Docker Interview Questions: Part 1

Q) What is Docker?
Docker is a containerization platform which packages your application and all its dependencies together in the form of containers so as to ensure that your application works seamlessly in any environment, be it development, test, or production.

Q) What is Docker Container?
Docker containers include the application and all of its dependencies. It shares the kernel with other containers, running as isolated processes in user space on the host operating system. Docker containers are not tied to any specific infrastructure: they run on any computer, on any infrastructure, and in any cloud. Docker containers are basically runtime instances of Docker images.

Q) What is Docker Image?
Docker image is an executable package that includes everything needed to run an application – the code, a runtime, libraries, environment variables and configuration files.  
Docker image is the source of the Docker container. In other words, Docker images are used to create containers. When a user runs a Docker image, an instance of a container is created. These docker images can be deployed to any Docker environment.

Q) What is Docker architecture?
Docker uses a client-server architecture. The Docker client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers. The Docker client and daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon. The Docker client and daemon communicate using a REST API, over UNIX sockets or a network interface.

There are three components in the Docker Engine.
The Docker daemon:
The Docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. A daemon can also communicate with other daemons to manage Docker services.

The Docker client:
The Docker client (docker) is the primary way that many Docker users interact with Docker. When you use commands such as docker run, the client sends these commands to dockerd, which carries them out. The docker command uses the Docker API. The Docker client can communicate with more than one daemon.

Docker registries:
A Docker registry stores Docker images. Docker Hub is a public registry that anyone can use and Docker is configured to look for images on Docker Hub by default.

Q) What is Docker Hub?
Docker Hub is cloud based registry service that stores container images. It allows us to pull and push docker images to and from Docker Hub. It stores both types of repositories, i.e., pubic repository as well as the private repository.
Docker Hub is central repository for container image discovery, distribution, change management, workflow automation and team collaboration.

Q) What is Docker Compose?
Compose is a tool for defining and running multi-container Docker applications. 
Docker Compose is a YAML file that contains details about the services, networks, and volumes for setting up the Docker application. So, you can use Docker Compose to create separate containers, host them, and get them to communicate with each other. Each container will expose a port for communicating with other containers.

Q) What is Docker Stack?
docker stack is a command that's embedded into the Docker CLI. It lets you manage a cluster of Docker containers through Docker Swarm.

Q) What is Docker Swarm?
Docker Swarm is native clustering for Docker. It turns a pool of Docker hosts into a single, virtual Docker host.

Q) What are the components of Docker Swarm?
1. Services: Service defines a task that needs to be executed on the manager or worker node.
2. Tasks: Tasks are the Docker container that executes the commands you define in service.
3. Manager Node: The manager node has a few responsibilities like accepting commands to create service objects, allocating the IP addresses to the various tasks, and assigning the tasks to the nodes.
4. Worker Node:  It is responsible for checking the tasks assigned and also executing the containers. 

Ref Link:

Q) The correct order of service creation process in swarm mode? 
Manager Node:
Ø  Docker API: Accepts command from the client and creates service object.
Ø  Orchestrator: Reconciliation loop for service objects and creates tasks.
Ø  Allocator:  Allocates IP address to tasks.
Ø  Scheduler: Assigns nodes to tasks.
Ø  Dispatcher: Checks in on workers.
Worker Node:
Ø  Worker: Connects to the dispatcher to check on assigned tasks.
Ø  Executor: Executes the tasks assigned to the worker node.

Q) What is Dockerfile?
Docker images are built from Dockerfile. A Dockerfile defines all the steps required to create a docker image with your application configured and ready to be run as a container. A Dockerfile is executed by the docker build command.
Docker image itself contains everything from the operating system to dependencies and configuration required to run your application.

Q) Docker restart policies?
i) no: This is the default restart policy.
ii) always: Always restart the container if it stops. If it is manually stopped, it is restarted only when the Docker daemon restarts or the container itself is manually restarted.
iii) on-failure: Restart the container if it exits due to an error(non-zero exit code)
iv) unless-stopped: Similar to always, except that when the container is stopped (manually or otherwise), it is not restarted even after Docker daemon restarts. 

Q) Docker container lifecycle?
1. Create the container.
2. Run the container.
3. Pause the container.
4. Un-Pause the container.
5. Start the container.
6. Stop the container.
7. Restart the Container.
8. Kill the container.
9. Destroy the container.

Q) What are the various states that a Docker container can be in at any given point in time? 
There are six states that a Docker container can be in, at any given point in time. Those states are as given as follows:
Ø  Created
Ø  Restarting
Ø  Running
Ø  Paused
Ø  Exited
Ø  Dead

Ref Link:

Q) What is Containerization?
In the software development process, code deployed on one machine might not work perfectly fine on any other machine because of dependencies. This problem was solved by the containerization concept.
Basically, an application that is being developed and deployed is bundled and wrapped together with all its configuration files and dependencies. This bundle is called a container. Containerization is the process of packaging application code with its required libraries, frameworks, and configuration files so that it can be run efficiently and seamlessly in any environment.  
The containerization environments are Docker and Kubernetes. 

Q) Difference between COPY and ADD command.
COPY command copies files/directories from the host machine to the container’s file system.
ADD command also copies files/directories from the host machine to the container’s file system, other than this it also copies files from URL to destination directory under the container file system. ADD command also copies tar file to destination directory by automatically extracting the content.

Q) Available Docker Network Drivers?
Docker comes with a built-in network drivers are known as Native Network Driver and those are:

1. Bridge
2. Host
3. Macvlan
4. Null
5. Overlay

Q) Difference between CMD and ENTRYPOINT instruction?
CMD instruction allows you to set a default command and default parameters which will be executed when docker is run.
ENTRYPOINT instruction should be used when you need your container to be run as an executable.

Q) Difference between ENV and ARG?
ENV is for future running containers. ARG for building your Docker image.
ENV is mainly meant to provide default values for your future environment variables. Running dockerized applications can access environment variables. It’s a great way to pass configuration values to your project.
ARG values are not available after the image is built. A running container won’t have access to an ARG variable value.

Q) What are the most common instructions in Dockerfile?
Some of the common instructions in Dockerfile are as follows:   
ØFROM: We use FROM to set the base image for subsequent instructions. In every valid Dockerfile, FROM is the first instruction.
ØLABEL: We use LABEL to organize our images as per project, module, licensing etc. We can also use LABEL to help in automation. In LABEL we specify a key-value pair that can be later used for programmatically handling the Dockerfile
ØRUN: We use RUN command to execute any instructions in a new layer on top of the current image. With each RUN command we add something on top of the image and use it in subsequent steps in Dockerfile.
ØCMD: We use CMD command to provide default values of an executing container. In a Dockerfile, if we include multiple CMD commands, then only the last instruction is used.

Q) Container Network Model (CNM).
Docker uses an architecture called Container Network Model (CNM) to manage networking for Docker containers.
1. Sandbox
2. Endpoint
3. Network
4. Driver
5. NetworkController 

Q) Docker Universal Control Plane.

Docker Universal Control Plane (UCP) is the enterprise-grade cluster management solution from Docker which helps you manage your Docker cluster and applications through a single interface.
Universal Control Plane include centralized policy management for all of your container, centralized role-based access control, user management, application cluster management, and the ability to organize your container as a service or stack.
It also includes secure image scanning, continuous monitoring of your image in the registry.

Q) What is Docker Trusted Registry(DTR)?
Docker Trusted Registry is an on-site, on-premise registry for centralized storage for all your container images. DTR is an enterprise-grade image storage solution from Docker. DTR is installed on-prem or in your own public cloud infrastructure. It works with Universal Control Plane. It allows you to securely store your Docker images so that you can easily track and manage your applications. Like UCP it's an easy-to-use web-based application. It has role-based access controls, so it supports multiple users and it allows your company to easily store all of your images on-premises in your own registry.

Q) What are the Control groups?
Docker Engine on Linux also relies on a technology called control groups (cgroups). A cgroup limits an application to a specific set of resources. Control groups allow Docker Engine to share available hardware resources to containers and optionally enforce limits and constraints. For example, you can limit the memory available to a specific container.
what a cgroup does is it provides resource accounting and limiting and it ensures that no containers exhaust the host's resources.

Q) Difference between replicated and global deployment?
For a replicated service, you specify the number of identical tasks you want to run. For example, you decide to deploy a Redis service with five replicas, each serving the same content. A global service is a service that runs one task on every node. There is no pre-specified number of tasks.

Q) Mount options available in docker?
1. Volume mount: it is managed by docker and is stored in a part of the host filesystem (stored at /var/lib/docker/volumes/ in Linux).
2. Bind mount: it may be stored anywhere on the host system.
3. tmpfs: Stored only in a host’s system memory in Linux.

Q) Difference between docker stop and docker kill?
#docker stop <container-id>: will send SIGTERM (terminate) signal and then SIGKILL signal after a grace period of 10 secs to the process running inside the container leading to a gracefull stop. 
#docker kill <container-id>: will send SIGKILL signal to the process running inside the container causing abruptly stop the container.