Docker Interview Questions and Answers

This document contains beginner, intermediate and advanced Docker interview questions with crisp, production-ready answers.

1. What is Docker?

Docker is a containerization platform that packages applications and dependencies into lightweight, portable units called containers. These containers run consistently across different environments.

2. Difference between Docker Image and Docker Container.

  • Image: A blueprint (read-only template) used to create containers.
  • Container: A running instance of an image with its own filesystem, processes, and configuration.

3. What is Docker Hub?

A cloud-based registry where developers store, share, and distribute Docker images.

4. Explain the lifecycle of a Docker container.

  1. Create
  2. Start
  3. Pause/Unpause
  4. Stop
  5. Kill
  6. Remove

5. What is a Dockerfile?

A text file containing step-by-step instructions to build a Docker image.

6. What does the FROM instruction do?

It defines the base image from which your image will be built.

7. Difference between CMD and ENTRYPOINT.

  • CMD: Provides default arguments; can be overridden at runtime.
  • ENTRYPOINT: Defines the executable; harder to override.

Best practice:
Use ENTRYPOINT for the main command and CMD for default parameters.

8. How do Docker image layers work?

Each command in a Dockerfile creates a new layer. Layers are cached and reused, speeding up builds and reducing image size.

9. What is Port Mapping (-p 8080:80)?

Maps a port from container → host.
Example: container port 80 becomes accessible on host port 8080.

10. Purpose of Docker Volumes.

Volumes store data outside the container’s lifecycle, enabling persistence even if the container is destroyed.

11. Difference between Docker Volumes and Bind Mounts.

  • Volumes: Managed by Docker; stored under /var/lib/docker/volumes.
  • Bind Mounts: Map a host directory into a container; more flexible but less isolated.

12. How to reduce Docker image size?

  • Use Alpine images
  • Multi-stage builds
  • Clean caches (apt-get clean)
  • Reduce layer count
  • Copy only required files

13. What is Docker Compose?

A tool to define and run multi-container applications using a docker-compose.yml file.

14. How does Docker networking work?

Three main drivers:

  • Bridge (default): Container-to-container communication
  • Host: Shares the host network
  • Overlay: Multi-node networking (Swarm/K8s)

15. Explain multi-stage Docker builds.

Allows using multiple FROM statements to separate build and runtime environments. Reduces final image size significantly.

16. What are Docker Health Checks?

A mechanism to verify if the application inside the container is healthy.
If it fails repeatedly, orchestrators may restart the container.

17. Difference between COPY and ADD.

  • COPY: Copies files/directories.
  • ADD: Includes COPY but can also extract compressed files and pull external URLs.

Best practice: Use COPY unless ADD is required.

18. What happens when a tag is not specified during docker run?

Docker pulls the image with the latest tag by default.

19. Explain Docker build caching.

Docker reuses unchanged layers.
If a line in the Dockerfile changes, all layers after it are rebuilt.

20. What is .dockerignore?

A file that specifies which files/folders to exclude from the build context.
Improves security and speeds up builds.

21. How to pass environment variables to containers?

  • docker run --env KEY=VALUE
  • Environment file (--env-file)
  • Compose environment: block

22. How to check container logs and stats?

  • Logs: docker logs <container>
  • Live stats: docker stats

23. How does Docker achieve isolation?

Using Linux kernel features:

  • Namespaces (process, network, mount, PID, IPC, UTS)
  • cgroups (resource limits)
  • UnionFS (layered filesystem)

24. Explain OverlayFS.

A union filesystem used by Docker to combine layers into a single unified view.

25. How to optimize Docker build performance?

  • Use BuildKit
  • Reorder Dockerfile commands to maximize cache reuse
  • Multi-stage builds
  • Reduce copying large files early

26. What is Docker BuildKit?

A modern build engine offering:

  • Faster builds
  • Parallel execution
  • Better caching
  • Secret mounting
  • Advanced output formats

27. Docker Swarm vs Kubernetes.

Feature Swarm Kubernetes
Complexity Low High
Scalability Medium Very High
Networking Simple Advanced
Ecosystem Small Very large

28. How to secure Docker containers?

  • Use minimal base images
  • Drop root privileges (USER instruction)
  • Enable seccomp and AppArmor profiles
  • Scan images for CVEs
  • Do not store secrets inside images

29. How to scan Docker images?

Tools:

  • Trivy
  • Snyk
  • Grype

30. Rootless Docker vs Normal Docker.

  • Rootless mode runs Docker without root privileges.
  • More secure, slightly reduced performance.

31. How to troubleshoot failing containers?

  • docker logs
  • docker inspect
  • docker events
  • docker exec -it <container> sh
  • Check health checks

32. Why does a container keep restarting?

  • Non-zero exit code
  • Crash inside app
  • Health checks failing
  • Wrong entrypoint command

33. What is Docker’s layered storage driver?

Storage drivers (Overlay2, AUFS) manage how layers are composed into a single filesystem.

34. How does networking work in Docker Swarm?

Uses Overlay networks, allowing encrypted multi-node communication automatically.

35. What is Immutable Infrastructure?

Containers encourage using images that never change; instead of modifying running servers, you replace them with new versions.

36. Example: Optimal Dockerfile for a Java microservice.

  • Use multi-stage builds
  • Use JDK for build, JRE for runtime
  • Clean dependencies
  • Set non-root user

37. Image is 1.5GB. How to shrink it?

  • Use Alpine (openjdk:17-jdk-alpine)
  • Multi-stage builds
  • Remove caches
  • Use jlink to create a custom JRE

38. How to achieve zero-downtime deployments with Docker?

  • Rolling updates (Swarm/K8s)
  • Load balancer in front
  • Multiple replicas

39. “Works on my machine but not on server.” How to debug?

Check:

  • Environment variables
  • Ports
  • File paths
  • Permissions
  • Entry point scripts
  • Differences in OS/kernel

40. Which storage option gives highest I/O performance?

Bind mounts or hostPath volumes (direct disk access).

41. Should you run a database inside a container?

Not recommended for production:

  • Persistence issues
  • Performance overhead
  • Harder scaling
  • Backups & recovery complexity

Good for development only.

42. Command to list running containers.

docker ps

43. Command to stop and remove all containers and images.

docker stop $(docker ps -aq) docker rm $(docker ps -aq) docker rmi $(docker images -q)

44. Exec into a running container.

docker exec -it sh

45. Build an image with a tag.

docker build -t myimage:1.0 .

46. Check container logs.

docker logs

47. Prune unused Docker resources.

docker system prune -a –volumes

This site uses Just the Docs, a documentation theme for Jekyll.