Docker
Images, containers, networking, builds, and runtime behavior.
What is the difference between a Docker image and a Docker container?
An image is a blueprint, and a container is a running instance of that image.
What is the difference between CMD and ENTRYPOINT in Docker?
ENTRYPOINT defines the main executable, while CMD provides default arguments.
What is the difference between a Docker volume and a bind mount?
A volume is managed by Docker, while a bind mount maps a host path directly.
What is the difference between bridge and host network modes in Docker?
Bridge uses Docker’s virtual network, while host uses the host’s network stack directly.
Why is Docker layer caching important?
It speeds up builds by reusing unchanged image layers.
What is a multi-stage Docker build?
A multi-stage build uses multiple FROM instructions to separate build and runtime stages.
What is a Docker HEALTHCHECK?
HEALTHCHECK defines how Docker should test whether a container is healthy.
What is Docker?
Docker is a platform for building, shipping, and running containers.
What is Docker daemon?
Docker daemon is the background service that manages containers.
What is a Dockerfile?
A Dockerfile is a script that defines how to build a Docker image.
What is the difference between docker run and docker start?
docker run creates and starts a container, docker start only starts an existing one.
What is the difference between EXPOSE and -p?
EXPOSE documents ports, while -p publishes them to the host.
How do you view logs of a container?
Using docker logs command.
What is the difference between docker stop and docker kill?
docker stop is graceful, docker kill is immediate.
What is restart policy in Docker?
It defines when containers should automatically restart.
How do you pass environment variables to a container?
Using -e flag or ENV in Dockerfile.
What is docker exec used for?
It runs commands inside a running container.
What is a container?
A container is an isolated runtime environment for an application and its dependencies.
Why is Docker useful?
Docker makes applications easier to package, move, and run consistently across environments.
What is the difference between a container and a virtual machine?
Containers share the host kernel, while virtual machines include a full guest OS.
What are image layers in Docker?
Docker images are built from layered filesystem changes.
What does the FROM instruction do in a Dockerfile?
FROM defines the base image for the build.
What is the difference between COPY and ADD in a Dockerfile?
COPY is simpler and preferred for file copying, while ADD also supports archive extraction and remote URLs.
What is the difference between RUN and CMD in a Dockerfile?
RUN executes during image build, while CMD defines the default command when a container starts.
Why use ENTRYPOINT in Docker?
ENTRYPOINT makes the container behave like a specific executable.
What does EXPOSE do in a Dockerfile?
EXPOSE documents which ports the container listens on.
What is port mapping in Docker?
Port mapping connects a host port to a container port.
Why are volumes used in Docker?
Volumes persist data outside the container lifecycle.
When are bind mounts useful in Docker?
Bind mounts are useful when you want a container to access files directly from the host.
What is the default bridge network in Docker?
The bridge network is the default network where containers can communicate through Docker-managed networking.
When would host networking be used in Docker?
Host networking is used when you want a container to share the host network stack directly.
Why use a restart policy in Docker?
Restart policies improve service resilience by automatically restarting failed containers.
What is Docker Compose used for?
Docker Compose is used to define and run multi-container applications.
What is the difference between Dockerfile and docker-compose.yml?
A Dockerfile builds an image, while docker-compose.yml defines how multiple containers run together.
Why are multi-stage builds considered a best practice?
They reduce image size and keep build tools out of the final runtime image.
Why does Docker image size matter?
Smaller images are faster to build, transfer, store, and secure.
Why might Alpine not always be the best base image choice?
Alpine is small, but its musl-based environment can cause compatibility issues.
Why is running containers as root risky?
Running as root increases impact if the container is compromised.
Why might you run a container with a read-only filesystem?
A read-only filesystem reduces write surface and improves security.
Why use HEALTHCHECK in Docker images?
HEALTHCHECK lets Docker track whether the service in the container is actually healthy.
What does docker system prune do?
It removes unused data such as stopped containers, dangling images, and unused networks.
What is a Docker registry?
A Docker registry stores and distributes container images.
What is image tagging in Docker?
Tagging assigns a name and version label to an image.
Why is relying only on the latest tag risky?
Because latest is mutable and does not clearly identify what version is deployed.
What is an image digest in Docker?
An image digest is a content-based immutable identifier for an image.
Why does Dockerfile instruction order affect build speed?
Because Docker reuses cached layers only if earlier layers remain unchanged.
When should you use docker logs versus docker exec?
Use docker logs to inspect application output, and docker exec to inspect the running container environment directly.
What are important production considerations when using Docker?
Focus on minimal images, non-root users, health checks, observability, resource limits, and secure image delivery.