Skip to main content
HashnodeDinesh's Blog

Command Palette

Search for a command to run...

Day 19 - Docker Interview Q&A

Updated
β€’4 min read
D
Dinesh Kumar K
Part of seriesDevOps

1. What is Docker?

Answer:
Docker is an open-source containerization platform used to build, package, and run applications inside lightweight, portable containers. It helps manage the entire lifecycle of containers β€” building images, running containers, pushing/pulling images from registries, etc.

You can add:
β€œIn my projects, I use Docker to write Dockerfiles, build images, run containers, optimize image size, and push artifacts to registries like Docker Hub/ECR.”

2. How are Containers different from Virtual Machines?

Answer:

ContainersVirtual Machines
LightweightHeavyweight
Share the host OS kernelHave full guest OS
Start in millisecondsStart in minutes
Only need application + dependenciesNeed OS + kernel + libraries
Image size is small (MBs)Large images (GBs)

Never say containers β€œdon’t have an OS” β€” correct answer is:
They include only minimal system libraries, not a full OS.

3. Explain the Docker Lifecycle.

Answer:
The Docker lifecycle includes:

  1. Write Dockerfile

  2. Build image β†’ docker build

  3. Run container β†’ docker run

  4. Tag & Push image to registry (Docker Hub, ECR, GCR)

  5. Pull image on any environment

  6. Manage containers (start/stop/remove/prune)

4. What are the main Docker components?

Answer:

  1. Docker Client (CLI) – sends commands

  2. Docker Daemon – core engine that executes actions

  3. Docker Images – read-only templates

  4. Docker Containers – running instances of images

  5. Docker Registry – stores images (Docker Hub, ECR, private registry)

Daemon is the β€œheart” of Docker β€” if it stops, Docker actions cannot be executed.

5. Difference between COPY and ADD in Dockerfile?

Answer:

  • COPY – Copies files/folders from local machine β†’ image (preferred)

  • ADD – Same as COPY + supports downloading from URL or auto-extracting archives.

Use COPY unless you specifically need ADD’s special features.

6. Difference between CMD and ENTRYPOINT?

Answer:

CMDENTRYPOINT
Provides default argumentsProvides main executable
Can be overridden using CLINot overridden by default
docker run image ls β†’ ls replaces CMDdocker run image ls β†’ ls becomes argument

Best practice: Use ENTRYPOINT for the main command and CMD for default arguments.

Example:

ENTRYPOINT ["python", "app.py"]
CMD ["--port", "8000"]

7. What are Docker networking types? What is the default?

Answer:

  1. bridge – default network for containers

  2. host – container shares host network

  3. overlay – used in multi-host (Swarm/Kubernetes)

  4. macvlan – container appears as a physical device on network

  5. none – no network

8. How do you isolate networking between containers?

Answer:
Create a custom bridge network:

docker network create secure_net
docker run --network secure_net ...

Containers on different networks cannot talk to each other unless explicitly connected.

9. What is a Multi-Stage Docker Build?

Answer:
It allows you to use multiple FROM statements and copy only the required build artifacts into the final image.

Why?

  • Reduces image size

  • Removes build tools from production image

  • Improves security

Example: Reduce image from ~800MB β†’ 1MB using scratch/alpine.

10. What are Distroless Images?

Answer:
Distroless images (e.g., gcr.io/distroless/...) are minimal images that contain only:

  • your application

  • required runtime dependencies

They do not contain:
❌ shell (sh, bash)
❌ package managers (apt, yum)
❌ OS utilities (ping, curl)

Benefit:
Extremely secure, tiny, no attack surface.

πŸ”₯ Real-Time Docker Challenges (Must-Know for Interviews)

1. Docker Daemon – Single Point of Failure

  • Docker daemon is one single process

  • If daemon crashes β†’ containers may stop or fail

Modern solution: Podman (daemonless, rootless).

2. Docker Daemon Runs as Root

  • By default, daemon runs with root privileges

  • If a container is compromised, host becomes vulnerable

Solution:

  • Use rootless Docker

  • Use Podman (runs fully rootless)

  • Always set USER in Dockerfile

3. Image Size Issues

  • Developers often install unnecessary tools

  • Leads to huge (GB-sized) images

  • Slow deploys, security risks

Solutions:

  • Multi-stage builds

  • Distroless images

  • Base images like alpine

4. Networking Misconfigurations

  • Wrong port mappings

  • Misuse of host network

  • Containers unintentionally communicating

Solution:
Custom networks & proper isolation.

5. Security Vulnerabilities

  • Using outdated base images

  • Running containers as root

  • Storing secrets inside images

Solution:

  • Scan images (Trivy, Anchore)

  • Use secrets manager

  • Use non-root user in Dockerfile

#devops#devops-articles#devops-journey#devopscommunity#docker#containers
1 views

DevOps

Part 14 of 50

In this series, I will explain about DevOps tools

Up next

Day 18 - Docker Networking

Bridge vs Host vs Overlay Networks Secure Containers Using Custom Bridge Network 1️⃣ Introduction β€” Why Docker Networking? Docker Networking (or container networking) enables communication: Between containers. Between containers and the host syst...

More from this blog

Dinesh's Blog

104 posts

Day 19 - Docker Interview Q&A