🐳 Docker Interview Questions & Answers (2025)
Basic Level Questions
What is Docker?▶
Docker is an open-source platform for developing, shipping, and running applications using containerization technology, which packages software with its dependencies for consistent execution.
What is a Docker container?▶
A Docker container is a lightweight, standalone, executable package that includes an application and all its dependencies, sharing the host OS kernel but isolated using namespaces and cgroups.
What is a Docker image?▶
A Docker image is a read-only template containing application code, libraries, and dependencies, used to create Docker containers.
What is a Dockerfile?▶
A Dockerfile is a text file with instructions to build a Docker image automatically.
What are the main components of Docker?▶
Docker Engine (daemon), Docker CLI, Docker Images, Docker Containers, and Docker Registries (like Docker Hub).
How does Docker differ from a virtual machine?▶
Docker containers share the host OS kernel and run isolated processes, making them lightweight and fast to start, unlike VMs which include a full guest OS and are heavier.
What is Docker Hub?▶
Docker Hub is a public cloud-based registry for sharing Docker images.
How do you list running Docker containers?▶
Using the command
docker ps.How do you stop a running container?▶
By running
docker stop [container_id].How to start a container from an image?▶
Using
docker run [image_name] command.Intermediate Level Questions
What is the difference between CMD and ENTRYPOINT in Dockerfile?▶
CMD provides default parameters for a container at runtime and can be overridden; ENTRYPOINT configures a container that will run as an executable, and arguments passed at runtime are appended.
Explain Docker volumes.▶
Docker volumes are a preferred mechanism for persistent or shared data in containers, independent of container lifecycle.
What is Docker networking?▶
Docker networking enables communication between containers and between containers and the external world using bridge, host, overlay, or macvlan networks.
What are namespaces in Docker?▶
Namespaces provide isolation for containers, including PID, Network, Mount, UTS, IPC, and User namespaces.
How does Docker provide container isolation?▶
Docker uses Linux kernel features such as namespaces and control groups (cgroups) to isolate containers and control their resource usage.
What is Docker Compose?▶
Docker Compose is a tool for defining and running multi-container Docker applications using a YAML file to specify services, networks, and volumes.
What is the purpose of Docker Swarm?▶
Docker Swarm is Docker’s native clustering and orchestration solution for managing a cluster of Docker hosts as a single virtual system.
How can you reduce Docker image size?▶
By using smaller base images, multi-stage builds, minimizing layers, and cleaning cache and temporary files in the Dockerfile.
How do you handle environment variables in Docker?▶
Environment variables can be set using the
ENV instruction in Dockerfile or passed at container runtime using the docker run -e flag.What is Docker content trust?▶
Docker Content Trust enables the use of digital signatures for data sent to and received from Docker registries, ensuring image authenticity and integrity.
How do you view logs of a running container?▶
Using the command
docker logs [container_id].What is the difference between a bind mount and a volume?▶
Bind mounts are file or directory mounts from the host’s filesystem; volumes are managed by Docker and are preferred for portability and better storage management.
Explain Layered filesystem concept in Docker.▶
Docker images are composed of layers where each command in a Dockerfile adds a read-only layer, enabling caching and reusability.
What is the role of cgroups in Docker?▶
cgroups limit and prioritize resource usage (CPU, memory, disk I/O) among containers to prevent resource contention.
How do you connect Docker containers?▶
Containers can communicate via user-defined networks, the default bridge network, or host networking modes depending on isolation and performance needs.
What happens when you run
docker rm -f on a container?▶Force removes the container, stopping it if it is running and deleting its filesystem and resources.
How do you secure Docker containers?▶
By using minimal base images, running containers with least privilege, applying security patches, using Docker Content Trust, and network segmentation.
What is Docker caching and why is it useful?▶
Docker caches image layers during builds, preventing rebuilding unchanged layers and speeding up the build process.
Explain how to update a running Docker container.▶
Containers are immutable; to update, build a new image with changes and recreate containers from the updated image.
What is the use of health checks in Docker?▶
Health checks monitor the status of a containerized application, allowing automated restarts or alerts if the application becomes unhealthy.
Advanced Level Questions
What is Docker Swarm and how does it work?▶
Docker Swarm is Docker’s native orchestration platform that manages a cluster of Docker nodes, providing load balancing, service discovery, and scaling of containers.
How does Docker integrate with Kubernetes?▶
Docker can be used as a container runtime within Kubernetes, which provides powerful container orchestration with features like automated scaling and rolling updates.
Explain Docker multi-stage builds.▶
Multi-stage builds allow using intermediate images to reduce final image size by including only build artifacts and excluding unnecessary dependencies.
What is Docker Content Trust and Notary?▶
Docker Content Trust uses Notary to sign and verify Docker images, ensuring image provenance and integrity.
Describe Docker networking modes.▶
Docker supports bridge, host, overlay, macvlan, and none network modes, each providing different isolation and connectivity options.
How do you scan Docker images for vulnerabilities?▶
Use tools like Docker scan (powered by Snyk), Clair, or Trivy to analyze images for CVEs and security issues.
What is an overlay network in Docker?▶
Overlay networks enable communication between containers running on different Docker hosts in a cluster.
Explain the role of namespaces in Docker security.▶
Namespaces isolate containers’ resources such as process IDs, network, and user IDs, ensuring containers only see their own environment.
How does container orchestration help in managing Docker deployments?▶
Orchestration automates deployment, scaling, networking, and health management of containerized applications across clusters.
Describe the process of rolling updates in Docker Swarm or Kubernetes.▶
Rolling updates gradually replace instances of an application with new versions without downtime, by updating containers one at a time.
What is Docker Registry and its significance?▶
Docker Registry stores Docker images, enabling sharing and deployment; Docker Hub is the default public registry.
Explain resource limitations in Docker.▶
Using cgroups, Docker can limit CPU, memory, block I/O, and network bandwidth for containers to enforce resource constraints.
What is the difference between COPY and ADD in Dockerfile?▶
COPY copies local files/folders; ADD can also extract tar archives and fetch remote URLs.
How do you debug a failing Docker container?▶
Use
docker logs for output, docker exec to access container shell, and inspect container status.Explain the layered architecture of Docker images.▶
Docker images consist of stacked layers where each layer represents an instruction in the Dockerfile, enabling caching and efficient storage.
What challenges do Docker face in Windows compared to Linux?▶
Docker on Windows requires Hyper-V or WSL2 due to kernel differences; Linux containers use native Linux kernel features, making Windows container management more complex.
What is a Docker escape?▶
A Docker escape is a security vulnerability where a process inside a container breaks out and gains access to the host system.
How do you monitor Docker containers in production?▶
Use monitoring tools like Prometheus, Grafana, cAdvisor, or ELK stack to collect and visualize container metrics and logs.
What is the significance of Docker Registries in CI/CD pipelines?▶
They enable storing, versioning, and distributing images built during CI, facilitating consistent deployments during CD.