Docker Interview Master

Docker is an open-source platform that enables developers to build, deploy, run, update and manage containers. It standardizes software delivery by isolating ap...

A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing enviro...

A Docker image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, ...

An image is a read-only template with instructions for creating a container. A container is a runnable, working instance of an image.

Docker Engine is the core client-server application that builds and runs containers using Docker components. It consists of a server daemon running in the backg...

Docker Hub is a cloud-based registry service provided by Docker that allows you to link to code repositories, build your images, and test them, store manually p...

Docker uses a client-server architecture. The Docker client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your...

A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. Using docker build, you can create an...

Docker Compose is a tool for defining and running multi-container Docker applications. It uses a YAML file to configure application services, networks, and volu...

The `docker run` command is used to run a container from an image.

docker run -d -p 8080:80 nginx

You can check running containers using the `docker ps` command.

docker ps

Use `docker ps -a` to view all containers, regardless of their current state.

docker ps -a

Use the `docker stop` command followed by the container ID or name.

docker stop <container_id_or_name>

Use the `docker rm` command followed by the container ID or name.

docker rm <container_id_or_name>

Use the `docker rmi` command followed by the image ID or name.

docker rmi <image_id_or_name>

Use the `docker images` or `docker image ls` command to list all locally available Docker images.

docker images

Use the `docker pull` command followed by the image name.

docker pull ubuntu:latest

Docker Swarm is a clustering and scheduling tool for Docker containers. It allows you to manage multiple containers deployed across multiple host machines as a ...

VMs run a full guest operating system with virtual access to host resources. Docker containers share the host's OS kernel, making them much more lightweight, fa...

A volume is a persistent data storage mechanism used to persist data generated by and used by Docker containers, completely managed by Docker.

The `FROM` instruction initializes a new build stage and sets the Base Image for subsequent instructions. It must be the first valid instruction in a Dockerfile...

The `RUN` instruction executes any commands in a new layer on top of the current image and commits the results. The resulting image is used for the next step.

The `docker build` command builds Docker images from a Dockerfile and a context (a specific directory or URL).

docker build -t myapp:1.0 .

Use the `-p` or `--publish` flag with `docker run` to map a host port to a container port.

docker run -p 8080:80 myimage

The `docker exec` command allows you to run a new command in an already running container. Often used to open an interactive shell.

docker exec -it <container_id> /bin/bash

`ENTRYPOINT` configures a container that will run as an executable. `CMD` provides default arguments for an executing container. If used together, CMD arguments...

Namespaces provide the isolation for Docker containers. When you run a container, Docker creates a set of namespaces for it (PID, NET, IPC, MNT, UTS), restricti...

Control groups limit and isolate the resource usage (CPU, memory, disk I/O, network) of a collection of processes. Docker uses cgroups to allocate hardware reso...

`COPY` only supports the basic copying of local files into the container. `ADD` has additional features like extracting local tar files and downloading files fr...

Docker provides three default network drivers: `bridge` (default for standalone containers), `host` (container shares the host's networking), and `none` (no net...

A bridge network uses a software bridge which allows containers connected to the same bridge network to communicate, while providing isolation from containers n...

You can pass environment variables using the `-e` flag during `docker run` or by defining them in a `.env` file or `docker-compose.yml`.

docker run -e MY_VAR=value myimage

The `.dockerignore` file allows you to specify files and directories that should be excluded from the build context sent to the Docker daemon. This speeds up th...

You can use the `--scale` flag when running `docker-compose up` to run multiple instances of a specific service.

docker-compose up --scale web=3 -d

Dangling images are layers that have no relationship to any tagged images (shown as <none>). You remove them using `docker image prune`.

docker image prune -f

Bind mounts map a specific absolute path on the host to the container. Volumes are completely managed by Docker and stored in a specific host directory. Volumes...

`EXPOSE` functions as documentation between the person who builds the image and the person who runs the container, declaring which ports the container will list...

Use the `docker logs` command followed by the container ID or name to view stdout/stderr output.

docker logs -f <container_name>

Multi-stage builds allow you to use multiple `FROM` statements in a Dockerfile. You can selectively copy artifacts from one stage to another, leaving behind eve...

Use `docker exec` to start a new process in a running container.

docker exec -it <container_name> ls -lah /app

Data stored in the container's writable layer persists when the container stops but is lost if the container is removed. Volumes should be used for persistent d...

Labels are a mechanism to apply metadata to Docker objects, including images, containers, local daemons, volumes, and networks.

Use restart policies like `--restart=always`, `--restart=on-failure`, or `--restart=unless-stopped` when running the container.

docker run -d --restart always nginx

This command deletes all stopped containers, unused networks, dangling images, and build cache to free up disk space.

docker system prune -a --volumes

From Docker 18.03 onwards, containers can use `host.docker.internal` (on Mac/Windows) to resolve to the host machine's internal IP address.

An overlay network connects multiple Docker daemons together and enables swarm services or standalone containers to communicate securely across different networ...

`docker run` creates a *new* container from an image and starts it. `docker start` simply starts an *existing* stopped container without recreating it.

Use the `-f` or `--file` flag during the `docker build` process.

docker build -f Dockerfile.prod -t myapp:prod .

A dangling volume is a volume not attached to any container. They can be cleaned up using `docker volume prune`.

Use the `docker inspect` command to return low-level information on Docker objects in JSON format.

docker inspect <container_id>

Docker steps through instructions in the Dockerfile, executing each. For each step, it checks its cache for an existing image resulting from the same base image...

Each `RUN`, `COPY`, and `ADD` instruction creates a new layer, which increases the overall image size and build/push/pull time. Combining multiple commands usin...

User namespace remapping allows you to map the root user inside a container to a non-root user on the host. This mitigates the risk of a container breakout wher...

Storage drivers control how images and containers are stored and managed on your Docker host. They use a union filesystem (like overlay2, btrfs, zfs). `overlay2...

Docker Compose allows defining secrets using the `secrets` top-level block. These secrets are mounted as files in `/run/secrets/` inside the container, avoiding...

Containers should handle `SIGTERM` signals correctly. By default, `docker stop` sends `SIGTERM`, waits 10s, and then sends `SIGKILL`. Your app must handle `SIGT...

A node is an instance of the Docker engine participating in the swarm. You have Manager nodes (which orchestrate and manage cluster state) and Worker nodes (whi...

Run a temporary container, mount the data volume, and mount a host directory. Then use `tar` to archive the contents of the data volume to the host directory. R...

DCT gives you the ability to use digital signatures for data sent to and received from remote Docker registries. It ensures image integrity, allowing the docker...

Utilize `--cache-from` to use pre-built images as cache sources. Use Docker Buildkit (`DOCKER_BUILDKIT=1`) for parallel execution and better caching. Maximize c...

BuildKit is an improved build backend designed to be more efficient, cache-friendly, and secure. Features include concurrent build steps, skipping unused stages...

`HEALTHCHECK` tells Docker how to test a container to check that it is still working. This allows detecting cases such as a web server that is stuck in an infin...

Use flags like `--cpus` and `-m` or `--memory` during `docker run` to restrict resources using namespaces/cgroups.

docker run -it --cpus=".5" --memory="256m" ubuntu /bin/bash

Zombie processes remain in the system's process table after terminating because the parent process hasn't read their exit status. Use an init process like `tini...

Pass the `--dns` flag to `docker run` to override the default DNS resolution settings.

docker run -d --dns 8.8.8.8 nginx

`scratch` is an explicitly empty image, mainly used as a base for completely self-contained statically linked binaries (like Go applications), producing the sma...

Docker contexts allow you to easily manage multiple environments (like local Docker, remote servers, Kubernetes) and switch between them seamlessly using `docke...

Check the exit code and logs (`docker logs`). Often the main process exited because of an error, or the `ENTRYPOINT/CMD` script completed its execution (e.g. `C...

`docker-compose up` builds, (re)creates, starts, and attaches to all containers. `docker-compose run` creates and starts a one-off container for a specific serv...

`docker wait` blocks until one or more containers stop, then prints their exit codes. Useful for CI/CD scripting.

Macvlan allows you to assign a MAC address to a container, making it appear as a physical device on your network. Useful for legacy applications that expect to ...

`ARG` variables are only available during the `docker build` process and are not passed fully into the final image. `ENV` variables persist and are available du...

Docker uses CoW for image layers. When an existing file in a lower read-only layer is modified by a container, Docker copies the file up to the container's writ...

By using Docker logging drivers. You can configure logging drivers like `json-file` (default), `syslog`, `fluentd`, `awslogs`, or `splunk` either at the daemon ...

`ONBUILD` adds a trigger instruction to an image that will be executed later, when the image is used as the base for another build. Useful for building language...

Inspect the specific container and filter for the IP address.

docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <container_id_or_name>

Use `docker system prune` with the `-a` and `--volumes` flags.

docker system prune -a --volumes -f

Alpine Linux typically uses `sh` instead of `bash`. Use `docker exec`.

docker exec -it <container_name> /bin/sh

Use the `-f` flag to point to the specific file, and set the correct build context.

docker build -f src/build.docker -t myapp src/

Use the `docker cp` command.

docker cp mycontainer:/var/log/app.log ./app.log

Use `docker kill`, which immediately sends a `SIGKILL` instead of the graceful `SIGTERM`.

docker kill <container_name>

Use `docker logs` with the `--tail` flag.

docker logs --tail 20 <container_name>

Use the `--rm` flag with `docker run`.

docker run --rm ubuntu ls -lah

Pass the `--build` flag to `docker-compose up`.

docker-compose up -d --build --force-recreate

Use the `docker save` command.

docker save -o myimage.tar myimage:latest

Use the `docker load` command.

docker load -i myimage.tar

Use `docker update` on a running container.

docker update -m 512m <container_name>

Use the `docker stats` command.

docker stats

Run it with `--rm` and `-it`.

docker run -it --rm redis redis-cli

Use a bind volume mount mapping your local directory to the container directory.

docker run -v $(pwd)/src:/app/src -p 3000:3000 myreactapp

Use `docker exec` to run the `env` command.

docker exec <container_name> env

Use the `docker diff` command. It lists altered, added, and deleted files.

docker diff <container_name>

Use the `docker commit` command.

docker commit <container_name> mynewimage:v1

Use the `docker history` command.

docker history myimage:latest

Use `docker ps` with the `-q` (quiet) flag.

docker ps -q

Pass the output of `docker ps -q` to `docker stop`.

docker stop $(docker ps -q)

Use the `docker-compose config` command to validate and view the complete configuration.

docker-compose config

Use the `docker service ps` command.

docker service ps <service_name>

Bind mount `/var/run/docker.sock`. (Note: This has massive security implications).

docker run -v /var/run/docker.sock:/var/run/docker.sock myimage

Use the `--format` flag with Go templates.

docker ps --format "{{.Names}}: {{.Status}}"