Q1. Explain the components of docker?
Ans:
1. Docker Enginer: Also known as the Docker daemon, this is the core of Docker. It is a lightweight runtime and an efficient, scalable, and secure containerization technology combined with a work flow for building and containerizing your applications.
2. Docker Images: Images are read-only templates that contain the necessary operating system, application, and runtime components. They serve as the basis for containers. You can create your own images or use pre-built images from the Docker Hub or other registries.
3. Docker Containers: Containers are instances of Docker images. They are lightweight and portable encapsulations of an environment in which to run applications. Containers are isolated from each other and from the host system. They can be started, stopped, and deleted, and their resources can be dynamically allocated.
4. Docker Registry: The Docker registry is a repository for Docker images. Docker Hub is the official registry, but you can also use private or public registries.
5. Dockerfile: A Dockerfile is a text file that contains instructions for building a Docker image. It defines the environment in which the application will run, including the base image, dependencies, and runtime configuration.
6. Docker Compose: Docker Compose is a tool for defining and running multi-container Docker applications. It uses a YAML file to define services, networks, and volumes
7. Docker Swarm: Docker Swarm is a native clustering and orchestration tool for Docker. It allows you to create and manage a cluster of Docker nodes, and to deploy and manage services across the cluster.
8. Docker CLI: The Docker command-line interface (CLI) is used to interact with Docker. It allows you to build, run, and manage Docker containers and images.
9. Docker Hub: Docker Hub is the official registry for Docker images. It allows you to find, store, and share Docker images.
Q.2 Can you loose th data when container stopped?
Ans: Unless you delete the container, any data stored in this docker container will not loose.
Q3. Best method to remove the docker container?
Ans:
Step 1: Stop the docker container
docker stop <container_id> or <container_name>
Step 2: Remove the docker container
docker rm -f <container_id> or <container_name>
Q.4 Can container restart by itself?
Ans: A container cannot restart by itself.
But if we assign some below policies while creating container then docker container can restart itself:
Off: In this, the container won’t be restarted in case it’s stopped or it fails.
On-failure: Here, the container restarts by itself only when it experiences failures not associated with the user.
Unless-stopped: Using this policy, ensures that a container can restart only when the command is executed to stop it by the user.
Always: Irrespective of the failure or stopping, the container always gets restarted in this type of policy.
Q.5 What command we can use to export docker image as archive?
Ans: Below command is used to archive the docker container
docker save -o <exported_name>.tar <container_name>
Q.6 What command we use to import the exported docker container?
Ans: Below command is used to import the docker container
docker load -i <exported_name>.tar
Q.7 Can a paused container be removed from Docker?
Ans: No, it is not possible! A container MUST be in the stopped state before we can remove it.
Q.8 What is Diff between “copy” and “add” commands used in dockerfile?
Ans: The COPY
and ADD
commands in a Dockerfile are used to copy files and directories from the host system into a Docker image. They are similar in functionality, but they have some differences in terms of their behavior and features.
Below are some important diff between copy and add command:
Sr No | Feature | COPY Command | ADD Command |
1 | Syntax | COPY <source> <destination> | ADD <source> <destination> |
2 | Purpose | Copies files and directories from the host system into the Docker image. | Copies files and directories from the host system into the Docker image. |
3 | Source | Supports local files and directories. | Supports local files and directories, URLs, and compressed files. |
4 | Destination | Must be a directory within the image. | Can be a directory or a file within the image. |
5 | Permissions | Preserves the source file permissions. | Applies default permissions of 600 (user: read/write) or 700 (directory) for files and 755 (user: read/write/execute) or 711 (directory) for directories. |
6 | Extracting Compressed Files | NA | Automatically extracts compressed files (e.g., *.tar , *.tar.gz , *.tgz , *.tar.bz2 , *.tbz2 , *.tar.xz , *.txz ) during the copy process. |
7 | Caching | Does not cache remote URLs. | Caches remote URLs to avoid re-downloading the files if the URLs haven’t changed. |
8 | MD5 Hash | NA | Compares the MD5 hash of the local file with the hash in the cache to determine if the file has changed and needs to be downloaded again. |
9 | Features | Simple and straightforward. | Supports more features, such as extracting compressed files, caching remote URLs, and comparing MD5 hashes. |
10 | Recommendation | Use when copying local files and directories. | Use when copying local files and directories, as well as URLs or compressed files, and when you want to take advantage of caching and MD5 hash checking. |
Q.9 List the most commonly used instructions in Dockerfile?
Ans: Below are the list of commonly used instructions in the dockerfile:
1. FROM: Defines the base image for subsequent instructions.
2. RUN: Executes commands in a new layer on top of the current image and commits the results.
3. CMD: Provides the default command to run when the container starts.
4. ENTRYPOINT: Configures the command to run when the container starts.
5. WORKDIR: Sets the working directory for subsequent instructions.
6. COPY: Copies files or directories from the host to the container’s file system.
7. ADD: Similar to COPY, but can also download files from URLs and extract compressed files.
8. EXPOSE: Informs Docker that the container listens on specific network ports at runtime.
9. ENV: Sets environment variables within the container.
10. VOLUME: Creates a mount point for external volumes.
11. USER: Sets the user for the subsequent instructions.
12. ARG: Defines build-time variables.
13. LABEL: Adds metadata to an image.
14. ONBUILD: Adds a trigger instruction to be executed when the image is used as the base for another build.
15. STOPSIGNAL: Sets the signal to be sent to the container to stop it.
16. HEALTHCHECK: Configures a command to check the container’s health status.
17. SHELL: Overrides the default shell used in RUN, CMD, and ENTRYPOINT instructions.
Sample Nodejs Dockerfile:
# Use the official Node.js image with version 14 as the base image
FROM node:14
# Set the working directory inside the container
WORKDIR /app
# Copy package.json and package-lock.json
COPY package*.json ./
# Install dependencies
RUN npm install
# Copy the rest of the application code
COPY . .
# Expose port 3000
EXPOSE 3000
# Set the default command to run when the container starts
CMD ["npm", "start"]
Q.10 Can you tell the difference between CMD and ENTRYPOINT?
Ans:
CMD
instruction provides a default command and arguments that can be overridden at runtime, while the ENTRYPOINT
instruction sets the command to be executed at runtime and cannot be overridden.
Sr No | Aspect | CMD | Entrypoint |
1 | Purpose | Provides default commands and argument | sets the commands to be executed at a time |
2 | Usage | CMD can be overridden with command-line arguments when running the container. | ENTRYPOINT is not overridden with command-line arguments. |
3 | Syntax | CMD ["executable","param1","param2"] | ENTRYPOINT ["executable","param1","param2"] |
4 | Overrides | Any CMD in the Dockerfile is overridden by docker run arguments. | ENTRYPOINT is not overridden by docker run arguments. |
5 | Default | If no CMD is specified in the Dockerfile, it uses the default one from the base image. | If no ENTRYPOINT is specified in the Dockerfile, it uses the default one from the base image. |
6 | Multiple | Only one CMD instruction can be used. | Multiple ENTRYPOINT instructions can be used. |
Q.11 How to remove all stopped containers and unused networks in Docker?
Ans:
docker system prune -a
Q.12 Does Docker supports for IPv6?
Ans: Yes.
Q.13 What is diff between base image and child image in Docker?
Ans:
Base Image: A base image is the foundation upon which all other images are built. It is an image that has no parent image, usually an OS image like Ubuntu, CentOS, or Alpine Linux. A base image contains the bare minimum to run an application, such as a file system and libraries.
Child Image: A child image is an image that is built on top of a base image. It can include additional files, libraries, and configuration settings that are specific to the application being run. Child images are created by using a Dockerfile, which defines the instructions for building the image.
Q.14. What is the purpose of cmd instructions in the dockerfile?
Ans:
The primary purpose of the CMD
instruction is to provide a default command and arguments for the container, so that when the container is launched, it automatically starts the specified command. This allows you to define the default behavior of the container, without having to specify a command every time you run the container.
If you specify multiple CMD
instructions in a Dockerfile, only the last one will be used. This means that you can define a default command in the Dockerfile, and then override it when you run the container by specifying a different command.
Q.15 how do you limit cpu and memory usage of docker container
Ans:
To limit CPU and memory usage of a Docker container, you can use the --cpus
and --memory
options when running the container. These options allow you to specify the maximum number of CPU cores and the maximum amount of memory that the container can use.
docker run --cpus=2 --memory=2g my-container
Q. 16 how do you create multi stage build in docker?
Ans:A multi-stage build in Docker allows you to use multiple FROM
instructions in a single Dockerfile, which enables you to build multiple intermediate images and copy only the necessary artifacts to the final image. This can help reduce the size of the final image by removing unnecessary dependencies and build tools.
# Stage 1: Build the application
FROM node:16 as build
# Set the working directory inside the container
WORKDIR /usr/src/app
# Copy package.json and package-lock.json
COPY package*.json ./
# Install dependencies
RUN npm install
# Copy the rest of the application code
COPY . .
# Build the application
RUN npm run build
# Stage 2: Create the final image
FROM node:16
# Set the working directory inside the container
WORKDIR /usr/src/app
# Copy the built application from the previous stage
COPY --from=build /usr/src/app/dist ./dist
# Expose port 3000
EXPOSE 3000
# Set the default command to run when the container starts
CMD ["node", "dist/server.js"]
Q.17 what is the purpose of bridge network driver in the docker
Ans: The Bridge network driver is one of the most commonly used network drivers in Docker. It creates a network bridge on the Docker host and allows containers to communicate with each other over the bridge. The Bridge network driver provides a simple and flexible networking solution for containers, and it is suitable for most use cases.
Q.18 how do you secure docker containers?
Ans:
1. Keep the host system up to date with security patches.
2. Use a strong password and enable firewall rules to limit access.
3. Run containers with the least privilege necessary.
4. Use read-only filesystems and volume mounts to minimize the impact of container compromise.
5. Using the trusted base image from reputable resources
6. Scan the docker images by using security scanning tools like trivy.
Q.19 what is docker overlay networking?
Ans: Docker overlay networking is a built-in Docker feature that allows you to create a network that spans multiple Docker hosts. It is primarily used in container orchestration tools like Docker Swarm and Kubernetes to provide network connectivity between containers running on different hosts.
Q.20 What is the purpose of Docker host?
Ans: It will contain container, images, and Docker daemon. It will offer a complete environment to
execute and run application.
Q.21. What is the Lifecycle of Docker container?
Ans: The Lifecycle of Docker Container with CLI is as following:
- Create a Container
- Run the created Container
- Pause the processes running inside the Container.
- Unpause the processes running inside the Container.
- Start the Container, if exists in a stopped state.
- Stop the Container as well as the running processes.
- Restart the Container as well as the running processes.
- Kill the running Container.
- Destroy the Container, only if it exists in a stopped state.
Q.22 What is the main advantages of docker?
Ans: Below are some dis-advantages of docker:
- It will not provide a storage option.
- Offer a poor monitoring option.
- No automatic rescheduling of inactive Nodes.
- Complicated automatic horizontal scaling set up.
Q.23 What is Docker-compose?
Ans: Docker Compose is a YAML file which will contain details about the service, network, and
volumes to set up the Docker application. Therefore, we will use Docker compose for creating separate
containers, host them and get them to communicate with other containers.
Q.24 What are the differences between the “docker run” and the “docker create”?
Ans:
Docker create: It will create the docker container in stopped state
Docker run: It will create and run the docker container
Q.25. Can you remove a paused container from Docker?
Ans: It is not possible for removing a container from Docker which is just paused. It is a must which a
container will be in the stopped state, before it will be removed from the Docker container.
Q.26 What is memory-swap flag?
Ans: Memory-swap is a modified flag which has meaning if- memory is set. Swap will allow the
container to write express memory requirements on disk when the container has exhausted all the RAM
which is available to it.
Q.27 How can you monitor the docker in production environments?
Ans: Docker states and Docker Events can be used for monitoring docker in the production
environment.
Q.28 Explain Docker object labels?
Ans: Docker object labels is a method to apply metadata to docker objects including, images,
containers, volumes, network, swam nodes, and services.
Q.29 How does communication happen between Docker client and Docker Daemon?
Ans:
We will communicate between Docker client and Docker Daemon with the combination of Rest
API, socket.IO, and TCP.
Q.30 How to use JSON instead of YAML compose file?
Ans: Below is the command to run the JSON file:
docker-compose -f docker-compose.json up
Q.31 Does Docker offer support for IPV6?
Ans: Yes, Docker will provide support IPv6. IPv6 networking is supported only on Docker daemons
which will run on Linux hosts. However, if we want to enable IPv6 support in the Docker daemon, we
required to modify /etc/docker/daemon.json and set the ipv6 key to true.
Q.32 How to configure the default logging driver under Docker?
Ans: We required to set the value of log-driver to the name of the logging drive the daemon.jason.fie
to configure the Docker daemon to default for a specific logging driver.
Q.33 What are Docker Namespaces?
Ans: The Namespace in Docker is a technique that will offer isolated workspaces called the
Container. Namespaces can also offer a layer of isolation for the Docker containers.
Q.34 What is client in docker?
Ans: Docker will provide Command Line Interface tools to the client to interact with Docker daemon.
Q.24 What are the networks that are available by default?
Ans:
Ans: Docker networking refers to how containers within a Docker environment are connected to each other and to the outside world. Docker provides several networking options to achieve this, each with its own benefits and use cases.
Below are the types of Docker Networking:
- Bridge Networking
- Host Networking
- Overlay Networking
- Macvlan Networking
- None Networking
1. Bridge Networking: This is the default network mode for Docker containers. Containers in a bridge network are connected to each other and to the host system. Each container has its own IP address and can communicate with other containers on the same network using that IP address. The bridge network is isolated from the host network and other bridge networks by default.
Scenario: Let’s say you have two containers running a web server and a database. You can put them on the same bridge network and configure the web server container to connect to the database container using its IP address.
2. Host Networking: In this mode, Docker containers share the network namespace with the host system. This means that containers use the same network interface and IP address as the host system. Containers running in host networking mode can communicate with each other and with the host system as if they were running directly on the host.
Scenario: If you have a web server running on your host system and you want to run another web server in a Docker container, you can use host networking mode to make the container’s web server accessible on the same IP address and port as the host system’s web server.
3. Overlay Networking: This mode is used for connecting containers across multiple Docker hosts. It creates an overlay network that spans multiple Docker hosts and allows containers on different hosts to communicate with each other. Overlay networks are useful for creating distributed applications that run on multiple hosts.
Scenarios: Suppose you have a web application that consists of multiple microservices running in Docker containers on different hosts. You can use an overlay network to connect these containers and allow them to communicate with each other as if they were running on the same host.
4. Macvlan Networking: This mode is used to connect Docker containers directly to a physical network. It assigns a MAC address to each container and allows them to communicate directly with other devices on the physical network.
Scenario: Let’s say you have a Docker container running a network monitoring tool and you want it to monitor traffic on your local network. You can use Macvlan networking to connect the container directly to your physical network and give it its own IP address and MAC address.
5. None Networking: In this mode, Docker containers have no network connectivity. This is useful for creating containers that are completely isolated from the network.
Scenario: Suppose you want to run a container that performs some calculations and doesn’t need to access the network. You can use None networking mode to prevent the container from accessing the network.
Q. 25 What are a different kind of volume mount types available in Docker?
Ans: In Docker, volume mounts allow you to share data between a container and the host machine or between multiple containers. There are different types of volume mounts available in Docker, each with its own use cases and benefits. Here are some common volume mount types:
- Bind Mount:
- Named Volume
- Tmpfs Mount
- Host Mounts
1. Bind Mounts: These mount a file or directory from the host machine into a container. Changes to the files or directories in the mounted volume will be reflected both on the host machine and within the container.
docker run -v /path/on/host:/path/in/container ...
2. Named Volumes: These are managed by Docker and provide a way to persist data across containers. Docker manages the location of the volume on the host machine, and the data in the volume is preserved even if the container is removed.
docker volume create myvolume
docker run -v myvolume:/path/in/container ...
3. Tmpfs Mounts: These mount a temporary file system into a container’s memory. The data in a tmpfs mount is not persisted, and the file system is removed when the container is stopped.
docker run -v /path/in/container --tmpfs /path/in/container ...
4. Host Mounts: These mount a file or directory from the host machine into a container, similar to bind mounts. However, they are managed by Docker and can be used on Docker Swarm clusters or in Kubernetes.
docker run --mount type=bind,source=/path/on/host,target=/path/in/container ...