Code360 powered by Coding Ninjas X Naukri.com. Code360 powered by Coding Ninjas X Naukri.com
Table of contents
1.
Introduction
2.
Docker Interview Questions
2.1.
1. Explain the main difference between Swarm and Kubernetes.
2.2.
2. Is it possible to run Kubernetes on Docker EE 2.0 platform?
2.3.
3. Can you use Docker Compose to build a Swarm / Kubernetes Cluster?
2.4.
4. What does the command 'docker stack deploy' mean?
2.5.
5. Write down the major components of Docker EE 2.0?
2.6.
6. Describe the concept of HA under Swarm Mode?
2.7.
7. Can you explain what Routing Mesh is under Docker Swarm Mode?
2.8.
8. Is Routing Mesh a Load Balancer?
2.9.
9. Is it possible to use MacVLAN under Docker Swarm Mode? What features does it offer?
2.10.
10. What are the Docker secrets, and why are they necessary
2.11.
11. How to scale your Docker containers?
2.12.
12. What is a .dockerignore file?
2.13.
13. Is it possible to run multiple processes inside a single Docker container?
2.14.
14.  How does the connection between the Docker client and the Docker daemon come about?
2.15.
15. What do you understand by Docker Namespace?
2.16.
16. Why is Docker Monitoring significant?
2.17.
17. What is –memory-swap flag?
2.18.
18. How to view the status of a Docker Container?
2.19.
19. What are the different types of mounts available in Docker?
2.20.
20. What is the preferred way of removing containers- 'docker rm -f' or 'docker stop' followed by a 'docker rm'?
2.21.
21. List the reasons why Container Networking is so important?
2.22.
22. What is the difference between "expose" and "publish" in Docker?
2.23.
23. Which is better- Docker Compose vs. Dockerfile?
2.24.
24. How to control the startup order of services in Docker compose?
2.25.
25. What is an orphan volume, and how can we remove it?
2.26.
26. What is Paravirtualization?
2.27.
27. How to use Docker with multiple environments?
2.28.
28. How do containers work at a lower level?
2.29.
29. Can you create containers outside their PID name area?
2.30.
30. Can you explain the instructions of the docker file ONBUILD?
3.
Frequently Asked Questions
3.1.
What are the 4 states of Docker container?
3.2.
What is Docker best used for?
3.3.
What is Docker and why it is used?
4.
Conclusion
Last Updated: May 28, 2024
Medium

Docker Interview Questions

Author Mehak Goel
0 upvote
Master Power BI using Netflix Data
Speaker
Ashwin Goyal
Product @
18 Jun, 2024 @ 01:30 PM

Introduction

Docker first started in 2013 and soon became a big hit by the end of 2017, with over 8 billion container image downloads. As its demand increased, so did the number of job openings for people in this field. Today, many fortune 500 companies, such as Adobe, Netflix, Paypal, etc., use Docker to build their applications. 

Docker Interview Questions

Keeping in mind the relevance of Docker, we shall now see some Docker interview questions.

Also See, Pandas Interview Questions

Docker Interview Questions

1. Explain the main difference between Swarm and Kubernetes.

Ans: The main difference between Swarm and Kubernetes are:

Swarm Kubernetes
Applications are used in the form of services (or “microservices”) in the Swarm collection. Docker Compose is a widely used tool for installing an app.Applications are deployed in the form of a combination of deployments, pods, and services (or “microservices”).
Docker Swarm supports updated features. During the release, you can apply the outgoing updates to the services. Swarm Manager allows you to manage delays between service delivery on different nodes, thus updating only one task at a time.Under Kubernetes, the feed controller supports both "refresh" and "re-create" techniques. Moving updates may specify a many unavailable pods or a large number of active ones during the process.
The Autoscaling feature is not present both in  Docker Swarm (Classical) or Docker Swarm.This feature is available under K8s. It uses a simple number of targeted pods that are defined by disclosure using the transmission. Targeted CPU-per-pod usage is available.

Under Docker Swarm Mode, the node that joins the Docker Swarm collection creates a comprehensive network of services that includes all strangers to Swarm and the only Docker bridge network of containers.

By default, the nodes in the Swarm encrypt control overlay collection and the traffic control between them. Users can choose to encrypt container data traffic when creating an overlay network themselves.

Under the K8s, the communication model is a flat network, which enables all pods to connect. Network policies specify how pods connect. A flat network is often used as an overlay.

Under the K8s, the communication model is a flat network, which enables all pods to connect. Network policies specify how pods connect. A flat network is often used as an overlay.

2. Is it possible to run Kubernetes on Docker EE 2.0 platform?

Ans: Yes, it is possible to use Kubernetes under the Docker EE 2.0 platform. Docker Enterprise Edition (EE) 2.0 is the only platform that manages and protects applications on Kubernetes in multi-Linux, multi-OS, and cloud-based client environments. As a complete platform that integrates and scales with your organization, Docker EE 2.0 offers you great flexibility and choice over the types of supported applications, orchestrators used, and where it is used. It also empowers organizations to deploy Kubernetes more quickly with streamlined workflows and helps you deliver secure applications with integrated security solutions.

3. Can you use Docker Compose to build a Swarm / Kubernetes Cluster?

Ans: Yes, you can deploy a stack on Kubernetes with the docker-compose.yml file, docker stack deploy command and the stack's name.

Example:

 $ docker stack deploy --compose-file /path/to/docker-compose.yml mystack
 $ Docker stack services mystack

 

You can see the service used by the Bectl get services commands.

 $ kubectl find svc, po, deploy

4. What does the command 'docker stack deploy' mean?

Ans: 'Docker stack deploy' is a command to deploy a new stack or update an existing stack. Stack is a collection of services used to build an application in a specific environment. A stack file in the YAML format describes one or more services, similar to the docker-compose.yml file of Docker Compose but with a few extensions. This is one of most important Docker interview questions.

5. Write down the major components of Docker EE 2.0?

Ans: Docker EE is more than just a container orchestration solution; it is a complete solution for managing the life cycle of modernization of traditional applications and minimal services across a wide range of infrastructure platforms. It is a Containers-as-a-Service (CaaS) platform for IT that manages and protects different applications across a wide range of infrastructure, both on-premises and in the cloud. Docker EE provides an integrated, tested, and certified platform for applications running on Linux business or Windows operating systems and cloud providers. It is robustly integrated with basic infrastructure to provide a traditional and easy-to-install experience.

Docker EE 2.0 GA contains three main components that enable a complete series of software delivery, from image creation to secure image storage to secure image deployment.

  1. Universal Control Plane 3.0.0 (application and collection management) - Uses applications from images by managing orchestrators, such as Kubernetes and Swarm. UCP is designed for high availability (HA). You can join multiple UCP manager nodes in a collection, and if one administrator node fails, the other automatically takes its place without any impact on the collection.
  2. Docker Trusted Registry 2.5.0 - A solution for production-grade image storage.
  3. EE Engine 17.06.2- Commercially based Docker Engine for creating images and running them in Docker containers.

6. Describe the concept of HA under Swarm Mode?

Ans: HA means High Availability. It is a feature where you have multiple versions of your apps that work in parallel to manage additional load or failure. These two paradigms fit neatly into Docker Swarm, a built-in orchestrator that comes with Docker. Using your apps like this will improve the uptime for users.

To create a highly accessible container in Docker Swarm, we need to supply docker service to swarm with nginx image. This can be done with the help of the docker swarm create command as described below.

# docker service create --name nginx --publish 80:80 nginx

7. Can you explain what Routing Mesh is under Docker Swarm Mode?

Ans: Routing Mesh is a feature that uses Load Balance concepts and provides a global publishing port for a specified service. Routing mesh makes use of load balancing and port based service discovery. Therefore in order to access any service from outside, you need to export ports and access them using the Published Port.

Docker Engine swarm mode makes it simple to publish service ports to make them available to resources outside Swarm. All nodes participate in the ingress routing mesh. The router mesh enables each node in the swarm to accept connections to ports published in any swarm running service, even if there is no work in place. The route mesh transports all incoming requests to ports published in nodes available in the active container.

8. Is Routing Mesh a Load Balancer?

Ans: Routing Mesh is not a Load Balancer. It uses LB concepts and provides a global publishing port for the service provided. Route mesh uses port-based service discovery and load balancing. Therefore, to access any service from outside the collection, you need to export the holes and access them using the Published Port.

In simple terms, if you had three swarm locations, A, B, and C, and a service that runs on nodes A and C and is assigned to node port 30000, this would be accessible to any of the three swarm locations in -port 30000 no matter what, even if the service is running on that machine and automatically load balances between 2 active containers.

9. Is it possible to use MacVLAN under Docker Swarm Mode? What features does it offer?

Ans: Starting with the release of Docker CE 17.06, Docker provides support for local Swarm networks. This includes any local scope network driver. Other examples of this are the bridge, host, and macvlan although any local scope network driver, built-in or plug-in, will work with Swarm. Previously only swarm scope networks such as overlay were supported.

MACVLAN offers many unique features and capabilities. It has good performance results due to its very simple and lightweight architecture. Operating conditions include shallow latency applications and network configurations that require containers to be on the same subnet and use IPs as an external host network. Macvlan driver uses the concept of parent interface. This link can be an eth0-like interface, an 802.1q VLAN virtual connector labeled as eth0.10 (.10 representing VLAN 10), or a hosted adapter that combines two Ethernet connections into a single logical connection. This is one of most important Docker interview questions.

10. What are the Docker secrets, and why are they necessary

Ans: In Docker, there are three critical elements to container security, and together they lead to naturally safer operating systems. They are providing usable security, infrastructure independence, and trusted delivery.

Docker Secrets is a container solution that strengthens the Trusted Delivery section of container security by integrating a private distribution directly into the container field. By integrating secrets into Docker orchestration, we can provide a solution to the privacy issue that follows these principles.

11. How to scale your Docker containers?

Ans: We can scale Docker containers to any level, from a few hundred to even thousands or millions of containers. The only context is that the containers need memory and OS at all times, and there should be no obstacle to this when Docker is getting scaled.

12. What is a .dockerignore file?

Ans: Like the .gitignore file, we have Dockerignore files that allow you to specify a list of files and/or references that you may want to ignore while creating an image. This will reduce the image size and help speed up the docker creation process.

Before the CLI docker sends the content to the Docker daemon, it looks for a file named .dockerignore in the root directory. If this file exists, CLI modifies the context to extract files and references that match its patterns. This helps avoid unnecessarily sending large or sensitive files and references to the daemon and possibly adding them to images using ADD or COPY.

13. Is it possible to run multiple processes inside a single Docker container?

Ans: Yes, you can use most processes within the Docker container but this method is not recommended. Generally, you separate the areas of concern by using one service per container. For maximum performance and separation, each container must face a specific area of ​​concern. However, if you need to use multiple resources within a single container, you can try using tools like Supervisor.

The supervisor is a moderately complex system that requires you to integrate the suvervisord and its configuration into your image and various applications it manages. Then we start the suvervisord, which manages your processes.

14.  How does the connection between the Docker client and the Docker daemon come about?

Ans: The connection between the Docker client and the Docker daemon takes place with the help of a combination of TCP, Rest API, and Socket.IO.

15. What do you understand by Docker Namespace?

Ans: A namespace is one of the Linux features and an essential concept of containers. A namespace is used to add a layer of isolation in containers. Docker provides various namespaces not to affect the underlying host system and to stay portable. Few namespace types supported by Docker —  IPC, PID, Mount, User, Network. This is one of most important Docker interview questions.

16. Why is Docker Monitoring significant?

Ans: Monitoring helps to identify issues proactively that would help to prevent system outages. The monitoring time-series data provide insights to fine-tune applications for robustness and better performance. With complete monitoring in place, changes could be rolled out safely as issues will be caught early on and be resolved quickly before they transform into a root cause for an outage. The changes are inherent in container-based environments, and the impact of that too gets monitored indirectly. 

17. What is –memory-swap flag?

Ans: The –memory-swap is a modifier flag that only has meaning if –memory is also set. Using swap enables the container to write excess memory requirements to disk when the container has exhausted all the RAM available to it. There is also a performance penalty for applications that swap memory to disk often.

18. How to view the status of a Docker Container?

Ans: Created, running, paused, exited, dead- these are the possible states for a Docker container to be in.

Using the following command, you can view the states of the container at any instance:

$docker ps

The above command is used to list down only running containers by default. When we want to look for all containers, we use the following command:

$ docker ps-a

 

19. What are the different types of mounts available in Docker?

Ans: The different types are:

  1. Blind mounts: These can be stored anywhere on the host system.
  2. Volume mounts: Docker manages them and is stored in a part of the host filesystem.
  3. tmpfs mount: They are stored in the host system's memory. These mounts can never be written to the host's filesystem.

20. What is the preferred way of removing containers- 'docker rm -f' or 'docker stop' followed by a 'docker rm'?

Ans: The preferred way of removing containers from Docker is to use the 'docker stop,' as it will allow sending a SIG_HUP signal to ita recipients, giving them the required time to perform all the finalization and cleanup tasks. Once this activity is completed, we can then comfortably remove the container using the 'docker rm' command from Docker and update the docker registry. This is one of most important Docker interview questions.

21. List the reasons why Container Networking is so important?

Ans: The reasons are:

  1. Containers need to communicate to the external world.
  2. Inter-container connectivity in the similar host and across hosts.
  3. Find services provided by containers automatically.
  4. Reach Containers from the external world to use the service that Containers provide.
  5. Allows Containers to communicate to host machine.
  6. Supply secure multi-tenant services.

22. What is the difference between "expose" and "publish" in Docker?

Ans: In Docker networking, there two different mechanisms directly involve network ports: publishing and exposing ports. This applies to the user-defined bridge networks and default bridge network.

Exposing ports is a method of documenting which ports are used but does not map or open any ports. Exposing ports is optional. You can expose ports using the EXPOSE keyword in the Dockerfile or the --expose flag to the docker run. 

For example: Dockerfile

EXPOSE 3000

 

You can publish ports using the  --publish-all or  --publish flag to docker run. This notifies Docker which ports to open on the container's network interface.

For example:

docker run -d -p 3000 <image_id>

 

23. Which is better- Docker Compose vs. Dockerfile?

Ans: A Dockerfile is a text document that includes all the Instructions/commands a user could use to call on the command line to assemble an image. With the help of Docker build command user can build an image from a Dockerfile.

Example:

FROM centos:latest
LABEL maintainer="collabnix"
RUN yum update -y && \
yum install -y httpd net-tools && \
mkdir -p /run/httpd 
EXPOSE 80
ENTRYPOINT apachectl "-DFOREGROUND"


Docker Compose is a tool for running and defining Docker applications with multiple containers. With the help of compose, you are using the YAML file to configure your application resources. After this, you create and launch all services from your configuration with one command. By default, docker-compose awaits file name as docker-compose.yml or docker-compose.yaml

Example:

version: '3'
services:
  web:
    build: .
    ports:
    - "5000:5000"
    volumes:
    - .:/code
    - logvolume01:/var/log
    links:
    - redis
  redis:
    image: redis
volumes:
  logvolume01: {}

24. How to control the startup order of services in Docker compose?

Ans: Compose, without exception starts and stops containers in dependency order. The dependencies are determined by volumes_from, depends_on, links, and network_mode: "service:...".

For Example: to use wait-for or wait-for-it.sh to wrap your service's command, the sample code is:

version: "2"
services:
  web:
    build: .
    ports:
      - "80:8000"
    depends_on:
      - "db"
    command: ["./wait-for-it.sh", "db:5432", "--", "python", "app.py"]
  db:
    image: postgres

25. What is an orphan volume, and how can we remove it?

Ans: To view a list of the dangling volumes, the user can run:

docker volume ls -qf dangling=true

 

Here, with the help of docker volume ls, you can lists the volumes and with -qf list only the ids along with filter on dangling=true.

We will pass them into the docker volume rm function to delete these volumes. This function takes a volume id or list of ids. 

The last command is:

docker volume rm $(docker volume ls -qf dangling=true)

26. What is Paravirtualization?

Ans: Paravirtualization is said to be a computer hardware virtualization technique that allows virtual machines (VMs) to have a virtual interface similar to host computers. This process improves VM performance by optimizing the guest operating system (OS).

The guest OS is modified with paravirtualization, so it knows it works in a virtual environment over a hypervisor (VM-enabled hardware) and not on virtual hardware.

Paravirtualization

27. How to use Docker with multiple environments?

Ans: In the life cycle of software development, there may be small areas of deployment environment such as development and production. However, there may be many such as development, integration, testing, stage and production.

Docker Compose is a Docker compatible tool used to connect multiple containers by configuration. Composing will require only one docker-compose.yaml file that describes everything from build-time to run-time and one docker-compose up command.

For Example:

FROM node:8-alpine

WORKDIR /usr/src/your-app

COPY package*.json ./

RUN if [ "$NODE_ENV" = "development" ]; \
then npm install; \
else npm install --only=production; \
fi

COPY . .

 

Development command:

docker-compose -f docker-compose.yml -f docker-compose.dev.yml up

 

Production command:

docker-compose -f docker-compose.yml -f docker-compose.prod.yml up

28. How do containers work at a lower level?

Ans: Containers are operated using Linux namespaces and clusters. Namespaces allow you to virtualize system resources, such as the file system or the network of each container. On the other hand, cgroups allows a way to limit the number of resources, such as CPU and memory, each container can use. In the main areas, run times for low-level containers are responsible for setting up these word spaces and container collections and then running commands within those areas of names and collections.

29. Can you create containers outside their PID name area?

Ans: Docker automatically creates a new PID name for each container. The container name PID separates processes in that container from processes in other containers.

Except for the PID namespace, processes running within the container may share the same ID space as those in other hosts or containers. The process in the container will be able to determine what other processes were working on the hosting machine.

30. Can you explain the instructions of the docker file ONBUILD?

Ans: The ONBUILD instruction is used to add a trigger instruction on the image to be used later, when the image is used as the base for building another image. The trigger will be performed in the context of the downstream build as if it had been installed immediately after the FROM instruction in the downstream Dockerfile.

This is helpful if you create an image that will be used as a base to build another image. For example, a daemon or an application build environment or may be customized with a user-specific configuration.

For example:

ONBUILD ADD . /app/src
ONBUILD RUN /usr/local/bin/python-build --dir /app/src
Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job
Bootcamp

Frequently Asked Questions

What are the 4 states of Docker container?

The docker container has various states through which it goes through its lifecycle. These stages are created, running, restarted, exited, paused, and dead. The four stages that docker goes primarily are created, running, paused, and exited. 

What is Docker best used for?

Docker is best used for developers to automate tasks using containers. It helps the developers to deploy, run, debug, and develop the application through containers. Docker containers help to provide flexibility and scalability for the applications. 

What is Docker and why it is used?

Docker is a software platform that helps in building up the application through the containers. It helps in the rapid development and utilization of resources for the application. Docker also helps to provide portability and versatility to the application. 

Conclusion

The article discussed frequently asked Docker interview questions. You may even check out our Interview Preparation Course to level up your programming journey and get placed at your dream company. 

Recommended Reading:

Refer to our guided paths on Coding Ninjas Studio to learn more about DSA, Competitive Programming, System Design, JavaScript, etc. Enroll in our courses, refer to the mock test and problems available, interview puzzles, and look at the interview bundle and interview experiences for placement preparations.

We hope that this blog has helped you increase your knowledge regarding AWS CloudWatch, and if you liked this blog, check other links. Do upvote our blog to help other ninjas grow.

Previous article
Top HR Interview Questions for Freshers(2023)
Next article
Top SAP MM Interview Questions (2024)
Live masterclass