In today’s time, to get into DevOps roles is a bit challenging, and Docker plays an important role here. So, today I have brought up some interesting advanced interview questions that you might encounter in future related to Docker.
1. How does Docker ensure images are immutable?
Docker images are layer composites; each layer is read-only and immutable, while all modifications within a container end up in a new, writeable layer, without changing the image.
2. What is the difference between Docker’s bridge network and host network?
Bridge Networking Containers all communicate over private network bridges. Use: For those containers that have different networking needs. Host Networking Containers share a host’s network stack.
Use: Low-latency networking (e.g., in high-performance apps).
3. What happens to the data in a container when the container is deleted?
Unless a volume or bind mount is used, container data are stored in a writable layer, which is deleted when the container is removed.
4. What are Docker namespaces, and how do they work?
Namespaces provide isolation in Docker by separating resources for each container:
PID namespace: Process isolation.
NET namespace: Network isolation.
MNT namespace: Filesystem isolation.
UTS namespace: Hostname isolation.
5. How do you debug a Docker container which is hogging too much CPU or Memory?
Use docker stats to monitor resource usage.
Limit resources:
docker run - memory="500m" - cpus="1.5" <image>
Check the app inside the container using tools like top or htop.
6. What are ways to shrink Docker images?
Use smaller base images (e.g., Alpine).
Avoid installing unnecessary packages.
Use multi-stage builds to exclude build dependencies.
Cleanup temporary files in Dockerfile.
Dockerfile:
RUN apt-get update && apt-get install -y package && rm -rf /var/lib/apt/lists/*
- How to automatically make Docker containers restart? Use the — restart flag during container creation no : Off, won’t restart. always : Docker will restart the container, unless manually stopped. on-failure : Docker will restart the container only if the exit code is not zero.
docker run - restart=always <image>
8. What is a dangling image? and how to remove it?
An dangling image is an image that does not have any tag.
Clean up using
docker image prune
9. What are Docker tags and when are they useful?
Tags refer to versions of an image.
For example python:3.9 vs python:latest
They offer versioning and ensures the same thing runs every time.
10. What is Docker Content Trust (DCT), and how does it secure images?
DCT ensures that only signed images are pulled or run.
Enable with
export DOCKER_CONTENT_TRUST=1
This verifies the integrity and publisher of images.
These questions range from a series of practical and theoretical Docker concepts in order to assess their depth of understanding and problem-solving capacities of the candidate.
Top comments (0)