Docker image, such as:

Using a smaller base image or an alpine image that has minimal packages installed. For example, instead of using FROM ubuntu, you can use FROM alpine.
Combining multiple RUN commands into one to reduce the number of layers. For example, instead of having two separate RUN commands for updating and installing packages, you can have one RUN command that does both. You can also use && to chain multiple commands in one line and use \ to break long lines. For example:

RUN apt-get update && \
    apt-get install -y curl && \
    apt-get clean

Removing unnecessary files or packages after installing them with RUN commands. For example, you can use apt-get clean or rm -rf /var/lib/apt/lists/* to remove the cache files after installing packages with apt-get.
Using multi-stage builds to separate the build and runtime environments. This allows you to use different images for different stages of your application and copy only the necessary files from one stage to another. For example, if you have a Node.js application that requires some dependencies and tools for building, but only needs Node.js for running, you can use something like this:

# Use node:14 as build stage
FROM node:14 as build
WORKDIR /app
COPY package.json .
RUN npm install
COPY . .
RUN npm run build

# Use node:14-alpine as runtime stage
FROM node:14-alpine as runtime
WORKDIR /app
COPY --from=build /app/dist ./dist
EXPOSE 3000
CMD ["node", "dist/index.js"]

Using .dockerignore file to exclude unwanted files from the build context. This prevents Docker from sending unnecessary files to the daemon and reduces the size of the image. For example, if you have a Node.js application, you can create a .dockerignore file that contains:

node_modules
.git
*.log
*.md

5. Why and when to use Docker?

Docker is a useful tool for developing, testing, and deploying applications using containers. Some of the reasons and scenarios to use Docker are:

Docker makes it easy to create consistent and portable environments for applications that can run on any platform regardless of the underlying operating system.
Docker simplifies the process of packaging and distributing applications along with their dependencies, which reduces the risk of compatibility issues and errors.
Docker enables faster and more efficient development workflows by allowing developers to build, run, and debug applications locally using containers that mimic the production environment.
Docker improves the scalability and reliability of applications by allowing them to run in isolated and distributed containers that can be easily managed and orchestrated using tools such as Docker Swarm or Kubernetes.
Docker enhances the security of applications by providing features such as namespaces, cgroups, seccomp, AppArmor, etc., that limit the access and resources of containers.

6. Explain the Docker components and how they interact with each other.

Docker has three main components: the client, the daemon, and the registry.

The client (docker) is a command-line interface that allows users to interact with Docker. The client sends commands to the daemon (dockerd) through a REST API or a UNIX socket.
The daemon (dockerd) is a background process that runs on the host machine and manages the lifecycle of containers. The daemon also communicates with other daemons to coordinate tasks such as networking, storage, etc.
The registry (such as Docker Hub) is a service that stores and distributes images. The registry can be public or private. The daemon can pull images from or push images to a registry

7. Explain the terminology: Docker Compose, Dockerfile, Docker Image, Docker Container.

Docker Compose is a tool that allows users to define and run multi-container applications using a YAML file. Docker Compose simplifies the process of configuring and managing complex applications that have multiple components or services.
Dockerfile is a text file that contains the instructions and files needed to build a Docker image. A Dockerfile can be based on another image or created from scratch using a Dockerfile. A Dockerfile can have various commands such as FROM, RUN, COPY, ADD, CMD, etc., that specify how to build an image.
Docker Image is a read-only template that contains the instructions and files needed to create a container. An image can be stored in a local or remote repository, such as Docker Hub. An image can be pulled from or pushed to a repository using docker pull or docker push commands.
Docker Container is a running instance of an image that is isolated from the host and other containers. A container can be started, stopped, restarted, killed, removed, or paused using docker commands. A container can also be modified by adding or changing files, but these changes are not persisted unless the container is committed to a new image.

8. In what real scenarios have you used Docker?

This question is meant to test your practical experience with Docker and how you have applied it in your projects. There is no definitive answer to this question, but you can mention some examples of how you have used Docker for:

Developing and testing applications locally using containers that mimic the production environment
Building and deploying applications using continuous integration and continuous delivery pipelines with tools such as Jenkins, Travis CI, etc.
Running microservices-based applications that have multiple components or services that communicate with each other using networks
Scaling and managing applications using container orchestration tools such as Docker Swarm or Kubernetes
Securing and isolating applications using features such as namespaces, cgroups, seccomp, AppArmor, etc.

You can also provide some details about the challenges you faced and how you solved them using Docker.

9. Docker vs Hypervisor?

Docker and hypervisor are two different technologies that enable virtualization. Virtualization is the process of creating a software-based version of something (such as compute storage, servers, application, etc.) from a single physical hardware system.

The main difference between Docker and hypervisor is:

Docker uses container-based virtualization, which creates lightweight virtual environments at the application layer. Containers share the same operating system kernel as the host machine and use its resources directly. Containers are faster to start and stop, consume less memory and CPU, and have better performance than hypervisors.
Hypervisor uses hardware-based virtualization, which creates full-fledged virtual machines at the hardware layer. Virtual machines have their own operating system kernel and emulate the hardware devices of the host machine. Virtual machines are slower to start and stop, consume more memory and CPU, and have lower performance than containers.

The following diagram illustrates the difference between Docker and hypervisor:

10. What are the advantages and disadvantages of using docker

Docker has both advantages and disadvantages, depending on your needs and preferences. Some of the advantages of using docker are:

It allows you to create consistent and portable environments for applications that can run on any platform regardless of the underlying operating system.
It simplifies the process of packaging and distributing applications along with their dependencies, which reduces the risk of compatibility issues and errors.
It enables faster and more efficient development workflows by allowing developers to build, run, and debug applications locally using containers that mimic the production environment.
It improves the scalability and reliability of applications by allowing them to run in isolated and distributed containers that can be easily managed and orchestrated using tools such as Docker Swarm or Kubernetes.
It enhances the security of applications by providing features such as namespaces, cgroups, seccomp, AppArmor, etc., that limit the access and resources of containers.

Some of the disadvantages of using docker are:

It is still a relatively new technology that is evolving rapidly and may have some missing features, bugs, or compatibility issues with some systems or platforms.
It requires a learning curve to master its concepts, commands, and best practices, especially for beginners or non-technical users.
It may introduce some performance overhead due to overlay networking, interfacing between containers and the host system, etc., which may affect some applications that require high performance or low latency.
It may pose some challenges for data persistence and backup, as containers are ephemeral and do not store data unless they are attached to volumes or bind mounts. Data in containers may be lost when the container exits or is removed unless it is committed to a new image or backed up externally.

11. What is a Docker namespace?

A Docker namespace is a feature that provides isolation and control over the resources and processes of a container. It allows a container to have its own view of the system, such as its own network interfaces, process IDs, user IDs, file systems, etc. Docker uses several namespaces such as:

pid: To isolate the process IDs of a container from other containers or the host.
net: To isolate the network interfaces and stack of a container from other containers or the host.
ipc: To isolate the inter-process communication (IPC) resources of a container from other containers or the host.
mnt: To isolate the mount points of a container from other containers or the host.
uts: To isolate the hostname and domain name of a container from other containers or the host.
user: To isolate the user and group IDs of a container from other containers or the host.

12. What is a Docker registry?

A Docker registry is a repository that stores and distributes Docker images. It can be public or private. The default registry is Docker Hub, which is a public registry that hosts thousands of official and community images. Users can also create their own private registries using tools such as Docker Registry or Harbor. A Docker registry allows users to:

Push and pull images to and from the registry.
Tag and label images to identify them.
Search and browse images in the registry.
Manage access and security policies for images in the registry.

13. What is an entry point?

An entry point is an instruction that specifies the default command or arguments to run when a Docker container is started. It can be defined in two ways:

Using the ENTRYPOINT instruction in the Dockerfile, which sets a fixed command that cannot be overridden by the user.
Using the –entrypoint flag in the docker run command, which overrides the default entry point set in the Dockerfile.

The entry point can be combined with the CMD instruction to provide additional arguments to the command. For example, if the Dockerfile has:

ENTRYPOINT ["ping"]
CMD ["google.com"]

Then, when the container is started, it will run ping google.com by default. However, if the user specifies another argument, such as docker run image_name yahoo.com, then it will run ping yahoo.com instead.

14. How to implement CI/CD in Docker?

CI/CD stands for continuous integration and continuous delivery, which are practices that automate the testing and deployment of code changes. Docker can be used to implement CI/CD in various ways, such as:

Using Docker images as build artifacts that can be easily tested and deployed across different environments without changing the code or configuration.
Using Docker Compose to define and run multiple containers as a single service that can be integrated and delivered as a whole.
Using Docker Hub or other registries to store and distribute images that can be pulled and deployed by different teams or platforms.
Using tools such as Jenkins, Travis CI, GitHub Actions, etc. to create pipelines that automate the build, test, and deploy stages using Docker commands.

For example, here is a simple GitHub Actions workflow that builds a Docker image from a Dockerfile, pushes it to Docker Hub, and deploys it to Heroku:

name: CI/CD with Docker
on:
  push:
    branches: [ main ]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
      - name: Build and push image
        uses: docker/build-push-action@v2
        with:
          context: .
          file: ./Dockerfile
          push: true
          tags: ${{ secrets.DOCKER_HUB_USERNAME }}/my-app:${{ github.sha }}
      - name: Login to Heroku
        uses: akhileshns/heroku-deploy@v3.12.12
        with:
          heroku_api_key: ${{ secrets.HEROKU_API_KEY }}
          heroku_app_name: ${{ secrets.HEROKU_APP_NAME }}
          heroku_email: ${{ secrets.HEROKU_EMAIL }}
      - name: Deploy to Heroku
        run: |
          heroku container:login
          heroku container:push web --app ${{ secrets.HEROKU_APP_NAME }}
          heroku container:release web --app ${{ secrets.HEROKU_APP_NAME }}

15. Will data on the container be lost when the docker container exits?

Yes, by default, any data that is created or modified inside a container will be lost when the container exits or is removed. This is because the container’s file system is ephemeral and only exists for the lifetime of the container. To persist data beyond the container’s lifecycle, there are two options:

Using Docker volumes, which are directories that are created and managed by Docker outside the container’s file system. They can be mounted to one or more containers and can store data even after the containers are stopped or deleted.
Using bind mounts, which are directories that are located on the host machine and can be mounted to a container. They allow the container to access and modify data on the host machine.

16. What is a Docker swarm?

A Docker swarm is a cluster of Docker nodes that can be managed as a single entity. It allows users to orchestrate and scale multiple containers across multiple machines using simple commands. A Docker swarm consists of:

Manager nodes: The nodes that are responsible for maintaining the state and configuration of the swarm. They also accept commands from the user and delegate tasks to the worker nodes.
Worker nodes: The nodes that execute the tasks assigned by the manager nodes. They run the containers and report their status to the manager nodes.
Services: The units of work that define how many containers of a certain image should run in the swarm and how they should behave.
Tasks: The atomic units of work that represent a single container running in the swarm.

17. What are the docker commands for the following:

view running containers: docker ps
command to run the container under a specific name: docker run --name <container_name> <image_name>
command to export a docker: docker export <container_id> > <file_name>.tar
command to import an already existing docker image: docker import <file_name>.tar <image_name>
commands to delete a container: docker rm <container_id> or docker rm -f <container_id> to force delete a running container
command to remove all stopped containers, unused networks, build caches, and dangling images: docker system prune

18. What are the common docker practices to reduce the size of Docker Image?

Some of the common docker practices to reduce the size of Docker Image are:

Using a smaller base image or an alpine image that has minimal packages installed.
Combining multiple RUN commands into one to reduce the number of layers.
Removing unnecessary files or packages after installing them with RUN commands.
Using multi-stage builds to separate the build and runtime environments.
Using .dockerignore file to exclude unwanted files from the build context.

I hope this blog post helps you prepare for your next Docker interview. If you have any questions or feedback, please feel free to contact me on:

GitHub: https://github.com/ajitfawade
LinkedIn: https://www.linkedin.com/in/ajitfawade/

Thank you for reading! 😊