Post

Docker Interview Preparation Notes

Core Docker Concepts

Posted
By Sreeju KS
7 min read
Docker Interview Preparation Notes

What is the purpose of Docker?

Definition: Docker is a platform that packages applications and dependencies into lightweight, portable containers.

Key Points:

  • Ensures consistent application behavior across environments
  • Isolates applications from the underlying infrastructure
  • Simplifies deployment and scaling

What are the benefits of using Docker instead of directly deploying to the server?

Benefits:

  • Portability: Run anywhere that supports Docker
  • Consistency: Same environment in development and production
  • Isolation: Applications run in separate containers
  • Efficiency: Containers share OS kernel and use fewer resources
  • Version Control: Container images are versioned
  • Scalability: Easy to scale horizontally by adding containers

Dockerfile Instructions

What is the difference between ENTRYPOINT and CMD in Dockerfile?

Definition:

  • ENTRYPOINT: Defines the executable that will always run when a container starts
  • CMD: Provides default arguments for the ENTRYPOINT

Key Points:

  • ENTRYPOINT is fixed and cannot be overridden (unless using --entrypoint)
  • CMD provides default arguments that can be overridden at runtime
  • They can be used together for a flexible command structure

Example:

1
2
3
4
5
6
7

# Shell form
ENTRYPOINT /usr/bin/nginx
CMD ["-g", "daemon off;"]

# Exec form (preferred)
ENTRYPOINT ["nginx"]
CMD ["-g", "daemon off;"]

In this example, the container will always run nginx (ENTRYPOINT), with the default arguments -g daemon off; (CMD), unless different arguments are provided at runtime.

What does the ADD instruction do in a Dockerfile?

Definition: ADD copies files/directories from the host into the container with additional features.

Key Points:

  • Can extract local tar archives automatically
  • Supports URLs (downloads remote files)
  • More powerful but less predictable than COPY

Example:

1
2
3
4
5
6
7
8

# Copy a local file
ADD config.json /app/

# Extract a tar file
ADD app.tar.gz /usr/src/

# Download from URL
ADD https://example.com/file.txt /app/

What are the key instructions used in a Dockerfile?

Key Instructions:

  • FROM: Base image to build upon
  • RUN: Execute commands during build
  • CMD: Default command when container starts
  • ENTRYPOINT: Fixed command that always runs
  • COPY/ADD: Copy files into the container
  • ENV: Set environment variables
  • EXPOSE: Document ports the container will use
  • WORKDIR: Set working directory
  • USER: Set user for subsequent commands

Example:

1
2
3
4
5
6
7
8
9

FROM node:14
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
ENV NODE_ENV=production
EXPOSE 3000
USER node
CMD ["npm", "start"]

What is -t in the docker build command?

Definition: The -t option tags the image being built with a name and optional version.

Key Points:

  • Makes images easily identifiable
  • Format is typically name:tag or name:version

Example:

1

docker build -t myapp:1.0 .

If I specify EXPOSE 80 in a Dockerfile but run the container with -p 8080:8080, which port will work?

Answer: Port 8080 will work because -p actually maps ports while EXPOSE is just documentation.

Key Points:

  • EXPOSE doesn’t actually publish ports
  • -p argument overrides EXPOSE for external connections
  • The container will listen on port 8080, not 80

Example:

1
2

# Container listens on 8080, not 80 despite EXPOSE
docker run -p 8080:8080 myapp

Is the EXPOSE command required in a Dockerfile?

Answer: No, EXPOSE is not required.

Key Points:

  • EXPOSE is documentation, not a functional requirement
  • Helps document which ports the application uses
  • Enables -P flag to auto-map all exposed ports

Docker Networking

Can two containers communicate with each other?

Answer: Yes, containers on the same network can communicate.

Key Points:

  • Use container names as hostnames for DNS resolution
  • Must be on the same Docker network
  • Can use docker network connect to add containers to the same network

Example:

1
2
3
4

# Create a network and connect containers to it
docker network create mynetwork
docker run --name container1 --network mynetwork -d nginx
docker run --name container2 --network mynetwork -d alpine ping container1

Can you isolate a container in Docker so that it cannot communicate with another container?

Answer: Yes, by using separate networks.

Key Points:

  • Containers on different networks cannot communicate by default
  • Use --network flag to specify a network
  • The none network type completely disables networking

Example:

1
2
3
4
5
6
7
8

# Create two isolated networks
docker network create net1
docker network create net2

# Run containers on different networks
docker run --network net1 -d --name containerA nginx
docker run --network net2 -d --name containerB nginx
# These containers cannot communicate with each other

Types of networks in Docker & which is the default network?

Types of Docker Networks:

  • bridge: Default network with internal communication via IP
  • host: Uses host’s network stack directly (no isolation)
  • none: Disables all networking
  • overlay: Multi-host networking for Swarm mode

Default: bridge network

Example:

1
2
3
4
5
6
7
8
9
10
11

# See all networks
docker network ls

# Run with default bridge network
docker run -d nginx

# Run with host network
docker run --network host -d nginx

# Run with no network
docker run --network none -d nginx

Docker Build Behavior

When you build a Dockerfile with the same name

No Changes in Dockerfile:

  • Docker uses cached layers
  • No new image is created
  • The old image remains unchanged

Few Changes in Dockerfile:

  • Docker creates a new image with the same tag
  • Old image becomes untagged (dangling)
  • Cached layers are reused up to the first changed instruction

Dangling Images:

  • Untagged images not associated with containers
  • Remove with docker image prune

Example:

1
2
3
4
5

# Remove dangling images
docker image prune

# Force rebuild without cache
docker build --no-cache -t myapp .

Additional Important Docker Topics

What is the difference between Docker COPY and ADD instructions?

Definition:

  • Both copy files from host to container, but ADD has additional features

Key Points:

  • COPY is simpler and preferred for basic file copying
  • ADD can extract tar files and download from URLs
  • Best practice: Use COPY unless you specifically need ADD’s features

Example:

1
2
3
4
5

# Simple file copy (preferred for most cases)
COPY ./src /app/src

# vs ADD with its additional capabilities
ADD http://example.com/file.tar.gz /tmp/

What are Docker volumes and why are they important?

Definition: Volumes are Docker’s mechanism for persistent data storage that exists outside container lifecycle.

Key Points:

  • Persist data beyond container lifecycle
  • Can be shared between containers
  • Better performance than bind mounts
  • Managed by Docker

Example:

1
2
3
4
5
6

# Create and use a named volume
docker volume create mydata
docker run -v mydata:/app/data myapp

# Anonymous volume
docker run -v /app/data myapp

What is Docker Compose and when would you use it?

Definition: Docker Compose is a tool for defining and running multi-container Docker applications.

Key Points:

  • Uses YAML files to configure services
  • Manages entire application stack with a single command
  • Simplifies development and testing environments

Example:

1
2
3
4
5
6
7
8
9

# docker-compose.yml
version: '3'
services:
  web:
    build: .
    ports:
      - "5000:5000"
  redis:
    image: "redis:alpine"

What is the difference between Docker images and containers?

Definition:

  • Image: Read-only template used to create containers
  • Container: Running instance of an image

Key Points:

  • Images are blueprints, containers are the running applications
  • Multiple containers can run from the same image
  • Images are built, containers are run

Example:

1
2
3
4
5

# Pull an image
docker pull nginx

# Run container from the image
docker run -d --name mywebsite nginx

What are multi-stage builds in Docker?

Definition: A technique to create smaller production images by using multiple FROM statements in a Dockerfile.

Key Points:

  • Reduces final image size by excluding build tools
  • Improves security by minimizing attack surface
  • Simplifies build process

Example:

1
2
3
4
5
6
7
8
9

# Build stage
FROM node:14 AS build
WORKDIR /app
COPY . .
RUN npm ci && npm run build

# Production stage
FROM nginx:alpine
COPY --from=build /app/dist /usr/share/nginx/html

How do you handle secrets in Docker?

Definition: Docker secrets provide a way to securely manage sensitive data like passwords and API keys.

Key Points:

  • Encrypted at rest and in transit
  • Only accessible to services that need them
  • Better than environment variables for sensitive data

Example:

1
2
3
4
5

# Create a secret (Docker Swarm required)
echo "mysecretpassword" | docker secret create db_password -

# Use the secret in a service
docker service create --name mydb --secret db_password mysql

What are Docker Health Checks?

Definition: Instructions that tell Docker how to test if a container is working properly.

Key Points:

  • Allows Docker to monitor container health
  • Can automatically restart unhealthy containers
  • Improves reliability in production environments

Example:

1
2
3

# Add health check to Dockerfile
HEALTHCHECK --interval=30s --timeout=3s \
  CMD curl -f http://localhost/ || exit 1
devops, interview, questions
docker docker fundamentals cli commands
This post is licensed under CC BY 4.0 by the author.